Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010344191 | QA76.9.A25 T355 2015 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Information Security Analytics gives you insights into the practice of analytics and, more importantly, how you can utilize analytic techniques to identify trends and outliers that may not be possible to identify using traditional security analysis techniques.
Information Security Analytics dispels the myth that analytics within the information security domain is limited to just security incident and event management systems and basic network analysis. Analytic techniques can help you mine data and identify patterns and relationships in any form of security data. Using the techniques covered in this book, you will be able to gain security insights into unstructured big data of any type.
The authors of Information Security Analytics bring a wealth of analytics experience to demonstrate practical, hands-on techniques through case studies and using freely-available tools that will allow you to find anomalies and outliers by combining disparate data sets. They also teach you everything you need to know about threat simulation techniques and how to use analytics as a powerful decision-making tool to assess security control and process requirements within your organization. Ultimately, you will learn how to use these simulation techniques to help predict and profile potential risks to your organization.
Author Notes
Mark Ryan Talabis is the Chief Threat Scientist of Zvelo Inc, and co-author of the Syngress book, Information Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis.
Robert McPherson leads a team of data scientists for a Fortune 100 insurance and Financial Service company and has 14 years of experience as a leader of research and analytics teams (specializing in predictive modeling, simulations, econometric analysis, and applied statistics).
I. Miyamoto is a computer investigator with 16 years of computer invesligative and forensics experience and 12 years of intelligence analysis experience.
Jason L. Martin is Vice President of Cloud Business for FireEye, Inc., cofounder of the Shakacon Security Conference, and co-author of the Syngress book, Information Security Risk Assessment Toolkit: Practical Assessment through Data Collection and Data Analysis.
Table of Contents
| Foreword | p. xi |
| About the Authors | p. xiii |
| Acknowledgments | p. xv |
| Chapter 1 Analytics Defined | p. 1 |
| Introduction to Security Analytics | p. 1 |
| Concepts and Techniques in Analytics | p. 2 |
| General Statistics | p. 2 |
| Machine Learning | p. 2 |
| Superivsed Learning | p. 2 |
| Unsupervised Learning | p. 3 |
| Simulations | p. 4 |
| Text Mining | p. 4 |
| Knowledge Engineering | p. 4 |
| Data for Security Analytics | p. 4 |
| Big Data | p. 5 |
| Analytics in Everyday Life | p. 7 |
| Analytics in Security | p. 7 |
| Analytics, Incident Response, and Intrusion Detection | p. 7 |
| Large and Diverse Data | p. 7 |
| Simulations and Security Processes | p. 8 |
| Try Before You Buy | p. 9 |
| Simulation-Based Decisions | p. 9 |
| Access Analytics | p. 9 |
| Categorization and Classification in Vulnerability Management | p. 11 |
| Security Analytics Process | p. 12 |
| References | p. 12 |
| Chapter 2 Primer on analytical Software and Tools | p. 13 |
| Introduction | p. 13 |
| Statistical Programming | p. 14 |
| Introduction to Databases and Big Data Techniques | p. 15 |
| Introduction to R | p. 16 |
| Assignment Operators | p. 18 |
| Arithmetic Operators | p. 18 |
| Logical Operators | p. 18 |
| Common R Functions | p. 19 |
| Introduction to Python | p. 19 |
| Introduction to Simulation Software | p. 20 |
| Designing and Creating the Model | p. 21 |
| Adding Data and Parameters to the Model | p. 21 |
| Running the Simulation | p. 21 |
| Analyzing the Simulation | p. 22 |
| References | p. 22 |
| Chapter 3 Analytics and Incident Response | p. 23 |
| Introduction | p. 23 |
| Scenarlos and Challenges in Intrusions and Incident Identification | p. 24 |
| Analyzing a Collection of Server Logs with Big Data | p. 25 |
| Analysis of Log Files | p. 25 |
| Common Log File Fields | p. 26 |
| Combined Log File Fields | p. 26 |
| Methods | p. 26 |
| Additional Data and Software Needed to Run these Examples | p. 26 |
| Loading the Data | p. 27 |
| Discovery Process for Specific Attack Vectors | p. 30 |
| SQL Injection Attack | p. 30 |
| Directory Traversal and File Inclusion | p. 32 |
| Cross-site Request Forgery | p. 35 |
| Command Injection | p. 36 |
| MySQL Charset Switch and MS-SQL Dos Attack | p. 37 |
| Tallying and Tracking Failed Request Statuses | p. 39 |
| Hosts with the most Failed Requests | p. 39 |
| Bot Activity | p. 43 |
| Time Aggregations | p. 45 |
| Hosts with the most Failed Requests per day, or per month | p. 47 |
| Failed Requests Presented as a Monthly Time Series | p. 48 |
| Ratio of Failed to Successful Requests as a Time Series | p. 49 |
| Hive for Producing Analytical Data Sets | p. 59 |
| Another Potential Analytical Data Set: Unstacked Status Codes | p. 59 |
| Other Applicable Security Areas and Scenarios | p. 64 |
| Summary | p. 64 |
| Further Reading | p. 65 |
| Chapter 4 Simulations and Security Processes | p. 67 |
| Simulation | p. 67 |
| Designing and Creating a Model | p. 68 |
| Adding Data and Parameters to the Model | p. 69 |
| Running the Simulation | p. 69 |
| Analyzing the Simulation | p. 69 |
| Case Study | p. 69 |
| Chapter 5 Access Analytics | p. 99 |
| Introduction | p. 99 |
| Technology Primer | p. 100 |
| Remote Access and VPN | p. 100 |
| Python and Scripting | p. 102 |
| Scenario, Analysis, and Techniques | p. 104 |
| Problem | p. 104 |
| Data Collection | p. 105 |
| Data Analysis | p. 105 |
| Data Processing | p. 108 |
| Case Study | p. 109 |
| Importing What You Need | p. 109 |
| Program Flow | p. 111 |
| Parse the Arguments | p. 112 |
| Read the VPN Logs | p. 112 |
| Normalize the Event Data from the VPN Logs | p. 113 |
| Run the Analytics | p. 115 |
| Analyzing the Results | p. 117 |
| Chapter 6 Security and Text Mining | p. 123 |
| Scenarios and Challenges in Security Analytics with Text Mining | p. 123 |
| Use of Text Mining Techniques to Analyze and Find Patterns in Unstructured Data | p. 124 |
| Text Mining Basics | p. 124 |
| Common Data Transformations for Text Mining | p. 125 |
| Step by Step Text Mining Example in R | p. 125 |
| R Code Walk-through | p. 126 |
| Other Applicable Security Areas and Scenarios | p. 147 |
| Additional Security Scenarios for Text Mining | p. 148 |
| Text Mining and Big Data | p. 149 |
| Chapter 7 Security Intelligence and Next Steps | p. 151 |
| Overview | p. 151 |
| Security Intelligence | p. 151 |
| Basic Security Intelligence Analysis | p. 152 |
| Business Extension of Security Analytics | p. 154 |
| Security Breaches | p. 154 |
| Pratical Application | p. 155 |
| Insider Threat | p. 155 |
| Resource Justification | p. 156 |
| Risk Management | p. 157 |
| Challenges | p. 158 |
| False Positives | p. 160 |
| Concluding Remarks | p. 160 |
| Index | p. 163 |
