Book Image

Agile Security Operations

By : Hinne Hettema
Book Image

Agile Security Operations

By: Hinne Hettema

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

Related Content you might be interested in

Current Title:

Small book image
Agile Security Operations
Hinne Hettema
Feb, 2022 | 254 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Section 1: Incidence Response: The Heart of Security
Free Chapter
2
Chapter 1: How Security Operations Are Changing
Chapter 1: How Security Operations Are Changing
Why security is hard
Security incidents
Security solutions in search of a problem
The scope of security operations
Where security operations turn agile
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breaches
Knowing an incident – detection and analysis
Branches and pivots – how incidents change
Agile incident response
Learning from incidents – from resolution to tactics to strategy
Summary
4
Chapter 3: Engineering for Incident Response
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineering
The businesslike weaknesses of attackers
A brief discussion of agile frameworks
Agile security operations
Key activities in agile security operations
Tooling – defend to respond
Summary
5
Section 2: Defensible Organizations
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?
Coordination and discoordination
A framework for uncertainty
Structured analytic techniques
Is this part of the security skillset?
Summary
7
Chapter 5: Defensible Architecture
Chapter 5: Defensible Architecture
The definition of defensible architecture
Requirements of defensible architecture
Defense in depth
The new security boundaries
Roots of trust
Elements of the defensible architecture
Defensible architecture tradeoffs
Summary
8
Chapter 6: Active Defense
Chapter 6: Active Defense
The role of active defense
The agile active defense process
Understanding the adversary
Active defense during a crisis
Active defense for eternal compromise
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reduction
Measuring risk reduction
Strategy maps – security as business value
Working with the security strategy map
Summary
10
Section 3: Advanced Agile Security Operations
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teaming
Threat hunting
Purple teaming concepts
Agile approaches to purple teaming
Purple teaming operations
Closing into threat-informed defense
Summary
12
Chapter 9: Running and Operating Security Services
Chapter 9: Running and Operating Security Services
The essential security services
Service maturity
Agile approaches to the six security services
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn't
A threat intelligence program
Direction
Collection and collation
Interpretation
Dissemination
Summary
14
Further reading
Further reading
Background
Operations
People to follow
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Appendix
Principles of cybersecurity operations

Tooling – defend to respond

The agile security operations process strongly influences the tools that are deployed and how they are deployed. In this section, I will briefly discuss some of the tooling for passive and active defense.

Passive defense

Passive defense tooling focuses on either blocking attackers through defenses such as access control, firewalls, and system hardening, as well as the tooling that organizations can deploy to detect an attack has occurred and analyze it. Similarly, if you wish to contain incidents, you will need passive defense tools.

The SOC nuclear triad

The security researcher Anton Chuvakin maintains that a nuclear triad of SOC tooling exists, consisting of Security Incident Event Monitoring (which, in this model, would include logging), Enterprise Detection and Response, and a capability for network detection and forensics. This is still a good model to go on: https://blogs.gartner.com/anton-chuvakin/2015/08/04/your-soc-nuclear-triad...

Previous Section
End of Section 7
Next Section