Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Similar documents
Understanding Cisco Cybersecurity Fundamentals

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

Security+ SY0-501 Study Guide Table of Contents

K12 Cybersecurity Roadmap

CIS Controls Measures and Metrics for Version 7

Building Resilience in a Digital Enterprise

CIS Controls Measures and Metrics for Version 7

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

ICS Security Monitoring

CCNA Cybersecurity Operations. Program Overview

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Cybersecurity Auditing in an Unsecure World

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Security by Default: Enabling Transformation Through Cyber Resilience

SOLUTION BRIEF ASSESSING DECEPTION TECHNOLOGY FOR A PROACTIVE DEFENSE

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CISNTWK-440. Chapter 5 Network Defenses

CompTIA Cybersecurity Analyst+

Instructor: Eric Rettke Phone: (every few days)

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Enterprise D/DoS Mitigation Solution offering

RSA NetWitness Suite Respond in Minutes, Not Months

Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

Aligning with the Critical Security Controls to Achieve Quick Security Wins

Application Whitelisting and Active Analysis Nick Levay, Chief Security Officer, Bit9

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

Sneak Peak at CIS Critical Security Controls V 7 Release Date: March Presented by Kelli Tarala Principal Consultant Enclave Security

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Cisco Networking Academy CCNA Cybersecurity Operations 1.1 Curriculum Overview Updated July 2018

Implementing Cisco Cybersecurity Operations

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

How to Underpin Security Transformation With Complete Visibility of Your Attack Surface

CS 356 Operating System Security. Fall 2013

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Advanced Endpoint Protection

Intrusion Prevention Signature Failures Symantec Endpoint Protection

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

Unlocking the Power of the Cloud

Symantec Ransomware Protection

EFFECTIVELY TARGETING ADVANCED THREATS. Terry Sangha Sales Engineer at Trustwave

Building a Threat-Based Cyber Team

NEN The Education Network

CompTIA Exam CAS-002 CompTIA Advanced Security Practitioner (CASP) Version: 6.0 [ Total Questions: 532 ]

Changing face of endpoint security

RiskSense Attack Surface Validation for IoT Systems

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Designing and Building a Cybersecurity Program

ForeScout ControlFabric TM Architecture

Cisco Cyber Range. Paul Qiu Senior Solutions Architect

Training for the cyber professionals of tomorrow

Presenter Jakob Drescher. Industry. Measures used to protect assets against computer threats. Covers both intentional and unintentional attacks.

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

SentinelOne Technical Brief

align security instill confidence

Comptia.Certkey.SY0-401.v by.SANFORD.362q. Exam Code: SY Exam Name: CompTIA Security+ Certification Exam

Ken Agress, Senior Consultant PlanNet Consulting, LLC.

PRACTICAL NETWORK DEFENSE VERSION 1

Transforming Security from Defense in Depth to Comprehensive Security Assurance

RiskSense Attack Surface Validation for Web Applications

EMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

McAfee Network Security Platform Administration Course

Cybersecurity Threat Modeling ISACA Atlanta Chapter Geek Week Conference

COMPUTER NETWORK SECURITY

Copyright 2011 Trend Micro Inc.

Mike Spear, Ops Leader Greg Maciel, Cyber Director INDUSTRIAL CYBER SECURITY PROGRAMS

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

BUILDING AND MAINTAINING SOC

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

INCIDENT HANDLING & RESPONSE PROFESSIONAL VERSION 1

The Kill Chain for the Advanced Persistent Threat

SentinelOne Technical Brief

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Data Sources for Cyber Security Research

Un SOC avanzato per una efficace risposta al cybercrime

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

Securing the Modern Data Center with Trend Micro Deep Security

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

External Supplier Control Obligations. Cyber Security

TestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified

HOLISTIC NETWORK PROTECTION: INNOVATIONS IN SOFTWARE DEFINED NETWORKS

Implementing Cisco Network Security (IINS) 3.0

CyberArk Privileged Threat Analytics

Windows 7, Enterprise Desktop Support Technician

RSA INCIDENT RESPONSE SERVICES

Using Visibility To Turn The Tables on Cybercriminals

Take Risks in Life, Not with Your Security

Chapter 9. Firewalls

Protecting productivity with Industrial Security Services

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

Best Practices for Scoping Infections and Disrupting Breaches

Top 20 Critical Security Controls (CSC) for Effective Cyber Defense. Christian Espinosa Alpine Security

CSC - DRAFT - VER6c FOR PUBLIC COMMENT ONLY

RSA INCIDENT RESPONSE SERVICES

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Transcription:

About this Course This course will best position your organization to analyse threats and detect anomalies that could indicate cybercriminal behaviour. The payoff for this new proactive approach would be early detection of an intrusion, or successfully thwarting the efforts of attackers altogether. Learning Outcomes Increase your understanding and enhance your skills in implementing Continuous Monitoring. Timely incident detection Combat cyber threats and prevent cyber attacks Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security The prevention-dominant security model has failed. Given the occurrence and degree of noteworthy intrusions, this should not come as a shock. In order to address the root of the problem, we must understand the current architecture and the design gaps that facilitate the adversary s dominance. Overview o Traditional Security o Perimeter-focused o Addressed Layer 3/4 o Centralized Information Systems o Prevention-Oriented o Device-driven o Traditional Attack Techniques Modern Security Principles o Detection-oriented o Post-Exploitation-focused o Decentralized Information Systems/ Data o Risk-informed o Layer 7 Aware o Security Operations Centers o Network Security Monitoring o Modern Attack Techniques o Adversarial Dominance Frameworks and Enterprise Security o Enterprise Security o Security Frameworks Security - Key Techniques/ Practices o Threat Vector Analysis o Data Exfiltration Analysis o Detection Dominant Design o Zero Trust Model o Intrusion Kill Chain 1

