RSA Security Analytics Forensics Fundamentals

Contact PI


  • Classroom

  • Onsite
Duration: 4 Days

This course examines the role of the network security/forensics analyst whose focus is on targeted malware, zero-day attacks, and advanced persistent threats (APTs). RSA Security Analytics is used to illustrate the key steps for malware analysis and APT identification and response.

What You Will Learn

  • Threat landscape for malware and APT
  • Security Analytics architecture
  • Security Analytics User Interface
  • Articulate the intelligence-driven process
  • Network analysis techniques
  • Analyze data using the Investigation Module
  • Filter data for analysis using rules and custom drills
  • Identify and obtain sources for malware analysis
  • Differentiate custom feeds and parsers
  • Create flex parsers for malware analysis
  • Features and functions of Spectrum
  • Analyze malware using Spectrum
  • Communicate results using reports
  • Analyze data for malware and APT using best practice approaches
  • Investigate potential malware based on specific use cases
  • Identify the appropriate workflows for use case analysis

Audience

Security analysts who need a basic understanding of the methodologies associated with forensics investigations and who are utilizing RSA Security Analytics to support them in executing their role

Prerequistes

  • Familiarity with basic computer architecture, data networking fundamentals, and general security concepts
  • A background in enterprise data networking and communications is required
  • XML language experience is helpful
  • Basic knowledge of the TCP/IP protocol stack is recommended
  • RSA Security Analytics Analysis or comparable knowledge and skills

Course Outline

1. The Threat Landscape: Malware and Advanced Persistent Threats

  • Introduction to the threat landscape
  • Changing the security mindset
  • RSA Security Analytics overview

2. Malware and APT Analysis

  • Stages of the forensics process
  • Forensic analysis techniques
  • Best practices for analysis
  • Security Analytics investigation techniques
  • Using the Investigation Module for analysis

3. Developing Sources for Malware Analysis

  • Building external and internal data sources
  • Getting source data into RSA Security Analytics
  • Accessing source data using the Live Module
  • Creating custom feeds

4. Using Parsers for Analysis

  • Introduction to parsers
  • Creating content using parsers
  • Parser structure and syntax
  • Converting to FLEX

5. Automating Malware Detection

  • Automating detection with Spectrum
  • Spectrum analysis techniques
  • Spectrum use cases
  • Spectrum analysis tips
  • Alerting

6. Communicating Results and Taking Action

  • Communicating the findings
  • Creating reports
  • Taking action
  • Preventing malware

7. Summary Exercise

  • You will be presented with a case study to determine what types of malicious activities are happening on an organization's network using a record of the packets that have passed through the network, including documenting the findings and archiving the relevant artifacts in a forensic repository.
  • You will design a report that you can use to present as evidence to a decision maker.
  • You will present your findings to the class.

Course Labs

In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.