Joseph Muniz, Gary McIntyre, Nadhem Alfardan

Security Operations Center (eBook, PDF)

Building, Operating, and Maintaining your SOC

Leseprobe

Security Operations Center (eBook, PDF) - Muniz, Joseph; McIntyre, Gary; Alfardan, Nadhem

Leseprobe

Fotogalerie

Als Download kaufen

21,95 €

inkl. MwSt.

Sofort per Download lieferbar

11 °P sammeln

Jetzt verschenken

21,95 €

inkl. MwSt.

Sofort per Download lieferbar

Alle Infos zum eBook verschenken

11 °P sammeln

Als Download kaufen

Geschenk

Joseph Muniz, Gary McIntyre, Nadhem Alfardan

Security Operations Center (eBook, PDF)

Building, Operating, and Maintaining your SOC

Format: PDF

Jetzt bewerten Jetzt bewerten

Geräte: PC
ohne Kopierschutz
eBook Hilfe
Größe: 6.11MB

Andere Kunden interessierten sich auch für

Joseph Muniz
Modern Security Operations Center, The (eBook, PDF)

28,95 €
Yuri Diogenes
Microsoft Azure Security Center (eBook, PDF)

21,95 €
Kevin Lynn McLaughlin
Cybersecurity Operations and Fusion Centers (eBook, PDF)

38,95 €
Kyle Rankin
Linux Hardening in Hostile Networks (eBook, PDF)

20,95 €
Chess Brian
Secure Programming with Static Analysis (eBook, PDF)

24,95 €
William Easttom
Network Defense and Countermeasures (eBook, PDF)

40,95 €
Santuka Vivek
AAA Identity Management Security (eBook, PDF)

29,95 €

Produktbeschreibung

Security Operations Center

Building, Operating, and Maintaining Your SOC

The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)

Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You'll learn how to select the right strategic option for your organization, and then plan and execute the strategy you've chosen.

Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs.

This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam.

· Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis

· Understand the technical components of a modern SOC

· Assess the current state of your SOC and identify areas of improvement

· Plan SOC strategy, mission, functions, and services

· Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security

· Collect and successfully analyze security data

· Establish an effective vulnerability management practice

· Organize incident response teams and measure their performance

· Define an optimal governance and staffing model

· Develop a practical SOC handbook that people can actually use

· Prepare SOC to go live, with comprehensive transition plans

· React quickly and collaboratively to security incidents

· Implement best practice security operations, including continuous enhancement and improvement

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

Produktdetails
Verlag: Pearson ITP
Seitenzahl: 448
Erscheinungstermin: 24. Oktober 2015
Englisch
ISBN-13: 9780134052069
Artikelnr.: 52973641

Produktdetails

Verlag: Pearson ITP
Seitenzahl: 448
Erscheinungstermin: 24. Oktober 2015
Englisch
ISBN-13: 9780134052069
Artikelnr.: 52973641

Autorenporträt

Joseph Muniz is a consultant at Cisco Systems and security researcher. Joseph started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects, ranging from Fortune 500 corporations to large federal networks. Joseph is the author of and contributor to several books and is a speaker for popular security conferences. Check out his blog, http://www.thesecurityblogger.com, which showcases the latest security events, research, and technologies.

Gary McIntyre is a seasoned information security professional focusing on the development and operation of large-scale information security programs. As an architect, manager, and consultant, he has worked with a wide range of public and private sector organizations around the world to design, build, and maintain small to large security operations teams. He currently holds a Masters degree from the University of Toronto and has also been a long-time (ISC)² instructor.

Dr. Nadhem AlFardan has more than 15 years of experience in the area of information security and holds a Ph.D. in Information Security from Royal Holloway, University of London. Nadhem is a senior security solution architect working for Cisco Systems. Before joining Cisco, he worked for Schlumbeger and HSBC. Nadhem is CISSP certified and is an ISO 27001 lead auditor. He is also CCIE Security certified. In his Ph.D. research, Nadhem published a number of papers in prestige conferences, such as IEEE S&P and USENIX Security, mainly around cryptoanalysis topics. His work involved him working with organizations such as Google, Microsoft, Cisco, Mozilla, OpenSSL, and many others, mainly to help them assess and fix major findings in the Transport Layer Security/Secure Sockets Layer (TLS/SSL) protocol. His work is referenced in a number of IETF standards.

