Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

by Rebecca Blair

Length: 192 pages
Edition: 1
Language: English
Publisher: Packt Publishing
Publication Date: 2023-05-19
ISBN-10: 1804614262
ISBN-13: 9781804614266
Sales Rank: #235069 (See Top 100 Books)

0 ratings

Print Book Look Inside

Align your SOC with the ATT&CK framework and follow practical examples for successful implementation

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

Understand Cloud, Windows, and Network ATT&CK Framework using different techniques
Assess the attack potential and implement frameworks aligned with Mitre ATT&CK
Address security gaps to detect and respond to all security threats

Book Description

The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You’ll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career.

In this book, you’ll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you’ll explore how to implement the framework and use it to fill any security gaps you’ve identified, expediting the process without the need for any external or extra resources. Finally, you’ll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.

By the end of this book, you’ll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.

What you will learn

Get a deeper understanding of the Mitre ATT&CK Framework
Avoid common implementation mistakes and provide maximum value
Create efficient detections to align with the framework
Implement continuous improvements on detections and review ATT&CK mapping
Discover how to optimize SOC environments with automation
Review different threat models and their use cases

Who this book is for

This book is for SOC managers, security analysts, CISOs, security engineers, or security consultants looking to improve their organization’s security posture. Basic knowledge of Mitre ATT&CK, as well as a deep understanding of triage and detections is a must.

Aligning Security Operations with the MITRE ATT&CK Framework
Contributors
About the author
About the reviewer
Preface
    Who this book is for
    What this book covers
    To get the most out of this book
    Download the color images
    Conventions used
    Get in touch
    Share Your Thoughts
    Download a free PDF copy of this book
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools
    Technical requirements
    SOC environments and roles
    SOC environment responsibilities
    SOC coverage
    SOC cross-team collaboration
    Summary
Chapter 2: Analyzing Your Environment for Potential Pitfalls
    Technical requirements
    Danger! Risks ahead – how to establish a risk registry
    Red and blue make purple – how to run purple team exercises
    Discussing common coverage gaps and security shortfalls
    Summary
Chapter 3: Reviewing Different Threat Models
    Technical requirements
    Reviewing the PASTA threat model and use cases
    Reviewing the STRIDE threat model and use cases
    Reviewing the VAST threat model and use cases
    Reviewing the Trike threat model and use cases
    Reviewing attack trees
    Summary
Chapter 4: What Is the ATT&CK Framework?
    A brief history and evolution of ATT&CK
    Overview of the various ATT&CK models
    Summary
Part 2 – Detection Improvements and Alignment with ATT&CK
Chapter 5: A Deep Dive into the ATT&CK Framework
    Technical requirements
    A deep dive into the techniques in the cloud framework
    A deep dive into the techniques in the Windows framework
    A deep dive into the techniques in the macOS framework
    A deep dive into the techniques in the network framework
    A deep dive into the techniques in the mobile framework
    Summary
Chapter 6: Strategies to Map to ATT&CK
    Technical requirements
    Finding the gaps in your coverage
    Prioritization of efforts to increase efficiency
    Examples of mappings in real environments
    Summary
Chapter 7: Common Mistakes with Implementation
    Technical requirements
    Examples of incorrect technique mappings from ATT&CK
    Examples of poor executions with detection creation
    Summary
Chapter 8: Return on Investment Detections
    Technical requirements
    Reviewing examples of poorly created detections and their consequences
    Finding the winners or the best alerts
    Measuring the success of a detection
        Requirement-setting
        Use cases as coverage
        What metrics should be used
    Summary
Part 3 – Continuous Improvement and Innovation
Chapter 9: What Happens After an Alert is Triggered?
    Technical requirements
    What’s next? Example playbooks and how to create them
        Flowcharts
        Runbooks via security orchestration, automation, and response (SOAR) tools
    Templates for playbooks and best practices
    Summary
Chapter 10: Validating Any Mappings and Detections
    Technical requirements
    Discussing the importance of reviews
    Saving time and automating reviews with examples
    Turning alert triage feedback into something actionable
    Summary
Chapter 11: Implementing ATT&CK in All Parts of Your SOC
    Technical requirements
    Examining a risk register at the corporate level
    Applying ATT&CK to NOC environments
    Mapping ATT&CK to compliance frameworks
    Using ATT&CK to create organizational policies and standards
    Summary
Chapter 12: What’s Next? Areas for Innovation in Your SOC
    Technical requirements
    Automation is the way
    Scaling to the future
    Helping hands – thoughts from industry professionals
    Summary
Index
    Why subscribe?
Other Books You May Enjoy
    Packt is searching for authors like you
    Share Your Thoughts
    Download a free PDF copy of this book

Donate to keep this site alive

To access the Link, solve the captcha.

How to download source code?

1. Go to: https://github.com/PacktPublishing

2. In the Find a repository… box, search the book title: Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security, sometime you may not get the results, please search the main title.