Certified Security Operations Center Analyst (CSOC) | IT Training & Certification | Info Trek
Respect Your Dreams
Follow through on your goals with courses

Certified Security Operations Center Analyst (CSOC)

Location

Format What’s this?
Starting From
RM 8200.00
  1. 5 Day with 08 hours per day
  1. Mon 21 Nov 09:00 - Fri 25 Nov 17:00
  1. HRDF SBL Claimable
  2. Certificate of Attendance available
  1. 5 Days
  1. All of our private classes are customized to your organization's needs.
  2. Click on the button below to send us your details and you will be contacted shortly.
Request more information

Inquiry for: Myself    My Company

By providing your contact details, you agree to our Privacy Policy

 

 

 

Thank You

Our learning consultant will get back to you in 1 business day

Certified Security Operations Center Analyst (CSOC)

WHAT YOU WILL LEARN

We live in an age dominated by technological improvements feeding on our desire to be evermore connected. With this comes an expectation that access to systems and data will be available from anywhere, anytime. However, it is precisely this demand for real time access from any location that dramatically increases our risk profile. This makes controlling corporate data one of the most painful yet vital challenge for cyber security today. In short, convenience exposes more attack points – decreasing our defence systems against malicious entities.


Cyber security is always in the headlines due to increasing global data breaches and exploitations. The common reasons for the current state of security are:

• Growth of New Threats – Organisations are not able to keep pace with the volume, velocity and variety of threats that are emerging every day. They must guard against rapidly changing threats, ranging from traditional malware to sophisticated, state-sponsored attacks.

• Emerging Risks – Each industry faces intense pressure to bring innovation to the marketplace, connect with customers, improve operations, and collaborate with partners and suppliers — all of which can present new risks to the enterprise.

• Technology-Driven Threats – Mobile applications, third-party cloud-based services, outsourcing, IoT, Industry 4.0, digital transformation and more put key business initiatives in direct conflict with cyber security policies. Organizations must quickly respond to these conflicts, assess potential threats, and allocate resources to minimize risk and ensure compliance and security.

• Lack of Resources – Organizations have limited IT resources, lack of internal security expertise, struggle to hire security talent, and insufficient funds.


A security operations centre (SOC) is a facility operating 24 x 7 x 365, where enterprise information systems (data centres and servers, networks, desktops and other endpoints) are monitored, assessed, and defended around the clock. SOC Analysts are the backbones for the operations of a SOC. As more enterprises guided by the current state of cybersecurity, compliance and regulations are setting up their own SOC or outsource SOC activities to MSSPs, there is an acute shortage of SOC Analysts / Professionals who understand all the SOC technologies and how to handle them to achieve cyber- resiliency for customers. This course prepares you to be ready for the real-world challenges of a SOC Analyst.


AUDIENCE

• Cybersecurity analysts

• Soc analysts

• Network and security administrators

• Network and security engineers

• Network defense analyst

• Network defense technicians

• Network security specialist

• Network security operator

• Any security professional handling network security operations

• Entry-level cybersecurity professionals

• Professionals newly recruited into a SOC without prior experience


METHODOLOGY

This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.

Expand All

Modules

Module 1: Introduction to Cyber Security & Latest Attack Trends

Objectives: Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, and cyber kill chain.

• What is Security, Vulnerabilities & O-Days, Attack life Cycle, Different Attack Vectors
• Threats Vs. Risks, Why Perimeter defenses are failing? Why Anti-Virus is not enough?
• Financial Implications of a Cyber Attack
• Business Email Compromise (BEC) (Demo)
• Ransomware (Demo)
• Advanced Persistent Threat (Demo)
• File-less Malwares (Demo)
• Mobile Malwares (Demo)
• Identity Theft (Demo)
• Web Data Breach (Demo)
• Malvertising (Demo)
• Payment Gateway based attacks (Demo)
• Social Media based attacks (Demo)
• Password based attacks (Password Stuffing, Account Takeover, Phishing, etc) (Demo)
• State sponsored attacks (Case Study)
• Distributed Denial of Service (Case Study)
• Insider Threat (Case Study)
Outcomes: Attendees will learn in-detail about security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain thru 11 Live Demos and 3 Case Study.

Module 2: Security Operations Center (SOC) – Introduction

Objectives: Gain in-depth knowledge of SOC processes, procedures, technologies, and automation workflows.

• What is a Security Operations Center and why we need it?

• NOC vs. SOC

• Overview of Continuous Adaptive Risk and Trust Assessment (CARTA)

• SOC v1.0 vs SOC v2.0

• SOC v2.0: Components

• Security Operations Center roles and responsibilities

• SOC team roles and responsibilities

• Challenges of Security Operations Center

• Measuring the ROI of Security Operations Center

Outcomes: Attendees will learn in-detail about SOC processes, roles and responsibilities, procedures, technologies, and automation workflows.


Module 3: Understanding Attack DNA

Objective: Understand the MITRE ATT&CK Framework and able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident

• What is MITRE ATT&CK Framework?

