Categories

There are currently no items in your shopping cart.

User Panel

Forgot your password?.

Sans SEC511 Continuous Monitoring and Security Operations

Video Introducing this tutorial


Current State Assessment SOCs and Security Architecture:
Course Overview
Modern Cyber Defense Principles
Adversary Informed Detection
Security Operations Centers
Section One Summary
Current State Assessment
Adversarial Dominance
Traditional Attack Techniques
Traditional Cyber Defense
Modern Attack Techniques
Client-Side Attack Vectors
Client-Side Targets
Post-Exploitation

Network Security Architecture:
Network Security Architecture
Malware Detonation Devices
Entropy and freqpy
Security Information and Event Management SIEM
Adversary Deception Devices
Switches. PVLAN Security
Threat Intelligence
Section 2 Summary
Routers
Perimeter SI Firewalls
Web Application Firewalls
Forward Proxies
Encryption and TLS Inspection
Network Intrusion Detection Systems
Network Intrusion Prevention Systems
Next-Generation Firewalls

Network Security Monitoring:
Getting Started
Tracking EXEs
Identifying Command and Control Traffic
Tracking User Agents
C2 via HTTPS
Tracking Encryption Certificates
Section 3 Summary
Network Security Monitoring Overview
Evolution of NSM
The NSM Toolbox
NIDS Design
Analysis Methodology
NSM Data Sources
Practical NSM Issues
Cornerstone NSM

Endpoint Security Architecture:
Endpoint Security Architecture Overview
Privilege Reduction
Authentication
Security Support Provider
Post-Authentication
Advanced Authentication Attacks
Endpoint Protection Platforms EPP
Section 4 Summary
Windows Endpoints
Patching
Secure Baseline Configuration
EMET and Windows Defender Exploit Guard
Application Monitoring and Sysmon
Application Whitelisting
Administrative Accounts
Privilege Monitoring

Automation and Continuous Security Monitoring:
Continuous Security Monitoring Overview
Monitoring Change to Devices and Appliances
Leveraging Proxy and Firewall Data
Monitoring Critical Windows Events
Scripting and Automation
Post-Intrusion Detection
Section 5 Summary
Appendix Centralize Windows Event Logs MBSA
Industry Best Practices
Winning CSM Techniques
Maintaining Situational Awareness
Host and Service Discovery
Passive OS Detection
Vulnerability Scanning
Monitoring Patching
Monitoring Service Logs

Capstone Design Detect Defend:
Capstone Design Detect Defend