Duration: 2 Days
In this course, you will receive comprehensive instruction on the global
threat ecosystem and learn strategies that organizations can take to protect
their most critical assets. In the context of the current threat environment,
you will learn ways to detect and correlate data for better threat analysis,
reduce breach exposure time and break the cyber kill chain, and manage current
and future threats. As you progress through the course, your perceptions of
threats will evolve, and you will receive instruction on the role of threat
intelligence in security systems that are evolving along with the threat
environment.
You will participate in hands-on and table-top exercises to practice
strategies for analyzing attacks and mitigating their effects and for applying
intelligence-driven security practices in your own organization.
What You Will Learn
- Current global threat ecosystem
- Logical components of an advanced security
program
- Best practices for planning advanced defenses
- Cyber kill chain
- Cyber kill chain intervention
- Traditional threats vs. Advanced Persistent
Threats (APTs)
- Sources of threat intelligence
- Perform threat modeling of
high-value assets and high-value adversaries
- Gather and analyze threat
intelligence
- Manage the threat lifecycle
Audience
- Tier Two security analysts who investigate, analyze, and resolve or escalate
incidents and issues; monitor external security information sources; and feed
actionable intelligence back into systems
- SOC managers who want to implement a threat intelligence capability
- Tier One analysts who meet prerequisites and want to advance
Prerequistes
- Familiarity
with:
- Computer architecture principles
- Operating system security, hardening, and host scanning
- Networking concepts, including protocols and communication channels
- Information security theory, analysis processes, procedures, and tools
- Information security database development and maintenance
- Related business processes
- Experience with basic programming and scripting concepts is beneficial
Course Outline
1. Threat Overview
- Current Threat Ecosystem
- Ecosystem Overview
- Communities of Attackers
- Targets
- Vulnerabilities
- Avenues of Attack
- Tactics, Techniques, and Procedures
- APTs
- Threat Intelligence in
an Advanced Security Program
- Shortcomings of Traditional Security Measures
- Advanced Approaches to Information Security
- Advanced Security Operations Center Model
- Planning Advanced Defenses
- Guiding Principles for Defending the Enterprise
- Defining a Cyber Footprint
- Quantifying Risk
- Applying
Security Best Practices
- Promoting User Education
2. Types of Threats
3.
Cyber Kill Chain
- Attack
Progression
- Anatomy of an
Attack
- Cyber Kill Chain
Model
- Kill Chain
Interventions
- Detecting
Attacks
- Indicators of
Compromise
- Network-Based
Indicators
- Host-Based
Indicators
4. Intelligence Sources
- Government
- Industry
Associations and Networks
- Commercial Sources
- Open
Source
- Extended Enterprise
- Internal Organization Sources
5. Threat Modeling
- Threat Modeling Perspective
- Profiling Targets
- APT
Targets
- Reconnoitering
Targets, Web Presence, Industries, Social Media, and High-Value Assets
- Threat Actor Attribution
- Actor Identification
- Target
Identification
- Actor
Behaviors
- Communication
Strategy
- Threat Modeling
Resources
6. Developing Threat Intelligence
- Command and Control Protocol Decoding
- Passive DNS Monitoring
- Email Operations
- Threat
Infrastructure Enumeration
- Command and Control Domain Correlation
- Intrusion Set Attribution
- Public-Facing Web Infrastructure
7. Threat Management
- Detecting Threats
- Threat Mitigation StrategyPredicting Threats
Course Labs
In addition to lecture and demonstrations, this course includes hands-on labs designed to give you practical experience.
