SecOps 101 Flashcards
What is Panther’s mission?
Go make security teams smarter and faster than attackers
What does a security operations center (SOC) do?
Detect, analyze, and respond to cybersecurity threats
What are the two things SecOps is protecting?
Services and data
What are the four things that security’s operations do?
- Collect data from various sources
- Analyze data and find suspicious activity
- Alert the team to respond
- Investigate and determine if a breach had occurred
What does SIEM stand for?
Security
Information and
Event
Management
Traditional SIEMS usually require _________ to deploy and maintain
High operational effort
Traditional SIEMS have ______ and super slow queries to our data
Poor performance
Traditional SIEMS often use ________ that restrict analysis capabilities
Proprietary languages
Traditional SIEMS usually involve______ that force teams to limit data collection
High licensing costs
What trait about Panther help SecOps team scale?
The fact that it’s fully cloud native - means that the architecture is designed for scale at a much lower cost
What allows Panther to be more scalable at a lower cost?
The fact that it’s cloud native
What allows Panther to analyze data much faster?
It’s built with with detection as code
What is Panther’s product focus for FY 2024?
Being the best at detection
What is the first step in Panther’s platform when data comes in?
It gets parsed and normalized
What happens after data is ingested in Panther?
You can detect events based on rules and queries
