Designing and Building Security Operations Center (Anglais) Broché – 6 novembre 2014
|Neuf à partir de||Occasion à partir de|
- Choisissez parmi 17 000 points de collecte en France
- Les membres du programme Amazon Prime bénéficient de livraison gratuites illimitées
- Trouvez votre point de collecte et ajoutez-le à votre carnet d’adresses
- Sélectionnez cette adresse lors de votre commande
Produits fréquemment achetés ensemble
Les clients ayant acheté cet article ont également acheté
Description du produit
Revue de presse
"...a highly recommended reference for security managers and security practitioners who want to develop the capability to efficiently protect a company and its customers, or simply improve security incident management." --Computing Reviews
"A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort." --RSAConference.com, January 2015
Présentation de l'éditeur
Do you know what weapons are used to protect against cyber warfare and what tools to use to minimize their impact? How can you gather intelligence that will allow you to configure your system to ward off attacks? Online security and privacy issues are becoming more and more significant every day, with many instances of companies and governments mishandling (or deliberately misusing) personal and financial data.
Organizations need to be committed to defending their own assets and their customers’ information. Designing and Building a Security Operations Center will show you how to develop the organization, infrastructure, and capabilities to protect your company and your customers effectively, efficiently, and discreetly.
Written by a subject expert who has consulted on SOC implementation in both the public and private sector, Designing and Building a Security Operations Center is the go-to blueprint for cyber-defense.
- Explains how to develop and build a Security Operations Center
- Shows how to gather invaluable intelligence to protect your organization
- Helps you evaluate the pros and cons behind each decision during the SOC-building process
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre numéro de téléphone mobile.
Détails sur le produit
Si vous vendez ce produit, souhaitez-vous suggérer des mises à jour par l'intermédiaire du support vendeur ?
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
|5 étoiles (0%)|
|4 étoiles (0%)|
|3 étoiles (0%)|
|2 étoiles (0%)|
|1 étoile (0%)|
Commentaires client les plus utiles sur Amazon.com
The book has decent information but horrible / unprofessional delivery. Either the book is actually a transcription of a conversation or the author was paid based on the length of the book. Expect to work for the good information by wading through absolutely useless first person commentary.
Some exact examples from the section about keeping the SOC working conditions sanitary:
"Does it make you feel a bit sick thinking about using a mouse that someone else's sweaty hands were just using for the last 8h?"
"I know that I do not what (sic) to go anywhere near that place. Anyway, I think I have grossed everyone out by now just by thinking about this"
"Do not let people leave food around. I have a few good stories about this one, as I am sure many other people do as well, people that have worked with me in the past may be chuckling, as I know there are a few pictures out there that bring this point home very graphically."
"Finally, and this is no joke, at one SOC I managed I actually had a budget line item for disinfectant wipes and sprays"
Given that the book clearly did not have an editor it should be significantly cheaper.
This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues.
In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.
The book notes that the SOC is akin to an enterprise nervous system that can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.
The books 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.
When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn’t details that approach.
The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don’t have the staff and budget needed to support an internal SOC. They also don’t have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are “trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files”.
One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.
Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.
Gartner notes that organizations evaluating SIEM tools should begin with a requirements definition effort that includes IT security, IT operations, internal audit and compliance. Organizations must determine deployment scale, real-time monitoring, postcapture analytics and compliance reporting requirements. In addition, organizations should identify products whose deployment and support requirements are good matches to internal project and support capabilities.
To do this, Gartner recommends developing a set of requirements that resolve the initial problem. However, there should also be some planning for the broader implementation of SIEM capabilities in subsequent project phases. Developing a two- to three-year road map for all functions will ensure that the buying decision considers longer-term functional and scaling requirements. Be ready to evolve the plan in response to changes in IT, business requirements and threats. As you can see, SIEM is indeed a big deal.
Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.
The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it’s important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it’s important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.
Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.
The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.
The downside to metrics is that they must be used judiciously. It’s important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.
As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn’t cover, such as SOC documentation, creating and using SOC operation run books, and more.
But even with those missing areas Designing and Building a Security Operations Center is a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.
If you're looking for a book to tell you what tools to select for a SoC, how to architect them, what types of monitoring and response you should be doing then probably best to look elsewhere.
However, if you are interested in working in a SoC, are currently working in a SoC at a junior level or planning to set up or outsource a SoC and new to the area then I'd definitely recommend you read this book.
The first chapter walks through some basics around the types of operations centres and talks through the key phases in developing a SoC, which the author then uses as the basis for the structure of the book.
The second and third chapters discusses SoC customers, event/alert/incident definitions, SLAs and service catalogs before moving onto the various systems and supporting processes that need to be in place to support a SoC, with a particular focus placed on ticketing systems.
I particularly liked chapters four and five, which give good insight into some potential organisational structures and reporting lines for SOCs, high level roles and key considerations in terms responsibilities, breaking it out into options for smaller and larger SoCs. This chapter alone is worth a read if you're new to SoCs as it'll give a good insight into the kind of resources you'll need and ideas on how these might overlap with your existing team.
Chapter six moves into covering the daily operations that should take place within a SoC. It doesn't go into details on incident response but does highlight the importance of root cause analysis and review documentation after the incident has been resolved and the need for communication plans to be in place. It also highlights some of the key challenges in follow the sun models around duplication of technical resources, inefficient handovers and inconsistent training/knowledge sharing and the positives of such models including local data storage for regulatory reasons and reduced local cultural/language barriers.
Chapter seven covers the importance of training and potential approaches to training your SoC team. I really liked the emphasis that the author placed on this aspect of SoC management but I think this chapter could have been incorporated into the previous chapters around teams and people resources.
Chapter eight touches briefly on metrics but rather than dive into long lists of potential metrics, discusses some of the potential approaches to metrics. The section here on vulnerability prioritisation is interesting but for me felt a little out of place within the overall context of the book.
Chapter nine runs through the threat intelligence that will normally be required within a SoC and covers off some of the publicly available resources along with touching on the types of commercial offerings in the area without diving into any particular vendor's commercial offering.
The last few chapters wrap up with some material on outsourcing that is very much worth a read if you're planing on outsource a SoC or engaging with a MSSP. One really nice aspect is that it contains a list of seventy four questions that to consider when selecting an MSSP. I always like to see guidance like this on the selection process for outsourced service as often there's a huge information asymmetry between clients and vendors in info sec and this guidance can at least help clients ask the right questions.
Overall, for the audience I outlined at the start of the review, this books is well structured and a solid introduction to the managerial aspects of SoCs. I felt it could have been shorted down a bit to make it more concise, but other than that it was an informative read and worthwhile for the right audience.