You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Finding the gaps in your coverage

It’s not logical to think that you can immediately review any/all controls from the MITRE ATT&CK Framework. Doing so will not only create a massive headache for yourself and your team but also could lead to adding unnecessary tools and leaving you trying to obtain the impossible. A perfect example is the Actions on Objectives control, which is complicated. The main principle is that there are various actions on an objective (actions taken against a target system such as a network or host) that can be carried out, such as stealing credentials, installing malware, and so on, but until an attack starts, you are unable to predict what is going to occur at some undetermined time in the future. In this case, you want to have a strong defense-in-depth approach by implementing standard security controls. Also, with regard to controls, it helps to understand that you will inevitably experience a compromise at some point in time if you haven’...