Filed Under

,,

Reserve Your Seat! View All Courses

This course is designed to teach students how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.

Length Days: 5

TARGET AUDIENCE

This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.

COURSE OBJECTIVES

This lab-intensive training course prepares you to take the Cyber Security Specialist Certification exam (exam ID = 600-199) and to hit the ground running as a security analyst team member.

COURSE OUTLINE

1 – ATTACKER METHODOLOGY

· Defining the Attacker Methodology

· Identifying Malware and Attacker Tools

· Understanding Attacks

2 – DEFENDER METHODOLOGY

· Enumerating Threats, Vulnerabilities, and Exploits

· Defining SOC Services

· Defining SOC Procedures

· Defining the Role of a Network Security Analyst

· Identifying a Security Incident

3 – DEFENDER TOOLS

· Collecting Network Data

· Understanding Correlation and Baselines

· Assessing Sources of Data

· Understanding Events

· Examining User Reports

· Introducing Risk Analysis and Mitigation

4 – PACKET ANALYSIS

· Identifying Packet Data

· Analyzing Packets Using Cisco IOS Software

· Accessing Packets in Cisco IOS Software

· Acquiring Network Traces

· Establishing a Packet Baseline

· Analyzing Packet Traces

5 – NETWORK LOG ANALYSIS

· Using Log Analysis Protocols and Tools

· Exploring Log Mechanics

· Retrieving Syslog Data

· Retrieving DNS Events and Proxy Logs

· Correlating Log Files

6 – BASELINE NETWORK OPERATIONS

· Baselining Business Processes

· Mapping the Network Topology

· Managing Network Devices

· Baselining Monitored Networks

· Monitoring Network Health

7 – INCIDENT RESPONSE PREPARATION

· Defining the Role of the SOC

· Establishing Effective Security Controls

· Establishing an Effective Monitoring System

8 – SECURITY INCIDENT DETECTION

· Correlating Events Manually

· Correlating Events Automatically

· Assessing Incidents

· Classifying Incidents

· Attributing the Incident Source

9 – INVESTIGATIONS

· Scoping the Investigation

· Investigating Through Data Correlation

· Understanding NetFlow

· Investigating Connections Using NetFlow

10 – MITIGATIONS AND BEST PRACTICES

· Mitigating Incidents

· Using ACLs

· Implementing Network-Layer Mitigations and Best Practices

· Implementing Link-Layer Best Practices

11 – COMMUNICATION

· Documenting Communication

· Documenting Incident Details

12 – POST-EVENT ACTIVITY

· Conducting an Incident Post-Mortem

· Improving Security of Monitored Networks

Download Course Outline

Reserve Your Seat!

Course Inquiry