0%

This is the definitive, vendor-neutral guide to building, maintaining, and operating a modern Security Operations Center (SOC). Written by three leading security and networking experts, it brings together all the technical knowledge professionals need to deliver the right mix of security services to their organizations. The authors introduce the SOC as a service provider, and show how to use your SOC to integrate and transform existing security practices, making them far more effective. Writing for security and network professionals, managers, and other stakeholders, the authors cover:

  • How SOCs have evolved, and todays key considerations in deploying them
  • Key services SOCs can deliver, including organizational risk management, threat modeling, vulnerability assessment, incident response, investigation, forensics, and compliance
  • People and process issues, including training, career development, job rotation, and hiring
  • Centralizing and managing security data more effectively
  • Threat intelligence and threat hunting
  • Incident response, recovery, and vulnerability management
  • Using data orchestration and playbooks to automate and control the response to any situation
  • Advanced tools, including SIEM 2.0
  • The future of SOCs, including AI-Assisted SOCs, machine learning, and training models

Note: This books author, Joseph Muñiz, was also lead author of Security Operations Center: Building, Operating, and Maintaining your SOC (Cisco Press). The Modern Security Operations Center is an entirely new and fully vendor-neutral book.

Table of Contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. Preface
    1. Vision
    2. Who Should Read This Book?
    3. How This Book Is Organized
    4. Book Structure
  8. We Want to Hear from You!
  9. Reader Services
  10. Acknowledgments
  11. About the Author
  12. Figure Credits
  13. Chapter 1. Introducing Security Operations and the SOC
    1. Introducing the SOC
    2. Factors Leading to a Dysfunctional SOC
    3. Cyberthreats
    4. Investing in Security
    5. The Impact of a Breach
    6. Establishing a Baseline
    7. Fundamental Security Capabilities
    8. Standards, Guidelines, and Frameworks
    9. Industry Threat Models
    10. Vulnerabilities and Risk
    11. Business Challenges
    12. In-House vs. Outsourcing
    13. SOC Services
    14. SOC Maturity Models
    15. SOC Goals Assessment
    16. SOC Capabilities Assessment
    17. SOC Development Milestones
    18. Summary
    19. References
  14. Chapter 2. Developing a Security Operations Center
    1. Mission Statement and Scope Statement
    2. Developing a SOC
    3. SOC Procedures
    4. Security Tools
    5. Planning a SOC
    6. Designing a SOC Facility
    7. Network Considerations
    8. Disaster Recovery
    9. Security Considerations
    10. Internal Security Tools
    11. Guidelines and Recommendations for Securing Your SOC Network
    12. SOC Tools
    13. Summary
    14. References
  15. Chapter 3. SOC Services
    1. Fundamental SOC Services
    2. The Three Pillars of Foundational SOC Support Services
    3. SOC Service Areas
    4. SOC Service Job Goals
    5. Service Maturity: If You Build It, They Will Come
    6. SOC Service 1: Risk Management
    7. SOC Service 2: Vulnerability Management
    8. SOC Service 3: Compliance
    9. SOC Service 4: Incident Management
    10. SOC Service 5: Analysis
    11. SOC Service 6: Digital Forensics
    12. SOC Service 7: Situational and Security Awareness
    13. SOC Service 8: Research and Development
    14. Summary
    15. References
  16. Chapter 4. People and Process
    1. Career vs. Job
    2. Developing Job Roles
    3. SOC Job Roles
    4. NICE Cybersecurity Workforce Framework
    5. Role Tiers
    6. SOC Services and Associated Job Roles
    7. Soft Skills
    8. Security Clearance Requirements
    9. Pre-Interviewing
    10. Interviewing
    11. Onboarding Employees
    12. Managing People
    13. Job Retention
    14. Training
    15. Certifications
    16. Company Culture
    17. Summary
    18. References
  17. Chapter 5. Centralizing Data
    1. Data in the SOC
    2. Data-Focused Assessment
    3. Logs
    4. Security Information and Event Management
    5. Troubleshooting SIEM Logging
    6. APIs
    7. Big Data
    8. Machine Learning
    9. Summary
    10. References
  18. Chapter 6. Reducing Risk and Exceeding Compliance
    1. Why Exceeding Compliance
    2. Policies
    3. Launching a New Policy
    4. Policy Enforcement
    5. Procedures
    6. Tabletop Exercise
    7. Standards, Guidelines, and Frameworks
    8. Audits
    9. Assessments
    10. Penetration Test
    11. Industry Compliance
    12. Summary
    13. References
  19. Chapter 7. Threat Intelligence
    1. Threat Intelligence Overview
    2. Threat Intelligence Categories
    3. Threat Intelligence Context
    4. Evaluating Threat Intelligence
    5. Planning a Threat Intelligence Project
    6. Collecting and Processing Intelligence
    7. Actionable Intelligence
    8. Feedback
    9. Summary
    10. References
  20. Chapter 8. Threat Hunting and Incident Response
    1. Security Incidents
    2. Incident Response Lifecycle
    3. Phase 1: Preparation
    4. Phase 2: Detection and Analysis
    5. Phase 3: Containment, Eradication, and Recovery
    6. Digital Forensics
    7. Phase 4: Post-Incident Activity
    8. Incident Response Guidelines
    9. Summary
    10. References
  21. Chapter 9. Vulnerability Management
    1. Vulnerability Management
    2. Measuring Vulnerabilities
    3. Vulnerability Technology
    4. Vulnerability Management Service
    5. Vulnerability Response
    6. Vulnerability Management Process Summarized
    7. Summary
    8. References
  22. Chapter 10. Data Orchestration
    1. Introduction to Data Orchestration
    2. Security Orchestration, Automation, and Response
    3. Endpoint Detection and Response
    4. Playbooks
    5. Automation
    6. DevOps Programming
    7. DevOps Tools
    8. Blueprinting with Osquery
    9. Network Programmability
    10. Cloud Programmability
    11. Summary
    12. References
  23. Chapter 11. Future of the SOC
    1. All Eyes on SD-WAN and SASE
    2. IT Services Provided by the SOC
    3. Future of Training
    4. Full Automation with Machine Learning
    5. Future of Your SOC: Bringing It All Together
    6. Summary
    7. References
  24. Index