𝔖 Scriptorium
✦   LIBER   ✦
📁

Security Operations Center: Building, Operating, and Maintaining your SOC

✍ Scribed by Joseph Muniz, Gary McIntyre, Nadhem AlFardan

Publisher
Cisco Press
Year
2015
Tongue
English
Leaves
600
Edition
1
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Security Operations Center

Building, Operating, and Maintaining Your SOC

 

The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)


Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You’ll learn how to select the right strategic option for your organization, and then plan and execute the strategy you’ve chosen.


Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs.


This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam.

 

·         Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis

·         Understand the technical components of a modern SOC

·         Assess the current state of your SOC and identify areas of improvement

·         Plan SOC strategy, mission, functions, and services

·         Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security

·         Collect and successfully analyze security data

·         Establish an effective vulnerability management practice

·         Organize incident response teams and measure their performance

·         Define an optimal governance and staffing model

·         Develop a practical SOC handbook that people can actually use

·         Prepare SOC to go live, with comprehensive transition plans

·         React quickly and collaboratively to security incidents

·         Implement best practice security operations, including continuous enhancement and improvement

  

✦ Table of Contents

About This E-Book
Title Page
Copyright Page
About the Authors
About the Technical Reviewers
Dedications
Acknowledgments
Contents at a Glance
Contents
Command Syntax Conventions
Introduction
Who Should Read This Book?
How This Book Is Organized
Part I: SOC Basics
Chapter 1. Introduction to Security Operations and the SOC
Cybersecurity Challenges
Threat Landscape
Business Challenges
Introduction to Information Assurance
Introduction to Risk Management
Information Security Incident Response
Incident Detection
Incident Triage
Incident Resolution
Incident Closure
Post-Incident
SOC Generations
First-Generation SOC
Second-Generation SOC
Third-Generation SOC
Fourth-Generation SOC
Characteristics of an Effective SOC
Introduction to Maturity Models
Applying Maturity Models to SOC
Phases of Building a SOC
Challenges and Obstacles
Summary
References
Chapter 2. Overview of SOC Technologies
Data Collection and Analysis
Data Sources
Data Collection
Parsing and Normalization
Security Analysis
Vulnerability Management
Vulnerability Announcements
Threat Intelligence
Compliance
Ticketing and Case Management
Collaboration
SOC Conceptual Architecture
Summary
References
Part II: The Plan Phase
Chapter 3. Assessing Security Operations Capabilities
Assessment Methodology
Step 1: Identify Business and IT Goals
Step 2: Assessing Capabilities
Step 3: Collect Information
Step 4: Analyze Maturity Levels
Step 5: Formalize Findings
Summary
References
Chapter 4. SOC Strategy
Strategy Elements
Who Is Involved?
SOC Mission
SOC Scope
Example 1: A Military Organization
Example 2: A Financial Organization
SOC Model of Operation
In-House and Virtual SOC
SOC Services
SOC Capabilities Roadmap
Summary
Part III: The Design Phase
Chapter 5. The SOC Infrastructure
Design Considerations
Model of Operation
Facilities
SOC Internal Layout
Physical Security
Video Wall
SOC Analyst Services
Active Infrastructure
Network
Security
Compute
Storage
Collaboration
Summary
References
Chapter 6. Security Event Generation and Collection
Data Collection
Calculating EPS
Network Time Protocol
Data-Collection Tools
Firewalls
Cloud Security
Cisco Meraki
Virtual Firewalls
Intrusion Detection and Prevention Systems
Cisco FirePOWER IPS
Meraki IPS
Snort
Host-Based Intrusion Prevention
Routers and Switches
Host Systems
Mobile Devices
Breach Detection
Cisco Advanced Malware Prevention
Web Proxies
Cloud Proxies
DNS Servers
Exporting DNS
Network Telemetry with Network Flow Monitoring
NetFlow Tools
NetFlow from Routers and Switches
NetFlow from Security Products
NetFlow in the Data Center
Summary
References
Chapter 7. Vulnerability Management
Identifying Vulnerabilities
Security Services
Vulnerability Tools
Handling Vulnerabilities
OWASP Risk Rating Methodology
The Vulnerability Management Lifecycle
Automating Vulnerability Management
Inventory Assessment Tools
Information Management Tools
Risk-Assessment Tools
Vulnerability-Assessment Tools
Report and Remediate Tools
Responding Tools
Threat Intelligence
Attack Signatures
Threat Feeds
Other Threat Intelligence Sources
Summary
References
Chapter 8. People and Processes
Key Challenges
Wanted: Rock Stars, Leaders, and Grunts
The Weight of Process
The Upper and Lower Bounds of Technology
Designing and Building the SOC Team
Starting with the Mission
Focusing on Services
Determining the Required SOC Roles
Working with HR
Deciding on Your Resourcing Strategy
Working with Processes and Procedures
Processes Versus Procedures
Working with Enterprise Service Management Processes
The Positives and Perils of Process
Examples of SOC Processes and Procedures
Summary
Part IV: The Build Phase
Chapter 9. The Technology
In-House Versus Virtual SOC
Network
Segmentation
VPN
High Availability
Support Contracts
Security
Network Access Control
Authentication
On-Network Security
Encryption
Systems
Operating Systems
Hardening Endpoints
Endpoint Breach Detection
Mobile Devices
Servers
Storage
Data-Loss Protection
Cloud Storage
Collaboration
Collaboration for Pandemic Events
Technologies to Consider During SOC Design
Firewalls
Routers and Switches
Network Access Control
Web Proxies
Intrusion Detection/Prevention
Breach Detection
Honeypots
Sandboxes
Endpoint Breach Detection
Network Telemetry
Network Forensics
Final SOC Architecture
Summary
References
Chapter 10. Preparing to Operate
Key Challenges
People Challenges
Process Challenges
Technology Challenges
Managing Challenges Through a Well-Managed Transition
Elements of an Effective Service Transition Plan
Determining Success Criteria and Managing to Success
Managing Project Resources Effectively
Marching to Clear and Attainable Requirements
Using Simple Checks to Verify That the SOC Is Ready
Summary
Part V: The Operate Phase
Chapter 11. Reacting to Events and Incidents
A Word About Events
Event Intake, Enrichment, Monitoring, and Handling
Events in the SIEM
Events in the Security Log Management Solution
Events in Their Original Habitats
Events Through Communications and Collaboration Platforms
Working with Events: The Malware Scenario
Handling and Investigating the Incident Report
Creating and Managing Cases
Closing and Reporting on the Case
Summary
Chapter 12. Maintain, Review, and Improve
Reviewing and Assessing the SOC
Determining Scope
Scheduled and Ad Hoc Reviews
Internal Versus External Assessments
Assessment Methodologies
Maintaining and Improving the SOC
Maintaining and Improving Services
Maintain and Improving Your Team
Maintaining and Improving the SOC Technology Stack
Conclusions
Index
Code Snippets

