A Glimpse of Security Analyst!

Muhammad Nazmi Azahari May 17, 2024

Welcome to the World of a Security Analyst!

Hey there, future cyber hero! Ever wondered what it’s like to be a security analyst? Let’s take a fun tour through the exciting world of cybersecurity, where you become the digital guardian of your organization. Buckle up, because you’re in for an adventure!

Imagine This...

You’re the captain of a futuristic spaceship cruising through the vast galaxy of the internet. Your mission? To protect your spaceship (that’s your organization) from space pirates, alien invaders, and rogue asteroids (a.k.a. hackers, malware, and other cyber threats). For those who that doesn't know what Security Analyst actually do and impact for an organization can read this, May you have great time reading this and hope this sharing can be your guide to be Cyber Security your starting point towards Cyber Security nerds. 


Here is Security Analyst all about:

A Security Operations Center (SOC) is a command center for cybersecurity professionals responsible for monitoring, analyzing, and protecting an organization from cyber attacks. In the SOC, internet traffic, internal network infrastructure, desktops, servers, endpoint devices, databases, applications, IoT devices, and other systems are continuously monitored for security incidents.



To be a good at handling incidents, you have to be vigilant and manage your incidents into different prioritize so that you're aware of which alerts are most urgent, just like security deciding whether a fire or a shoplifter needs immediate attention. They are different types of incidents that most Security Analyst faces off.

Here is most common alerts that always trigger depends on which company you working at:

Intrusion Alerts

  • Breaking In: These alerts tell the SOC team if someone is trying to break into the network, like a burglar trying to sneak into the mall.
  • Strange Behavior: Alerts that flag unusual activities, such as someone trying to access a restricted area at odd hours.

Firewall Alerts

  • Blocked Attempts: Imagine the mall has security gates. These alerts show when someone tried to get through a gate and was blocked, similar to stopping someone without a ticket.
  • Suspicious Scanning: Alerts for when someone is checking all the doors and windows to find an open one, like a potential intruder scouting for weak spots.

Anti-Malware Alerts

  • Virus Detected: These alerts are like finding a sick person in the mall who needs to be quarantined to prevent others from getting sick too.
  • File Quarantine: Notifications that certain files were isolated because they were identified as harmful.

Endpoint Alerts

  • Odd Behavior on Devices: If a computer or phone starts acting weird, like if it's being controlled remotely by a hacker, these alerts let the SOC team know.
  • Threat Isolation: Alerts that a problem on a device has been contained, stopping it from spreading further.

Behavior Alerts

  • Insider Threats: Alerts when someone inside the mall (like an employee) is acting suspiciously, such as accessing areas they shouldn’t.
  • Account Compromise: If someone’s account gets hacked and used in a strange way, these alerts raise a red flag.

Correlated Events Alerts

  • Connecting the Dots: Sometimes, small suspicious activities happening at the same time in different places can indicate a bigger problem. These alerts help connect those dots.

Phishing Alerts

  • Fake Emails: Alerts about emails that try to trick people into giving away personal information, similar to someone pretending to be a mall security guard to get access to restricted areas.

Vulnerability Alerts

  • Weak Spots: Notifications about weak points in the system that need to be fixed, like a broken lock on a door that needs repairing.

Network Anomaly Alerts

  • Unusual Traffic: Alerts about strange activity in the network, like seeing an unusual number of people in a normally quiet area of the mall, which could indicate a protest or flash mob.
  • DDoS Attacks: When someone tries to overwhelm the network with too much traffic, similar to a huge crowd trying to rush through a single mall entrance all at once.

Access Control Alerts

  • Unauthorized Access: Alerts when someone tries to enter a restricted area without permission, like a visitor trying to get into the mall’s control room.
  • Privilege Escalation: Notifications when someone tries to gain more access rights than they are supposed to have.

Data Protection Alerts

  • Sensitive Data Handling: Alerts when sensitive information is accessed or transferred inappropriately, like someone trying to smuggle valuable goods out of the mall.
  • Policy Violations: When someone tries to bypass security policies, similar to ignoring mall rules.

Cloud Security Alerts

  • Misconfigurations: Alerts for errors in setting up online services that could expose the company to risks, like leaving a mall gate open by mistake.
  • Suspicious Activities: Unusual actions in cloud services, similar to unexpected behavior in a part of the mall that should be secure.

Tags
Muhammad Nazmi Azahari

Posted by Muhammad Nazmi Azahari

Post a Comment

0 Comments