TIENE EN SU CESTA DE LA COMPRA
en total 0,00 €
Security Operations Center
Building, Operating, and Maintaining Your SOC
The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)
Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You'll learn how to select the right strategic option for your organization, and then plan and execute the strategy you've chosen.
Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs.
This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam.
· Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis
· Understand the technical components of a modern SOC
· Assess the current state of your SOC and identify areas of improvement
· Plan SOC strategy, mission, functions, and services
· Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security
· Collect and successfully analyze security data
· Establish an effective vulnerability management practice
· Organize incident response teams and measure their performance
· Define an optimal governance and staffing model
· Develop a practical SOC handbook that people can actually use
· Prepare SOC to go live, with comprehensive transition plans
· React quickly and collaboratively to security incidents
· Implement best practice security operations, including continuous enhancement and improvement
Introduction xx
Part I SOC Basics
Chapter 1 Introduction to Security Operations and the SOC 1
Cybersecurity Challenges 1
Threat Landscape 4
Business Challenges 7
The Cloud 8
Compliance 9
Privacy and Data Protection 9
Introduction to Information Assurance 10
Introduction to Risk Management 11
Information Security Incident Response 14
Incident Detection 15
Incident Triage 16
Incident Categories 17
Incident Severity 17
Incident Resolution 18
Incident Closure 19
Post-Incident 20
SOC Generations 21
First-Generation SOC 22
Second-Generation SOC 22
Third-Generation SOC 23
Fourth-Generation SOC 24
Characteristics of an Effective SOC 24
Introduction to Maturity Models 27
Applying Maturity Models to SOC 29
Phases of Building a SOC 31
Challenges and Obstacles 32
Summary 32
References 33
Chapter 2 Overview of SOC Technologies 35
Data Collection and Analysis 35
Data Sources 37
Data Collection 38
The Syslog Protocol 39
Telemetry Data: Network Flows 45
Telemetry Data: Packet Capture 48
Parsing and Normalization 49
Security Analysis 52
Alternatives to Rule-Based Correlation 55
Data Enrichment 56
Big Data Platforms for Security 57
Vulnerability Management 58
Vulnerability Announcements 60
Threat Intelligence 62
Compliance 64
Ticketing and Case Management 64
Collaboration 65
SOC Conceptual Architecture 66
Summary 67
References 67
Part II: The Plan Phase
Chapter 3 Assessing Security Operations Capabilities 69
Assessment Methodology 69
Step 1: Identify Business and IT Goals 71
Step 2: Assessing Capabilities 73
Assessing IT Processes 75
Step 3: Collect Information 82
Step 4: Analyze Maturity Levels 84
Step 5: Formalize Findings 87
The Organization's Vision and Strategy 87
The Department's Vision and Strategy 87
External and Internal Compliance Requirements 87
Organization's Threat Landscape 88
History of Previous Information Security Incidents 88
SOC Sponsorship 89
Allocated Budget 89
Presenting Data 89
Closing 90
Summary 90
References 90
Chapter 4 SOC Strategy 91
Strategy Elements 91
Who Is Involved? 92
SOC Mission 92
SOC Scope 93
Example 1: A Military Organization 94
Mission Statement 94
SOC Scope Statement 95
Example 2: A Financial Organization 95
Mission Statement 95
SOC Scope Statement 95
SOC Model of Operation 95
In-House and Virtual SOC 96
SOC Services 98
SOC Capabilities Roadmap 99
Summary 101
Part III: The Design Phase
Chapter 5 The SOC Infrastructure 103
Design Considerations 103
Model of Operation 104
Facilities 105
SOC Internal Layout 106
Lighting 107
Acoustics 107
Physical Security 108
Video Wall 108
SOC Analyst Services 109
Active Infrastructure 110
Network 111
Access to Systems 112
Security 112
Compute 115
Dedicated Versus Virtualized Environment 116
Choice of Operating Systems 118
Storage 118
Capacity Planning 119
Collaboration 119
Ticketing 120
Summary 120
References 120
Chapter 6 Security Event Generation and Collection 123
Data Collection 123
Calculating EPS 124
Ubuntu Syslog Server 124
Network Time Protocol 129
Deploying NTP 130
Data-Collection Tools 134
Company 135
Product Options and Architecture 136
Installation and Maintenance 136
User Interface and Experience 136
Compliance Requirements 137
Firewalls 137
Stateless/Stateful Firewalls 137
Cisco Adaptive Security Appliance ASA 138
Application Firewalls 142
Cisco FirePOWER Services 142
Cloud Security 152
Cisco Meraki 153
Exporting Logs from Meraki 154
Virtual Firewalls 155
Cisco Virtual Firewalls 156
Host Firewalls 157
Intrusion Detection and Prevention Systems 157
Cisco FirePOWER IPS 160
Meraki IPS 161
Snort 162
Host-Based Intrusion Prevention 162
Routers and Switches 163
Host Systems 166
Mobile Devices 167
Breach Detection 168
Cisco Advanced Malware Prevention 168
Web Proxies 169
Cisco Web Security Appliance 170
Cloud Proxies 172
Cisco Cloud Web Security 172
DNS Servers 173
Exporting DNS 174
Network Telemetry with Network Flow Monitoring 174
NetFlow Tools 175
StealthWatch 177
Exporting Data from StealthWatch 179
NetFlow from Routers and Switches 182
NetFlow from Security Products 184
NetFlow in the Data Center 186
Summary 187
References 188
Chapter 7 Vulnerability Management 189
Identifying Vulnerabilities 190
Security Services 19