Establishing Security Operations Center

Sameer Vasant Kulkarni

This audiobook is narrated by a digital voice. DESCRIPTION Cyber threats are everywhere and constantly evolving. Data breaches, ransomware, and phishing have become everyday news. This book offers concepts and practical insights for setting up and...

Premium Chapters

Premium

Title Page

1/17/2025

Copyright Page

1/17/2025

Dedication Page

1/17/2025

Foreword

1/17/2025

About the Author

1/17/2025

About the Reviewers

1/17/2025

Acknowledgement

1/17/2025

Preface

1/17/2025

Section 1: Understanding Security Operations Center

1/17/2025

1. Cybersecurity Basics

1/17/2025

Cybersecurity principles

1/17/2025

Knowing the adversary

1/17/2025

Securing the CIA triad

1/17/2025

Security awareness

1/17/2025

Individuals, endpoints and networks

1/17/2025

Endpoints

1/17/2025

Networks

1/17/2025

Cloud security

1/17/2025

Security event generation and collection

1/17/2025

Industry-wise use cases

1/17/2025

Challenges of cybersecurity

1/17/2025

Layers of security

1/17/2025

2. Cybersecurity Ramifications and Implications

1/17/2025

Introduction

1/17/2025

Structure

1/17/2025

Objectives

1/17/2025

Cybersecurity for enterprises and individuals

1/17/2025

Enterprises

1/17/2025

Individuals

1/17/2025

Cybersecurity broad domains

1/17/2025

Cybersecurity affecting people, processes, and technology

1/17/2025

People

1/17/2025

Process

1/17/2025

Technology

1/17/2025

Types of attacks

1/17/2025

Host

1/17/2025

Network

1/17/2025

Application

1/17/2025

Consequences of neglecting cybersecurity

1/17/2025

Impact on economy

1/17/2025

Conclusion

1/17/2025

Points to remember

1/17/2025

Multiple choice questions

1/17/2025

Answers

1/17/2025

Questions

1/17/2025

Key terms

1/17/2025

3. Evolution of Security Operations Centers

1/17/2025

Historical perspectives

1/17/2025

Network operations center

1/17/2025

Physical security and access control

1/17/2025

Early threat detection and response

1/17/2025

Security operations center

1/17/2025

Evolution of security operations center

1/17/2025

Focusing on confidentiality

1/17/2025

Focusing on integrity

1/17/2025

Cloud or IoT

1/17/2025

Emerging technologies

1/17/2025

Focus on availability

1/17/2025

Focusing on authenticity and non-repudiation

1/17/2025

SOC challenges

1/17/2025

Threat landscape

1/17/2025

Zero Trust philosophy

1/17/2025

Automation journey

1/17/2025

4. Domains of Security Operations Centers

1/17/2025

Asset management

1/17/2025

Asset management in action

1/17/2025

Continuous monitoring

1/17/2025

Key components of continuous monitoring

1/17/2025

Coordination amongst systems

1/17/2025

Practical systems integration with SOC

1/17/2025

Assessment and planning

1/17/2025

Tool selection and integration

1/17/2025

Configuration and customization

1/17/2025

Data correlation and analysis

1/17/2025

Testing and validation

1/17/2025

Training and awareness

1/17/2025

Continuous improvement

1/17/2025

Manufacturing industry

1/17/2025

Healthcare industry

1/17/2025

Energy sector

1/17/2025

Retail industry

1/17/2025

Recovery and remediation

1/17/2025

Key components of recovery and remediation

1/17/2025

Root cause analysis

1/17/2025

Key components of root cause analysis

1/17/2025

Key components of compliance management

1/17/2025

5. Modern Developments in Security Operations Centers

1/17/2025

Security operations centers models

1/17/2025

Traditional SOC

1/17/2025

Virtual SOC

1/17/2025

Hybrid SOC

1/17/2025

Co-managed SOC

1/17/2025

Next-Generation SOC

1/17/2025

Global SOC

1/17/2025

Federated SOC

1/17/2025

Key considerations for choosing a SOC model

1/17/2025

Cyber Kill Chain

1/17/2025

Cyber COBRA

1/17/2025

Splunk's Cyber Kill Chain

1/17/2025

Microsoft's Cyber Kill Chain

1/17/2025

Diamond model of intrusion analysis

1/17/2025

D3FEND frameworks

1/17/2025

Evolving threat landscape

1/17/2025

AI-powered attacks

1/17/2025

Supply Chain Attacks

1/17/2025

Ransomware and extortion

1/17/2025

IoT and OT security

1/17/2025

Cloud security challenges

1/17/2025

Security operations centers function optimization

1/17/2025

6. Incident Response

1/17/2025

Log management

1/17/2025

Log management process

1/17/2025

Tools for log management

1/17/2025

Best practices for effective log management

1/17/2025

Log monitoring and management with Splunk

1/17/2025

IOC and indicators of attacks

1/17/2025

Indicators of compromise

1/17/2025

Indicators of attack

1/17/2025

SOCs using IOCs and IOAs

1/17/2025

Incident response lifecycle

1/17/2025

Incident management

1/17/2025

SIEM use cases

1/17/2025

SIEM overview

1/17/2025

Section 2: SOC Components

1/17/2025

7. Analysis

1/17/2025

Dealing with alerts

1/17/2025

Lifecycle of an alert

1/17/2025

Post incident analysis

1/17/2025

Behavior analysis

1/17/2025

Malware analysis

1/17/2025

Intrusion analysis

