A security operations center (SOC) is responsible for monitoring and analyzing an organization’s security posture regularly. The main purpose of the team is to detect, analyze, and respond to cybersecurity incidents. The team is staffed with security analysts (SOC analysts) and managers who oversee security. The team works closely with the incident response team to ensure that the security issues are addressed immediately when identified.
Who works in SOC?
A security operations center team of staff is based on levels of the hierarchy of roles that are assigned with a clear escalation path. Broadly, they are divided into three tiers and each tier has defined objectives that contribute to the security of the organization.
|Tier 1||Receives and reviews the alerts daily.
Monitors SIEM alerts for their relevance and priority.
Configures security monitoring tools.
Perform triage to confirm a security incident.
Communicates Tier 2 Analysts about the urgency.
|Certification in SOC Analyst.
Basic knowledge of systems and networking.
|Tier 2||Evaluates incidents identified and forwarded by Tier 1 analysts.
Addresses real security incidents.
Applies threat intelligence like Indicators of Compromise.
Identifies the extent of the attack.
Works in coordination with threat intelligence analysts to identify the type and impact of the attack.
Implements a strategy for containment and recovery.
|Tier 1 experience.
Knowledge of security tools.
Strong knowledge of systems and networking.
Knowledge of incident response tools.
|Tier 3||Highly experienced as a SOC analyst.
Deals with critical incidents.
Identifies threats in the network.
Performs vulnerability assessments and penetration tests.
Assist in resilience strategy.
|Tier 1 and Tier 2 experience.
Work on the threat intelligence platform.
Reverse engineering and other cybersecurity concepts like forensics, threat intelligence, etc.
Do you have the right skills to be a part of the SOC team?
A SOC Analyst should have the skills defined in the above table. The foremost requirement is to have a certification that enables the analyst to acquire skills to lead a SOC team successfully. EC-Council’s Certified SOC Analyst (CSA) program should be a first step to joining a SOC team.
The following features of the CSA program ensure that you have the right skills to be in the SOC team –
End-to-end SOC process – C|SA helps in learning detailed processes, procedures, and technologies related to SOC. It gives an insightful knowledge of end-to-end SOC process and threat reporting, responding, triage and documenting the incident.
SIEM and its deployment – The program covers incident detection at different levels through signature and anomaly-based detection technologies. C|SA helps in learning SIEM deployment with 45 elaborated use cases.
Threat intelligence skills – C|SA has a dedicated module of threat intelligence where it covers the process of identifying threats. It also ensures threat intelligence feeds into SIEM.
Compliant to NICE Framework – C|SA is mapped 100% to NICE Framework under the Protect and Defend category. This ensures that the program is mapped to the skills required by a certified SOC analyst.
Hands-on learning with real-time experience – With 22 labs in the program, C|SA gives hands-on learning to the students. It is a practically driven program that provides lab practice at all levels of SOC roles.