Cisco CyberOps - Human Growth Kazakhstan

Cisco CyberOps

Направление

  • CBROPS — Understanding Cisco Cybersecurity Operations Fundamentals
    • Длительность: 5 дней (40 часов)
    • Код курса: CBROPS
    • Стоимость
    • Очный формат: 1 022 500 ₸
    • Онлайн формат: 938 000 ₸

    Описание курса

    Course Description 

    The Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) training provides an understanding of the network infrastructure devices, operations, and vulnerabilities of the TCP/IP protocol suite, and basic information security concepts, common network application operations and attacks, the Windows and Linux operating systems, and the types of data that are used to investigate security incidents. After completing this training, you will have the basic knowledge that is required to perform the job role of an associate-level cybersecurity analyst in a threat-centric security operations center (SOC).

    This training prepares you for the 200-201 CBROPS v1.2 exam. If passed, you earn the Cisco Certified Cybersecurity Associate certification and the role of a junior or entry-level cybersecurity operations analyst in a SOC. This training also earns you 30 Continuing Education (CE) credits toward recertification.

    How You'll Benefit

    This training will help you:
    Learn the fundamental skills, techniques, technologies, and the hands-on practice necessary to prevent and defend against cyberattacks as part of a SOC team
    Prepare for the 200-201 CBROPS v1.2 exam
    Earn 30 CE credits toward recertification

    Who Should Enroll

    This training is designed for associate-level cybersecurity analysts who are working in security operation centers.

    What to Expect in the Exam

    Understanding Cisco Cybersecurity Operations Fundamentals (200-201 CBROPS) v1.2 is a 120-minute exam associated with the Cisco Certified Cybersecurity Associate certification.
    This exam tests your knowledge and skills related to:
    Security concepts
    Security monitoring
    Host-based analysis
    Network intrusion analysis
    Security policies and procedures

    Course Objectives

    Explain how a Security Operations Center (SOC) operates and describe the different types of services that are performed from a Tier 1 SOC analyst’s perspective.
    Explain Network Security Monitoring (NSM) tools that are available to the network security analyst.
    Explain the data that is available to the network security analyst.
    Describe the basic concepts and uses of cryptography.
    Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts.
    Understand common endpoint security technologies.
    Understand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors.
    Identify resources for hunting cyber threats.
    Explain the need for event data normalization and event correlation.
    Identify the common attack vectors.
    Identify malicious activities.
    Identify patterns of suspicious behaviors.
    Conduct security incident investigations.
    Explain the use of a typical playbook in the SOC.
    Explain the use of SOC metrics to measure the effectiveness of the SOC.
    Explain the use of a workflow management system and automation to improve the effectiveness of the SOC.
    Describe a typical incident response plan and the functions of a typical Computer Security Incident Response Team (CSIRT).
    Explain the use of Vocabulary for Event Recording and Incident Sharing (VERIS) to document security incidents in a standard format.

    Course Prerequisites

    Before taking this course, you should have the following knowledge and skills:
    Familiarity with Ethernet and TCP/IP networking
    Working knowledge of the Windows and Linux operating systems
    Familiarity with basics of networking security concepts

    Course Outline

    Defining the Security Operations Center
    Understanding SOC Metrics
    Understanding SOC Workflow and Automation
    Understanding Windows Operating System Basics
    Understanding Linux Operating System Basics
    Understanding Endpoint Security Technologies
    Understanding Network Infrastructure and Network Security Monitoring Tools
    Understanding Common TCP/IP Attacks
    Exploring Data Type Categories
    Understanding Basic Cryptography Concepts
    Cloud Security Fundamentals
    Securing Cloud Deployments
    Understanding Incident Analysis in a Threat-Centric SOC
    Identifying Common Attack Vectors
    Identifying Malicious Activity
    Identifying Patterns of Suspicious Behavior
    Identifying Resources for Hunting Cyber Threats
    Understanding Event Correlation and Normalization
    Conducting Security Incident Investigations
    Using a Playbook Model to Organize Security Monitoring

    Lab Outline

    Explore the Windows Operating System
    Explore the Linux Operating System
    Explore Endpoint Security
    Explore TCP/IP Attacks
    Use NSM Tools to Analyze Data Categories
    Explore Cryptographic Technologies
    Investigate Hacker Methodology
    Investigate Browser-Based Attacks
    Analyze Suspicious DNS Activity
    Explore Security Data for Analysis
    Investigate Suspicious Activity Using Security Onion
    Hunt Malicious Traffic
    Cisco XDR to Splunk Enterprise Integration Simulation
    Correlate Event Logs, PCAPs, and Alerts of an Attack
    Investigate Advanced Persistent Threats
    Explore SOC Playbooks

  • CBRTHD — Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps
    • Длительность: 5 дней (40 часов)
    • Код курса: CBRTHD
    • Стоимость
    • Очный формат: 1 022 500 ₸
    • Онлайн формат: 938 000 ₸

    Описание курса

    Course Description 

    The Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (CBRTHD) training is a 5-day Cisco threat hunting training that introduces and guides you to a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools. In this training, you will learn the core concepts, methods, and processes used in threat hunting investigations. This training provides an environment for attack simulation and threat hunting skill development using a wide array of security products and platforms from Cisco and third-party vendors.

