Book Review: Security Operations Center 14
benrothke writes: Large enterprises have numerous information security challenges. Aside from the external threats; there's the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions (anti-virus, routers/switches, firewalls, IDS/IPS, ERP, access control, identity management, single sign on and others), often generating tens of millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with regulatory compliance issues placing an increasing burden, there needs to be a better way to manage all of this. Getting the raw hardware, software and people to create a SOC is not that difficult. The challenge, and it's a big challenge, is integrating those 3 components to ensure that a formal SOC can operate effectively. In Security Operations Center: Building, Operating, and Maintaining your SOC, authors Joseph Muniz, Gary McIntyre and Nadhem AlFardan have written an indispensable reference on the topic. The authors have significant SOC development experience, and provide the reader with a detailed plan on all the steps involved in creating a SOC. Keep reading for the rest of Ben's review.
As Mike Rothman notedabout managed services providers, and something that is relevant to a SOC, you should have no illusions about the amount of effort required to get a SOC up and running, or what it takes to keep one current and useful. Many organizations have neither the time nor the resources to implement a SOC, but do, and are then trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats that the SOC had the potential to provide them with, had they done it right. Those considering deploying a SOC and not wanting to be in the hamster wheel of pain will need this book. | Security Operations Center: Building, Operating, and Maintaining your SOC | |
| author | Joseph Muniz, Gary McIntyre, Nadhem AlFardan |
| pages | 448 |
| publisher | Cisco Press |
| rating | 10/10 |
| reviewer | Ben Rothke |
| ISBN | 978-0134052014 |
| summary | Indispensable guide for those designing and deploying a SOC |
The authors have done a great job in covering every phase and many details required to build out a SOC. After going through the book, some readers will likely reconsider deploying an internal SOC given the difficulties and challenges involved. This is especially true since SOC design and deployment is something not many people have experience with.
The book is written for an organization that is serious about building an enterprise SOC. The authors spend much of the book focusing on the myriad requirements for creation of a SOC. They constantly reiterate about details that need to be determined before moving forward.
Chapter 4 on SOC strategy is important as the way in which a firm determines their strategy will affect every aspect of the outcome. The authors wisely note that an inadequate or inaccurate SOC strategy, and the ensuing capabilities assessment exercises would produce a SOC strategy that does not properly address the actual requirements of the organization.
Ultimately, failing to adequately plan and design is a guarantee for SOC failure. That in turn will affect and impact deployment timelines, budgets and cause frustration, dissatisfaction and friction between the different teams involved in the SOC program.
The author's expertise is evident in every chapter, and their real-world expertise quite obvious in chapter 5 on facilities, which is an area often neglected in SOC design. The significant issue is that if the facility in which the SOC team operates out of does meet certain baseline requirements, the SOC effectiveness will be significantly and often detrimentally impacted. The chapter details many overlooked topics such as: acoustics, lighting, ergonomics, and more.
Staffing a SOC is another challenge, and the book dedicates chapter 8 to that. The SOC is only as good as the people inside it, and the SOC staff requires a blend of skills. If the organization wants their SOC to operate 24x7, it will obviously require a lot more manpower of these hard to find SOC analysts.
Another helpful aspect is found in chapter 10 which has a number of checklists you can use to verify that all the required pieces are in place prior to a go live data, or be able to identify area that many not be completed as expected.
With Muniz and AlFardan being Cisco employees and this being a Cisco Press title, the book has a strong emphasis towards Cisco hardware and software. Nonetheless, the book is still quite useful even for those who won't be using Cisco products.
Building a SOC is an arduous process which takes a huge amount of planning and of work. This work must be executed by people from different teams and departments, all working together. Based on these challenges, far too many SOC deployments fail. But for anyone who is serious about building out a SOC, this book should be a part of that effort.
The reason far too many, perhaps most SOC deployments fail is that firms makes the mistake of obsessing on the hardware and software, without adequately considering the security operations functions. The authors make it eminently clear that such an approach won't work, and provide you with the expert guidance to obviate that.
For anyone considering building a SOC, or wants to understand all of the details involved in building one, Security Operations Center: Building, Operating, and Maintaining your SOC, is an absolute must read.
Reviewed by Ben Rothke.
You can purchase Security Operations Center: Building, Operating, and Maintaining your SOC from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.
overlooked (Score:2)
The chapter details many overlooked topics such as: acoustics, lighting, ergonomics, and more.
These topics are not overlooked when it comes to office space. They've been discussed for [slashdot.org] over a decade [slashdot.org] here on [slashdot.org] Slashdot [slashdot.org], and plenty of other places as well. I wish this review had been more informative.
getting stuff is easy - heh! (Score:2)
>> Getting the raw hardware, software and people to create a SOC is not that difficult.
Says someone who's never had to work within budget or personnel constraints.
Smart people put their "SOC" in their existing "NOC" anyway - otherwise all you have is continual pissing contests between two ivory towers of truth.
Re: (Score:2)
"Smart people put their "SOC" in their existing "NOC" anyway"
Exactly this. Security not an integral part of strategy, design and operations? EPIC FAIL.
what they don't say (Score:1)
Is that before you go spending money on a SOC (not system-on-a-chip), you need to split your hardware purchases between vendors, so you run 50% cisco 50%juniper. then, when you need to patch, you'll never have to patch more than 1/2 of your network.
When it comes to a SOC, it needs to be under control of a VP who isn't beholden to either the CIO or the CEO (or anyone else). They also have to have absolute authority, and absolute responsibility for their actions. You're never going to find an organizatio
Security challenges of large enterprises .. (Score:2)