Live Chat
Monday - Friday 8am - 6pm EST Chat Now
Contact Us
Monday - Friday 8am - 8pm EST 1-800-268-7737 Other Contact Options
Checkout

Cart () Loading...

    • Quantity:
    • Delivery:
    • Dates:
    • Location:

    $

Focal Point - Cyber Threat Detection and Mitigation

New – Learn how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques.

GK# 100219

Course Overview

TOP

Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection/ Prevention System (IDS/IPS) affords security administrators the ability to automate the process of identifying attacks among the thousands of connections on their network, provided the system is properly configured and the signatures are well written.

Taught by leaders in network defense who work in the cyber security industry, this course demonstrates how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With Intrusion Detection Systems and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.

Student Practical:.
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false-positives and limit excessive events.

 

Learn more about this topic. View the recorded webinar From Analyst to Threat Hunter.

Schedule

TOP
  • Delivery Format:
  • Date:
  • Location:
  • Access Period:

$

Class is Full
This session is full. Please select a different session.

What You'll Learn

TOP

In this class you will learn:

  • Recognize the benefits and limitations of different intrusion detection system types (network- and host-based, and distributed systems)
  • Identify optimal sensor placement and gaps in coverage
  • Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
  • Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
  • Apply decoding and other techniques to overcome IDS evasion efforts
  • Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
  • Use regular expressions to effectively detect variable or morphing attacks
  • Manage rule sets to reduce redundancy and maintain system efficiency

Course Outline:

  1. Intrusions
  2. Common Threats
  3. Intrusion Detection
  4. Introduction to Snort
  5. Introduction to Bro
  6. Snort Configuration and Variables
  7. Snort Output
  8. Output Plugins
  9. Signature Writing
  10. Snort Rule Options
  11. The Detect Offset Pointer (DOE) 
  12. DOE Content Modifiers
  13. DOE Rule Options
  14. Snort Packet Header Rule Options
  15. Pre-Processors
  16. Post Detection
  17. Effective Rule Writing
  18. Perl Compatible Regular Expressions
  19. Tracking State Across Sessions Using Flowbits

Labs:

  1. Setup and Configure an IDS to match a network topology map
  2. Define Network Variables
  3. Configure Output Statements
  4. Write over 30 Signatures
  5. Analyze and Write Signatures based attack patterns
  6. Tune signatures to reduce false positives and false negatives
  7. Reverse Engineering Existing and Downloaded rule

Prerequisites

TOP

Who Should Attend

TOP
  • Incident Responders who need to understand and react to IDS alerts
  • Network Defenders seeking to automate threat detection
  • IDS administrators who wish to improve their signature writing skills
  • Security Operations Center Staff seeking to automate traffic analysis
  • Penetration Testers looking to reduce their network visibility

Follow-On Courses

TOP
Course Delivery

This course is available in the following formats:

Classroom Live

Receive face-to-face instruction at one of our training center locations.

Duration: 5 day

Virtual Classroom Live

Experience expert-led online training from the convenience of your home, office or anywhere with an internet connection.

Duration: 5 day

Request this course in a different delivery format.
Enroll