You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Discussing the importance of reviews

What is the purpose of implementing controls and detections without validating that they work in the first place and fill a need for your organization? In theory, you would only implement detections that fill needs such as mitigating risks from your risk registry and helping close visibility gaps, but sometimes it might just be about getting a quick win through tuning or trying to find the easiest detection to implement. Therefore, as mentioned in previous chapters, having a review system and feedback loop for systems is essential to ensure efficiency for both detections and your team as a whole.

To establish efficiency, you need to start with proper roles and responsibilities, which sounds simple but is a task that I still struggle with, due to ever-moving targets and tasks within the security field. You can start with a team charter, creating a vision for the team and a mission statement that helps identify the scope of the overall team. From...