An

Industrial Synopsis Report

SOC Analyst
Submitted in for the partial fulfilment of the degree

By

Aishwarya Roy

Regn. No. 22MCAN085

Under the Guidance of

Faculty Internship Guide Industry Guide

Name: Ms.Rashi Jain Name: Y.Chaitanya

Internship Organization Details:
Chaitanya Cyber Strix Technologies Pvt. Ltd. is a well-established cyber security services
provider organization. By now, we have achieved fantastic success with our detailed
services, having acquired consumer trust via our compassion for the task and the new
features we continue to introduce with subsequent projects. We prioritize quality above
quantity. This is our determination, and we keep it in mind before implementing any ideas.
We continue to go forward with this, since it has guided us in a great way.

Services:

SOC

A security opera ons center is responsible for protec ng an organiza on against cyber
threats. SOC analysts perform round-the-clock monitoring of an organiza on’s network
and inves gate any poten al security incidents

VAPT

VAPT stands for Vulnerability Assessment and Penetra on Tes ng. This process helps
organiza ons iden fy and fix security weaknesses before a ackers can exploit them.
VAPT also helps organiza ons meet regulatory compliance requirements and protect
their reputa ons.

Corporate Trainings

It is cri cal for your business to be aware of the latest cyber threats and vulnerabili es
and make sure that your developers use secure coding prac ces. We offer cybersecurity
training tailored to your business and empower your employees with valuable skill sets.
 Internship Profile
About [Chaitanya Cyber Strix Technologies Pvt. Ltd.]

Chaitanya Eshwar Prasad, a passionate cybersecurity professional and entrepreneur

based in Hyderabad, Telangana, India.I’m a India Book of Records 2023 holder. With a deep
interest in information technology and networks, I'm constantly seeking to evolve my skills
and knowledge to stay ahead of the curve. I've been passionate about cybersecurity since
the 7th grade, and I started my own company in the 10th grade. I believe that my early
exposure to the world of technology has given me a unique perspective and valuable skills
that I bring to every project. I'm proud to be the Founder Director and CEO of Chaitanya
Cyber Strix Technologies Pvt. Ltd., a company dedicated to providing top-notch
cybersecurity services, the cofounder of Shasra Engineering and Construction Private
Limited Company.

Requirements:

 No Coding Required.
 Basic knowledge of Computer Systems.
 One year in an information security role or equivalent experience is beneficial.
 Ability to read
 understand networking will help, although it is not mandatory.

Principal Duties & Responsibilities:

 During your employment, you may have access to trade secrets and confidential
business information belonging to the Company.
 By accepting this o er, you acknowledge that you must keep all of this information
strictly confidential and refrain from using it for your purpose or disclosing it to
anyone outside the Company.
 By accepting this o er, you agree that throughout your internship, you will observe
all policies and practices governing the conduct of our business and employees.

MODE OF INTERNSHIP -ONLINE

Address: Capital Park, Hi-tech City Hyderabad, Telangana, India

Literature Review (Technology Used):
Soc Analyst Tools
A Security Operations Center, or SOC, is part of IT departments which monitors and
collects security data using SOC Analyst Tools in order to safeguard company networks
against external threats. Generally divided into sections or teams responsible for tracking a
di erent category of events, each SOC team typically comes equipped with di erent
monitoring and incident management tools so they can e ectively oversee network tra ic.

What does SOC do?

With an increasing need for advanced cybersecurity solutions, Security Operations Centers
(SOC) tools have become essential components of the security package for organizations
seeking to maintain an exemplary security posture. SOC, or a Security Operation Center,
serves as the command center of an organization’s cyber defense infrastructure.

SOCs play an invaluable role in identifying, analyzing and responding to security threats
quickly and accurately to improve an organization’s security posture. By continuously
monitoring network tra ic with dashboard, vulnerabilities, hidden threats, and potential
threats a SOC / Security analysts can detect potential risks and take appropriate actions to
avoid or mitigate them.

Prevention vs. Detection

Cybersecurity relies heavily on both prevention and detection for optimal protection.
Prevention involves taking proactive steps to forestall potential threats before they even
happen; detection refers to any malicious activities discovered that were previously
undetected or undetected in advance of detection measures being put into e ect.

Protection includes measures like firewalls, antivirus software and access controls;
detection refers to actively monitoring network activity and user behavior for signs of
compromise or criminal activities. Specialized SOC tools and technologies o er advanced
threat detection capabilities which allow the SOC team and Security analysts to quickly
recognize threats in real-time and respond accordingly.
Considerations when Selecting SOC Analyst Tools
Selecting the proper Security Operations Center tools is critical in creating an e ective
information security and monitoring process within an organization. Here are some points
to keep in mind when selecting the best SOC software tools:

 Integration: When selecting a tool, ensure it can easily integrate with your existing
security infrastructure such as firewalls, intrusion detection systems and SIEM
solutions.

