Modern Security Operations Center, The, 1st edition
BRAND: PEARSON
eBook edition. 1 Year Subscription. Dành cho Cá nhân | Trường ĐH, Nhóm, Thư Viện: Gọi 0915920514 để báo giá Pearson, Vital Source eBook hoặc mua Sách In
Tổng quan sách
Đây là hướng dẫn dứt khoát, trung lập với nhà cung cấp để xây dựng, duy trì và vận hành Trung tâm Điều hành An ninh (SOC) hiện đại. Các tác giả giới thiệu SOC với tư cách là nhà cung cấp dịch vụ và chỉ ra cách sử dụng SOC của bạn để tích hợp và chuyển đổi các biện pháp bảo mật hiện có, giúp chúng hiệu quả hơn nhiều. Cuốn sách này bao gồm: SOC đã phát triển như thế nào và những cân nhắc chính khi triển khai chúng ngày nayCác dịch vụ chính mà SOC có thể cung cấp, bao gồm quản lý rủi ro tổ chức, lập mô hình mối đe dọa, đánh giá lỗ hổng, ứng phó sự cố, điều tra, pháp y và tuân thủCác vấn đề về con người và quy trình, bao gồm đào tạo, phát triển nghề nghiệp, luân chuyển công việc và tuyển dụng Tập trung và quản lý dữ liệu bảo mật hiệu quả hơnThông tin về mối đe dọa và săn lùng mối đe dọaỨng phó sự cố, phục hồi và quản lý lỗ hổngSử dụng điều phối dữ liệu và sổ tay để tự động hóa và kiểm soát phản hồi cho mọi tình huốngCác công cụ nâng cao, bao gồm SIEM 2.0Tương lai của SOC, bao gồm SOC được hỗ trợ bởi AI, học máy và mô hình đào tạo
- Preface
- Chapter 1:Introducing Security Operations and the SOCIntroducing the SOCFactors Leading to a Dysfunctional SOCCyberthreatsInvesting in SecurityThe Impact of a BreachEstablishing a Baseline The Impact of ChangeFundamental Security Capabilities Signature Detection Behavior Detection Anomaly Detection Best of Breed vs. Defense in DepthStandards, Guidelines, and Frameworks NIST Cybersecurity Framework ISO 3100:2018 FIRST Service Frameworks Applying FrameworksIndustry Threat Models The Cyber Kill Chain Model The Diamond Model MITRE ATT&CK Model Choosing a Threat ModelVulnerabilities and Risk Endless VulnerabilitiesBusiness ChallengesIn-House vs. Outsourcing Services Advantages Services Disadvantages Hybrid ServicesSOC ServicesSOC Maturity Models SOC Maturity Assessment SOC Program MaturitySOC Goals Assessment Defining Goals SOC Goals Ranking Threats Ranking SOC Goals Assessment SummarizedSOC Capabilities Assessment Capability Maps SOC Capabilities Gaps Analysis Capability Map Next StepsSOC Development MilestonesSummaryReferences
- Chapter 2:Developing a Security Operations CenterMission Statement and Scope Statement Developing Mission and Scope Statements SOC Scope StatementDeveloping a SOCSOC Procedures Designing ProceduresSecurity Tools Evaluating Vulnerabilities Preventive Technologies Detection Technologies Mobile Device Security ConcernsPlanning a SOC Capacity Planning Developing a Capacity PlanDesigning a SOC Facility Physical SOC vs. Virtual SOC SOC Location SOC Interior SOC Rooms SOC Computer Rooms SOC LayoutsNetwork Considerations Segmentation Logical Segmentation Choosing Segmentation Client/Server Segmentation Active Directory Segmentation Throughput Connectivity and RedundancyDisaster RecoverySecurity Considerations Policy and Compliance Network Access Control EncryptionInternal Security Tools Intrusion Detection and Prevention Network Flow and Capturing Packets Change Management Host SystemsGuidelines and Recommendations for Securing Your SOC Network Tool CollaborationSOC Tools Reporting and Dashboards Throughput and Storage Centralized Data ManagementSummaryReferences
- Chapter 3:SOC ServicesFundamental SOC Services SOC ChallengesThe Three Pillars of Foundational SOC Support Services Pillar 1: Work Environment Pillar 2: People Pillar 3: Technology Evaluating the Three Pillars of Foundational SOC Support ServicesSOC Service Areas FIRST's CSIRT Developing SOC Service Areas In-House Services vs. External Services Contracted vs. Employee Job RolesSOC Service Job Goals Resource PlanningService Maturity: If You Build It, They Will ComeSOC Service 1: Risk Management Four Responses to Risk Reducing Risk Addressing RiskSOC Service 2: Vulnerability Management Vulnerability Management Best Practice Vulnerability Scanning Tools Penetration TestingSOC Service 3: Compliance Meeting Compliance with AuditsSOC Service 4: Incident Management NIST Special Publication 800-61 Revision 2 Incident Response Planning Incident Impact PlaybooksSOC Service 5: Analysis Static Analysis Dynamic AnalysisSOC Service 6: Digital ForensicsSOC Service 7: Situational and Security Awareness User TrainingSOC Service 8: Research and DevelopmentSummaryReferences
