book

The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost

May 2021

Intermediate to advanced

752 pages

23h 46m

English

Addison-Wesley Professional

Read now

Unlock full access

VisionWho Should Read This Book?How This Book Is OrganizedBook Structure

Introducing the SOCFactors Leading to a Dysfunctional SOCCyberthreatsInvesting in SecurityThe Impact of a BreachEstablishing a BaselineFundamental Security CapabilitiesStandards, Guidelines, and FrameworksIndustry Threat ModelsVulnerabilities and RiskBusiness ChallengesIn-House vs. OutsourcingSOC ServicesSOC Maturity ModelsSOC Goals AssessmentSOC Capabilities AssessmentSOC Development MilestonesSummaryReferences
Mission Statement and Scope StatementDeveloping a SOCSOC ProceduresSecurity ToolsPlanning a SOCDesigning a SOC FacilityNetwork ConsiderationsDisaster RecoverySecurity ConsiderationsInternal Security ToolsGuidelines and Recommendations for Securing Your SOC NetworkSOC ToolsSummaryReferences
Fundamental SOC ServicesThe Three Pillars of Foundational SOC Support ServicesSOC Service AreasSOC Service Job GoalsService Maturity: If You Build It, They Will ComeSOC Service 1: Risk ManagementSOC Service 2: Vulnerability ManagementSOC Service 3: ComplianceSOC Service 4: Incident ManagementSOC Service 5: AnalysisSOC Service 6: Digital ForensicsSOC Service 7: Situational and Security AwarenessSOC Service 8: Research and DevelopmentSummaryReferences
Career vs. JobDeveloping Job RolesSOC Job RolesNICE Cybersecurity Workforce FrameworkRole TiersSOC Services and Associated Job RolesSoft SkillsSecurity Clearance RequirementsPre-InterviewingInterviewingOnboarding EmployeesManaging PeopleJob RetentionTrainingCertificationsCompany CultureSummaryReferences
Data in the SOCData-Focused AssessmentLogsSecurity Information and Event ManagementTroubleshooting SIEM LoggingAPIsBig DataMachine LearningSummaryReferences
Why Exceeding CompliancePoliciesLaunching a New PolicyPolicy EnforcementProceduresTabletop ExerciseStandards, Guidelines, and FrameworksAuditsAssessmentsPenetration TestIndustry ComplianceSummaryReferences
Threat Intelligence OverviewThreat Intelligence CategoriesThreat Intelligence ContextEvaluating Threat IntelligencePlanning a Threat Intelligence ProjectCollecting and Processing IntelligenceActionable IntelligenceFeedbackSummaryReferences
Security IncidentsIncident Response LifecyclePhase 1: PreparationPhase 2: Detection and AnalysisPhase 3: Containment, Eradication, and RecoveryDigital ForensicsPhase 4: Post-Incident ActivityIncident Response GuidelinesSummaryReferences
Vulnerability ManagementMeasuring VulnerabilitiesVulnerability TechnologyVulnerability Management ServiceVulnerability ResponseVulnerability Management Process SummarizedSummaryReferences
Introduction to Data OrchestrationSecurity Orchestration, Automation, and ResponseEndpoint Detection and ResponsePlaybooksAutomationDevOps ProgrammingDevOps ToolsBlueprinting with OsqueryNetwork ProgrammabilityCloud ProgrammabilitySummaryReferences
All Eyes on SD-WAN and SASEIT Services Provided by the SOCFuture of TrainingFull Automation with Machine LearningFuture of Your SOC: Bringing It All TogetherSummaryReferences

Content preview from The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

Chapter 8 Threat Hunting and Incident Response

If some animals are good at hunting and others are suitable for hunting, then the gods must clearly smile on hunting.

—Aristotle

One of the staple services found in mature security operations centers around the world is incident response. Every organization has the expectation that the SOC will jump into action when a cybersecurity incident occurs. Who do you call when malware is found? The SOC! Who do you call when phishing attacks are identified? The SOC! Who do you call when data has been stolen? The SOC! The SOC is the organization’s defense against cyberthreats. The key to the SOC’s success when initiating its incident response service is ensuring the right processes are followed, as each incident ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Security Operations Center: Building, Operating, and Maintaining your SOC

Publisher Resources

ISBN: 9780135619858

The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost

Chapter 8

Threat Hunting and Incident Response

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Security Operations Center: Building, Operating, and Maintaining your SOC

Foundations of Information Security

Cybersecurity Risk Management

ISO 27001/ISO 27002 - A guide to information security management systems

Publisher Resources

Chapter 8

Threat Hunting and Incident Response

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Security Operations Center: Building, Operating, and Maintaining your SOC

Foundations of Information Security

Cybersecurity Risk Management

ISO 27001/ISO 27002 - A guide to information security management systems

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.