Malware and Threat Intelligence Handling by Our SOC Analysts

By October 3, 2022 No Comments

São Paulo/SP – October 03, 2022. Check out how malware and threat intelligence are handled by our SOC (Security Operations Center) analysts.

*By Renan Moreira

Through our SIEM, which is responsible for providing a favorable environment for receiving and storing logs that originate from network activity, it is possible to analyze the most diverse use cases.

Now, we will talk directly about the analysis itself – it takes place at different levels, and may involve one or more teams during the handling of cases.

For malware analysis, at each triggering of one of the use cases available to the analyzed environment, an incident is generated by the SIEM, which is handled by the SOC team. At this point, it is checked whether it is a false positive or a true action.

If there is a positive case correspondence, it is forwarded to the customer. However, if it is understood that an analysis with more comprehensive contents is necessary, it is forwarded to the level 2 team, where the logs are enriched and later forwarded to the customer, all this in a matter of moments, in an agile, practical and safe way, without harming the affected environment. This is how malware analysis is given.

There is also Threat Intelligence, where we study the client's infrastructure and from then on a proactive scope of action is foreseen. Based on the technology belonging to the client and its context, Security Newsletters are then prepared to prevent and mitigate any malicious action that may occur in their environment.

A Newsletter can be consulted through our mobile application or through the corresponding ticket on the consumer assistance platform. If the Bulletin involves the customer's environment, it will follow the flow indicated by the solution manufacturer, or, in cases where there is no solution so far, our team will develop a set of best practices to more efficiently and effectively minimize possible problems. .

For more information, contact our team through our social networks or through the website

— Renan Moreira is Engineering/MSS Consultant at [SAFEWAY]

How can we help?

THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.

today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.

In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law SuitPeople and Technology.

through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!