Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Industrial Cybersecurity

You're reading from   Industrial Cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment

Arrow left icon
Product type Paperback
Published in Oct 2021
Publisher Packt
ISBN-13 9781800202092
Length 800 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Pascal Ackerman Pascal Ackerman
Author Profile Icon Pascal Ackerman
Pascal Ackerman
Arrow right icon
View More author details
Toc

Table of Contents (26) Chapters Close

Preface 1. Section 1: ICS Cybersecurity Fundamentals
2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER 3. Chapter 2: A Modern Look at the Industrial Control System Architecture 4. Chapter 3: The Industrial Demilitarized Zone 5. Chapter 4: Designing the ICS Architecture with Security in Mind 6. Section 2:Industrial Cybersecurity – Security Monitoring
7. Chapter 5: Introduction to Security Monitoring 8. Chapter 6: Passive Security Monitoring 9. Chapter 7: Active Security Monitoring 10. Chapter 8: Industrial Threat Intelligence 11. Chapter 9: Visualizing, Correlating, and Alerting 12. Section 3:Industrial Cybersecurity – Threat Hunting
13. Chapter 10: Threat Hunting 14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing 15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications 16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections 17. Section 4:Industrial Cybersecurity – Security Assessments and Intel
18. Chapter 14: Different Types of Cybersecurity Assessments 19. Chapter 15: Industrial Control System Risk Assessments
20. Chapter 16: Red Team/Blue Team Exercises 21. Chapter 17: Penetration Testing ICS Environments 22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment
23. Chapter 18: Incident Response for the ICS Environment 24. Chapter 19: Lab Setup 25. Other Books You May Enjoy

What this book covers

Chapter 1, Introduction and Recap of the First Edition, will be a recap of the first edition of this book. We will set the stage for the rest of the book and cover important concepts, tools, and techniques so that you can follow along with this second edition of the book.

Chapter 2, A Modern Look at the Industrial Control System Architecture, takes an overview of ICS security, explaining how I implement plant-wide architectures with some years of experience under my belt. The chapter will cover new concepts, techniques, and best practice recommendations

Chapter 3, The Industrial Demilitarized Zone, is where I will discuss an updated IDMZ design that is the result of years of refinement, updating and adjusting the design to business needs, and revising and updating industry best practice recommendations.

Chapter 4, Designing the ICS Architecture with Security in Mind, is where I will outline key concepts, techniques, tools, and methodologies around designing for security. How to architect a network so that it allows the easy implementation of security techniques, tools, and concepts will be discussed in the rest of the book.

Chapter 5, Introduction to Security Monitoring, is where we will discuss the ins and outs of cybersecurity monitoring as it pertains to the ICS environment. I will present the three main types of cybersecurity monitoring, passive, active, and threat hunting, which are explained in detail throughout the rest of the book.

Chapter 6, Passive Security Monitoring, is where we will look at the tools, techniques, activities, and procedures involved in passively monitoring industrial cybersecurity posture.

Chapter 7, Active Security Monitoring, looks at tools, techniques, activities, and procedures involved in actively monitoring industrial cybersecurity posture.

Chapter 8, Industrial Threat Intelligence, looks at tools, techniques, and activities that help to add threat intelligence to our security monitoring activities. Threat intelligence will be explained and common techniques and tools to acquire and assemble intelligence will be discussed.

Chapter 9, Visualizing, Correlating, and Alerting, explores how to combine all the gathered information and data, discussed in the previous chapters, into an interactive visualization, correlation, and alerting dashboard, built around the immensely popular ELK (Elasticsearch, Kibana, Logstash) stack, which is part of the Security Onion appliance.

Chapter 10, Threat Hunting, is a general introduction to threat hunting principles, tools, techniques, and methodology. This chapter will revisit Security Onion and how to use it for threat hunting exercises.

Chapter 11, Threat Hunt Scenario 1 – Malware Beaconing, presents the first threat hunt use case, where we suspect malware beaconing or data is being exfiltrated from our systems, and so we will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind the attack.

Chapter 12, Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications, presents the second threat hunt use case, built around the assumption that there is executable code running on assets on the ICS network that is performing malicious actions (malware) or is just using up (wasting) resources. These would be Potentially Unwanted Programs (PUPs), such as spyware, bitcoin miners, and so on.

Chapter 13, Threat Hunt Scenario 3 – Suspicious External Connections, presents a third threat hunt use case: we suspect that external entities are connecting to our systems. We will use logs, events, data, and other information to prove the hunch and show the what, where, how, and who behind things.

Chapter 14, Different Types of Cybersecurity Assessments, outlines the types of security assessments that exist to help you assess the risk to an ICS environment.

Chapter 15, Industrial Control System Risk Assessments, will detail the tools, techniques, methodologies, and activities used in performing risk assessments for an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 16, Red Team/Blue Team Exercises, will detail the tools, techniques, methodologies, and activities used in performing red team and blue team exercises in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 17, Penetration Testing ICS Environments, will detail the tools, techniques, methodologies, and activities used in performing penetration testing activities in an ICS environment. You will get hands-on experience with the most common tools and software used during assessment activities.

Chapter 18, Incident Response for the ICS Environment, takes you through the phases, activities, and processes of incident response as it relates to the industrial environment:

  • Preparation
  • Identification
  • Containment
  • Investigation
  • Eradication
  • Recovery
  • Follow-up

Chapter 19, Lab Setup, will help you set up a lab environment to be used for the exercises in the book.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime