Establishing Security Operations Center
Sameer Vasant Kulkarni
This audiobook is narrated by a digital voice.
DESCRIPTION
Cyber threats are everywhere and constantly evolving. Data breaches, ransomware, and phishing have become everyday news. This book offers concepts and practical insights for setting up and managing a security operations center. You will understand why SOCs are essential in the current cyber landscape, how to build one from scratch, and how it helps organizations stay protected 24/7.
This book systematically covers the entire lifecycle of a SOC, beginning with cybersecurity fundamentals, the threat landscape, and the profound implications of cyber incidents. It will guide you through why SOCs are critical in today's cyber landscape, how to build one from the ground up, tools, roles, and real-life examples from the industry. The handling of security incidents before they turn into threats can be effective through this book. The entire ecosystem of management of security operations is covered to effectively handle and mitigate them.
Upon completing this guide, you will possess a holistic understanding of SOC operations, equipped with the knowledge to strategically plan, implement, and continuously enhance your organization's cybersecurity posture, confidently navigating the complexities of modern digital defense. The book aims to empower the readers to take on the complexities of cybersecurity handling.
WHAT YOU WILL LEARN
● Understand SOC evolution, core domains like asset/compliance management, and modern frameworks.
● Implement log management, SIEM use cases, and incident response lifecycles.
● Leverage threat intelligence lifecycles and proactive threat hunting methodologies.
● Adapt SOCs to AI/ML, cloud, and other emerging technologies for future resilience.
● Integrate SOC operations with business continuity, compliance, and industry frameworks.
Duration - 17h 19m.
Author - Sameer Vasant Kulkarni.
Narrator - Digital Voice Madison G.
Published Date - Saturday, 18 January 2025.
Copyright - © 2026 BPB ©.
Location:
United States
Networks:
Sameer Vasant Kulkarni
Digital Voice Madison G
BPB Publications
English Audiobooks
Findaway Audiobooks
Description:
This audiobook is narrated by a digital voice. DESCRIPTION Cyber threats are everywhere and constantly evolving. Data breaches, ransomware, and phishing have become everyday news. This book offers concepts and practical insights for setting up and managing a security operations center. You will understand why SOCs are essential in the current cyber landscape, how to build one from scratch, and how it helps organizations stay protected 24/7. This book systematically covers the entire lifecycle of a SOC, beginning with cybersecurity fundamentals, the threat landscape, and the profound implications of cyber incidents. It will guide you through why SOCs are critical in today's cyber landscape, how to build one from the ground up, tools, roles, and real-life examples from the industry. The handling of security incidents before they turn into threats can be effective through this book. The entire ecosystem of management of security operations is covered to effectively handle and mitigate them. Upon completing this guide, you will possess a holistic understanding of SOC operations, equipped with the knowledge to strategically plan, implement, and continuously enhance your organization's cybersecurity posture, confidently navigating the complexities of modern digital defense. The book aims to empower the readers to take on the complexities of cybersecurity handling. WHAT YOU WILL LEARN ● Understand SOC evolution, core domains like asset/compliance management, and modern frameworks. ● Implement log management, SIEM use cases, and incident response lifecycles. ● Leverage threat intelligence lifecycles and proactive threat hunting methodologies. ● Adapt SOCs to AI/ML, cloud, and other emerging technologies for future resilience. ● Integrate SOC operations with business continuity, compliance, and industry frameworks. Duration - 17h 19m. Author - Sameer Vasant Kulkarni. Narrator - Digital Voice Madison G. Published Date - Saturday, 18 January 2025. Copyright - © 2026 BPB ©.
Language:
English
Title Page
Duration:00:00:17
Copyright Page
Duration:00:01:21
Dedication Page
Duration:00:00:06
Foreword
Duration:00:05:17
About the Author
Duration:00:02:17
About the Reviewers
Duration:00:03:32
Acknowledgement
Duration:00:01:40
Preface
Duration:00:13:34
Table of Contents
Duration:00:19:50
Section 1: Understanding Security Operations Center
Duration:00:00:05
1. Cybersecurity Basics
Duration:00:00:04
Introduction
Duration:00:02:49
Structure
Duration:00:00:24
Objectives
Duration:00:00:15
Cybersecurity principles
Duration:00:00:53
Knowing the adversary
Duration:00:06:21
Securing the CIA triad
Duration:00:02:41
Security awareness
Duration:00:02:09
Individuals, endpoints and networks
Duration:00:00:16
Individuals
Duration:00:00:54
Endpoints
Duration:00:01:21
Networks
Duration:00:01:17
Cloud security
Duration:00:04:05
Security event generation and collection
Duration:00:03:48
Threat landscape
Duration:00:05:41
Industry-wise use cases
Duration:00:14:33
Challenges of cybersecurity
Duration:00:04:26
Layers of security
Duration:00:02:15
Conclusion
Duration:00:00:36
Points to remember
Duration:00:00:17
Multiple choice questions
Duration:00:01:01
Answers
Duration:00:00:02
Questions
Duration:00:00:15
Key terms
Duration:00:00:31
2. Cybersecurity Ramifications and Implications
Duration:00:00:06
Cybersecurity for enterprises and individuals
Duration:00:00:41
Enterprises
Duration:00:04:15
Cybersecurity broad domains
Duration:00:08:43
Cybersecurity affecting people, processes, and technology
Duration:00:00:33
People
Duration:00:01:35
Process
Duration:00:01:34
Technology
Duration:00:01:51
Types of attacks
Duration:00:00:21
Host
Duration:00:02:22
Network
Duration:00:01:51
Application
Duration:00:02:27
Consequences of neglecting cybersecurity
Duration:00:00:45
Impact on economy
Duration:00:03:35
3. Evolution of Security Operations Centers
Duration:00:00:05
Historical perspectives
Duration:00:04:36
Network operations center
Duration:00:00:19
Physical security and access control
Duration:00:01:21
Early threat detection and response
Duration:00:07:00
Security operations center
Duration:00:01:04
Evolution of security operations center
Duration:00:00:50
Focusing on confidentiality
Duration:00:01:02
Focusing on integrity
Duration:00:02:21
Cloud or IoT
Duration:00:01:53
Emerging technologies
Duration:00:00:50
Focus on availability
Duration:00:01:20
Focusing on authenticity and non-repudiation
Duration:00:09:49
SOC challenges
Duration:00:04:16
Zero Trust philosophy
Duration:00:03:56
Automation journey
Duration:00:08:38
4. Domains of Security Operations Centers
Duration:00:00:05
Asset management
Duration:00:04:05
Asset management in action
Duration:00:05:53
Continuous monitoring
Duration:00:03:45
Key components of continuous monitoring
Duration:00:02:41
Coordination amongst systems
Duration:00:04:31
Assessment and planning
Duration:00:00:26
Tool selection and integration
Duration:00:00:32
Configuration and customization
Duration:00:00:28
Data correlation and analysis
Duration:00:00:33
Testing and validation
Duration:00:00:33
Training and awareness
Duration:00:00:35
Continuous improvement
Duration:00:00:44
Practical systems integration with SOC
Duration:00:00:41
Manufacturing industry
Duration:00:02:20
Healthcare industry
Duration:00:01:55
Energy sector
Duration:00:02:27
Retail industry
Duration:00:01:56
Recovery and remediation
Duration:00:01:22
Key components of recovery and remediation
Duration:00:03:18
Root cause analysis
Duration:00:01:49
Key components of root cause analysis
Duration:00:03:18
Compliance management
Duration:00:01:52
Key components of compliance management
Duration:00:03:22
5. Modern Developments in Security Operations Centers
Duration:00:00:06
Security operations centers models
Duration:00:00:48
Traditional SOC
Duration:00:01:16
Virtual SOC
Duration:00:00:53
Hybrid SOC
Duration:00:00:50
Co-managed SOC
Duration:00:01:15
Next-Generation SOC
Duration:00:00:39
Global SOC
Duration:00:00:45
Federated SOC
Duration:00:00:50
Key considerations for choosing a SOC model
Duration:00:01:56
Cyber Kill Chain
Duration:00:07:17
Cyber COBRA
Duration:00:00:52
Splunk's Cyber Kill Chain
Duration:00:00:39
Microsoft's Cyber Kill Chain
Duration:00:00:33
Diamond model of intrusion analysis
Duration:00:06:57
MITRE ATT&CK framework
Duration:00:05:28
D3FEND frameworks
Duration:00:05:06
