Advanced Security Essentials – Enterprise Defender Training

Print Friendly, PDF & Email
Introduction

Advanced Security Essentials - Enterprise Defender Training Course Hands-on

Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. Advanced Security Essentials - Enterprise Defender Training builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise.

It has been said of security that "prevention is ideal, but detection is a must." However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and respond appropriately to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of whether it resides on a server, in a robust network architecture, or on a portable device.

Despite an organization's best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Therefore, organizations need to be able to detect attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, looking for indications of an attack, and performing penetration testing and vulnerability analysis against your organization to identify problems and issues before a compromise occurs. Finally, once an attack is detected we must react quickly and effectively and perform the forensics required. Knowledge gained by understanding how the attacker broke in can be fed back into more effective and robust preventive and detective measures, completing the security lifecycle.

Duration: 5 days

Advanced Security Essentials - Enterprise Defender Training Related Courses

Customize It

• We can adapt this Advanced Security Essentials - Enterprise Defender Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this Advanced Security Essentials - Enterprise Defender Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the Advanced Security Essentials - Enterprise Defender Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Advanced Security Essentials - Enterprise Defender Training course in manner understandable to lay audiences.

Audience / Target Group

The target audience for this Advanced Security Essentials - Enterprise Defender Training course is defined here:

• Incident response and penetration testers
• Security Operations Center engineers and analysts
• Network security professionals
• Anyone who seeks technical in-depth knowledge about implementing comprehensive security solutions

Prerequisites

The knowledge and skills that a learner must have before attending this Advanced Security Essentials - Enterprise Defender Training course are:

While not required, it is recommended that students take Security Essentials or have the skills taught in that class. This includes a detailed understanding of networks, protocols, and operating systems.

Advanced Security Essentials - Enterprise Defender Training - Objectives:

After completing this Advanced Security Essentials - Enterprise Defender Training course, attendees will be able to:

• How to build a comprehensive security program focused on preventing, detecting, and responding to attacks
• Core components of building a defensible network infrastructure and how to properly secure routers, switches, and network infrastructure
• Methods to detect advanced attacks of systems that are currently compromised
• Formal methods for performing a penetration test to find weaknesses in an organization's security apparatus
• Ways to respond to an incident and how to execute the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
• Approaches to remediating malware and how to clean up a compromised system

Advanced Security Essentials - Enterprise Defender Training - Course Content:

1. Defensive Network Infrastructure

Introduction to network security infrastructure as the target for attacks
Impact of compromised routers and switches
Escalating privileges at Layers 2 and 3
Weaknesses in Cisco router and switch architecture
Integrating and understanding existing network devices to defend against attacks
Implementing the Cisco Gold Standard to improve security
CISecurity Levels 1 and 2 benchmarks for routers
SANS Gold Standard switch configuration
Implementing security on an existing network and rolling out new devices
Advanced Layer 2 and 3 Controls
Filtering with access control lists
DHCP, ARP snooping, and port security
Introduction to network admission control and 802.1x

2. Packet Analysis

Architecture design and preparing filters
Building intrusion detection capability into a network
Understanding the components currently in place
Detection techniques and measures
Understanding various types of traffic occurring on a network
Knowing how normal traffic works
Differentiating between attacks and normal users on a network
Advanced IP packet analysis
Performing deep packet inspection and understanding usage of key fields
Event correlation and analysis
Analyzing an entire network instead of a single device
Building advanced snort rules
Intrusion detection tools
Installing and using analysis software
Wireshark
Building custom filters

3. Pentest

Variety of penetration testing methods
Frequency and use of vulnerability analysis, penetration testing, and security assessment
Vulnerability analysis
How to perform vulnerability analysis
Key areas to identify and ways to fix potential problems
Key tools and techniques
Tools, techniques, and methods used in testing
Basic penetration testing
Methods and means of performing a penetration test
Focus, requirements, and outputs of a successful test
Prioritizing and remediation of issues
Advanced penetration testing
Understanding and mapping to an organization's infrastructure
Application testing and system analysis

4. First Responder

Incident handling process and analysis
Preparing for an incident
Identifying and responding
Containing a problem to preserve mission resilience
Identifying and eradicating the problem
Recovery system data, including restoring to normal operation
Lessons learned and follow-up reporting
Forensics and incident response
Windows response skills
Windows forensics tool chest
Linux/Unix response and analysis
Linux/Unix tools and system analysis

5. Malware

Malware
Types of malware and corresponding behavior
Dealing with malware
Tying malware into intrusion analysis and incident response
Windows malware
Using Microsoft Windows basic built-in CLI tools
Using Microsoft Windows advanced built-in CLI tools
Using Microsoft Windows built-in GUI tools
External tools and analysis
Using external tools to fight BHO
Fighting rootkits with basic and advanced tools
Inspecting active processes
Using online resources to get help

6. Data Loss Prevention

Risk management
Calculating and understanding risk across an organization
Building proper risk mitigation plans
Applying proactive risk management processes
Incorporating risk management into all business processes
Understanding insider threats
Data classification
Building a data classification program
Key aspects of deploying and implementing classification of critical information
Staged roll-out of classifying new and existing information
Managing and maintaining portable data classification
Digital rights management
Understanding digital rights
Balancing digital rights with data classification
Managing access across the enterprise
Balancing functionality and security
Data loss prevention (DLP)
Identifying requirements and goals for preventing data loss
Identifying practical DLP solutions that work
Managing, evaluating, implementing, and deploying DLP

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0