Automated Network Defense Training
Course Authors
Automated Network Defense Training Hands-on (Online, Onsite, and Classroom Live)
| Commitment | 5 Days, 7-8 hours a day. |
| Language | English |
| User Ratings | Average User Rating 4.8 See what learners said |
| Price | REQUEST |
| Delivery Options | Instructor-Led Onsite, Online, and Classroom Live |
COURSE OVERVIEW
Learn how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques.
Automated Network Defense Training: Cyber threats are increasing at an alarming rate every year and the ability of organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection/ Prevention System (IDS/IPS) affords security administrators the ability to automate the process of identifying attacks among the thousands of connections on their network, provided the system is properly configured and the signatures are well-written.
This Automated Network Defense Training course teaches how to defend enterprise infrastructure at scale using a combination of tools and platforms such as IDS/IPS, firewalls, and SIEMs. Configuring and tuning these systems properly maximize their effectiveness at catching and stopping threats while reducing alert fatigue for analysts and responders. Students learn to identify gaps in coverage, write basic and complex signatures, manage rule sets for optimization, use chain rules to detect multistage events, and implement decoding and fingerprinting capabilities to overcome evasion techniques.
WHAT'S INCLUDED?
- 5 days of Automated Network Defense Training with an expert instructor
- Automated Network Defense Electronic Course Guide
- Certificate of Completion
- 100% Satisfaction Guarantee
RESOURCES
- Automated Network Defense – https://www.wiley.com/
- Automated Network Defense Training – https://www.packtpub.com/
- Automated Network Defense – https://store.logicaloperations.com/
- Automated Network Defense Training – https://us.artechhouse.com/
- Automated Network Defense Training – https://www.amazon.com/
RELATED COURSES
- Advanced Computer Forensics Training
- Advanced Digital Forensics, Incident Response, and Threat Hunting Training
- Advanced Reverse Engineering Malware Training
- Advanced Smartphone Forensics Training
- Malicious Network Traffic Analysis Training
- Network Traffic Analysis Training
- PowerShell Automation and Windows Security Training
- Smartphone Security and Forensics Training
- Windows Exploitation and Analysis (WEA) Training
ADDITIONAL INFORMATION
COURSE OBJECTIVES
Upon completing this Automated Network Defense Training course, learners will be able to meet these objectives:
- Explain the benefits and limitations of different security technologies (IDS/IPS, firewalls, VPNs, web proxies, etc.)
- Identify optimal platform deployment and gaps in coverage
- Write basic and complex IDS signatures to identify malicious traffic flows, and tune them to reduce false positives
- Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
- Apply decoding and other tools to overcome attacker evasion techniques
- Implement automated fingerprinting of encrypted traffic flows to detect anomalous or malicious flows
CUSTOMIZE IT
- We can adapt this Automated Network Defense Training course to your group’s background and work requirements at little to no added cost.
- If you are familiar with some aspects of this Automated Network Defense course, we can omit or shorten their discussion.
- We can adjust the emphasis placed on the various topics or build the Automated Network Defense Course around the mix of technologies of interest to you (including technologies other than those included in this outline).
- If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Automated Network Defense course in a manner understandable to lay audiences.
AUDIENCE/TARGET GROUP
The target audience for this Automated Network Defense Training course:
- Incident Responders who need to understand and react to IDS alerts
- Network Defenders seeking to automate threat detection
- IDS administrators who wish to improve their signature writing skills
- Security Operations Center Staff seeking to automate traffic analysis
- Penetration Testers looking to reduce their network visibility
CLASS PREREQUISITES
The knowledge and skills that a learner must have before attending this Automated Network Defense Training course are:
- TCP/IP Networking
- Network Forensics and Investigation
COURSE SYLLABUS
Automated Network Defense Training
- Intrusions
- Common Threats
- Intrusion Detection
- Introduction to Snort
- Introduction to Bro
- Snort Configuration and Variables
- Snort Output
- Output Plugins
- Signature Writing
- Snort Rule Options
- The Detect Offset Pointer (DOE)
- DOE Content Modifiers
- DOE Rule Options
- Snort Packet Header Rule Options
- Pre-Processors
- Post Detection
- Effective Rule Writing
- Perl Compatible Regular Expressions
- Tracking State Across Sessions Using Flowbits
Student Practical:
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false positives and limit excessive events.
Labs
- Setup and Configure an IDS to match a network topology map
- Define Network Variables
- Configure Output Statements
- Write over 30 Signatures
- Analyze and Write Signatures based attack patterns
- Tune signatures to reduce false positives and false negatives
