INCIDENT DETECTION, ANALYSIS & RESPONSE BASIC [CSR101]

ISH CERTIFICATE “SECURITY INCIDENT ANALYST – LEVEL 1”

DELIVERY: CLASSROOM // DURATION: 5 DAYS

To respond effectively to cyber security challenges, SOC-Members must constantly develop and test their knowledge and effectiveness. One of the best ways to do this is to test their readiness against simulated attack scenarios at a hyper-realisitic Cyber Simulation Range. This course sets the stage for future security analysts to deal with cyber-attack scenarios – ranging from basic to complex – which include legacy, current and emerging threat vectors.

UPCOMING SESSIONS

Dates Location Language Member/WBP Non-Member
26.02. – 02.03.18 Munich Airport German tbd. € 4.900,- €
16.04. – 20.04.18 Munich Airport German tbd. € 4.900,- €
14.05. – 18.05.18 Munich Airport German/English tbd. € 4.900,- €
09.07. – 13.07.18 Munich Airport German/English tbd. € 4.900,- €
10.09. – 14.09.18 Munich Airport German/English tbd. € 4.900,- €
12.11. – 16.11.18 Munich Airport German/English tbd. € 4.900,- €

LEARNING OBJECTIVES

  • By the end of this course, students will be able to:
  • Utilize integrated tools of a SOC Technology Stack
  • Efficiently detect, assess and determine the scope of incidents
  • Enrich event information utilizing external Threat Intelligence
  • Follow incident procedures and runbooks
  • Perform different tasks in various SOC roles

TARGET AUDIENCE

  • SOC analysts who regularly respond to complex security incidents/intrusions from APT groups/advanced adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
  • Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and respond.
  • Information Security Professionals who may encounter data breach incidents and intrusions.

COURSE CONTENT

  • The Advanced Cyber Defense Center
    • Mission statement, services and maturity level
    • Team structure, roles and responsibilities
    • Metrics, KPIs, alert prioritization
    • Incident categorization, triage process
    • IR processes & playbooks
  • The Cyber Simulation Range
    • Understanding the simulated IT infrastructure
    • Introduction to communication, documentation, process management
    • Understanding the SOC technology stack and tool-base
    • Instruction and assignment of the roles in the SOC
  • Practical Training Sessions in IT environments
    • Understanding the adversaries kill chain, tactics, techniques
    • Searching Indicators of Compromise (IoC) in logs, flows, apps, OS
    • Identification of compromised systems
    • Detecting indicators of lateral movement Scoping single and multiple path attacks with increasing complexity
    • Finding active and dormant malware, bots and backdoors
    • Discover common hiding & evasion techniques
    • Understanding the full picture and proof evidence of persistence
    • Apply forensic post mortem offline analysis

PRE-REQUISITE FOR COURSE REGISTRATION

CSR101 is an incident analytics course that focuses on detection and analysis of cyber threats against IT environments. The course will not cover the introduction or basics of log analysis, working with SIEM systems, sandboxes, etc.

Register here for this training:


Felix Möckel
Datenschutzbeauftragter

Wir nehmen Datenschutz ernst! Deshalb informieren wir Sie, was mit Ihren Daten geschieht:

  • Daten aus Formularen und Webseiten-Tracking können von uns zur Analyse gespeichert werden
  • Die Daten können zur Optimierung der Webseite ausgewertet werden. Das ermöglicht es uns, besser zu verstehen, wo das Interesse unserer Besucher liegt. Wir benutzen primär Hubspot für dieses Tracking (mehr dazu finden Sie in der Erklärung auf unserer Datenschutzseite, siehe unten)
  • Wir geben Ihre Daten nicht an Dritte weiter. Im Rahmen von Veranstaltungen, an denen Sie teilnehmen möchten, kann es nötig sein, dass Ihre Daten an Vertragspartner übermittelt werden.

Weitere Details dazu, was wir mit den Daten tun und nicht tun finden Sie auf unserer Datenschutzseite, oder schreiben Sie mich bei Fragen direkt an!

2017-11-22T12:09:28+00:00 Oktober 27th, 2017|
iT-CUBE
X