Advanced Security Essentials – Enterprise Defender Training

Advanced Security Essentials - Enterprise Defender Training


Advanced Security Essentials – Enterprise Defender Training Course Hands-on

Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. Advanced Security Essentials – Enterprise Defender Training builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise.

It has been said of security that “prevention is ideal, but detection is a must.” However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and respond appropriately to any breach that does occur. This PREVENT – DETECT – RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of whether it resides on a server, in a robust network architecture, or on a portable device.

Of course, despite an organization’s best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Therefore, organizations need to be able to detect attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, looking for indications of an attack, and performing penetration testing and vulnerability analysis against your organization to identify problems and issues before a compromise occurs. Finally, once an attack is detected we must react quickly and effectively and perform the forensics required. Knowledge gained by understanding how the attacker broke in can be fed back into more effective and robust preventive and detective measures, completing the security lifecycle.

Advanced Security Essentials - Enterprise Defender TrainingRelated Courses:

Duration:6 days

Skills Gained:

• How to build a comprehensive security program focused on preventing, detecting, and responding to attacks
• Core components of building a defensible network infrastructure and how to properly secure routers, switches, and network infrastructure
• Methods to detect advanced attacks of systems that are currently compromised
• Formal methods for performing a penetration test to find weaknesses in an organization’s security apparatus
• Ways to respond to an incident and how to execute the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
• Approaches to remediating malware and how to clean up a compromised system

Customize It:

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

Course Content:

1. Defensive Network Infrastructure

Introduction to network security infrastructure as the target for attacks
Impact of compromised routers and switches
Escalating privileges at Layers 2 and 3
Weaknesses in Cisco router and switch architecture
Integrating and understanding existing network devices to defend against attacks
Implementing the Cisco Gold Standard to improve security
CISecurity Levels 1 and 2 benchmarks for routers
SANS Gold Standard switch configuration
Implementing security on an existing network and rolling out new devices
Advanced Layer 2 and 3 Controls
Filtering with access control lists
DHCP, ARP snooping, and port security
Introduction to network admission control and 802.1x

2. Packet Analysis

Architecture design and preparing filters
Building intrusion detection capability into a network
Understanding the components currently in place
Detection techniques and measures
Understanding various types of traffic occurring on a network
Knowing how normal traffic works
Differentiating between attacks and normal users on a network
Advanced IP packet analysis
Performing deep packet inspection and understanding usage of key fields
Event correlation and analysis
Analyzing an entire network instead of a single device
Building advanced snort rules
Intrusion detection tools
Installing and using analysis software
Building custom filters

3. Pentest

Variety of penetration testing methods
Frequency and use of vulnerability analysis, penetration testing, and security assessment
Vulnerability analysis
How to perform vulnerability analysis
Key areas to identify and ways to fix potential problems
Key tools and techniques
Tools, techniques, and methods used in testing
Basic penetration testing
Methods and means of performing a penetration test
Focus, requirements, and outputs of a successful test
Prioritizing and remediation of issues
Advanced penetration testing
Understanding and mapping to an organization’s infrastructure
Application testing and system analysis

4. First Responder

Incident handling process and analysis
Preparing for an incident
Identifying and responding
Containing a problem to preserve mission resilience
Identifying and eradicating the problem
Recovery system data, including restoring to normal operation
Lessons learned and follow-up reporting
Forensics and incident response
Windows response skills
Windows forensics tool chest
Linux/Unix response and analysis
Linux/Unix tools and system analysis

5. Malware

Types of malware and corresponding behavior
Dealing with malware
Tying malware into intrusion analysis and incident response
Windows malware
Using Microsoft Windows basic built-in CLI tools
Using Microsoft Windows advanced built-in CLI tools
Using Microsoft Windows built-in GUI tools
External tools and analysis
Using external tools to fight BHO
Fighting rootkits with basic and advanced tools
Inspecting active processes
Using online resources to get help

6. Data Loss Prevention

Risk management
Calculating and understanding risk across an organization
Building proper risk mitigation plans
Applying proactive risk management processes
Incorporating risk management into all business processes
Understanding insider threats
Data classification
Building a data classification program
Key aspects of deploying and implementing classification of critical information
Staged roll-out of classifying new and existing information
Managing and maintaining portable data classification
Digital rights management
Understanding digital rights
Balancing digital rights with data classification
Managing access across the enterprise
Balancing functionality and security
Data loss prevention (DLP)
Identifying requirements and goals for preventing data loss
Identifying practical DLP solutions that work
Managing, evaluating, implementing, and deploying DLP

Whether you are looking for general information or have a specific question, we want to help

Request More Information

Time Frame: 0-3 Months4-12 Months

Print Friendly, PDF & Email

No Comments Yet.

Leave a comment