A Deep Dive into Defensive Security
Following my exploration of Offensive Security, I took a deep dive into its counterpartβDefensive Security. The primary focus of defensive security is twofold:
β
Preventing intrusions before they happen
β
Detecting and responding to intrusions effectively
Key Areas of Defensive Security
Throughout the lesson, I explored critical components of defensive security, including:
πΉ Security Operations Center (SOC) β A team dedicated to monitoring and responding to security threats.
πΉ Threat Intelligence β Gathering data to understand and anticipate cyber threats.
πΉ Digital Forensics & Incident Response (DFIR) β Investigating cyber incidents and mitigating their impact.
πΉ Malware Response β Analyzing and defending against malicious software.
Hands-on Cyber Defense: The Role of a SOC Analyst
SOC analysts use Security Information and Event Management (SIEM) tools to analyze security alerts. They must distinguish between normal activities (e.g., multiple failed logins) and real threats (e.g., unauthorized IP connections).
The lesson wrapped up with a practical exercise, where I took on the role of a junior SOC analyst in a simulated SIEM environment to handle a cybersecurity alert. The exercise involved investigating an unauthorized connection attempt, where I:
π Checked the IP Address β Using an IP scanner, I discovered it was a malicious IP from an ISP in China.
π¨ Escalated the Incident β Correctly reported the threat to the SOC team lead for further action.
π Blocked the Threat β Added the malicious IP to the firewall block list, preventing future attacks.
This hands-on simulation reinforced the importance of proactive threat detection and response, highlighting how SOC teams protect networks from cyber threats. π
This session provided a solid foundation in Defensive Security, preparing me for more in-depth explorations of cyber defense strategies! π
β
