You're reading from Industrial Cybersecurity Efficiently monitor the cybersecurity posture of your ICS environment

Product type Paperback

Published in Oct 2021

Publisher Packt

ISBN-13 9781800202092

Length 800 pages

Edition 2nd Edition

Tools

Kali Linux

Concepts

Cybersecurity

Author (1):

Pascal Ackerman

View More author details

Table of Contents (26) Chapters

Preface

1. Section 1: ICS Cybersecurity Fundamentals

2. Chapter 1: Introduction and Recap of First Edition FREE CHAPTER

3. Chapter 2: A Modern Look at the Industrial Control System Architecture

4. Chapter 3: The Industrial Demilitarized Zone

5. Chapter 4: Designing the ICS Architecture with Security in Mind

6. Section 2:Industrial Cybersecurity – Security Monitoring

7. Chapter 5: Introduction to Security Monitoring

8. Chapter 6: Passive Security Monitoring

9. Chapter 7: Active Security Monitoring

10. Chapter 8: Industrial Threat Intelligence

11. Chapter 9: Visualizing, Correlating, and Alerting

12. Section 3:Industrial Cybersecurity – Threat Hunting

13. Chapter 10: Threat Hunting

14. Chapter 11: Threat Hunt Scenario 1 – Malware Beaconing

15. Chapter 12: Threat Hunt Scenario 2 – Finding Malware and Unwanted Applications

16. Chapter 13: Threat Hunt Scenario 3 – Suspicious External Connections

17. Section 4:Industrial Cybersecurity – Security Assessments and Intel

18. Chapter 14: Different Types of Cybersecurity Assessments

19. Chapter 15: Industrial Control System Risk Assessments

20. Chapter 16: Red Team/Blue Team Exercises

21. Chapter 17: Penetration Testing ICS Environments

22. Section 5:Industrial Cybersecurity – Incident Response for the ICS Environment

23. Chapter 18: Incident Response for the ICS Environment

24. Chapter 19: Lab Setup

25. Other Books You May Enjoy

Forming the malware beaconing threat hunting hypothesis

As we discussed in the previous chapter, threat hunting exercises are geared around hypotheses. Typically, hypotheses follow or reflect a discovered security incident or some form of an alert from an automated security monitoring system or a finding from a security analyst. The threat hunting exercise we will be performing in this chapter works a bit differently, as the environment we are going to perform threat hunting activities on is unfamiliar or new to us. For example, our company purchased a new production plant with an existing ICS network infrastructure they are looking to tie to the existing company infrastructure, and we want to make sure that is safe to do. Another scenario would be when you have run your ICS network for ages but never seriously looked at the state of its security posture; in this case, these unprovoked types of threat hunting exercises can quickly and accurately give you an idea of malicious activity...