🛡️

Overview of SOC Analyst Responsibilities

Jul 31, 2024

Notes on SOC Analyst Lecture

Introduction to SOC

  • SOC: Stands for Security Operation Center.
  • Role: Analysts working in SOC monitor IT infrastructure 24/7 for cybersecurity events.
  • Purpose: To protect the organization from external/internals attacks.

Key Components of SOC

  • People, Process, Technology: SOC consists of a team of professionals using processes and technology to manage cybersecurity.
  • Tools Utilized: Scanning networks for abnormalities or suspicious activity.
  • Blue Team vs. Red Team:
    • Blue Team: SOC professionals protecting the organization.
    • Red Team: Tests the security measures of the organization.

SOC Responsibilities

  1. Monitoring: Provides visibility into digital activities across the organization.
    • Logs collection from multiple sources: endpoints, routers, firewalls, etc.
  2. Prevention Techniques: Implementation of rules and countermeasures.
    • Blocking known/unknown risks to protect the network.
  3. Proactive Incident Response: Using automated tools and human intervention to respond to incidents.
    • Coordinates organizational efforts to mitigate damage after an incident.
    • Ensures compliance with regulations (e.g., GDPR).

Types of SOC

  1. Internal SOC:
    • Advantages: Governance, visibility, and control.
    • Disadvantages: High costs and liabilities due to CAPEX.
  2. Virtual SOC:
    • Combination of remote and on-prem resources; flexible support based on organizational needs.
  3. Outsourced SOC:
    • Entire SOC operation managed by third-party MSSP (Managed Security Service Provider).
    • Cost-effective but may lack deep visibility and control.

SOC Team Structure

  • L1 Analysts (Tier 1):
    • Monitor and investigate events.
    • Confirm incidents and prioritize them before escalation.
  • L2 Analysts (Tier 2):
    • Dig deeper into incidents determined by L1.
    • Coordinate response and remediation actions.
  • L3 Analysts (Tier 3):
    • Experts who conduct root cause analysis and threat hunting.

Key Concepts in SOC

  • Events vs. Incidents:
    • Events: Routine activities related to business objectives.
    • Incidents: Activities that negatively impact organizational objectives.
  • Monitoring Tools: Including SIEM (Security Information and Event Management) and UBA (User Behavior Analytics).
  • Vulnerability Assessment: Routine checks to identify weaknesses in systems.

Required Skills for SOC Analysts

  • Knowledge of operating systems (Windows, Linux, Mac).
  • Familiarity with programming languages (Python, PowerShell).
  • Understanding of networking protocols (DNS, DHCP, HTTP).
  • Strong writing and reporting skills for incident documentation.

Success Factors for Building a SOC

  1. Management Sponsorship: Essential for funding and support.
  2. Effective Governance: Establishing policies, procedures, and a structure for oversight.
  3. Visibility into Operations: Critical for monitoring effectiveness.
  4. Right Skill Sets: Ensures qualified personnel are in place.
  5. Process and Procedures: Important for training and knowledge transfer.

Conclusion

  • Importance of building a comprehensive SOC that aligns with business objectives and regulatory compliance.
  • Suggestions for further learning and additional videos on interview preparation.

Full transcript