Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Aligning Security Operations with the MITRE ATT&CK Framework
  • Table Of Contents Toc
Aligning Security Operations with the MITRE ATT&CK Framework

Aligning Security Operations with the MITRE ATT&CK Framework

By : Rebecca Blair
4.7 (18)
Buy this Book
close
close
Aligning Security Operations with the MITRE ATT&CK Framework

Aligning Security Operations with the MITRE ATT&CK Framework

4.7 (18)
By: Rebecca Blair
Buy this Book

Overview of this book

The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You’ll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career. In this book, you’ll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you’ll explore how to implement the framework and use it to fill any security gaps you’ve identified, expediting the process without the need for any external or extra resources. Finally, you’ll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve. By the end of this book, you’ll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book
1
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
Icon
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
Lock Free Chapter
2
Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools
chevron up
Icon
Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools
Icon
Technical requirements
Icon
SOC environments and roles
Icon
SOC environment responsibilities
Icon
SOC coverage
Icon
SOC cross-team collaboration
Icon
Summary
3
Chapter 2: Analyzing Your Environment for Potential Pitfalls
Icon
Chapter 2: Analyzing Your Environment for Potential Pitfalls
Icon
Technical requirements
Icon
Danger! Risks ahead – how to establish a risk registry
Icon
Red and blue make purple – how to run purple team exercises
Icon
Discussing common coverage gaps and security shortfalls
Icon
Summary
4
Chapter 3: Reviewing Different Threat Models
Icon
Chapter 3: Reviewing Different Threat Models
Icon
Technical requirements
Icon
Reviewing the PASTA threat model and use cases
Icon
Reviewing the STRIDE threat model and use cases
Icon
Reviewing the VAST threat model and use cases
Icon
Reviewing the Trike threat model and use cases
Icon
Reviewing attack trees
Icon
Summary
5
Chapter 4: What Is the ATT&CK Framework?
Icon
Chapter 4: What Is the ATT&CK Framework?
Icon
A brief history and evolution of ATT&CK
Icon
Overview of the various ATT&CK models
Icon
Summary
6
Part 2 – Detection Improvements and Alignment with ATT&CK
Icon
Part 2 – Detection Improvements and Alignment with ATT&CK
7
Chapter 5: A Deep Dive into the ATT&CK Framework
Icon
Chapter 5: A Deep Dive into the ATT&CK Framework
Icon
Technical requirements
Icon
A deep dive into the techniques in the cloud framework
Icon
A deep dive into the techniques in the Windows framework
Icon
A deep dive into the techniques in the macOS framework
Icon
A deep dive into the techniques in the network framework
Icon
A deep dive into the techniques in the mobile framework
Icon
Summary
8
Chapter 6: Strategies to Map to ATT&CK
Icon
Chapter 6: Strategies to Map to ATT&CK
Icon
Technical requirements
Icon
Finding the gaps in your coverage
Icon
Prioritization of efforts to increase efficiency
Icon
Examples of mappings in real environments
Icon
Summary
9
Chapter 7: Common Mistakes with Implementation
Icon
Chapter 7: Common Mistakes with Implementation
Icon
Technical requirements
Icon
Examples of incorrect technique mappings from ATT&CK
Icon
Examples of poor executions with detection creation
Icon
Summary
10
Chapter 8: Return on Investment Detections
Icon
Chapter 8: Return on Investment Detections
Icon
Technical requirements
Icon
Reviewing examples of poorly created detections and their consequences
Icon
Finding the winners or the best alerts
Icon
Measuring the success of a detection
Icon
Summary
11
Part 3 – Continuous Improvement and Innovation
Icon
Part 3 – Continuous Improvement and Innovation
12
Chapter 9: What Happens After an Alert is Triggered?
Icon
Chapter 9: What Happens After an Alert is Triggered?
Icon
Technical requirements
Icon
What’s next? Example playbooks and how to create them
Icon
Templates for playbooks and best practices
Icon
Summary
13
Chapter 10: Validating Any Mappings and Detections
Icon
Chapter 10: Validating Any Mappings and Detections
Icon
Technical requirements
Icon
Discussing the importance of reviews
Icon
Saving time and automating reviews with examples
Icon
Turning alert triage feedback into something actionable
Icon
Summary
14
Chapter 11: Implementing ATT&CK in All Parts of Your SOC
Icon
Chapter 11: Implementing ATT&CK in All Parts of Your SOC
Icon
Technical requirements
Icon
Examining a risk register at the corporate level
Icon
Applying ATT&CK to NOC environments
Icon
Mapping ATT&CK to compliance frameworks
Icon
Using ATT&CK to create organizational policies and standards
Icon
Summary
15
Chapter 12: What’s Next? Areas for Innovation in Your SOC
Icon
Chapter 12: What’s Next? Areas for Innovation in Your SOC
Icon
Technical requirements
Icon
Automation is the way
Icon
Scaling to the future
Icon
Helping hands – thoughts from industry professionals
Icon
Summary
16
Index
Icon
Index
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts
Icon
Download a free PDF copy of this book

SOC Basics – Structure, Personnel, Coverage, and Tools

In this chapter, we will cover the landscape of what your average security operation center (SOC) looks like. We’ll discuss the structure of the specific roles within the SOC and possible sub-teams that can feed into or be part of the SOC environment. We’ll discuss strategies for alert triage, creating detections, incident response, and other important functions such as “trust but verify,” and how these functions can promote cross-team collaboration and apply to all aspects of the business. Having a strong understanding of the SOC can be critical to applying the various aspects of the ATT&CK framework. This will also allow you to evaluate the SOC environments that you might work in or interact with, and suggest possible changes, improvements, or areas for expansion. This chapter is comprised of the following sections:

  • SOC environments and roles
  • SOC environment responsibilities
  • SOC coverage
  • SOC cross-team collaboration
Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Aligning Security Operations with the MITRE ATT&CK Framework
End of Section 2
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon