SANS FOR608: Enterprise-Class Incident Response & Threat Hunting

تمرکز دوره جدید SANS FOR608: Enterprise-Class Incident Response & Threat Hunting بر شناسایی و پاسخ دادن به حوادث بسیار بزرگ و تمرکز روی ماشین های فردی است. مفاهیم مشابه هستند: جمع آوری ، تجزیه و تحلیل و تصمیم گیری بر اساس اطلاعات صدها دستگاه. این امر به توانایی خودکار سازی و امکان تمرکز سریع روی اطلاعات مناسب برای تجزیه و تحلیل، نیاز دارد. در دوره SANS FOR608 با استفاده از نمونه ابزارهای ساخته شده برای فعالیت در مقیاس شرکت های بزرگ، تکنیک هایی را برای جمع آوری داده های متمرکز برای پاسخ و نحوه شناسایی حوادث و تهدیدها و روشهای تجزیه و تحلیل و روشهای مختلفی را برای درک حرکت و فعالیت مهاجم در میزبان های مختلف و سیستم عامل ها با استفاده از تکنیک های جدول زمانی ، نمودار ، ساختار یافته و بدون ساختار آموزش داده می شود…

لینک دانلود دوره آموزشی SANS FOR608: Enterprise-Class Incident Response & Threat Hunting

 

دانلود – حجم: 72 مگابایت

رمز فايل: technet24.ir

Date: 2022
Price: $8,545 USD
Format: PDF
Publisher: SANS

What You Will Learn

Enterprises today have thousands; maybe even hundreds of thousands – of systems ranging from desktops to servers, from on-site to the cloud. Although geographic location and network size have not deterred attackers in breaching their victims, these factors present unique challenges in how organizations can successfully detect and respond to security incidents. Our experience has shown that when sizeable organizations suffer a breach, the attackers seldom compromise one or two systems. Without the proper tools and methodologies, security teams will always find themselves playing catch-up, and the attacker will continue to achieve success.

FOR608: Enterprise-Class Incident Response & Threat Hunting focuses on identifying and responding to incidents too large to focus on individual machines. The concepts are similar: gathering, analyzing, and making decisions based on information from hundreds of machines. This requires the ability to automate and the ability to quickly focus on the right information for analysis. By using example tools built to operate at enterprise-class scale, students will learn the techniques to collect focused data for incident response and threat hunting. Students will then dig into analysis methodologies, learning multiple approaches to understand attacker movement and activity across hosts of varying functions and operating systems by using timeline, graphing, structured, and unstructured analysis techniques.

Syllabus

SECTION 1: Proactive Detection & Response
SECTION 2: Scaling Response & Analysis
SECTION 3: Modern Attacks Against Windows & Linux
SECTION 4: Analyzing MAC OS & Docker Containers
SECTION 5: Cloud Attacks & Response
SECTION 6: Capstone: Enterprise-Class IR Challenge

FOR608: Enterprise-Class Incident Response & Threat Hunting will teach you to:
  1. Understand when incident response requires in-depth host interrogation or light-weight mass collection
  2. Deploy collaboration and analysis platforms that allow teams to work across rooms, states, or countries simultaneously
  3. Collect host- and cloud-based forensic data from large environments
  4. Discuss best practices for responding to Azure, M365, and AWS cloud platforms
  5. Learn analysis techniques for responding to Linux and Mac operating systems
  6. Analyze containerized microservices such as Docker containers
  7. Correlate and analyze data across multiple data types and machines using a myriad of analysis techniques
  8. Conduct analysis of structured and unstructured data to identify attacker behavior.
  9. Enrich collected data to identify additional indicators of compromise
  10. Develop IOC signatures and analytics to expand searching capabilities and enable rapid detection of similar incidents in the future
  11. Track incidents and indicators from beginning to end using built-for-purpose incident response engagement tooling.
Business Takeaways
  • Reduce financial and reputational impact of a breach by more efficiently and precisely managing the response
  • Learn IR management techniques that optimize resource usage during an investigation
  • Deploy collaboration and analysis platforms that allow teams to work across rooms, states, or countries simultaneously
  • Understand and hunt for techniques attackers use to hide from EDR and application control tools on Windows systems
  • Learn analysis techniques for responding to compromised Linux and macOS systems
  • Be able to respond and analyze containerized microservices such as Docker containers
  • Discuss best practices for responding to the most popular cloud environments – specifically Microsoft365/AzureAD, and AWS.
SANSSANS FOR608SANS FOR608 pdfThreat Huntingآزمون SANS FOR608آموزش SANS FOR608دانلود SANS FOR608دوره SANSدوره SANS FOR608دوره جامع امنیتدوره جامع تست نفوذدوره های امنیت اطلاعاتدوره های امنیت سایبریدوره های امنیت شبکهکتاب SANS FOR608مدرک sansمدرک SANS FOR608
Comments (1)
Add Comment
  • chase

    woowww