Security Operations Center - Analyst Guide: SIEM Technology, Use Cases and Practices
By Arun Thomas
4/5
()
About this ebook
Security analytics can be defined as the process of continuously monitoring and analyzing all the activities in your enterprise network to ensure the minimal number of occurrences of security breaches. Security Analyst is the individual that is qualified to perform the functions necessary to accomplish the security monitoring goals of the organi
Related to Security Operations Center - Analyst Guide
Related ebooks
Use of Cyber Threat Intelligence in Security Operation Center Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5Designing and Building Security Operations Center Rating: 3 out of 5 stars3/5Security Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsOperationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Next Generation Red Teaming Rating: 0 out of 5 stars0 ratingsCEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021 Rating: 0 out of 5 stars0 ratingsModern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5How to Defeat Advanced Malware: New Tools for Protection and Forensics Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsWeb Application Firewall Assurance Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsStart-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsInformation Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 Guide to the CCSP CBK Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 5 out of 5 stars5/5Application Security Program Handbook Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security Rating: 0 out of 5 stars0 ratingsCyber Incident Response Plan A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Information Technology For You
Computer Science: A Concise Introduction Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5How to Write Effective Emails at Work Rating: 4 out of 5 stars4/5Summary of Super-Intelligence From Nick Bostrom Rating: 5 out of 5 stars5/5An Ultimate Guide to Kali Linux for Beginners Rating: 3 out of 5 stars3/5Data Analytics for Beginners: Introduction to Data Analytics Rating: 4 out of 5 stars4/5How To Use Chatgpt: Using Chatgpt To Make Money Online Has Never Been This Simple Rating: 0 out of 5 stars0 ratingsSupercommunicator: Explaining the Complicated So Anyone Can Understand Rating: 3 out of 5 stars3/5Health Informatics: Practical Guide Rating: 0 out of 5 stars0 ratingsCompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsPanda3d 1.7 Game Developer's Cookbook Rating: 0 out of 5 stars0 ratingsCompTIA Network+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Exam N10-008 Rating: 0 out of 5 stars0 ratingsChatGPT: The Future of Intelligent Conversation Rating: 4 out of 5 stars4/5Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5Quantum Computing for Programmers and Investors: with full implementation of algorithms in C Rating: 5 out of 5 stars5/5Linux Command Line and Shell Scripting Bible Rating: 3 out of 5 stars3/5Hacking Essentials - The Beginner's Guide To Ethical Hacking And Penetration Testing Rating: 3 out of 5 stars3/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5The Programmer's Brain: What every programmer needs to know about cognition Rating: 5 out of 5 stars5/5A Mind at Play: How Claude Shannon Invented the Information Age Rating: 4 out of 5 stars4/520 Windows Tools Every SysAdmin Should Know Rating: 5 out of 5 stars5/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Computer Organization and Design: The Hardware / Software Interface Rating: 4 out of 5 stars4/5A Civic Technologist's Practice Guide Rating: 0 out of 5 stars0 ratingsThe Ultimate Guide to Landing a Network Engineering Job Rating: 0 out of 5 stars0 ratingsDNS in Action Rating: 0 out of 5 stars0 ratings
Reviews for Security Operations Center - Analyst Guide
1 rating0 reviews
Book preview
Security Operations Center - Analyst Guide - Arun Thomas
Security Operation Center – Analyst Guide
SIEM Technology Use Cases and Practices
ARUN E THOMAS
All Rights Reserved
ISBN 978-1-64136-512-3
Introduction
Security analytics can be defined as the process of continuously monitoring and analyzing all the activities in your enterprise network to ensure a minimal number of occurrences of security breaches. A Security Analyst is the individual that is qualified to perform the functions necessary to accomplish the security monitoring goals of the organization. This book is intended to improve the ability of a security analyst to perform their day to day work functions in a more professional manner. Deeper knowledge of tools processes and technology is needed for this.
A firm understanding of all the domains of this book is going to be vital in achieving the desired skill set to become a professional security analyst. The goal of this book is to address the problems associated with the content development (use cases and correlation rules) of SIEM deployments.
The Security Operation Center Fundamentals domain details the much-needed basics one should know about a Security Operation Center. The key areas of knowledge include:
Security Operations Center Fundamentals
SOC Challenges
Regulatory compliance requirements
SOC Services
SOC Roles and Teams
SOC Topology
SOC Reports
In-House SOC vs Outsourced SOC
Outsourced SOC – Service level agreements
SOC Analyst – Desired Skill Set
SOC Roles
Information Needed by SOC Roles
The ability to understand security operation Tools, Processes, Roles and Responsibilities of SOC professionals are all key elements that go into this domain.
SIEM deployment domain addresses the processes and steps involved in selection and deployment of an SIEM solution for the enterprise.
The key area of knowledge includes:
SIEM Selection and Deployment
SIEM Tools
Types of Reports
SOC Metrics
How to Select SIEM
Collector to source communication Protocol
Challenges or Risks in Building a SOC
Proper understanding of processes and technology related to SIEM helps security professionals in designing and deploying security monitoring solutions in a very effective way. The security analyst is responsible for security threat detection to all levels based on the solution they implement.
MSSP SLA domain is meant for making a securing analyst understand the means, components and terms of an MSSP SLA through a sample service level agreement. This includes an oversight of the common terms and criteria included in an SLA.
The Network Security Monitoring domain focuses on the deeper packet or stream level analysis of data. Network security monitoring is a collection of different publically available tools for the deeper analysis of network traffic. The tools and techniques used for building and operating an NSM internally for your organization is described in detail.
The key areas of knowledge include:
Network Security Monitoring
NSM Deployment
NSM Limitations
NSM Data Types
NSM Deployment
NSM Deployment models
Commonly used Tools for building NSM
The Recommended Use Cases and Correlation Rules domain deals with the selection of proper use cases and correlation rules. The effectiveness of security monitoring is based purely on the strength of deployed use cases and correlation rules. Event sources are categorized in to a number of categories based on their type, and a list of minimum recommended use cases and correlation rules are suggested.
The key areas of knowledge include:
Recommended use cases correlation rules for;
Anti-spam
Anti-virus
End point threat protection/Application control/whitelisting solution
Web/Application server or database
Data loss prevention /File integrity monitor
Financial application
Host based firewall
Single sign on
IPS/IDS
Network based firewall
Network user behavior analysis
Operating system
Storage
VPN
Vulnerability Scanning solution
NAC solution
Module 1
Security Operations Center Fundamentals
Why do we need a SOC?
The Security Operations Center plays a significant role in real time detection of threats and post threat response. There are several tools and solutions that are in use in SOC environments. This book will take you through all the must know SOC technologies and tools. The Security Operation Center is the place where all network devices, security solutions, applications and database systems are monitored. SOC also deals with the periodic assessment of threats through the use of vulnerability management tools, network security monitoring solutions, and continuous security monitoring products. End point security management, Incident Response, compliance monitoring etc. are also the other major functions of the Security Operations Center team.
SOC Challenges
There are several challenges in security monitoring, in the following section you will find more details about it.
Amount of Data
SOC tools must have the capability to handle tons of data from disparate systems, platforms, and applications. Security monitoring solutions will be acting as the collection and aggregation points of logs, the huge amount of data collection should not create any performance or throughput issues. Performance issues may directly result in interruption of monitoring services or SLA violations in case of MSSPs. The lack of raw or