    This training prepares you for the 300-220 CBRTHD v1.0 exam. If passed, you earn the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfy the concentration exam requirement for the Cisco Certified CyberOps Professional certification. This training also earns you 40 credits towards recertification.

    How You'll Benefit

    This training will help you:
    Learn how to perform a proactive security search through networks, endpoints, and datasets to hunt for malicious, suspicious, and risky activities that may have evaded detection by existing tools
    Gain leading-edge career skills focused on cybersecurity
    Prepare for the 300-220 CBRTHD v1.0 exam
    Earn 40 CE credits toward recertification

    Who Should Enroll

    Security Operations Center staff
    Security Operations Center (SOC) Tier 2 Analysts
    Threat Hunters
    Cyber Threat Analysts
    Threat Managers
    Risk Managements

    What to Expect in the Exam

    Conducting Threat Hunting and Defending using Cisco Technologies for CyberOps (300-220 CBRTHD v1.0) is a 90-minute exam associated with the Cisco Certified Specialist – Threat Hunting and Defending certification and satisfies the concentration exam requirement for the Cisco Certified CyberOps Professional certification.

    The exam tests your knowledge of conducting threat hunting and defending, including:
    Threat modeling techniques
    Threat actor attribution techniques
    Threat hunting techniques, processes, and outcomes

    Course Objectives

    Define threat hunting and identify core concepts used to conduct threat hunting investigations
    Examine threat hunting investigation concepts, frameworks, and threat models
    Define cyber threat hunting process fundamentals
    Define threat hunting methodologies and procedures
    Describe network-based threat hunting
    Identify and review endpoint-based threat hunting
    Identify and review endpoint memory-based threats and develop endpoint-based threat detection
    Define threat hunting methods, processes, and Cisco tools that can be utilized for threat hunting
    Describe the process of threat hunting from a practical perspective
    Describe the process of threat hunt reporting

    Course Prerequisites

    There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:
    General knowledge of networks and network security

    These skills can be found in the following Cisco Learning Offerings:
    Implementing and Administering Cisco Solutions (CCNA)
    Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
    Performing CyberOps Using Cisco Security Technologies (CBRCOR)

    Course Outline

    Threat Hunting Theory
    Threat Hunting Concepts, Frameworks, and Threat Models
    Threat Hunting Process Fundamentals
    Threat Hunting Methodologies and Procedures
    Network-Based Threat Hunting
    Endpoint-Based Threat Hunting
    Endpoint-Based Threat Detection Development
    Threat Hunting with Cisco Tools
    Threat Hunting Investigation Summary: A Practical Approach
    Reporting the Aftermath of a Threat Hunt Investigation

    Lab Outline

    Categorize Threats with MITRE ATTACK Tactics and Techniques
    Compare Techniques Used by Different APTs with MITRE ATTACK Navigator
    Model Threats Using MITRE ATTACK and D3FEND
    Prioritize Threat Hunting Using the MITRE ATTACK Framework and Cyber Kill Chain
    Determine the Priority Level of Attacks Using MITRE CAPEC
    Explore the TaHiTI Methodology
    Perform Threat Analysis Searches Using OSINT
    Attribute Threats to Adversary Groups and Software with MITRE ATTACK
    Emulate Adversaries with MITRE Caldera
    Find Evidence of Compromise Using Native Windows Tools
    Hunt for Suspicious Activities Using Open-Source Tools and SIEM
    Capturing of Network Traffic
    Extraction of IOC from Network Packets
    Usage of ELK Stack for Hunting Large Volumes of Network Data
    Analyzing Windows Event Logs and Mapping Them with MITRE Matrix
    Endpoint Data Acquisition
    Inspect Endpoints with PowerShell
    Perform Memory Forensics with Velociraptor
    Detect Malicious Processes on Endpoints
    Identify Suspicious Files Using Threat Analysis
    Conduct Threat Hunting Using Cisco Secure Firewall, Cisco Secure Network Analytics, and Splunk
    Conduct Threat Hunt Using Cisco XDR Control Center and Investigate
    Initiate, Conduct, and Conclude a Threat Hunt

  • CBRCOR — Performing CyberOps Using Cisco Security Technologies
    • Длительность: 5 дней (40 часов)
    • Код курса: CBRCOR
    • Стоимость
    • Очный формат: 1 022 500 ₸
    • Онлайн формат: 938 000 ₸

    Описание курса

    Course Description 

    The Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course guides you through cybersecurity operations fundamentals, methods, and automation. The knowledge you gain in this course will prepare you for the role of Information Security Analyst on a Security Operations Center (SOC) team. You will learn foundational concepts and their application in real-world scenarios, and how to leverage playbooks in formulating an Incident Response (IR). The course teaches you how to use automation for security using cloud platforms and a SecDevOps methodology. You will learn the techniques for detecting cyberattacks, analyzing threats, and making appropriate recommendations to improve cybersecurity.

