TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies

 

Course Overview:

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies is the big picture overview of a SOC, other courses provide a deep dive into the technologies that a SOC may utilize. This course addresses the internal workings of staff, skills required, required authorizations, internal agreements, and setting appropriate expectation levels of a SOC within budget constraints. A SOC is not a one size fits all, the instructor has decades of security experience and brings to the table opportunities to discuss what can work within constraints. Many organizations are coming to the realization that some level of a SOC is now required and to learn just what decisions need to be made: Out-sourced, In-sourced, budgets, capabilities and many more. Students leave with a worksheet of how to progress when they get back to their organization.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies – Is a course that incorporates lecture, demos, and group exercises for standing up a Security Operations Center (SOC). Students learn strategies and resources required to deploy, build, and run Network Security Monitoring (NSM) and work roles and flows for a SOC. No network is bullet proof and when attackers access your network, this course will show you options and resources to build a security net to detect, contain, and control the attacker. Examples on what it takes to architect an NSM solution to identify sophisticated attackers and a response strategy. Properly implemented detection and response technologies is integral to incident response and provides the responders timely information and tools to react to the incident. Effective demonstrations are given of Open Source technologies that build up a SOC, but any software can be used and demonstrations are provided to demonstrate technology families not push a specific solution.

TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies demonstrations utilize a cyber range that gives each student in-depth knowledge of monitoring live systems to include: Cisco, Windows, Linux, IoT, and Firewalls; and software and services to provide orchestrate Incident Response, Intelligence Analysis, and Hunt Operations.

Attendees to TN-542: Establishing a Security Operations Center (SOC) People, Processes, and Technologies class will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 2 Days

Course Objective:

    • To provide management an overview of what it takes to stand up a SOC.

Prerequisites:

  • Students should have an understanding of the security field.

Course Outline:

  • What threats does my organization care about?
  • What does a threat look like?
  • What does a threat look like?
  • How to present the SOC internally.
  • Communication with Stakeholders and Executives
    • Leveraging and integrating existing security measures
  • People
    • Establishing a skill matrix and work roles for SOC members
    • Establishing a training path
    • Personnel background requirementsProcesses
  • Processes
    • Alignment to standards: NIST, PCI, HIPAA, etc.
    • Risk related decision trees
    • Playbooks
    • Threat Intelligence Integration
  • Technology – Tool Suites to Support:
    • Ethical Hacking
    • Network Security Monitoring and SIEM
    • Forensics
    • Dashboards
    • Analysis and Hunting
    • Incident Management and Ticketing

 

Comments

Latest comments from students

 

Liked the class?  Then let everyone know!

TN-565: Nessus Vulnerability & Compliance Auditing

Course Overview:

This course provides security professionals with the skills and knowledge to perform vulnerability and compliance scanning of supported operating systems, devices, and applications. Students will construct custom scan policies for topology discovery, network vulnerability detection, credentialed patch audits, and compliance benchmarks, and discuss the underlying technologies utilized by the Nessus scanner.

This course provides students with the necessary information to prepare for the Tenable Certified Nessus Auditor (TCNA) exam.

Date/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Introduction to Nessus and Vulnerability Scanning
  • Nessus Installation and Administration
  • Basic Nessus Scan Operation
  • Nessus Scan Configuration and Policy Creation
  • Vulnerability Analysis and Reporting with Nessus
  • Advanced Scan Configuration and Policy Creation
  • Introduction to Compliance and Auditing
  • Nessus Auditing Features
  • Windows System Auditing
  • Unix System Auditing
  • Cisco IOS Auditing
  • Nessus Database Auditing
  • Nessus Content Auditing
  • Auditing to Industry Guidelines
  • Auditing to Federal Guidelines

Prerequisites:

Students should possess a basic understanding of TCP/IP networking, operating systems security, and common client/server applications.

Comments

Latest comments from students

Liked the class?  Then let everyone know!

N-405: ROUTE-Implementing Cisco IP Routing

Course Overview:

In this course, administrators of medium-to-large network sites will learn to use advanced routing to provide scalability for Cisco routers that are connected to LANs and WANs. Networking professionals will learn to dramatically increase the number of routers and sites using these techniques instead of redesigning the network when additional sites or wiring configurations are added. Hands-on labs ensure you thoroughly understand how to implement advanced routing within your network.

Attendees to N-405: ROUTE-Implementing Cisco IP Routing will receive TechNow approved course materials and expert instruction.

Dates/Locations:

No Events

Duration: 5 days

Course Objectives:

  • Planning Routing Services to Requirements
  • Implementing an EIGRP-Based Solution
  • Implementing a Scalable Multiarea Network
  • OSPF-Based Solution
  • Implement an IPv4- Based Redistribution Solution
  • Implementing Path Control Connection of an Enterprise Network to an ISP Network

Prerequisites:

  • None

 

Comments

Latest comments from students

User: jrtrussell

Instructor comments: Awesome

Facilities comments: Awesome

Liked the class?  Then let everyone know!

