Intelligence-Driven Incident Response: Outwitting the Adversary

Using a well-conceived incident response plan in the aftermath of an online security breach enables your team to identify attackers and learn how they operate. But, only when you approach incident response with a cyber threat intelligence mindset will you truly understand the value of that information. With this practical guide, you'll learn the fundamentals of intelligence analysis, as well as the best ways to incorporate these techniques into your incident response process.

Each method reinforces the other: threat intelligence supports and augments incident response, while incident response generates useful threat intelligence. This book helps incident managers, malware analysts, reverse engineers, digital forensics specialists, and intelligence analysts understand, implement, and benefit from this relationship.

In three parts, this in-depth book includes:

• The fundamentals: get an introduction to cyber threat intelligence, the intelligence process, the incident-response process, and how they all work together
• Practical application: walk through the intelligence-driven incident response (IDIR) process using the F3EAD process--Find, Fix Finish, Exploit, Analyze, and Disseminate
• The way forward: explore big-picture aspects of IDIR that go beyond individual incident-response investigations, including intelligence team building

Scott J Roberts works for GitHub and makes up his title every time he's asked, so we'll say he's the Director of Bad Guy Catching. He has worked for 900lbs security gorillas, government security giants & boutiques, and financial services security firms and done his best to track down bad guys at all these places. He's released and contributed to multiple tools for threat intelligence and malware analysis. Scott is also really good at speaking in the 3rd person.

Rebekah Brown has spent more than a decade working in the intelligence community; her previous roles include NSA network warfare analyst, Operations Chief of a United States Marine Corps cyber unit, and a U.S. Cyber Command training and exercise lead. Rebekah has helped develop threat intelligence and security awareness programs at the federal, state, and local level, as well as at a Fortune 500 company. Today, Rebekah leads the Rapid7 threat intelligence programs at Rapid7, where her responsibilities include programs architecture, management, analysis, and operations. Rebekah lives in Portland, Oregon, where she grew up, with her three kids and spends her free time hiking and hacking and reading Harry Potter.