Modern Security Operations Center
(SEC-OPS.AP1) / ISBN : 978-1-64459-544-2
Über diesen Kurs
Der Kurs „Modern Security Operations Center“ hilft Ihnen dabei, die grundlegenden Fähigkeiten und Kenntnisse zu erlernen, die zum Schutz von Organisationen vor Cyberbedrohungen erforderlich sind. Dieser Kurs soll den Teilnehmern ein umfassendes Verständnis moderner SOC-Operationen vermitteln, einschließlich Bedrohungsinformationen, Reaktion auf Vorfälle und Sicherheitsüberwachung. Während des Kurses lernen Sie die neuesten Tools und Techniken kennen, die in SOCs verwendet werden, um Cyberbedrohungen zu erkennen und darauf zu reagieren. Sie sammeln praktische Erfahrungen in den Bereichen Bedrohungssuche, Reaktion auf Vorfälle und Sicherheitsüberwachung und nutzen dabei branchenführende Tools und Technologien.
Fähigkeiten, die Sie erwerben werden
Holen Sie sich die Unterstützung, die Sie brauchen. Melden Sie sich für unseren Kurs mit Lehrer an.
Unterricht
12+ Unterricht | 280+ Übungen | 115+ Tests | 110+ Karteikarten | 110+ Glossar der Begriffe
Testvorbereitung
100+ Fragen vor der Beurteilung | 100+ Fragen nach der Bewertung |
Praktische Übungen
26+ LiveLab | 25+ Videoanleitungen | 49+ Minutes
Preface
- Vision
- Who Should Read This Course?
- How This Course Is Organized
- Course Structure
Introducing Security Operations and the SOC
- Introducing the SOC
- Factors Leading to a Dysfunctional SOC
- Cyberthreats
- Investing in Security
- The Impact of a Breach
- Establishing a Baseline
- Fundamental Security Capabilities
- Standards, Guidelines, and Frameworks
- Industry Threat Models
- Vulnerabilities and Risk
- Business Challenges
- In-House vs. Outsourcing
- SOC Services
- SOC Maturity Models
- SOC Goals Assessment
- SOC Capabilities Assessment
- SOC Development Milestones
- Summary
- References
Developing a Security Operations Center
- Mission Statement and Scope Statement
- Developing a SOC
- SOC Procedures
- Security Tools
- Planning a SOC
- Designing a SOC Facility
- Network Considerations
- Disaster Recovery
- Security Considerations
- Internal Security Tools
- Guidelines and Recommendations for Securing Your SOC Network
- SOC Tools
- Summary
- References
SOC Services
- Fundamental SOC Services
- The Three Pillars of Foundational SOC Support Services
- SOC Service Areas
- SOC Service Job Goals
- Service Maturity: If You Build It, They Will Come
- SOC Service 1: Risk Management
- SOC Service 2: Vulnerability Management
- SOC Service 3: Compliance
- SOC Service 4: Incident Management
- SOC Service 5: Analysis
- SOC Service 6: Digital Forensics
- SOC Service 7: Situational and Security Awareness
- SOC Service 8: Research and Development
- Summary
- References
People and Process
- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Pre-Interviewing
- Interviewing
- Onboarding Employees
- Managing People
- Job Retention
- Training
- Certifications
- Evaluating Training Providers
- Company Culture
- Summary
- References
Centralizing Data
- Data in the SOC
- Data-Focused Assessment
- Logs
- Security Information and Event Management
- Troubleshooting SIEM Logging
- APIs
- Big Data
- Machine Learning
- Summary
- References
Reducing Risk and Exceeding Compliance
- Why Exceeding Compliance
- Policies
- Launching a New Policy
- Policy Enforcement
- Procedures
- Tabletop Exercise
- Standards, Guidelines, and Frameworks
- Audits
- Assessments
- Penetration Test
- Industry Compliance
- Summary
- References
Threat Intelligence
- Threat Intelligence Overview
- Threat Intelligence Categories
- Threat Intelligence Context
- Evaluating Threat Intelligence
- Planning a Threat Intelligence Project
- Collecting and Processing Intelligence
- Actionable Intelligence
- Feedback
- Summary
- References
Threat Hunting and Incident Response
- Security Incidents
- Incident Response Lifecycle
- Phase 1: Preparation
- Phase 2: Detection and Analysis
- Phase 3: Containment, Eradication, and Recovery
- Digital Forensics
- Phase 4: Post-Incident Activity
- Incident Response Guidelines
- Summary
- References
Vulnerability Management
- Vulnerability Management
- Measuring Vulnerabilities
- Vulnerability Technology
- Vulnerability Management Service
- Vulnerability Response
- Vulnerability Management Process Summarized
- Summary
- References
Data Orchestration
- Introduction to Data Orchestration
- Security Orchestration, Automation, and Response
- Endpoint Detection and Response
- Playbooks
- Automation
- DevOps Programming
- DevOps Tools
- Blueprinting with Osquery
- Network Programmability
- Cloud Programmability
- Summary
- References
Future of the SOC
- All Eyes on SD-WAN and SASE
- MPLS Failure!
- IT Services Provided by the SOC
- Future of Training
- Full Automation with Machine Learning
- Future of Your SOC: Bringing It All Together
- Summary
- References
Developing a Security Operations Center
- Using Windows Firewall
- Configuring a VPN
- Setting Up a Honeypot
- Capturing a Packet Using Wireshark
- Configuring NetFlow
- Implementing Intrusion Detection System
SOC Services
- Identifying Search Options in Metasploit
- Searching Exploits Using searchsploit
- Conducting Vulnerability Scanning Using Nessus
- Performing Vulnerability Scanning Using OpenVAS
- Using the SET Tool
Centralizing Data
- Viewing Windows Event Logs
- Viewing the Syslogs
Reducing Risk and Exceeding Compliance
- Using the Armitage Tool for Intrusion Detection
Threat Hunting and Incident Response
- Observing an MD5-Generated Hash Value
- Observing an SHA256-Generated Hash Value
- Analyzing Malicious Activity in Memory Using Volatility
- Analyzing Forensic Cases with Autopsy
- Completing the Chain of Custody
Vulnerability Management
- Using Nmap for Network Enumeration
- Consulting a Vulnerability Database
- Performing an Intense Scan in Zenmap
Data Orchestration
- Creating an Ansible Configuration File
- Creating Ansible Roles
- Using the Ansible Tool
- Using Osquery to Perform Enhanced Incident Response and Threat Hunting