Agile Security Operations: Engineering for agility in cyber defense, detection, and response
- Length: 254 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-02-17
- ISBN-10: 1801815518
- ISBN-13: 9781801815512
- Sales Rank: #0 (See Top 100 Books)
Get to grips with security operations through incident response, the ATT&CK framework, active defense, and agile threat intelligence
Key Features
- Explore robust and predictable security operations based on measurable service performance
- Learn how to improve the security posture and work on security audits
- Discover ways to integrate agile security operations into development and operations
Book Description
Agile security operations allow organizations to survive cybersecurity incidents, deliver key insights into the security posture of an organization, and operate security as an integral part of development and operations. It is, deep down, how security has always operated at its best.
Agile Security Operations will teach you how to implement and operate an agile security operations model in your organization. The book focuses on the culture, staffing, technology, strategy, and tactical aspects of security operations. You’ll learn how to establish and build a team and transform your existing team into one that can execute agile security operations. As you progress through the chapters, you’ll be able to improve your understanding of some of the key concepts of security, align operations with the rest of the business, streamline your operations, learn how to report to senior levels in the organization, and acquire funding.
By the end of this Agile book, you’ll be ready to start implementing agile security operations, using the book as a handy reference.
What you will learn
- Get acquainted with the changing landscape of security operations
- Understand how to sense an attacker’s motives and capabilities
- Grasp key concepts of the kill chain, the ATT&CK framework, and the Cynefin framework
- Get to grips with designing and developing a defensible security architecture
- Explore detection and response engineering
- Overcome challenges in measuring the security posture
- Derive and communicate business values through security operations
- Discover ways to implement security as part of development and business operations
Who this book is for
This book is for new and established CSOC managers as well as CISO, CDO, and CIO-level decision-makers. If you work as a cybersecurity engineer or analyst, you’ll find this book useful. Intermediate-level knowledge of incident response, cybersecurity, and threat intelligence is necessary to get started with the book.
Table of Contents
- How Security Operations Are Changing
- Incident Response – A Key Capability in Security Operations
- Engineering for Incident Response
- Key Concepts in Cyber Defense
- Defensible Architecture
- Active Defense
- How Secure are You? – Measuring Security Posture
- Red, Blue and Purple Teaming
- Running and Operating Security Services
- Implementing Agile Threat Intelligence
Agile Security Operations Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Section 1: Incidence Response: The Heart of Security Chapter 1: How Security Operations Are Changing Why security is hard Security operations Cybersecurity, threats, and risk Five types of cyber defense Security incidents Security solutions in search of a problem The scope of security operations Where security operations turn agile Agile incident response Agile security operations Summary Chapter 2: Incident Response – A Key Capability in Security Operations Facing up to breaches The incident response cycle Knowing an incident – detection and analysis Detection engineering Repurposing Analyzing threats Branches and pivots – how incidents change The kill chain model Expanding the options for defense Lateral movement Agile incident response Compromise is eternal Incidents and compromises Why incident response needs to be agile Team structure for incident response Learning from incidents – from resolution to tactics to strategy Summary Chapter 3: Engineering for Incident Response From incident response to agile security operations engineering Mapping the incident loop Feedback – closing the incident loop The businesslike weaknesses of attackers A brief discussion of agile frameworks Lean Kanban Scrum Agile security operations Key activities in agile security operations Breach Detect Analyze Contain Eradicate Recover Develop context and TTPs Updating the architecture, strategy, and risk Detection engineering Improvements – prevention, discovery, and prediction Tooling – defend to respond Passive defense Active defense – Mitre ATT&CK and Shield Summary Section 2: Defensible Organizations Chapter 4: Key Concepts in Cyber Defense What is cyber defense? Enduring failure The fit of security operations Coordination and discoordination Coordination games Discoordination games A framework for uncertainty A brief overview of the Cynefin framework Constraints Resolving crises Structured analytic techniques Is this part of the security skillset? Summary Chapter 5: Defensible Architecture The definition of defensible architecture Pareto optimizable attacks Understanding the kill chain Requirements of defensible architecture Defense in depth Implied trust in network segments Trust in the endpoints of the architecture Defense in depth as an evolution The new security boundaries Principles of the defensible architecture Roots of trust Identity as a root of trust Data controls as a root of trust Algorithmic integrity as a root of trust Roots of trust and verifiability Elements of the defensible architecture Prevention Visibility and forensic readiness Threat modeling Attack path modeling Defensible architecture tradeoffs On-premises infrastructure Cloud Industrial Summary Chapter 6: Active Defense The role of active defense Active defense as one of the five types of cyber defense Compromise is eternal Agile incident response An approach to active defense The agile active defense process Understanding the adversary People and processes Technology Active defense during a crisis Active defense for eternal compromise Assess Adapt The pivot or [<>] Exapt Transcend Summary Chapter 7: How Secure Are You? – Measuring Security Posture Security as risk reduction Measuring risk reduction Description Financial aspects of risks Controls Risk management versus enabling the business Strategy maps – security as business value Constructing strategy maps Strategy map layers Security strategy maps Starting a security strategy Working with the security strategy map Financial metrics Customer metrics Operations metrics Metrics for capabilities Summary Section 3: Advanced Agile Security Operations Chapter 8: Red, Blue, and Purple Teaming Red teaming and blue teaming Why red team? What is a red team? What is a blue team? Threat hunting Hunt leads Analytic queries Alternative hunt leads – alert streams and detections Implementing a threat hunting practice Purple teaming concepts Purple team activities Characteristics of blue and red teams Agile approaches to purple teaming Purple teaming operations Planning – sources of attack data Planning – cadence and process Executing the red side of purple teaming Feedback – moving to an agile approach Closing into threat-informed defense Business value from purple teaming Security baselining Security posture improvement Threat-informed defense Summary Chapter 9: Running and Operating Security Services The essential security services What is a service? Service worksheets Strategy service Policies Architecture Deployment Monitoring and alerting Incident response Other services Service maturity Maturity management Practices – components of a service Measuring effectiveness Maturity models Defining Capability Maturity does not stand alone Drawbacks of Maturity Agile approaches to the six security services Agile DevOps cycle Summary Chapter 10: Implementing Agile Threat Intelligence What threat intelligence is and isn't A threat intelligence program Acquiring threat intelligence Running your own function Using threat intelligence Direction Understanding risk reduction Using past attacks as a guide Scoping prospective groups Business capabilities and operational context The influence on direction Collection and collation The data funnel External feeds Feeds meeting internal logs Interpretation Using structured analytic techniques Threat groups Dissemination Risk analysis Alerting, hunting, and detection Infrastructure hardening Summary Appendix Principles of cybersecurity operations Further reading Background Cynefin framework Cynefin Field guide Structured analytic techniques Architecture Threat modeling Organizations Operations Principles for operations SOC operations People to follow Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Agile Security Operations: Engineering for agility in cyber defense, detection, and response
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.