Mastering Cybersecurity: Day 3 of the 100-Day Challenge

Important tools used in Cyber security

• Security information and event management (SIEM) tools : A SIEM tool is an application that collects and analyzes log data to monitor critical activities in an organization. A log is a record of events that occur within an organization’s systems.

  SIEM tools also come with different hosting options, including on-premise and cloud. Organizations may choose one hosting option over another based on a security team member’s expertise. For example, because a cloud-hosted version tends to be easier to set up, use, and maintain than an on-premise version, a less experienced security team may choose this option for their organization.

• Network protocol analyzers (packet sniffers): A network protocol analyzer, also known as a packet sniffer, is a tool designed to capture and analyze data traffic in a network. This means that the tool keeps a record of all the data that a computer within an organization's network encounters. Later in the program, you’ll have an opportunity to practice using some common network protocol analyzer (packet sniffer) tools.

• Playbooks

  A playbook is a manual that provides details about any operational action, such as how to respond to a security incident. Organizations usually have multiple playbooks documenting processes and procedures for their teams to follow. Playbooks vary from one organization to the next, but they all have a similar purpose: to guide analysts through a series of steps to complete specific security-related tasks. 

Introduction to Linux , SQL & Python

Now , Let's introduce ourselves to Python and SQL programming & the Linux operating system. Linux is an open-source, or publicly available, operating system. Unlike other operating systems you may be familiar with, for example, MacOS or Windows, Linux relies on a command line as the primary user interface. Next, let's discuss SQL. SQL stands for Structured Query Language. SQL is a programming language used to create, interact with, and request information from a database. A database is an organized collection of information or data. There may be millions of data points in a database. So an entry-level security analyst would use SQL to filter through the data points to retrieve specific information. The last programming language we'll introduce is Python. Security professionals can use Python to perform tasks that are repetitive and time-consuming and that require a high level of detail and accuracy.

Conclusion

In summary, mastering key cybersecurity tools like SIEM, network protocol analyzers, and playbooks is crucial for effective threat detection and response. Additionally, proficiency in Linux, SQL, and Python enhances a security professional's ability to manage systems and data efficiently. By utilizing these tools and skills, organizations can significantly bolster their defenses against cyber threats.