Cybersecurity Virtual Internship

An Internship Report submitted in partial fulfillment of the

Requirements for the award of the degree of

Bachelor of Technology In

Information Technology
By
Koppaka Ramya
Reg. No :22H71A1232
OFFERED BY

Cybersecurity-AICTE-Edu Skills Foundation

Supported By

Department of Information Technology

DVR & Dr. HS

MIC College of Technology

(Autonomous)

Kanchikacherla-521180, NTR Dist., Andhra Pradesh

July – September

1
 CERTIFICATE

This is to certify that the Internship Report entitled “Cybersecurity Virtual

Internship” submitted by Koppaka Ramya(22H71A1232), to the DVR & Dr. HS
MIC College of Technology in partial fulfillment of the requirements for the award of
the Degree of Bachelor of Technology in Information Technology is a bonafide
record of work.

Internship Coordinator Head of the Department

Examiner 1 Examiner 2

2
3
 ACKNOWLEDGEMENT
The satisfaction that accompanies the successful completion of any task would be
incomplete without the mention of the people who made it possible and whose
constant guidance and engagement crown all the efforts with success. I thank our
college management and respected Sri D.Panduranga Rao, Ceo for providing us the
necessary infrastructure to carry out the Internship

I express my sincere thanks to Dr. T.Vamsee Kiran, Principal who has been a great
source of inspiration and motivation for the internship program.

I profoundly thank Mrs.A.Anuradha, Head of the Department of Information

Technology for permitting me to carry out the internship.

I am thankful to the AICTE and EduSkills for enabling me an opportunity to carry

out the internship in such a prestigious organization.

I am thankful to our Internship Coordinator Ms. S.Lavanya, Assistant Professor,

Department of Information Technology for their internal support and professionalism
who helped us in completing the internship on time.

I take this opportunity to express our thanks to one and all who directly or indirectly
helped me in bringing this effort to present form.

Finally, my special thanks go to my family for their continuous support and help
throughout and for their continual support and encouragement for the completion of
the Internship on time.

4
 INDEX

Page
S.No Context No

1 Title Page 1

2 Certificate 2-3

3 Acknowledgement 4

4 Abstract 6

5 List of Figures 7

Introduction to paloalto
6 networks 8

7 Cyber Security Networks 9-33

Introduction to
Cybersecurity

Fundamentals of
Network Security

Fundamentals of Cloud
Security

Fundamentals of SOC

8 Case Study 34-35

9 Internship Certificates 36-37

10 Conclusion 38

11 Reference 39

5
 ABSTRACT

Cybersecurity Encompasses a board range of practices, tools, and concepts related

closely to those of information and operational technology (OT) security. Cyber
security is distinctive in its inclusion of the offensive use of information technology to
attack adversaries. Use of the term “Cyber Security” as a key challenge and a
synonym for information security or IT security confuses customers and security
practitioners, and obscures critical differences between these disciplines

Organization Information:

Palo Alto Networks offers an enterprise cybersecurity platform that provides network
security, cloud security, endpoint protection, and various cloud-delivered security
services. Since inception, we have trained thousands of students, faculty and working
professionals on emerging technologies via technical bootcamps, hackathons, Summer
&Winter Internship Programs.

Following is our Services for Academia & Students

1. Technology Bootcamps
2. Hackathons
3. Hands-on Training Programs
4. Professional Development Programs
5. Summer Practice Schools

Programs and Opportunities

This helps company to establish a healthy relationship between the customers and
company or institution. As the sales force administrator mainly focuses on three
domains namely Business Administration, Lightning Experience and Dashboards.

6
 LIST OF FIGURES

S.No Context Page No

Fig 1.1 Cyber Security 9

Fig 1.2 Cyber Security Landscape 10

Fig 1.3 SaaS Application Risks 12

Fig 1.4 Attackers Profile 12

Fig 1.5 Ransomware 14

Fig 1.6 Evil Twin 15

Fig 1.7 Trust Security Model 16

Fig 2.1 Ancient Net 18

Fig 2.2 Number System 19

Fig 2.3 Application Firewalls 20

Fig 2.4 VPN 21

Fig 2.5 URL Filtering Service 23

Fig 3.1 Cloud Security 25

Fig 3.2 Cyber Vs Network 26

Fig 3.3 Micro-VMs 27

Fig 3.4 4 c’s 28

Fig 3.5 Traditional Data Centre Vs Hybrid Cloud 29

Fig 4.1 Technology 32

Fig 4.2 SOAR Solution 33

Introduction to Palo Alto Networks

Palo Alto Networks offers an enterprise cyber security platform which provides
network security, cloud security, endpoint protection, and various cloud-delivered

