Advanced Network security monitoring is a skill that is at the core of the broad set of skills security professionals can master to prevent, detect, and respond to attacks which are so common today. Designing an SOC or security architecture that increases visibility and detective capabilities is one of the most important facts for most organizations.
This in-depth Network Security Monitoring (NSM) course provides SOC analyst, Incident Response Team Members and Threat Hunting Teams with advanced skills to you will learn about network security monitoring as well as how to use Open Source NSM Tools to perform network security monitoring. First, you will learn what NSM is. Next, you will explore where you can deploy network sensors, how to handle the triage process by generating real attacks, how to detect attacks, and how to deploy and operate an Open-Source Network Security monitoring tools. Finally, you will discover how you can perform network security monitoring in a production environment, and how to deploy your own Open Source NSM environment and generate attacks to dissect with it.
English
Duration 4 Days
All IT personnel who want to know how to detect, investigate, fix and recover systems that have been compromised at the endpoints of the organization. Especially for:
Traditional Security Architecture
Perimeter-focused
Addressed Layer 3/4
Traditional Attack Techniques
Modern Security Architecture Principles
SOC Architecture
Network Security Monitoring
Continuous Monitoring Overview
Evolution of NSM
NIDS Design
Analysis Methodology
Understanding Data Sources
Practical NSM Issues
Tracking EXE Transfers
Identifying Command and Control (C2) Traffic
Tracking User Agents
C2 via HTTPS
This is an advanced course. A solid knowledge of attack techniques, networking, malware investigations, including network and forensic investigations are also prerequisites for attending this course.