Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security
by Rebecca Blair(Author)
Publisher finelybook 出版社: Packt Publishing (May 19, 2023)
Language 语言: English
Print Length 页数: 192 pages
ISBN-10: 1804614262
ISBN-13: 9781804614266
Book Description
Align your SOC with the ATT&CK framework and follow practical examples for successful implementation
Purchase of the print or Kindle book includes a free PDF eBook
Key Features
Understand Cloud, Windows, and Network ATT&CK Framework using different techniques
Assess the attack potential and implement frameworks aligned with Mitre ATT&CK
Address security gaps to detect and respond to all security threats
Book Description
The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You’ll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career.
In this book, you’ll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you’ll explore how to implement the framework and use it to fill any security gaps you’ve identified, expediting the process without the need for any external or extra resources. Finally, you’ll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.
By the end of this book, you’ll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.
What you will learn
Get a deeper understanding of the Mitre ATT&CK Framework
Avoid common implementation mistakes and provide maximum value
Create efficient detections to align with the framework
Implement continuous improvements on detections and review ATT&CK mapping
Discover how to optimize SOC environments with automation
Review different threat models and their use cases
Who this book is for
This book is for SOC managers, security analysts, CISOs, security engineers, or security consultants looking to improve their organization’s security posture. Basic knowledge of Mitre ATT&CK, as well as a deep understanding of triage and detections is a must.
Table of Contents
1. SOC Basics – Structure, Personnel, Coverage, and Tools
2. Analyzing Your Environment for Potential Pitfalls
3. Reviewing Different Threat Models
4. What is the ATT&CK Framework?
5. A Deep Dive into the ATT&CK Framework
6. Strategies to Map to ATT&CK
7. Common Mistakes with Implementation
8. Return on Investment Detections
9. What Happens After an Alert is Triggered?
10. Validating Any Mappings and Detections
11. Implementing ATT&CK in All Parts of Your SOC
12. What’s Next? Areas for Innovation in Your SOC