• 100 Queen St W, Brampton, ON L6X 1A4, Canada
  • +1-800-961-0337
START DATE END DATE CLASS TIMINGS MODE LOCATION ACTION
11/05/2018 11/09/2018
  • VLT
Live Online
11/12/2018 11/16/2018
  • VLT
Live Online
11/26/2018 11/30/2018
  • VLT
Live Online
12/17/2018 12/21/2018
  • VLT
Live Online
02/11/2019 02/15/2019
  • VLT
Live Online
04/15/2019 04/19/2019
  • VLT
Live Online
06/10/2019 06/14/2019
  • VLT
Live Online
08/05/2019 08/09/2019
  • VLT
Live Online
09/30/2019 10/04/2019
  • VLT
Live Online
11/18/2019 11/22/2019
  • VLT
Live Online

Implementing Cisco Cybersecurity Operations (SECOPS)

Course Overview

The objective of the course is to educate the key aptitudes required to start a profession filling in as a partner level cybersecurity examiner in a security activities focus.

Prerequisites

It is unequivocally suggested, however not required, that understudies have the accompanying learning and aptitudes:

  • Aptitudes and information proportional to those scholarly in Interconnecting Cisco Networking Devices Part 1 (ICND1)
  • Working learning of the Windows working framework
  • Working learning of Cisco IOS systems administration and ideas

Implementing Cisco Cybersecurity Operations (SECOPS)

Course Outline

Module 1: SOC Overview

  • Lesson 1: Defining the Security Operations Center
  • Sorts of Security Operations Centers
  • SOC Analyst Tools
  • Information Analytics
  • Mixture Installations: Automated Reports, Anomaly Alerts
  • Adequate Staffing Necessary for an Effective Incident Response Team
  • Parts in a Security Operations Center
  • Create Key Relationships with External Resources
  • Test
  • Lesson 2: Understanding NSM Tools and Data
  • Presentation
  • NSM Tools
  • NSM Data
  • Security Onion
  • Full Packet Capture
  • Session Data
  • Exchange Data
  • Ready Data
  • Other Data Types
  • Relating NSM Data
  • Test
  • Lesson 3: Understanding Incident Analysis in a Threat-Centric SOC
  • Exemplary Kill Chain Model Overview
  • Slaughter Chain Phase 1: Reconnaissance
  • Slaughter Chain Phase 2: Weaponization
  • Slaughter Chain Phase 3: Delivery
  • Slaughter Chain Phase 4: Exploitation
  • Slaughter Chain Phase 5: Installation
  • Slaughter Chain Phase 6: Command-and-Control
  • Slaughter Chain Phase 7: Actions on Objectives
  • Applying the Kill Chain Model
  • Precious stone Model Overview
  • Applying the Diamond Model
  • Endeavor Kits
  • Test
  • Lesson 4: Identifying Resources for Hunting Cyber Threats
  • Digital Threat Hunting Concepts
  • Chasing Maturity Model
  • Digital Threat Hunting Cycle
  • Basic Vulnerability Scoring System
  • CVSS v3.0 Scoring
  • CVSS v3.0 Example
  • Hot Threat Dashboard
  • Openly Available Threat Awareness Resources
  • Other External Threat Intelligence Sources and Feeds Reference
  • Test

Module 2: Security Incident Investigations

  • Lesson 1: Understanding Event Correlation and Normalization
  • Occasion Sources
  • Confirmation
  • Security Data Normalization
  • Occasion Correlation
  • Other Security Data Manipulation
  • Test
  • Lesson 2: Identifying Common Attack Vectors
  • Jumbled JavaScript
  • Shellcode and Exploits
  • Basic Metasploit Payloads
  • Registry Traversal
  • SQL Injection
  • Cross-Site Scripting
  • Punycode
  • DNS Tunneling
  • Turning
  • Test
  • Lesson 3: Identifying Malicious Activity
  • Understanding the Network Design
  • Recognizing Possible Threat Actors
  • Log Data Search
  • NetFlow as a Security Tool
  • DNS Risk and Mitigation Tool
  • Test
  • Lesson 4: Identifying Patterns of Suspicious Behavior
  • System Baselining
  • Recognize Anomalies and Suspicious Behaviors
  • PCAP Analysis
  • Conveyance
  • Test
  • Lesson 5: Conducting Security Incident Investigations
  • Security Incident Investigation Procedures
  • Danger Investigation Example: China Chopper Remote Access Trojan
  • Test

Module 3: SOC Operations

  • Lesson 1: Describing the SOC Playbook
  • Security Analytics
  • Playbook Definition
  • What Is in a Play?
  • Playbook Management System
  • Test
  • Lesson 2: Understanding the SOC Metrics
  • Security Data Aggregation
  • Time to Detection
  • Security Controls Detection Effectiveness
  • SOC Metrics
  • Test
  • Lesson 3: Understanding the SOC WMS and Automation
  • SOC WMS Concepts
  • Episode Response Workflow
  • SOC WMS Integration
  • SOC Workflow Automation Example
  • Test
  • Lesson 4: Describing the Incident Response Plan
  • Occurrence Response Planning
  • Occurrence Response Life Cycle
  • Occurrence Response Policy Elements
  • Occurrence Attack Categories
  • Reference: US-CERT Incident Categories
  • Administrative Compliance Incident Response Requirements
  • Test
  • Lesson 5: Appendix A—Describing the Computer Security Incident Response Team
  • CSIRT Categories
  • CSIRT Framework
  • CSIRT Incident Handling Services
  • Test
  • Lesson 6: Appendix B—Understanding the utilization of VERIS
  • VERIS Overview
  • VERIS Incidents Structure
  • VERIS 4 A's
  • VERIS Records
  • VERIS Community Database
  • Verizon Data Breach Investigations Report and Cisco Annual Security Report
  • Test

LABS

  • Guided Lab 1: Explore Network Security Monitoring Tools
  • Revelation 1: Investigate Hacker Methodology
  • Revelation 2: Hunt Malicious Traffic
  • Revelation 3: Correlate Event Logs, PCAPs, and Alerts of an Attack
  • Revelation 4: Investigate Browser-Based Attacks
  • Revelation 5: Analyze Suspicious DNS Activity
  • Revelation 6: Investigate Suspicious Activity Using Security Onion
  • Revelation 7: Investigate Advanced Persistent Threats
  • Revelation 8: Explore SOC Playbooks

Awards