Inhaltsangabe

Introduction xx
Part I SOC Basics
Chapter 1 Introduction to Security Operations and the SOC 1
Cybersecurity Challenges 1
    Threat Landscape 4
    Business Challenges 7
        The Cloud 8
        Compliance 9
        Privacy and Data Protection 9
Introduction to Information Assurance 10
Introduction to Risk Management 11
Information Security Incident Response 14
    Incident Detection 15
    Incident Triage 16
        Incident Categories 17
        Incident Severity 17
    Incident Resolution 18
    Incident Closure 19
    Post-Incident 20
SOC Generations 21
    First-Generation SOC 22
    Second-Generation SOC 22
    Third-Generation SOC 23
    Fourth-Generation SOC 24
Characteristics of an Effective SOC 24
Introduction to Maturity Models 27
Applying Maturity Models to SOC 29
Phases of Building a SOC 31
Challenges and Obstacles 32
Summary 32
References 33
Chapter 2 Overview of SOC Technologies 35
Data Collection and Analysis 35
    Data Sources 37
    Data Collection 38
        The Syslog Protocol 39
        Telemetry Data: Network Flows 45
        Telemetry Data: Packet Capture 48
    Parsing and Normalization 49
    Security Analysis 52
        Alternatives to Rule-Based Correlation 55
        Data Enrichment 56
        Big Data Platforms for Security 57
Vulnerability Management 58
    Vulnerability Announcements 60
Threat Intelligence 62
Compliance 64
Ticketing and Case Management 64
Collaboration 65
SOC Conceptual Architecture 66
Summary 67
References 67
Part II: The Plan Phase
Chapter 3 Assessing Security Operations Capabilities 69
Assessment Methodology 69
    Step 1: Identify Business and IT Goals 71
    Step 2: Assessing Capabilities 73
        Assessing IT Processes 75
    Step 3: Collect Information 82
    Step 4: Analyze Maturity Levels 84
    Step 5: Formalize Findings 87
        The Organization’s Vision and Strategy 87
        The Department’s Vision and Strategy 87
        External and Internal Compliance Requirements 87
        Organization’s Threat Landscape 88
        History of Previous Information Security Incidents 88
        SOC Sponsorship 89
        Allocated Budget 89
        Presenting Data 89
        Closing 90
Summary 90
References 90
Chapter 4 SOC Strategy 91
Strategy Elements 91
    Who Is Involved? 92
    SOC Mission 92
    SOC Scope 93
    Example 1: A Military Organization 94
        Mission Statement 94
        SOC Scope Statement 95
    Example 2: A Financial Organization 95
        Mission Statement 95
        SOC Scope Statement 95
SOC Model of Operation 95
    In-House and Virtual SOC 96
SOC Services 98
SOC Capabilities Roadmap 99
Summary 101
Part III: The Design Phase
Chapter 5 The SOC Infrastructure 103
Design Considerations 103
Model of Operation 104
Facilities 105
    SOC Internal Layout 106
        Lighting 107
        Acoustics 107
    Physical Security 108
    Video Wall 108
    SOC Analyst Services 109
Active Infrastructure 110
    Network 111
        Access to Systems 112
    Security 112
    Compute 115
        Dedicated Versus Virtualized Environment 116
        Choice of Operating Systems 118
    Storage 118
        Capacity Planning 119
    Collaboration 119
        Ticketing 120
Summary 120
References 120
Chapter 6 Security Event Generation and Collection 123
Data Collection 123
    Calculating EPS 124
        Ubuntu Syslog Server 124
    Network Time Protocol 129
        Deploying NTP 130
    Data-Collection Tools 134
        Company 135
        Product Options and Architecture 136
        Installation and Maintenance 136
        User Interface and Experience 136
        Compliance Requirements 137
    Firewalls 137
        Stateless/Stateful Firewalls 137
        Cisco Adaptive Security Appliance ASA 138
        Application Firewalls 142
        Cisco FirePOWER Services 142
Cloud Security 152
    Cisco Meraki 153
        Exporting Logs from Meraki 154
    Virtual Firewalls 155
        Cisco Virtual Firewalls 156
