Joseph Muniz - Böcker

Security Operations Center

Building, Operating, and Maintaining Your SOC

 

The complete, practical guide to planning, building, and operating an effective Security Operations Center (SOC)

Security Operations Center is the complete guide to building, operating, and managing Security Operations Centers in any environment. Drawing on experience with hundreds of customers ranging from Fortune 500 enterprises to large military organizations, three leading experts thoroughly review each SOC model, including virtual SOCs. You’ll learn how to select the right strategic option for your organization, and then plan and execute the strategy you’ve chosen.

Security Operations Center walks you through every phase required to establish and run an effective SOC, including all significant people, process, and technology capabilities. The authors assess SOC technologies, strategy, infrastructure, governance, planning, implementation, and more. They take a holistic approach considering various commercial and open-source tools found in modern SOCs.

This best-practice guide is written for anybody interested in learning how to develop, manage, or improve a SOC. A background in network security, management, and operations will be helpful but is not required. It is also an indispensable resource for anyone preparing for the Cisco SCYBER exam.

 

·         Review high-level issues, such as vulnerability and risk management, threat intelligence, digital investigation, and data collection/analysis

·         Understand the technical components of a modern SOC

·         Assess the current state of your SOC and identify areas of improvement

·         Plan SOC strategy, mission, functions, and services

·         Design and build out SOC infrastructure, from facilities and networks to systems, storage, and physical security

·         Collect and successfully analyze security data

·         Establish an effective vulnerability management practice

·         Organize incident response teams and measure their performance

·         Define an optimal governance and staffing model

·         Develop a practical SOC handbook that people can actually use

·         Prepare SOC to go live, with comprehensive transition plans

·         React quickly and collaboratively to security incidents

·         Implement best practice security operations, including continuous enhancement and improvement

  

The Industry Standard, Vendor-Neutral Guide to Managing SOCs and Delivering SOC Services

This completely new, vendor-neutral guide brings together all the knowledge you need to build, maintain, and operate a modern Security Operations Center (SOC) and deliver security services as efficiently and cost-effectively as possible.

Leading security architect Joseph Muniz helps you assess current capabilities, align your SOC to your business, and plan a new SOC or evolve an existing one. He covers people, process, and technology; explores each key service handled by mature SOCs; and offers expert guidance for managing risk, vulnerabilities, and compliance. Throughout, hands-on examples show how advanced red and blue teams execute and defend against real-world exploits using tools like Kali Linux and Ansible. Muniz concludes by previewing the future of SOCs, including Secure Access Service Edge (SASE) cloud technologies and increasingly sophisticated automation.

This guide will be indispensable for everyone responsible for delivering security services—managers and cybersecurity professionals alike.

Address core business and operational requirements, including sponsorship, management, policies, procedures, workspaces, staffing, and technology

Identify, recruit, interview, onboard, and grow an outstanding SOC team

Thoughtfully decide what to outsource and what to insource

Collect, centralize, and use both internal data and external threat intelligence

Quickly and efficiently hunt threats, respond to incidents, and investigate artifacts

Reduce future risk by improving incident recovery and vulnerability management

Apply orchestration and automation effectively, without just throwing money at them

Position yourself today for emerging SOC technologies

Trust the best-selling Official Cert Guide series from Cisco Press to help you learn, prepare, and practice for exam success. They are built with the objective of providing assessment, review, and practice to help ensure you are fully prepared for your certification exam.

CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide presents you with an organized test preparation routine using proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.

* Master Implementing Secure Solutions with Virtual Private Networks (SVPN) 300-730 exam topics* Assess your knowledge with chapter-opening quizzes* Review key concepts with exam preparation tasks* Practice with realistic exam questions in the practice test software

CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide from Cisco Press enables you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Three leading Cisco security technology experts share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes* A test-preparation routine proven to help you pass the exams* Do I Know This Already? quizzes, which enable you to decide how much time you need to spend on each section* Chapter-ending exercises, which help you drill on key concepts you must know thoroughly* The powerful Pearson Test Prep Practice Test software, with two full exams comprised of well-reviewed, exam-realistic questions, customization options, and detailed performance reports* A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies* Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

This official study guide helps you master all the topics on the Implementing Secure Solutions with Virtual Private Networks (SVPN) 300-730 exam, deepening your knowledge of* Site-to-site virtual private networks on routers and firewalls* Remote access VPNs* Troubleshooting using ASDM and CLI* Secure communications architecturesCompanion Website:The companion website contains two full practice exams, an interactive Flash Cards application, a Study Planner, Glossary, and more.Includes Exclusive Offers for Up to 80% Off Video Training, Practice Tests, and more

Pearson Test Prep online system requirements:

Browsers: Chrome version 73 and above, Safari version 12 and above, Microsoft Edge 44 and above.

Devices: Desktop and laptop computers, tablets running Android v8.0 and above or iPad OS v13 and above, smartphones running Android v8.0 and above or iOS v13 and above with a minimum screen size of 4.7.

Pearson Test Prep offline system requirements:

Windows 10, Windows 8.1; Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases

Also available from Cisco Press for CCNP Security study is the CCNP Security Virtual Private Networks SVPN 300-730 Official Cert Guide Premium Edition eBook and Practice Test. This digital-only certification preparation product combines an eBook with enhanced Pearson Test Prep Practice Test.