7
 security services. Palo Alto Networks is one such vendor that offers a comprehensive
and easy-to-use set of firewalls, including NGFWs and Web Application and API
Security platform, which includes a built-in WAF. Palo Alto has a dedicated
management interface, which makes it easy to manage the device and handle the
initial configuration. It has fantastic throughput, and its connection speed is pretty fair,
even when dealing with a high traffic load. With Palo Alto I can configure and manage
with REST API integration. Palo Alto Networks Next Generation Firewalls (NGFW)
give security teams complete visibility and control over all network using powerful
traffic identification, malware prevention, and threat intelligence technologies.

Cyber Security
Cyber security is the protection of internet-connected systems such as hardware,
software, and data from cyber threats. The practice is used by individuals and
enterprises to protect against unauthorized access to data centers and other
computerized systems. Cyber security is crucial because it safeguards all types of data
against theft and loss. Sensitive data protected health information (PHI), personally
identifiable information (PII), intellectual property, personal information, data, and
government and business information systems are all included. An IDS is a security
system which monitors the computer systems and network traffic. It analyses that
traffic for possible hostile attacks originating from the outsider and for system misuse
or attacks originating from the insider.

8
 Fig 1.1 Cyber Security

Cyber Security Networks

 Introduction to Cyber Security

 Fundamentals of Network Security

 Fundamentals of Cloud Security

 Fundamentals of SOC (Security Operations Centre)

9
 Introduction to Cyber Security

It introduces the fundamentals of cyber security, including the concepts needed to

recognize and potentially mitigate attacks against home networks and mission-critical

infrastructure. In introduction to cyber security, we want to learn 5 types those are

• Cyber Security Landscape

• Cyberattack Types

• Cyberattack Techniques

• APTs and Wi-Fi Vulnerabilities

• Security Models

Fig 1.2 Cyber Security Landscape

Cyber Security Landscape
The modern cyber security landscape is a rapidly evolving hostile environment with the
advanced threats and increasingly sophisticated threat actors. It describes the current cyber
security landscape, explains SaaS application challenges, describes various security and data

10
protection regulations and standards, identify cyber security threats and attacker profiles, and
explains the steps in the cyberattack lifecycle.

Modern Computing Trends

The nature of enterprise computing has changed dramatically over the past decade. It
changes to the web 2.0 to the web 3.0 The vision of Web 3.0 is to return the power of the
internet to individual users, in much the same way that the original Web 1.0 was envisioned. To
some extent, Web 2.0 has become shaped and characterized, if not controlled, by governments
and large corporations dictating the content that is made available to individuals and raising
many concerns about individual security, privacy, and liberty. In the web 3.0 we have the AI
and Machine

Learning, Block chain, Data Mining, Mixed Reality and Natural Language Search

Introduction to SaaS

Data is located everywhere in today’s enterprise networks, including in many locations

that are not under the organization’s control. New data security challenges emerge for
organizations that permit SaaS use in their 9networks. With SaaS applications, data is often
stored where the application resides – in the cloud. Thus, the data is no longer under the
organization’s control, and visibility is often lost. SaaS vendors do their best to protect the data
in their applications, but it is ultimately not their responsibility. Just as in any other part of the
network, the IT team is responsible for protecting and controlling the data, regardless of its
location.

SaaS Application Risks

The average employee uses at least eight applications. As employees add and use more
SaaS apps that connect to the corporate network, the risk of sensitive data being stolen, exposed
or compromised increases. It is important to consider the security of the apps, what data they
have access to, and how employees are using them. Because of the nature of SaaS applications,
their use is very difficult to control – or have visibility into – after the data leaves the network
perimeter. This lack of control presents a significant security challenge: End users are now
acting as their own “shadow” IT department, with control over the SaaS applications they use

11
and how they use them. Click the arrows for more information about the inherent data exposure
and threat insertion risks of SaaS. In SaaS is used Malicious Outsiders, Malicious Insiders,
Accidental Data Exposure, Accidental Share, Promiscuous Share, and Ghost Share.