 Scalability: Choose a Security Operations Center tool that will expand with your
organization, accommodating growing amounts of data and network tra ic.

 Usability: Look for Cybersecurity tools with user-friendly interfaces and features,
which make it simple for analysts to identify and respond quickly to threats.

 Customizability: Look for tools with customization features to meet the unique
security needs of your organization. This will enable you to tailor the tool exactly as
necessary.

 Support and Updates: It is crucial that any Security tool provider provides regular
updates as well as timely technical support services to address any potential issues
that may arise.
The SOC Analyst Tools List
Major Categories of Tools in Security Operations which I have used:

 SIEM (Security Information and Event Management)

 EDR (Endpoint Detection and Response)
 XDR (eXtensible Detection and Response)
 AV (Antivirus)
 Threat Intelligence
 Cloud Security
 Email Gateway
 Web Gateway
 Firewall
 IDS
 Malware Analysis Tools
 Threat Hunting Tools
 SOAR
 Web Application Firewall
 Application Control Tools
 Data Loss Prevention Tools

SIEM Tool (Security Information and Event Management)

A SIEM tool which is the most essential tool is used to monitor and manage network
security and is also used for log management. This type of monitoring tool collects log data
such as information from various sources such as firewalls, IDS/IPS devices, antivirus
software and log files on operating systems.

Real-time network data from SIEM platforms provides real-time visibility of what is
happening within a network, including who accesses what, when and how frequently. Once
collected by automated system, this information can then be analyzed by SIEM to detect
any suspicious activities on it and issue alerts accordingly.

Some Examples are: Splunk, IBM QRadar, Logrythm, etc.

EDR (Endpoint Detection and Response)
Endpoint detection and response (EDR) services assist organizations to detect, contain,
and respond e ectively to cyberattacks by identifying attack patterns.

EDR gives organizations the ability to collect endpoint data from various sources – on-
premises and from cloud services – while simultaneously using security data and running
custom scripts in order to detect malicious activity. This tool has become an essential
piece of their security arsenal.

XDR (eXtensible Detection and Response)

XDR is a detection and response architecture designed to integrate security technologies,
processes, and people. It consists of three main components:

An anomaly-detection engine (XDE), designed to detect any discrepancies or anomalies in

data flow

An XDR-response engine (XRE), which responds to detected anomalies by taking corrective

actions; and

The XDR Framework (XDF), which facilitates integration of security technologies,

processes, and people into the architecture.

To meet its goal of detecting anomalies in data flow while maintaining high performance in
processing speed, the XDE was designed using machine learning algorithms.

AV (Antivirus)
Antivirus Tool
Antivirus (AV) software is a form of computer security solution software designed to defend
computers against threats such as computer viruses, worms, and Trojan horses.

As soon as we buy a new computer, the first thing we should do is install an antivirus
program to avoid installing malware and provide protection in case any do get installed.
Cyber Threat Intelligence
Threat intelligence (TI) is the practice of gathering, analysing and disseminating information
on cybersecurity threats to inform organizations of the current cyber-threat landscape and
assess risks they face; in turn providing a security strategy and guidance on how best to
mitigate them.

Organizations also gain insight into how their adversaries operate, what techniques and
capabilities they utilize, which allows them to predict future attacks more accurately,
prioritize defences more strategically and allocate resources more e iciently.

Cloud Security
Cloud Security Tool
Cloud security software provides data stored in the cloud with protection by scanning
cloud infrastructure for vulnerabilities and monitoring access.

Cloud security software o ers multiple layers of protection for your data. These security
systems include encryption, firewalls and intrusion prevention systems as well as the
capability of monitoring and controlling access to relevant data from anywhere around the
globe.

Email Gateway
Email Gateway An email gateway is a system which collects email messages from the
Internet and transforms them into another protocol such as POP3, SMTP or IMAP before
forwarding them on to an email server.

An enterprise with an on-premise Exchange Server looking to send mail to external

domains would typically install an email gateway on their corporate LAN to receive mail
from the Internet and translate it to SMTP; then use VPN tunnelling technology to deliver
the mail directly into their Exchange Server for delivery. Secure Email Gateways are servers
that sit between email clients and servers, filtering all incoming and outgoing email for
spam, malware and viruses.
This gateway is perfect for businesses who wish to protect their employees against
phishing attacks, spam and other forms of malicious content.

Web Gateway
A Secure Web Gateway is a type of proxy server designed to protect networks from
unwanted tra ic.

Secure Web Gateways can be configured to block certain kinds of website content – like
social media websites – or simply limit access to certain websites.

Antivirus protection provides additional defence against malware and phishing by scanning
all incoming web tra ic for suspicious code.

Firewall
A firewall is a set of various network devices used to block unwanted internet tra ic from
entering a computer network or computer system.

A firewall restricts only authorized computers and networks from connecting to a local area
network (LAN) or personal computer (PC), blocking unauthorized users on the internet
such as hackers from gaining entry to it. This tool may be combined with other forms of
security measures for optimal protection.

IDS (Intrusion Detection System)

An intrusion detection system (IDS) is designed to monitor networks for any suspicious
activity that could indicate intrusion attempts or attempts.

An IDS can monitor network activity to identify any suspicious or unusual activities, such
as unapproved access or attempted attacks. It can even detect when someone attempts to
breach firewalls to gain entry or attack servers.
Malware Analysis Tools
Malware analysis is the process of inspecting programs to understand what they do and
how they do it, an integral component of cyber security. This is carried out using special
tools designed specifically for this task.

Malware analysis seeks to detect and delete malicious software from an operating system.
These possible threats may come in the form of viruses or worms – viruses infiltrating other
programs on disk while worms spread via infecting machines connected via networks by
sending copies of themselves as copies to themselves over a network.

Threat Hunting Tools

Threat hunting tools are designed to identify and investigate suspicious activities on a
network, including compromised accounts, the presence of malware/ransomware within
it, atypical computer behaviour in an employee computer and any malicious insider threats
that may exist within an organization.

These tools may be free or paid for, depending on what the organization needs them for.
There are various types of cyber threats they can help address including email threats,
website threats and social media attacks – making these tools invaluable assets in
combatting threats to any business or organization.

SOAR
SOAR tools automate response to security incidents by providing threat intelligence feed
and an interface for incident response teams.

Security Orchestration Automation and Response (SOAR) software assists incident

response teams in their response e orts against security threats. SOAR tools automate
this response process by a security event manager o ering an interface for all steps
involved in responding to an incident.
Step one of any successful response plan should always involve identifying and
neutralizing potential threats through various means, such as quarantining or shutting
down systems.

The next step should be identifying which data has been compromised and how it was
accessed, followed by mitigating any additional damage caused by an attack.

Step three involves planning for future attacks of similar nature by installing additional
firewalls and software to detect hacker activity as well as devising ways to counter them.

Web Application Firewall

A web application firewall (WAF) is a type of automated software designed to safeguard
web applications against internet-based attacks. This is one of the most e ective SOC
Tools that o ers a SOC some relief by automatically blocking threats.

WAFs can be deployed either as an on-premises server or cloud service and use HTTP
requests to filter for patterns of misuse such as SQL injection and cross-site scripting to
help reduce security risks.

Application Control Tools

Application control tools are used to keep an eye on how employees use applications.
Although their uses vary greatly, all application control tools serve the same goal of
monitoring and restricting how much time employees spend using specific apps.

Analysts can use this in many ways. They may limit how long employees spend using
certain applications or websites, or be used to track employee activity and generate reports
on it.
Data Loss Prevention Tools
Data Loss Prevention Tools are technologies and policies used to prevent data breaches
and ensure that data from operating systems does not get lost or stolen.

Data Loss Prevention Tools can be implemented in many ways depending on the size and
type of business involved and data they need to protect.

All businesses that collect data should implement Data Loss Prevention Tools to safeguard
it and protect it from being lost or stolen.

An example of Security Operations Center Tools used in an Investigation of a Security

Incident
For an example of how SOC tools may assist a security investigation,
observe the following:
 SIEM Analysts receive an alert from their SIEM solution alerting them of possible
suspicious activity on a company network. By employing an SOC tool with advanced
threat detection and hunting capabilities, analysts quickly identify the source of
tra ic as being from Firewall tra ic that has previously unknown malware variants
attempting to exfiltrate sensitive data – also detected using Data Loss Prevention
Tools.
 Analysts use EDR tools to isolate systems a ected by malware, preventing further
data loss. Security Analysis tools o er threat intelligence features which enable
analysts to gather more information on the threat actors and its source application
as well as gather intelligence regarding origin and behavior of the malware threat.
 These findings and key tools can then be utilized to modify an organization’s security
policies using Application Control Tools and ensure e ective prevention of similar
attacks in the future.
 SOC tools proved their worth here by quickly and accurately detecting threats,
analyzing and mitigating an imminent serious security incident or threat – an
essential function that provided much-needed peace of mind for management.
 Conclusion
Technology has enabled companies to remain secure online and protect
themselves from malicious actors and cyber attackers. SOC analysts rely on
various tools for threat monitoring and detection in order to keep
organizations secure. In this blog post, as Security Analysts, we discussed
their available tools as well as their purpose, functions, benefits and usage for
better protection of digital infrastructures.