Course Overview

Data security and privacy challengers are never-ending. IBM Guardium Data Protection (Guardium) provides a broad range of data security and protection capabilities that can protect sensitive and regulated data across environments and platforms. It discovers and classifies sensitive data from across an enterprise, providing real-time data activity monitoring and advanced user behavior analytics to help discover unusual data activity.

The course prepares the student to administer Guardium appliances, discover unusual data activity, locate vulnerable data, automate compliance processes, and monitor and protect sensitive data. To proact using Guardium, students complete hands-on lab exercises.

This course is based on Guardium Data Protection version 12.1.

Course Objectives

After this course participants should be able to:

  • Identify the primary functions of Guardium Data Protection
  • Describe key Guardium architecture components
  • Navigate the Guardium user interface and use the command line interface
  • Manage user access to Guardium
  • Build and populate Guardium groups
  • Use system settings and management tolls to manage, configure, and monitor Guardium resources
  • Archive, backup, and restore Guardium data
  • Discover sensitive data and perform vulnerability assessments
  • Use Guardium audit process tools to streamline the compliance process
  • Describe how to apply rule order, logic, and actions to Guardium policies
  • Configure policy rules that process the information that is gathered from database and file servers
  • Create Guardium queries and reports to examine trends and gather data
  • Use Guardium alerts to monitor a data environment

Course Content

Unit 1: Guardium overview

Unit 2: Guardium architecture

Unit 3: Guardium user interfaces

Unit 4: Access management

Unit 5: Guardium groups

Unit 6: System management

Unit 7: Data management

Unit 8: Guardium discovery & vulnerability assessment

Unit 9: Audit process automation

Unit 10: Policy design

Unit 11: Policy configuration

Unit 12: Guardium reporting

Unit 13: Guardium alerts

Course Overview

Learn about Microsoft Copilot for Security, an AI-powered security analysis tool that enables analysts to process security signals and respond to threats at a machine speed, and the AI concepts upon which it’s built.

Course Content

1- Fundamental AI Concepts

With AI, we can build solutions that seemed like science fiction a short time ago; enabling incredible advances in health care, financial management, environmental protection, and other areas to make a better world for everyone.

  • In this module, you’ll learn about the kinds of solutions AI can make possible and considerations for responsible AI practices.

2- Fundamentals of Generative AI

In this module, you explore the way in which language models enable AI applications and services to generate original content based on natural language input. You also learn how generative AI enables the creation of copilots that can assist humans in creative tasks.

  • Understand generative AI’s place in the development of artificial intelligence.
  • Understand language models and their role in intelligent applications.
  • Describe examples of copilots and good prompts.

3- Fundamentals of Responsible Generative AI

Generative AI enables amazing creative solutions, but must be implemented responsibly to minimize the risk of harmful content generation.

  • Describe an overall process for responsible generative AI solution development
  • Identify and prioritize potential harms relevant to a generative AI solution
  • Measure the presence of harms in a generative AI solution
  • Mitigate harms in a generative AI solution
  • Prepare to deploy and operate a generative AI solution responsibly

4- Describe Microsoft Copilot for Security

Get acquainted with Microsoft Copilot for Security. You are introduced to some basic terminology, how Microsoft Copilot for Security processes prompts, the elements of an effective prompt, and how to enable the solution.

  • Describe what Microsoft Copilot for Security is.
  • Describe the terminology of Microsoft Copilot for Security.
  • Describe how Microsoft Copilot for Security processes prompt requests.
  • Describe the elements of an effective prompt
  • Describe how to enable Microsoft Copilot for Security.

5- Describe the core features of Microsoft Copilot for Security

Microsoft Copilot for Security has a rich set of features. Learn about available plugins, promptbooks, the ways you can export and share information from Copilot, and much more.

  • Describe the features available in the standalone Copilot experience.
  • Describe the plugins available in Copilot.
  • Describe custom promptbooks.
  • Describe knowledge base connections.

6- Describe the embedded experiences of Microsoft Copilot for Security

Microsoft Copilot for Security is accessible directly from some Microsoft security products. This is referred to as the embedded experience. Learn about the scenarios supported by the Copilot embedded experience in Microsoft’s security solutions.

  • Describe Microsoft Copilot in Microsoft Defender XDR.
  • Describe Microsoft Copilot in Microsoft Purview.
  • Describe Microsoft Copilot in Microsoft Entra.
  • Describe Microsoft Copilot in Microsoft Intune.
  • Describe Microsoft Copilot in Microsoft Defender for Cloud.

7- Explore use cases of Microsoft Copilot for Security

Explore use cases of Microsoft Copilot for Security in the standalone and embedded experiences, through lab-like exercises.

  • “Set up Microsoft Copilot for Security.”
  • “Work with sources in Copilot.”
  • “Create a custom promptbook.”
  • “Use the capabilities of Copilot in Defender XDR.”
  • “Use the capabilities of Copilot in Microsoft Purview.”

Course Overview

This Fundamentals of Cisco Firewall Threat Defense and Intrusion Prevention (SFWIPF) course shows you how to implement and configure Cisco Secure Firewall Threat Defense for deployment as a next generation firewall at the internet edge. You’ll gain an understanding of Cisco Secure Firewall architecture and deployment, base configuration, packet processing and advanced options, and conducting Secure Firewall administration troubleshooting.

This training prepares you for the CCNP Security certification, which requires passing the 350-701 Implementing and Operating Cisco Security Core Technologies (SCOR) core exam and one concentration exam such as the 300-710 Securing Networks with Cisco Firepower (SNCF) concentration exam.

This course is worth 40 Continuing Education (CE) credits towards recertification.

Course Objectives

After completing this course you should be able to:

  • Describe Cisco Secure Firewall Threat Defense
  • Describe Cisco Secure Firewall Threat Defense Deployment Options
  • Describe management options for Cisco Secure Firewall Threat Defense
  • Configure basic initial settings on Cisco Secure Firewall Threat Defense
  • Configure high availability on Cisco Secure Firewall Threat Defense
  • Configure basic Network Address Translation on Cisco Secure Firewall Threat Defense
  • Describe Cisco Secure Firewall Threat Defense policies and explain how different policies influence packet processing through the device
  • Configure Discovery Policy on Cisco Secure Firewall Threat Defense
  • Configure and explain prefilter and tunnel rules in prefilter policy
  • Configure an access control policy on Cisco Secure Firewall Threat Defense
  • Configure security intelligence on Cisco Secure Firewall Threat Defense
  • Configure file policy on Cisco Secure Firewall Threat Defense
  • Configure Intrusion Policy on Cisco Secure Firewall Threat Defense
  • Perform basic threat analysis using Cisco Secure Firewall Management Center
  • Perform basic management and system administration tasks on Cisco Secure Firewall Threat Defense
  • Perform basic traffic flow troubleshooting on Cisco Secure Firewall Threat Defense
  • Manage Cisco Secure Firewall Threat Defense with Cisco Secure Firewall Threat Defense Manager

Course Content’

Introducing Cisco Secure Firewall Threat Defense

  • Need for a Firewall
  • Traditional Network Security and the New Reality
  • Cisco Secure Portfolio
  • Cisco Secure Firewall Threat Defense Features Overview
  • Cisco Secure Firewall Threat Defense Platform Overview
  • Cisco Secure Firewall Use Cases
  • Cisco Secure Firewall Smart Licensing

Describing Cisco Secure Firewall Threat Defense Deployment Options

  • Deployment Modes Overview
  • Firewall Deployment Mode
  • Configuring Global Interfaces
  • Configuring IPS Interfaces
  • Resilient and Scalable Design

Describing Cisco Secure Firewall Threat Defense Management Options

  • Cisco Secure Firewall Threat Defense Management Overview
  • Cisco Secure Firewall Management Center
  • Cisco Secure Firewall Threat Defense Device Manager
  • Cisco Defense Orchestrator 

Configuring Basic Network Settings on Cisco Secure Firewall Threat Defense

  • Initial Cisco Secure Firewall Threat Defense Setup
  • Cisco Secure Firewall Management Center Initial Setup
  • Cisco Secure Firewall Threat Defense Registration with Cisco Secure Firewall Management Center
  • Cisco Secure Firewall Threat Defense Device Management
  • Interfaces and Security Zones Configuration
  • Static Routing Configuration
  • Platform Settings Configuration
  • Health Policy

