The SOC (Security Operation Center) Analyst’s mission is to monitor a company’s information system to detect any suspicious or malicious activities. He or she is in charge of assessing security systems, identifying and patching vulnerabilities, and improving cyber resilience.
This specialist analyzes, interprets, and processes security alerts issued by the security operations center (SOC), which is a platform for monitoring, assessing and defending the company’s information systems.
The implementation of a SOC generally requires the creation of 3 teams of different levels: Tier I, Tier II and Tier III.
Tier 1: This is a team of analysts whose mission is to sort and qualify events before sending those requiring further analysis to Tier 2.
Tier 2: This team receives the Tier 1 alerts and launches a more in-depth analysis to determine with greater precision the origin and consequences of the event in progress.
Tier 3: This team is not present in all SOCs. Its objective is to prevent incidents before they occur, and its role is like that of the CSIRT. Within Tier 3, forensic or reverse-engineering activities can be carried out to analyze an incident as much as possible and to anticipate future events.
The SOC analyst can work directly within a company’s internal SOC, or on behalf of a service company. Unfortunately, the lack of experts on the market means that companies tend to outsource the management of their SOC.
The primary responsibilities of a SOC analyst include:
- Monitoring security access and reporting potential malicious activities to a superior
- Performing security and risk analyses to pinpoint vulnerabilities and assessing their potential impact on the organization.
- Investigating breaches and identifying their root cause
- Preparing reports to help security leaders evaluate the effectiveness of security policies.
- Performing security audits
A SOC Analyst continuously monitors and detects potential threats, triages the alerts, and appropriately escalates them. Without a SOC analyst, processes such as monitoring, detection, analysis, and triaging will lose their effectiveness, ultimately negatively affecting the organization.
EC-Council’s certification: CSA
The Certified SOC Analyst - CSA program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry level and intermediate level operations.
Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response.
CSA covers a module dedicated to rapid incident detection with Threat Intelligence. The module also imparts knowledge on integrating Threat Intelligence feeds into SIEM for enhanced threat detection.
CSA being a practically driven program, offers hands-on experience on incident monitoring, detection, triaging, and analysis. It also covers containment, eradication, recovery, and reporting of the security incidents. To that end, there are 80 tools incorporated into the training.
Contact us for more information!