1/17/2025

Intrusion detection systems and intrusion prevention systems

1/17/2025

Analyzing anomalies with IPS or IDS

1/17/2025

Exercise one, analyzing user behavior anomalies

1/17/2025

Exercise two, analyzing malware activity

1/17/2025

Exercise three, analyzing intrusion attempts

1/17/2025

8. Threat Intelligence and Hunting

1/17/2025

Understanding threat intelligence in SOC

1/17/2025

Relevance of threat intelligence for SOC

1/17/2025

Integrating threat intelligence into SOC

1/17/2025

Lifecycle of threat intelligence

1/17/2025

Threat intelligence sharing

1/17/2025

Platforms and frameworks for sharing threat intelligence

1/17/2025

Standards and protocols

1/17/2025

TAXII

1/17/2025

STIX

1/17/2025

Common Vulnerabilities and Exposures

1/17/2025

Common Vulnerability Scoring System

1/17/2025

Threat intelligence tools

1/17/2025

Relevant case studies

1/17/2025

Threat hunting

1/17/2025

Tools and technologies for threat hunting

1/17/2025

Methodologies and approaches

1/17/2025

Threat hunting tools

1/17/2025

Scenario one, insider threat

1/17/2025

Scenario two, suspicious PowerShell activity

1/17/2025

9. People

1/17/2025

SOC team and staffing

1/17/2025

Roles and responsibilities

1/17/2025

Red, blue, purple teams and relevance to SOC

1/17/2025

Tiers in SOC operations

1/17/2025

Tier 1, monitoring and detection

1/17/2025

Tier 2, incident response and analysis

1/17/2025

Tier 3, threat hunting and advanced analysis

1/17/2025

Collaboration and communication

1/17/2025

SOC team and CSIRT dilemma

1/17/2025

Role of a SOC team

1/17/2025

Role of CSIRT

1/17/2025

SOC and CSIRT dilemma

1/17/2025

KPIs for people in SOC

1/17/2025

Best practices for people management

1/17/2025

Recruitment and onboarding

1/17/2025

Training and development

1/17/2025

Performance management

1/17/2025

Fostering a positive work environment

1/17/2025

Section 3: Implementing SOC

1/17/2025

10. Process

1/17/2025

Security operations centers maturity models

1/17/2025

Common security operations centers maturity models

1/17/2025

SOC-CMM toolkit

1/17/2025

Security operations centers workflow and KPIs

1/17/2025

KPIs for security operations centers workflow

1/17/2025

Alert levels and investigations

1/17/2025

Investigation process

1/17/2025

Incident containment

1/17/2025

Developing a containment strategy

1/17/2025

Documentation and communication

1/17/2025

Challenges in containment

1/17/2025

Post-containment activities

1/17/2025

Remediation and reporting

1/17/2025

11. Technology

1/17/2025

Log collecting tools

1/17/2025

Elasticsearch, Logstash and Kibana

1/17/2025

Splunk

1/17/2025

Graylog

1/17/2025

Syslog

1/17/2025

Wireshark monitoring

1/17/2025

SIEM and SOAR

1/17/2025

SIEM

1/17/2025

Establishing Security Operations Center

Sameer Vasant Kulkarni

This audiobook is narrated by a digital voice. DESCRIPTION Cyber threats are everywhere and constantly evolving. Data breaches, ransomware, and phishing have become everyday news. This book offers concepts and practical insights for setting up and...

Title Page

Copyright Page

Dedication Page

Foreword

About the Author

About the Reviewers

Acknowledgement

Preface

Table of Contents

Section 1: Understanding Security Operations Center

1. Cybersecurity Basics

Cybersecurity principles

Knowing the adversary

Securing the CIA triad

Security awareness

Individuals, endpoints and networks

Endpoints

Networks

Cloud security

Security event generation and collection

Industry-wise use cases

Challenges of cybersecurity

Layers of security

2. Cybersecurity Ramifications and Implications

Introduction

Structure

Objectives

Cybersecurity for enterprises and individuals

Enterprises

Individuals

Cybersecurity broad domains

Cybersecurity affecting people, processes, and technology

People

Process

Technology

Types of attacks

Host

Network

Application

Consequences of neglecting cybersecurity

Impact on economy

Conclusion

Points to remember

Multiple choice questions

Answers

Questions

Key terms

3. Evolution of Security Operations Centers

Historical perspectives

Network operations center

Physical security and access control

Early threat detection and response

Security operations center

Evolution of security operations center

Focusing on confidentiality

Focusing on integrity

Cloud or IoT

Emerging technologies

Focus on availability

Focusing on authenticity and non-repudiation

SOC challenges

Threat landscape

Zero Trust philosophy

Automation journey

4. Domains of Security Operations Centers

Asset management

Asset management in action

Continuous monitoring

Key components of continuous monitoring

Coordination amongst systems

Practical systems integration with SOC

Assessment and planning

Tool selection and integration

Configuration and customization

Data correlation and analysis

Testing and validation

Training and awareness