        Host Firewalls 157
Intrusion Detection and Prevention Systems 157
    Cisco FirePOWER IPS 160
    Meraki IPS 161
    Snort 162
    Host-Based Intrusion Prevention 162
Routers and Switches 163
Host Systems 166
Mobile Devices 167
Breach Detection 168
    Cisco Advanced Malware Prevention 168
    Web Proxies 169
        Cisco Web Security Appliance 170
    Cloud Proxies 172
        Cisco Cloud Web Security 172
DNS Servers 173
    Exporting DNS 174
Network Telemetry with Network Flow Monitoring 174
    NetFlow Tools 175
        StealthWatch 177
        Exporting Data from StealthWatch 179
    NetFlow from Routers and Switches 182
    NetFlow from Security Products 184
    NetFlow in the Data Center 186
Summary 187
References 188
Chapter 7 Vulnerability Management 189
Identifying Vulnerabilities 190
Security Services 191
Vulnerability Tools 193
Handling Vulnerabilities 195
    OWASP Risk Rating Methodology 197
        Threat Agent Factors 198
        Vulnerability Factors 198
        Technical Impact Factors 200
        Business Impact Factors 200
    The Vulnerability Management Lifecycle 202
Automating Vulnerability Management 205
    Inventory Assessment Tools 205
    Information Management Tools 206
    Risk-Assessment Tools 206
    Vulnerability-Assessment Tools 206
    Report and Remediate Tools 206
    Responding Tools 207
Threat Intelligence 208
    Attack Signatures 209
    Threat Feeds 210
    Other Threat Intelligence Sources 211
Summary 213
References 214
Chapter 8 People and Processes 215
Key Challenges 215
    Wanted: Rock Stars, Leaders, and Grunts 216
    The Weight of Process 216
    The Upper and Lower Bounds of Technology 217
Designing and Building the SOC Team 218
    Starting with the Mission 218
    Focusing on Services 219
        Security Monitoring Service Example 220
    Determining the Required SOC Roles 223
        Leadership Roles 224
        Analyst Roles 224
        Engineering Roles 224
        Operations Roles 224
        Other Support Roles 224
    Working with HR 225
        Job Role Analysis 225
        Market Analysis 225
        Organizational Structure 226
        Calculating Team Numbers 227
    Deciding on Your Resourcing Strategy 228
        Building Your Own: The Art of Recruiting SOC Personnel 229
        Working with Contractors and Service Bureaus 229
        Working with Outsourcing and Managed Service Providers 230
Working with Processes and Procedures 231
    Processes Versus Procedures 231
    Working with Enterprise Service Management Processes 232
        Event Management 232
        Incident Management 233
        Problem Management 233
        Vulnerability Management 233
        Other IT Management Processes 233
    The Positives and Perils of Process 234
    Examples of SOC Processes and Procedures 236
        Security Service Management 236
        Security Service Engineering 237
        Security Service Operations 238
        Security Monitoring 239
        Security Incident Investigation and Response 239
        Security Log Management 240
        Security Vulnerability Management 241
        Security Intelligence 241
        Security Analytics and Reporting 242
        Breach Discovery and Remediation 242
Summary 243
Part IV: The Build Phase
Chapter 9 The Technology 245
In-House Versus Virtual SOC 245
Network 246
    Segmentation 247
    VPN 251
    High Availability 253
    Support Contracts 254
Security 255
    Network Access Control 255
    Authentication 257
    On-Network Security 258
    Encryption 259
Systems 260
    Operating Systems 261
    Hardening Endpoints 262
    Endpoint Breach Detection 263
    Mobile Devices 264
    Servers 264
Storage 265
    Data-Loss Protection 266
    Cloud Storage 270
Collaboration 271
    Collaboration for Pandemic Events 272
Technologies to Consider During SOC Design 273
    Firewalls 273
        Firewall Modes 273
        Firewall Clustering 276
