The higher level functions of SOC are divided into parts that are “ Core Functions” v/s “ Speciality Fields ”. Small teams may even performs all the functions by themselves. Core Functions are mostly performed by SOC analysts . The other Speciality fields requires different level of significant skillset that they need special another person for performing this. Large Organizations have dedicated forensics, pentesting, Threat intel etc, but small Organizations often outsource these capabilities for cost efficiency.

Core SOC:

  • Data Collection: This process will let us know that what is occuring both at the network and the endpoints. …


Tiered SOC:

When it comes to analyst roles in the security domain (SOC), it will be breaked down into tiered structure. It basically divides into three categories- Tier 1, Tier 2 & Tier 3.

Tier 1 represents an entry level role.As they gain more experience, they get promoted into higher tiers. Tier 1 involves the tasks for the newcomers like collecting the data and understanding the rules of SOC. It also involves that whether the analyst is allowed to use particular tool or not and which data they can view. This is having plus side and minus side both. Plus…


Imagine, if you are a bus company and you send out the ticket confirmations via email. The ticket confirmation email goes to spam folder of customer. They don’t know where their ticket confirmation email is. It might be their own fault for not looking in their spam folder. But this will still badly reflect on your company. Customer wants their money back. Now, multiply this by a thousand. Crisis control can only do so much and your brand reputation suffers. Customers switch to other bus companies, because your’s cannot be trusted. …


Vulnerability management strategy refers to an ongoing, comprehensive process or program that aims at managing an organization’s vulnerabilities in a holistic and continuous manner. It is a continual process that aims to manage an organization’s cybersecurity vulnerabilities long-term.

In this, it involves continuous vulnerability assessments. Vulnerability assessment has a specific start and end date.

Vulnerability assessment refers to a series of operations that are used to define, identify, prioritize and classify vulnerabilities on computer networks, applications, and infrastructures. This assessment provides intelligence regarding the conditions, risks and the background to the security team of an organization. It determines how they…


As the business grows and getting bigger day by day in volume globally, the complexity of attacks also starts growing with it. Protecting the business is a difficult task. It can be affected by data breaches, destructive malware and ransomeware.

High-quality threat intelligence can offer immediate network protection, provide visibility to known threats and significantly reduce the time required for situational investigation or incident response.

Time to decision is everything. Security analysts, whether performing incident response or general threat research, need automated tools with intelligent rules to help find, organize and filter the most relevant information for their primary task…


IOC helps us with the information of attack that has already happened. So, what if we gather the information during the attack ? This leads us to the concept of IOAs.

IOAs stand for “ Indicator of Attack ”.

Indicator of Attack is a collection of data sets that gives relevant information for the particular attack. IOAs can help us understanding the current situation and events that are taking place in the moment. IOAs works towards influencing focus and drive towards defensive measures to lower risk.

IOAs focuses on detecting the purpose of what the attacker is trying to accomplish…


Managing cybersecurity is an infinite process which involves writing secure codes, hardening servers, detecting and responding known and unknown security incidents, auditing and a lot more. All of this is handled by different cybersecurity teams such as system administrators, security operation centers and computer emergency response teams, as well as computer security incident response teams.

Part of this defensive job is to analyze and explore servers, networks and apps to see if there are any IoCs there. IoCs are a top priority for any organization’s security team, as they offer direct connection to mitigation strategies, let security researchers and digital…


We all know that cybercriminals uses variety of strategies to get into target’s network for whatever they want. The cyber security threat landscape continues to grow as the attacks of cybercriminals makes the task of detecting and tracking more challenging. Nowadays, cybercriminals rarely uses single attack vector. They are combining different tactics and multiple techniques to achieve their objectives. Understanding them helps as effective defense for cyber professionals.

TTP stands for Tactics, Techniques and Procedures

TTPs represent the methods or signature of the cybercriminals. It basically describes the behaviour pattern of cybercriminals.

TTPs are three essential concept mentioned below:

Tactics


Do you know how much time an attacker spends on information gathering about the target??……..a lot. That is why reconnaissance is the most important stage of pre-attack.

But have you ever thought that after compromising something how much time attacker spend into the target’s network before they leave or caught?? This leads us to Dwell Time.

Dwell time is the time from the point of infiltration to the point of detection.

This is a term that you’ll hear often in incident response, threat hunting, and maybe even threat intelligence.

Dwell Time represents the length of time a cyber attacker has…

Shruti Patel

Cyber girl

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store