Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Aligning Security Operations with the MITRE ATT&CK Framework

You're reading from   Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Arrow left icon
Product type Paperback
Published in May 2023
Publisher Packt
ISBN-13 9781804614266
Length 192 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Rebecca Blair Rebecca Blair
Author Profile Icon Rebecca Blair
Rebecca Blair
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Preface 1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance
2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER 3. Chapter 2: Analyzing Your Environment for Potential Pitfalls 4. Chapter 3: Reviewing Different Threat Models 5. Chapter 4: What Is the ATT&CK Framework? 6. Part 2 – Detection Improvements and Alignment with ATT&CK
7. Chapter 5: A Deep Dive into the ATT&CK Framework 8. Chapter 6: Strategies to Map to ATT&CK 9. Chapter 7: Common Mistakes with Implementation 10. Chapter 8: Return on Investment Detections 11. Part 3 – Continuous Improvement and Innovation
12. Chapter 9: What Happens After an Alert is Triggered? 13. Chapter 10: Validating Any Mappings and Detections 14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC 15. Chapter 12: What’s Next? Areas for Innovation in Your SOC 16. Index 17. Other Books You May Enjoy

Applying ATT&CK to NOC environments

When looking at the ATT&CK framework, you can see that there are Enterprise, Mobile, and Industrial Control System frameworks for different purposes. Under the Enterprise matrices is Network matrix version 12, with the following sub-techniques:

  • Initial Access:
    • Exploit Public-Facing Application
    • Valid Accounts
  • Execution:
    • Command and Scripting Interpreter:
      • Network Device CLI
  • Persistence:
    • Modify Authentication Process:
      • Network Device Authentication
    • Pre-OS Boot:
      • ROMMONkit
      • TFTP Boot
    • Server Software Component:
      • Web Shell
    • Traffic Signaling:
      • Port Knocking
  • Privilege Escalation:
    • Valid Accounts
  • Defense Evasion:
    • Impair Defenses:
      • Impair Command History Logging
    • Indicator Removal on Host:
      • Clear Command History
      • Clear Network Connection History and Configurations
    • Modify Authentication Process:
      • Network Device Authentication
    • Modify System Image:
      • Patch System Image
      • Downgrade System Image
    • Network Boundary Bridging:
      • Network Address Translation Traversal
    • Pre-OS Boot...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime