Continuous Monitoring and Security Operations
This course assesses the current state of security architecture and continuous monitoring, and provides a new approach to security architecture that can be easily understood and defended. When students finish, they have a list of action items in hand for making their organization one of the most effective vehicles for frustrating adversaries. Students are able to assess deficiencies in their own organization’s security architectures and affect meaningful changes that are continuously monitored for deviations from their expected security posture.( Online classes available)
Course Key Learnings:
- Analyze modern hybrid enterprises for deficient protection/detection strategies
- Apply the principles learned in the course to design a defensible cloud, network, and endpoint security architecture and operations
- Understand the importance of detection-dominant security architecture and Security Operations Centers (SOC) for hybrid enterprises
- Identify the key components of cloud, network, and endpoint protection and monitoring across hybrid infrastructure
- Determine appropriate security monitoring needs for organizations of all sizes
Business Takeaways
This course will help your organization:
- Enable effective cloud, network, and endpoint protection and detection strategies
- Design defensible security architecture and operations for modern hybrid enterprises
- Materially improve your organization’s security operations capabilities
- Identify protection and detection gaps across hybrid infrastructure
- Maximize the capabilities of current infrastructure and assets
- Make sense of data to enable the detection of potential intrusions or unauthorized actions rapidly
Course Content:
Module1: Current State Assessment and Security Architecture
We begin with the end in mind by defining the key techniques and principles that will allow us to get there.
An effective modern Security Operations Center (SOC) or security architecture must enable an organization’s
ability to rapidly find intrusions to facilitate containmentand response. Both significant knowledge and a
commitment to continuous monitoring are required to achieve this goal.
Topics
- Current State Assessment, SOCs, and Security
- Architecture; Modern Security Architecture Principles;
- Frameworks and Enterprise Security Architecture; Security
- Architecture – Key Techniques/Practices
Module2: Network Security Architecture
Understanding the problems with the current environment and realizing where we need to get to is far from sufficient; we need a detailed roadmap to bridge the gap between the current and desired state.
Section 2 introduces and details the components of our infrastructure that become part of a defensible network security architecture and SOC. We are long past the days when a perimeter firewall and ubiquitous antivirus were sufficient security. There are many pieces and moving parts that make up a modern
defensible security architecture.
Topics
- SOCs/Security Architecture – Key Infrastructure
- Devices; Segmented Internal Networks; Defensible
- Network Security Architecture Principles Applied
Module 3: Network Security Monitoring
Designing a SOC or security architecture that enhancesvisibility and detection capabilities represents a paradigmshift for most organizations. However, the design is simplythe beginning. The most important element of a modern
security architecture is the emphasis on detection. The network security architecture presented in days one
and two emphasized baking visibility and detection capabilities into the design. Now we must figure out
how to look at the data and continuously monitor the enterprise for evidence of compromise or changes that increase the likelihood of compromise.
TOPICS:
- Continuous Monitoring Overview;
- Network
- Security Monitoring (NSM);
- Practical NSM Issues;
- Cornerstone NSM
Module4: : Endpoint Security Architecture
One of the hallmarks of modern attacks is an emphasis on client-side exploitation. The days of breaking into networks via direct frontal assaults on unpatched mail, web, or DNS servers are largely behind us. We must
focus on mitigating the risk of compromise of clients. Section four details ways in which endpoint systems
can be both more resilient to attack and also enhance detection capabilities.
TOPICS:
- Security Architecture
- Endpoint Protection;
- Dangerous Endpoin
- Applications; Patching
Module5: : Automation and Continuous
Security Monitoring Network Security Monitoring (NSM) is the beginning; we need to not only detect active intrusions and unauthorized actions, but also know when our systems, networks, and applications are at an increased likelihood
for compromise. A strong way to achieve this is through Continuous Security Monitoring (CSM) or Continuous
Diagnostics and Mitigation (CDM). Rather than waiting for the results of a quarterly scan or an annual penetration
test to determine what needs to be addressed, continuous monitoring proactively and repeatedly
assesses and reassesses the current security posture for potential weaknesses that need to be addressed.
TOPICS:
- CSM Overview; Industry Best Practices;
- Winning CSM Techniques; Maintaining Situational
- Awareness; Host, Port and Service Discovery;
- Vulnerability Scanning; Monitoring Patching; Monitoring
- Applications; Monitoring Service Logs; Monitoring
- Change to Devices and Appliances; Leveraging Proxy and Firewall Data; Configuring Centralized Windows
- Event Log Collection
- Monitotoring Critical Windows
- Events; Scripting and Automation
Module6: : Capstone: Design, Detect, Defend
The course culminates in a team-based design, detect, and defend the flag competition that is a full day of
hands-on work applying the principles taught throughout the week.
TOPICS:
- Security Architecture; Assessing Provided
- Architecture; Continuous Security Monitoring;
- UsingTools/Scripts Assessing the Initial State
- Quickly Thoroughly Find All Changes Made
Prerequisites
- Basic understanding of network protocols and devices
- Experience with Linux and Windows from the command line
International Student Fee: 500 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
🎥 Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
Security Awareness – Managing Human Risk
Introduction to Cyber Security
Implementing and Auditing Security Frameworks and Controls
Security Essentials – Network, Endpoint, and Cloud
Hacker Tools, Techniques, and Incident Handling
Network Monitoring and Threat Detection In-Depth
Leadership Essentials -Security Leadership Essentials for Managers
Enterprise Penetration Testing