Advanced Security Essentials – Enterprise Defender
Become an Enterprise Defender! Enhance your knowledge and skills in the specific areas of network architecture defense, penetration testing, security operations, digital forensics and incident response, and malware analysis. : Advanced Security Essentials – Enterprise Defender is an essential course for members of security teams of all sizes. That includes smaller teams where you wear several (or all) hats and need a robust understanding of many facets of cybersecurity, and larger teams where your role is more focused, and gaining skills in additional areas adds to your flexibility and opportunities. This course concentrates on showing you how to examine the traffic that is flowing on your networks, look for indications of an attack, and perform penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs. (Online classes available)
Course Key Learnings
- Core components of building a defensible network infrastructure and properly securing your routers, switches, and other network infrastructure
- Formal methods to perform vulnerability assessment and penetration testing to find weaknesses on your enterprise network
- Methods to detect advanced attacks against your network and indicators of compromise on deployed systems, including the forensically sound collection of artifacts and what you can learn from them
- How to respond to an incident using the six-step process of incident response: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
- Approaches to analyzing malware, ranging from fully automated techniques to the manual analysis of static properties, interactive behavior, and code reversing
BUSINESS TAKEAWAYS
This course will help your organization:
- Improve the effectiveness, efficiency, and success of cybersecurity initiatives
- Build defensible networks that minimize the impact of attacks
- Identify your organization’s exposure points to ultimately prioritize and fix the vulnerabilities, increasing the organization’s overall security
Course Content
Module1: Defensible Network Architecture
Overview
Section 1 will focus on security in the design and configuration of various enterprise infrastructures. From a security perspective, proper design and configuration protects both the components being configured and the rest of the enterprise that depends on that gear to defend other components from attacks. In other words, a good house needs a good foundation!
We will discuss published security benchmarks, vendor guidance to secure various products, and regulatory requirements and how they impact defending infrastructure against specific attacks. To illustrate these points, we will look in detail at securing and defending a router infrastructure against a number of device- and network-based attacks. Securing private and public cloud infrastructure against common attacks will also be discussed.
Exercises
- Initial Router Configuration and Audit
- Securing AAA
- Securing Redundancy Protocols
- Log Infrastructure in Defense
- Defending Routing Protocols
- Final Router Hardening Steps/Audit
Topics
- Security Standards and Audit
- Authentication, Authorization, and Accounting
- Defending Network Infrastructure
- Intrusion Prevention Systems and Firewalls
- Name Resolution Attacks and Defense
- Securing Private and Public Cloud Infrastructure
Module2: Penetration Testing
Overview
Security is all about understanding, mitigating, and controlling the risk to an enterprise’s critical assets. An enterprise must understand the changing threat landscape and have the capacity to compare it against its own vulnerabilities that could be exploited to compromise the environment. This second course section will present the variety of tests that can be run against an enterprise and show how to perform effective penetration tests to better understand the security posture for network services, operating systems, and applications. In addition, we will talk about social engineering and reconnaissance activities to better emulate increasingly prevalent threats to users.
Exercises
- Network Scanning Fundamentals
- Scanning with Nessus
- Exploitation and Metasploit Basics
- Metasploit and Pivoting
- Basic Web App Scans and Attacks
Topics
- Penetration Testing Scoping and Rules of Engagement
- Online Reconnaissance
- Social Engineering
- Network Mapping and Scanning Techniques
- Enterprise Vulnerability Scanning
- Network Exploitation Tools and Techniques
- Post-Exploitation and Pivoting
- Web Application Exploitation Tools and Techniques
- Reporting and Debriefing
Module3: Security Operations Foundations
Overview
“Prevention is ideal, but detection is a must” is a critical motto for security professionals. However, because of the changing landscape of attacks, detecting them is an ongoing challenge. Today’s attacks are stealthier and more difficult to find than ever before. Only by understanding the core principles of traffic analysis can you become a skilled analyst capable of differentiating between normal and attack traffic. New attacks are surfacing all the time, so security professionals must be able to write intrusion detection rules that detect the latest attacks before they compromise a network environment.
Exercises
- Analyzing PCAPs with tcpdump
- Attack Analysis with Wireshark
- Snort Basics
- Detecting Malicious Activity with Security Onion
- Security Analytics with SOF-ELK
Topics
- Network Security Monitoring
- Advanced Packet Analysis
- Network Intrusion Detection/Prevention
- Writing Signatures for Detection
- Network Forensics and More
- Event Management Introduction
- Continuous Monitoring
- Logging and Event Collection and Analysis
- SIEM and Analytics
Module4: Digital Forensics and Incident Response
Overview
“Bad guy elimination” is the core mission for Digital Forensics and Incident Response (DFIR) professionals. Incidents happen, and enterprises rely on these professional responders to find, scope, contain, and eradicate evil from their networks. Investigators employ DFIR practices to determine what happened. DFIR teams conduct investigations to find evidence of compromise, remediate the environment, and provide data to generate local threat intelligence for operations teams in order to continuously improve detection. While traditionally seen as a finite process, incident response is now viewed as ongoing, with DFIR professionals searching for evidence of an attacker that has existed in the environment without detection by applying new threat intelligence to existing evidence. This is the crux of the concept known as “threat hunting.”
Exercises
- Active Defense: Honeyports
- Data Recovery with FTK Imager and Photorec
- Discovering Artifacts
- Ransomware Timeline Analysis
- Ransomware Network Analysis
Topics
- Active Defense
- DFIR Core Concepts: Digital Forensics
- DFIR Core Concepts: Incident Response
- Modern DFIR
- Widening the Net: Scaling and Scoping
Module 5: Malware Analysis
Overview
Malicious software is responsible for many incidents in almost every type of enterprise. Types of malware vary widely, from Ransomware and Rootkits to Crypto Currency Miners and Worms. We will define each of the most popular types of malware and walk through multiple examples. The four primary phases of malware analysis will be covered: Fully Automated Analysis, Static Properties Analysis, Interactive Behavior Analysis, and Manual Code Reversing. You will complete various in-depth labs requiring you to fully dissect a live Ransomware specimen from static analysis through code analysis. You will get hands-on experience with tricking the malware through behavior analysis techniques, and in decrypting files encrypted by Ransomware by extracting the keys through reverse engineering. All steps are well defined and tested to ensure that the process to achieve these goals is actionable and digestible.
Exercises
- Static Properties Analysis of Ransomware
- Interactive Behavior Analysis of RansomwarePart I
- Interactive Behavior Analysis of RansomwarePart II
- Manual Code Reversing of Ransomware
Topics
- Introduction to Malware Analysis
- Malware Analysis Stages: Fully Automated and Static Properties Analysis
- Malware Analysis Stages: Interactive Behavior Analysis
- Malware Analysis Stages: Manual Code Reversing
Module6 Enterprise Defender Capstone
Overview
The concluding section of the course will serve as a real-world challenge for students by requiring them to work in teams, use the skills they have learned throughout the course, think outside the box, and solve a range of problems from simple to complex. A web server scoring system and Capture-the-Flag engine will be provided to score students as they submit flags to score points. More difficult challenges will be worth more points. In this defensive exercise, challenges include packet analysis, malware analysis, and other challenges related to the course material.
International Student Fee: 950 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Course
Blue Team Fundamentals: Security Operations and Analysis
Practical Open-Source Intelligence (OSINT)
Securing Windows and PowerShell Automation
Automating Information Security with Python
Security Automation with PowerShell