Security Operations Center Analyst Presentation
kundansaraf1
325 views
16 slides
Oct 19, 2024
Slide 1 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
About This Presentation
In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts.
The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following:
Monitor and investigate alerts (mos...
Slide Content
SOC Analyst 1 By Dr. Kundan Saraf Ph.D. in Cyber Security (Pursuing)
Disclaimer This presentation and video is for informational and educational purpose only, and for those who’re willing and curious to know and learn about Ethical Hacking, Security and Penetration Testing. The word “Hacking” that is used in this presentation or video shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. We will not be responsible for your any illegal actions. The misuse of the information in this presentation or video can result in criminal charges brought against the persons in question. We will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law. You shall not misuse the information to gain unauthorised access. However you may try out these hacks on your own computer at your own risk. Performing hack attempts (without permission) on computers that you do not own is illegal. This presentation or video contains materials that can be potentially damaging or dangerous. If you do not fully understand something on this content, then GO OUT OF HERE! Refer to the laws in your province/country before accessing, using, or in any other way utilizing these materials. All the information in this presentation and video are meant for developing Hacker Defence attitude among the users and help preventing the hack attacks. We insists that these information shall not be used for causing any kind of damage directly or indirectly.
Course Name Junior Security Analyst OR Security Operations Center (SOC) Analyst 1 Free Training of SOC Level 1 & SOC Level 2 https :// www.linkedin.com/posts/mussadiq-khan_cybersecurity-handsontraining-soc-activity-7233535363355406336-G-4X?utm_source=share&utm_medium=member_android
L1 SOC Analyst – Way to Access labs Open your browser and insert below given URL. https :// tryhackme.com/r/path/outline/soclevel1
Junior Security Analyst Course Introduction In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a significant portion of your time triaging or monitoring the event logs and alerts . The responsibilities of a Junior Security Analyst or Tier 1 SOC Analyst include the following : Monitor and investigate alerts (most of the time, it's a 24x7 SOC operations environment) Configure and manage security tools Develop and implement IDS signatures Escalate the security incidents to the Tier 2 and Team Lead if needed Section 1 - Cyber Defence Frameworks Junior Security Analyst Intro Pyramid Of Pain Cyber Kill Chain Unified Kill Chain Diamond Model MITRE Summit Eviction Section 2 - Cyber Threat Intelligence Intro to Cyber Threat Intel Threat Intelligence Tools Yara OpenCTI MISP Friday Overtime Trooper
Junior Security Analyst Course Introduction Section 3 - Network Security and Traffic Analysis Traffic Analysis Essentials Snort Snort Challenge - The Basics Snort Challenge - Live Attacks NetworkMiner Zeek Zeek Exercises Brim Wireshark: The Basics Wireshark: Packet Operations Wireshark: Traffic Analysis TShark: The Basics TShark: CLI Wireshark Features TShark Challenge I: Teamwork TShark Challenge II: Directory Section 4 - Endpoint Security Monitoring Intro to Endpoint Security Core Windows Processes Sysinternals Windows Event Logs Sysmon Osquery : The Basics Wazuh Monday Monitor Retracted Section 5 - Security Information and Event Management Introduction to SIEM Investigating with ELK 101 ItsyBitsy Splunk: Basics Incident handling with Splunk Investigating with Splunk Benign
Junior Security Analyst Course Introduction Section 6 - Digital Forensics and Incident Response DFIR: An Introduction Windows Forensics 1 Windows Forensics 2 Linux Forensics Autopsy Redline KAPE Volatility Velociraptor TheHive Project Intro to Malware Analysis Unattended Disgruntled Critical Secret Recipe Section 7 - Phishing Phishing Analysis Fundamentals Phishing Emails in Action Phishing Analysis Tools Phishing Prevention The Greenholt Phish Snapped Phish-ing Line Section 8 - SOC Level 1 Capstone Challenges Tempest Boogeyman 1 Boogeyman 2 Boogeyman 3
Junior Security Analyst Intro In the Junior Security Analyst role, you will be a Triage Specialist. You will spend a lot of time triaging or monitoring the event logs and alerts. Responsibilities of Junior Security Analyst or Tier 1 SOC Analyst Monitor and investigate the alerts (most of the time, it's a 24x7 SOC operations environment) Configure and manage the security tools Develop and implement basic IDS (Intrusion Detection System) signatures Participate in SOC working groups, meetings Create tickets and escalate the security incidents to the Tier 2 and Team Lead if needed Required qualifications (most common) 0-2 years of experience with Security Operations Basic understanding of Networking (OSI model (Open Systems Interconnection Model) or TCP/IP model (Transmission Control Protocol/Internet Protocol Model)) Operating Systems (Windows, Linux) Scripting/programming skills are a plus Reference for IDS = https :// www.barracuda.com/support/glossary/intrusion-detection-system
Desired certification for Junior Security Analyst CompTIA Security + Based on the knowledge SOC Analyst 1, will eventually move up to Tier 2 and Tier 3 . An overview of the Security Operations Center (SOC) Three-Tier Model
What is SOC?
