SANS MGT551: Building and Leading Security Operations Centers

مرکز عملیات امنیت SOC واحدی یکتا به جهت کنترل و نظارت و بررسی رخدادها و وقایع امنیتی روی داده در سازمان ها و شرکت ها می باشد که یکی از مهمترین رویکردهای مرکز عملیات امنیت شناسایی و تشخیص به همراه واکنش متناسب در برابروقایع و رخداد های امنیتی می باشد، که به واسطه یک قواعد متمرکز و یکپارچه ، وضعیت لحظه ای از تمامی وقایع شبکه که در حال اتفاق افتادن می باشد را نمایان می نماید نکته قابل تامل در مرکز عملیات امنیت مدیریت رخداد می باشد.

Date: 2020
Price: 7200$
Format: Video+USB File+AUDIO
Publisher: SANS

Managing a security operations center (SOC) requires a unique combination of technical knowledge, management skills, and leadership ability. Whether you are looking to build a new SOC or take your current team to the next level, MGT551 provides the right balance of these elements to super-charge your people, tools, and processes. In the new 5-day version of SANS MGT551, we will help you build a high-performing SOC tailored to your organization and the threats it faces. We will give you the tools you need to manage an effective defense, measure progress towards your goals, and build out more advanced processes like threat hunting, active defense, and continuous SOC assessment. Best of all, each section is packed with hands-on labs, introductions to some of the industrys best free and open source tools, and an interactive game in which you will apply your new SOC management skills in real-world scenarios.

What You Will Learn

From Your Physical Front Door to Your Network Back Door

Information technology is so tightly woven into the fabric of modern business that cyber risk has become business risk. SOC teams are facing more pressure than ever before to help manage this risk by identifying and responding to threats across a diverse set of infrastructures, business processes, and users. Furthermore, SOC managers are in the unique position of having to bridge the gap between business processes and the highly technical work that goes on in the SOC. Managers must show alignment to the business and demonstrate real value – a challenge when the threats are constantly changing and sometimes unseen. How do we know our security teams are aligned to the unique threats facing our organization? How do we get consistent results and prove that we can identify and respond to threats in time to minimize business impact? And how can we build an empowering, learning environment where analysts can be creative and solve problems while focusing on the mission at hand?

MGT551 bridges this gap by giving students the technical means to build an effective defense and the management tools to build an effective team. From section one of this training, students will learn how to design their defenses around their unique organizational requirements and risk profile. They will learn how to combine SOC staff, processes, and technology in a way that promotes measurable results and covers all manner of infrastructure and business processes. Most importantly, they will learn how to keep the SOC growing, evolving, and improving over time.

Throughout this course, students can expect to learn key factors for success in managing a Security Operations Center (SOC), including:

• Collecting the most important logs and network data
• Building, training, and empowering a diverse team
• Creating playbooks and managing detection use cases
• Using threat intelligence to focus your budget and detection efforts
• Threat hunting and active defense strategies
• Efficient alert triage and investigation workflow
• Incident response planning and execution
• Choosing metrics and long-term strategy to improve the SOC
• Team member training, retention, and prevention of burnout
• SOC assessment through capacity planning, purple team testing, and adversary emulation

Syllabus

SECTION 1: SOC Design and Operational Planning
SECTION 2: SOC Telemetry and Analysis
SECTION 3: Attack Detection, Hunting, and Triage
SECTION 4: Incident Response
SECTION 5: Metrics, Automation, and Continuous Improvement