Navigating the World of Cybersecurity: My Journey as a SOC Analyst Intern at Acko

Introduction

As an aspiring cybersecurity professional, I was fortunate enough to have an internship as a Security Operations Center (SOC) Analyst at Acko, a leading digital insurance provider. The experience gave me an opportunity to learn and work with some of the most innovative security technologies in the industry. In this blog, I will share my journey of working with various security tools, focusing primarily on cloud security and endpoint security. I will outline the workflow I implemented to secure Acko’s cloud and endpoint infrastructure.

Cloud Security

Acko leverages AWS as its primary cloud provider. In my role as a SOC Analyst, I was responsible for the following tasks:

A. Sensitive Data Discovery using AWS Macie

AWS Macie is an intelligent security service that utilizes machine learning to automatically discover, classify, and protect sensitive data stored in the AWS environment. I implemented AWS Macie to scan and classify Acko’s S3 buckets, and set up custom alerts for any sensitive data discovered in unprotected storage.

B. AlienVault Integration with GuardDuty

AlienVault is a powerful Security Information and Event Management (SIEM) tool that collects and analyzes security data from multiple sources. I integrated AlienVault with AWS GuardDuty, a threat detection service, to enhance our threat detection and monitoring capabilities. This integration enabled us to centralize and streamline our security incident response process.

C. GuardDuty Threat Monitoring

With AWS GuardDuty enabled, I configured custom alerts and set up monitoring dashboards to keep track of potential threats. This allowed us to proactively detect and remediate any security issues in real-time.

D. CloudFront Monitoring and Alerting

Acko uses AWS CloudFront to distribute content to users worldwide. To ensure the security of our content delivery, I set up monitoring and alerting for CloudFront using AWS WAF (Web Application Firewall) and AWS Shield, which protected Acko’s web applications from various security threats such as DDoS attacks and SQL injections.

Endpoint Security

A. CASB — Netskope

Acko uses Netskope, a Cloud Access Security Broker (CASB) to secure its cloud-based applications and services. As a SOC Analyst, I set up policies and alerts in Netskope to monitor and control user access to cloud resources, ensuring data security and compliance.

B. EDR — Trend Micro

To protect Acko’s endpoints, I implemented Trend Micro’s Endpoint Detection and Response (EDR) solution, which provided advanced threat detection, investigation, and response capabilities. This enabled us to quickly identify and respond to any threats targeting our endpoints.

C. AI-based DRP — CloudSek

CloudSek is an AI-based Digital Risk Protection (DRP) platform that helps organizations discover and mitigate digital risks in real-time. I used CloudSek to monitor Acko’s digital assets, such as websites and social media profiles, for any potential risks or vulnerabilities.

D. Google Workspace — G-Suite OAuth Risk Review

Finally, I conducted an OAuth Risk Review for Acko’s Google Workspace (formerly G-Suite) to assess the security of third-party applications with access to our organization’s data. I worked on identifying and revoking access to any risky applications, thereby reducing the risk of unauthorized data access.

Comprehensive Security Review

In addition to the above-mentioned security measures, I also conducted comprehensive security reviews across various aspects of Acko’s infrastructure to ensure a robust security posture. This included:

1. TrendMicro Audit Log Review — I regularly reviewed audit logs from TrendMicro’s EDR solution to identify any potential security incidents or suspicious activities. This allowed us to detect and respond to threats promptly.
2. Network Syslog Review — Analyzing network syslogs was a crucial part of my role as a SOC Analyst. By reviewing syslogs, I was able to detect any network anomalies or potential intrusions, ensuring the security of Acko’s network infrastructure.
3. Software Inventory Review — I conducted a thorough review of Acko’s software inventory to identify any outdated, unsupported, or unapproved software installations. By maintaining an up-to-date software inventory, we were able to mitigate the risk of software vulnerabilities.
4. Trend Micro Policy Risk Review — To ensure the effectiveness of our EDR solution, I reviewed and assessed the risk associated with Trend Micro’s security policies. This allowed us to optimize our policies and strengthen endpoint protection.
5. Google Workspace MDM Policy Risk Review — I reviewed Acko’s Mobile Device Management (MDM) policies within Google Workspace to identify and mitigate any potential risks. This helped us ensure the security of our mobile devices and the data stored on them.
6. Chrome Management OU & Restriction Policy Review — I assessed the Organizational Unit (OU) structure and restriction policies within Chrome Management, ensuring that Acko’s users and devices adhered to the company’s security policies and guidelines.
7. AWS Infrastructure Review — A thorough review of Acko’s AWS infrastructure was conducted to identify any misconfigurations or vulnerabilities. This helped us maintain a secure cloud environment and prevent potential security incidents.
8. Google Group Setting Risk Review — Finally, I reviewed the settings and permissions of Google Groups within Acko’s Google Workspace to ensure that only authorized individuals had access to sensitive information, thereby reducing the risk of unauthorized data access.

By conducting these comprehensive security reviews, I was able to identify potential risks and vulnerabilities across Acko’s infrastructure and take the necessary steps to enhance the overall security posture of the organization.

Conclusion

My internship experience as a SOC Analyst at Acko provided me with invaluable knowledge and experience in cloud and endpoint security. By implementing cutting-edge security tools and technologies, I was able to contribute to securing Acko’s infrastructure and protecting its sensitive data. As I continue my journey in the cybersecurity field, I look forward to building on this experience and staying up-to-date with the latest security trends and technologies.