Lecture 3 Flashcards
Security Operations and Technologies
What is vulnerability scanning and why is it important in a SOC?
It assesses the network and endpoints for vulnerabilities that adversaries could exploit, helping to identify and manage risks.
Name some preventive technologies used in a SOC.
Firewalls, Proxies, VPNs, Network Access Control (NAC), and Data encryption.
What is a honeypot in cybersecurity?
A system designed to attract adversaries and malware, diverting their attention from valuable production systems.
What are the key components of network segmentation?
Dedicated network equipment, VLANs, and Access Control Lists (ACLs).
What factors are considered in disaster recovery planning for a SOC?
Business impact analysis, step-by-step disaster recovery plan, and regular testing and updating of the plan.
What are some examples of preventive technologies?
Firewalls and proxies, Reputation Security, VPNs, Network Access Control, and Data protection.
How do detection technologies contribute to SOC defense?
They provide another layer of defense, validating whether preventive measures are effective and reducing the risk of exploitation.
What is the purpose of baselines in detection technologies?
To establish normal behavior for systems and users, helping to detect deviations that may indicate threats.
Why are honeypots used in SOC environments?
To attract and divert adversaries from valuable systems, providing insight into attack methods and behavior.
What are the benefits of using a Security Information and Event Management (SIEM) solution?
It centralizes event logging and analysis, helping to identify and respond to security incidents effectively.
What is NetFlow and how is it used in SOCs?
A network protocol that collects IP traffic information, used to detect threats based on device behavior and deviations from baselines.
What are the key considerations for SOC capacity planning?
Physical and technical requirements, network throughput, and ensuring adequate resources and infrastructure.
How does segmentation help in SOC network planning?
It isolates different parts of the network to enhance security and control over data flow.
What is the role of redundancy in SOC planning?
To ensure that critical services and systems have backup options in case of failures, maintaining continuous operation.
What should be included in a step-by-step disaster recovery plan for a SOC?
Locations of backup data, step-by-step instructions for recovery, and regular testing to ensure effectiveness.