Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis
|
Cyber attacks can take different forms and be performed by threat groups with different goals and methods. In this course, you will learn how signature and session analysis can be used to detect those attacks with network data.
Cyber attacks evolve constantly, and detecting them requires the use of different techniques, some of which are more useful for specific scenarios than others. In this course, Security Event Triage: Detecting Malicious Traffic With Signature and Session Analysis, you will gain the ability to detect those attacks by leveraging signature and session analysis. First, you will learn how to detect attacks with common, detectable characteristics using signature analysis with tools like Snort. Next, you will discover how session analysis, with tools like Zeek and Kibana, can allow you to detect attacks by spotting suspicious behavior, in a way that is much harder to evade than simple signatures. Finally, you will explore how to detect suspicious patterns even in encrypted traffic, without the need to decrypt it. When you are finished with this course, you will have the skills and knowledge of signature and session analysis needed to detect attacks using network data. This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.
Author Name: Guillaume Ross
Author Description:
Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc. Having worked in multiple verticals, from Fortune 50 to startups, his specialty is providing the right security program and architecture for each specific environment and company, and leading blue teams.
Table of Contents
- Course Overview
1min - Preparing for Signature and Session Analysis
13mins - Performing Signature Analysis with Snort
35mins - Understanding Suspicious DNS and HTTP(S) Traffic with Bro
39mins - Analyzing Encrypted Sessions
11mins - Reconstructing the Attack and Improving Defenses
8mins - Wrapping Up
8mins
User Reviews
Be the first to review “Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis”
Related Products
Implementing Host Security in Microsoft Azure
This course identifies the resources, tools, and methods needed to secure hosts in Azure as well as hosts connecting to Azure.
Credential Access with John the Ripper
John the Ripper (JtR) is widely used within red team assessments. Learn how to leverage the powerful capabilities of JtR to crack passwords of various hash types and use JtR within Metasploit.
Using Microsoft Azure Security Tools to Protect AI Solutions
As more and more systems are automated with the use of AI, securing AI solutions is of paramount importance. In this course, you will explore the various facilities Azure offers to secure Azure machine service learning solutions.
Security Management: A Case Study
Security management encompasses a number of verticals, dealing with the day to day, developing programs, maintaining compliance and managing risk. This course covers what's important when starting up a cyber-security initiative.
Securing Data Analytics Pipelines on AWS
As you start preparing for your AWS certified Data Analytics Specialty exam, you need to pay close attention to the security aspect of this certification. This course will teach you how to set up access control and encryption to your data analytics pipelines.
Basic Security Concepts for Cisco Networks
The CCNA exam requires an understanding of basic security for networking. This course will review password policies, AAA, DHCP snooping, and Dynamic ARP inspection.
There are no reviews yet.