Duration: 4 Days
This course examines the role of the network security/forensics analyst whose focus is on targeted malware, zero-day attacks, and advanced persistent threats (APTs). RSA Security Analytics is used to illustrate the key steps for malware analysis and APT identification and response.
What You Will Learn
- Threat landscape for malware and APT
- Security Analytics architecture
- Security Analytics User Interface
- Articulate the intelligence-driven process
- Network analysis techniques
- Analyze data using the Investigation Module
- Filter data for analysis using rules and custom drills
- Identify and obtain
sources for malware analysis
- Differentiate custom feeds and parsers
- Create
flex parsers for malware analysis
- Features and functions of Spectrum
- Analyze malware using Spectrum
- Communicate results using reports
- Analyze
data for malware and APT using best practice approaches
- Investigate potential
malware based on specific use cases
- Identify the appropriate workflows for
use case analysis
Audience
Security analysts who need a basic understanding of the methodologies associated with forensics investigations and who are utilizing RSA Security Analytics to support them in executing their role
Prerequistes
- Familiarity with basic
computer architecture, data networking fundamentals, and general security
concepts
- A background in
enterprise data networking and communications is required
- XML language
experience is helpful
- Basic knowledge of the
TCP/IP protocol stack is recommended
- RSA Security Analytics
Analysis or comparable knowledge and skills
Course Outline
1. The Threat Landscape: Malware and Advanced Persistent Threats
- Introduction to the threat landscape
- Changing the security mindset
- RSA
Security Analytics overview
2. Malware and APT Analysis
- Stages of the
forensics process
- Forensic analysis techniques
- Best practices for analysis
- Security Analytics investigation techniques
- Using the Investigation
Module for analysis
3. Developing Sources for Malware Analysis
- Building external and internal data sources
- Getting source data into RSA
Security Analytics
- Accessing source data using the Live Module
- Creating
custom feeds
4. Using Parsers for Analysis
- Introduction to parsers
- Creating content using parsers
- Parser structure and syntax
- Converting to
FLEX
5. Automating Malware Detection
- Automating detection with Spectrum
- Spectrum analysis techniques
- Spectrum use cases
- Spectrum analysis tips
- Alerting
6. Communicating Results and Taking Action
- Communicating the
findings
- Creating reports
- Taking action
- Preventing malware
7.
Summary Exercise
- You will be presented with a case study to determine what
types of malicious activities are happening on an organization's network using a
record of the packets that have passed through the network, including
documenting the findings and archiving the relevant artifacts in a forensic
repository.
- You will design a report that you can use to present as evidence
to a decision maker.
- You will present your findings to the class.
Course Labs
In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.