Week #6: Mastering Security Tools and Incident Response

Ravitej V - April 20, 2025 9:30 am

 

This week marked a significant advancement in my understanding of cybersecurity operations, with hands-on experience in managing security tools, interpreting web traffic data, and configuring remote access systems. 

Day 1 (Monday): Introduction to IronPort and Email Security

On Monday, I focused on IronPort, Cisco’s security appliance that is used for email security. My task involved managing quarantined emails and understanding the process behind email filtering and virus scanning.  I familiarized myself with the system’s architecture, which consists of multiple layers of protection, including spam filtering, antivirus scanning, and content filtering.

Quarantine Management: I observed how IronPort categorizes emails based on predefined policies. Malicious attachments and phishing emails are placed into quarantine for review, preventing any potential threats from reaching users.

By the end of the day, I had a good understanding of IronPort’s role in protecting against email-borne threats and how email filtering policies can be customized to suit organizational needs.

Day 2 (Tuesday): Web Reports and URL Filtering

On Tuesday, I worked with web traffic reports generated by IronPort, which is used for URL filtering and web access control. This task required me to review detailed logs that track the types of websites visited by employees and the corresponding risks. 

Web Traffic Analysis: I examined reports that show the volume of web traffic, blocked URLs, and categories of websites that are accessed (e.g., social media, malicious sites). These reports help identify potential vulnerabilities in the organization’s internet usage policies. Today gave me exposure to URL filtering and the importance of web traffic monitoring in securing an organization’s network.

Day 3 (Wednesday): Remote Access Tools and CoSA Device Configuration

Wednesday was focused on remote access tools and the secure management of critical systems. I worked with Bomgar, a remote access solution that ARSOC uses for secure IT support, and also learned about the configuration of CoSA devices. I was introduced to Bomgar, which is used to provide secure remote desktop access to troubleshoot and fix issues across the organization’s devices. I observed how the session logging feature works, ensuring every action taken during a remote session is recorded for security and auditing purposes.
I also reviewed the logs generated during remote sessions and identified any anomalies that could indicate unauthorized access attempts. Understanding how session permissions and user authentication work in Bomgar was essential in preventing misuse.

 Day 4 (Thursday): RDP and Incident Handling

Thursday was focused on Remote Desktop Protocol (RDP) and incident management. My main task involved monitoring and troubleshooting RDP sessions and learning about incident detection and response. I worked with RDP to monitor remote login activity across the organization.  I also learned how to correlate RDP activity with malware infections. I reviewed incidents where remote access was used as a vector for installing malware and observed how the team responded to contain and mitigate the threat.

 

Day 5 (Friday): Standard Operating Procedures (SOPs) and Review

The final day of the week was focused on reviewing the Standard Operating Procedures (SOPs) that govern how security processes should be handled in the organization. I went over SOPs related to email security, web filtering, remote access, and incident management.

Key technical activities:

• Reviewing SOPs: Understanding these guidelines was crucial for ensuring that actions taken are consistent, traceable, and in line with the organization’s security protocols.

• Incident Response Procedures: I also reviewed the incident response procedures, which include detailed steps for responding to security incidents, from identification and escalation to resolution and reporting.
• Security Audits and Compliance: I gained a better understanding of how audits and compliance checks are performed to ensure that the organization is adhering to internal and external security standards.

By the end of the day, I felt more confident in my understanding of the SOC’s operational procedures and how adherence to SOPs is vital for maintaining consistent and secure practices.

 

More Posts

Comments:

All viewpoints are welcome but profane, threatening, disrespectful, or harassing comments will not be tolerated and are subject to moderation up to, and including, full deletion.

mohin_p
I really enjoyed the way you connected hands-on tasks like reviewing web traffic and managing remote access with the bigger picture of cybersecurity. It’s easy to forget how much behind-the-scenes work goes into keeping systems safe until you actually start digging into things like URL filtering and incident response. Out of all the tools and systems you worked with, which one surprised you the most in terms of how much impact it has on keeping an organization secure?
April 22, 2025 at 1:13 pm - Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Comment *

Name

Email

Δ