Configuring High Availability on Cisco Secure Firewall Threat Defense

  • Active/Standby Failover Overview
  • Stateless and Stateful Failover
  • Health Monitor Initiated Failover
  • Active/Standby Failover Configuration
  • Verify and Troubleshoot Active/Standby High Availability

Configuring Auto NAT on Cisco Secure Firewall Threat Defense

  • NAT Overview
  • AutoNAT Configuration

Describing Packet Processing and Policies on Cisco Secure Firewall Threat Defense

  • Objects Overview
  • Policies Overview
  • Cisco Secure Firewall Engines and Detailed Packet Processing

Configuring Discovery Policy on Cisco Secure Firewall Threat Defense

  • Discovery Policy Overview
  • Network Discovery Policy Configuration
  • Discovery Events and Host Profile Analysis

Configuring Prefilter Policy on Cisco Secure Firewall Threat Defense

  • Prefilter Policy Overview
  • Prefilter Policy Configuration
  • Connection Events Analysis

Configuring Access Control Policy on Cisco Secure Firewall Threat Defense

  • Access Control Policy Overview
  • Access Control Policy Rules and Rule Actions
  • Access Control Policy Deployment
  • Access Control Policy Best Practices

Configuring Security Intelligence on Cisco Secure Firewall Threat Defense

  • Security Intelligence Overview
  • Security Intelligence Objects
  • IP and URL Security Intelligence Configuration and Verification
  • DNS Security Intelligence Configuration and Verification

Configuring File Policy on Cisco Secure Firewall Threat Defense

  • File Policy Overview
  • Network Malware Protection and File Type Detection Architecture
  • File Policy Configuration
  • Malware and File Events Analysis

Configuring Intrusion Policy on Cisco Secure Firewall Threat Defense

  • IPS and Snort Introduction
  • Intrusion (Snort) Rule Introduction
  • Intrusion Policy Fundamentals
  • Creating Customizable (User Created) IPS Policies
  • Intrusion Event Overview

Performing Basic Threat Analysis on Cisco Secure Firewall Management Center

  • Events Overview
  • Indications of Compromise
  • Content Explorer
  • Dahsboards
  • Reports
  • Using the Unified Event Viewer
  • Threat Analysis Example

Managing Cisco Secure Firewall Threat Defense System

  • Update management
  • User Account Management
  • Backup of the System
  • Configuration Export and Import
  • Configuration Rollback

Troubleshooting Basic Traffic Flow

  • Cisco Secure Firewall Threat Defense CLI
  • Traffic Flow Troubleshooting Process and Tools
  • Traffic Flow Troubleshooting Examples

Cisco Secure Firewall Threat Defense Device Manager

  • Cisco Secure Firewall Threat Defense Device Manager Initial Configuration
  • Cisco Secure Firewall Threat Defense Device Manager Policies Overview

Labs:

  • Lab 1: Perform Initial Device Setup
  • Lab 2: Configure High Availability
  • Lab 3: Configure Network Address Translation
  • Lab 4: Configure Network Discovery
  • Lab 5: Configure Prefilter and Access Control Policy
  • Lab 6: Configure Security Intelligence
  • Lab 7: Implement File Control and Advanced Malware Protection
  • Lab 8: Configure Cisco Secure IPS
  • Lab 9: Detailed Analysis Using the Firewall Management Center
  • Lab 10: Manage Cisco Secure Firewall Threat Defense System
  • Lab 11: Secure Firewall Troubleshooting Fundamentals
  • Lab 12: Configure Managed Devices Using Cisco Secure Firewall Device Manager

Course Overview

In this course, you will learn how to use the most common FortiGate features.

In interactive labs, you will explore firewall policies, user authentication, high availability, SSL VPN, site-to-site IPsec VPN, Fortinet Security Fabric, and how to protect your network using security profiles, such as IPS, antivirus, web filtering, application control, and more. 

These administration fundamentals will provide you with a solid understanding of how to implement the most common FortiGate features.