• Tactics, Techniques and Procedures (TTP)

• Indicators of Compromise (IoC) and Indicators of Attack (IoA)

• Mapping to ATT&CK from Raw Data – Lab

Outcomes: Attendees will learn MITRE ATT&CK Framework, will be able to identify attacker techniques, tactics, and procedures (TTP), and

investigate on IOCs and provide automated / manual responses to eliminate the attack/incident.


Module 4 : Latest Cybersecurity Defence Technologies

Objective: Gain in-depth knowledge on all the latest defense technologies that are used in next generation SOC deployments. Ex : NGAV, SIEM, EDR, SOAR, TI, UEBA, IAM/PAM, etc.

• Anti-Virus & Next Generation Anti-Virus (NGAV)

• How it works and Where is the Gap?

- Deep Learning & Machine Learning & Artificial Intelligence

• Cybersecurity use cases

- Security Information and Event Management (SIEM)

• How it Works?

• Understanding Logs & Log Correlation

• SIEM Deployment options

• Application Level Incident Detection Use Case Examples

• Network Incident Detection Use Case Examples

• Host Malware Incident Detection Use Case Examples

• Understanding why SIEM is not enough and why Noise/False Positives?

• Lab / Demo

- Endpoint Detection and Response (EDR)

• How it Works?

• EDR vs. NGAV

• Understanding Memory and Process Detection & Mapping

• What is Managed Detection and Response

• Understanding various Response actions

• Lab / Demo

- Security Orchestration, Automation and Response (SOAR)

• Alert / Notification Handling Challenges

• Why SOAR ?

• Sample Automated Playbooks

• Lab / Demo

- Cyber Range

 Cyber Range Components

 Cyber Range Simulation Scenarios

- Data Leakage Prevention (DLP)

- User Behavior Analytics

- Identity Management

• Virtual Dispersive Networking (VDN)

Outcomes: Attendees will learn latest defense technologies and its deployments. Ex : NGAV, SIEM, EDR, SOAR, TI, UEBA, IAM/PAM, etc.

Attendees will be able to use these technologies on day to day operations.


Module 5 : Cybersecurity Incident Response

Objective: Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate SOC processes with Incident Response processes and learn how to automate them as a single workflow.

- Introduction to Incident Response

• Types of Computer Security Incidents

• Fingerprint of an Incident

• Incident Categories & Incident Prioritization

• Why Incident Response?

• Incident Reporting

- Incident Response & Handling Methodology

• Incident Response Plan

• Incident Response and Handling : Identification, Incident Recording, Initial Response, Communicating the Incident, Containment, Formulating a Response Strategy, Incident Classification, Incident Investigation, Data Collection, Forensic Analysis, Evidence Protection, Systems Recovery, Incident Documentation, Incident Damage and Cost Assessment, Review and Update the Response Plan and Policies

• Incident Response Checklist and Best Practices

• CSIRT & its best practices

• Incident Response Team

• Incident Tracking and Reporting

Incident handling : Real Word examples and exercises on Malware, Web Application attacks, Email attacks and Insider attacks.

Outcomes: Attendees will able to design and implement Incident Response Methodology, processes and integrate SOC processes with Incident Response processes. Attendees will be able to automate IR processes as a single workflow with SOC processes.


Module 6 : Threat Intelligence & Threat Hunting

Objective: Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and

other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR).

- Introduction to Threat Intelligence

• Understanding Threats, Threat Modeling and Risk

• What is Threat Intelligence

• Need for Threat Intelligence

• Benefits of Threat Intelligence

• Types of Threat Intelligence

• Threat Intelligence Life Cycle

• Sources of Threat Intelligence

• Technologies contributing to Threat Intelligence ( SIEM, EDR, Log Sources )

• Incident Response & Threat Intelligence

• Applications of Threat Intelligence

• Threat Intelligence Frameworks ( CIF, MISP, TAXII)

• Role of Threat Intelligence Analyst & Threat Hunters

• Role of Threat Intelligence in SOC operations

- Setting up Threat Intel Framework

• Enterprise Threat Landscape Mapping

• Scope & Plan Threat Intel Program

• Setup Threat Intel Team

• Threat Intelligence Feeds, Sources & Data Collections

• Open source Threat Intel Collections (OSINT and more)

• Dark Web Threat Intel Collections

• SIEM / Log Sources Threat Intel Collections

• Pubic Web data Threat Intel Collections ( Maltego, OSTrICa, and more)

• Threat Intel collections with YARA

• EDR Threat Intel Collections

• Incorporating Threat Intel into Incident Response

• Threat Intel & Actionable Contextual Data MISP Lab

Outcomes: Attendees will learn about Threat Intelligence and learn to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies and learn to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR). Learn to setup a complete Threat Intelligence Platform.


Clement Arul

Clement Arul

A professional who believes that adaptability of security is directly equal to the affordability of security products, services and trainings. Started creating security products, services and trainings and certifications that are affordable as well as be part of the team in creation Nation Cyber Security Frameworks.Clement is also a two-time recipient award of National Award from Govt of Malaysia: Cyber Security Professional of the Year in 2017 and 2014 as well as a three-time Regional Award winner of Cyber Security Professional of the Year Asia and APAC in 2020, 2019 and 2017. He was also awarded as APAC Cyber Security Educator of the Year in 2020 and 2019. Read More

Course Reviews

No Remarks

0

0 Ratings