60,95 €*
Versandkostenfrei per Post / DHL
Lieferzeit 1-2 Wochen
Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful - data analysis and visualization. You'll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions.
Everything in this book will have practical application for information security professionals.
* Helps IT and security professionals understand and use data, so they can thwart attacks and understand and visualize vulnerabilities in their networks
* Includes more than a dozen real-world examples and hands-on exercises that demonstrate how to analyze security data and intelligence and translate that information into visualizations that make plain how to prevent attacks
* Covers topics such as how to acquire and prepare security data, use simple statistical methods to detect malware, predict rogue behavior, correlate security events, and more
* Written by a team of well-known experts in the field of security and data analysis
Lock down your networks, prevent hacks, and thwart malware by improving visibility into the environment, all through the power of data and Security Using Data Analysis, Visualization, and Dashboards.
Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful - data analysis and visualization. You'll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions.
Everything in this book will have practical application for information security professionals.
* Helps IT and security professionals understand and use data, so they can thwart attacks and understand and visualize vulnerabilities in their networks
* Includes more than a dozen real-world examples and hands-on exercises that demonstrate how to analyze security data and intelligence and translate that information into visualizations that make plain how to prevent attacks
* Covers topics such as how to acquire and prepare security data, use simple statistical methods to detect malware, predict rogue behavior, correlate security events, and more
* Written by a team of well-known experts in the field of security and data analysis
Lock down your networks, prevent hacks, and thwart malware by improving visibility into the environment, all through the power of data and Security Using Data Analysis, Visualization, and Dashboards.
Jay Jacobs is the coauthor of Verizon Data Breach Investigation Reports and the cofounder of the Society of Information Risk Analysts, where he currently sits on the board of directors.
Bob Rudis is the Director of Enterprise Information Security & IT Risk Management at Liberty Mutual Insurance and was named one of the Top 25 Influencers in Information Security by Tripwire.
Introduction xv
Chapter 1 The Journey to Data-Driven Security 1
A Brief History of Learning from Data 2
Nineteenth Century Data Analysis 2
Twentieth Century Data Analysis 3
Twenty-First Century Data Analysis 4
Gathering Data Analysis Skills 5
Domain Expertise 6
Programming Skills 8
Data Management 10
Statistics 12
Visualization (aka Communication) 14
Combining the Skills 15
Centering on a Question 16
Creating a Good Research Question 17
Exploratory Data Analysis 18
Summary 18
Recommended Reading 19
Chapter 2 Building Your Analytics Toolbox: A Primer on Using R and Python for Security Analysis 21
Why Python? Why R? And Why Both? 22
Why Python? 23
Why R? 23
Why Both? 24
Jumpstarting Your Python Analytics with Canopy 24
Understanding the Python Data Analysis and Visualization Ecosystem 25
Setting Up Your R Environment 29
Introducing Data Frames 33
Organizing Analyses 36
Summary 37
Recommended Reading 38
Chapter 3 Learning the "Hello World" of Security Data Analysis 39
Solving a Problem 40
Getting Data41
Reading In Data 43
Exploring Data 47
Homing In on a Question 58
Summary 70
Recommended Reading 70
Chapter 4 Performing Exploratory Security Data Analysis 71
Dissecting the IP Address73
Representing IP Addresses 73
Segmenting and Grouping IP Addresses 75
Locating IP Addresses 77
Augmenting IP Address Data80
Association/Correlation, Causation, and Security Operations Center Analysts Gone Rogue 86
Mapping Outside the Continents90
Visualizing the ZeuS Botnet 92
Visualizing Your Firewall Data 98
Summary 100
Recommended Reading101
Chapter 5 From Maps to Regression 103
Simplifying Maps 105
How Many ZeroAccess Infections per Country? 108
Changing the Scope of Your Data 111
The Potwin Effect 113
Is This Weird? 117
Counting in Counties 120
Moving Down to Counties 122
Introducing Linear Regression 125
Understanding Common Pitfalls in Regression Analysis 130
Regression on ZeroAccess Infections 131
Summary 136
Recommended Reading 136
Chapter 6 Visualizing Security Data 137
Why Visualize? 138
Unraveling Visual Perception 139
Understanding the Components of Visual Communications 144
Avoiding the Third Dimension 144
Using Color 146
Putting It All Together 148
Communicating Distributions 154
Visualizing Time Series 156
Experiment on Your Own 157
Turning Your Data into a Movie Star 158
Summary 159
Recommended Reading 160
Chapter 7 Learning from Security Breaches 161
Setting Up the Research 162
Considerations in a Data Collection Framework 164
Aiming for Objective Answers 164
Limiting Possible Answers 164
Allowing "Other," and "Unknown" Options 164
Avoiding Conflation and Merging the Minutiae 165
An Introduction to VERIS 166
Incident Tracking 168
Threat Actor 168
Threat Actions 169
Information Assets 173
Attributes 173
Discovery/Response 176
Impact 176
Victim 177
Indicators 179
Extending VERIS with Plus 179
Seeing VERIS in Action 179
Working with VCDB Data 181
Getting the Most Out of VERIS Data 185
Summary 189
Recommended Reading 189
Chapter 8 Breaking Up with Your Relational Database 191
Realizing the Container Has Constraints 195
Constrained by Schema 196
Constrained by Storage 198
Constrained by RAM 199
Constrained by Data 200
Exploring Alternative Data Stores 200
BerkeleyDB 201
Redis 203
Hive 207
MongoDB 210
Special Purpose Databases 214
Summary 215
Recommended Reading 216
Chapter 9 Demystifying Machine Learning 217
Detecting Malware 218
Developing a Machine Learning Algorithm 220
Validating the Algorithm 221
Implementing the Algorithm 222
Benefiting from Machine Learning 226
Answering Questions with Machine Learning 226
Measuring Good Performance 227
Selecting Features 228
Validating Your Model 230
Specific Learning Methods 230
Supervised 231
Unsupervised 234
Hands On: Clustering Breach Data 236
Multidimensional Scaling on Victim Industries 238
Hierarchical Clustering on Victim Industries 240
Summary 242
Recommended Reading 243
Chapter 10 Designing Effective Security Dashboards 245
What Is a Dashboard, Anyway? 246
A Dashboard Is Not an Automobile 246
A Dashboard Is Not a Report 248
A Dashboard Is Not a Moving Van 251
A Dashboard Is Not an Art Show 253
Communicating and Managing "Security" through Dashboards 258
Lending a Hand to Handlers 258
Raising Dashboard Awareness 260
The Devil (and Incident Response Delays) Is in the Details 262
Projecting "Security" 263
Summary 267
Recommended Reading 267
Chapter 11 Building Interactive Security Visualizations 269
Moving from Static to Interactive270
Interaction for Augmentation 271
Interaction for Exploration 274
Interaction for Illumination 276
Developing Interactive Visualizations 281
Building Interactive Dashboards with Tableau 281
Building Browser-Based Visualizations with D3 284
Summary 294
Recommended Reading 295
Chapter 12 Moving Toward Data-Driven Security 297
Moving Yourself toward Data-Driven Security 298
The Hacker 299
The Statistician 302
The Security Domain Expert 302
The Danger Zone 303
Moving Your Organization toward Data-Driven Security 303
Ask Questions That Have Objective Answers 304
Find and Collect Relevant Data 304
Learn through Iteration 305
Find Statistics 306
Summary 308
Recommended Reading 308
Appendix A Resources and Tools 309
Appendix B References 313
Index 321
Erscheinungsjahr: | 2014 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 352 S. |
ISBN-13: | 9781118793725 |
ISBN-10: | 1118793722 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: |
Rudis, Bob
Jacobs, Jay |
Hersteller: |
John Wiley & Sons
John Wiley & Sons Inc |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 231 x 187 x 22 mm |
Von/Mit: | Bob Rudis (u. a.) |
Erscheinungsdatum: | 08.04.2014 |
Gewicht: | 0,802 kg |
Jay Jacobs is the coauthor of Verizon Data Breach Investigation Reports and the cofounder of the Society of Information Risk Analysts, where he currently sits on the board of directors.
Bob Rudis is the Director of Enterprise Information Security & IT Risk Management at Liberty Mutual Insurance and was named one of the Top 25 Influencers in Information Security by Tripwire.
Introduction xv
Chapter 1 The Journey to Data-Driven Security 1
A Brief History of Learning from Data 2
Nineteenth Century Data Analysis 2
Twentieth Century Data Analysis 3
Twenty-First Century Data Analysis 4
Gathering Data Analysis Skills 5
Domain Expertise 6
Programming Skills 8
Data Management 10
Statistics 12
Visualization (aka Communication) 14
Combining the Skills 15
Centering on a Question 16
Creating a Good Research Question 17
Exploratory Data Analysis 18
Summary 18
Recommended Reading 19
Chapter 2 Building Your Analytics Toolbox: A Primer on Using R and Python for Security Analysis 21
Why Python? Why R? And Why Both? 22
Why Python? 23
Why R? 23
Why Both? 24
Jumpstarting Your Python Analytics with Canopy 24
Understanding the Python Data Analysis and Visualization Ecosystem 25
Setting Up Your R Environment 29
Introducing Data Frames 33
Organizing Analyses 36
Summary 37
Recommended Reading 38
Chapter 3 Learning the "Hello World" of Security Data Analysis 39
Solving a Problem 40
Getting Data41
