(Click Category to List Courses)

42 - IT-S Information Technology - Security and Audit

IT-S 142 - Continuous Monitoring and Security Operations

Code Start Date Duration Venue
IT-S 142 25 September 2023 5 Days Istanbul Registration Form Link
IT-S 142 20 November 2023 5 Days Istanbul Registration Form Link
IT-S 142 11 December 2023 5 Days Istanbul Registration Form Link
Please contact us for fees


Course Description

Understanding the problems with the current environment and realizing where we need to get to is far from sufficient: we need a detailed roadmap to bridge the gap between the current and desired state. Day two introduces zero trust architecture (ZTA) and details the components of our infrastructure that become part of a defensible network security architecture and SOC. We are long past the days where a perimeter firewall and ubiquitous antivirus was sufficient security. There are many pieces and moving parts that comprise a modern defensible security architecture.

In addition to discussing technologies like Next-Generation Firewalls, Web Application Firewalls, Malware Detonation Devices, SIEMs, DLP, and Honeypots that may not be found in all organizations, we will focus on repurposing traditional devices such as layer 3/4 firewalls, routers, switches, and NIDS. The goal of this course is focus on maximizing the capabilities of your current information security architecture, while pointing out new technologies that may offer a compelling return on investment.

Course Objectives


  • Detecting Adversaries with Protocol Inspection
  • Understanding Data Sources
  • Identifying Command and Control (C2) Traffic
  • Detecting Malware via JA3
  • Maintaining Situational Awareness
  • Configuring Centralized Windows Event Log Collection

Course Details/Schedule

Day 1

  • Current State Assessment, Security Operations Centers, and Security Architecture
  • SOCs and Defensible Network Security Architecture
  • SOCs/Security Architecture - Key Infrastructure Devices
  • Segmented Internal Networks
  • Defensible Network Security Architecture Principles Applied

Day 2

  • Network Security Monitoring
  • Evolution of NSM
  • The NSM Toolbox
  • NIDS Design
  • Analysis Methodology
  • Understanding Data Sources
  • Cloud NSM
  • Practical NSM Issues
  • Cornerstone NSM
  • Detecting Cobalt Strike

Day 3

  • Endpoint Security Architecture
  • SOCs and Defensible Endpoint Security Architecture
  • Endpoint Security Architecture
  • Endpoint Protection
  • Cloud Configuration Management
  • Endpoint Detection - Sysmon
  • Authentication Protection and Detection
  • Configuration Management/Monitoring

Day 4

  • Automation and Continuous Security Monitoring
  • Industry Best Practices
  • Winning CSM Techniques
  • Maintaining Situational Awareness
  • Host, Port, and Service Discovery
  • Vulnerability Scanning
  • Monitoring Patching
  • Monitoring Applications
  • Monitoring Service Logs
  • Monitoring Change to Devices and Appliances
  • Leveraging Proxy and Firewall Data
  • Configuring Centralized Windows Event Log Collection
  • Monitoring Critical Windows Events
  • Scripting and Automation
  • Security Operations Center (SOC)

Day 5

  • Capstone: Design, Detect, Defend
  • Security Architecture
  • Continuous Security Monitoring
  • Applied NSM and CSM
  • Analyzing Malicious Traffic with Security Onion, Wireshark, and CyberChef
  • Analzying Malicious Windows Event Logs
  • Packet Analysis
  • Log Analysis
  • C2 Detection