Menu

mon compte Connexion

mon panier 0 article

Vous avez entre 15 et 18 ans ? Profitez du Pass Culture à la librairie Eyrolles !
Tous nos rayons
Aucun résultat pour ""

Rayons

Graphisme & Photo Informatique Construction Entreprise & Droit Sciences Littérature Arts & Loisirs Vie pratique Voyage et Tourisme BD et Jeunesse

Déjà client ? Identifiez-vous

Mot de passe oublié ?

Nouveau client ?

CRÉER VOTRE COMPTE
Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources
Ajouter à une liste

Librairie Eyrolles - Paris 5e
Indisponible

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Cloud Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Cloud Resources

Morey J. / Chappell Haber

(0 avis) Donner votre avis
473 pages, parution le 21/07/2022
Ajouter à une liste
Indisponible

Résumé

Intermediate user level

Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus-it is not a matter of if , but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.

New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company's assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.

Cloud Attack Vector s details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.

What You'll Learn

  • Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions
  • Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment
  • Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments
  • Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementation

Who This Book Is For

New security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud Forward

Introduction

Chapter 1. Cloud Computing

Software as a Service

Platform as a Service

Infrastructure as a Service

Function as a Service

X as a Service

Desktop as a Service

Data Center as a Service

Managed Software as a Service

Backend as a Service

Chapter 2. Cloud Providers

Amazon Web Services

Microsoft Azure

Google Cloud Platform

Oracle Cloud

Alibaba

Other Services

Chapter 3. Cloud Definitions

Identities

Accounts

Entitlements

Privileges

Rights

Permissions

Containers

Segmentation

Microsegmentation

Instances

Chapter 4. Asset Management

Discovery

Chapter 5. Attack Vectors

Entitlements

Vulnerabilities

Hardening

Configurations

Credentials

S3 Buckets

Identities

Entitlements

API

Authentication

Certificates

Phishing

Remote Access

Supply Chain - 3rd Party MSP/MSSP

Chapter 6. Mitigations

Hardening

Patch Management

PAM

CIEM

CIAM

CWPP

Chapter 7. Regulatory Compliance

Security Questionnaires

SOC

Type I

Type II

Type III

Cloud Security Alliance

CCM

CAIQ

CIS Controls

PCI DSS

ISO

NIST

FedRamp

Chapter 8. Architectures

Zero Trust

Cloud-Native

Hybrid

Ephemeral Implementations

Accounts

Instances

Privileges


Chapter 9. Imposter Syndrome

Chapter 10. Recommendations

Chapter 11. Conclusion

Morey J. Haber is Chief Technology Officer at BeyondTrust. He has more than 20 years of IT industry experience and is author of the book Privileged Attack Vectors and Asset Attack Vectors. Morey joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology for vulnerability, privileged, and remote access management solutions. In 2004, Morey joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Morey began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.

Brian Chappell is Chief Security Strategist for Beyond Trust, EMEA & APAC, and is a multi-skilled individual with a passion for delivering best practice solutions that help customers run their businesses more effectively and securely. His specialties include: cybersecurity solutions, IT strategy and implementation, project management, global IT operations management, sales engineering, software development, and enterprise and solutions architecture.

Christopher Hills is a Security Strategist focused on Privileged Access Management (PAM) and Identity and Access Management (IAM). He is Security Strategist for BeyondTrust's Privileged Access Management Solutions, enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects, including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Behavior & Reporting. His responsibilities include: IAM/PAM focus, strategy, mentoring, leadership, customer and prospect liaison, thought leadership, background reference, business development, customer-facing GRC, and working closely with global sales and marketing organizations to help support GTM efforts while assisting with critical sales opportunities and key marketing events.

Caractéristiques techniques

  PAPIER
Éditeur(s) Apress
Auteur(s) Morey J. / Chappell Haber
Parution 21/07/2022
Nb. de pages 473
EAN13 9781484282359

Avantages Eyrolles.com

Livraison à partir de 0,01 en France métropolitaine
Paiement en ligne SÉCURISÉ
Livraison dans le monde
Retour sous 15 jours
+ d'un million et demi de livres disponibles

Consultez aussi

satisfait ou remboursé
Satisfait ou remboursé
Paiement sécurisé
modes de paiement
Paiement à l'expédition
partout dans le monde
Livraison partout dans le monde
Service clients sav.client@eyrolles.com
librairie française
Librairie française depuis 1925
Recevez nos newsletters
Vous serez régulièrement informé(e) de toutes nos actualités.
Inscription