Overview
Overview
Thank you for reading this post, don't forget to subscribe!This course is designed to teach students how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network and will help prepare students for the Cisco Cybersecurity Specialist exam (600-199 SCYBER).
Audience Profile
This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.
Prerequisite(s) Recommended
Cisco® Interconnecting Cisco® Networking Devices Part 1 v3.0 (ICND1)
Learning Objectives
This lab-intensive training course prepares you to take the Cyber Security Specialist Certification exam (exam ID = 600-199) and to hit the ground running as a security analyst team member.
Course Outline
Course Outline
Module 1: Attacker Methodology
Lessons
• Defining the Attacker Methodology
• Identifying Malware and Attacker Tools
• Understanding Attacks
Module 2: Defender Methodology
Lessons
• Enumerating Threats, Vulnerabilities, and Exploits
• Defining SOC Services
• Defining SOC Procedures
• Defining the Role of a Network Security Analyst
• Identifying a Security Incident
Module 3: Defender Tools
Lessons
• Collecting Network Data
• Understanding Correlation and Baselines
• Assessing Sources of Data
• Understanding Events
• Examining User Reports
• Introducing Risk Analysis and Mitigation
Module 4: Packet Analysis
Lessons
• Identifying Packet Data
• Analyzing Packets Using Cisco IOS Software
• Accessing Packets in Cisco IOS Software
• Acquiring Network Traces
• Establishing a Packet Baseline
• Analyzing Packet Traces
Module 5: Network Log Analysis
Lessons
• Using Log Analysis Protocols and Tools
• Exploring Log Mechanics
• Retrieving Syslog Data
• Retrieving DNS Events and Proxy Logs
• Correlating Log Files
Module 6: Baseline Network Operations
Lessons
• Baselining Business Processes
• Mapping the Network Topology
• Managing Network Devices
• Baselining Monitored Networks
• Monitoring Network Health
Module 7: Incident Response Preparation
Lessons
• Defining the Role of the SOC
• Establishing Effective Security Controls
• Establishing an Effective Monitoring System
Module 8: Security Incident Detection
Lessons
• Correlating Events Manually
• Correlating Events Automatically
• Assessing Incidents
• Classifying Incidents
• Attributing the Incident Source
Module 9: Investigations
Lessons
• Scoping the Investigation
• Investigating Through Data Correlation
• Understanding NetFlow
• Investigating Connections Using NetFlow
Module 10: Mitigations and Best Practices
Lessons
• Mitigating Incidents
• Using ACLs
• Implementing Network-Layer Mitigations and Best Practices
• Implementing Link-Layer Best Practices
Module 11: Communication
Lessons
• Documenting Communication
• Documenting Incident Details
Module 12: Post-Event Activity
Lessons
• Conducting an Incident Post-Mortem
• Improving Security of Monitored Networks