Cisco® Securing Cisco® Networks with Threat Detection and Analysis (SCYBER) 1.0 هذه الدورة تدرس باللغة الإنجليزية

تفاصيل الدورة

This course is designed to teach students how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.

Course Outline1 -

1 - Attacker Methodology

• Defining the Attacker Methodology
• Identifying Malware and Attacker Tools
• Understanding Attacks

2 - Defender Methodology

• Enumerating Threats, Vulnerabilities, and Exploits
• Defining SOC Services
• Defining SOC Procedures
• Defining the Role of a Network Security Analyst
• Identifying a Security Incident

3 - Defender Tools

• Collecting Network Data
• Understanding Correlation and Baselines
• Assessing Sources of Data
• Understanding Events
• Examining User Reports
• Introducing Risk Analysis and Mitigation

4 - Packet Analysis

• Identifying Packet Data
• Analyzing Packets Using Cisco IOS Software
• Accessing Packets in Cisco IOS Software
• Acquiring Network Traces
• Establishing a Packet Baseline
• Analyzing Packet Traces

5 - Network Log Analysis

• Using Log Analysis Protocols and Tools
• Exploring Log Mechanics
• Retrieving Syslog Data
• Retrieving DNS Events and Proxy Logs
• Correlating Log Files

6 - Baseline Network Operations

• Baselining Business Processes
• Mapping the Network Topology
• Managing Network Devices
• Baselining Monitored Networks
• Monitoring Network Health

7 - Incident Response Preparation

• Defining the Role of the SOC
• Establishing Effective Security Controls
• Establishing an Effective Monitoring System

8 - Security Incident Detection

• Correlating Events Manually
• Correlating Events Automatically
• Assessing Incidents
• Classifying Incidents
• Attributing the Incident Source

9 - Investigations

• Scoping the Investigation
• Investigating Through Data Correlation
• Understanding NetFlow
• Investigating Connections Using NetFlow

10 - Mitigations and Best Practices

• Mitigating Incidents
• Using ACLs
• Implementing Network-Layer Mitigations and Best Practices
• Implementing Link-Layer Best Practices

11 - Communication

• Documenting Communication
• Documenting Incident Details

12 - Post-Event Activity

• Conducting an Incident Post-Mortem
• Improving Security of Monitored Networks

Target Audience: This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.