book

Agile Security Operations

Name: Agile Security Operations
Author: Hinne Hettema
ISBN: 9781801815512

by Hinne Hettema

February 2022

Beginner

254 pages

5h 57m

English

Packt Publishing

Read now

Unlock full access

Agile Security Operations
ContributorsAbout the authorAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your Thoughts
Section 1: Incidence Response: The Heart of Security
Chapter 1: How Security Operations Are Changing
Why security is hardSecurity operationsCybersecurity, threats, and riskFive types of cyber defenseSecurity incidents Security solutions in search of a problem The scope of security operationsWhere security operations turn agileAgile incident responseAgile security operationsSummary
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breachesThe incident response cycleKnowing an incident – detection and analysisDetection engineeringRepurposingAnalyzing threatsBranches and pivots – how incidents changeThe kill chain modelExpanding the options for defenseLateral movementAgile incident responseCompromise is eternalIncidents and compromisesWhy incident response needs to be agileTeam structure for incident responseLearning from incidents – from resolution to tactics to strategySummary
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineeringMapping the incident loopFeedback – closing the incident loopThe businesslike weaknesses of attackersA brief discussion of agile frameworksLeanKanbanScrumAgile security operationsKey activities in agile security operationsBreachDetectAnalyzeContainEradicateRecoverDevelop context and TTPsUpdating the architecture, strategy, and riskDetection engineeringImprovements – prevention, discovery, and predictionTooling – defend to respondPassive defenseActive defense – Mitre ATT&CK and ShieldSummary
Section 2: Defensible Organizations
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?Enduring failureThe fit of security operationsCoordination and discoordinationCoordination gamesDiscoordination gamesA framework for uncertaintyA brief overview of the Cynefin frameworkConstraintsResolving crisesStructured analytic techniquesIs this part of the security skillset?Summary
Chapter 5: Defensible Architecture
The definition of defensible architecturePareto optimizable attacksUnderstanding the kill chainRequirements of defensible architectureDefense in depthImplied trust in network segmentsTrust in the endpoints of the architectureDefense in depth as an evolutionThe new security boundariesPrinciples of the defensible architectureRoots of trustIdentity as a root of trustData controls as a root of trustAlgorithmic integrity as a root of trustRoots of trust and verifiabilityElements of the defensible architecturePreventionVisibility and forensic readinessThreat modelingAttack path modelingDefensible architecture tradeoffsOn-premises infrastructureCloudIndustrialSummary
Chapter 6: Active Defense
The role of active defenseActive defense as one of the five types of cyber defenseCompromise is eternalAgile incident responseAn approach to active defenseThe agile active defense processUnderstanding the adversaryPeople and processesTechnologyActive defense during a crisisActive defense for eternal compromiseAssessAdaptThe pivot or [<>]ExaptTranscendSummary

Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reductionMeasuring risk reductionDescriptionFinancial aspects of risksControlsRisk management versus enabling the businessStrategy maps – security as business valueConstructing strategy mapsStrategy map layersSecurity strategy mapsStarting a security strategyWorking with the security strategy mapFinancial metricsCustomer metricsOperations metricsMetrics for capabilitiesSummary
Section 3: Advanced Agile Security Operations
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teamingWhy red team?What is a red team?What is a blue team?Threat huntingHunt leads Analytic queriesAlternative hunt leads – alert streams and detectionsImplementing a threat hunting practicePurple teaming conceptsPurple team activitiesCharacteristics of blue and red teamsAgile approaches to purple teamingPurple teaming operations Planning – sources of attack dataPlanning – cadence and processExecuting the red side of purple teamingFeedback – moving to an agile approachClosing into threat-informed defenseBusiness value from purple teamingSecurity baseliningSecurity posture improvementThreat-informed defenseSummary
Chapter 9: Running and Operating Security Services
The essential security servicesWhat is a service?Service worksheetsStrategy servicePoliciesArchitectureDeploymentMonitoring and alertingIncident responseOther servicesService maturityMaturity managementPractices – components of a serviceMeasuring effectivenessMaturity modelsDefining CapabilityMaturity does not stand aloneDrawbacks of MaturityAgile approaches to the six security servicesAgileDevOps cycleSummary
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn'tA threat intelligence programAcquiring threat intelligenceRunning your own functionUsing threat intelligenceDirectionUnderstanding risk reductionUsing past attacks as a guideScoping prospective groupsBusiness capabilities and operational contextThe influence on directionCollection and collationThe data funnelExternal feedsFeeds meeting internal logsInterpretationUsing structured analytic techniquesThreat groupsDisseminationRisk analysisAlerting, hunting, and detectionInfrastructure hardeningSummary
Appendix
Principles of cybersecurity operations
Further reading
BackgroundCynefin frameworkCynefin Field guideStructured analytic techniquesArchitectureThreat modelingOrganizationsOperationsPrinciples for operationsSOC operationsPeople to follow
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Agile Security Operations

Chapter 8: Red, Blue, and Purple Teaming

Active defense, which we discussed in Chapter 6, Active Defense, applies the principles of blue teaming. Many organizations, as part of the process of deploying new applications, as well as to provide ongoing assurance, perform red teaming to ensure that at least the obvious security vulnerabilities have been addressed before putting a new application or a new infrastructure out into the world. Purple teaming is a mix of the two.

In purple teaming, the defenders, or the blue team, perform monitoring and alerting, while the red team, the attackers, perform controlled attacks. During the process or afterward, the teams compare notes to evaluate how certain attacks appear on the network, whether detections ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781801815512

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Agile Security Operations

by Hinne Hettema

Chapter 8: Red, Blue, and Purple Teaming

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.