(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 188 - Continuous Monitoring and SecOps
Code | Start Date | Duration | Venue | |
---|---|---|---|---|
IT-S 188 | 29 December 2024 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 27 January 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 24 March 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 19 May 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 14 July 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 08 September 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 03 November 2025 | 5 Days | Istanbul | Registration Form Link |
IT-S 188 | 29 December 2025 | 5 Days | Istanbul | Registration Form Link |
Course Description
The Continuous Monitoring and SecOps course is designed to provide participants with a comprehensive understanding of continuous monitoring practices and Security Operations (SecOps) principles. The course covers topics such as real-time threat detection, incident response, vulnerability management, and security automation.
Participants will learn how to set up and maintain continuous monitoring systems, analyze security data to identify potential threats, and respond effectively to security incidents. The course also covers best practices for integrating security into the software development lifecycle and implementing security automation tools.
Course Objectives
- Understanding the principles and benefits of continuous monitoring in cybersecurity.
- Learning how to set up and maintain continuous monitoring systems to detect security threats in real-time.
- Exploring best practices for incident response and handling security incidents effectively.
- Gaining knowledge of vulnerability management processes and techniques for identifying and remediating security vulnerabilities.
- Understanding the role of security automation in enhancing security operations and improving efficiency.
Who Should Attend?
- Cybersecurity professionals
- IT professionals
- Security analysts
- Incident responders .
- Compliance officers and auditors
- DevOps engineers
- System administrators
- Network engineers
Course Details/Schedule
Day 1
- Security Operations: The Why and the Roadmap
- Security OperationsLarge Entity vs. Small Entity
- Threat Intelligence
- Vulnerability Management
- Security Monitoring
- Incident Response
- The Kill Chain
- Getting Started
- First Things First: Assess the Current State
- Threat Intelligence
- Threat Intelligence Strategy and Objectives
- Threat Intelligence in Security Operations
- Threat Intelligence Sources
- Threat Intelligence Tactics
- Pyramid of Pain
- Feedback
- MITRE ATT&CK Framework
- Walkthrough Using ATT&CK
- Other Threat Intelligence Frameworks
- Malware Information Sharing Platform (MISP)
- Unit 42
Day 2
- Vulnerability Management
- Technical Discovery
- Scanners
- Vulnerabilities Not Related to Technical Scans
- Vulnerabilities Related to Deep Panda
- Information Found in the Wild
- NIST National Vulnerability Database (NVD)
- Exploit-DB
- Evaluating the Vulnerabilities
- Dealing with Vulnerabilities That Cannot Be Remediated
Day 3
- Continuous Monitoring
- Endpoints
- Host-Based Firewalls
- Windows Event Logging
- Endpoint Security Suites
- The Network
- Intrusion Detection Systems
- Architecting and Deployment
- Data Loss Protection
- Email Security
- Web Proxy
- Security Information and Event Management (SIEM)
- Tactical Uses of the SIEM
- Open Source vs. Commercial (Paid) Solutions
- ELK and SOF ELK
- Elasticsearch
- Logstash
- Kibana
- Log Shippers
- Log Ingestion Examples
- Splunk
- Full Packet Capture
Day 4
- Incident Response
- Escalating from Alerts to Incident Response
- Preparation
- Response Strategy
- People
- Asset/Data Classification
- Procedures, Checklists, and Playbooks
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
- Network Investigation and Containment
- HTTP
- DNS
- Emotet Investigation
- TheFatRat
- puttyX.exe
Day 5
- Threat Hunting
- Frameworks and Maturity Models
- Developing a Plan
- Threat Hunting with the Mandiant/FireEye Attack Lifecycle
- Tactics, Techniques, and Procedures of Concern
- Scheduling Hunts
- Threat Hunting Metrics
- Where to Go from Here
- Security Operations Components
- Vulnerability Management
- Threat Intelligence
- Continuous Monitoring
- Incident Response
- Think in Terms of Outcomes
- Cutting Through the Noise
- Adjust and Improve