Course Objectives

After completing this course, you will be able to: 

• Configure FortiGate basic networking from factory default settings. 

• Configure and control administrator access to FortiGate.

• Use the GUI and CLI for administration. 

• Control network access to configured networks using firewall policies.

• Apply port forwarding, source NAT, and destination NAT. 

• Analyze a FortiGate route table. 

• Route packets using policy-based and static routes for multi-path and load-balanced deployments.

• Authenticate users using firewall policies.

• Monitor firewall users from the FortiGate GUI. 

• Offer Fortinet Single Sign-On (FSSO) access to network services, integrated with Microsoft Active Directory (AD).

• Understand encryption functions and certificates.

• Inspect SSL/TLS-secured traffic to prevent encryption used to bypass security policies. 

• Configure security profiles to neutralize threats and misuse, including viruses, torrents, and inappropriate websites.

• Apply application control techniques to monitor and control network applications that might use standard or non-standard protocols and ports.

• Offer an SSL VPN for secure access to your private network. 

• Establish an IPsec VPN tunnel between two FortiGate devices. 

• Configure static routing.

• Configure SD-WAN underlay, overlay, and local breakout.

• Identify the characteristics of the Fortinet Security Fabric.

• Deploy FortiGate devices as an HA cluster for fault tolerance and high performance.

• Diagnose and correct common problems.

Course Content

1. System and Network Settings 

2. Firewall Policies and NAT 

3. Routing 

4. Firewall Authentication 

5. Fortinet Single Sign-On (FSSO) 

6. Certificate Operations 

7. Antivirus 

8. Web Filtering 

9. Intrusion Prevention and Application Control 

10. SSL VPN 

11. IPsec VPN 

12. SD-WAN Configuration and Monitoring 

13. Security Fabric 

14. High Availability 

15. Diagnostics and Troubleshooting

Course Overview

ForeScout Certified Associate training is a four-day course featuring instruction and includes hands-on labs in a simulated IT environment. Students learn how to establish security policies using all our available tools. Students will classify and control assets in a network environment and observe how CounterACT monitors and protects an enterprise network.

Course Content

Day One

  • Chapter 1: Introduction

A brief introduction to ForeScout’s vision and concepts of Network Access Control.

  • Chapter 2: Terms and Architecture

This lesson introduces students to commonly used terms such as plugin, segment, channel, organizational unit and general networking vocabulary.

  • Chapter 3: CounterACT Installation

Participants configure CounterACT for installation in a practical network environment, including configuring switch connectivity, Active Directory integration and account management. Lab included.

  • Chapter 4: Console Overview

This is a tour of the console to illustrate features and demonstrate navigation.
Day Two

  • Chapter 5: CounterACT Configuration

Detailed instructions for configuring CounterACT independent from first-time login. Plugins, Channel, Host Property Scanner, Switch Observe and configuration options are covered. Lab included.

  • Chapter 6: CounterACT Deployment

Students learn the best practices for a successful CounterACT deployment, including planning, defining project goals, appliance locations, layer 2 versus layer 3 installation, network integration and rollout strategies.

  • Chapter 7: Policy Overview

Students get a foundational overview of how to create policies and how they function within the CounterACT console.

  • Chapter 8: Classification

Students learn how to classify network assets in CounterACT. Lab included.
Day Three

  • Chapter 9: Clarification

Students learn how to identify the management capabilities of the hosts starting with established Classification groups. Lab included.

  • Chapter 10: Compliance

Students create policies to establish a network and endpoint compliance posture for a typical corporate environment. Lab included.

  • Chapter 11: Control

Students enforce a compliance posture by assigning network devices to Virtual Local Area Networks (VLANs) and Access Control Lists (ACLs), updating asset antivirus and patch levels, and enabling guest registration, ActiveResponse™ and Domain Name Service (DNS) Enforcement. Lab included.

  • Chapter 12: CounterACT Host Management

Students configure Windows, Linux and network endpoints with CounterACT. In addition, students will perform housekeeping tasks such as backups and appliance updates. Lab included.
Day Four

  • Chapter 13: CounterACT Administration

Students work with CounterACT appliance and CounterACT Enterprise Manager administration as well as console user management.

  • Chapter 14: Inventory, Assets, Reporting, Dashboard

Students learn to use the inventory, assets portal, reporting and dashboard. Lab included.

  • Chapter 15: Troubleshooting

This lesson introduces common troubleshooting methods used in a typical CounterACT deployment. Lab included.

Course Overview

This learning path will teach you the essentials of Microsoft Intune, advanced threat detection and response with Microsoft Copilot for Security, and how to optimize the integration between Intune and Copilot.

Course Content

1- Discover Microsoft Intune essentials

In this module, you’ll learn about Microsoft Intune, a comprehensive tool designed to manage and secure devices, applications, and data within an organization.

  • Understand the concept of Microsoft Entra join.
  • Explain the prerequisites, limitations, and benefits of Microsoft Entra join.
  • Join a device to Microsoft Entra ID.
  • Manage devices that are joined to Microsoft Entra ID.

2- Unlock Insights with Microsoft Copilot for Security

This module introduces Microsoft Copilot for Security, an AI-powered security solution designed to enhance the efficiency of security professionals.

  • Exploring Microsoft Copilot for Security: Features, Integration, and Use Cases
  • Exploring the Functionality and Integration of Microsoft Copilot for Security
  • Understanding Microsoft Copilot for Security: Standalone and Embedded Experiences
  • Deploying and Setting Up Microsoft Copilot for Security
  • Using and Creating Effective Prompts in Microsoft Copilot for Security
  • Using Promptbooks in Microsoft Copilot for Security
  • New Features and Enhancements in Copilot for Security – May 2024
  • Understanding Responsible AI Principles in Microsoft Copilot for Security

3- Optimize Microsoft Intune for Microsoft Copilot for Security Integration

Learn about Microsoft Security Copilot and Intune for securing corporate IT. Enhance security operations, get contextual responses, and improve incident response. Implement naming conventions and manage devices efficiently.

  • Use Microsoft Copilot for Security and Intune for Enhanced Endpoint Management and Security.
  • Understand and Implement Effective Device Naming Conventions.
  • Rename Devices in Microsoft Intune.
  • Create and Manage Groups in Microsoft Intune.
  • Understand Authentication and Role Assignment in Microsoft Copilot for Security.
  • Integrate and Use Microsoft Security Copilot with Microsoft Intune.
  • Create and Use Custom Prompts in Microsoft Security Copilot.
  • Create and Use Custom Prompts for Microsoft Intune.

Course Overview

Certified Threat Intelligence Analyst (C|TIA) is a training and credentialing program designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive specialist-level program that teaches a structured approach for building effective threat intelligence.

The program was based on a rigorous Job Task Analysis (JTA) of the job roles involved in the field of threat intelligence. This program differentiates threat intelligence professionals from other information security professionals. It is a highly interactive, comprehensive, standards-based, intensive 3-day training program that teaches information security professionals to build professional threat intelligence.

More than 40 percent of class time is dedicated to the learning of practical skills, and this is achieved through EC-Council labs. Theory to practice ratio for C|TIA program is 60:40, providing students with a hands-on experience of the latest threat intelligence tools, techniques, methodologies, frameworks, scripts, etc. C|TIA comes integrated with labs to emphasize the learning objectives.

The C|TIA lab environment consists of the latest operating systems including Windows 10 and Kali Linux for planning, collecting, analyzing, evaluating, and disseminating threat intelligence.

Course Objectives

After completing this course you should be able to understand:

  • Key issues plaguing the information security world
  • Importance of threat intelligence in risk management, SIEM, and incident response
  • Types of cyber threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
  • Fundamentals of threat intelligence (including threat intelligence types, lifecycle, strategy, capabilities, maturity model, frameworks, etc.)
  • Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
  • Various steps involved in planning a threat intelligence program (Requirements, Planning, Direction, and Review)
  • Different types of data feeds, sources, and data collection methods
  • Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
  • Bulk data collection and management (data processing, structuring, normalization, sampling, storing, and visualization)
  • Different data analysis types and techniques including statistical Data Analysis, Analysis of Competing Hypotheses (ACH), Structured Analysis of Competing Hypotheses (SACH), etc.)
  • Complete threat analysis process which includes threat modeling, fine-tuning, evaluation, runbook, and knowledge base creation
  • Different data analysis, threat modeling, and threat intelligence tools
  • Threat intelligence dissemination and sharing protocol including dissemination preferences, intelligence collaboration, sharing rules and models, TI exchange types and architectures, participating in sharing relationships, standards, and formats for sharing threat intelligence
  • Effective creation of threat intelligence reports
  • Different threat intelligence sharing platforms, acts, and regulations for sharing strategic, tactical, operational, and technical intelligence

Course Content

Introduction to Threat Intelligence

  • Understanding Intelligence
  • Understanding Cyber Threat Intelligence
  • Overview of Threat Intelligence Lifecycle and Frameworks

Cyber Threats and Kill Chain Methodology

  • Understanding Cyber Threats
  • Understanding Advanced Persistent Threats (APTs)
  • Understanding Cyber Kill Chain
  • Understanding Indicators of Compromise (IoCs)

Requirements, Planning, Direction, and Review

  • Understanding Organization’s Current Threat Landscape
  • Understanding Requirements Analysis
  • Planning Threat Intelligence Program
  • Establishing Management Support
  • Building a Threat Intelligence Team
  • Overview of Threat Intelligence Sharing
  • Reviewing Threat Intelligence Program

Data Collection and Processing

  • Overview of Threat Intelligence Data Collection
  • Overview of Threat Intelligence Collection Management
  • Overview of Threat Intelligence Feeds and Sources
  • Understanding Threat Intelligence Data Collection and Acquisition
  • Understanding Bulk Data Collection
  • Understanding Data Processing and Exploitation

Data Analysis

  • Overview of Data Analysis
  • Understanding Data Analysis Techniques
  • Overview of Threat Analysis
  • Understanding Threat Analysis Process
  • Overview of Fine-Tuning Threat Analysis
  • Understanding Threat Intelligence Evaluation
  • Creating Runbooks and Knowledge Base
  • Overview of Threat Intelligence Tools

Intelligence Reporting and Dissemination

  • Overview of Threat Intelligence Reports
  • Introduction to Dissemination
  • Participating in Sharing Relationships
  • Overview of Sharing Threat Intelligence
  • Overview of Delivery Mechanisms
  • Understanding Threat Intelligence Sharing Platforms
  • Overview of Intelligence Sharing Acts and Regulations
  • Overview of Threat Intelligence Integration

Course Overview

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.

This is the recommended training for those students looking to achieve the EC-Council Certified SOC Analyst Certification

Course Objectives

After completing this course you should be able to:

  • Articulate SOC processes, procedures, technologies, and workflows.
  • Understand and security threats, attacks,vulnerabilities, attacker’s behaviors, cyber kill chain, etc.
  • Recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
  • Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
  • Apply Centralized Log Management (CLM) processes.
  • Perform Security events and log collection, monitoring, and analysis.
  • Understand Security Information and Event Management.
  • Administer SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
  • Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/ AlienVault/OSSIM/ELK).
  • Gain hands-on experience on SIEM use case development process.
  • Develop threat cases (correlation rules), create reports, etc.
  • Recognize use cases that are widely used across the SIEM deployment.
  • Plan, organize, and perform threat monitoring and analysis in the enterprise.
  • Monitor emerging threat patterns and perform security threat analysis.
  • Gain hands-on experience in alert triaging process.
  • Escalate incidents to appropriate teams for additional assistance.
  • Use a Service Desk ticketing system.
  • Prepare briefings and reports of analysis methodology and results.
  • Integrate threat intelligence into SIEM for enhanced incident detection and response.
  • Make use of varied, disparate, constantly changing threat information.
  • Articulate knowledge of Incident Response Process.
  • Understand SOC and IRT collaboration for better incident response.

Course Content

SOC Essential Concepts

  • Computer Network Fundamentals
  • TCP/IP Protocol Suite
  • Application Layer Protocols
  • Transport Layer Protocols
  • Internet Layer Protocols
  • Link Layer Protocols
  • IP Addressing and Port Numbers
  • Network Security Controls
  • Network Security Devices
  • Windows Security
  • Unix/Linux Security
  • Web Application Fundamentals
  • Information Security Standards, Laws and Acts

Security Operations and Management

  • Security Management
  • Security Operations
  • Security Operations Center (SOC)
  • Need of SOC
  • SOC Capabilities
  • SOC Operations
  • SOC Workflow
  • Components of SOC: People, Process and Technology
  • People
  • Technology
  • Processes
  • Types of SOC Models
  • SOC Maturity Models
  • SOC Generations
  • SOC Implementation
  • SOC Key Performance Indicators
  • Challenges in Implementation of SOC
  • Best Practices for Running SOC
  • SOC vs NOC

Understanding Cyber Threats, IoCs and Attack Methodology

  • Cyber Threats
  • Intent-Motive-Goal
  • Tactics-Techniques-Procedures (TTPs)
  • Opportunity-Vulnerability-Weakness
  • Network Level Attacks
  • Host Level Attacks
  • Application Level Attacks
  • Email Security Threats
  • Understanding Indicators of Compromise
  • Understanding Attacker’s Hacking Methodology

Incidents, Events and Logging

  • Incident
  • Event
  • Log
  • Typical Log Sources
  • Need of Log
  • Logging Requirements
  • Typical Log Format
  • Logging Approaches
  • Local Logging
  • Centralized Logging

Incident Detection with Security Information and Event Management (SIEM)

  • Security Information and Event Management (SIEM)
  • Security Analytics
  • Need of SIEM
  • Typical SIEM Capabilities
  • SIEM Architecture and Its Components
  • SIEM Solutions
  • SIEM Deployment
  • Incident Detection with SIEM
  • Examples of Commonly Used Use Cases Across all SIEM deployments
  • Handling Alert Triaging and Analysis

Enhanced Incident Detection with Threat Intelligence

  • Understanding Cyber Threat Intelligence
  • Why-Threat Intelligence-driven SOC?

Incident Response

  • Incident Response
  • Incident Response Team (IRT)
  • Where does IRT Fit in the Organisation
  • SOC and IRT Collaboraton
  • Incident Response (IR) Process Overview
  • Step 1: Preparation for Incident Response
  • Step 2: Incident Recording and Assignment
  • Step 3: Incident Triage
  • Step 4: Notification
  • Step 5: Containment
  • Step 6: Evidence Gathering and Forensic Analysis
  • Step 7: Eradication
  • Step 8: Recovery
  • Step 9: Post-Incident Activities
  • Responding to Network Security Incidents
  • Responding to Application Security Incidents
  • Responing to Email Security Incidents
  • Responding to Insider Incidents
  • Responding to Malware Incidents

Course Overview

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.

This is the recommended training for those students looking to achieve the EC-Council Certified SOC Analyst Certificati

Course Objectives

After completing this course you should be able to:

  • Articulate SOC processes, procedures, technologies, and workflows.
  • Understand and security threats, attacks,vulnerabilities, attacker’s behaviors, cyber kill chain, etc.
  • Recognize attacker tools, tactics, and procedures to identify indicators of compromise (IOCs) that can be utilized during active and future investigations.
  • Monitor and analyze logs and alerts from a variety of different technologies across multiple platforms (IDS/IPS, end-point protection, servers and workstations).
  • Apply Centralized Log Management (CLM) processes.
  • Perform Security events and log collection, monitoring, and analysis.
  • Understand Security Information and Event Management.
  • Administer SIEM solutions (Splunk/AlienVault/OSSIM/ELK).
  • Understand the architecture, implementation and fine tuning of SIEM solutions (Splunk/ AlienVault/OSSIM/ELK).
  • Gain hands-on experience on SIEM use case development process.
  • Develop threat cases (correlation rules), create reports, etc.
  • Recognize use cases that are widely used across the SIEM deployment.
  • Plan, organize, and perform threat monitoring and analysis in the enterprise.
  • Monitor emerging threat patterns and perform security threat analysis.
  • Gain hands-on experience in alert triaging process.
  • Escalate incidents to appropriate teams for additional assistance.
  • Use a Service Desk ticketing system.
  • Prepare briefings and reports of analysis methodology and results.
  • Integrate threat intelligence into SIEM for enhanced incident detection and response.
  • Make use of varied, disparate, constantly changing threat information.
  • Articulate knowledge of Incident Response Process.
  • Understand SOC and IRT collaboration for better incident response.

