Security Event Triage: Detecting Network Anomalies with Behavioral Analysis
|
In this course on network behavioral analysis, you will explore the use of frequency, protocol, and population analysis methodologies to uncover events associated with multiple threat actors intrusions into a simulated enterprise network.
Developing the skills necessary for a security analyst to properly detect and triage advanced network intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting Network Anomalies with Behavioral Analysis, you will learn foundational knowledge required to separate good network traffic from bad and identify a myriad threat actor activity on an enterprise network. First, you will learn how to use frequency analysis to detect command and control, automated logins, and beaconing. Next, you will learn to leverage protocol analysis to identify DNS tunneling, anomalous HTTPS traffic, authentication brute forcing, and DHCP abuse. Finally, you will explore the use of population analysis by harnessing machine learning to identify HTTPS exfiltration and connect the dots associated with enterprise network intrusions. When you are finished with this course, you will have the skills and knowledge of network behavioral analysis needed to detect and triage events found at multiple levels of the cyber kill chain. Create your own network behavioral analysis workstation to follow along using your own environments data using the guide located here: https://github.com/arosenmund/pluralsight/tree/master/NBAD. This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.
Author Name: Aaron Rosenmund
Author Description:
Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur… more
Table of Contents
- Course Overview
1min - Introduction to Network Behavioral Analysis
11mins - Frequency Analysis
33mins - Protocol Analysis
35mins - Population Analysis
25mins - Detecting the Anomalies
13mins
User Reviews
Be the first to review “Security Event Triage: Detecting Network Anomalies with Behavioral Analysis”
Related Products
Using Microsoft Azure Security Tools to Protect AI Solutions
As more and more systems are automated with the use of AI, securing AI solutions is of paramount importance. In this course, you will explore the various facilities Azure offers to secure Azure machine service learning solutions.
Physical Security
Most information security professionals find the domain of physical security to be one of their hardest areas. This course outlines the concepts of physical security and will help you understand physical security requirements and implementation.
Security Principles for CC℠
This course will teach you security concepts of information protection and assurance needed for the Certified in Cybersecurity Exam.
Cisco CyberOps: Exploring Security Concepts
Cybersecurity concepts are fundamental pieces of knowledge necessary to have a career in the industry. This course will explore security concepts to ensure that a solid foundation is laid for future knowledge.
Creating Security Baselines in Microsoft Azure
This course will teach you about Security Baselines, which are part of the Microsoft Cloud Adoption Framework for Azure. You'll learn how to identify security risks, create policy statements to address them, and implement secure designs in Azure.
Security Management: A Case Study
Security management encompasses a number of verticals, dealing with the day to day, developing programs, maintaining compliance and managing risk. This course covers what's important when starting up a cyber-security initiative.
There are no reviews yet.