Align your SOC with the ATT&CK framework and follow practical examples for successful implementation

Purchase of the print or Kindle book includes a free PDF eBook

Key Features:

• Understand Cloud, Windows, and Network ATT&CK Framework using different techniques
• Assess the attack potential and implement frameworks aligned with Mitre ATT&CK
• Address security gaps to detect and respond to all security threats

Book Description:

The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You'll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career.

In this book, you'll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you'll explore how to implement the framework and use it to fill any security gaps you've identified, expediting the process without the need for any external or extra resources. Finally, you'll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.

By the end of this book, you'll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.

What You Will Learn:

• Get a deeper understanding of the Mitre ATT&CK Framework
• Avoid common implementation mistakes and provide maximum value
• Create efficient detections to align with the framework
• Implement continuous improvements on detections and review ATT&CK mapping
• Discover how to optimize SOC environments with automation
• Review different threat models and their use cases

Who this book is for:

This book is for SOC managers, security analysts, CISOs, security engineers, or security consultants looking to improve their organization's security posture. Basic knowledge of Mitre ATT&CK, as well as a deep understanding of triage and detections is a must.

Table of Contents

Part 1 - The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

Chapter 1: SOC Basics - Structure, Personnel, Coverage, and Tools

Chapter 2: Analyzing Your Environment for Potential Pitfalls

Chapter 3: Reviewing Different Threat Models

Chapter 4: What Is the ATT&CK Framework?

Part 2 - Detection Improvements and Alignment with ATT&CK

Chapter 5: A Deep Dive into the ATT&CK Framework

Chapter 6: Strategies to Map to ATT&CK

Chapter 7: Common Mistakes with Implementation

Chapter 8: Return on Investment Detections

Part 3 - Continuous Improvement and Innovation

Chapter 9: What Happens After an

Alert is Triggered?

Chapter 10: Validating Any Mappings and Detections

Chapter 11: Implementing ATT&CK in All Parts of Your SOC

Chapter 12: What's Next? Areas for Innovation in Your SOC

About the Author

Rebecca Blair currently serves as the SOC Manager at a Boston-based tech company, where she is in the process of building out a SOC team to include analyst workflows, playbooks, and processes. Also, she served at IronNet as the Director of SOC Operations, at Tenable Inc as a Test Engineer, and at the Army Research Lab as a Technical Compliance Lead, among other things. She has deep expertise in technology integrations and security operations and holds a BS degree from Norwich University in Computer Security and Information Assurance, an MS degree from the University of Maryland Global Campus in Cybersecurity and an MBA from Villanova University. She has found a niche in building SOC environments and maturing them in fast-paced environments.