Course Content

SOC Essential Concepts

  • Computer Network Fundamentals
  • TCP/IP Protocol Suite
  • Application Layer Protocols
  • Transport Layer Protocols
  • Internet Layer Protocols
  • Link Layer Protocols
  • IP Addressing and Port Numbers
  • Network Security Controls
  • Network Security Devices
  • Windows Security
  • Unix/Linux Security
  • Web Application Fundamentals
  • Information Security Standards, Laws and Acts

Security Operations and Management

  • Security Management
  • Security Operations
  • Security Operations Center (SOC)
  • Need of SOC
  • SOC Capabilities
  • SOC Operations
  • SOC Workflow
  • Components of SOC: People, Process and Technology
  • People
  • Technology
  • Processes
  • Types of SOC Models
  • SOC Maturity Models
  • SOC Generations
  • SOC Implementation
  • SOC Key Performance Indicators
  • Challenges in Implementation of SOC
  • Best Practices for Running SOC
  • SOC vs NOC

Understanding Cyber Threats, IoCs and Attack Methodology

  • Cyber Threats
  • Intent-Motive-Goal
  • Tactics-Techniques-Procedures (TTPs)
  • Opportunity-Vulnerability-Weakness
  • Network Level Attacks
  • Host Level Attacks
  • Application Level Attacks
  • Email Security Threats
  • Understanding Indicators of Compromise
  • Understanding Attacker’s Hacking Methodology

Incidents, Events and Logging

  • Incident
  • Event
  • Log
  • Typical Log Sources
  • Need of Log
  • Logging Requirements
  • Typical Log Format
  • Logging Approaches
  • Local Logging
  • Centralized Logging

Incident Detection with Security Information and Event Management (SIEM)

  • Security Information and Event Management (SIEM)
  • Security Analytics
  • Need of SIEM
  • Typical SIEM Capabilities
  • SIEM Architecture and Its Components
  • SIEM Solutions
  • SIEM Deployment
  • Incident Detection with SIEM
  • Examples of Commonly Used Use Cases Across all SIEM deployments
  • Handling Alert Triaging and Analysis

Enhanced Incident Detection with Threat Intelligence

  • Understanding Cyber Threat Intelligence
  • Why-Threat Intelligence-driven SOC?

Incident Response

  • Incident Response
  • Incident Response Team (IRT)
  • Where does IRT Fit in the Organisation
  • SOC and IRT Collaboraton
  • Incident Response (IR) Process Overview
  • Step 1: Preparation for Incident Response
  • Step 2: Incident Recording and Assignment
  • Step 3: Incident Triage
  • Step 4: Notification
  • Step 5: Containment
  • Step 6: Evidence Gathering and Forensic Analysis
  • Step 7: Eradication
  • Step 8: Recovery
  • Step 9: Post-Incident Activities
  • Responding to Network Security Incidents
  • Responding to Application Security Incidents
  • Responing to Email Security Incidents
  • Responding to Insider Incidents
  • Responding to Malware Incidents

Course Overview

The purpose of the CSCU training program is to provide individuals with the necessary knowledge and skills to protect their information assets. This class will immerse students into an interactive environment where they will acquire a fundamental understanding of various computer and network security threats such as identity theft, credit card fraud, online banking phishing scams, virus and backdoors, emails hoaxes, sex offenders lurking online, loss of confidential information, hacking attacks and social engineering. More importantly, the skills learned from the class helps students take the necessary steps to mitigate their security exposure.

This course prepares an individual to sit for CSCU exam 112-12 This certification is an excellent complement to educational offerings in the domain of security and networking.

Course Objectives

Educational institutions can provide greater value to students by providing them not only with one of the most updated courses available today, but also a certification that empowers students in the corporate world.

Course Content

Introduction to Security
Securing Operating Systems
Malware and Antivirus
Internet Security
Security on Social Networking Sites
Securing Email Communications
Securing Mobile Devices
Securing the Cloud
Securing Network Connections
Data Backup and Disaster Recovery