(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 142 - Continuous Monitoring and Security Operations
| Code | Start Date | Duration | Venue | |
|---|---|---|---|---|
| IT-S 142 | 25 September 2023 | 5 Days | Istanbul | Registration Form Link |
| IT-S 142 | 20 November 2023 | 5 Days | Istanbul | Registration Form Link |
| IT-S 142 | 11 December 2023 | 5 Days | Istanbul | Registration Form Link |
Course Description
Understanding the problems with the current environment and realizing where we need to get to is far from sufficient: we need a detailed roadmap to bridge the gap between the current and desired state. Day two introduces zero trust architecture (ZTA) and details the components of our infrastructure that become part of a defensible network security architecture and SOC. We are long past the days where a perimeter firewall and ubiquitous antivirus was sufficient security. There are many pieces and moving parts that comprise a modern defensible security architecture.
In addition to discussing technologies like Next-Generation Firewalls, Web Application Firewalls, Malware Detonation Devices, SIEMs, DLP, and Honeypots that may not be found in all organizations, we will focus on repurposing traditional devices such as layer 3/4 firewalls, routers, switches, and NIDS. The goal of this course is focus on maximizing the capabilities of your current information security architecture, while pointing out new technologies that may offer a compelling return on investment.
Course Objectives
- Detecting Adversaries with Protocol Inspection
- Understanding Data Sources
- Identifying Command and Control (C2) Traffic
- Detecting Malware via JA3
- Maintaining Situational Awareness
- Configuring Centralized Windows Event Log Collection
Course Details/Schedule
Day 1
- Current State Assessment, Security Operations Centers, and Security Architecture
- SOCs and Defensible Network Security Architecture
- SOCs/Security Architecture - Key Infrastructure Devices
- Segmented Internal Networks
- Defensible Network Security Architecture Principles Applied
Day 2
- Network Security Monitoring
- Evolution of NSM
- The NSM Toolbox
- NIDS Design
- Analysis Methodology
- Understanding Data Sources
- Cloud NSM
- Practical NSM Issues
- Cornerstone NSM
- Detecting Cobalt Strike
Day 3
- Endpoint Security Architecture
- SOCs and Defensible Endpoint Security Architecture
- Endpoint Security Architecture
- Endpoint Protection
- Cloud Configuration Management
- Endpoint Detection - Sysmon
- Authentication Protection and Detection
- Configuration Management/Monitoring
Day 4
- Automation and Continuous Security Monitoring
- Industry Best Practices
- Winning CSM Techniques
- Maintaining Situational Awareness
- Host, Port, and Service Discovery
- Vulnerability Scanning
- Monitoring Patching
- Monitoring Applications
- Monitoring Service Logs
- Monitoring Change to Devices and Appliances
- Leveraging Proxy and Firewall Data
- Configuring Centralized Windows Event Log Collection
- Monitoring Critical Windows Events
- Scripting and Automation
- Security Operations Center (SOC)
Day 5
- Capstone: Design, Detect, Defend
- Security Architecture
- Continuous Security Monitoring
- Applied NSM and CSM
- Analyzing Malicious Traffic with Security Onion, Wireshark, and CyberChef
- Analzying Malicious Windows Event Logs
- Packet Analysis
- Log Analysis
- C2 Detection