- Chapter 4:People and ProcessCareer vs. JobDeveloping Job Roles General Schedule Pay Scale IT Industry Job Roles Common IT Job RolesSOC Job Roles Security Analyst Penetration Tester Assessment Officer Incident Responder Systems Analyst Security Administrator Security Engineer Security Trainer Security Architect Cryptographer/Cryptologist Forensic Engineer Chief Information Security OfficerNICE Cybersecurity Workforce Framework Nice Framework ComponentsRole TiersSOC Services and Associated Job Roles Risk Management Service Vulnerability Management Service Incident Management Service Analysis Service Compliance Service Digital Forensics Service Situational and Security Awareness Service Research and Development ServiceSoft Skills Evaluating Soft Skills SOC Soft SkillsSecurity Clearance RequirementsPre-InterviewingInterviewing Interview Prompter Post InterviewOnboarding Employees Onboarding RequirementsManaging PeopleJob RetentionTraining Training MethodsCertificationsCompany CultureSummaryReferences
- Chapter 5:Centralizing DataData in the SOC Strategic and Tactical Data Data Structure Data Types Data ContextData-Focused Assessment Data Assessment Example: Antivirus Threat Mapping Data Applying Data Assessments to SOC ServicesLogs Log Types Log FormatsSecurity Information and Event Management SIEM Data Processing Data Correlation Data Enrichment SIEM Solution Planning SIEM TuningTroubleshooting SIEM Logging SIEM Troubleshooting Part 1: Data Input SIEM Troubleshooting Part 2: Data Processing and Validation SIEM Troubleshooting Examples Additional SIEM FeaturesAPIs Leveraging APIs API Architectures API ExamplesBig Data Hadoop Big Data Threat FeedsMachine Learning Machine Learning in Cybersecurity Artificial Intelligence Machine Learning ModelsSummaryReferences
- Chapter 6:Reducing Risk and Exceeding ComplianceWhy Exceeding CompliancePolicies Policy Overview Policy Purpose Policy Scope Policy Statement Policy Compliance Related Standards, Policies, Guidelines, and Processes Definitions and Terms HistoryLaunching a New Policy Steps for Launching a New PolicyPolicy Enforcement Certification and AccreditationProcedures Procedure DocumentTabletop Exercise Tabletop Exercise Options Tabletop Exercise Execution Tabletop Exercise Format Tabletop Exercise Template ExampleStandards, Guidelines, and Frameworks NIST Cybersecurity Framework ISO/IEC 27005 CIS Controls ISACA COBIT 2019 FIRST CSIRT Services Framework Exceeding ComplianceAudits Audit Example Internal Audits External Auditors Audit ToolsAssessments Assessment Types Assessment Results Assessment Template Vulnerability Scanners Assessment Program WeaknessesPenetration Test NIST Special Publication 800-115 Additional NIST SP 800-115 Guidance Penetration Testing Types Penetration Testing PlanningIndustry Compliance Compliance RequirementsSummaryReferences
- Chapter 7:Threat IntelligenceThreat Intelligence Overview Threat DataThreat Intelligence Categories Strategic Threat Intelligence Tactical Threat Intelligence Operational Threat Intelligence Technical Threat IntelligenceThreat Intelligence Context Threat ContextEvaluating Threat Intelligence Threat Intelligence Checklist Content Quality Testing Threat IntelligencePlanning a Threat Intelligence Project Data Expectations for Strategic Threat Intelligence Data Expectations for Tactical Threat Intelligence Data Expectations for Operational Threat Intelligence Data Expectations for Technical Threat IntelligenceCollecting and Processing Intelligence Processing Nontechnical Data Operational Data and Web Processing Technical Processing Technical Threat Intelligence ResourcesActionable Intelligence Security Tools and Threat IntelligenceFeedbackSummaryReferences
