Aligning Security Operations with the MITRE ATT&CK Framework: Level up your security operations center for better security

Align your SOC with the ATT&CK framework and follow practical examples for successful implementation

Purchase of the print or Kindle book includes a free PDF eBook

Key Features

• Understand Cloud, Windows, and Network ATT&CK Framework using different techniques
• Assess the attack potential and implement frameworks aligned with Mitre ATT&CK
• Address security gaps to detect and respond to all security threats

Book Description

The Mitre ATT&CK framework is an extraordinary resource for all SOC environments, however, determining the appropriate implementation techniques for different use cases can be a daunting task. This book will help you gain an understanding of the current state of your SOC, identify areas for improvement, and then fill the security gaps with appropriate parts of the ATT&CK framework. You'll learn new techniques to tackle modern security threats and gain tools and knowledge to advance in your career.

In this book, you'll first learn to identify the strengths and weaknesses of your SOC environment, and how ATT&CK can help you improve it. Next, you'll explore how to implement the framework and use it to fill any security gaps you've identified, expediting the process without the need for any external or extra resources. Finally, you'll get a glimpse into the world of active SOC managers and practitioners using the ATT&CK framework, unlocking their expertise, cautionary tales, best practices, and ways to continuously improve.

By the end of this book, you'll be ready to assess your SOC environment, implement the ATT&CK framework, and advance in your security career.

What you will learn

• Get a deeper understanding of the Mitre ATT&CK Framework
• Avoid common implementation mistakes and provide maximum value
• Create efficient detections to align with the framework
• Implement continuous improvements on detections and review ATT&CK mapping
• Discover how to optimize SOC environments with automation
• Review different threat models and their use cases

Who this book is for

This book is for SOC managers, security analysts, CISOs, security engineers, or security consultants looking to improve their organization's security posture. Basic knowledge of Mitre ATT&CK, as well as a deep understanding of triage and detections is a must.

將以上文字翻譯成繁體中文：

「

將您的SOC與ATT&CK框架對齊，並遵循成功實施的實際範例

購買印刷版或Kindle書籍將包含免費的PDF電子書

主要特點

• 使用不同技術了解Cloud、Windows和Network ATT&CK框架


• 評估攻擊潛力並實施與Mitre ATT&CK對齊的框架


• 解決安全漏洞以檢測和應對所有安全威脅

書籍描述

Mitre ATT&CK框架是所有SOC環境的非凡資源，然而，確定不同使用案例的適當實施技術可能是一項艱鉅的任務。本書將幫助您瞭解您的SOC目前的狀態，識別改進的領域，然後使用ATT&CK框架的適當部分填補安全漏洞。您將學習應對現代安全威脅的新技術，並獲得推動職業發展的工具和知識。

在本書中，您將首先學習識別您的SOC環境的優勢和劣勢，以及ATT&CK如何幫助您改進。接下來，您將探索如何實施框架並使用它來填補您識別的任何安全漏洞，加快過程而無需任何外部或額外資源。最後，您將一窺使用ATT&CK框架的活躍SOC經理和從業人員的世界，揭示他們的專業知識、警示故事、最佳實踐和持續改進的方法。

通過閱讀本書，您將準備好評估您的SOC環境，實施ATT&CK框架並在安全領域中取得進展。

您將學到什麼

• 更深入了解Mitre ATT&CK框架


• 避免常見的實施錯誤並提供最大價值


• 創建與框架對齊的高效檢測


• 對檢測進行持續改進並審查ATT&CK映射


• 發現如何通過自動化優化SOC環境


• 審查不同的威脅模型及其使用案例

本書適合對象

本書適合SOC經理、安全分析師、CISO、安全工程師或安全顧問，他們希望改善組織的安全姿態。必須具備Mitre ATT&CK的基本知識，以及對分類和檢測的深入理解。」

1. SOC Basics – Structure, Personnel, Coverage, and Tools
2. Analyzing Your Environment for Potential Pitfalls
3. Reviewing Different Threat Models
4. What is the ATT&CK Framework?
5. A Deep Dive into the ATT&CK Framework
6. Strategies to Map to ATT&CK
7. Common Mistakes with Implementation
8. Return on Investment Detections
9. What Happens After an Alert is Triggered?
10. Validating Any Mappings and Detections
11. Implementing ATT&CK in All Parts of Your SOC
12. What's Next? Areas for Innovation in Your SOC

1. SOC基礎 - 結構、人員、範圍和工具
2. 分析您的環境以尋找潛在問題
3. 檢視不同的威脅模型
4. 什麼是ATT&CK框架？
5. 深入探討ATT&CK框架
6. 對應到ATT&CK的策略
7. 實施時常見的錯誤
8. 投資回報的偵測
9. 警報觸發後會發生什麼？
10. 驗證任何對應和偵測
11. 在SOC的所有部分實施ATT&CK
12. 接下來是什麼？您的SOC創新領域