What Does a Cyber Security Analyst Do?

Cyber security analysts play a key role in protecting an organisation’s computer systems and networks from cyber threats. Although a cyber security analyst’s roles can be quite broad, their core duties typically revolve around defensive cybersecurity activities such as monitoring networks, systems, and applications for security breaches or suspicious activities; identifying system or network vulnerabilities and recommending mitigation solutions.

In addition to these more routine tasks, at CyBiz, we utilise cyber security analysts for proactive cybersecurity as part of our cyber readiness services, as well as incident response.

Management and monitoring of networks and systems

As part of their base monitoring role, cyber security analysts may be tasked with configuring and maintaining security tools and technologies, such as firewalls, intrusion detection systems, antivirus software and other network security controls to prevent unauthorised access and detect and block malicious activity.

Patch Management should be performed routinely to ensure that systems and software are up to date with the latest security patches and updates to mitigate known vulnerabilities and reduce the risk of exploitation. If an organisation has a Security Information and Event Management (SIEM) tool, cyber security analysts will utilise these to aggregate, correlate, and analyse security event data from various sources, enabling timely detection and response to security incidents.

Threat intelligence and threat hunting

CyBiz also utilises cyber security analysts for threat intelligence and threat hunting.

Threat intelligence involves researching and analysing information about emerging cyber threats, including malware, hacking techniques, and threat actor tactics, techniques, and procedures (TTPs). This information enables organisations to take a more proactive approach to stay ahead of potential attacks and better defend against them. Understanding subtle differences and changes in threat actor TTPs can be crucial in preventing or minimising the impact of a cyber-attack. We rely on cyber security analysts to provide feedback from the coal face of incident response engagements and use them to identify emerging patterns and trends.

This is then fed back to the monitoring and configuration tasks in an ongoing loop of network and system enhancements.  Threat intelligence, whether received from cyber security analysts or other sources, is also utilised in threat hunting and in penetration testing – conducting controlled tests to identify weaknesses in systems, networks, and applications by simulating real-world cyber-attacks, which gives organisations practical insights into their security posture and assists to prioritise remediation efforts.

Threat hunting involves proactively searching for cyber threats that are lurking undetected in a network. Unlike vulnerability scanning which tests for known security vulnerabilities, threat hunting aims to determine if there is an actual, rather than theoretical, threat in a network. Once a threat actor has penetrated an organisation’s defences and is inside the perimeter, many of the tools an organisation may have deployed on the perimeter or on endpoints do not have the capability to stop advanced persistent threats (APTs) in the network. Cyber security analysts will scan and analyse logs to search for threat actors in the environment that may be in stealth mode, collecting data, or confidential material, or seeking to obtain login credentials that will allow them to move laterally across the environment.

Red team exercises

Cyber security analysts can also be involved in red-team exercises. In comparison to penetration testing, red teaming is a simulated attack which is technically more complex, takes more time, and is a more thorough exercise of testing an organisation’s response capabilities and security measures. Whilst cyber security analysts are not directly involved in conducting the offensive simulations, they utilise the knowledge they have obtained from threat intelligence and threat hunting activities to assist in developing realistic attack scenarios based on their understanding of common cyber threats, vulnerabilities, and attack techniques that simulate the TTPs used by real-world attackers.

Cyber security analysts may also provide support in setting up the necessary tools and infrastructure for red teaming exercises, such as configuring attack frameworks, deploying malware samples, or creating phishing campaigns to emulate real-world attack scenarios.

Incident response

The role of a cyber security analyst in incident response is crucial for effectively managing and mitigating security incidents and cyber-attacks. Whilst an organisation’s leadership team will be involved in crisis management after a cyber security incident is detected, cyber security analysts will be in the background conducting thorough investigations to determine the cause, scope, and impact of the incident. They gather evidence, analyse data, and collaborate with other team members to understand how the attack occurred and what systems or data may have been compromised.

Simultaneously with investigative efforts, cyber security analysts will work on the important task of containing the cyber security incident to prevent further damage. This may involve isolating affected systems, blocking malicious activities, or shutting down compromised services to limit the attacker’s access and minimise the impact on the organisation. Once the immediate threat has been contained, cyber security analysts focus on eradicating the root cause of the incident. This may involve removing malware, patching vulnerabilities, or implementing additional security controls to prevent similar attacks in the future.

Finally, cyber security analysts are at the forefront of post-incident recovery, collaborating with IT teams to restore affected systems and services to normal operation. They ensure that data is safely recovered, backups are restored, and any residual risks are addressed before returning systems to production.

Speak to our Cyber Security Analysts Today

Overall, cyber security analysts play a critical role in supporting both proactive and defensive cyber security and in incident response. Despite what sounds like a fairly mundane title, their roles can be both broad and varied and they can have a significant impact on securing an organisation’s operations, and reputation, and preserving its bottom line.

Contact CyBiz to discuss how one of our Cyber Security Analysts can assist you in your organisation.