Security Automation for Offense, Defense, and Cloud
Security Automation for Offense, Defense, and Cloud will equip you with the expertise to apply automated solutions to prevent, detect, and respond to security incidents. Students first train to understand the concept of automation, then learn how existing technologies can be best leveraged to build automation stories that translate repeatable problems to automated scripts.
Course Key Learnings:
- Prevention, detection, and response for specific attack techniques used by real-world adversaries and penetration testers
- Offensive and defensive perspectives of these attack techniques through hands-on exercises
- How to translate repeatable activities into automated tasks
- How to improve the efficiency and effectiveness of a security operations team
- Cloud security automation in AWS and Azure
- Where to apply security automation and how to properly engineer your environment for automation
- The power of leveraging automation in purple team exercises
Skills Gained:
- Understand the security issues that most organizations are facing today.
- Translate security issues into smaller problems, define automated solutions for those specific problems, and then fully chain features that can be used to tackle multiple issues in an automated manner.
- Use tools like Terraform, Ansible, CHEF Puppet, and many more to locally automate secure configurations, set a desired-state configuration, deploy infrastructure as code in different environments, and detect and respond to security incidents in an automated manner.
- Evaluate real-world scenarios within a combination of on-premise and cloud environments using a reference framework that can be immediately used and implemented in your organization.
Course content:
Module1: SEC598.1: Security Automation Concepts
Overview
Section one lays the foundation for the remainder of the course by explaining overall security automation concepts and how they can be used within different environments and technology stacks. Concepts to be discussed include automation triggers, desired state configuration and security automation, and SOAR.
Exercises
- Lab 1.1: Red Team Exercise
- Lab 1.2: Desired State Configuration
- Lab 1.3: Linking Triggers to Automation Scripting
- Lab 1.4: Defining Your First Automation Playbook
Topics
Course Outline and Lab Setup
- Course Objective and Lab Environment
- Why Security Automation Matters
- Introducing GLOBEX Automation
Security Architecture and Configuration
- Current State of Enterprise Architecture
- Infrastructure as Code
- Desired State Configuration
Security Automation Fundamentals
- Triggers for Automation
- Automation Playbooks
- Automated Incident Response
- How to Apply SOAR and SOEL
Module2: Security Automation Engineering
Overview
Section two focuses on security task automation in your infrastructure and explains how security automation can be engineered with built-in scripting and configuration management tooling. We will analyze how PowerShell can be used for desired state configuration to detect and respond to system misconfigurations. We will also look at what you can achieve with infrastructure as code tooling and a variety of SOAR tools. Finally, we will discuss playbook design and development for automated incident handling and mitigation techniques.
Exercises
- LAB 2.1: PowerShell OS Hardening
- LAB 2.2: Hardening with Ansible
- LAB 2.3: Creating a Cortex Analyzers Responder
- LAB 2.4: XSOAR Playbook Development
Topics
- Automating Security Hardening
- PowerShell Basics
- Configuration Management Tooling
- Security Orchestration and Automation
- Security Automation with Python
- Security Orchestration Tools
- SOAR Playbooks
- Automated Security Controls
- Automating Security Compliance
- Automating Security Hardening
- Introduction to Cloud Environments
- Cloud 101A
Module3: Security Automation in the Cloud
Overview
Sections one and two covered security automation based largely on on-premise technology stacks, so in section three we will move towards cloud native automation tooling. Attendees will gain an in-depth understanding of cloud native technologies used for security automation. We will zoom into blueprinting, compliance validation, and automated remediation by using real-world examples of cloud misconfigurations.
Exercises
- Lab 3.1: Detecting an Exposed Server with Azure Policy
- Lab 3.2: Creating Automated Actions in Azure
- Lab 3.3 Locking Down an Azure Storage Account
- Lab 3.4: Using the Amazon Web Services (AWS) Configuration Rule
- Lab 3.5: Integrating AWS/Azure with Third-Party API
- Lab 3.6: Deploying Reference Architecture with ARM Templates and the AWS CloudFormation Template
Topics
Introduction to the Cloud
- Azure Basics
- AWS Basics
Microsoft Azure Automation
- Azure Policy and Blueprinting
- Security Monitoring and Automation Triggers
- How to Automate within Microsoft Cloud Environments
- Logic App and Azure Functions
AWS Automation
- AWS Configuration
- Security Monitoring via CloudWatch and CloudTrail
- How to Automate within AWS
Bringing It All Together
- Reference Architectures and Blueprints
Module4 : Offensive Security Automation
Overview
In section four, we will use the automation techniques we learned in previous sections for offensive security automation activities. This section presents examples on how to automate offensive techniques used by real-world adversaries and goes on to explain how chaining attack techniques can be used to emulate these adversaries.
Exercises
- Lab 4.1: Configuring the Atomic Red Team
- Lab 4.2: Fully Automating Adversary Techniques
- Lab 4.3: Using Caldera to Run a Breach Exercise
Topics
Introduction
- History of Offensive Security
- Introduction to Purple Teaming
- The MITRE ATT&CK Framework
Automating Offensive Security Testing
- Focus of Automation within Offensive Security
- Automated ATT&CK Testing with SOAR and the Atomic Red Team
Emulating Real-World Cyber Attacks
- Adversary Emulation
- Autonomous Breach-and-Simulation Exercise
Chaining Techniques and Automating Adversaries
Organizing Chaos
- Creating Your Automated Chaos (Netflix Use Case)
Offensive Security in the Cloud
- Automated Testing for Cloud
Module5: Defensive Security Automation
Overview
Section five focuses on defensive security controls and how we use automation to prevent, detect, and respond to security incidents. Students will gain an in-depth understanding of how attacks can be detected and how to enrich incidents to minimize false positives and automatically trigger responses.
Exercises
- Lab 5.1: Creating an Incident Response Playbook in PowerShell
- Lab 5.2: Creating an Incident Response Playbook using XSOAR
- Lab 5.3: Terraform in Action: Secured Infrastructure
- Lab 5.4: Detecting a Specific APT with Known Techniques and Automating Security Controls to Detect and Respond to This Attack
Module6:: Security Automation Capstone
Overview
The final course section is a capstone event where students can apply and reinforce all the skills they’ve learned in a friendly, competitive environment. The capstone is a full day of challenging hands-on work applying the principles taught throughout the course. Your team will progress through multiple levels and missions designed to ensure the presence of detection and defensive capabilities.
Topics
- Applying Previously Covered Security Controls In-Depth
- Applying and Fine-Tuning Detection Capabilities and Using Automation to Reduce the False Positive Ratio
- Configuration Management Tools
- Infrastructure as Code Templates
- XSOAR Playbook Development
- AWS Configuration Rules and ARM Templates
International Student Fee: 850 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses
Purple Team Tactics – Adversary Emulation for Breach Prevention & Detection
Blue Team Fundamentals: Security Operations and Analysis
Advanced Security Essentials – Enterprise Defender
Securing Windows and PowerShell Automation
Security Automation with PowerShell