Table Of ContentAbout This E-Book
EPUB is an open, industry-standard format for e-books. However, support for
EPUB and its many features varies across reading devices and applications. Use
your device or app settings to customize the presentation to your liking. Settings
that you can customize often include font, font size, single or double column,
landscape or portrait mode, and figures that you can click or tap to enlarge. For
additional information about the settings and features on your reading device or
app, visit the device manufacturer’s Web site.
Many titles include programming code or configuration examples. To
optimize the presentation of these elements, view the e-book in single-column,
landscape mode and adjust the font size to the smallest setting. In addition to
presenting code and configurations in the reflowable text format, we have
included images of the code that mimic the presentation found in the print book;
therefore, where the reflowable format may compromise the presentation of the
code listing, you will see a “Click here to view code image” link. Click the link
to view the print-fidelity code image. To return to the previous page viewed,
click the Back button on your device or app.
Security Operations Center
Joseph Muniz
Gary McIntyre
Nadhem AlFardan
800 East 96th Street
Indianapolis, Indiana 46240 USA
Security Operations Center
Joseph Muniz, Gary McIntyre, Nadhem AlFardan
Copyright© 2016 Cisco Systems, Inc.
Published by:
Cisco Press
800 East 96th Street
Indianapolis, IN 46240 USA All rights reserved. No part of this book may be
reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or by any information storage
and retrieval system, without written permission from the publisher, except for
the inclusion of brief quotations in a review.
Printed in the United States of America
First Printing November 2015
Library of Congress Control Number: 2015950793
ISBN-13: 978-0-13-405201-4
ISBN-10: 0-13-405201-3
Warning and Disclaimer
This book is designed to provide information about building and running a
security operations center (SOC). Every effort has been made to make this book
as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The authors, Cisco Press, and
Cisco Systems, Inc. shall have neither liability nor responsibility to any person
or entity with respect to any loss or damages arising from the information
contained in this book or from the use of the discs or programs that may
accompany it.
The opinions expressed in this book belong to the author and are not necessarily
those of Cisco Systems, Inc.
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or service
marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc.,
cannot attest to the accuracy of this information. Use of a term in this book
should not be regarded as affecting the validity of any trademark or service
mark.
Special Sales
For information about buying this title in bulk quantities, or for special sales
opportunities (which may include electronic versions; custom cover designs; and
content particular to your business, training goals, marketing focus, or branding
interests), please contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
international@pearsoned.com.
Feedback Information
At Cisco Press, our goal is to create in-depth technical books of the highest
quality and value. Each book is crafted with care and precision, undergoing
rigorous development that involves the unique expertise of members from the
professional technical community.
Readers’ feedback is a natural continuation of this process. If you have any
comments regarding how we could improve the quality of this book, or
otherwise alter it to better suit your needs, you can contact us through email at
feedback@ciscopress.com. Please make sure to include the book title and ISBN
in your message.
We greatly appreciate your assistance.
Publisher: Paul Boger
Associate Publisher: Dave Dusthimer Business Operation Manager, Cisco
Press: Jan Cornelssen Acquisitions Editor: Denise Lincoln Managing Editor:
Sandra Schroeder Senior Development Editor: Christopher Cleveland Senior
Project Editor: Tonya Simpson Copy Editor: Keith Cline Technical Editors:
Dr. Fred Mpala, Matthew Waters Editorial Assistant: Vanessa Evans Cover
Designer: Mark Shirar Composition: codeMantra Indexer: WordWise
Publishing Services Proofreader: Sarah Kearns
Americas Headquarters
Cisco Systems. Inc.
San Jose, CA
Asia Pacific Headquarters
Cisco Systems (USA) Pte. Ltd.
Singapore
Europe Headquarters
Cisco Systems International BV
Amsterdam, The Netherlands
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax
numbers are listed on the Cisco Website at www.cisco.com/go/offices.
CCDE, CCENT, Cisco Eos, Cisco HealthPresence, the Cisco logo, Cisco
Lumin, Cisco Nexus, Cisco Stadium Vision, Cisco Telepresence, Cisco WebEx,
DCE, and Welcome to the Human Network are trademarks; Changing the Way
We Work. Live, Play, and Learn and Cisco Store are service marks; and Access
Registrar, Aironet, AsyncOS. Bringing the Meeting To You. Catalyst, CCDA,
CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified
Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco
Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without
Limitation, EtherFast, EtherSwitch, Event Center, Fast Step, Follow Me
Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, Phone,
iQuick Study, IronPort, the IronPort logo, LightStream, Linksys, MediaTone,
MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking
Academy. Network Registrar, PCNow, PIX, PowerPanels, ProConnect,
ScriptShare, SenderBase, SMARTnet, Spectrum Expert. StackWise, The Fastest
Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx
logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the
United States and certain other countries.
All other trademarks mentioned in this document or website are the property of
their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (0812R)
About the Authors
Joseph Muniz is a consultant at Cisco Systems and security researcher. Joseph
started his career in software development and later managed networks as a
contracted technical resource. Joseph moved into consulting and found a passion
for security while meeting with a variety of customers. He has been involved
with the design and implementation of multiple projects, ranging from Fortune
500 corporations to large federal networks. Joseph is the author of and
contributor to several books and is a speaker for popular security conferences.
Check out his blog, http://www.thesecurityblogger.com, which showcases the
latest security events, research, and technologies.
Gary McIntyre is a seasoned information security professional focusing on the
development and operation of large-scale information security programs. As an
architect, manager, and consultant, he has worked with a wide range of public
and private sector organizations around the world to design, build, and maintain
small to large security operations teams. He currently holds a Masters degree
from the University of Toronto and has also been a long-time (ISC)2 instructor.
Dr. Nadhem AlFardan has more than 15 years of experience in the area of
information security and holds a Ph.D. in Information Security from Royal
Holloway, University of London. Nadhem is a senior security solution architect
working for Cisco Systems. Before joining Cisco, he worked for Schlumbeger
and HSBC. Nadhem is CISSP certified and is an ISO 27001 lead auditor. He is
also CCIE Security certified. In his Ph.D. research, Nadhem published a number
of papers in prestige conferences, such as IEEE S&P and USENIX Security,
mainly around cryptoanalysis topics. His work involved him working with
organizations such as Google, Microsoft, Cisco, Mozilla, OpenSSL, and many
others, mainly to help them assess and fix major findings in the Transport Layer
Security/Secure Sockets Layer (TLS/SSL) protocol. His work is referenced in a
number of IETF standards.
About the Technical Reviewers
Dr. Fred Mpala is a security professional with broad experience in security and
risk management.
Matthew Waters is a seasoned security professional and chief information
security officer within the financial sector, specializing in large-scale
transformation programs.
