6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

Day in the Life of

a SecOps Analyst

Erik is a SecOps analyst on the Security Operations team and it

is his job to triage alerts to determine if there is a security
threat. Before Erik starts his job, he will need to understand the
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 1/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

general concepts of SecOps and the business goals. Erik will

 need training
Security Operations and support from the people he interacts with on a
Fundamentals

daily basis. While mitigating threats, Erik will need to know the
processes to follow, the teams he will be interacting with, and
the technology he will be using to gain visibility into the
network.

Let's go on this journey with Erik to see

how he makes his decisions and his
plan of action.

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 2/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

Security Landscape

SecOps are a necessary function for protecting our digital way of life, for
businesses and customers. Most organizations are responding with a
fundamental shift to their cyber security approach - moving away from a
collection of point solutions, ad-hoc entities, and processes toward a more
deliberate structure and the creation of dedicated SecOps to manage and
monitor a unified security architecture.

Goodbye Ad-Hoc Systems

The days of a best-of-breed ad-hoc system are gone.

These systems do not communicate with each other
and are too expensive for a company to manage and
maintain individually. A security team needs to have the
proper technology implemented that simplifies data
visibility by unifying intelligence from multiple security

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 3/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

tools. With ad-hoc systems, too much time would be

needed to coordinate all of the information from these
 Security Operations Fundamentals
individual systems, parse the data, and then compile the
data for an analyst to review.

Hello Automation via Security

Orchestration

With the influx of massive amounts of data, security

processes should be automated to provide realistic
security assessment and functional real-time mitigation.
This can be achieved via security orchestration. By
automating processes, you remove many of the
requirements for manual processes or human
intervention, which can slow down the flow of data and
interrupt the ability to review and analyze security
issues at a faster rate.

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 4/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

What the Landscape Encompasses

Click the tabs to learn about the risks, problems, target objective, and deliverables the
landscape encompasses.

Risks

The risk is a catastrophic breach that leads to data exfiltration, substantial financial loss, a
severely tarnished reputation, loss of current and future clients, and possible legal and
regulatory issues coupled with customer compensation.

Problems

Target Objective

Deliverables

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 5/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

An Overview of SecOps

Click the video to hear from Rishi

Bhargava, former Vice President of 
Product Strategy and the leader in
SecOps automation, about the
0:00/2:48
importance of SecOps.

Security Operations

SecOps - Leads the Charge SecOps - Management and

Implementation
The SecOps (also known as Computer
Emergency Response Teams, Computer
https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 6/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

Security Incident Response Teams,

Security Operations (SecOps) is a
etc.) is a team of security professionals
 Security Operations Fundamentals
that are dedicated to monitoring and
collaborative effort between security
teams and operations teams that
analyzing activity on networks, servers,
integrates tools, processes, and
endpoints, databases, applications,
technology for protecting our digital way
websites, and other systems that
of life. The concept of SecOps covers
connect to your network either locally
your users which include internal,
or from a remote location. The SecOps
partners, and customers, your systems,
team's goal is to detect, analyze, and
and the data trusted to your
respond to cybersecurity incidents using
organization. The goal of SecOps is to
a combination of technology solutions
improve the security posture of the
and a set of processes to help mitigate
business, its products, and services by
the incidents.
introducing security as a shared
responsibility.

Security Operations
Elements

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 7/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

By dividing Security Operations into

 Securityelements,
discrete Operations you
Fundamentals
can assess the
elements covered in a SecOps, and to


what extent. The element map can be
used to evolve Security Operations to
provide better prevention and faster
remediation. All of the elements tie
back to the business itself. SecOps 0:00/4:05

goals include the development and

operationalization of the capabilities
that the business requires.

Click the video to watch how the

elements of SecOps is divided into six
pillars.

