We are not quite the Avengers but our team of experts at IT Naturally are all superheroes when it comes to fighting cybercrime.
A Cyber Security Analyst’s role at IT Naturally is to maintain the security posture within our own tenant and all of our clients. To achieve this, a persistent proactive approach is taken. We use a variety of tools that are fine-tuned to constantly monitor for attempted security breaches and threats posed by internal/external entities. A rapid reactive stance is then taken to address any of the threats with a thorough investigation of all events.
If you work in the IT sector, you’ll know that Cybersecurity is one of the hot topics of 2023, getting it right through a multi-layered approach is key because falling victim to one of these attacks can be devastating.
- The average cost of a global data breach has just hit record highs of $4.35m
- Its estimated 33 billion accounts will be breached in 2023.
- A 15% increase in cybercrime costs are predicted reaching 10.5 trillion by 2025.
So, what exactly does our Cyber Security Analyst get up to in a day?
Here’s Jay Jayasinghe to tell you more:
“I start my day by checking for alerts generated by our partners Crowdstrike (EDR), Microsoft Azure, Microsoft Defender (EDR) Proofpoint (E-mail security) Splunk (SIEM) etc. These alerts are usually received in our ticketing systems where they are logged and managed. I go through the list of incidents meticulously to understand the cause and the effect so that the security issues are addressed appropriately by myself or with the help of the wider team.
To provide an example of a common incident, our biggest client has employees working in multiple locations across the globe. Any anomaly in their individual login activity is then flagged by Azure identity protection as risky user activity and as a preconfigured alert on Splunk (SIEM) as successful login from a high-risk country. Any of these alerts would be first raised with the service desk, they will then try and contact the user to confirm activity but in most cases, it’s escalated to the security team for further investigation. This is where it gets exciting, as I get to analyse the user’s sign-in activity and correlate Azure data with Splunk’s detailed results that span over an extended period of time to process the user’s list of devices, known locations, IP addresses, applications, etc, to determine if the user’s account has been compromised.
Once the above has been dealt with, I move on to work on security-related service requests or other incidents such as email flow issues within email security systems like Proofpoint which involve collaboration with Security Engineers, external Cyber Security teams/partners. I enjoy collaborative meetings with other security professionals as this gives me the opportunity to learn and understand complex concepts to put them into practical use to reduce the attack surface on all our managed networks/tenants.
In between attending meetings and investigating/resolving security incidents, I use Microsoft Defender Portal to analyse the machine exposure levels on all IT Naturally devices (corporate and BYOD), then proceed to address known vulnerabilities within them. In most cases, I work with EUC analysts to deploy updated versions of applications via Microsoft Intune to our end users. The goal here is to keep all our domain-joined and registered devices up to date and compliant.
Since the threat landscape is constantly evolving, I like to make time for security research and training towards the end of the day in-order to build my skillset and to create and develop new or enhanced security capabilities for internal or client use.
I find my role very fulfilling as it provides me the opportunity to make a positive impact by securing the Cyber threat environment within IT Naturally and on our client tenants.”
It’s just a normal day for Jay but in the world of fighting cybercrime, his superpowers work quietly and unseen in the background, to save our customers business from attack.
