About this course
The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.
CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need. To read more about SOC and how they are important to many industries
Industries That Must Have a (SOC)
Many industries are dependent on Security Operations Management, including:
Why Must Organizations Have Log Management and a SOC Team?
Log management is an organized approach to deal with large volumes of computer-generated log data. It allows multiple operations on data like generation, collection, centralization, parsing, transmission, storage, archival, and disposal.
Organizations have a Security Operations Center team and a log management solution in order to:
- Comply with applicable regulatory standards such as PCI-DSS, HIPAA, RMiT, ISO 27001, and others.
- Protect servers storing sensitive data from internal and external threats.
- Secure proprietary information and intellectual property.
Besides log management, Security Operations Center analysts can also integrate Security Information and Event Management (SIEM) tools in their process. These software tools aggregate security data from multiple sources, such as network devices, servers, and other locations. SIEM tools then connect the dots to discover the trends and detect cyber threats so that organizations can act on the alerts.
How Does a SOC Help?
- For the Payment Card Industry (PCI), it is mandatory to maintain a Security Operations Center. According to the PCI Compliance Security Standard Council, any merchant processing and storing credit card data should be PCI compliant. PCI compliance helps to ensure secure online transactions and protection against identity theft.
- In such a scenario, a SOC team helps to:
- Monitor firewalls, their logs, and any configuration change to identify an irregularity.
- Increase the speed of incident remediation.
- Check firewall and router configuration standards by comparing them with documented services, ports, and protocols.
As the healthcare industry contains crucial health data, such as holistic reports of patients including personalized diagnoses and treatments, it is an alluring target to cybercriminals. Threat actors monetize patient data by selling it to the highest bidder or blackmailing the victim.
For keeping protected health information (PHI) secure, healthcare organizations require a SOC 2 audit. SOC 2 compliance ensures:
- Customer trust
- Brand reputation
- Business continuity
- Competitive advantage
The manufacturing sector has always been a vulnerable industry as it possesses intellectual property and advanced technologies. Consider a Department of Defense (DoD) contractor for example: It is a must to meet the NIST cybersecurity standards to maintain DFARS (Defense Federal Acquisition Regulation Supplement) compliance. The NIST SP 800-171 outlines guidelines for Audit and Accountability, Configuration Management, Identification, and Authentication, with several other criteria.
SOC analysts are needed in the manufacturing industry to:
- Set up alerts to monitor potential threats.
- Promptly remediate ongoing and possible security threats.
Cybercriminals are eyeing financial services for their bulk transactions and real-time monitoring of activities. Apart from external attacks, institutions are also vulnerable to lost employee devices (like phones) and insider threats.
Banking and Financial services should perform SOC Type 1 and SOC Type 2 audits along with annual SOC 1 SSAE 18 reports. Being in clear nexus with the Internal Control Over Financial Reporting (ICFR) concept, these audits effectively report on internal controls. They reveal:
- Weaknesses in security controls like improperly provisioned information systems, weak authentication parameters, lack of multiple layers of security, and others.
- Shortcomings in operational controls.
- Flaws in documentation.
As government agencies store personal information along with criminal records and religious and political inclinations, they are a prized target for cyber attackers.
Government institutions need SOC teams for:
- Network monitoring in real time.
- Analyzing activities on servers, endpoints, and databases.
- Looking for an incident or signs of a breach.
Education establishments are easy targets for cybercriminals. They not only carry personal data but also valuable research data and allow access to larger networks.
A Security Operations Center can help an educational institution’s IT staff respond to growing security threats by:
- Identifying and monitoring institutional assets and data.
- Neutralizing threats.
- Providing cybersecurity metrics to the IT staff.
- SOC Analysts (Tier I and Tier II)
- Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
- Cybersecurity Analyst
- Entry-level cybersecurity professionals
- Anyone who wants to become a SOC Analyst.
Learning Objectives of CSA
- Gain Knowledge of SOC processes, procedures, technologies, and workflows.
- Gain a basic understanding and in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber killchain, etc.
- Able to recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
- Able to monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers, and workstations).
- Gain knowledge of the Centralized Log Management (CLM) process.
- Able to perform Security events and log collection, monitoring, and analysis.
- Gain experience and extensive knowledge of Security Information and Event Management.
- Gain knowledge of administering SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
- Understand the architecture, implementation and fine-tuning of SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
- Gain hands-on experience in SIEM use case development process.
- Able to develop threat cases (correlation rules), create reports, etc.
- Learn use cases that are widely used across the SIEM deployment.
- Plan, organize, and perform threat monitoring and analysis in the enterprise.
- Able to monitor emerging threat patterns and perform security threat analysis.
- Gain hands-on experience in the alert triaging process.
- Able to escalate incidents to appropriate teams for additional assistance.
- Able to use a Service Desk ticketing system.
- Able to prepare briefings and reports of analysis methodology and results.
- Gain knowledge of integrating threat intelligence into SIEM for enhanced incident detection and response.
- Able to make use of varied, disparate, constantly changing threat information.
- Gain knowledge of Incident Response Process.
- Gain understating of SOC and IRT collaboration for better incident response.
Duration: 3 Days
Time: 9.30 am. – 16.30 pm.
Venue: ACinfotec Training Center
16th Fl., Asia Centre Bldg., South Sathorn Rd.
Training Fees: 39,000 Baht (ex.vat 7%)
Tel. 02 670 8980-3 ext.304, 305