Aligning Security Operations with the MITRE ATT&CK Framework 9781804614266
Align your SOC with the ATT&CK framework and follow practical examples for successful implementation Key Features U
2,108 44 13MB
English Pages 192 Year 2023
Table of contents :
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
1
SOC Basics – Structure, Personnel, Coverage, and Tools
Technical requirements
SOC environments and roles
SOC environment responsibilities
SOC coverage
SOC cross-team collaboration
Summary
2
Analyzing Your Environment for Potential Pitfalls
Technical requirements
Danger! Risks ahead – how to establish a risk registry
Red and blue make purple – how to run purple team exercises
Discussing common coverage gaps and security shortfalls
Summary
3
Reviewing Different Threat Models
Technical requirements
Reviewing the PASTA threat model and use cases
Reviewing the STRIDE threat model and use cases
Reviewing the VAST threat model and use cases
Reviewing the Trike threat model and use cases
Reviewing attack trees
Summary
4
What Is the ATT&CK Framework?
A brief history and evolution of ATT&CK
Overview of the various ATT&CK models
Summary
Part 2 – Detection Improvements and Alignment with ATT&CK
5
A Deep Dive into the ATT&CK Framework
Technical requirements
A deep dive into the techniques in the cloud framework
A deep dive into the techniques in the Windows framework
A deep dive into the techniques in the macOS framework
A deep dive into the techniques in the network framework
A deep dive into the techniques in the mobile framework
Summary
6
Strategies to Map to ATT&CK
Technical requirements
Finding the gaps in your coverage
Prioritization of efforts to increase efficiency
Examples of mappings in real environments
Summary
7
Common Mistakes with Implementation
Technical requirements
Examples of incorrect technique mappings from ATT&CK
Examples of poor executions with detection creation
Summary
8
Return on Investment Detections
Technical requirements
Reviewing examples of poorly created detections and their consequences
Finding the winners or the best alerts
Measuring the success of a detection
Requirement-setting
Use cases as coverage
What metrics should be used
Summary
Part 3 – Continuous Improvement and Innovation
9
What Happens After an Alert is Triggered?
Technical requirements
What’s next? Example playbooks and how to create them
Flowcharts
Runbooks via security orchestration, automation, and response (SOAR) tools
Templates for playbooks and best practices
Summary
10
Validating Any Mappings and Detections
Technical requirements
Discussing the importance of reviews
Saving time and automating reviews with examples
Turning alert triage feedback into something actionable
Summary
Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
1
SOC Basics – Structure, Personnel, Coverage, and Tools
Technical requirements
SOC environments and roles
SOC environment responsibilities
SOC coverage
SOC cross-team collaboration
Summary
2
Analyzing Your Environment for Potential Pitfalls
Technical requirements
Danger! Risks ahead – how to establish a risk registry
Red and blue make purple – how to run purple team exercises
Discussing common coverage gaps and security shortfalls
Summary
3
Reviewing Different Threat Models
Technical requirements
Reviewing the PASTA threat model and use cases
Reviewing the STRIDE threat model and use cases
Reviewing the VAST threat model and use cases
Reviewing the Trike threat model and use cases
Reviewing attack trees
Summary
4
What Is the ATT&CK Framework?
A brief history and evolution of ATT&CK
Overview of the various ATT&CK models
Summary
Part 2 – Detection Improvements and Alignment with ATT&CK
5
A Deep Dive into the ATT&CK Framework
Technical requirements
A deep dive into the techniques in the cloud framework
A deep dive into the techniques in the Windows framework
A deep dive into the techniques in the macOS framework
A deep dive into the techniques in the network framework
A deep dive into the techniques in the mobile framework
Summary
6
Strategies to Map to ATT&CK
Technical requirements
Finding the gaps in your coverage
Prioritization of efforts to increase efficiency
Examples of mappings in real environments
Summary
7
Common Mistakes with Implementation
Technical requirements
Examples of incorrect technique mappings from ATT&CK
Examples of poor executions with detection creation
Summary
8
Return on Investment Detections
Technical requirements
Reviewing examples of poorly created detections and their consequences
Finding the winners or the best alerts
Measuring the success of a detection
Requirement-setting
Use cases as coverage
What metrics should be used
Summary
Part 3 – Continuous Improvement and Innovation
9
What Happens After an Alert is Triggered?
Technical requirements
What’s next? Example playbooks and how to create them
Flowcharts
Runbooks via security orchestration, automation, and response (SOAR) tools
Templates for playbooks and best practices
Summary
10
Validating Any Mappings and Detections
Technical requirements
Discussing the importance of reviews
Saving time and automating reviews with examples
Turning alert triage feedback into something actionable
Summary
- Author / Uploaded
- Rebecca Blair
![Automated Security Analysis of Android and iOS Applications with Mobile Security Framework [1 ed.]
0128047186, 9780128047187](https://ebin.pub/img/200x200/automated-security-analysis-of-android-and-ios-applications-with-mobile-security-framework-1nbsped-0128047186-9780128047187.jpg)
![The NICE Cyber Security Framework. Cyber Security Intelligence and Analytics [2 ed.]
9783031216503, 9783031216510](https://ebin.pub/img/200x200/the-nice-cyber-security-framework-cyber-security-intelligence-and-analytics-2nbsped-9783031216503-9783031216510.jpg)
![.NET Framework Security [1st ed.]
9780672321849, 067232184X](https://ebin.pub/img/200x200/net-framework-security-1stnbsped-9780672321849-067232184x.jpg)
