Security Operations Center

Building, Operating, and Maintaining Your SOC

First Edition

Copyright © 2016 Cisco Systems, Inc.

ISBN-10: 0-13-405201-3
ISBN-13: 978-0-13-405201-4

Warning and Disclaimer

Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.

When reviewing corrections, always check the print number of your book. Corrections are made to printed books with each subsequent printing.

First Printing: November 2015

Corrections for January 21, 2016

Pg / Error / Correction
1 / Chapter 1, Right Before Cybersecurity Challenges, Add Note / Note to Add:
NOTE Throughout this book, we mention a wide range of multi-vendor security solutions that often comprise a SOC’s technology stack. We have occasionally used examples of Cisco technologies to demonstrate some concepts. This does not mean there are other great solutions available to consider when evaluating solutions to meet your business goals.
60 / Chapter 2, Third Paragraph, Second Sentence
Reads:
These are provided by the Vulnerability Scoring System (CVSS), maintained by NIST. / Should read:
These are provided by the Common Vulnerability Scoring System (CVSS), maintained by FIRST.
62 / Chapter 2, Threat Intelligence, Add New Bullet at beginning of Bullets / Bullet to Add:
§  OpenDNS: Big data analytics integrated at the Internet’s underlying DNS and BGP layers. This means data comes from any device and network, over any port, protocol or app identifying the most advanced threats. The OpenDNS global network leverages a global network made up of two percent of the world’s internet request.
67 / Chapter 2, Figure 2-14, Label
Reads:
Managed Threat Defense Architecture / Should read:
Cisco Advanced Threat Analytics (ATA) Architecture
67 / Chapter 2, Figure 2-14 Caption
Reads:
Figure 2-14 Cisco Managed Threat Defense Architecture / Should read:
Figure 2-14 Cisco Advanced Threat Analytics (ATA) Architecture
73 / Chapter 3, Step 2, Third Sentence
Reads:
For example, the previous example of the IT goal of having data-loss protection (DLP) requires specific products and people to make this happen. / Should read:
For example, the previous example of the IT goal of having data-loss prevention (DLP) requires specific products and people to make this happen.
210 / Chapter 7, Threat Feeds, Third Paragraph, First Sentence
Reads:
Cisco offers a few paid threat intelligence feeds such as the ThreatGrid prepackaged and custom threat feeds. / Should read:
Cisco offers a few paid threat intelligence feeds such as the ThreatGrid prepackaged, OpenDNS and custom threat feeds.
210 / Chapter 7, Threat Feeds, Third Paragraph, Third Sentence
Reads:
An example of a custom feed is subscribing to threats seen in banking environments for customers in that market. / Should read:
An example of ThreatGrid based custom feed is subscribing to threats seen in banking environments for customers in that market.
211 / Chapter 7, First Paragraph, Second Sentence
Reads”
Chapter 6 introduced Lancope’s StealthWatch as a NetFlow solution using network telemetry as a method to identify threats. / Should read:
One example of this from Cisco is StealthWatch, which is a NetFlow solution using network telemetry as a method to identify threats.
248 / Chapter 9, Figure 9-2, Last Segmentation
Reads:
STG (Packet Level) Segmentation / Should read:
SGT (Packet Level) Segmentation
317 / Chapter 9, Figure 9-38, Label
Reads:
Managed Threat Defense Architecture / Should read:
Cisco Advanced Threat Analytics (ATA) Architecture
317 / Chapter 9, Figure 9-38, Caption
Reads:
Figure 9-38 Virtual SOC Environment Example / Should read:
Figure 9-38 Cisco Advanced Threat Analytics (ATA) Architecture

This errata sheet is intended to provide updated technical information. Spelling and grammar misprints are updated during the reprint process, but are not listed on this errata sheet.

Updated 01/20/2016