Security Operations in Practice by Mike Sheward

Key objectives of the blue team, through all the daily work discussed in the opening chapters of this book, are preventing security incidents from occurring by enforcing security policy at a technical level, detecting conditions that might indicate an incident is occurring, and investigating and responding accordingly when those conditions occur. Prevention is the primary objective, of course, and if we’re able to successfully prevent an incident occurring, we’ve really earned our keep that day. However, it’s a truth that many in our industry will attest to, that just when you think you’re on top of everything, something new pops up and seeks to catch you out. It’s on these occasions that the ability to ...