Main Functions of Security Operations

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 8/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

Security Operations is a function that identifies, investigates, mitigates threats, and provides
 Security Operations
continuous Fundamentals
improvement. Because Security Operation engineers have the first interaction
with security issues, they are responsible for executing these actions with the goals to
reduce the number of alerts flowing into the SecOps, access tools to quickly investigate
threats, and reduce the time required to contain a breach.

Click the tabs to learn about how these actions can help protect against security issues.

Identify

Identify an alert as potentially malicious and open an incident.

Investigate

Mitigate

Continuously Improve

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 9/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

Security Orchestration

Security orchestration is a method of connecting disparate security

technologies through standardized and automatable workflows that enable
security teams to effectively carry out incident response and operations.

Security Orchestration - Automates the

Process

Security orchestration as a concept is defined as

automation of as many processes within security
operations as possible. Automating processes help
remove the manual processes that were performed by a
member of the SecOps team which slows down the
flow and reduces the ability to review and analyze
security issues. Automation can analyze data at a much

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 10/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

faster rate to accurately assess, respond to, and then

mitigate the security incident appropriately.
 Security Operations Fundamentals

Terminology

Security orchestration uses the following terms to help define its processes.

Click the tabs to learn the term definitions.

Security Automation

The process of executing security tasks using machine-driven responses to help ensure
consistency in security issues

Playbooks

Integration

Ingestion

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 11/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

Components and Technologies of Security Orchestration

The major components and technologies of Security Orchestration are managed by a special
team or administrator that is a subject matter expert on the specific application or appliance
chosen. All of them are almost equally important to the overall fabric that is used by the
automation processes within the enterprise’s Security Orchestration architecture.

Security Information and Event Management (SIEM)

Monitors multiple sources to collect, correlate, and aggregate data

providing reports, alerts, and information for real-time detection and
mitigation.

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 12/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

Threat Intelligence

 Security
Collects Operations
and Fundamentals
correlates data from both internal and external sources to
provide information to determine malicious intent

Endpoint Security

Provides real-time protection for devices such as mobile phones, laptops, and
desktop systems connected to the enterprise network. Endpoint Security can
detect, alert, respond, and mitigate.

Network Security

Hardware and software components that provide protection for the enterprise
network infrastructure. The collection of network security tools plays an
extremely critical part of security with alerting and blocking malicious intent.

Security Operations and Security Orchestration

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 13/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security operations
Security Operations is a function that identifies, investigates, mitigates
Fundamentals
threats, and provides continuous improvement. Security orchestration
automates processes within Security Operations.

Separate Groups Function At a High Automation

and Processes Level Process

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 14/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

 Security Operations Fundamentals

Let's Help Erik!

Erik wants to ensure he understands the goals of Security Operations and

Security Orchestration.

Can you remind Erik what is the SecOps When Erik first arrives to work, which
team's main goal? component or technology would he use
to view aggregated data about his
Detect, analyze, and respond to network?
cybersecurity incidents using a
 combination of technology
solutions and a set of processes to Network Security
help mitigate the incidents
Threat Intelligence
Improve the security posture of the
business, its products, and Security Information & Event
services by introducing security as  Management
a shared responsibility

Endpoint Security

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 15/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

Reduce the time required to Submit  Show Feedback

contain a breach
 Security Operations Fundamentals

Connect disparate security

technologies through standardized
and automatable workflows

Submit  Show Feedback

Erik has identified the alert and opened

an incident in the ticketing system.
What Security Operations function
would Erik perform next?

Perform a detail analysis of the

alert

Investigate the root cause and

 impact of the incident

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 16/17
6/26/24, 2:32 PM Day in the Life of a SOC Analyst - Security Operations Fundamentals

Stop the attack and close the

ticket
 Security Operations Fundamentals

Adjust and improve operations to

stay current with changing and
emerging threats

Submit  Show Feedback

 Introduction 2 of 8 Business Pillar 

https://beacon.paloaltonetworks.com/uploads/resource_courses/targets/4756951/original/index.html?_courseId=1671031#/page/647669aff166fa169d45ad10 17/17