𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

✍ Scribed by Rebecca Blair

Publisher
Packt Publishing
Tongue
English
Leaves
192
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Align your SOC with the ATT&CK framework and follow practical examples for successful implementation

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

  • Understand Cloud, Windows, and Network ATT&CK Framework using different techniques
  • Assess the attack potential and implement frameworks aligned with Mitre ATT&CK
  • Address security gaps to detect and respond to all security threats

Book Description

The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You'll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career.

In this book, you'll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you'll explore how to implement the framework and use it to fill any security gaps you've identified, expediting the process without the need for any external or extra resources. Finally, you'll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.

By the end of this book, you'll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.

What you will learn

  • Get a deeper understanding of the Mitre ATT&CK Framework
  • Avoid common implementation mistakes and provide maximum value
  • Create efficient detections to align with the framework
  • Implement continuous improvements on detections and review ATT&CK mapping
  • Discover how to optimize SOC environments with automation
  • Review different threat models and their use cases

Who this book is for

This book is for SOC managers, security analysts, CISOs, security engineers, or security consultants looking to improve their organization's security posture. Basic knowledge of Mitre ATT&CK, as well as a deep understanding of triage and detections is a must.

Table of Contents

  1. SOC Basics – Structure, Personnel, Coverage, and Tools
  2. Analyzing Your Environment for Potential Pitfalls
  3. Reviewing Different Threat Models
  4. What is the ATT&CK Framework?
  5. A Deep Dive into the ATT&CK Framework
  6. Strategies to Map to ATT&CK
  7. Common Mistakes with Implementation
  8. Return on Investment Detections
  9. What Happens After an Alert is Triggered?
  10. Validating Any Mappings and Detections
  11. Implementing ATT&CK in All Parts of Your SOC
  12. What's Next? Areas for Innovation in Your SOC

✦ Table of Contents

Cover
Title Page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools
Technical requirements
SOC environments and roles
SOC environment responsibilities
SOC coverage
SOC cross-team collaboration
Summary
Chapter 2: Analyzing Your Environment for Potential Pitfalls
Technical requirements
Danger! Risks ahead – how to establish a risk registry
Red and blue make purple – how to run purple team exercises
Discussing common coverage gaps and security shortfalls
Summary
Chapter 3: Reviewing Different Threat Models
Technical requirements
Reviewing the PASTA threat model and use cases
Reviewing the STRIDE threat model and use cases
Reviewing the VAST threat model and use cases
Reviewing the Trike threat model and use cases
Reviewing attack trees
Summary
Chapter 4: What Is the ATT&CK Framework?
A brief history and evolution of ATT&CK
Overview of the various ATT&CK models
Summary
Part 2 – Detection Improvements and Alignment with ATT&CK
Chapter 5: A Deep Dive into the ATT&CK Framework
Technical requirements
A deep dive into the techniques in the cloud framework
A deep dive into the techniques in the Windows framework
A deep dive into the techniques in the macOS framework
A deep dive into the techniques in the network framework
A deep dive into the techniques in the mobile framework
Summary
Chapter 6: Strategies to Map to ATT&CK
Technical requirements
Finding the gaps in your coverage
Prioritization of efforts to increase efficiency
Examples of mappings in real environments
Summary
Chapter 7: Common Mistakes with Implementation
Technical requirements
Examples of incorrect technique mappings from ATT&CK
Examples of poor executions with detection creation
Summary
Chapter 8: Return on Investment Detections
Technical requirements
Reviewing examples of poorly created detections and their consequences
Finding the winners or the best alerts
Measuring the success of a detection
Requirement-setting
Use cases as coverage
What metrics should be used
Summary
Part 3 – Continuous Improvement and Innovation
Chapter 9: What Happens After an Alert is Triggered?
Technical requirements
What’s next? Example playbooks and how to create them
Flowcharts
Runbooks via security orchestration, automation, and response (SOAR) tools
Templates for playbooks and best practices
Summary
Chapter 10: Validating Any Mappings and Detections
Technical requirements
Discussing the importance of reviews
Saving time and automating reviews with examples
Turning alert triage feedback into something actionable
Summary
Chapter 11: Implementing ATT&CK in All Parts of Your SOC
Technical requirements
Examining a risk register at the corporate level
Applying ATT&CK to NOC environments
Mapping ATT&CK to compliance frameworks
Using ATT&CK to create organizational policies and standards
Summary
Chapter 12: What’s Next? Areas for Innovation in Your SOC
Technical requirements
Automation is the way
Scaling to the future
Helping hands – thoughts from industry professionals
Summary
Index
About Packt
Other Books You May Enjoy

πŸ“œ SIMILAR VOLUMES

Aligning Security Operations with the MI
πŸ“ Aligning Security Operations with the MITRE ATT&CK Framework
✍ Rebecca Blair πŸ“‚ Library πŸ“… 2023 πŸ› Packt Publishing Pvt Ltd 🌐 English

Align your SOC with the ATT&CK framework and follow practical examples for successful implementation Key Features Understand Cloud, Windows, and Network ATT&CK Framework using different techniques Assess the attack potential and implement frameworks aligned with Mitre ATT&CK Address security g

Security Operations Center: Building, Op
πŸ“ Security Operations Center: Building, Operating, and Maintaining your SOC
✍ Joseph Muniz, Gary McIntyre, Nadhem AlFardan πŸ“‚ Library πŸ“… 2015 πŸ› Cisco Press 🌐 English

<p><span>Security Operations Center</span></p><p><span>Building, Operating, and Maintaining Your SOC</span></p><p><span>Β </span></p><p><span>The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC) </span></p><p><span><br></span></p><p><span>Se

Security Operations Center: Building, Op
πŸ“ Security Operations Center: Building, Operating, and Maintaining your SOC
✍ Joseph Muniz, Gary McIntyre, Nadhem AlFardan πŸ“‚ Library πŸ“… 2015 πŸ› Cisco Press 🌐 English

<p style="margin:0px;"> <b>Security Operations Center</b> </p> <p style="margin:0px;">Building, Operating, and Maintaining Your SOC</p> <p style="margin:0px;">Β </p> <p style="margin:0px;">The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)

Modern Security Operations Center, The
πŸ“ Modern Security Operations Center, The
✍ Joseph Muniz πŸ“‚ Library πŸ“… 2021 πŸ› Addison-Wesley Professional 🌐 English

<p><span>The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services</span></p><p><span>This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security ser

Modern Security Operations Center, The
πŸ“ Modern Security Operations Center, The
✍ Joseph Muniz πŸ“‚ Library πŸ“… 2021 πŸ› Addison-Wesley Professional 🌐 English

<p><span>The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services</span></p><p><span>This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security ser