Security Operations Center: Building, Operating, and Maintaining your SOC 1st Edition, Kindle Edition

The book explained the basics of setting up, operating and reviewing a Security Operations Center. Having the experience going back to the mainframe data centers and looking at Windows environments, this brings in the analysis of SOC requirements, operations and monitoring of networks and all components of the corporate data infrastructure...It is written by CISCO experts, and it is really worth the read.....

Can not imagine a more complete or approachable treatment of the subject matter. I highly recommend this book to anyone faced with standing up a new SOC

This is a well written book on building and operating SOCs but it is not industry agnostic. It is written from a CISCO perspective,

Must have for CSO

excellent

"The complete practical guide to planning, building and operating an effective Security Operations Center" sums it up nicely. The key to this read is that it is both complete and practical. Muniz and McIntyre cover all the relevant points, including tactical day to day operations, process and procedure, disaster recovery and business continuity planning, and organization. The guide is peppered with stories that are experienced by CIO's and CISO's every day as we continue to adapt defenses against the changing threat landscape. This handbook is a great resource for professionals in charge of technical organizations, or those tasked with handling risk, governance and compliance. Very valuable for the right price!

SOCs or security operation centers are difficult to setup, maintain and operate. It is a massive task, and the sum of the entire task is very difficult to articulate. This book does an excellent job in many areas.The book should appeal to professionals and newcomers alike. I would recommend it as required reading for anyone involved in a SOC. Technologies may get updated, techniques may change, but the fundamental principals will stay the same, and this book covers them.Newcomers to the SOC business will learn the challenges of building a SOC, the fundamental steps needed to operate one.Seasoned professionals will pick up new techniques such as threat intelligence and ideas around information sharing which are still extremely new. The book has lots of great diagrams that show the flow of particular sections. Even as technologies get change, or if other products are used instead of the recommended ones, the reader will understand what and why the technology is implemented.The authors did a great job on a very difficult subject.

Large enterprises have numerous information security challenges. Aside from the external threats; there’s the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions, generating millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with regulatory compliance issues placing an increasing burden, there needs to be a better way to manage all of this.Getting the raw hardware, software and people to create a SOC is not that difficult. The challenge, and it’s a big challenge, is integrating those 3 components to ensure that a formal SOC can operate. In Security Operations Center: Building, Operating, and Maintaining your SOC, authors Joseph Muniz, Gary McIntyre and Nadhem AlFardan have written an indispensable reference on the topic. The authors have significant SOC experience, and provide the reader with a detailed plan on all the steps involved in creating a SOC.As Mike Rothman noted about managed services providers, and something that is relevant to a SOC, you should have no illusions about the amount of effort required to get a SOC up and running, or what it takes to keep one current and useful. Many organizations have neither the time nor the resources to implement a SOC, but do, and are then trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats that the SOC had the potential to provide them with, had they done it right. Those considering deploying a SOC and not wanting to be in the hamster wheel of pain will need this book.The authors have done a great job in covering every phase and the many details required to build out a SOC. After going through the book, some readers will likely reconsider deploying an internal SOC given the difficulties and challenges involved. This is especially true since SOC design and deployment is something not many people have experience with.The book is written for an organization that is serious about building an enterprise SOC. The authors spend much of the book focusing on the myriad requirements for creation of a SOC. They constantly reiterate about details that need to be determined before moving forward.Chapter 4 on SOC strategy is important as the way in which a firm determines their strategy will affect every aspect of the outcome. The authors wisely note that an inadequate or inaccurate SOC strategy, and the ensuing capabilities assessment exercises would produce a SOC strategy that does not properly address the actual requirements of the organization.Ultimately, failing to adequately plan and design is a guarantee for SOC failure. That in turn will affect and impact deployment timelines, budgets and cause frustration, dissatisfaction and friction between the different teams involved in the SOC program.The author’s expertise is evident in every chapter, and their real-world expertise quite obvious in chapter 5 on facilities, which is an area often neglected in SOC design. The significant issue is that if the facility in which the SOC team operates out of does meet certain baseline requirements, the SOC effectiveness will be significantly and often detrimentally impacted. The chapter details many overlooked topics such as: acoustics, lighting, ergonomics, and more.Staffing a SOC is another challenge, and the book dedicates chapter 8 to that. The SOC is only as good as the people inside it, and the SOC staff requires a blend of skills. If the organization wants their SOC to operate 24x7, it will obviously require a lot more manpower of these hard to find SOC analysts.Another helpful aspect is found in chapter 10 which has a number of checklists you can use to verify that all the required pieces are in place prior to a go live data, or be able to identify area that many not be completed as expected.Building a SOC is an arduous process which takes a huge amount of planning and work. This work must be executed by people from different teams and departments, all working together. Based on these challenges, far too many SOC deployments fail. But for anyone who is serious about building out a SOC, this book should be a part of that effort.The reason far too many, perhaps most SOC deployments fail is that firms makes the mistake of obsessing on the hardware and software, without adequately considering the security operations functions. The authors make it eminently clear that such an approach won’t work, and provide you with the expert guidance to obviate that.For anyone considering building a SOC, or wants to understand all of the details involved in building one, Security Operations Center: Building, Operating, and Maintaining your SOC, is an absolute must read.

Best

Excelente, cubre muchos de los temas de interés a la hora de hacer una investigación cuando se desea emprender un proyecto de tal magnitud.

Please do not waste your precious time nor money on this book. This book clearly shows the authors have absolutely no experience of ever operating a SOC. Moreover, according this book without Cisco technologies a SOC would not be possible – I’m sure many people would beg to differ.The bulk of the book goes into details about Cisco security technologies and how to configure them – maybe the authors should have written a book on firewalls, IPS and Netflow instead.Moreover, the book is out of date already; the authors mention Cisco Managed Threat Defense, which has changed months ago to become Active Threat Analytics – their employer must have forgotten to tell them. Surprisingly, the authors never even mentioned OpenDNS Investigate which is used by a number of SOCs – maybe Cisco had not purchased it at the time, hence they did not mention it or probably do not know it is used or both. The book is full of inaccuracies; just a few include stating:- CVSS is the acronym for Vulnerability Scoring System when it is Common Vulnerability Scoring System- CVSS is maintained by NIST, when it is actually owned and managed by FIRST- DLP is Data Loss Protection, when even Cisco call it Data Loss PreventionOrganisations interested in building/operating SOCs are interested in addressing the scale of threats faced and efficiency in dealing with them – this book does not even raise these concerns, never mind address them.The authors seem to be confused between a threat analytics platform and a threat intelligence platform. Also, they never delved into threat intelligence in any detail bar listing a number of providers.It’s bewildering how Cisco Press allowed this book to be published, especially with the technical errors – standards must be dropping at Cisco Press.If I could I wish I could get a refund on my purchase, hence my advice is to save your own money and time.