Fig 1.3 SaaS Application Risks

Attacker Profiles

News outlets are usually quick to showcase high-profile attacks, but the sources of these
attacks are not always easy to identify. Each of the different attacker types or profiles generally
has a specific motivation for the attacks they generate. Here are some traditional attacker profile
types. Because these different attacker profiles have different motivations, information security
professionals must design cybersecurity defences that can identify the different attacker
motivations and apply appropriate deterrents. Click the arrows for more information about the
profile type of each attacker.

Fig 1.4 Attackers Profile

12
Cyberattack Types

Attackers use a variety of techniques and attack types to achieve their objectives.
Malware and exploits are integral to the modern cyberattack strategy. This lesson describes the
different malware types and properties, the relationship between vulnerabilities and exploits,
and how modern malware plays a central role in a coordinated attack against a target. This
lesson also explains the timeline of eliminating a vulnerability

Malware

Malware usually has one or more of the following objectives: to provide remote control
for an attacker to use an infected machine, to send spam from the infected machine to
unsuspecting targets, to investigate the infected user’s local network, and to steal sensitive data.
Malware is varied in type and capabilities. Let us review several malware types those are Logic
Bombs, Root kits, Backdoors, Anti-AV, etc….

Advanced or modern malware leverages networks to gain power and resilience. Modern
malware can be updated—just like any other software application—so that an attacker can
change course and dig deeper into the network or make changes and enact countermeasures.

Ransomware
Ransomware is malware that locks a computer or device (locker ransomware) or
encrypts data (crypto ransomware) on an infected endpoint with an encryption key that only the
attacker knows, thereby making the data unusable until the victim pays a ransom (usually in
cryptocurrency such as Bitcoin). Reve ton and Locker are two examples of locker ransomware,
while Locky, Tesla Crypt/Encrypt, Crypto locker, and Crypto wall are

13
 Fig 1.5 Ransomware Cyberattack Techniques

Attackers use a variety of techniques and attack types to achieve their objectives.
Spamming and phishing are commonly employed techniques to deliver malware and exploits to
an endpoint via an email executable or a web link to a malicious website. Once an endpoint is
compromised, an attacker typically installs back doors, remote access Trojans (RATs), and other
malware to ensure persistence. This lesson describes spamming and phishing techniques, how
bots and botnet’s function, and the different types of bot nets

Phishing Attacks
We often think of spamming and phishing as the same thing, but they are actually
separate processes, and they each require their own mitigations and defences. Phishing attacks,
in contrast to spam, are becoming more sophisticated and difficult to identify. In phishing
attacks there are some types those are Spear Phishing, Whaling, Watering Hole, and Pharming.

Advanced Persistent Threats and Wi-Fi vulnerabilities

With the explosive growth in fixed and mobile devices over the past decade,
wireless (Wi-Fi) networks are growing exponentially—and so is the attack surface for
advanced persistent threats (ATP). This lesson describes Wi-Fi vulnerabilities and
attacks and APTs.

14
Wi-Fi Attacks
There are different types of Wi-Fi attacks that hackers use to eavesdrop on wireless
network connections to obtain credentials and spread malware. There are two types of
Doppelgangers and Cookie Guzzler. To protect the Wi-Fi is Wi-Fi Protected Access (WPA)
security standard was published as an interim standard in 2004, quickly followed by WPA2.
WPA/WPA2 contain improvements to project against the inherent flaws in the Wired

Equivalent Privacy (WEP), including changes to the encryption.

Evil Twin
Perhaps the easiest way for an attacker to find a victim to exploit is to set up a
wireless access point that serves as a bridge to a real network. An attacker can

inevitably bait a few victims with “free Wi-Fi access.”

Baiting a victim with free Wi-Fi access requires a potential victim to stumble on
the access point and connect. The attacker can’t easily target a specific victim, because
the attack depends on the victim initiating the connection. Attackers now try to use a
specific name that mimics a real access point. Click the arrows for more information
about how the Evil Twin attack is executed.

Fig 1.6 Evil Twin

Security Models
The goal of a security model is to provide measurable threat prevention through trusted
and untrusted entities. This can be a complicated process, as every security model will have
its own customizations and many variables need to be identified. This lesson describes the
core concepts of a security model and why the model is important, the functions of a

15
 perimeter-based security model, the Zero Trust security model design principles, and how the
principle of least privilege applies to the Zero Trust security model.