Evolving threat landscape
Duration:00:00:49
AI-powered attacks
Duration:00:00:50
Supply Chain Attacks
Duration:00:01:00
Ransomware and extortion
Duration:00:00:44
IoT and OT security
Duration:00:00:45
Cloud security challenges
Duration:00:05:25
Security operations centers function optimization
Duration:00:01:18
6. Incident Response
Duration:00:00:04
Log management
Duration:00:03:12
Log management process
Duration:00:02:16
Tools for log management
Duration:00:01:07
Best practices for effective log management
Duration:00:03:24
Log monitoring and management with Splunk
Duration:00:05:18
IOC and indicators of attacks
Duration:00:00:20
Indicators of compromise
Duration:00:01:11
Indicators of attack
Duration:00:01:06
SOCs using IOCs and IOAs
Duration:00:02:53
Incident response lifecycle
Duration:00:07:03
Incident management
Duration:00:08:09
SIEM use cases
Duration:00:05:16
SIEM overview
Duration:00:04:33
Section 2: SOC Components
Duration:00:00:04
7. Analysis
Duration:00:00:03
Dealing with alerts
Duration:00:11:53
Lifecycle of an alert
Duration:00:06:34
Post incident analysis
Duration:00:09:31
Behavior analysis
Duration:00:03:11
Malware analysis
Duration:00:04:19
Intrusion analysis
Duration:00:00:36
Intrusion detection systems and intrusion prevention systems
Duration:00:04:29
Analyzing anomalies with IPS or IDS
Duration:00:00:22
Exercise one, analyzing user behavior anomalies
Duration:00:01:51
Exercise two, analyzing malware activity
Duration:00:00:47
Exercise three, analyzing intrusion attempts
Duration:00:00:46
8. Threat Intelligence and Hunting
Duration:00:00:04
Understanding threat intelligence in SOC
Duration:00:04:46
Relevance of threat intelligence for SOC
Duration:00:16:17
Integrating threat intelligence into SOC
Duration:00:09:08
Lifecycle of threat intelligence
Duration:00:09:04
Threat intelligence sharing
Duration:00:03:06
Platforms and frameworks for sharing threat intelligence
Duration:00:00:57
Standards and protocols
Duration:00:00:38
TAXII
Duration:00:05:12
STIX
Duration:00:03:59
Common Vulnerabilities and Exposures
Duration:00:01:05
Common Vulnerability Scoring System
Duration:00:02:06
Threat intelligence tools
Duration:00:01:30
Relevant case studies
Duration:00:06:50
Threat hunting
Duration:00:02:53
Tools and technologies for threat hunting
Duration:00:01:04
Methodologies and approaches
Duration:00:05:24
Threat hunting tools
Duration:00:03:54
Scenario one, insider threat
Duration:00:04:39
Scenario two, suspicious PowerShell activity
Duration:00:02:00
9. People
Duration:00:00:03
SOC team and staffing
Duration:00:06:50
Roles and responsibilities
Duration:00:14:47
Red, blue, purple teams and relevance to SOC
Duration:00:04:21
Tiers in SOC operations
Duration:00:00:27
Tier 1, monitoring and detection
Duration:00:01:02
Tier 2, incident response and analysis
Duration:00:01:10
Tier 3, threat hunting and advanced analysis
Duration:00:01:17
Collaboration and communication
Duration:00:00:41
SOC team and CSIRT dilemma
Duration:00:00:29
Role of a SOC team
Duration:00:01:09
Role of CSIRT
Duration:00:00:59
SOC and CSIRT dilemma
Duration:00:04:20
KPIs for people in SOC
Duration:00:06:43
Best practices for people management
Duration:00:00:40
Recruitment and onboarding
Duration:00:01:38
Training and development
Duration:00:01:18
Performance management
Duration:00:01:05
Fostering a positive work environment
Duration:00:01:26
Section 3: Implementing SOC
Duration:00:00:04
10. Process
Duration:00:00:03
Security operations centers maturity models
Duration:00:04:35
Common security operations centers maturity models
Duration:00:04:24
SOC-CMM toolkit
Duration:00:03:31
Security operations centers workflow and KPIs
Duration:00:05:25
KPIs for security operations centers workflow
Duration:00:08:48
Alert levels and investigations
Duration:00:04:14
Investigation process
Duration:00:02:32
Incident containment
Duration:00:01:08
Developing a containment strategy
Duration:00:06:32
Documentation and communication
Duration:00:00:49
Challenges in containment
Duration:00:00:52
Post-containment activities
Duration:00:01:08
Remediation and reporting
Duration:00:08:05
11. Technology
Duration:00:00:04
Log collecting tools
Duration:00:02:01
Elasticsearch, Logstash and Kibana
Duration:00:01:45
Splunk
Duration:00:02:02
Graylog
Duration:00:01:22
Syslog
Duration:00:03:57
Wireshark monitoring
Duration:00:03:48