In this video, we're going to talk about Course Conclusions and our Final Comments. We talked about a lot over the last few hours, and I want to again highlight that these are really just breaking the surface on each of these topics. There's a lot more for each one. You saw when we looked at Security Onion, that we just briefly talked about each of the tools, and it would take you a little bit of time to fully get to understand the tools and what they're capable of. We talked about Incident Response, that can take time as an actual SOC Analysts, to get a hang of it, and to understand the tools and techniques that you would do there. There are so many areas to this skill set that you can learn about, and to help support that there are lots of search and training that you can do additionally, that will deep dive into these topics and show you specific techniques for how to handle them. But with that, there's some key takeaways. Hopefully, you'll get out of this course to help you decide and prepare for your SOC feature. SOCs act as a front-line defense for organization cyber security. What I mean by this is that, they're where the rubber meets the road in terms of all of our policies, all of our compliances, all of our penetration tests, and all that stuff, is only there to really help improve the security of the overall organization. A lot of those then are there to increase our defensive techniques, and in the case of a real incident or an attack the SOCs is the front line, they're the first ones that see it, they're the first ones to react to it. Now, you talk about writing and penetration testing, and also offensive security stuff. Ideally, though, you're right team is just doing something to help improve the SOCs capabilities, and by improving SOCs capabilities you're improving the overall organization capabilities. SOCs utilize several tools, including SEIMs, TIPS, IDS, IPS to monitor and alert for suspicious activities. These are just some of the tools. Again, these are NSM, your network security monitoring tool sets, but they're going to have analysis tools, the various dashboarding tools that we looked at the bottom, and things of that nature. They're going to have forensics analysts tools, and a huge amount of tools they can use at their disposal. I panelists thing to think like an attacker in order to understand how to best detecting container attacks. This is really important. Remember that attack phase that we talked about when we talk about recon, [inaudible], post exploitation, those things are important because once you can think like an attacker, you can predict or to attempt to predict what the attackers next move is going to be. If you see something like an incident or an alert where it looks like someone's trying to log into a local avenue on a system, you can predict at that point that, maybe the attacker is trying to escalate the privileges, and then you can guess what you're going to try do next, and that will help you work in your incident response plan to contain and eradicate all those trying to escalate privileges. We need to do this and this to prevent them from doing that, and get them removed from the network. In order to detect much activities, a SOC or an organization in general must first know what normal activities look like. This is extremely important, and this is also credibly tough for organizations. A lot of security boils down to solid basics. You don't need the fanciest tools and the flashiest things if you have solid fundamental basics. As long as you have Sean asset management, you have a good onboarding of your systems for log collection, you have good coverage of your NSM products. You have to know what normal activities look like, and once you know what normal activities look like, you can more effectively, more efficiently identify abnormal activities. This is very very important for a SOC. It is very difficult, though. It's going to change and depend on your size of your organization. If you have 100 assets in your organization, this isn't so hard, but if you're like Walmart and you have millions of assets in your organization, then this becomes much more difficult. The organization should understand and follow six phase incident response methodology to effectively handle security incidents. These six phases are important because it gives us a framework to work in as incident response analysts or insert responders. Each phase has it's own steps and procedures. That's what we just talked about. They vary smoothly transition from one phase to the next. They build upon each other, so it's important to have your first phase be as strong as your last phase. You need to use all of them effectively and efficiently as possible in order to have a good well-rounded instant response plan. Something we didn't talk about too much before, but we can hint to that a little bit, as securing industry is constantly evolving, new attacks, vulnerabilities, and methods are created each day. New attackers develop new tricks to use, they come up with new plans, new ideas, new attackers, new threat actors emerge every day. It's important that SOC analysts are aware of this, and understand that you're never going to know it all. We're going to be able to prevent everything is every day it's going to change, it's constant battlefield, so we call a cat and mouse game. An attacker comes up in the attack methodology, defenders learn how to defend against it. The attacker changes it a little bit, defenders learn how to defend against it, and it's this back and forth. We talked about signature-based detection. If you have a malicious binary that has a certain signature in it, and the defenders take that signature, and they uses an IOC, well, all you need to do is change one character in your malware, and now the signature is changed, and now they're IOC doesn't matter anymore. You have got to get the new signature or they'll have to come up with some other behavioral-based, heuristics-based detection capabilities, and then it's flattened for this something we play with all the time. Finally, I want to say thank you for staying last few hours with me in this course. I hope you've learned something from it. I look forward to talking to you in the future.
