What this book covers
Chapter 1, Getting Started with Incident Response, is an introductory chapter that introduces IR, explains why it is so important, and details the IR process.
Chapter 2, Incident Response – Evolution and Current Challenges, explores the evolution and current challenges of IR, and also looks at the need for IR to respond to the threat landscape and technology advancements.
Chapter 3, How to Organize an Incident Response Team, discusses the ideal composition of an IR team and the different considerations to make while forming the team, along with IR strategies and external components of an IR plan.
Chapter 4, Key Metrics for Incident Response, covers the crucial measures organizations should keep an eye on, and looked at some metrics to keep track of when monitoring phishing attacks.
Chapter 5, Methods and Tools of Incident Response Processes, discusses the OODA loop, playbooks for the IR process, and some tools and techniques for IR in the cloud.
Chapter 6, Incident Handling, covers the importance of having an IR process in place to rapidly identify and respond to security incidents, and how this process should work both broadly, and in the event of a phishing attack.
Chapter 7, Incident Investigation, dives into the investigation stage of IR. We will also look at a phishing example and you will learn how to investigate a cyberattack that happens via email with various tools.
Chapter 8, Incident Reporting, discusses the importance and process of reporting an incident to various different entities, and also talks about how suspicious activities such as emails and malware can be reported with tools such as Keepnet's Phishing Reporter.
Chapter 9, Incident Response on Multiple Platforms, talks about IR in computers, mobile devices, and the active directory. We will also cover how Microsoft, Google, and Amazon's cloud services handle IR and what you should expect from a cloud service provider.
Chapter 10, Cyber Threat Intelligence Sharing, helps you learn about the importance of threat intelligence and how it can be used to gain information about current threat actors and their techniques and, in some circumstances, to predict their next steps. You will also learn how Microsoft and various other companies integrate threat intelligence as part of their products and services.
Chapter 11, Incident Response in the Cloud, covers the IR process that should be used for a cloud service. We explore the MITRE ATT&CK cloud matrix to dive deep into IR in the cloud.
Chapter 12, Building a Culture of Incident Readiness, explores in detail how to be ready for incidents in this day and age, using techniques such as threat hunting and purple teaming. We also consider how AI can be used for IR.
Chapter 13, Incident Response Best Practices, discusses the best practices organizations should adopt for IR, ranging from proactive readiness and processes for IR to continuously improving the plan to tackle incidents.
Chapter 14, Incident Case Studies, explores some case studies and practical labs. We will look at a real-life incident, and show how Keepnet Incident Responder can be integrated into your organization's IR plans to prevent incidents of this type. We will also look at the practical application of Binalyze's IREC and AIR tools, and then covered how those tools can help us make IR more productive for free (or for a reasonable cost).
Chapter 15, Ask the Experts, helps you look at some alternative perspectives on various areas of the IR sphere that we did not specifically focus on during the course of the book based on inputs from some leading industry experts. These should complement the material we cover in the rest of the book and provide some valuable insights to carry forward to your own IR process.