Book Image

Agile Security Operations

By : Hinne Hettema
Book Image

Agile Security Operations

By: Hinne Hettema

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

Related Content you might be interested in

Current Title:

Small book image
Agile Security Operations
Hinne Hettema
Feb, 2022 | 254 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Section 1: Incidence Response: The Heart of Security
Free Chapter
2
Chapter 1: How Security Operations Are Changing
Chapter 1: How Security Operations Are Changing
Why security is hard
Security incidents
Security solutions in search of a problem
The scope of security operations
Where security operations turn agile
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breaches
Knowing an incident – detection and analysis
Branches and pivots – how incidents change
Agile incident response
Learning from incidents – from resolution to tactics to strategy
Summary
4
Chapter 3: Engineering for Incident Response
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineering
The businesslike weaknesses of attackers
A brief discussion of agile frameworks
Agile security operations
Key activities in agile security operations
Tooling – defend to respond
Summary
5
Section 2: Defensible Organizations
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?
Coordination and discoordination
A framework for uncertainty
Structured analytic techniques
Is this part of the security skillset?
Summary
7
Chapter 5: Defensible Architecture
Chapter 5: Defensible Architecture
The definition of defensible architecture
Requirements of defensible architecture
Defense in depth
The new security boundaries
Roots of trust
Elements of the defensible architecture
Defensible architecture tradeoffs
Summary
8
Chapter 6: Active Defense
Chapter 6: Active Defense
The role of active defense
The agile active defense process
Understanding the adversary
Active defense during a crisis
Active defense for eternal compromise
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reduction
Measuring risk reduction
Strategy maps – security as business value
Working with the security strategy map
Summary
10
Section 3: Advanced Agile Security Operations
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teaming
Threat hunting
Purple teaming concepts
Agile approaches to purple teaming
Purple teaming operations
Closing into threat-informed defense
Summary
12
Chapter 9: Running and Operating Security Services
Chapter 9: Running and Operating Security Services
The essential security services
Service maturity
Agile approaches to the six security services
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn't
A threat intelligence program
Direction
Collection and collation
Interpretation
Dissemination
Summary
14
Further reading
Further reading
Background
Operations
People to follow
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Appendix
Principles of cybersecurity operations

Knowing an incident – detection and analysis

In this section, I will work primarily from the SANS incident response process but will divide the identification step into two separate steps – detection and analysis. This is because detection and analysis are two different engineering activities that are better separated once we center incident response as the core security practice and assume a state of perpetual compromise.

In a state of assumed compromise, it is vital that you know when to call an incident and how to analyze and respond to it. Detection and analysis are the two key activities:

  • Detection focuses on how security teams detect that an incident may be occurring.
  • Analysis focuses on whether an incident is occurring and what the severity of it is.

Detection engineering

Detecting incidents can happen in several ways. As an example, teams may monitor logs, antivirus, and network events, and the combination of these events determines that...

Previous Section
End of Section 3
Next Section