Zero Trust Security Model

The Zero Trust security model addresses some of the limitations of perimeter-based
network security strategies by removing the assumption of trust from the equation With a Zero
Trust model, essential security capabilities are deployed in a way that provides policy enforcement and
protection for all users, devices, applications, and data resources, as well as the communications traffic
between them, regardless of location. There are few types those are No Default Trust, Monitor and
Inspect, and Compartmentalize.

Fig 1.7 Trust Security Model

16
 Fundamentals of Network Security

This training introduces someone with no prior knowledge to the fundamentals of

network security including concepts they must understand to recognize and potentially defend
home networks and mission-critical infrastructure. In Fundamentals of Network Security there
are 5 type’s those are

 The Connected Globe

 Addressing and Encapsulation

 Network Security Technologies

 Endpoint Security and Protection

 Secure the Enterprise

The Connected Globe

In this we will discuss how hundreds of millions of routers deliver Transmission Control
Protocol/Internet Protocol (TCP/IP) packets using various routing protocols across local-area
networks and wide-area networks. We also will discuss how the Domain Name System (DNS)
enables internet addresses, such as www.facebook.com, to be translated into routable IP
addresses.

The Net
In the 1960s, the U.S. Defense Advanced Research Projects Agency (DARPA) created
ARPANET, the precursor to the modern internet. ARPANET was the first packet-switched
network. A packet-switched network breaks data into small blocks (packets), transmits each
individual packet from node to node toward its destination, and then reassembles the individual
packets in the correct order at the destination. The ARPANET evolved into the internet (often
referred to as the network of networks) because the internet connects multiple local area
networks (LAN) to a worldwide wide area network (WAN) backbone. Today billions of devices
worldwide are connected to the Internet and use the transport communications protocol/internet
protocol (TCP/IP) to communicate with each over packet-switched network. Specialized

17
devices and technologies such as routers, routing protocols, SD-WAN, the domain name system
(DNS) and the world wide web (WWW) facilitate communications between connected devices.

Fig 2.1 Ancient Net

Internet of Things (IOT)

With almost five billion internet users worldwide in 2022, which represents well over
half the world’s population, the internet connects businesses, governments, and people across
the globe. Our reliance on the internet will continue to grow, with nearly 30 billion devices an
“thing” – including autonomous vehicles, household appliances, wearable technology, and
more – connecting to the internet of things (IOT) and nearly nine billion worldwide smart
phone subscriptions that will use a total of 160 EB of monthly data by 2025. IOT connectivity
technologies are broadly categorized into five areas: cellular, satellite, short-range wireless,
lowpower WAN and other wireless WAN, and Identity of Things (IDOT).

Addressing and Encapsulation:

It describes the functions of physical, logical, and virtual addressing in networking, IP
addressing basics, subnetting fundamentals, OSI and the TCP/IP models, and the packet
lifecycle.

TCP/IP Overview
In cyber security, you must understand that applications sending data from one host
computer to another host computer will first segment the data into blocks and will then
18
 forward these data blocks to the TCP/IP stack for transmission. The TCP stack places the
block of data into an output buffer on the server and determines the maximum segment size of
individual TCP blocks permitted by the server operating system. The TCP stack then divides
the data blocks into appropriately sized segments, adds a TCP header, and sends the segment
to the IP stack on the server. The IP stack adds source and destination IP addresses to the TCP
segment and notifies the server operating system that it has an outgoing message that is ready
to be sent across the network. When the server operating system is ready, the IP packet is sent
to the network adapter, which converts the IP packet to bits and sends the message across the

network

Numbering Systems

You must understand how network systems are addressed before following the path data
takes across internetworks. Physical, logical, and virtual addressing in computer networks
require a basic understanding of decimal (base 10), hexadecimal (base 16), and binary (base

2) numbering.

Fig 2.2 Number System

Network Security Technologies

In this we will discuss the basics of network security technologies such as firewalls,
intrusion detection systems (IDSs) and intrusion prevention systems (IPSs), web content
filters, virtual private networks (VPNs), data loss prevention (DLP), and unified threat
management (UTM), which are deployed across the industry security.