- Chapter 8:Threat Hunting and Incident ResponseSecurity IncidentsIncident Response LifecyclePhase 1: Preparation Assigning Tasks with Playbooks Communication Third-Party Interaction Law Enforcement Law Enforcement Risk Ticketing Systems Other Incident Response Planning Templates Phase 1: Preparation SummaryPhase 2: Detection and Analysis Incident Detection Core Security Capabilities Threat Analysis Detecting Malware Behavior Infected Systems Analyzing Artifacts Identifying Artifact Types Packing Files Basic Static Analysis Advanced Static Analysis Dynamic Analysis Phase 2: Detection and Analysis SummaryPhase 3: Containment, Eradication, and Recovery Containment Responding to Malware Threat Hunting Techniques Eradicate RecoveryDigital Forensics Digital Forensic Process First Responder Chain of Custody Working with Evidence Duplicating Evidence Hashes Forensic Static Analysis Recovering Data Forensic Dynamic Analysis Digital Forensics Summary Phase 3: Containment, Eradication, and Recovery SummaryPhase 4: Post-Incident Activity Post-Incident Response Process Phase 4: Post-Incident Response SummaryIncident Response Guidelines FIRST Services FrameworksSummaryReferences
- Chapter 9:Vulnerability ManagementVulnerability Management Phase 1: Asset Inventory Phase 2: Information Management Phase 3: Risk Assessment Phase 4: Vulnerability Assessment Phase 5: Report and Remediate Phase 6: Respond and RepeatMeasuring Vulnerabilities Common Vulnerabilities and Exposures Common Vulnerability Scoring System CVSS StandardsVulnerability Technology Vulnerability Scanners Currency and Coverage Tuning Vulnerability Scanners Exploitation Tools Asset Management and Compliance Tools Network Scanners and Network Access Control Threat Detection ToolsVulnerability Management Service Scanning Services Vulnerability Management Service Roles Vulnerability Evaluation ProceduresVulnerability Response Vulnerability Accuracy Responding to Vulnerabilities Cyber Insurance Patching Systems Residual Risk Remediation Approval Reporting ExceptionsVulnerability Management Process SummarizedSummaryReferences
- Chapter 10:Data OrchestrationIntroduction to Data Orchestration Comparing SIEM and SOAR The Rise of XDRSecurity Orchestration, Automation, and Response SOAR Example: PhantomEndpoint Detection and Response EDR Example: CrowdStrikePlaybooks Playbook Components Constructing Playbooks Incident Response Consortium Playbook Examples: Malware OutbreakAutomation Automating Playbooks Common Targets for Automation Automation Pitfalls Playbook WorkflowDevOps Programming Data Management Text-File Formats Common Data Formats Data ModelingDevOps Tools DevOps Targets Manual DevOps Automated DevOps DevOps Lab Using Ansible Ansible PlaybooksBlueprinting with Osquery Running OsqueryNetwork Programmability Learning NetDevOps APIs NetDevOps ExampleCloud Programmability Orchestration in the Cloud Amazon DevOps SaaS DevOpsSummaryReferences
- Chapter 11:Future of the SOCAll Eyes on SD-WAN and SASE VoIP Adoption As Prologue to SD-WAN Adoption Introduction of SD-WAN Challenges with the Traditional WAN SD-WAN to the Rescue SASE Solves SD-WAN Problems SASE Defined Future of SASEIT Services Provided by the SOC IT Operations Defined Hacking IT Services IT Services Evolving Future of IT ServicesFuture of Training Training Challenges Training Today Case Study: Training I Use Today Free Training Gamifying Learning On-Demand and Personalized Learning Future of TrainingFull Automation with Machine Learning Machine Learning Machine Learning Hurdles Machine Learning Applied Training Machine Learning Future of Machine LearningFuture of Your SOC: Bringing It All Together Your Future Facilities and Capabilities Group Tags Your Future SOC Staff Audits, Assessments, and Penetration Testing Future Impact to Your Services Hunting for Tomorrow's ThreatsSummaryReferences9780135619858 TOC 3/24/2021
.svg)