The Modern Security Operations Center

This is the definitive, vendor-neutral guide to building, maintaining, and operating a modern Security Operations Center (SOC). Written by three leading security and networking experts, it brings together all the technical knowledge professionals need to deliver the right mix of security services to their organizations. The authors introduce the SOC as a service provider, and show how to use your SOC to integrate and transform existing security practices, making them far more effective. Writing for security and network professionals, managers, and other stakeholders, the authors cover:

• How SOCs have evolved, and today's key considerations in deploying them
• Key services SOCs can deliver, including organizational risk management, threat modeling, vulnerability assessment, incident response, investigation, forensics, and compliance
• People and process issues, including training, career development, job rotation, and hiring
• Centralizing and managing security data more effectively
• Threat intelligence and threat hunting
• Incident response, recovery, and vulnerability management
• Using data orchestration and playbooks to automate and control the response to any situation
• Advanced tools, including SIEM 2.0
• The future of SOCs, including AI-Assisted SOCs, machine learning, and training models
  Note: This book's lead author, Joseph Muñiz, was also lead author of Security Operations Center: Building, Operating, and Maintaining your SOC (Cisco Press). The Modern Security Operations Center is an entirely new and fully vendor-neutral book.

Auteur

Joseph Muniz is an architect and security researcher in the Cisco Security Sales and Engineering Organization. He is driven by making the world a safer place through education and adversary research. Joseph has extensive experience in designing security solutions and architectures as a trusted advisor for top Fortune 500 corporations and the U.S. government.

Joseph is a researcher and industry thought leader. He speaks regularly at international conferences, writes for technical magazines, and is involved with developing training for various industry certifications. He invented the fictitious character of Emily Williams to create awareness around social engineering. Joseph runs The Security Blogger website, a popular resource for security and product implementation. He is the author and contributor of several publications including titles ranging from security best practices to exploitation tactics.

When Joseph is not using technology, you can find him on the fútbol (soccer) field or raising the next generation of hackers, also known as his children. Follow Joseph at https://www.thesecurityblogger.com and @SecureBlogger

Texte du rabat
The industry standard, vendor-neutral guide to managing security operations centers (SOCs) and delivering SOC services

• All you need to know to effectively provide comprehensive security services through a modern SOC whether you're a manager, security professional, or network professional
• Covers the technical, people, process, and compliance issues required to make an SOC effective no matter whose technology you're using
• Includes full chapters on data centralization, data orchestration, threat intelligence, threat hunting, and many other key topics
• By three internationally renowned security, SOC, and networking experts

Résumé

The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services

This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security services as efficiently and cost-effectively as possible.

Leading security architect Joseph Muniz helps you assess current capabilities, align your SOC to your business, and plan a new SOC or evolve an existing one. He covers people, process, and technology; explores each key service handled by mature SOCs; and offers expert guidance for managing risk, vulnerabilities, and compliance. Throughout, hands-on examples show how advanced red and blue teams execute and defend against real-world exploits using tools like Kali Linux and Ansible. Muniz concludes by previewing the future of SOCs, including Secure Access Service Edge (SASE) cloud technologies and increasingly sophisticated automation.

This guide will be indispensable for everyone responsible for delivering security services—managers and cybersecurity professionals alike.

Address core business and operational requirements, including sponsorship, management, policies, procedures, workspaces, staffing, and technology

Identify, recruit, interview, onboard, and grow an outstanding SOC team

Thoughtfully decide what to outsource and what to insource

Collect, centralize, and use both internal data and external threat intelligence

Quickly and efficiently hunt threats, respond to incidents, and investigate artifacts

Reduce future risk by improving incident recovery and vulnerability management

Apply orchestration and automation effectively, without just throwing money at them

Position yourself today for emerging SOC technologies

Contenu

Preface
Chapter 1: Introducing Security Operations and the SOC
Introducing the SOC
Factors Leading to a Dysfunctional SOC
Cyberthreats
Investing in Security
The Impact of a Breach
Establishing a Baseline
The Impact of Change
Fundamental Security Capabilities
Signature Detection
Behavior Detection
Anomaly Detection
Best of Breed vs. Defense in Depth
Standards, Guidelines, and Frameworks
NIST Cybersecurity Framework
ISO 3100:2018
FIRST Service Frameworks
Applying Frameworks
Industry Threat Models
The Cyber Kill Chain Model
The Diamond Model
MITRE ATT&CK Model
Choosing a Threat Model
Vulnerabilities and Risk
Endless Vulnerabilities
Business Challenges
In-House vs. Outsourcing
Services Advantages
Services Disadvantages
Hybrid Services
SOC Services
SOC Maturity Models
SOC Maturity Assessment
SOC Program Maturity
SOC Goals Assessment
Defining Goals
SOC Goals Ranking
Threats Ranking
SOC Goals Assessment Summarized
SOC Capabilities Assessment
Capability Maps
SOC Capabilities Gaps Analysis
Capability Map Next Steps
SOC Development Milestones
Summary
References
Chapter 2: Developing a Security Operations Center
Mission Statement and Scope Statement
Developing Mission and Scope Statements
SOC Scope Statement
Developing a SOC
SOC Procedures
Designing Procedures
Security Tools
Evaluating Vulnerabilities
Preventive Technologies
Detection Technologies
Mobile Device Security Concerns
Planning a SOC
Capacity Planning
Developing a Capacity Plan
Designing a SOC Facility
Physical SOC vs. Virtual SOC
SOC Location
SOC Interior
SOC Rooms
SOC Computer Rooms
SOC Layouts
Network Considerations
Segmentation
Logical Segmentation
Choosing Segmentation
Client/Server Segmentation
Active Directory Segmentation
Throughput
Connectivity and Redundancy
Disaster Recovery
Security Considerations
Policy and Compliance
Network Access Control
Encryption
Internal Security Tools
Intrusion Detection and Prevention
Network Flow and Capturing Packets
Change Management
Host Systems
Guidelines and Recommendations for Securing Your SOC Network
Tool Collaboration
SOC Tools
Reporting and Dashboards
Throughput and Storage
Centralized Data Management
Summary
References
Chapter 3: SOC Services
Fundamental SOC Services
SOC Challenges
The Three Pillars of Foundational SOC Support Services
Pillar 1: Work E…