19
Legacy Firewalls
Firewalls have been central to network security since the early days of the internet. A
firewall is a hardware platform or software platform or both that controls the flow of traffic
between a trusted network (such as a corporate LAN) and an un-trusted network (such as the
internet).
Stateful Packet Inspection Firewalls

Stateful packet inspection firewalls operate up to Layer 4 (Transport layer) of the OSI
model and maintain state information about the communication sessions that have been
established between hosts on two different networks. These firewalls inspect individual
packet headers to determine source and destination IP address, protocol (TCP, UDP, and
ICMP), and port number (during session establishment only). The firewalls compare header
information to firewall rules to determine if each session should be allowed, blocked, or
dropped. After a permitted connection is established between two hosts, the firewall allows
traffic to flow between the two hosts without further inspection of individual packets during
the session.

Application Firewalls
Third-generation application firewalls are also known as application-layer gateways,
proxybased firewalls, and reverse-proxy firewalls. Application firewalls operate up to Layer 7
(the application layer) of the OSI model and control access to specific applications and
services on the network. These firewalls proxy network traffic rather than permit direct
communication between hosts. Requests are sent from the originating host to a proxy server,
which analyses the contents of the data packets and, if the request is permitted, sends a copy
of the original data packets to the destination host.

20
 Fig 2.3 Application Firewalls

Virtual Private Networks

A VPN creates a secure, encrypted connection (or tunnel) across the internet between
two endpoints. A client VPN establishes a secure connection between a user and an
organization's network. A site-to-site VPN establishes a secure connection between two
organizations' networks, usually geographically separated. VPN client software is typically
installed on mobile endpoints, such as laptop computers and smart phones, to extend a
network beyond the physical boundaries of the organization. The VPN client connects to a
VPN server, such as a firewall, router, or VPN appliance (or concentrator). After a VPN
tunnel is established, a remote user can access network resources, such as file servers,
printers, and Voice over IP (VoIP) phones, as if they were physically in the off .

Fig 2.4 VPN

21
Secure sockets Layer (SSL)
SSL is an asymmetric/symmetric encryption protocol that secures communication
sessions. SSL has been superseded by TLS, although SSL is still the more commonly used
terminology. An SSL VPN can be deployed as an agent-based or agent less browser-based
connection. An agent less SSL VPN requires only that users launch a web browser, use
HTTPS to open a VPN portal or webpage, and log in to the network with their user
credentials. An agent-based SSL VPN connection creates a secure tunnel between a SSL VPN
client installed on a host computer/laptop and a VPN concentrator device in an organization's
network. Agent-based SSL VPNs are often used to securely connect remote users to an
organization's network.SSL VPN technology is the standard method of connecting remote
endpoint devices back to the enterprise network. IP sec is most commonly used in site-to-site
or device-to-device VPN connections, such as connecting a branch office network to a
headquarters network or data centre.
Endpoint Security and Protection
In this lesson, we will explore endpoint security challenges and solutions, including
malware protection, anti-malware software, personal firewalls, host-based intrusion
prevention systems (HIPSs), and mobile device management (MDM) software. We will also
introduce network operations concepts, including server and systems administration,
directory services, and structured host and network troubleshooting.

Malware and Anti-Malware

Malware protection using antivirus (or anti-malware) software has been one of the first
and most basic tenets of information security since the early 1980s. Antivirus software uses
file signatures to discover and mitigate malware on an endpoint. These antivirus software
signatures must be constantly updated to match new or evolving malware attacking
endpoints. Mal spam is the most popular delivery method for malware. Mal spam consists of
unsolicited emails that direct users to malicious websites or prompt users to open attached

files with hidden malware.Many Palo Alto Networks products are.

Logical Troubleshooting Using the OSI Model

The OSI model provides a logical model for troubleshooting complex host and network
issues. Depending on the situation, you might use the bottom-up, top-down, or divide-and-
conquer approach when you use the OSI model to guide your troubleshooting efforts. In other

22
 situations, you might make an educated guess about the source of the issue and begin
investigating at the corresponding layer of the OSI model. You could also use the substitution
method (replacing a bad component with a known good component) to quickly identify and
isolate the cause of the issue.

Secure the Enterprise

The networking infrastructure of an enterprise can be extraordinarily complex. The Palo
Alto Networks prevention-first security architecture secures enterprises' perimeter networks,
data centers, cloud-native applications, SaaS applications, branch offices, and remote users
with a fully integrated and automated platform that simplifies

App-ID
App-ID, or application identification, accurately identifies applications regardless of
port, protocol, evasive techniques, or encryption. It provides application visibility and
granular, policybased control. Port-based stateful packet inspection technology was created
more than 25 years ago to control applications using ports and IP addresses. Using port-based
stateful inspection to identify applications depends on an application strictly adhering to its
assigned port(s). This presents a problem because applications can easily be configured to use
any port.
As a result, many of today’s applications cannot be identified, much less controlled, by the
portbased firewall, and no amount of “after the fact” traffic classification by firewall “helpers”
can solve the problems associated with port-based application identification.

User-ID
The next-generation firewall accurately identifies users for policy control. A key
component of security policies based on application use is identifying the users who should
be able to use those applications. IP addresses are ineffective identifiers of users or server
roles within the network. With the User-ID and Dynamic Address Group (DAG) features, you
can dynamically associate an IP address with a user or server role in the data centre. You can
then define user- and role-based security policies that adapt dynamically to changing
environments.

23
URL Filtering Service
To complement the next-generation firewall's threat prevention and application control
capabilities, a fully integrated, on-box URL Filtering database enables security teams to control
end-user web surfing activities and combine URL context with application and user rules. The
URL Filtering service complements App-ID by enabling you to configure the next-generation
firewall to identify and control access to websites and to protect your organization from
websites hosting malware and phishing pages. You can use the URL category as a match
criterion in policies, which permits exception-based behavior and granular policy enforcement.
For example, you can deny access to malware and hacking sites for all users, but allow access
to users who belong to the IT Security group.

Fig 2.5 URL Filtering Service

24
 Fundamentals of cloud security

It shows the someone with no prior knowledge to the fundamentals of cloud security
including concepts they must understand to recognize threats and potentially defend data
centers, enterprise networks, and small office/home office (SOHO) networks from cloud-based
attacks.

In the Fundamentals of cloud security, we have few types those are

• Cloud Computing

• Cloud Native Technologies

• Cloud Native Security

• Hybrid Data Centre Security

• Prisma Access SASE Security

• Prisma SaaS

• Prisma Cloud Security

Cloud Computing
The move toward cloud computing not only brings cost and operational benefits but also
technology benefits. Data and applications are easily accessed by users no matter where they

reside, projects can scale easily, and consumption can be tracked effectively.

Cloud Security
In general terms, the cloud provider is responsible for security of the cloud,
including the physical security of the cloud data centers, and foundational networking,
storage, compute, and virtualization services. The cloud customer is responsible for
security in the cloud, which is further delineated by the cloud service model.

25
 Fig 3.1 Cloud Security

Network Security vs. Cloud Security

With the use of cloud computing technologies, your data centre environment can evolve
from a fixed environment where applications run on dedicated servers toward an environment
that is dynamic and automated.

Network Security Cloud Security

Isolation and Segmentation Shared Resources

Incompatible with Server less Applications Multi-Tenancy is Important

Process-Oriented Dynamic Computing

Fig 3.2 Cyber Vs Network

26
Cloud Native Technologies
A useful way to think of cloud native technologies is as a continuum spanning from
virtual machines (VMs) to containers to serverless. On one end are traditional VMs operated as
stateful entities, as we’ve done for over a decade now. On the other are completely stateless,
serverless apps that are effectively just bundles of app code without any packaged
accompanying operating system (OS) dependencies.

Micro-VMs
Micro-VMs are scaled-down, lightweight virtual machines that run on hypervisor
software. Micro-VMs contain only the Linux operating system kernel features necessary to run
a container. Micro-VMs seek to provide virtual machines that are not known or managed by the
users.Instead users execute typical container commands such as “docker run,” and the
underlying platform automatically and invisibly creates a new VM, starts a container runtime
within it, and executes the command. The result is that the user has started a container in a
separate operating system instance, isolated from all other by a hypervisor. These VM-
integrated containers typically run a single container within a single VM.

Fig 3.3 Micro-VMs

27
Cloud Native Security
The speed and flexibility that are so desirable in today’s business world have led
companies to adopt cloud technologies that require not just more security but new security
approaches. In the cloud, you can have hundreds or even thousands of instances of an
application, presenting exponentially greater opportunities for attack and data theft.

The Four Cs of Cloud Native Security

The CNCF defines a container security model for Kubernetes in the context of cloud
native security. Each layer provides a security foundation for the next layer. The four Cs of
cloud native security are Cloud, Clusters, Containers, Code

Fig 3.4- 4 C’s

Hybrid Data Centre Security

Data centers are rapidly evolving from a traditional, closed environment with static,
hardwarebased computing resources to an environment in which traditional and cloud

computing technologies are mixed.

28
Traditional Data Centre Vs Hybrid Cloud:

The “ports first” traditional data centre security solution limits the ability to see all
traffic on all ports. The move toward a cloud computing model – private, public, or hybrid
improves operational efficiencies.

Traditional Data Centre Weaknesses Hybrid Cloud Strengths

• Limited Visibility and Control • Optimizes Resources

• No Concept of Unknown Traffic • Reduces Costs
• No Policy Reconciliation Tool • Increases Operational Flexibility
• Cumbersome Security Policy • Maximizes Efficiency
Update Process

Fig 3.5 Traditional Data Centre Vs Hybrid Cloud

29
 Fundamentals of SOC (Security Operations Centre)
The Fundamentals of Security Operations Centre training is a high-level introduction to
the general concepts of SOC and SecOps. It will introduce the Security Operations framework,
people, processes, and technology aspects required to support the business, the visibility that is
required to defend the business, and the interfaces needed with other organizations outside of
the SOC.

• The life of a SOC Analyst

• Business

• People

• Processes

• Interfaces

• Visibility

• Technology

• SOAR

• SOAR Solution

The Life of a SOC Analyst

Erik is a SOC analyst on the Security Operations team, and it is his job to triage alerts to
determine if there is a security threat. Before Erik starts his job, he will need to understand the
general concepts of SOC and SecOps, and the business goals. Erik will need training and
support from the people he interacts with daily. While mitigating threats, Erik will need to know
the processes to follow, the teams he will be interacting with, and the technology he will be
using to gain visibility into the network.

Business
Both Erik and the SOC team are responsible for protecting the business. The reason for
Security Operations, for all of the equipment, for everything SOC does is ultimately to service
one main goal, protect the business. Without the Business pillar, there would be no need for
Erik or the SOC team. The elements in the Business Pillar and first one is Mission, Governance,
Planning and the second one is Budget, Staffing, Facility and third one is Metrics, Reporting,
Collaboration.

30
People
The People pillar defines who will be accomplishing the goals of the Security
Operations team and how they will be managed. As a part of the People pillar, Erik received
training necessary for him to be able to triage the alerts in addition to the other processes and
functions within the SOC. This training provides Erik with the skills to become efficient at
detecting and prioritizing alerts. As Erik’s knowledge increases, he will have opportunities to
grow on the SOC team. He will also have the skills to advance in his career to other areas. The
elements in the Security operations People pillar define the roles for accomplishing the Security
Operations team goals and how those roles will be managed those are Employee Utilization,
Training, Career Path Progression, Tabletop Exercises.

Process
While monitoring the ticketing queue, Erik notices a new set of alerts that has been sent
to the SOC team by one of the network devices. Based on the alert messages, Erik needs to
determine whether the alert message is a security incident, so he opens an incident ticket. Erik
starts by doing his initial research in the log files on the network device to determine if the
threat is real. After reviewing the log files, Erik determines that the alert is a real threat. Based
on the Severity.

Triangle, Erik has determined that the severity level for this alert is currently high.
Interfaces.
As Erik is investigating the alert generated by the network device, he partners
with the Threat Intelligence Team to identify the potential risks this threat may pose to
the organization. Erik also interfaces with the Help Desk, Network Security Team, and
Endpoint Security Teams to determine the extent the threat has infiltrated the network.
Interfaces should be clearly defined so that expectations between the different teams
are known. Each team will have different goals and motivations that can help with
team interactions. Identifying the scope of each team’s responsibility and separations
of duties helps to reduce friction within an organization. The interfaces are how
processes connect to external functions or departments to help achieve security
operation goals. Those are Help Desk, Information Technology Operations, DevOps,
Operational Technology Team, Enterprise Architecture, SOC Engineering, Endpoint
Security Team, Network Security Team, Cloud Security Team, Threat Hunting,
Content Engineering, Security.
Automation, Forensics and Telemetry, Threat Intelligence Team, Red & Purple Team,
31
 Vulnerability Management Team, Business Liaison, Governance, Risk and
Compliance.

