You're reading from Aligning Security Operations with the MITRE ATT&CK Framework Level up your security operations center for better security

Product type Paperback

Published in May 2023

Publisher Packt

ISBN-13 9781804614266

Length 192 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Rebecca Blair

View More author details

Table of Contents (18) Chapters

Preface

1. Part 1 – The Basics: SOC and ATT&CK, Two Worlds in a Delicate Balance

2. Chapter 1: SOC Basics – Structure, Personnel, Coverage, and Tools FREE CHAPTER

3. Chapter 2: Analyzing Your Environment for Potential Pitfalls

4. Chapter 3: Reviewing Different Threat Models

5. Chapter 4: What Is the ATT&CK Framework?

6. Part 2 – Detection Improvements and Alignment with ATT&CK

7. Chapter 5: A Deep Dive into the ATT&CK Framework

8. Chapter 6: Strategies to Map to ATT&CK

9. Chapter 7: Common Mistakes with Implementation

10. Chapter 8: Return on Investment Detections

11. Part 3 – Continuous Improvement and Innovation

12. Chapter 9: What Happens After an Alert is Triggered?

13. Chapter 10: Validating Any Mappings and Detections

14. Chapter 11: Implementing ATT&CK in All Parts of Your SOC

15. Chapter 12: What’s Next? Areas for Innovation in Your SOC

16. Index

Why subscribe?

17. Other Books You May Enjoy

Reviewing the VAST threat model and use cases

The Visual, Agile, and Simple Threat (VAST) threat model is an approach that casts a wide net, as the word vast suggests. It’s a threat model that attempts to look at all possible threats in all scenarios and, as we may imagine, it can be a daunting task to take on. The basis of this model, similar to other models, is based on an open source threat analysis tool, in this case, called ThreatModeler. In the case of the VAST model, you use a data flow diagram for the organization as well as an organizational flow diagram to identify any operational threats. One of the benefits of the VAST model is that it addresses operational risks, whereas some of the other models do not. Another benefit of this model is that it is far-reaching, so you can look at an organization as a whole and both technical and non-technical components to complete the threat model. Some of the downsides of the VAST threat model are that it can be overwhelming, depending...