Focal Point - Automated Network Defense

This course teaches how to defend enterprise infrastructure at scale using a combination of tools and platforms such as IDS/IPS, firewalls, and SIEMs. Configuring and tuning these systems properly maximize their effectiveness at catching and stopping threats while reducing alert fatigue for analysts and responders. Students learn to identify gaps in coverage, write basic and complex signatures, manage rule sets for optimization, use chain rules to detect multistage events, and implement decoding and fingerprinting capabilities to overcome evasion techniques.

Retail Price: $4,750.00

Next Date: Request Date

Course Days: 5


Request a Date

Request Custom Course


WHAT YOU'LL LEARN

  • Explain the benefits and limitations of different security technologies (IDS/IPS, firewalls, VPNs, web proxies, etc.)
  • Identify optimal platform deployment and gaps in coverage
  • Write basic and complex IDS signatures to identify malicious traffic flows, and tune them to reduce false positives
  • Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
  • Apply decoding and other tools to overcome attacker evasion techniques
  • Implement automated fingerprinting of encrypted traffic flows to detect anomalous or malicious flows

WHO SHOULD ATTEND?

  • Incident Responders who need to understand and react to IDS alerts
  • Network Defenders seeking to automate threat detection
  • IDS administrators who wish to improve their signature writing skills
  • Security Operations Center Staff seeking to automate traffic analysis
  • Penetration Testers looking to reduce their network visibility

PREREQUISITES

  • TCP/IP Networking
  • Focal Point - Network Forensics and Investigation
  • Focal Point - Network Forensics and Investigation II

COURSE OUTLINE

  1. Intrusions
  2. Common Threats
  3. Intrusion Detection
  4. Introduction to Snort
  5. Introduction to Bro
  6. Snort Configuration and Variables
  7. Snort Output
  8. Output Plugins
  9. Signature Writing
  10. Snort Rule Options
  11. The Detect Offset Pointer (DOE)
  12. DOE Content Modifiers
  13. DOE Rule Options
  14. Snort Packet Header Rule Options
  15. Pre-Processors
  16. Post Detection
  17. Effective Rule Writing
  18. Perl Compatible Regular Expressions
  19. Tracking State Across Sessions Using Flowbits


Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com


Request a Date