This integrated learning package* Enables you to focus on individual topic areas or take complete, timed exams* Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions* Provides unique sets of exam-realistic practice questions* Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Investigating the Cyber Breach

The Digital Forensics Guide for the Network Engineer

· Understand the realities of cybercrime and today’s attacks

· Build a digital forensics lab to test tools and methods, and gain expertise

· Take the right actions as soon as you discover a breach

· Determine the full scope of an investigation and the role you’ll play

· Properly collect, document, and preserve evidence and data

· Collect and analyze data from PCs, Macs, IoT devices, and other endpoints

· Use packet logs, NetFlow, and scanning to build timelines, understand network activity, and collect evidence

· Analyze iOS and Android devices, and understand encryption-related obstacles to investigation

· Investigate and trace email, and identify fraud or abuse

· Use social media to investigate individuals or online identities

· Gather, extract, and analyze breach data with Cisco tools and techniques

· Walk through common breaches and responses from start to finish

· Choose the right tool for each task, and explore alternatives that might also be helpful

The professional’s go-to digital forensics resource for countering attacks right now

Today, cybersecurity and networking professionals know they can’t possibly prevent every breach, but they can substantially reduce risk by quickly identifying and blocking breaches as they occur. Investigating the Cyber Breach: The Digital Forensics Guide for the Network Engineer is the first comprehensive guide to doing just that.

Writing for working professionals, senior cybersecurity experts Joseph Muniz and Aamir Lakhani present up-to-the-minute techniques for hunting attackers, following their movements within networks, halting exfiltration of data and intellectual property, and collecting evidence for investigation and prosecution. You’ll learn how to make the most of today’s best open source and Cisco tools for cloning, data analytics, network and endpoint breach detection, case management, monitoring, analysis, and more.

Unlike digital forensics books focused primarily on post-attack evidence gathering, this one offers complete coverage of tracking threats, improving intelligence, rooting out dormant malware, and responding effectively to breaches underway right now.

This book is part of the Networking Technology: Security Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

CCNA Cyber Ops SECFND 210-250 Official Cert Guide from Cisco Press allows you to succeed on the exam the first time and is the only self-study resource approved by Cisco. Cisco enterprise security experts Omar Santos, Joseph Muniz, and Stefano De Crescenzo share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills.

This complete study package includes

A test-preparation routine proven to help you pass the exam Do I Know This Already? quizzes, which allow you to decide how much time you need to spend on each section Chapter-ending exercises, which help you drill on key concepts you must know thoroughly The powerful Pearson Test Prep practice test software, with two full sample exams containing 120 well-reviewed, exam-realistic questions, customization options, and detailed performance reports A final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategies Study plan suggestions and templates to help you organize and optimize your study time

Well regarded for its level of detail, study plans, assessment features, challenging review questions and exercises, this official study guide helps you master the concepts and techniques that ensure your exam success.

The official study guide helps you master topics on the CCNA Cyber Ops SECFND 210-250 exam, including:

Network concepts Security concepts Cryptography Host-based analysis Security monitoring Attack methods

Learn, prepare, and practice for CCNA Cyber Ops SECOPS #210-255 exam success with this Official Cert Guide from Pearson IT Certification, a leader in IT Certification learning.

Master CCNA Cyber Ops SECOPS #210-255 exam topics Assess your knowledge with chapter-ending quizzes Review key concepts with exam preparation tasks Practice with realistic exam questions

CCNA Cyber Ops SECOPS 210-255 Official Cert Guide is a best-of-breed exam study guide. Best-selling authors and internationally respected cybersecurity experts Omar Santos and Joseph Muniz share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.

The book presents you with an organized test preparation routine through the use of proven series elements and techniques. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly. Review questions help you assess your knowledge and a final preparation chapter guides you through tools and resources to help you craft your final study plan.

The companion website contains the powerful Pearson Test Prep practice test software, complete with hundreds of exam-realistic questions. The assessment engine offers you a wealth of customization options and reporting features, laying out a complete assessment of your knowledge to help you focus your study where it is needed most.

Well-regarded for its level of detail, assessment features, and challenging review questions and exercises, this study guide helps you master the concepts and techniques that will allow you to succeed on the exam the first time.

The study guide helps you master all the topics on the SECOPS #210-255 exam, including:

Threat analysis Forensics Intrusion analysis NetFlow for cybersecurity Incident response and the incident handling process Incident response teams Compliance frameworks Network and host profiling Data and event analysis Intrusion event categories

Companion WebsiteThe website contains two free, complete practice exams.Includes Exclusive Offer for 70% Off Premium Edition eBook and Practice Test

Pearson Test Prep online system requirements:Browsers: Chrome version 40 and above, Firefox version 35 and above, Safari version 7, Internet Explorer 10, 11, Microsoft Edge, Opera. Devices: Desktop andlaptop computers, tablets running on Android and iOS, smartphones with a minimum screen size of 4.7". Internet access required.

Pearson Test Prep offline system requirements:Windows 10, Windows 8.1, Windows 7, or Vista (SP2), Microsoft .NET Framework 4.5 Client; Pentium-class 1 GHz processor (or equivalent); 512 MB RAM; 650 MB disk space plus 50 MB for each downloaded practice exam; access to the Internet to register and download exam databases