Description
The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) v1.2 is a 5-day instructor-led course that prepares learners to take the Cyber Security Specialist Certification exam 600-199 and hit the ground running as a security analyst team member.
This course combines lecture materials and hands-on labs throughout to make sure that learners are able to successfully understand cyber security concepts and to recognize specific threats and attacks on their network. The course is designed to teach learners how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. The job role for a security analyst will vary from industry to industry and differ in the private sector versus the public sector.
This course combines lecture materials and hands-on labs throughout to make sure that learners are able to successfully understand cyber security concepts and to recognize specific threats and attacks on their network. The course is designed to teach learners how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. The job role for a security analyst will vary from industry to industry and differ in the private sector versus the public sector.
Objectives
Upon completing this course, the learner will be able to meet these overall objectives:
- Monitor security events
- Configure and tune security event detection and alarming
- Analyze traffic for security threats
- Respond appropriately to security incidents
Outline
The course contains these components:
- Attacker Methodology
- Defining the Attacker Methodology
- Identifying Malware and Attacker Tools
- Understanding Attacks
- Defender Methodology
- Enumerating Threats, Vulnerabilities, and Exploits
- Defining SOC Services
- Defining SOC Procedures
- Defining the Role of a Network Security Analyst
- Identifying a Security Incident
- Case Study: Understanding Network and Security Operations
- Defender Tools
- Collecting Network Data
- Understanding Correlation and Baselines
- Assessing Sources of Data
- Understanding Events
- Examining User Reports
- Introducing Risk Analysis and Mitigation
- Lab: Exploring the Remote Lab Environment
- Lab: Enabling Netflow Export and Syslog
- Packet Analysis
- Identifying Packet Data
- Analyzing Packets Using Cisco IOS Software
- Accessing Packets in Cisco IOS Software
- Acquiring Network Traces
- Establishing a Packet Baseline
- Lab: Capturing Packets on the Pod Router and Using Wireshark to Examine the PCAP
- Lab: Capturing Packets Using TCPDUMP
- Network Log Analysis
- Using Log Analysis Protocols and Tools
- Exploring Log Mechanics
- Retrieving Syslog Data
- Retrieving DNS Events and Proxy Logs
- Correlating Log Files
- Lab: Examining Logs Manually
- Baseline Network Operations
- Baselining Business Processes
- Mapping the Network Topology
- Managing Network Devices
- Baselining Monitored Networks
- Monitoring Network Health
- Lab: Enabling AAA for Router SSH Management Access
- Lab: Enabling SMNPv3 on the Pod Router and Pod Switch
- Incident Response Preparation
- Defining the Role of the SOC
- Establishing Effective Security Controls
- Establishing an Effective Monitoring System
- Lab: Performing NMAP Scans and Using Netcat to Connect to Open Ports
- Security Incident Detection
- Correlating Events Manually
- Correlating Events Automatically
- Assessing Incidents
- Classifying Incidents
- Attributing the Incident Source
- Lab: Analyzing PCAP File with Suspicious Activities Using Wireshark
- Lab: Examining Event Logs Manually
- Lab: Examining Event Logs Using Splunk
- Investigations
- Scoping the Investigation
- Investigating Through Data Correlation
- Understanding NetFlow
- Investigating Connections Using NetFlow
- Lab: Analyzing NetFlow Data with Lancope StealthWatch
- Mitigations and Best Practices
- Mitigating Incidents
- Cisco Cyber Threat Defense Overview
- Implementing Cisco IOS ACLs and Zone-Based Policy Firewall
- Implementing Network-Layer Mitigations and Best Practices
- Implementing Link-Layer Best Practices
- Lab: Implementing IOS Zone-Based Firewall
- Communication
- Documenting Incident Details
- Communicating Incidents
- Lab: Incident Response
- Post-Event Activity
- Conducting an Incident Post-Mortem
- Improving Security of Monitored Networks
Prerequisite Knowledge
The knowledge and skills that a learner should possess before attending this course are as follows:
- Knowledge that can be gained by attending the CCNA Routing & Switching courses, or equivalent knowledge
- Basic understanding of Cisco security product features
- Basic understanding of open-source and commercial network security tools
- Basic understanding of Microsoft Windows and UNIX/Linux operating systems, desktops, and servers
- Basic understanding of the Open Systems Interconnection (OSI) model and TCP/IP
Training Availability and Pricing
Date
Lang.
Location
Price
Date: /
Language: /
Location: /
48150 R