Reading In Data 43
Exploring Data 47
Homing In on a Question 58
Summary 70
Recommended Reading 70
Chapter 4 Performing Exploratory Security Data Analysis 71
Dissecting the IP Address73
Representing IP Addresses 73
Segmenting and Grouping IP Addresses 75
Locating IP Addresses 77
Augmenting IP Address Data80
Association/Correlation, Causation, and Security Operations Center Analysts Gone Rogue 86
Mapping Outside the Continents90
Visualizing the ZeuS Botnet 92
Visualizing Your Firewall Data 98
Summary 100
Recommended Reading101
Chapter 5 From Maps to Regression 103
Simplifying Maps 105
How Many ZeroAccess Infections per Country? 108
Changing the Scope of Your Data 111
The Potwin Effect 113
Is This Weird? 117
Counting in Counties 120
Moving Down to Counties 122
Introducing Linear Regression 125
Understanding Common Pitfalls in Regression Analysis 130
Regression on ZeroAccess Infections 131
Summary 136
Recommended Reading 136
Chapter 6 Visualizing Security Data 137
Why Visualize? 138
Unraveling Visual Perception 139
Understanding the Components of Visual Communications 144
Avoiding the Third Dimension 144
Using Color 146
Putting It All Together 148
Communicating Distributions 154
Visualizing Time Series 156
Experiment on Your Own 157
Turning Your Data into a Movie Star 158
Summary 159
Recommended Reading 160
Chapter 7 Learning from Security Breaches 161
Setting Up the Research 162
Considerations in a Data Collection Framework 164
Aiming for Objective Answers 164
Limiting Possible Answers 164
Allowing "Other," and "Unknown" Options 164
Avoiding Conflation and Merging the Minutiae 165
An Introduction to VERIS 166
Incident Tracking 168
Threat Actor 168
Threat Actions 169
Information Assets 173
Attributes 173
Discovery/Response 176
Impact 176
Victim 177
Indicators 179
Extending VERIS with Plus 179
Seeing VERIS in Action 179
Working with VCDB Data 181
Getting the Most Out of VERIS Data 185
Summary 189
Recommended Reading 189
Chapter 8 Breaking Up with Your Relational Database 191
Realizing the Container Has Constraints 195
Constrained by Schema 196
Constrained by Storage 198
Constrained by RAM 199
Constrained by Data 200
Exploring Alternative Data Stores 200
BerkeleyDB 201
Redis 203
Hive 207
MongoDB 210
Special Purpose Databases 214
Summary 215
Recommended Reading 216
Chapter 9 Demystifying Machine Learning 217
Detecting Malware 218
Developing a Machine Learning Algorithm 220
Validating the Algorithm 221
Implementing the Algorithm 222
Benefiting from Machine Learning 226
Answering Questions with Machine Learning 226
Measuring Good Performance 227
Selecting Features 228
Validating Your Model 230
Specific Learning Methods 230
Supervised 231
Unsupervised 234
Hands On: Clustering Breach Data 236
Multidimensional Scaling on Victim Industries 238
Hierarchical Clustering on Victim Industries 240
Summary 242
Recommended Reading 243
Chapter 10 Designing Effective Security Dashboards 245
What Is a Dashboard, Anyway? 246
A Dashboard Is Not an Automobile 246
A Dashboard Is Not a Report 248
A Dashboard Is Not a Moving Van 251
A Dashboard Is Not an Art Show 253
Communicating and Managing "Security" through Dashboards 258
Lending a Hand to Handlers 258
Raising Dashboard Awareness 260
The Devil (and Incident Response Delays) Is in the Details 262
Projecting "Security" 263
Summary 267
Recommended Reading 267
Chapter 11 Building Interactive Security Visualizations 269
Moving from Static to Interactive270
Interaction for Augmentation 271
Interaction for Exploration 274
Interaction for Illumination 276
Developing Interactive Visualizations 281
Building Interactive Dashboards with Tableau 281
Building Browser-Based Visualizations with D3 284
Summary 294
Recommended Reading 295
Chapter 12 Moving Toward Data-Driven Security 297
Moving Yourself toward Data-Driven Security 298
The Hacker 299
The Statistician 302
The Security Domain Expert 302
The Danger Zone 303
Moving Your Organization toward Data-Driven Security 303
Ask Questions That Have Objective Answers 304
Find and Collect Relevant Data 304
Learn through Iteration 305
Find Statistics 306
Summary 308
Recommended Reading 308
Appendix A Resources and Tools 309
Appendix B References 313
Index 321
Erscheinungsjahr: | 2014 |
---|---|
Fachbereich: | Datenkommunikation, Netze & Mailboxen |
Genre: | Importe, Informatik |
Rubrik: | Naturwissenschaften & Technik |
Medium: | Taschenbuch |
Inhalt: | 352 S. |
ISBN-13: | 9781118793725 |
ISBN-10: | 1118793722 |
Sprache: | Englisch |
Einband: | Kartoniert / Broschiert |
Autor: |
Rudis, Bob
Jacobs, Jay |
Hersteller: |
John Wiley & Sons
John Wiley & Sons Inc |
Verantwortliche Person für die EU: | Wiley-VCH GmbH, Boschstr. 12, D-69469 Weinheim, amartine@wiley-vch.de |
Maße: | 231 x 187 x 22 mm |
Von/Mit: | Bob Rudis (u. a.) |
Erscheinungsdatum: | 08.04.2014 |
Gewicht: | 0,802 kg |