Today we will give you an overview of the daily duties of an information security analyst. His work is, in fact, a constant analysis of raw data from
heterogeneous sources of events (information and network) security to maintain (and preferably) increase the level of security of the organization. These are not always specific practical actions, but, as a rule, they include data aggregation from many possible sources: event logs of operating systems, firewalls, routers, antivirus scanners, and much more. Then he needs to combine
or match them to obtain a data set that can be processed using appropriate algorithms.
Security Analytics in Detail
The difficult part of the IB analytics profession is to find the current active threats in the notorious haystack. And what's more, go beyond the current threat to see and analyze the whole picture. And as a result, block all threats similar to it or come up with a one-time, but effective answer.
In order to do this correctly, it is important to immediately determine the type of analysis required, as well as highlight the specific events on which you will focus in this investigation.
This is a bird's eye view of information security analytics.
Now let's talk about Security Information and Event Management, or SIEM. This, in essence, is the same as I described above - processing event logs, mainly from the logs of operating systems, network devices and other security tools, and their subsequent combined analysis. At the end of the analysis, classical mathematical statistics are used so that the initial data can be reliably interpreted by people.
heterogeneous sources of events (information and network) security to maintain (and preferably) increase the level of security of the organization. These are not always specific practical actions, but, as a rule, they include data aggregation from many possible sources: event logs of operating systems, firewalls, routers, antivirus scanners, and much more. Then he needs to combine
or match them to obtain a data set that can be processed using appropriate algorithms.
Security Analytics in Detail
The difficult part of the IB analytics profession is to find the current active threats in the notorious haystack. And what's more, go beyond the current threat to see and analyze the whole picture. And as a result, block all threats similar to it or come up with a one-time, but effective answer.
In order to do this correctly, it is important to immediately determine the type of analysis required, as well as highlight the specific events on which you will focus in this investigation.
This is a bird's eye view of information security analytics.
Now let's talk about Security Information and Event Management, or SIEM. This, in essence, is the same as I described above - processing event logs, mainly from the logs of operating systems, network devices and other security tools, and their subsequent combined analysis. At the end of the analysis, classical mathematical statistics are used so that the initial data can be reliably interpreted by people.