PA-242: Palo Alto Networks Firewall Manage Cyberthreats (EDU-231)

  

 

Course Overview:  PA-242: Palo Alto Networks Firewall Manage Cyberthreats (EDU-231) Training Class is a two-day course that teaches students strategies in defense against cyberthreats.  Successful completion of this course enables administrators to better understand the threat landscape.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.  TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.

The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-242: Palo Alto Networks Firewall Manaage Cyberthreats  (EDU-231) Training Course will receive TechNow approved course materials and expert instruction.

Dates/Locations: No Events

Duration: 2 days

Course Objectives:   Students attending this training course will gain an understanding of cyberthreats and their characteristics.  Students will learn how to manage cyberthreats using security policies, profiles, and signatures to protect their network against emerging threats.

Day 1

  • Mod 1: Threat Landscape
    • Advanced Persistent
    • Threats
    • Data Breaches and Tactics
    • Threat Management
    • Strategies
  • Mod 2: Integrated
    • Approach to Threat
    • Protection
    • Integrated Approach to
    • Protection
    • Next-Generation Firewall
    • Advanced Endpoint
    • Protection
  • Mod 3: Network Visibility
    • Zero Trust Model
    • SSL Decryption
    • Decryption Policy
  • Mod 4: Reducing the Attack
    • Surf
    • ection

 

Day 2

  • Mod 5: Handling Known
    • Threats
    • WildFire Analysis
    • Security Profiles
  • Mod 6: Handling Unknown
    • Traffic and Zero-Day Exploits
    • WildFire
    • Researching Threat Events
    • Identifying Unknown
    • Applications
  • Mod 7: Investigating
    • Breaches
    • Identify IOCs Using
    • App-Scope
    • Log Correlation
    • Finding Infected Host
  • Mod 8: Using Custom
    • Signatures
    • Creating Custom App-IDs
    • Threat Signatures

A

Prerequisites:

  • Students must complete the PA-213: Install, Configure, and Manage course
  • Understanding of network concepts, including routing, switching, and IP addressing
  • In-depth knowledge of port-based security and security technologies such as IPS, proxy, and content filtering

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students

Like the class?  Then let everyone know!

PA-232: Palo Alto Networks Panorama Manage Multiple Firewalls (EDU-221)

  

 

Course Overview:  PA-232: Palo Alto Networks Panorama Manage Multiple Firewalls (EDU-221) Training Class is a two-day course.  Students attending this course will gain an in-depth knowledge of how to configure and manage their Palo Alto Networks Panorama Management Server.  Upon completion of this course, administrators will understand the Panorama server’s role in managing and securing their overall network.  Network professionals will learn to use Panorama’s aggregated reporting to provide them with a holistic view of a network of Palo Alto Networks next-generation firewalls.  This is not a virtualized theoretical course.  This is hands-on, real world instruction, directly relevant to the DoD and Commercial implementations of Palo Alto Networks next-generation firewalls.

Each student is issued a physical Palo Alto firewall and a Cisco layer 3 switch at their desk.  Real hardware per student for real experience and real skill development.

TechNow provides a very comprehensive client infrastructure that includes Windows, Linux, and multiple packet sniffer agents.  The instructor for this course has been a lead in Unix kernel development to implement firewall and intrusion detection technologies.  Additionally, the instructor has taught several security appliance products and carries several SANS, ISC2, ISACA, Cisco, Unix, and Windows certifications.

Attendees to the PA-232: Palo Alto Networks Panorama Manage Multiple Firewalls (EDU-221) Training Course will receive TechNow approved course materials and expert instruction.

 

Dates/Locations: No Events

Duration: 2 days

Course Objectives:   Students attending this foundational-level training course will gain an in-depth knowledge of how to configure and manage their Palo Alto Networks Panorama Management Server.

Day 1

  • Module 0 – Introduction & Overview
  • Mod 1: Overview
    • Panorama Solution
    • Deployment Design
  • Mod 2: Initial Configuration
    • Interface Configuration
    • Setup Configurations
    • Device Deployment
    • Configuration Management
  • Mod 3: Templates
    • Templates Overview
    • Common Organization
    • Strategies
    • Configuring Templates
  • Mod 4: Device Groups
    • Device Groups
    • Objects
    • Policies
    • Device Group Commit

 

Day 2

  • Mod 5: Administration
    • Admin Roles and Access
    • Control
    • Commit Procedure
  • Mod 6: Logging and
    • Reporting
    • Logging
    • Application Command
    • Center
    • App-Scope
    • Correlation Objects
    • Reports
  • Mod 7: Log Collectors
    • Plan a Log Collection
    • Deployment
    • Distributed Data Collection
    • Log Deployment
    • Configure Dedicated Log
    • Collector
    • Managed Collector Groups
  • Mod 8: Business Continuity
    • Panorama High Availability
    • Collector Group
    • Redundancy
    • Export Configuration
    • Disk Installation

 

Prerequisites:

This course is in no way associated with Palo Alto Networks, Inc.

Comments

Latest comments from students

Like the class?  Then let everyone know!