o Visibility Analysis o Data Visualization o Lateral Movement Analysis o Data Ingress/Egress Mapping o Internal Segmentation o Network Security Monitoring Security Operations Center (SOC) o Purpose of a SOC o Key SOC roles o Relationship to Defensible Security Topic 2: Network Security Understanding the problems with the current environment and realizing where we need to get to is far from sufficient. A detailed roadmap to bridge the gap between the current and desired state is needed. This topic introduces and details the components of our infrastructure that become part of a defensible network security architecture and Security Operations Centre. We are long past the days where a perimeter firewall and everpresent antivirus was sufficient security. Many pieces and moving parts comprise a modern defensible security architecture. SOCs/Security - Key Infrastructure Devices o Traditional and Next Generation Firewalls, and NIPS o Web Application Firewall o Malware Detonation Devices o HTTP Proxies, Web Content Filtering, and SSL Decryption o SIMs, NIDS, Packet Captures, and DLP o Honeypots/Honeynets o Network Infrastructure - Routers, Switches, DHCP, DNS o Mobile Devices and Wireless Access Points o Threat Intelligence Segmented Internal Networks o Routers o Internal SI Firewalls o VLANs o Detecting the Pivot Defensible Network Security Principles Applied o Internal Segmentation o Threat Vector Analysis o Data Exfiltration Analysis o Detection Dominant Design o Zero Trust Model (Kindervag) o Intrusion Kill Chain o Visibility Analysis o Data Visualization o Lateral Movement Analysis o Data Ingress/Egress Mapping Topic 3: Network Security Monitoring In this topic, we will help you figure out how to look at the data and continuously monitor the enterprise for evidence of compromise or changes that increase the likelihood of compromise. However, to do that, you must first understand the approach and goals of monitoring and define a methodology for analysis Continuous Monitoring Overview o Defined o Network Security Monitoring (NSM) (CSM) o Continuous Monitoring and the 20 2

3 Network Security Monitoring (NSM) o Evolution of NSM o The NSM Toolbox o NIDS Design o Analysis Methodology o Understanding Data Sources; - Full Packet Capture - Extracted Data - String Data - Flow Data - Transaction Data - Statistical Data - Alert Data - Tagged Data - Correlated Data Practical NSM Issues Cornerstone NSM o Service-Side and Client-Side Exploits o Identifying High-Entropy Strings o Tracking EXE Transfers o Identifying Command and Control (C2) Traffic o Tracking User Agents o C2 via HTTPS o Tracking Encryption Certificates Topic 4: Endpoint Security This topic details ways in which endpoint systems can be both more resilient to attack and also enhance detective capabilities. Modern attacks put an emphasis on client-side exploitation. The days of breaking into networks via direct frontal assaults on unpatched mail, web, or DNS servers are largely behind us. Security - Endpoint Protection o Anti-Malware o Host-based Firewall, Host-based IDS/ IPS o Application Whitelisting, Application o Privileged Accounts, Authentication, Monitoring, and UAC o Whole Disk Encryption o Virtual Desktop Infrastructure o Browser Security o EMET Dangerous Endpoint Applications o Java o Adobe Reader o Flash o Microsoft Office o Browsers Patching o Process o To Test or Not to Test o Microsoft o Third Party Topic 5: Automation and Continuous Security Monitoring This course focuses on continuous monitoring rather than waiting for the results of a quarterly scan or an annual penetration test to determine what needs to be addressed. Continuous monitoring proactively and repeatedly assesses and reassesses the current security posture for potential weaknesses that need be addressed. Overview (CSM) vs. Continuous Diagnostics and Mitigation (CDM) vs. Information Security Continuous Monitoring (ISCM) o Cyberscope and SCAP Industry Best Practices o Continuous Monitoring and the 20 o Australian Signals Directorate (ASD) Strategies to Mitigate Targeted Cyber Intrusions Winning CSM Techniques Maintaining Situational Awareness

Host, Port, and Service Discovery Vulnerability Scanning Monitoring Patching Monitoring Applications Monitoring Service Logs o Detecting Malware via DNS logs Monitoring Change to Devices and Appliances Leveraging Proxy and Firewall Data Configuring Centralized Windows Event Log Collection Monitoring Critical Windows Events o Hands on: Detecting Malware via Windows Event Logs Scripting and Automation o Importance of Automation o PowerShell o Hands-on: Detecting Malicious Registry Run Keys with PowerShell Prerequisites Basic understanding of network protocols and devices Experience with Linux and Windows from the command line Target Audience Security Architects Senior Security Engineers Technical Security Managers SOC Analysts SOC Engineers SOC Managers CND Analysts Individuals working to implement Continuous Diagnostics and Mitigation (CDM), Continuous Security Monitoring (CSM), or Network Security Monitoring (NSM) Application/ Relevance of this course Analyze a security architecture for deficiencies Apply the principles learned in the course to design a defensible security architecture Understand the importance of a detection-dominant security architecture and Security Operations Centers (SOC) Identify the key components of Network Security Monitoring (NSM)/ Continuous Diagnostics and Mitigation (CDM)/Continuous Monitoring (CM) Determine appropriate security monitoring needs for organizations of all sizes Implement robust Network Security Monitoring/Continuous Security Monitoring Determine requisite monitoring capabilities for a SOC environment Determine capabilities required to support continuous monitoring of key Duration and Fees Duration: 10 days Pricing: $1200 4 For Inquiries, booking and more information, Call Admissions on 0393517236/0783517236 or Email: admissions@forensicsinstitute.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback