Au calendrier
Sélectionnez
En français
Sélectionnez un lieu
  • Durée: 5 jours
  • Prix régulier: CA$4,295.00
  • Prix préférentiel: CA$3,650.00

CISCO - Securing Cisco Networks with Threat Detection and Analysis (SCYBER) v1.2

Reference : © CISCO SCYBER v1.2

Duration : 5 days

This course will quickly launch you into the role of a security analyst team member. Combining lecture materials and hands-on labs, this course presents cybersecurity concepts and enables you to recognize specific threats and attacks on your network. You will learn how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.

Learning credits 43
LanguagesThese scheduled public sessions are offered in English or in French (FR). The educational material is in English.

Audience

Technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks

Prerequisites

  • Standard CCNA® certification as a minimum (CCNA Security a plus)
  • Basic Cisco IOS® Software switch and router configuration skills

Objectives

  • Monitor security events
  • Configure and tune security event detection and alarming
  • Analyze traffic for security threats
  • Respond appropriately to security incident

Contents

Module 1- Attacker Methodology
  • Defining the Attacker Methodology
  • Identifying Malware and Attacker Tools
  • Understanding Attacks
Module 2 - Defender Methodology
  • Enumerating Threats, Vulnerabilities, and Exploits
  • Defining SOC Services
  • Defining SOC Procedures
  • Defining the Role of a Network Security Analyst
  • Identifying a Security Incident
Module 3 - Defender Tools
  • Collecting Network Data
  • Understanding Correlation and Baselines
  • Assessing Sources of Data
  • Understanding Events
  • Examining User Reports
  • Introducing Risk Analysis and Mitigation
Module 4 - Packet Analysis
  • Identifying Packet Data
  • Analyzing Packets Using Cisco IOS Software
  • Accessing Packets in Cisco IOS Software
  • Acquiring Network Traces
  • Establishing a Packet Baseline
  • Analyzing Packet Traces
Module 5 - Network Log Analysis
  • Using Log Analysis Protocols and Tools
  • Exploring Log Mechanics
  • Retrieving Syslog Data
  • Retrieving DNS Events and Proxy Logs
  • Correlating Log Files
Module 6 - Baseline Network Operations
  • Baselining Business Processes
  • Mapping the Network Topology
  • Managing Network Devices
  • Baselining Monitored Networks
  • Monitoring Network Health
Module 7 - Incident Response Preparation
  • Defining the Role of the SOC
  • Establishing Effective Security Controls
  • Establishing an Effective Monitoring System
Module 8 - Security Incident Detection
  • Correlating Events Manually
  • Correlating Events Automatically
  • Assessing Incidents
  • Classifying Incidents
  • Attributing the Incident Source
Module 9 - Investigations
  • Scoping the Investigation
  • Investigating Through Data Correlation
  • Understanding NetFlow
  • Investigating Connections Using NetFlow
Module 10: Mitigations and Best Practices
  • Mitigating Incidents
  • Using ACLs
  • Implementing Network-Layer Mitigations and Best Practices
  • Implementing Link-Layer Best Practices
Module 11: Communication
  • Documenting Communication
  • Documenting Incident Details
Module 12: Post-Event Activity
  • Conducting an Incident Post-Mortem
  • Improving Security of Monitored Networks
Hands-On Labs
Case Study 2-1: Assessing Your Understanding of Network and Security Operations
Lab 3-1: Network and Security Data Analysis Team-Building Activity
Lab 4-1: Capturing Packets from Embedded Devices
Lab 4-2: Capturing Packets from Network Hosts
Lab 4-3: Analyzing Packet Captures
Lab 5-1: Understanding Log Data
Lab 5-2: Correlating Logs Manually
Lab 6-1: Mapping a Network Topology
Lab 6-2: Retrieving Event Data
Lab 6-3: Monitoring Device Health
Lab 7-1: Assessing Current Security Controls
Lab 7-2: Assessing Current Monitoring Systems
Lab 8-1: Correlating Events Manually
Lab 8-2: Correlating Events Automatically
Lab 8-3: Identifying a Security Incident
Lab 9-1: Understanding Flow Data
Lab 9-2: Using NetFlow
Lab 10-1: Using ACLs
Lab 10-2: Using DAI
Lab 11-1: Documenting an Incident
Lab 11-2: Recommending Remediation
Lab 12-1: Improving Security
Lab 12-2: Incident Response Challenge Lab

Savoir s’entourer des meilleurs

Steve Waterhouse
Instructeur certifié avec les technologies du sans-fil (CWNP), les technologies de réseautique (Cisco et CompTIA) et conférencier en sécurité des technologies de l’information.
Simon Bourassa
Simon Bourassa
Formateur et conseiller en TI
Simon est passionné par le développement logiciel et le développement de produits, mais avant tout par l’ensemble des gens cachés derrière ces codes, qui travaillent main dans la main pour développer des solutions innovantes.
Pierre-Edouard Brondel
Pierre-Edouard Brondel
Formateur et conseiller en bureautique
Expert en pédagogie dans le domaine des technologies et de la bureautique cumulant plus de 25 ans d’expérience, Pierre-Édouard est d’abord et avant tout un passionné de capital humain.
Valère Drainville
Valère Drainville
Formateur et conseiller en efficacité professionnelle
Expert en collaboration et en efficacité professionnelle, Valère Drainville saura vous accompagner dans l’adoption et la gestion de vos outils de travail collaboratifs.