Sunday, May 19, 2013
Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization 1st edition, Eric Cole
I would like to start off with the bottom line first. There is a LOT of great information in the book, but the layout of the book makes it a bit hard to find the key points even with the incredibly detailed table of contents. Syngress should adopt call outs, text boxes and other publishing techniques to highlight key information instead of producing one huge "run on" manuscript.
In light of that what I would like to do in this review is highlight some of the practical tips in the book. A major theme is that while protection is ideal, detection is a must. Dr. Cole, a practitioner in the field, has learned what we all need to understand. The odds are very high that any organization is already compromised. The key is to detect the information as the attackers try to exfiltrate it.
Some other points, that are not to be missed:
Page 15 Do not allow HTML mail unless you absolutely need it for your business
Page 16 Do not allow documents with macros unless you absolutely need it for your business
Page 29 Activity does not equal security, tackle the highest priority risk
Page 31 Assume the attackers are already in your network
Page 39 Focus on protecting your critical data (data centric security)
Page 71 237 rules in your firewall equals ANY ANY ANY ANY - ALLOW
Page 91 The advice here will not be popular, but if you do not absolutely need it for your business, get rid of it
Page 107 The entire section on data classification is a must read, must implement
Page 140 More hard, but valuable advice, do not allow email attachments unless you absolutely need them for your business
Page 176 Repeat after me, users are the target, this is the root of most successful attacks
Page 193 Begins a section on the 20 Critical Controls - read, memorize and act
Page 212 You cannot fight the cloud (amen)
Page 234 The APT Defendable Network section is a must read
Page 243 Expands on the points on page 29, glad that got fleshed out
Chapter 11 talks about some common sense solutions including sandboxing and whitelisting. For the life of me, I cannot understand why more organizations have not adopted both
Chapter 12 is essentially a recap. A suggestion to the reader is read chapter 12 first. It is filled with a number of key points that you can pick up when you read the rest of the book.
I have known Dr. Cole for several years and he is an amazing presenter, teacher and cyber security professional. In his latest book he really captures the essence of the APT and describes it in a manner that can actually help organizations protect against it. There has been much talk about APT for some time now - it is time we take action. Dr. Cole gives organizations specific and actionable items that can be taken to properly detect and defend against the advanced adversary. In this book you will find a blueprint for success. The APT is a very challenging threat that requires a new approach to properly protect against it. Most organizations are failing. The author does a great job of laying out a scalable solution to this daunting problem.
Having worked for several large financial institutions in cyber security, organizations have been challenged by the APT and how to deal with it. Spending money alone is not enough to protect an organization. In this well written book, Dr. Cole provides a step by step, actionable plan organizations can take to start implementing effective security. In addition to traditional measures, Dr. Cole provides proven creative solutions that organizations can take to minimize the impact of the advanced adversary. Definitely a must read.
Plenty of people could have written a book on the APT, but Dr. Cole has the vast experience across multiple industries to write the definitive book.
This could have been merely a "fun" and easy to read book capitalizing on the latest buzzwords, terms, and acronyms like APT, and that could have been good.
Instead this book, which while a fun read, has practical advice from in the trenches on how to combat persistent and dedicated attackers who often have vast resources, such as that of nation-states and other formidable adversaries.
No hype, just what works, and with a fascinating section on "The Future and How to Win."
Being in sales and marketing we hear customers talk about the APT and you can see the discouragement on their face because they are not sure how to effectively deal with this new threat that has emerged. In this easy to read but very insightful book Dr. Cole brings to life the problem and shows a structured detailed plan that organizations can take to properly detect and defend against the APT. This book is written in such a way that it has value to anyone who works in business or is involved with running a business. If you have not ordered a copy you need to do so today.
APT is rapidly becoming the cyber menace of concern. Given the continuous and specific targeting of an organization by highly skilled intrusion experts using the best of techniques, the probability of loss, theft, and damage to organizations has reached new heights. Advertised loss can seriously harm customer confidence and business and intellectual and sensitive information may be compromised. Traditional security measures are basically ineffective. To counter this threat, one of our best national network security experts has removed much of the pain in learning how to counter the APT facing us. Dr. Eric Cole has provided hope in the form of expert guidance. As a highly regarded national resource in advanced network security, Dr. Cole has managed to present the details of a highly complex topic in such a way that all can achieve a clear understanding of this threat. Known as an outstanding teacher, Dr. Cole has extended his method of teaching through example in this book, as he has in his many other books. The examples are clear, concise, and highly informative. Furthermore, his mastery of protective measures is interwoven throughout the book to demonstrate how to actually counter the APT. One can try and go to a variety of sources and vendors to try and counter the APT, or one can go to this one book. Dr. Cole's recent work demonstrates why he is so highly regarded. In my recent book, Predicting Malicious Behavior: Tools and Techniques for Ensuring Global Security, I describe how to anticipate malicious intent and behavior, including network threat. As a security professional, Dr. Cole's new book is now my number one resource to guide my continuing work.
Simply put Dr. Cole seems to have a knack for making the very complex subject of network security easily understandable, while at the same time captivating the reader. In this book on APT, he gives organizations a new way of going after the adversary with tips and tricks that actually work and that can be implemented today. In my consulting practice this is a book that I will definitely recommend to my clients. It is written in such a way that it provides valuable insight and actionable plans to mitigate risk that can immediately be taken not only by the hands-on IT staff but also up the ladder through management all the way up to the CEO. As organizations start to think that there is nothing they can do about advanced threats, this book provides a blueprint for success. If you want an action plan for dealing with today's more determined adversary in this new world of "APT" then this is the authoritative text that you must have.
Dr. Cole does an amazing job of explaining how to build a defensible network. His real world examples bring the subject matter to life. I have heard the term APT used but never really understood what it meant and most importantly what could be done about it. In this book, the subject matter is brought to life with practical ways to defend and detect the advanced threats that are targeting networks of all sizes. There is so much workable knowledge that the book would be worth it even if it was five times the price. This is definitely a must read for anyone involved in security.
Product Details :
Paperback: 320 pages
Publisher: Syngress; 1 edition (November 27, 2012)
Language: English
ISBN-10: 1597499498
ISBN-13: 978-1597499491
Product Dimensions: 9.2 x 7.4 x 0.9 inches
More Details about Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization 1st edition
or
Download Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization 1st edition PDF Ebook
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment