12 Days of Defense - Day 3: How the SOC Works (Security Monitoring Tools and Architecture)

  Рет қаралды 11,661

John Hubbard

John Hubbard

Күн бұрын

Пікірлер: 22
@Anilkumar-gz6li
@Anilkumar-gz6li 3 жыл бұрын
thank you so much for making this kind of videos and publish for free in youtube it really helps a lot of people who are willing to start a career in Security end
@faanross
@faanross Жыл бұрын
insanely good framework, 18 mins and i feel like i actually "get it" for the first time, esp also the relationship to threat hunting and ir. if you were ever inclined to build on this and extend those two disciplines in relation to this framework know it would be appreciated!
@ADFdiaries
@ADFdiaries 2 жыл бұрын
@JohnHubbard I love the way you deliver these kind of contents. I work in a SOC environment for five years now as a Tier 2 SOC Analyst. I would love seeing you discussing topics on Reporting/KPIs/Metrics for SOC related. This would help us understand more and be able to make these kind of reports on our own. Much appreciated. Please continue doing these kind of contents as it really helps understand those aspiring SOC Analysts. ❤️❤️❤️
@1UniverseGames
@1UniverseGames 3 жыл бұрын
Thanks a lot... I have a question- can you please make a video for making reports for SOC analyst , it would be great to learn how does this works
@konulaslanova2608
@konulaslanova2608 2 жыл бұрын
Thank you for this video. It was really helpful.
@AjitKumar-sy9cv
@AjitKumar-sy9cv 4 жыл бұрын
This is a bird view of the SoC process. Very useful for non-industry people or beginner who is trying for the role. Thanks.
@nitindubey5472
@nitindubey5472 4 жыл бұрын
this role sucks a lot i have heard from most of guys here in india most of firms they have night shift sometimes day shift in rotation one of my senior got health issues he moved to GRC side got ISO 27001 moved into pwc he and most of his colleagues says SOC roles in india sucks a lot because of company environment . and now a days job frequency are more in data science side still not that much good jobs in cyber security in india one can easily get data analyst role or even AI/ML role in small startup but cyber job openings are very few because only big firms invest in cyber security .
@Anilkumar-gz6li
@Anilkumar-gz6li 3 жыл бұрын
@@nitindubey5472 that's true.. because i work night shift's its horrible
@nitindubey5472
@nitindubey5472 3 жыл бұрын
@@Anilkumar-gz6li yes one has to work in night shift but that's majority of guys are doing not just you you can switch to AUDIT roles also or cloud security is very good option by doing AWS certification . SOC is always good option for entry level cyber roles in INDIA and here competition is not that much otherwise in other software IT roles like data analyst ,web developer there is too much competition from guys who come from tier 1 colleges yes in AI/ML ,full stack jobs but way too much competition one has to face now a days everyone is trying for AI/ML data science very few talks about cyber roles I am also trying to get into SOC role as a fresher I have had education gap of 2 years because of gov job preparation but now learning cyber security things people always says there is more jobs in DATA SCIENCE OR WEB DEVELOPER but way to much competition one has to face to get even 15k job if someone is not from good college or have poor programming skills.
@adivasi6894
@adivasi6894 3 жыл бұрын
I saw your background image, had to do some OSINT into it...Made my day...
@DevOpsSkills
@DevOpsSkills 3 жыл бұрын
This is really good content. Thanks a lot.
@theamazingjay161
@theamazingjay161 2 жыл бұрын
The last image summarizes perfectly how most SOCs are set up. Total chaos - but somehow it works. >:D
@egalegalegal2176
@egalegalegal2176 4 жыл бұрын
Thx for your Video series.
@abraham4124
@abraham4124 3 жыл бұрын
Great video
@rogerioabreu3081
@rogerioabreu3081 4 жыл бұрын
Amazing Video! Thank you
@yasinaltunterim
@yasinaltunterim 3 жыл бұрын
thank you.
@rezamehrad8512
@rezamehrad8512 4 жыл бұрын
Thank you @SecHubb! Question, Please, I there any chance of going through SOAR tools and how they can help SOC analysts? AND Is it a correct way of thinking that some SOC analysts have "we removed SIEM it is OLD and we replaced it with SOAR" !! I think this is NONSENSE, but I wanted to know from your perspective, and better know SOAR application and how it helps security analysts? Thank you!
@SecHubb
@SecHubb 4 жыл бұрын
Hello, thanks for watching! SOAR is another important topic altogether and more of a process improvement tool that sometimes is also used for incident management as well. There's a lot of "it depends" in your question, but largely I do not think that a SOAR would be something that could replace a SIEM, they are two different tools for two different objectives. One primarily centrally collects, correlates, enriches and visualizes logs, and the other is there to help take manual, unnecessary tasks out of your work. While you may see features mixing in practice, I think in most cases both would be needed. SOAR (or at least automation in general) is super important when it comes to not driving analysts crazy with repetitive manual tasks. See the "virtuous cycles" talk on my channel for more detail on how automation keeps us all happy and efficient. kzbin.info/www/bejne/Z3-4m4djZd6EoMk
@rezamehrad8512
@rezamehrad8512 4 жыл бұрын
@@SecHubb Hello and Thank you for running the series. I enjoy it. Your feedback was really helpful and is the same as I believe. Thanks!
@admar-nelson
@admar-nelson 4 жыл бұрын
simple and explained
@rckrs-jf8lb
@rckrs-jf8lb 4 жыл бұрын
good.
@Tzytryna
@Tzytryna 3 жыл бұрын
Great stuff!! Thank you!
ВЛОГ ДИАНА В ТУРЦИИ
1:31:22
Lady Diana VLOG
Рет қаралды 1,2 МЛН
Threat Hunting in Security Operation - SANS Threat Hunting Summit 2017
27:39
SANS Digital Forensics and Incident Response
Рет қаралды 41 М.
12 Days of Defense - Day 12: Should I Get A SOC/Cyber Defense Job?
11:56
12 Days of Defense - Day 5: How Windows Security Logging Works
14:57
Cybersecurity Architecture: Networks
27:31
IBM Technology
Рет қаралды 166 М.
SOC Analyst Skills - Wireshark Malicious Traffic Analysis
24:19
Gerald Auger, PhD - Simply Cyber
Рет қаралды 59 М.
SOC 101: Real-time Incident Response Walkthrough
12:30
Exabeam
Рет қаралды 208 М.
Threat Hunting via Sysmon - SANS Blue Team Summit
51:01
SANS Institute
Рет қаралды 63 М.