Modern Security Operations Center
(SEC-OPS.AP1)/ISBN:978-1-64459-544-2
The Modern Security Operations Center course helps you learn the essential skills and knowledge needed to protect organizations from cyber threats. This course is designed to provide students with a comprehensive understanding of modern SOC operations, including threat intelligence, incident response, and security monitoring. Throughout the course, you will learn about the latest tools and techniques used in SOCs to detect and respond to cyber threats. You will gain hands-on experience in threat hunting, incident response, and security monitoring, using industry-leading tools and technologies.
Lessons
12+ Lessons | 280+ Exercises | 115+ Quizzes | 110+ Flashcards | 110+ Glossary of terms
TestPrep
100+ Pre Assessment Questions | 100+ Post Assessment Questions |
Hands-On Labs
26+ LiveLab | 25+ Video tutorials | 49+ Minutes
Video Lessons
2+ Videos | 06+ Minutes
Need guidance and support? Click here to check our Instructor Led Course.
Here's what you will learn
Download Course OutlineLessons 1: Preface
- Vision
- Who Should Read This Course?
- How This Course Is Organized
- Course Structure
Lessons 2: Introducing Security Operations and the SOC
- Introducing the SOC
- Factors Leading to a Dysfunctional SOC
- Cyberthreats
- Investing in Security
- The Impact of a Breach
- Establishing a Baseline
- Fundamental Security Capabilities
- Standards, Guidelines, and Frameworks
- Industry Threat Models
- Vulnerabilities and Risk
- Business Challenges
- In-House vs. Outsourcing
- SOC Services
- SOC Maturity Models
- SOC Goals Assessment
- SOC Capabilities Assessment
- SOC Development Milestones
- Summary
- References
Lessons 3: Developing a Security Operations Center
- Mission Statement and Scope Statement
- Developing a SOC
- SOC Procedures
- Security Tools
- Planning a SOC
- Designing a SOC Facility
- Network Considerations
- Disaster Recovery
- Security Considerations
- Internal Security Tools
- Guidelines and Recommendations for Securing Your SOC Network
- SOC Tools
- Summary
- References
Lessons 4: SOC Services
- Fundamental SOC Services
- The Three Pillars of Foundational SOC Support Services
- SOC Service Areas
- SOC Service Job Goals
- Service Maturity: If You Build It, They Will Come
- SOC Service 1: Risk Management
- SOC Service 2: Vulnerability Management
- SOC Service 3: Compliance
- SOC Service 4: Incident Management
- SOC Service 5: Analysis
- SOC Service 6: Digital Forensics
- SOC Service 7: Situational and Security Awareness
- SOC Service 8: Research and Development
- Summary
- References
Lessons 5: People and Process
- Career vs. Job
- Developing Job Roles
- SOC Job Roles
- NICE Cybersecurity Workforce Framework
- Role Tiers
- SOC Services and Associated Job Roles
- Soft Skills
- Security Clearance Requirements
- Pre-Interviewing
- Interviewing
- Onboarding Employees
- Managing People
- Job Retention
- Training
- Certifications
- Evaluating Training Providers
- Company Culture
- Summary
- References
Lessons 6: Centralizing Data
- Data in the SOC
- Data-Focused Assessment
- Logs
- Security Information and Event Management
- Troubleshooting SIEM Logging
- APIs
- Big Data
- Machine Learning
- Summary
- References
Lessons 7: Reducing Risk and Exceeding Compliance
- Why Exceeding Compliance
- Policies
- Launching a New Policy
- Policy Enforcement
- Procedures
- Tabletop Exercise
- Standards, Guidelines, and Frameworks
- Audits
- Assessments
- Penetration Test
- Industry Compliance
- Summary
- References
Lessons 8: Threat Intelligence
- Threat Intelligence Overview
- Threat Intelligence Categories
- Threat Intelligence Context
- Evaluating Threat Intelligence
- Planning a Threat Intelligence Project
- Collecting and Processing Intelligence
- Actionable Intelligence
- Feedback
- Summary
- References
Lessons 9: Threat Hunting and Incident Response
- Security Incidents
- Incident Response Lifecycle
- Phase 1: Preparation
- Phase 2: Detection and Analysis
- Phase 3: Containment, Eradication, and Recovery
- Digital Forensics
- Phase 4: Post-Incident Activity
- Incident Response Guidelines
- Summary
- References
Lessons 10: Vulnerability Management
- Vulnerability Management
- Measuring Vulnerabilities
- Vulnerability Technology
- Vulnerability Management Service
- Vulnerability Response
- Vulnerability Management Process Summarized
- Summary
- References
Lessons 11: Data Orchestration
- Introduction to Data Orchestration
- Security Orchestration, Automation, and Response
- Endpoint Detection and Response
- Playbooks
- Automation
- DevOps Programming
- DevOps Tools
- Blueprinting with Osquery
- Network Programmability
- Cloud Programmability
- Summary
- References
Lessons 12: Future of the SOC
- All Eyes on SD-WAN and SASE
- MPLS Failure!
- IT Services Provided by the SOC
- Future of Training
- Full Automation with Machine Learning
- Future of Your SOC: Bringing It All Together
- Summary
- References
Hands-on LAB Activities
Developing a Security Operations Center
- Using Windows Firewall
- Configuring a VPN
- Setting Up a Honeypot
- Capturing a Packet Using Wireshark
- Configuring NetFlow
- Implementing Intrusion Detection System
SOC Services
- Identifying Search Options in Metasploit
- Searching Exploits Using searchsploit
- Conducting Vulnerability Scanning Using Nessus
- Performing Vulnerability Scanning Using OpenVAS
- Using the SET Tool
Centralizing Data
- Viewing Windows Event Logs
- Viewing the Syslogs
Reducing Risk and Exceeding Compliance
- Using the Armitage Tool for Intrusion Detection
Threat Hunting and Incident Response
- Observing an MD5-Generated Hash Value
- Observing an SHA256-Generated Hash Value
- Analyzing Malicious Activity in Memory Using Volatility
- Analyzing Forensic Cases with Autopsy
- Completing the Chain of Custody
Vulnerability Management
- Using Nmap for Network Enumeration
- Consulting a Vulnerability Database
- Performing an Intense Scan in Zenmap
Data Orchestration
- Creating an Ansible Configuration File
- Creating Ansible Roles
- Using the Ansible Tool
- Using Osquery to Perform Enhanced Incident Response and Threat Hunting