{"title":"Don Murdoch","description":null,"products":[{"product_id":"blue-team-handbook-book-don-murdoch-9781091493896","title":"Blue Team Handbook","description":"Blue Team Handbook: SOC, SIEM, and Threat Hunting Use Cases is having an amazing impact on Security Operations worldwide. BTHb: SOCTH is the go to guiding book for new staff at a top 10 MSSP, integrated into University curriculum, and cited in top ten courses from a major information security training company. This listing is for V1.02.BTHb: SOCTH provides the security practitioner with numerous field notes on building a security operations team, managing SIEM, and mining data sources to get the maximum amount of information out of them with a threat hunting approach. The author shares his fifteen years of experience with SIEMs and security operations is a no frills, just information format. Don Murdoch has implemented five major platforms, integrated over one hundred data sources into various platforms, and ran an MSSP practice for two years.This book covers the topics below using a zero fluff approach as if you hired him as a security consultant and were sitting across the table with him (or her).The book begins with a discussion for professionals to help them build a successful business case and a project plan, decide on SOC tier models, anticipate and answer tough questions you need to consider when proposing a SOC, and considerations in building a logging infrastructure. The book goes through numerous data sources that feed a SOC and SIEM and provides specific real world guidance on how to use those data sources to best possible effect. Most of the examples presented were implemented in one organization or another. These uses cases explain on what to monitor, how to use a SIEM and how to use the data coming into the platform, both questions that Don found is often answered poorly by many vendors. Several business concepts are also introduced, because they are often overlooked by IT: value chain, PESTL, and SWOT. Major sections include: An inventory of Security Operations Center (SOC) Services.Metrics, with a focus on objective measurements for the SOC, for analysts, and for SIEM's.SOC staff onboarding, training topics, and desirable skills. Along these lines, there is a chapter on a day in the life of a SOC analyst.Maturity analysis for the SOC and the log management program. Applying a Threat Hunt mindset to the SOC. A full use case template that was used within two major Fortune 500 companies, and is in active use by one major SIEM vendor, along with a complete example of how to build a SOC and SIEM focused use case. You can see the corresponding discussion of this chapter on YouTube. Just search for the 2017 Security Onion conference for the presentation.Critical topics in deploying SIEM based on experience deploying five different technical platforms for nineteen different organizations in education, nonprofit, and commercial enterprises from 160 to 30,000 personnel.Understanding why SIEM deployments fail with actionable compensators. Real life experiences getting data into SIEM platforms and the considerations for the many different ways to provide data. Issues relating to time, time management, and time zones.","brand":"WoB","offers":[{"title":"GB \/ VERY_GOOD \/ INTERNAL","offer_id":49540538827025,"sku":"GOR012937468","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ GOOD \/ INTERNAL","offer_id":50214343377169,"sku":"GOR013890286","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ GOOD \/ SBYB","offer_id":51684425466129,"sku":"CIN1091493898G","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ LIKE_NEW \/ INTERNAL","offer_id":52110499184913,"sku":"GOR014477854","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ NEW \/ INGRAM","offer_id":53075115770129,"sku":"NIN9781091493896","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"GB \/ WELL_READ \/ INTERNAL","offer_id":53251244556561,"sku":"GOR014831536","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ VERY_GOOD \/ SBYB","offer_id":53683304268049,"sku":"CIN1091493898VG","price":0.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/1091493898.jpg?v=1751143098"},{"product_id":"blue-team-handbook-incident-response-book-don-murdoch-9798341661264","title":"Blue Team Handbook: Incident Response","description":"\u003cp\u003eAs cyberthreats grow and infrastructure evolves, organizations must prioritize effective, dynamic, and adaptable incident response. Following the success of the original edition, Blue Team Handbook: Incident Response has been updated to reflect today's evolving cybersecurity landscape. This trusted and widely used field guide for cybersecurity incident responders, SOC analysts, and defensive security professionals distills incident response essentials into a concise, field-ready format.\u003c\/p\u003e \u003cp\u003eAuthor Don Murdoch draws on decades of real-world experience in incident response and cybersecurity operations to provide actionable guidance and sample workflows you can immediately apply in your own work. Whether you're investigating an alert, analyzing suspicious traffic, or strengthening your organization's IR capability, you'll find this field-tested edition an essential resource for hands-on practitioners.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eUnderstand how modern adversaries operate and recognize common indicators of compromise in networks\u003c\/li\u003e \u003cli\u003eAnalyze network traffic with common tools to identify and investigate suspicious activity\u003c\/li\u003e \u003cli\u003eExecute structured incident response procedures and follow a clear response plan\u003c\/li\u003e \u003cli\u003eConduct basic forensic analysis on both Windows and Linux systems\u003c\/li\u003e \u003cli\u003eUse proven methodologies and tools to carry out effective, dynamic incident response\u003c\/li\u003e \u003c\/ul\u003e","brand":"WoB","offers":[{"title":"GB \/ NEW \/ GARDNERS","offer_id":53613019693329,"sku":"NGR9798341661264","price":0.0,"currency_code":"GBP","in_stock":false},{"title":"US \/ NEW \/ INGRAM","offer_id":53661280207121,"sku":"NIN9798341661264","price":0.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/9798341661264.jpg?v=1780316108"},{"product_id":"blue-team-handbook-soc-siem-and-threat-hunting-book-don-murdoch-9798341662292","title":"Blue Team Handbook: SOC, SIEM, and Threat Hunting","description":"This practical guide distills over 20 years of frontline cybersecurity experience into an actionable playbook for analysts, SOC managers, architects, detection engineers, and threat hunters. Author Don Murdoch delivers expert insights designed to help teams improve quickly. Whether you're refining your current operations or launching a SOC from scratch, this book empowers you with proven, real-world techniques to defend against today's most persistent threats.    Build and organize SOC teams for maximum operational impact Understand how to launch and execute a comprehensive telemetry, audit data, and SIEM deployment strategy Create effective SOC use cases, including risk-based alerting Develop and apply meaningful metrics to evaluate SOC effectiveness, analyst performance, and SIEM utility Identify advanced threats using real-world threat hunting techniques","brand":"WoB","offers":[{"title":"GB \/ NEW \/ GARDNERS","offer_id":53613153583377,"sku":"NGR9798341662292","price":0.0,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0784\/4072\/6801\/files\/9798341662292.jpg?v=1780316641"}],"url":"https:\/\/www.worldofbooks.com\/en-gb\/collections\/author-books-by-don-murdoch.oembed","provider":"World of Books ","version":"1.0","type":"link"}