Upskilling Training

Advanced Network Security Monitoring

Advanced Network security monitoring is a skill that is at the core of the broad set of skills security professionals can master to prevent, detect, and respond to attacks which are so common today. Designing an SOC or security architecture that increases visibility and detective capabilities is one of the most important facts for most organizations.

This in-depth Network Security Monitoring (NSM) course provides SOC analyst, Incident Response Team Members and Threat Hunting Teams with advanced skills to you will learn about network security monitoring as well as how to use Open Source NSM Tools to perform network security monitoring. First, you will learn what NSM is. Next, you will explore where you can deploy network sensors, how to handle the triage process by generating real attacks, how to detect attacks, and how to deploy and operate an Open-Source Network Security monitoring tools. Finally, you will discover how you can perform network security monitoring in a production environment, and how to deploy your own Open Source NSM environment and generate attacks to dissect with it.

English

Duration 4 Days

Who Should Attend?

All IT personnel who want to know how to detect, investigate, fix and recover systems that have been compromised at the endpoints of the organization. Especially for:

  • Information Security Professionals
  • SOC Analysts
  • Incident Response Team Members
  • Blue Team Members
  • Penetration Testers

Course Syllabus

Traditional Security Architecture

Perimeter-focused

Addressed Layer 3/4

Traditional Attack Techniques

    Modern Security Architecture Principles

  • Detection-oriented
  • Layer 7
  • Security Operations Centres

    SOC Architecture

  • Firewalls
  • Web Application Firewall
  • HTTP Proxies, Web Content Filtering, and SSL Decryption
  • SIMs, NIDS, Packet Captures, and DLP
  • Honeypots/Honeynets
  • Network Infrastructure - Routers, Switches, DHCP, DNS
  • Mobile Devices and Wireless Access Points
  • Threat Intelligence

    Network Security Monitoring

      Continuous Monitoring Overview

    • Defined
    • Network Security Monitoring (NSM)
    • Continuous Security Monitoring (CSM)

Evolution of NSM

NIDS Design

Analysis Methodology

    Understanding Data Sources

  • Full Packet Capture
  • Extracted Data
  • String Data
  • Flow Data
  • Transaction Data
  • Statistical Data
  • Alert Data
  • Correlated Data

Practical NSM Issues

Tracking EXE Transfers

Identifying Command and Control (C2) Traffic

Tracking User Agents

C2 via HTTPS

Pre-requisites

This is an advanced course. A solid knowledge of attack techniques, networking, malware investigations, including network and forensic investigations are also prerequisites for attending this course.

  • Fundamental understanding of computer networks, OSI (TCP/IP), DNS, HTTPS, SMTP, etc. knowledge
  • Understanding of fundamental information security concepts
  • Knowledge of networking devices and security solutions: firewalls, antivirus, and endpoint security applications, Switches, Routers
  • Basic knowledge of Linux and Windows command line
Expert