📜 SIMILAR VOLUMES

Security Operations Center: Building, Op
📁 Security Operations Center: Building, Operating, and Maintaining your SOC
✍ Joseph Muniz, Gary McIntyre, Nadhem AlFardan 📂 Library 📅 2015 🏛 Cisco Press 🌐 English

<p style="margin:0px;"> <b>Security Operations Center</b> </p> <p style="margin:0px;">Building, Operating, and Maintaining Your SOC</p> <p style="margin:0px;"> </p> <p style="margin:0px;">The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)

Designing and Building Security Operatio
📁 Designing and Building Security Operations Center
✍ David Nathans 📂 Library 📅 2014 🏛 Syngress 🌐 English

<p>Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day,

The Modern Security Operations Center: T
📁 The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services
✍ Joseph Muniz 📂 Library 📅 2021 🏛 Addison-Wesley 🌐 English

<div> The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services </div> <div> <br></div> <div> <br></div> <div> This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC)

Aligning Security Operations with the MI
📁 Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security
✍ Rebecca Blair 📂 Library 🏛 Packt Publishing 🌐 English

<p><span>Align your SOC with the ATT&amp;CK framework and follow practical examples for successful implementation</span></p><p><span>Purchase of the print or Kindle book includes a free PDF eBook</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Understand Cloud, Windows, and Network A

Call Center Operation: Design, Operation
📁 Call Center Operation: Design, Operation and Maintenance
✍ Duane Sharp 📂 Library 📅 2003 🌐 English

Every customer-facing corporation has at least one call center. In the United States, call centers handle a billion calls per year. Call Center Operation gives you complete coverage of the critical issues involved in the design, implementation, organization, and management of a customer call center.

Call Center Operation: Design, Operation
📁 Call Center Operation: Design, Operation, and Maintenance
✍ Duane Sharp 📂 Library 📅 2003 🏛 Digital Press 🌐 English

Every customer-facing corporation has at least one call center. In the United States, call centers handle a billion calls per year. Call Center Operation gives you complete coverage of the critical issues involved in the design, implementation, organization, and management of a customer call center.