Day in The Life of A SOC Analyst - Security Operations Fundamentals
Day in The Life of A SOC Analyst - Security Operations Fundamentals
daily basis. While mitigating threats, Erik will need to know the
processes to follow, the teams he will be interacting with, and
the technology he will be using to gain visibility into the
network.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 2/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
SecOps are a necessary function for protecting our digital way of life, for
businesses and customers. Most organizations are responding with a
fundamental shift to their cyber security approach - moving away from a
collection of point solutions, ad-hoc entities, and processes toward a more
deliberate structure and the creation of dedicated SecOps to manage and
monitor a unified security architecture.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 3/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 4/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Click the tabs to learn about the risks, problems, target objective, and deliverables the
landscape encompasses.
Risks
The risk is a catastrophic breach that leads to data exfiltration, substantial financial loss, a
severely tarnished reputation, loss of current and future clients, and possible legal and
regulatory issues coupled with customer compensation.
Problems
Target Objective
Deliverables
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 5/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
An Overview of SecOps
Security Operations
Security Operations
Elements
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 7/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
what extent. The element map can be
used to evolve Security Operations to
provide better prevention and faster
remediation. All of the elements tie
back to the business itself. SecOps 0:00/4:05
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 8/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Security Operations is a function that identifies, investigates, mitigates threats, and provides
Security Operations
continuous Fundamentals
improvement. Because Security Operation engineers have the first interaction
with security issues, they are responsible for executing these actions with the goals to
reduce the number of alerts flowing into the SecOps, access tools to quickly investigate
threats, and reduce the time required to contain a breach.
Click the tabs to learn about how these actions can help protect against security issues.
Identify
Investigate
Mitigate
Continuously Improve
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 9/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 10/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Terminology
Security orchestration uses the following terms to help define its processes.
Security Automation
The process of executing security tasks using machine-driven responses to help ensure
consistency in security issues
Playbooks
Integration
Ingestion
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 11/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
The major components and technologies of Security Orchestration are managed by a special
team or administrator that is a subject matter expert on the specific application or appliance
chosen. All of them are almost equally important to the overall fabric that is used by the
automation processes within the enterprise’s Security Orchestration architecture.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 12/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Threat Intelligence
Security
Collects Operations
and Fundamentals
correlates data from both internal and external sources to
provide information to determine malicious intent
Endpoint Security
Provides real-time protection for devices such as mobile phones, laptops, and
desktop systems connected to the enterprise network. Endpoint Security can
detect, alert, respond, and mitigate.
Network Security
Hardware and software components that provide protection for the enterprise
network infrastructure. The collection of network security tools plays an
extremely critical part of security with alerting and blocking malicious intent.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 13/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Security operations
Security Operations is a function that identifies, investigates, mitigates
Fundamentals
threats, and provides continuous improvement. Security orchestration
automates processes within Security Operations.
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 14/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
Can you remind Erik what is the SecOps When Erik first arrives to work, which
team's main goal? component or technology would he use
to view aggregated data about his
Detect, analyze, and respond to network?
cybersecurity incidents using a
combination of technology
solutions and a set of processes to Network Security
help mitigate the incidents
Threat Intelligence
Improve the security posture of the
business, its products, and Security Information & Event
services by introducing security as Management
a shared responsibility
Endpoint Security
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 15/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 16/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 17/17