Cyber Ops needs love too! We spend much time focused on DEV and often ignoring OPS. I am guilty of this too. I work with the MITRE now; I never realized their emphasis on world class cybersecurity. We work on behalf of the public good.
Here are some important Cyber Ops resources:
++ 11 Strategies for CyberSecurity Ops Center - Free download of the 400+ page book OR 20 page summary.
CyberSecurity Operations Center (SOC) is your focal point point for incident detection, analysis and response. Their work includes:
a-Incident Triage, Analysis, and Response
b-Cyber Threat Intelligence, Hunting, and Analytics
c-Expanded SOC Operations • Vulnerability Management
d-SOC Tools, Architecture, and Engineering
e-Situational Awareness, Communications, and Training
SOC strategies include:
1: Know What You Are Protecting and Why
2: Give the SOC the Authority to Do Its Job
3: Build a SOC Structure to Match Your Organizational Needs
4:Hire AND Grow Quality Staff
5:Prioritize Incident Response
6:Illuminate Adversaries with Cyber Threat Intelligence
7:Select and Collect the Right Data
8:Leverage Tools to Support Analyst Workflow :
9:Communicate Clearly, Collaborate Often, Share Generously
10: Measure Performance to Improve Performance
11: Turn up the Volume by Expanding SOC Functionality
The authors are Kathryn Knerler, Ingrid Parker, & Carson Zimmerman
++ SAF ( Security Automation Framework) is a collaborative effort to streamline security automation including operations! Check out Safe.mitre.org
For operations:
1- Monitor security posture through validation checks
2- Aggregate normalized security testing content to enable data visualization, drill-down, and root cause analysis
3- Assign remediation actions for identified security risks
There is a full community with government sponsors, FFRDCs, and Commercial partners. Aaron Lippold is the SME!
++ATT&CK Framework - This is for ops, dev, and heck, everyone! This is a knowledge base of adversary tactics and techniques.
There is a wealth of information on the site organized by platform including Windows, macOS, Linux, PRE, Azure AD, Office 365, Google Workspace, SaaS, IaaS, Network, Containers.
You can spend an entire afternoon just reading this site! https://attack.mitre.org/
There is even a video.)
This is only the tip of the iceberg and we haven’t even hit on Continuous Monitoring, Continuous Feedback and the many many many operational considerations!
#CommunityofCommunities #cyber #cyberresiliency #security #soc #devsecops #devops #ST4G #cybersecurity
Photo by Mayur Gala on Unsplash