Book Image

Agile Security Operations

By : Hinne Hettema
Book Image

Agile Security Operations

By: Hinne Hettema

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

Related Content you might be interested in

Current Title:

Small book image
Agile Security Operations
Hinne Hettema
Feb, 2022 | 254 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Section 1: Incidence Response: The Heart of Security
Free Chapter
2
Chapter 1: How Security Operations Are Changing
Chapter 1: How Security Operations Are Changing
Why security is hard
Security incidents
Security solutions in search of a problem
The scope of security operations
Where security operations turn agile
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breaches
Knowing an incident – detection and analysis
Branches and pivots – how incidents change
Agile incident response
Learning from incidents – from resolution to tactics to strategy
Summary
4
Chapter 3: Engineering for Incident Response
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineering
The businesslike weaknesses of attackers
A brief discussion of agile frameworks
Agile security operations
Key activities in agile security operations
Tooling – defend to respond
Summary
5
Section 2: Defensible Organizations
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?
Coordination and discoordination
A framework for uncertainty
Structured analytic techniques
Is this part of the security skillset?
Summary
7
Chapter 5: Defensible Architecture
Chapter 5: Defensible Architecture
The definition of defensible architecture
Requirements of defensible architecture
Defense in depth
The new security boundaries
Roots of trust
Elements of the defensible architecture
Defensible architecture tradeoffs
Summary
8
Chapter 6: Active Defense
Chapter 6: Active Defense
The role of active defense
The agile active defense process
Understanding the adversary
Active defense during a crisis
Active defense for eternal compromise
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reduction
Measuring risk reduction
Strategy maps – security as business value
Working with the security strategy map
Summary
10
Section 3: Advanced Agile Security Operations
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teaming
Threat hunting
Purple teaming concepts
Agile approaches to purple teaming
Purple teaming operations
Closing into threat-informed defense
Summary
12
Chapter 9: Running and Operating Security Services
Chapter 9: Running and Operating Security Services
The essential security services
Service maturity
Agile approaches to the six security services
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn't
A threat intelligence program
Direction
Collection and collation
Interpretation
Dissemination
Summary
14
Further reading
Further reading
Background
Operations
People to follow
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Appendix
Principles of cybersecurity operations

Red teaming and blue teaming

In this section, we'll develop a view of what purple teaming is by considering the operations of a red team, a blue team, and a purple team.

The context for a blue team, in terms of our closure of the incident loop, which we discussed in Chapter 3, Engineering for Incident Response, is given in the following diagram.

The purpose of a blue team is to improve the security posture by preventing breaches, improve the discovery of breaches by providing better detection, and improve how breaches are analyzed and contained. The main purpose of purple teaming is to give the blue team an expanded approach to do just that.

The focus points of this chapter are depicted in the following diagram, which, as you might notice, is an extract of the agile incident response loop we discussed in Chapter 3, Engineering for Incident Response.

Figure 8.1 – Context of blue and purple teaming

There are several ways in which the blue...

Previous Section
End of Section 2
Next Section