Cyber Threat Detection and Mitigation | Focal Point

Cyber threats are increasing at an alarming rate every year and the ability for organizations to defend against full-scale, distributed attacks quickly and effectively has become much more difficult. An Intrusion Detection/ Prevention System (IDS/IPS) affords security administrators the ability to automate the process of identifying attacks among the thousands of connections on their network, provided the system is properly configured and the signatures are well written.

Taught by leaders in network defense who work in the cyber security industry, this course demonstrates how to defend large-scale network infrastructures by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With Intrusion Detection Systems and trained network security auditors, organizations have a reliable means to prioritize and isolate the most critical threats in real time.

Student Practical:.
Using the tools, skills, and methodologies taught in Days 1 through 4 of the class, students are given several packet captures containing a variety of scanning and exploitation techniques. They are tasked with identifying the significant elements of the attack and translating them into IDS signatures. Finally, they are tasked with tuning those signatures to reduce false-positives and limit excessive events.

Learn more about this topic. View the recorded webinar From Analyst to Threat Hunter.

Delivery Format:
Date:
Location:
Access Period:
Address:

QTY

$

Add to Cart Generate a Quote

Class is Full

This session is full. Please select a different session.

View Entire Schedule

In this class you will learn:

Recognize the benefits and limitations of different intrusion detection system types (network- and host-based, and distributed systems)
Identify optimal sensor placement and gaps in coverage
Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
Apply decoding and other techniques to overcome IDS evasion efforts
Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
Use regular expressions to effectively detect variable or morphing attacks
Manage rule sets to reduce redundancy and maintain system efficiency

Course Outline:

Intrusions
Common Threats
Intrusion Detection
Introduction to Snort
Introduction to Bro
Snort Configuration and Variables
Snort Output
Output Plugins
Signature Writing
Snort Rule Options
The Detect Offset Pointer (DOE)
DOE Content Modifiers
DOE Rule Options
Snort Packet Header Rule Options
Pre-Processors
Post Detection
Effective Rule Writing
Perl Compatible Regular Expressions
Tracking State Across Sessions Using Flowbits

Labs:

Setup and Configure an IDS to match a network topology map
Define Network Variables
Configure Output Statements
Write over 30 Signatures
Analyze and Write Signatures based attack patterns
Tune signatures to reduce false positives and false negatives
Reverse Engineering Existing and Downloaded rule

Incident Responders who need to understand and react to IDS alerts
Network Defenders seeking to automate threat detection
IDS administrators who wish to improve their signature writing skills
Security Operations Center Staff seeking to automate traffic analysis
Penetration Testers looking to reduce their network visibility

Focal Point - Behavioral Malware Analysis

Cart () Loading...

Subtotal

Topics

Brands

Topics

Brands

Cart () Loading...

Subtotal

Focal Point - Cyber Threat Detection and Mitigation

Course Overview

Schedule

What You'll Learn

Prerequisites

Who Should Attend

Follow-On Courses

Course Delivery