book

Security Operations Center: Building, Operating, and Maintaining your SOC

Name: Security Operations Center: Building, Operating, and Maintaining your SOC
ISBN: 9780134052083

by Joseph Muniz, Gary McIntyre, Nadhem AlFardan

November 2015

Intermediate to advanced

375 pages

13h 43m

English

Cisco Press

Read now

Unlock full access

About This E-Book
Title Page
Copyright Page
About the Authors
About the Technical Reviewers
Dedications
Acknowledgments
Contents at a Glance
Contents
Command Syntax Conventions

Introduction
Who Should Read This Book?How This Book Is Organized
Part I: SOC Basics
Chapter 1. Introduction to Security Operations and the SOC
Cybersecurity ChallengesThreat LandscapeBusiness ChallengesIntroduction to Information AssuranceIntroduction to Risk ManagementInformation Security Incident ResponseIncident DetectionIncident TriageIncident ResolutionIncident ClosurePost-IncidentSOC GenerationsFirst-Generation SOCSecond-Generation SOCThird-Generation SOCFourth-Generation SOCCharacteristics of an Effective SOCIntroduction to Maturity ModelsApplying Maturity Models to SOCPhases of Building a SOCChallenges and ObstaclesSummaryReferences
Chapter 2. Overview of SOC Technologies
Data Collection and AnalysisData SourcesData CollectionParsing and NormalizationSecurity AnalysisVulnerability ManagementVulnerability AnnouncementsThreat IntelligenceComplianceTicketing and Case ManagementCollaborationSOC Conceptual ArchitectureSummaryReferences
Part II: The Plan Phase
Chapter 3. Assessing Security Operations Capabilities
Assessment MethodologyStep 1: Identify Business and IT GoalsStep 2: Assessing CapabilitiesStep 3: Collect InformationStep 4: Analyze Maturity LevelsStep 5: Formalize FindingsSummaryReferences
Chapter 4. SOC Strategy
Strategy ElementsWho Is Involved?SOC MissionSOC ScopeExample 1: A Military OrganizationExample 2: A Financial OrganizationSOC Model of OperationIn-House and Virtual SOCSOC ServicesSOC Capabilities RoadmapSummary
Part III: The Design Phase
Chapter 5. The SOC Infrastructure
Design ConsiderationsModel of OperationFacilitiesSOC Internal LayoutPhysical SecurityVideo WallSOC Analyst ServicesActive InfrastructureNetworkSecurityComputeStorageCollaborationSummaryReferences
Chapter 6. Security Event Generation and Collection
Data CollectionCalculating EPSNetwork Time ProtocolData-Collection ToolsFirewallsCloud SecurityCisco MerakiVirtual FirewallsIntrusion Detection and Prevention SystemsCisco FirePOWER IPSMeraki IPSSnortHost-Based Intrusion PreventionRouters and SwitchesHost SystemsMobile DevicesBreach DetectionCisco Advanced Malware PreventionWeb ProxiesCloud ProxiesDNS ServersExporting DNSNetwork Telemetry with Network Flow MonitoringNetFlow ToolsNetFlow from Routers and SwitchesNetFlow from Security ProductsNetFlow in the Data CenterSummaryReferences
Chapter 7. Vulnerability Management
Identifying VulnerabilitiesSecurity ServicesVulnerability ToolsHandling VulnerabilitiesOWASP Risk Rating MethodologyThe Vulnerability Management LifecycleAutomating Vulnerability ManagementInventory Assessment ToolsInformation Management ToolsRisk-Assessment ToolsVulnerability-Assessment ToolsReport and Remediate ToolsResponding ToolsThreat IntelligenceAttack SignaturesThreat FeedsOther Threat Intelligence SourcesSummaryReferences
Chapter 8. People and Processes
Key ChallengesWanted: Rock Stars, Leaders, and GruntsThe Weight of ProcessThe Upper and Lower Bounds of TechnologyDesigning and Building the SOC TeamStarting with the MissionFocusing on ServicesDetermining the Required SOC RolesWorking with HRDeciding on Your Resourcing StrategyWorking with Processes and ProceduresProcesses Versus ProceduresWorking with Enterprise Service Management ProcessesThe Positives and Perils of ProcessExamples of SOC Processes and ProceduresSummary
Part IV: The Build Phase
Chapter 9. The Technology
In-House Versus Virtual SOCNetworkSegmentationVPNHigh AvailabilitySupport ContractsSecurityNetwork Access ControlAuthenticationOn-Network SecurityEncryptionSystemsOperating SystemsHardening EndpointsEndpoint Breach DetectionMobile DevicesServersStorageData-Loss ProtectionCloud StorageCollaborationCollaboration for Pandemic EventsTechnologies to Consider During SOC DesignFirewallsRouters and SwitchesNetwork Access ControlWeb ProxiesIntrusion Detection/PreventionBreach DetectionHoneypotsSandboxesEndpoint Breach DetectionNetwork TelemetryNetwork ForensicsFinal SOC ArchitectureSummaryReferences
Chapter 10. Preparing to Operate
Key ChallengesPeople ChallengesProcess ChallengesTechnology ChallengesManaging Challenges Through a Well-Managed TransitionElements of an Effective Service Transition PlanDetermining Success Criteria and Managing to SuccessManaging Project Resources EffectivelyMarching to Clear and Attainable RequirementsUsing Simple Checks to Verify That the SOC Is ReadySummary
Part V: The Operate Phase
Chapter 11. Reacting to Events and Incidents
A Word About EventsEvent Intake, Enrichment, Monitoring, and HandlingEvents in the SIEMEvents in the Security Log Management SolutionEvents in Their Original HabitatsEvents Through Communications and Collaboration PlatformsWorking with Events: The Malware ScenarioHandling and Investigating the Incident ReportCreating and Managing CasesClosing and Reporting on the CaseSummary
Chapter 12. Maintain, Review, and Improve
Reviewing and Assessing the SOCDetermining ScopeScheduled and Ad Hoc ReviewsInternal Versus External AssessmentsAssessment MethodologiesMaintaining and Improving the SOCMaintaining and Improving ServicesMaintain and Improving Your TeamMaintaining and Improving the SOC Technology StackConclusions
Index
Code Snippets

Overview

Security Operations Center

Building, Operating, and Maintaining Your SOC

The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)

Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You’ll learn how to select the right strategic option for your organization, and then plan and execute the strategy you’ve chosen.

Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs.

This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam.

Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis
Understand the technical components of a modern SOC
Assess the current state of your SOC and identify areas of improvement
Plan SOC strategy, mission, functions, and services
Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security
Collect and successfully analyze security data
Establish an effective vulnerability management practice
Organize incident response teams and measure their performance
Define an optimal governance and staffing model
Develop a practical SOC handbook that people can actually use
Prepare SOC to go live, with comprehensive transition plans
React quickly and collaboratively to security incidents
Implement best practice security operations, including continuous enhancement and improvement

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Open-Source Security Operations Center (SOC)

Publisher Resources

ISBN: 9780134052083Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills