A Day in the Life of a Loop Secure SOC Analyst
The Loop Secure Security Operations Centre (SOC) is an integral part of our business, providing 24/7 cybersecurity operational support to our customers around the country. Our team are kept on their toes by the large volume of security events that need to be investigated every single day, in real time, and responded to immediately.
So, on a day-to-day basis, what does our team get up to? To ensure our customers enterprises are safe, our SOC team continually works across these vectors:
Management of security logs and incident alert notifications
Our SOC analysts typically face an onslaught of security events every day. This is actioned through a range of evolving detection systems that we place into our clients ICT environments, including security information and event management (SIEM), endpoint detection and response (EDR), security orchestration automation and response (SOAR), deception and threat intelligence systems. Together this Loop platform will generate alerts, whilst our analysts continually look for anomalies, build correlation rules and configure regular detection rules. The SOC analyst will look into each incident and ascertain the root cause and raise the response team if something is a bit fishy. Our team members are trained to interpret different alert notifications, and differentiate between genuine threats and false alarms – this process requires human intervention and expertise with a mix of lateral thinking and technology acumen.
Preventing cybersecurity attacks from advancing
Upon detecting qualified threat activity, the Loop Secure SOC analyst investigates it immediately and rallies an incident response team to prevent the threat from advancing in our customer’s sites. This can involve bringing in our Offensive Security experts or detecting advanced persistent threats (APT) or hidden malware on the network and decommissioning them before they can create more havoc.
Again, our SOC analysts are trained and skilled to discern which attacks are legitimate amongst the thousands of notifications that are received. They can analyse relevant security logs, create adaptive timelines and response critical paths across network topology to centralise the attack and speed up the response.
The SOC analysts and response team work with our customers to get business operations back on its feet after a cyberattack. This means briefing the response team, communicating with wider business stakeholders and restricting the activity of the network whilst under attack. Our team are able to make quick decisions under duress to limit the cost and recovery time of the attack – this deep subject matter expertise ensures that our customers benefit from skilled resources making educated decisions specific to cybersecurity response.
When our SOC analysts are not firefighting on some of Australia’s biggest cyber-attacks, they are kept busy by proactively hunting and educating themselves on the latest threats in our customers networks. Threat hunting is conducted based on the information from threat intelligence feeds, a constantly updated data source that integrates information on the various threat vectors, infected websites, recent cyberattacks, and so on. This information is applied across multiple customer sites so we can continually learn quicker and more effective responses to common attacks.
Loop Secure has a range of roles in our SOC team covering varying cybersecurity expertise and capabilities across many industries. As a guideline, their general responsibilities can benefit customers in ways such as this:
- Our SOC Analysts monitor the ICT environment using our detection tools and responding to alerts about security incidents.
- They also conduct triage and ascertain the seriousness of the alerts and perform periodic vulnerability scans on the network and generate assessment reports.
- Our Senior Loop analysts continually perform deeper analysis into security incidents. They coordinate with the threat intelligence team to understand the nature and extent of the attack. They also have to come up with ways to mitigate or remedy the attack.
- Our SOC focused Penetration Testers use penetration testing tools to understand the vulnerabilities on the network. They are also responsible for performing advanced threat hunting to detect potential threats hiding on the network.
The Loop Secure SOC team works tirelessly on the front lines of the battle against cybercrime. Though constant vigilance is part of the profile, safeguarding our customers is a rewarding job.
Struggling to choose the right cybersecurity vendor? Download our guide to choosing the right cybersecurity consultancy for you: