Duration: 4 Days
This course provides a roadmap for adopting intelligence-driven information security, following the model outlined in the article, "Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security," a 2012 publication of the Security for Business Innovation Council. RSA Security Analytics is used to illustrate the key steps that are critical for incident identification and response.
What You Will Learn
- Security Analytics architecture
- Security Analytics User Interface
- Articulate the intelligence-driven process
- Threat landscape and the role of
the analyst
- Features and functions of the Investigation Module
- Access
source data through the Live Module
- Create and deploy custom feeds
- Filter
data for investigation using rules and custom drills
- Communicate results
using reports
- Create alerts
- Investigate potential security issues based on
specific use cases
- Determine and follow best practice methodologies for
gathering data for specific use cases
- Identify the appropriate workflows for
use case analysis
Audience
Security analysts with less than six months of industry experience, who are new to RSA Security Analytics, and who are responsible for incident identification and response
Prerequistes
- Familiarity with basic computer architecture, data networking fundamentals, and
general information security concepts
- A background in enterprise data networking and communications is required
- Programming language experience is helpful but not required
- Basic knowledge of the TCP/IP protocol stack is useful
Course Outline
1. RSA Security Analytics Overview
- Enterprise security evolution
- Intelligence-driven roadmap
- RSA Security Analytics architecture
- RSA
Security Analytics components
- Packets, logs, sessions, and contents
- RSA
Security Analytics data flow
- Data sources
- Security Analytics interface
- Customizing the interface
2. Analyzing Data
- The role of the analyst
- Best practices for data analysis
- Common use cases
- Investigation techniques
- Using the Investigation Module for analysis
3. Developing Sources
- Defining and refining sources
- Accessing and deploying source data using the
Live Module
- Creating custom feeds
4. Building an Intelligence-Driven
Process
- Creating a methodology
- Collecting evidence
- Screening the data
- Performing analysis
- Communicating results
- Taking actions
5. Introducing
Automation
- Implementing automation
- Creating reports
- Creating alerts for
automated analysis
6. Summary Exercise
- You will be presented with
various use cases that require you to determine what types of information and
data elements to look for to identify traffic that fits the use case, determine
how best to examine the traffic, and create any filters and reports necessary to
resolve or communicate concerns.
- You will present your findings to the rest
of the class justifying your process and results.
Course Labs
In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.
