Font size:

This course is designed to teach students how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.


TARGET AUDIENCE:
This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.

COURSE OBJECTIVES:
This lab-intensive training course prepares you to take the Cyber Security Specialist Certification exam (exam ID = 600-199) and to hit the ground running as a security analyst team member.

COURSE OUTLINE:


Attacker Methodology

  • Defining the Attacker Methodology
  • Identifying Malware and Attacker Tools
  • Understanding Attacks

Defender Methodology

  • Enumerating Threats, Vulnerabilities, and Exploits
  • Defining SOC Services
  • Defining SOC Procedures
  • Defining the Role of a Network Security Analyst
  • Identifying a Security Incident

Defender Tools

  • Collecting Network Data
  • Understanding Correlation and Baselines
  • Assessing Sources of Data
  • Understanding Events
  • Examining User Reports
  • Introducing Risk Analysis and Mitigation

Packet Analysis

  • Identifying Packet Data
  • Analyzing Packets Using Cisco IOS Software
  • Accessing Packets in Cisco IOS Software
  • Acquiring Network Traces
  • Establishing a Packet Baseline
  • Analyzing Packet Traces

Network Log Analysis

  • Using Log Analysis Protocols and Tools
  • Exploring Log Mechanics
  • Retrieving Syslog Data
  • Retrieving DNS Events and Proxy Logs
  • Correlating Log Files

Baseline Network Operations

  • Baselining Business Processes
  • Mapping the Network Topology
  • Managing Network Devices
  • Baselining Monitored Networks
  • Monitoring Network Health

Incident Response Preparation

  • Defining the Role of the SOC
  • Establishing Effective Security Controls
  • Establishing an Effective Monitoring System

Security Incident Detection

  • Correlating Events Manually
  • Correlating Events Automatically
  • Assessing Incidents
  • Classifying Incidents
  • Attributing the Incident Source

Investigations

  • Scoping the Investigation
  • Investigating Through Data Correlation
  • Understanding NetFlow
  • Investigating Connections Using NetFlow

Mitigations and Best Practices

  • Mitigating Incidents
  • Using ACLs
  • Implementing Network-Layer Mitigations and Best Practices
  • Implementing Link-Layer Best Practices

Communication

  • Documenting Communication
  • Documenting Incident Details

Post-Event Activity

  • Conducting an Incident Post-Mortem
  • Improving Security of Monitored Networks
Find a class and register in three easy steps:
  • 1. Select Location:
  • 2. Select Date Range:
    to
  • 3. Select Class Type:
    • All Types
    • C Classroom
    • V Virtual Live
    • Cv In-Class Virtual
    • O Online
Virtual Live2/5/2018 8:00:00 AM<span class="course-type type-v" style="cursor:default;word-wrap:normal;display:inline-block;" onmouseover="showHoverInfo(this, 'ProductTypeDescription' ,'VILT')" onmouseout="clearHoverInfo()">V</span>5 days3750.002269323
TX Houston2/5/2018 8:00:00 AM<span class="course-type type-cv" style="cursor:default;word-wrap:normal;display:inline-block;" onmouseover="showHoverInfo(this, 'ProductTypeDescription' ,'HVILT')" onmouseout="clearHoverInfo()">Cv</span>5 days3750.002305997
Virtual Live6/11/2018 8:00:00 AM<span class="course-type type-v" style="cursor:default;word-wrap:normal;display:inline-block;" onmouseover="showHoverInfo(this, 'ProductTypeDescription' ,'VILT')" onmouseout="clearHoverInfo()">V</span>5 days3750.002269325
CO Aurora6/11/2018 8:00:00 AM<span class="course-type type-cv" style="cursor:default;word-wrap:normal;display:inline-block;" onmouseover="showHoverInfo(this, 'ProductTypeDescription' ,'HVILT')" onmouseout="clearHoverInfo()">Cv</span>5 days3750.002306093
seek-warrow-w
  • 1
arrow-eseek-eitems per page1 - 4 of 4 items