Visibility
The Visibility pillar enables the SOC team to use tools and technology to capture
network traffic, limit access to certain URL’s determine which applications are being used by
end users, and to detect and prevent the accidental or malicious release of proprietary or
sensitive information. The visibility pillar are Network Traffic Capture, Endpoint Data Capture,
Cloud Computing, Application Monitoring, URL Filtering, SSL Decryption, Threat Intelligence
Platform, Vulnerability Management Tools, Analysis Tool, Asset Management, Knowledge
Management, Case Management, Data Loss Prevention.
Technology
The Technology pillar includes tools and technology to increase our capabilities to
prevent or greatly minimize attempts to infiltrate your network. In the context of IT Security
Operations, technology increases our capabilities to securely handle, transport, present, and
process information beyond what we can do manually. By using technology, you amplify and
extend your abilities to work with Information in a secure manner. The Technology pillar are
Firewall, Intrusion Prevention/Detection System, Malware Sandbox, Endpoint Security,
Behavioural Analytics, Email Security, Network Access Control, Identity & Access
Management, Honey pots & Deception, Web Application Firewall, Virtual Private Networks,
Mobile Device Management, Security information & Event Management, Security
Orchestration Automation Response.

Fig 4.1 Technology

32
SOAR
The only reasonable long-term solution is to empower existing resources with a
combination of innovative orchestration, artificial intelligence, and machine learning
technologies to automate many of the manual processes that a SOC team faces each day. By
automating processes, the SOC team can focus its attention on what is truly critical: identifying,

investigating, and mitigating emerging cyberthreats.

SOAR Solutions
The SOAR solutions that improve SOC efficiency. Cortex XDR and Cortex XSOAR
allow SOC analysts like Erik to do in minutes what would take them hours to resolve otherwise.
It is tools such as these that will allow SOCs to scale into the future. Cortex is an
artificialintelligencebased, continuous security platform. Cortex allows organizations to create,
deliver, and consume innovative new security products from any provider without additional

complexity or infrastructure.

Fig 4.2 SOAR Solution

33
 CASE STUDY

A cybersecurity virtual internship provides participants with hands-on experience in

solving real-world security challenges through simulations and remote activities.
Enhancing Cybersecurity for E-Commerce Platform

Company: ShopSmart Inc.

Industry: E-commerce

Challenge: Implement robust cybersecurity measures to protect customer data and prevent
future breaches.

Solution: Conduct vulnerability assessments and penetration testing. Implement advanced

threat detection and response systems.Enhance network segmentation and access controls.

Results:
1. Reduced threat detection time by 90%.
2. Implemented robust access controls and network segmentation.

34
3. Achieved 100% employee participation in security awareness training.
Technologies Used:

1. Firewalls
2. Prevention Systems
3.Multi-Factor Authentication

Benefits:
1. Enhanced customer trust and loyalty.
2. Reduced financial losses.
3. Increased cybersecurity resilience.
Conclusion
Shop Smart Inc.'s proactive cybersecurity approach protected customer data, mitigated financial
losses, and restored reputation.

35
 NTERNSHIP CERTIFICATES

Introduction to Cyber Security Fundamentals

Fundamentals of Cloud Security

36
 Fundamentals of SOC

Network Security Fundamentals

37
 CONCLUSION

Cybersecurity is essential in today’s digital age, where individuals, businesses, and

governments heavily rely on technology for operations and communication. With the growing
sophistication of cyber threats, robust security measures are no longer optional—they are a
necessity. Cybersecurity involves protecting systems, networks, and data from unauthorized
access, attacks, and damage while ensuring confidentiality, integrity, and availability.

Organizations must adopt proactive strategies, such as implementing Zero Trust

architectures, conducting regular security audits, and training employees to recognize social
engineering tactics. Emerging technologies, such as AI, machine learning, and quantum
cryptography, offer both new challenges and solutions in the field.

Ultimately, cybersecurity is a shared responsibility—users, IT professionals,

policymakers, and organizations must work together to ensure a secure digital environment. By
adopting best practices, staying updated on new threats, and promoting a culture of security

38
awareness, we can build resilient systems that protect critical assets and minimize the impact of
cyberattacks.

REFERENCES

 A Cybersecurity Agenda for the 45th President (2017,January 5). Retrieved from
https://www.csis.org/news/cybersecurity-agenda-45th-president

 ATE Centers and National Science Foundation. (n.d.). ATE Centers Impact Report.

Retrieved from http://www.atecenters.org/wp-content/uploads/PDF/ATEIMPACT_2016-17.pdf

 Control-Alt-Hack(R). (n.d.). Retrieved from http://www.controlalthack.com/

39