Modern Security Operations Center
uCertify SEC-OPS.AP1
Modern Security Operations Center
ISBN: 978-1-64459-544-2uCertify SEC-OPS.AP1
Modern Security Operations Center
(SEC-OPS.AP1) / ISBN : 978-1-64459-544-2This course includes
Lessons
TestPrep
Hands-On Labs
AI Tutor (Add-on)
About This Course
The Modern Security Operations Center course helps you learn the essential skills and knowledge needed to protect organizations from cyber threats. This course is designed to provide students with a comprehensive understanding of modern SOC operations, including threat intelligence, incident response, and security monitoring. Throughout the course, you will learn about the latest tools and techniques used in SOCs to detect and respond to cyber threats. You will gain hands-on experience in threat hunting, incident response, and security monitoring, using industry-leading tools and technologies.
Get the support you need. Enroll in our Instructor-Led Course.
Lessons
12+ Lessons | 280+ Exercises | 115+ Quizzes | 110+ Flashcards | 110+ Glossary of terms
TestPrep
100+ Pre Assessment Questions | 100+ Post Assessment Questions |
Hands-On Labs
26+ LiveLab | 25+ Video tutorials | 49+ Minutes
1
Preface
- Vision
- Who Should Read This Course?
- How This Course Is Organized
- Course Structure
2
Introducing Security Operations and the SOC
- Introducing the SOC
- Factors Leading to a Dysfunctional SOC
- Cyberthreats
- Investing in Security
- The Impact of a Breach
- Establishing a Baseline
- Fundamental Security Capabilities
- Standards, Guidelines, and Frameworks
- Industry Threat Models
- Vulnerabilities and Risk
- Business Challenges
- In-House vs. Outsourcing
- SOC Services
- SOC Maturity Models
- SOC Goals Assessment
- SOC Capabilities Assessment
- SOC Development Milestones
- Summary
- References
3
Developing a Security Operations Center
- Mission Statement and Scope Statement
- Developing a SOC
- SOC Procedures
- Security Tools
- Planning a SOC
- Designing a SOC Facility
- Network Considerations
- Disaster Recovery
- Security Considerations
- Internal Security Tools
- Guidelines and Recommendations for Securing Your SOC Network
- SOC Tools
- Summary
- References
4
SOC Services
- Fundamental SOC Services
- The Three Pillars of Foundational SOC Support Services
- SOC Service Areas
- SOC Service Job Goals
- Service Maturity: If You Build It, They Will Come
- SOC Service 1: Risk Management
- SOC Service 2: Vulnerability Management
- SOC Service 3: Compliance
- SOC Service 4: Incident Management
- SOC Service 5: Analysis
- SOC Service 6: Digital Forensics
- SOC Service 7: Situational and Security Awareness
- SOC Service 8: Research and Development
- Summary
- References
5
People and Process
- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Pre-Interviewing
- Interviewing
- Onboarding Employees
- Managing People
- Job Retention
- Training
- Certifications
- Evaluating Training Providers
- Company Culture
- Summary
- References
6
Centralizing Data
- Data in the SOC
- Data-Focused Assessment
- Logs
- Security Information and Event Management
- Troubleshooting SIEM Logging
- APIs
- Big Data
- Machine Learning
- Summary
- References
7
Reducing Risk and Exceeding Compliance
- Why Exceeding Compliance
- Policies
- Launching a New Policy
- Policy Enforcement
- Procedures
- Tabletop Exercise
- Standards, Guidelines, and Frameworks
- Audits
- Assessments
- Penetration Test
- Industry Compliance
- Summary
- References
8
Threat Intelligence
- Threat Intelligence Overview
- Threat Intelligence Categories
- Threat Intelligence Context
- Evaluating Threat Intelligence
- Planning a Threat Intelligence Project
- Collecting and Processing Intelligence
- Actionable Intelligence
- Feedback
- Summary
- References
9
Threat Hunting and Incident Response
- Security Incidents
- Incident Response Lifecycle
- Phase 1: Preparation
- Phase 2: Detection and Analysis
- Phase 3: Containment, Eradication, and Recovery
- Digital Forensics
- Phase 4: Post-Incident Activity
- Incident Response Guidelines
- Summary
- References
10
Vulnerability Management
- Vulnerability Management
- Measuring Vulnerabilities
- Vulnerability Technology
- Vulnerability Management Service
- Vulnerability Response
- Vulnerability Management Process Summarized
- Summary
- References
11
Data Orchestration
- Introduction to Data Orchestration
- Security Orchestration, Automation, and Response
- Endpoint Detection and Response
- Playbooks
- Automation
- DevOps Programming
- DevOps Tools
- Blueprinting with Osquery
- Network Programmability
- Cloud Programmability
- Summary
- References
12
Future of the SOC
- All Eyes on SD-WAN and SASE
- MPLS Failure!
- IT Services Provided by the SOC
- Future of Training
- Full Automation with Machine Learning
- Future of Your SOC: Bringing It All Together
- Summary
- References
2
Developing a Security Operations Center
- Using Windows Firewall
- Configuring a VPN
- Setting Up a Honeypot
- Capturing a Packet Using Wireshark
- Configuring NetFlow
- Implementing Intrusion Detection System
3
SOC Services
- Identifying Search Options in Metasploit
- Searching Exploits Using searchsploit
- Conducting Vulnerability Scanning Using Nessus
- Performing Vulnerability Scanning Using OpenVAS
- Using the SET Tool
5
Centralizing Data
- Viewing Windows Event Logs
- Viewing the Syslogs
6
Reducing Risk and Exceeding Compliance
- Using the Armitage Tool for Intrusion Detection
8
Threat Hunting and Incident Response
- Observing an MD5-Generated Hash Value
- Observing an SHA256-Generated Hash Value
- Analyzing Malicious Activity in Memory Using Volatility
- Analyzing Forensic Cases with Autopsy
- Completing the Chain of Custody
9
Vulnerability Management
- Using Nmap for Network Enumeration
- Consulting a Vulnerability Database
- Performing an Intense Scan in Zenmap
10
Data Orchestration
- Creating an Ansible Configuration File
- Creating Ansible Roles
- Using the Ansible Tool
- Using Osquery to Perform Enhanced Incident Response and Threat Hunting