After four weeks at Digital Wave, I was beginning to understand how the general process worked for contracted businesses. Typically we would get a contract with a company for a service for example adding new software to a system like Zoom we then would see which team is the best at completing this task and then the company would send that over to that team and within a month or less the costumer would be satisfied and all needs were met and that team would move on to the next project. For my team, the Endpoint detection and response system team would work on projects and monitor endpoint system applications and make exclusions for applications that are added and required by the company. I on the other hand was still working on phishing emails however I did attend every meeting that the team had and sat in and learned and reported on my work on the email side. During my time I had gotten a lot better at spotting phishing emails and the team had gotten me a sandbox environment to launch virtual machines for links and attached files. This way I can follow the link safely and find more identifiable inconsistencies with the email to then take action upon. The first action was to report the email address that sent the email. The second is to see how many emails were sent from that sender. If it’s more than three consistently then we would look at seeing if we could block the sender in our email filter. Depending on the sender’s address we can block it however if they are spoofing the email address with an email that we would normally receive then we can not block it.

After I had shown that I can handle the report it mailbox and filled out general tickets and attended every meeting the team let me help with some of the detections. I did not handle any detections however if someone had a detection they would have me help verify if it was a false positive or not. The main tool I was exposed to was Sentinel One. Sentinel One is a very powerful tool that uses AI in threat detection. This is done through agent installations on devices such as computers that continually monitor the systems for threats or malicious activity. The way this is monitored is done by machine learning AI that has a baseline for normal activity on a device. We Sentinel One to monitor any threats that would come in a detection. Typically these were false positives however we took them seriously. I liked using the sentinel one as when a report came through it gave a breakdown of what happened and showed a detailed timeline of the report. I believe that sentinel one had data connected to some official reporting systems because it showed possible vulnerabilities that existed for the device. When I received these detections I sat down with my team in a meeting and they would help me understand what I was looking for to determine if this detection was a false positive or not. In my experience verifying detections, we did not have any breaches; they were all false positives.

At this point, I was very happy with the internship and I felt that I was learning a lot about how powerful tools like SentinelOne were important to a company and protecting itself from cyber attacks. I noticed that in my classes we never discussed specific tools like sentinel one but we did just talk about the theory of antivirus software we never went too far into specifics and especially machine learning because when I used this tool I found it to be complex but at the same time easy to understand and I look forward to using this application more and understand what goes into detection