Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

Aligning Security Operations with the MITRE ATT&CK Framework
Contributors
About the author
About the reviewer
Preface
    Who this book is for
    What this book covers
    To get the most out of this book
    Download the color images
    Conventions used
    Get in touch
    Share Your Thoughts
    Download a free PDF copy of this book
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools
    Technical requirements
    SOC environments and roles
    SOC environment responsibilities
    SOC coverage
    SOC cross-team collaboration
    Summary
Chapter 2: Analyzing Your Environment for Potential Pitfalls
    Technical requirements
    Danger! Risks ahead – how to establish a risk registry
    Red and blue make purple – how to run purple team exercises
    Discussing common coverage gaps and security shortfalls
    Summary
Chapter 3: Reviewing Different Threat Models
    Technical requirements
    Reviewing the PASTA threat model and use cases
    Reviewing the STRIDE threat model and use cases
    Reviewing the VAST threat model and use cases
    Reviewing the Trike threat model and use cases
    Reviewing attack trees
    Summary
Chapter 4: What Is the ATT&CK Framework?
    A brief history and evolution of ATT&CK
    Overview of the various ATT&CK models
    Summary
Part 2 – Detection Improvements and Alignment with ATT&CK
Chapter 5: A Deep Dive into the ATT&CK Framework
    Technical requirements
    A deep dive into the techniques in the cloud framework
    A deep dive into the techniques in the Windows framework
    A deep dive into the techniques in the macOS framework
    A deep dive into the techniques in the network framework
    A deep dive into the techniques in the mobile framework
    Summary
Chapter 6: Strategies to Map to ATT&CK
    Technical requirements
    Finding the gaps in your coverage
    Prioritization of efforts to increase efficiency
    Examples of mappings in real environments
    Summary
Chapter 7: Common Mistakes with Implementation
    Technical requirements
    Examples of incorrect technique mappings from ATT&CK
    Examples of poor executions with detection creation
    Summary
Chapter 8: Return on Investment Detections
    Technical requirements
    Reviewing examples of poorly created detections and their consequences
    Finding the winners or the best alerts
    Measuring the success of a detection
        Requirement-setting
        Use cases as coverage
        What metrics should be used
    Summary
Part 3 – Continuous Improvement and Innovation
Chapter 9: What Happens After an Alert is Triggered?
    Technical requirements
    What’s next? Example playbooks and how to create them
        Flowcharts
        Runbooks via security orchestration, automation, and response (SOAR) tools
    Templates for playbooks and best practices
    Summary
Chapter 10: Validating Any Mappings and Detections
    Technical requirements
    Discussing the importance of reviews
    Saving time and automating reviews with examples
    Turning alert triage feedback into something actionable
    Summary
Chapter 11: Implementing ATT&CK in All Parts of Your SOC
    Technical requirements
    Examining a risk register at the corporate level
    Applying ATT&CK to NOC environments
    Mapping ATT&CK to compliance frameworks
    Using ATT&CK to create organizational policies and standards
    Summary
Chapter 12: What’s Next? Areas for Innovation in Your SOC
    Technical requirements
    Automation is the way
    Scaling to the future
    Helping hands – thoughts from industry professionals
    Summary
Index
    Why subscribe?
Other Books You May Enjoy
    Packt is searching for authors like you
    Share Your Thoughts
    Download a free PDF copy of this book