    This course also earns you 40 Continuing Education (CE) credits towards recertification and prepares you for the 350-201 CBRCOR core exam.

    How You'll Benefit

    This course will help you:
    Gain an advanced understanding of the tasks involved for senior-level roles in a security operations center
    Configure common tools and platforms used by security operation teams via practical application
    Prepare you to respond like a hacker in real-life attack scenarios and submit recommendations to senior management
    Prepare for the 350-201 CBRCOR core exam
    Earn 40 CE credits toward recertification

    Who Should Enroll

    Although there are no mandatory prerequisites, the course is particularly suited for the following audiences:
    Cybersecurity engineer
    Cybersecurity investigator
    Incident manager
    Incident responder
    Network engineer
    SOC analysts currently functioning at entry level with a minimum of 1 year of experience

    What to Expect in the Exam

    350-201 Performing CyberOps Using Cisco Security Technologies (CBRCOR) is a 120-minute exam associated with the Cisco Certified CyberOps Professional certification. The multiple-choice format tests knowledge of core cybersecurity operations including cybersecurity fundamentals, techniques, policies, processes, and automation. The exam will test for knowledge in the following areas:
    Monitoring for cyberattacks
    Analyzing high volume of data using automation tools and platforms—both open source and commercial
    Accurately identifying the nature of attack and formulate a mitigation plan
    Scenario-based questions; for example, using a screenshot of output from a tool, you may be asked to interpret portions of output and establish conclusions

    Course Objectives

    After taking this course, you should be able to:
    Describe the types of service coverage within a SOC and operational responsibilities associated with each.
    Compare security operations considerations of cloud platforms.
    Describe the general methodologies of SOC platforms development, management, and automation.
    Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections.
    Describe Zero Trust and associated approaches, as part of asset controls and protections.
    Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC.
    Use different types of core security technology platforms for security monitoring, investigation, and response.
    Describe the DevOps and SecDevOps processes.
    Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV).
    Describe API authentication mechanisms.
    Analyze the approach and strategies of threat detection, during monitoring, investigation, and response.
    Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs).
    Interpret the sequence of events during an attack based on analysis of traffic patterns.
    Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools).
    Analyze anomalous user and entity behavior (UEBA).
    Perform proactive threat hunting following best practices.

    Course Prerequisites

    Although there are no mandatory prerequisites, to fully benefit from this course, you should have the following knowledge:
    Familiarity with UNIX/Linux shells (bash, csh) and shell commands
    Familiarity with the Splunk search and navigation functions
    Basic understanding of scripting using one or more of Python, JavaScript, PHP or similar.

    Recommended Cisco offerings that may help you prepare for this course:
    Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS)
    Implementing and Administering Cisco Solutions (CCNA)

    Recommended third-party resources:
    Splunk Fundamentals 1
    Blue Team Handbook: Incident Response Edition by Don Murdoch
    Threat Modeling- Designing for Security y Adam Shostack
    Red Team Field Manual by Ben Clark
    Blue Team Field Manual by Alan J White
    Purple Team Field Manual by Tim Bryant
    Applied Network Security and Monitoring by Chris Sanders and Jason Smith

    Course Outline

    Understanding Risk Management and SOC Operations
    Understanding Analytical Processes and Playbooks
    Investigating Packet Captures, Logs, and Traffic Analysis
    Investigating Endpoint and Appliance Logs
    Understanding Cloud Service Model Security Responsibilities
    Understanding Enterprise Environment Assets
    Implementing Threat Tuning
    Threat Research and Threat Intelligence Practices
    Understanding APIs
    Understanding SOC Development and Deployment Models
    Performing Security Analytics and Reports in a SOC
    Malware Forensics Basics
    Threat Hunting Basics
    Performing Incident Investigation and Response

    Lab Outline

    Explore Cisco SecureX Orchestration
    Explore Splunk Phantom Playbooks
    Examine Cisco Firepower Packet Captures and PCAP Analysis
    Validate an Attack and Determine the Incident Response
    Submit a Malicious File to Cisco Threat Grid for Analysis
    Endpoint-Based Attack Scenario Referencing MITRE ATTACK
    Evaluate Assets in a Typical Enterprise Environment
    Explore Cisco Firepower NGFW Access Control Policy and Snort Rules
    Investigate IOCs from Cisco Talos Blog Using Cisco SecureX
    Explore the ThreatConnect Threat Intelligence Platform
    Track the TTPs of a Successful Attack Using a TIP
    Query Cisco Umbrella Using Postman API Client
    Fix a Python API Script
    Create Bash Basic Scripts
    Reverse Engineer Malware
    Perform Threat Hunting
    Conduct an Incident Response

Записаться на курс