Hjem

Introduction xx
Part I SOC Basics
Chapter 1 Introduction to Security Operations and the SOC 1 Cybersecurity Challenges 1 Threat Landscape 4 Business Challenges 7 The Cloud 8 Compliance 9 Privacy and Data Protection 9 Introduction to Information Assurance 10 Introduction to Risk Management 11 Information Security Incident Response 14 Incident Detection 15 Incident Triage 16 Incident Categories 17 Incident Severity 17 Incident Resolution 18 Incident Closure 19 Post-Incident 20 SOC Generations 21 First-Generation SOC 22 Second-Generation SOC 22 Third-Generation SOC 23 Fourth-Generation SOC 24 Characteristics of an Effective SOC 24 Introduction to Maturity Models 27 Applying Maturity Models to SOC 29 Phases of Building a SOC 31 Challenges and Obstacles 32 Summary 32 References 33
Chapter 2 Overview of SOC Technologies 35 Data Collection and Analysis 35 Data Sources 37 Data Collection 38 The Syslog Protocol 39 Telemetry Data: Network Flows 45 Telemetry Data: Packet Capture 48 Parsing and Normalization 49 Security Analysis 52 Alternatives to Rule-Based Correlation 55 Data Enrichment 56 Big Data Platforms for Security 57 Vulnerability Management 58 Vulnerability Announcements 60 Threat Intelligence 62 Compliance 64 Ticketing and Case Management 64 Collaboration 65 SOC Conceptual Architecture 66 Summary 67 References 67
Part II: The Plan Phase
Chapter 3 Assessing Security Operations Capabilities 69 Assessment Methodology 69 Step
1: Identify Business and IT Goals 71 Step
2: Assessing Capabilities 73 Assessing IT Processes 75 Step
3: Collect Information 82 Step
4: Analyze Maturity Levels 84 Step
5: Formalize Findings 87 The Organization''s Vision and Strategy 87 The Department''s Vision and Strategy 87 External and Internal Compliance Requirements 87 Organization''s Threat Landscape 88 History of Previous Information Security Incidents 88 SOC Sponsorship 89 Allocated Budget 89 Presenting Data 89 Closing 90 Summary 90 References 90
Chapter 4 SOC Strategy 91 Strategy Elements 91 Who Is Involved? 92 SOC Mission 92 SOC Scope 93 Example
1: A Military Organization 94 Mission Statement 94 SOC Scope Statement 95 Example
2: A Financial Organization 95 Mission Statement 95 SOC Scope Statement 95 SOC Model of Operation 95 In-House and Virtual SOC 96 SOC Services 98 SOC Capabilities Roadmap 99 Summary 101
Part III: The Design Phase
Chapter 5 The SOC Infrastructure 103 Design Considerations 103 Model of Operation 104 Facilities 105 SOC Internal Layout 106 Lighting 107 Acoustics 107 Physical Security 108 Video Wall 108 SOC Analyst Services 109 Active Infrastructure 110 Network 111 Access to Systems 112 Security 112 Compute 115 Dedicated Versus Virtualized Environment 116 Choice of Operating Systems 118 Storage 118 Capacity Planning 119 Collaboration 119 Ticketing 120 Summary 120 References 120
Chapter 6 Security Event Generation and Collection 123 Data Collection 123 Calculating EPS 124 Ubuntu Syslog Server 124 Network Time Protocol 129 Deploying NTP 130 Data-Collection Tools 134 Company 135 Product Options and Architecture 136 Installation and Maintenance 136 User Interface and Experience 136 Compliance Requirements 137 Firewalls 137 Stateless/Stateful Firewalls 137 Cisco Adaptive Security Appliance ASA 138 Application Firewalls 142 Cisco FirePOWER Services 142 Cloud Security 152 Cisco Meraki 153 Exporting Logs from Meraki 154 Virtual Firewalls 155 Cisco Virtual Firewalls 156 Host Firewalls 157 Intrusion Detection and Prevention Systems 157