On October 25, the USAID Project “Cybersecurity of Ukraine's Critical Infrastructure” held a webinar “Analytical Platforms in Cybersecurity” for students of the speciality 125 “Cybersecurity and Information Protection”. Practical recommendations on this topic were shared with the audience by Roman Rozumei, information security solutions architect at a system integrator Alesta LLC.
“Analytics is a process and an ongoing process because an analyst must constantly analyze data, update his or her tools, and expand the horizons of analysis,” the speaker said. In support of this, he said that technical solutions are changing and becoming more complex daily, and attackers are expanding their attacks daily. These changes and developments require effective and sophisticated tools for timely threat detection. First of all, an analyst must have up-to-date and relevant data. Properly configured analytical platforms help with this. In particular, the speaker spoke about the peculiarities of working with SIEM systems. This software product provides real-time event analysis, UEBA/ABA, user behaviour analysis systems, the most popular EDR systems today, and Threat Hunting, which are cloud services for collecting compromise indicators. To better understand the topic, Roman demonstrated the work of Rapid7 OpenLabs, Rapid7 Insight IDR, CheckPoint Horizon Events, etc.
At the end of the meeting, the speaker traditionally answered questions from the webinar participants regarding advice for future cyber specialists in obtaining additional knowledge, certifications, internships, and the capabilities of artificial intelligence in threat analysis.