Scene: It is 8:12AM in the SOC war room. Overnight, malware alerts have spiked sharply. A major client portal is timing out for some users in Europe.
CISO: Good morning soldier! Bring me up to speed on the incident.
SOC Analyst: Again, I am not really a soldier, but at 02:41 AM last night, our intrusion detection system flagged anomalous lateral movement from an engineering workstation. By 03:05 AM, the SIEM correlated it with a surge of failed logins that look like a brute force attack. At 03:12 AM, we saw encrypt-and-rename behavior— classic ransomware.
SORRY, BUT YOUR FREE VIEWS HAVE RUN OUT!
This educational ESP website is free from banner advertising and other distractions. Therefore, we rely solely on licenses to keep this service running. Your support is greatly appreciated. Have a great day!
If you honestly cannot afford a license, please contact us and we will try our best to help out.
- Describe a time when your network or computer was attacked by malware. Who was the bad actor? Where did the attack originate from? How did you resolve the issue?
- Who was behaving more realistically, The SOC Analyst or the CISO? Was the SOC Analyst really a soldier? What did the narrator mean when she said, "Well, that was a bit much"? Do you agree with the narrator?