Book Image

Agile Security Operations

By : Hinne Hettema
Book Image

Agile Security Operations

By: Hinne Hettema

Overview of this book

Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best. Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You'll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding. By the end of this Agile book, you'll be ready to start implementing agile security operations, using the book as a handy reference.

Related Content you might be interested in

Current Title:

Small book image
Agile Security Operations
Hinne Hettema
Feb, 2022 | 254 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Small book image
Cybersecurity Blue Team Strategies
Kunal Sehgal | Nikolaos Thymianis
Feb, 2023 | 208 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: Incidence Response: The Heart of Security
Section 1: Incidence Response: The Heart of Security
Free Chapter
2
Chapter 1: How Security Operations Are Changing
Chapter 1: How Security Operations Are Changing
Why security is hard
Security incidents
Security solutions in search of a problem
The scope of security operations
Where security operations turn agile
Summary
3
Chapter 2: Incident Response – A Key Capability in Security Operations
Chapter 2: Incident Response – A Key Capability in Security Operations
Facing up to breaches
Knowing an incident – detection and analysis
Branches and pivots – how incidents change
Agile incident response
Learning from incidents – from resolution to tactics to strategy
Summary
4
Chapter 3: Engineering for Incident Response
Chapter 3: Engineering for Incident Response
From incident response to agile security operations engineering
The businesslike weaknesses of attackers
A brief discussion of agile frameworks
Agile security operations
Key activities in agile security operations
Tooling – defend to respond
Summary
5
Section 2: Defensible Organizations
Section 2: Defensible Organizations
6
Chapter 4: Key Concepts in Cyber Defense
Chapter 4: Key Concepts in Cyber Defense
What is cyber defense?
Coordination and discoordination
A framework for uncertainty
Structured analytic techniques
Is this part of the security skillset?
Summary
7
Chapter 5: Defensible Architecture
Chapter 5: Defensible Architecture
The definition of defensible architecture
Requirements of defensible architecture
Defense in depth
The new security boundaries
Roots of trust
Elements of the defensible architecture
Defensible architecture tradeoffs
Summary
8
Chapter 6: Active Defense
Chapter 6: Active Defense
The role of active defense
The agile active defense process
Understanding the adversary
Active defense during a crisis
Active defense for eternal compromise
Summary
9
Chapter 7: How Secure Are You? – Measuring Security Posture
Chapter 7: How Secure Are You? – Measuring Security Posture
Security as risk reduction
Measuring risk reduction
Strategy maps – security as business value
Working with the security strategy map
Summary
10
Section 3: Advanced Agile Security Operations
Section 3: Advanced Agile Security Operations
11
Chapter 8: Red, Blue, and Purple Teaming
Chapter 8: Red, Blue, and Purple Teaming
Red teaming and blue teaming
Threat hunting
Purple teaming concepts
Agile approaches to purple teaming
Purple teaming operations
Closing into threat-informed defense
Summary
12
Chapter 9: Running and Operating Security Services
Chapter 9: Running and Operating Security Services
The essential security services
Service maturity
Agile approaches to the six security services
Summary
13
Chapter 10: Implementing Agile Threat Intelligence
Chapter 10: Implementing Agile Threat Intelligence
What threat intelligence is and isn't
A threat intelligence program
Direction
Collection and collation
Interpretation
Dissemination
Summary
14
Further reading
Further reading
Background
Operations
People to follow
Why subscribe?
15
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Appendix
Principles of cybersecurity operations

What this book covers

Chapter 1, How Security Operations Are Changing, discusses how the landscape of security operations is changing and the pressures that are forcing that change. I focus on why security is hard and why the traditional measures in use in IT are failing when it comes to security.

Chapter 2, Incident Response – A Key Capability in Security Operations, focuses on the aim and purpose of incident response, and the reasons why incident response is the key security capability.

Chapter 3, Engineering for Incident Response, discusses the engineering aspects of incident response, from the viewpoint that incident response is a continuing operational activity that defines agile security operations. We will primarily build on the incident response loop to develop an agile framework for security operations and discuss some of the engineering aspects. This will be the final chapter that builds the framework for agile security operations, and the focus will be both on the agile security operations process and how tooling needs change as a result of that process.

Chapter 4, Key Concepts in Cyber Defense, discusses some key concepts of resilience that need to be understood for the rest of the book. This chapter will introduce the key concepts that make up the culture and ethos of agile security: chaos, constraints, defensibility, strategy, and tactics, and will focus on how to apply them correctly, as well as presenting further pointers to more detailed resources easily available on the internet. This chapter will use the earlier concept of the Cynefin framework to delve deeper into these concepts and how they shape thinking during incident response.

Chapter 5, Defensible Architecture, focuses on the development of defensible architecture. The main idea of defensible architecture is that it focuses on incident response in an environment during the design stage and tries to maximize the options available to defenders.

Chapter 6, Active Defense, takes the lessons from the previous chapter to heart and integrates them into a credible defense, taking us from response activities to tactics to strategy. This chapter focuses on the tactic of active defense and how it is implemented. Active defense is the practice of intelligence-driven breach detection, containment, and purposed engineering that is capable of dealing with persistent and advanced attackers.

Chapter 7, How Secure Are You? – Measuring Security Posture, tackles the difficult problem of measuring security posture and especially measuring and communicating the value that security operations bring to the organization. Traditionally, these discussions have focused on the reduction of risk, rather than driving business value. This chapter focuses on how practitioners should have these discussions in the context of business value and strategy.

Chapter 8, Red, Blue, and Purple Teaming, covers how active defense applies the principles of blue teaming. A purple team adds a certain amount of adversity to a blue team. Purple teaming aims to give a direct answer to the question, Are we vulnerable?, in ways that can be directly communicated to the business. This chapter outlines how organizations can get the most out of threat hunting and purple teaming.

Chapter 9, Running and Operating Security Services, explains how security operations done well revolve around six different security services. This chapter expands on security operations to the complete set of services that need to be run in the context of a security program with incident response at its core. Defining precise services in the context of a business environment is very important: it allows service strategies to be developed for these services, and allows monitoring and evaluation of these services, just like any other IT service. Many organizations struggle with cyber security precisely because they do not quite understand what the essential cyber security services are and the value they deliver to the business.

Chapter 10, Implementing Agile Threat Intelligence, covers the fact that threat intelligence requires a significant amount of organizational readiness. A credible threat intelligence program consists of a number of activities that are best performed in the context of agile security operations, such as curation, threat hunting and tasking, as well as adversary simulation.

Previous Section
Next Section