The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services

by Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost
Released May 2021
Publisher(s): Addison-Wesley Professional
ISBN: 9780135619858

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services

This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security services as efficiently and cost-effectively as possible.

Leading security architect Joseph Muniz helps you assess current capabilities, align your SOC to your business, and plan a new SOC or evolve an existing one. He covers people, process, and technology; explores each key service handled by mature SOCs; and offers expert guidance for managing risk, vulnerabilities, and compliance. Throughout, hands-on examples show how advanced red and blue teams execute and defend against real-world exploits using tools like Kali Linux and Ansible. Muniz concludes by previewing the future of SOCs, including Secure Access Service Edge (SASE) cloud technologies and increasingly sophisticated automation.

This guide will be indispensable for everyone responsible for delivering security services—managers and cybersecurity professionals alike.

Address core business and operational requirements, including sponsorship, management, policies, procedures, workspaces, staffing, and technology

Identify, recruit, interview, onboard, and grow an outstanding SOC team

Thoughtfully decide what to outsource and what to insource

Collect, centralize, and use both internal data and external threat intelligence

Quickly and efficiently hunt threats, respond to incidents, and investigate artifacts

Reduce future risk by improving incident recovery and vulnerability management

Apply orchestration and automation effectively, without just throwing money at them

Position yourself today for emerging SOC technologies

.

Table of contents

  1. Cover Page
  2. About This eBook
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. Preface
    1. Vision
    2. Who Should Read This Book?
    3. How This Book Is Organized
    4. Book Structure
  8. We Want to Hear from You!
  9. Reader Services
  10. Acknowledgments
  11. About the Author
  12. Figure Credits
  13. Chapter 1. Introducing Security Operations and the SOC
    1. Introducing the SOC
    2. Factors Leading to a Dysfunctional SOC
    3. Cyberthreats
    4. Investing in Security
    5. The Impact of a Breach
    6. Establishing a Baseline
    7. Fundamental Security Capabilities
    8. Standards, Guidelines, and Frameworks
    9. Industry Threat Models
    10. Vulnerabilities and Risk
    11. Business Challenges
    12. In-House vs. Outsourcing
    13. SOC Services
    14. SOC Maturity Models
    15. SOC Goals Assessment
    16. SOC Capabilities Assessment
    17. SOC Development Milestones
    18. Summary
    19. References
  14. Chapter 2. Developing a Security Operations Center
    1. Mission Statement and Scope Statement
    2. Developing a SOC
    3. SOC Procedures
    4. Security Tools
    5. Planning a SOC
    6. Designing a SOC Facility
    7. Network Considerations
    8. Disaster Recovery
    9. Security Considerations
    10. Internal Security Tools
    11. Guidelines and Recommendations for Securing Your SOC Network
    12. SOC Tools
    13. Summary
    14. References
  15. Chapter 3. SOC Services
    1. Fundamental SOC Services
    2. The Three Pillars of Foundational SOC Support Services
    3. SOC Service Areas
    4. SOC Service Job Goals
    5. Service Maturity: If You Build It, They Will Come
    6. SOC Service 1: Risk Management
    7. SOC Service 2: Vulnerability Management
    8. SOC Service 3: Compliance
    9. SOC Service 4: Incident Management
    10. SOC Service 5: Analysis
    11. SOC Service 6: Digital Forensics
    12. SOC Service 7: Situational and Security Awareness
    13. SOC Service 8: Research and Development
    14. Summary
    15. References
  16. Chapter 4. People and Process
    1. Career vs. Job
    2. Developing Job Roles
    3. SOC Job Roles
    4. NICE Cybersecurity Workforce Framework
    5. Role Tiers
    6. SOC Services and Associated Job Roles
    7. Soft Skills
    8. Security Clearance Requirements
    9. Pre-Interviewing
    10. Interviewing
    11. Onboarding Employees
    12. Managing People
    13. Job Retention
    14. Training
    15. Certifications
    16. Company Culture
    17. Summary
    18. References
  17. Chapter 5. Centralizing Data
    1. Data in the SOC
    2. Data-Focused Assessment
    3. Logs
    4. Security Information and Event Management
    5. Troubleshooting SIEM Logging
    6. APIs
    7. Big Data
    8. Machine Learning
    9. Summary
    10. References
  18. Chapter 6. Reducing Risk and Exceeding Compliance
    1. Why Exceeding Compliance
    2. Policies
    3. Launching a New Policy
    4. Policy Enforcement
    5. Procedures
    6. Tabletop Exercise
    7. Standards, Guidelines, and Frameworks
    8. Audits
    9. Assessments
    10. Penetration Test
    11. Industry Compliance
    12. Summary
    13. References
  19. Chapter 7. Threat Intelligence
    1. Threat Intelligence Overview
    2. Threat Intelligence Categories
    3. Threat Intelligence Context
    4. Evaluating Threat Intelligence
    5. Planning a Threat Intelligence Project
    6. Collecting and Processing Intelligence
    7. Actionable Intelligence
    8. Feedback
    9. Summary
    10. References
  20. Chapter 8. Threat Hunting and Incident Response
    1. Security Incidents
    2. Incident Response Lifecycle
    3. Phase 1: Preparation
    4. Phase 2: Detection and Analysis
    5. Phase 3: Containment, Eradication, and Recovery
    6. Digital Forensics
    7. Phase 4: Post-Incident Activity
    8. Incident Response Guidelines
    9. Summary
    10. References
  21. Chapter 9. Vulnerability Management
    1. Vulnerability Management
    2. Measuring Vulnerabilities
    3. Vulnerability Technology
    4. Vulnerability Management Service
    5. Vulnerability Response
    6. Vulnerability Management Process Summarized
    7. Summary
    8. References
  22. Chapter 10. Data Orchestration
    1. Introduction to Data Orchestration
    2. Security Orchestration, Automation, and Response
    3. Endpoint Detection and Response
    4. Playbooks
    5. Automation
    6. DevOps Programming
    7. DevOps Tools
    8. Blueprinting with Osquery
    9. Network Programmability
    10. Cloud Programmability
    11. Summary
    12. References
  23. Chapter 11. Future of the SOC
    1. All Eyes on SD-WAN and SASE
    2. IT Services Provided by the SOC
    3. Future of Training
    4. Full Automation with Machine Learning
    5. Future of Your SOC: Bringing It All Together
    6. Summary
    7. References
  24. Index

Product information

  • Title: The Modern Security Operations Center: The People, Process, and Technology for Operating SOC Services
  • Author(s): Joseph Muniz, Aamir Lakhani, Omar Santos, Moses Frost
  • Release date: May 2021
  • Publisher(s): Addison-Wesley Professional
  • ISBN: 9780135619858