Cyber Defense Frameworks - TASK 2: Security Operations Center (SOC)

What is a SOC? – Per McAfee's definition of a SOC,  "Security operations teams are charged with monitoring and protecting many assets, such as intellectual property, personnel data, business systems, and brand integrity. As the implementation component of an organization's overall cyber security framework, security operations teams act as the central point of collaboration in coordinated efforts to monitor, assess, and defend against cyberattacks"

A Junior Security Analyst must always be informed about latest threats and the ways to prevent them.

·       CISA (Cybersecurity & Infrastructure Security Agency) has information about TTPs (Tactics, Techniques, and Procedures) used by various threat actors

·       A SOC team proactively uses SIEM (Security information and event management) and EDR (Endpoint Detection and Response) tools to monitor suspicious and malicious network activities

·       Alerts are prioritized based on their levels: Low, Medium, High, and Critical. These alerts are then investigated

After the investigation, the SOC team coordinates and takes action on the compromised hosts, which involves isolating the hosts from the network, terminating the malicious processes, deleting files, and more