What is SOC? The core function of a SOC (Security Operations Center) is to investigate, monitor, prevent, and respond to threats in the cyber realm 24/7 or around the clock. Per McAfee's definition of a SOC, " Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organisation's overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks".
Preparation and Prevention The number of people working in the SOC can vary depending on the organisation's size . As a Junior Security Analyst, you should stay informed of the current cyber security threats (Twitter and Feedly can be great resources to keep up with the news related to Cybersecurity). It's crucial to detect and hunt threats, work on a security roadmap to protect the organisation, and be ready for the worst-case scenario . Prevention methods include gathering intelligence data on the latest threats, threat actors, and their TTPs (Tactics, Techniques, and Procedures). It also includes the maintenance procedures like updating the firewall signatures, patching the vulnerabilities in the existing systems, block-listing and safe-listing applications, email addresses, and IPs . To better understand the TTPs, you should look into one of the CISA's (Cybersecurity & Infrastructure Security Agency) alerts on APT40 (Chinese Advanced Persistent Threat). Refer to the following link for more information, https:// us-cert.cisa.gov/ncas/alerts/aa21-200a
Alert Severity Vs Service Level Agreement (SLA) Alert Severity Service Level Agreement (SLA) Low 24 hours Medium 12 hours High 1 hour Critical 15 minutes SLA Breach Impact Website / Server can be hacked. You broke the policy and agreement, hence your company needs to pay 4 Lakh rupees for each SLA breach. If you breach SLA more than 3 times, your company may terminate you. Your company is at very high risk of cyber-attack because of SLA breach
TTPs Within Cyber Threat Intelligence Tactics, techniques and procedures (TTPs) are the “patterns of activities or methods associated with a specific threat actor or group of threat actors.” Analysis of TTPs aids in counterintelligence and security operations by describing how threat actors perform attacks. TTPs describe how threat actors (the bad guys) orchestrate, execute and manage their operations attacks. (“Tactics” is also sometimes called “tools” in the acronym.) Specifically , TTPs are defined as the “patterns of activities or methods associated with a specific threat actor or group of threat actors,” according to the Definitive Guide to Cyber Threat Intelligence. TTP = https :// www.optiv.com/explore-optiv-insights/blog/tactics-techniques-and-procedures-ttps-within-cyber-threat-intelligence
Monitoring and Investigation A SOC team proactively uses SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious network activities. Imagine being a firefighter and having a multi-alarm fire - one-alarm fires, two-alarm fires, three-alarm fires; the categories classify the seriousness of the fire, which is a threat in our case. As a Security Analyst, you will learn how to prioritise the alerts based on their level: Low, Medium, High, and Critical. Of course, it is an easy guess that you will need to start from the highest level (Critical) and work towards the bottom - Low-level alert. Having properly configured security monitoring tools in place will give you the best chance to mitigate the threat. Junior Security Analysts play a crucial role in the investigation procedure. They perform triaging on the ongoing alerts by exploring and understanding how a certain attack works and preventing bad things from happening if they can. Reference – What is SIEM? - https ://www.trellix.com/security-awareness/operations/what-is-siem / What Is Endpoint Detection and Response? – https://www.trellix.com/security-awareness/endpoint/what-is-endpoint-detection-and-response /
Monitoring and Investigation During the investigation, it's important to raise the question "How? When, and why?". Security Analysts find the answers by drilling down on the data logs and alerts in combination with using open-source tools, which we will have a chance to explore later in this path. Response After the investigation, the SOC team coordinates and takes action on the compromised hosts, which involves isolating the hosts from the network, terminating the malicious processes, deleting files, and more.
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 325
- Slides 16
- Age 407 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views