        Firewall High Availability 276
        Firewall Architecture 277
    Routers and Switches 279
        Securing Network Devices 280
        Hardening Network Devices 280
    Network Access Control 281
        Deploying NAC 282
        NAC Posture 284
        Architecting NAC 285
    Web Proxies 290
        Reputation Security 290
        Proxy Architecture 292
    Intrusion Detection/Prevention 295
        IDS IPS Architecture 295
        Evaluating IDS IPS Technology 296
        Tuning IDS/IPS 298
Breach Detection 300
    Honeypots 301
    Sandboxes 302
    Endpoint Breach Detection 303
    Network Telemetry 306
        Enabling NetFlow 308
        Architecting Network Telemetry Solutions 310
    Network Forensics 312
        Digital Forensics Tools 313
Final SOC Architecture 314
Summary 317
References 318
Chapter 10 Preparing to Operate 319
Key Challenges 319
    People Challenges 319
    Process Challenges 320
    Technology Challenges 321
Managing Challenges Through a Well-Managed Transition 321
    Elements of an Effective Service Transition Plan 322
    Determining Success Criteria and Managing to Success 322
        Deploying Against Attainable Service Levels 323
        Focusing on Defined Use Cases 325
    Managing Project Resources Effectively 328
    Marching to Clear and Attainable Requirements 329
        Staffing Requirements for Go-Live 329
        Process Requirements for Go-Live 330
        Technology Requirements for Go-Live 331
    Using Simple Checks to Verify That the SOC Is Ready 332
        People Checks 332
        Process Checks 336
        Technology Checks 340
Summary 346
Part V: The Operate Phase
Chapter 11 Reacting to Events and Incidents 347
A Word About Events 348
Event Intake, Enrichment, Monitoring, and Handling 348
    Events in the SIEM 349
    Events in the Security Log Management Solution 350
    Events in Their Original Habitats 350
    Events Through Communications and Collaboration Platforms 350
    Working with Events: The Malware Scenario 351
    Handling and Investigating the Incident Report 353
    Creating and Managing Cases 354
        Working as a Team 355
        Working with Other Parts of the Organization 357
        Working with Third Parties 359
Closing and Reporting on the Case 362
Summary 363
Chapter 12 Maintain, Review, and Improve 365
Reviewing and Assessing the SOC 366
    Determining Scope 366
        Examining the Services 367
        Personnel/Staffing 369
        Processes, Procedures, and Other Operational Documentation 371
        Technology 372
    Scheduled and Ad Hoc Reviews 373
    Internal Versus External Assessments 374
        Internal Assessments 374
        External Assessments 374
    Assessment Methodologies 375
        Maturity Model Approaches 375
        Services-Oriented Approaches 376
        Post-Incident Reviews 378
Maintaining and Improving the SOC 381
    Maintaining and Improving Services 381
    Maintain and Improving Your Team 383
        Improving Staff Recruitment 383
        Improving Team Training and Development 384
        Improving Team Retention 386
    Maintaining and Improving the SOC Technology Stack 387
        Improving Threat, Anomaly, and Breach-Detection Systems 388
        Improving Case and Investigation Management Systems 391
        Improving Analytics and Reporting 392
        Improving Technology Integration 392
        Improving Security Testing and Simulation Systems 393
        Improving Automated Remediation 394
Conclusions 395

9780134052014    TOC    10/12/2015

Inhaltsangabe

Security Operations Center (eBook, PDF)

2. tolino select Abo

Rechnungen

Retourenschein anfordern

Bestellstatus

Storno

Serviceseiten

Schließen

Security Operations Center (eBook, PDF)

Security Operations Center (eBook, PDF)

1. Login

2. tolino select Abo

Bitte wählen Sie Ihr Anliegen aus.

Rechnungen

Retourenschein anfordern

Bestellstatus

Storno

Serviceseiten

Schließen