Does everyone in cybersecurity has to work breaking into systems?
Get to know the lesser known but equally cool side of cybersecurity, See! even that boring uncle you almost never see can bee as cool as the movies!
The short answer is no, not everyone that’s involved in the cybersecurity space is breaking into systems on the daily. There are teams of people that almost solely focus on defending from any potential attackers. Those teams are generally called Blue teams or Defensive Security Professionals and they are in charge of implementing the rules and procedures to keep both user and business data safe. They do this by setting systems in place in specific parts of their network and services in order to detect any suspicious activity before any bad things happen, these tasks are usually called:
- Intrusion Prevention
- Intrusion Detection
We will start off with Prevention since before we can even see something bad coming we should be prepared for any event. That said an intrusion prevention system or IPS for short, is a network security tool that continuously monitors a network for malicious activity and takes action to prevent it. This means that whenever you connect to the WIFI at your job or a hotel all of your browsing data i.e. whatever you do on the internet, is being monitored by a system that will continuously look for anything that is out of place that could compromise the network or any services that run there. And no, it won’t stop you from going to those less family friendly sites you may or may not visit in your own time, that is unless the Systems Administrator had set up filters for those situations but that’s a topic for another time. Prevention systems only concern themselves with keeping a watchful eye for anyone or anything trying to gain unauthorized access to the systems resources and in general they can do wonders for your company’s security in times of need so it’s always recommended to have one set up.
Now knowing this you might be asking what’s the difference between prevention and detection, well let me explain, an Intrusion Detection System or IDS for short is a monitoring system that detects suspicious activities and generates alerts when they are detected. Based upon these alerts, a security operations center analyst or SOC analyst for short can investigate the issue and take the appropriate actions to remediate the threat. Giving the security team enough time to take action whether that be defending directly from the attack or by temporarily taking down a service in the worst possible scenario.
You can see some of the people related to the blue team giving out talks about how to keep your data secure or disclosing some new vulnerability that they or other researchers have found recently that could potentially affect a service or company. And some even go as far as giving out demonstrations of how a vulnerability works live by using an existing tool or making their own from scratch. You can find blue teams working in job roles such as:
- Security Operations Center (SOC)
- Threat Intelligence
- Digital Forensics and Incident Response (DFIR)
- Malware Analysis
In conclusion we can safely say that Blue Teams are necessary for securing our most critical data and systems and should greatly appreciate that they go through the trouble of even giving us recommendations in order to keep ourselves safer as users of these vulnerable systems at least until they are patched and although not as high paying salary as a Penetration Tester but surely enough equally as important and as cool sounding as any other security job role.
If you liked this please consider being a medium member by clicking the link below. Memberships are $5 a month and by using my link you help yours truly continue providing content like this or if you wish you can also buy me a coffee 🍵 and support me directly.
