Cybersecurity Analyst (CySA+): Threat Management
Richard Oertle NetCom Learning www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
Agenda
• • • • • • • • • •
Purpose of CySA+ Jobs that use CompTIA CySA+ Elements of Cybersecurity (Endpoint Model) Defense in Depth Course Outline Risk & Vulnerability Management Managing Vulnerabilities in the Organization System Hacking Tools and Exploitation Frameworks Vulnerability Management Process Incident Handling and Response Planning
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Purpose
The purpose of this course CySA+ is to prepare you for passing the CySA+ test. This certification allows you to apply for a position as a CyberSecurity analysist. In addition this course teaches you to alter your perception to gain the viewpoint of an attacker, by using the Kali Linux toolkit to probe for weakness during the first half of each lab segment. The second half of each lab alters your perception to that of the defender, where you actively search for evidence of an intrusion.
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
Jobs that use CompTIA CySA+
IT Security Analyst
Security Operations Center (SOC) Analyst
Vulnerability Analyst Threat Intelligence Analyst
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Cybersecurity Specialist Security Engineer Cybersecurity Analyst
Š1998-2019 NetCom Learning
Elements of Cybersecurity (Endpoint Model)
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
Defense in Depth Encrypted database Intrusion detection system
Vulnerability assessment Network segmentation
Trained personnel
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
Course Outline • • • • • • • • • • •
Assessing Information Security Risk Analyzing Reconnaissance Threats to Computing and Network Environments Analyzing Attacks on Computing and Network Environments Analyzing Post-Attack Techniques Managing Vulnerabilities in the Organization Collecting Cybersecurity Intelligence Analyzing Log Data Performing Active Asset and Network Analysis Responding to Cybersecurity Incidents Investigating Cybersecurity Incidents Addressing Security Architecture Issues www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Risk Management
• • • • • •
Management of risk involves assigning weight for different contexts. High risk with few consequences may not warrant much effort. Low risk with significant consequences may warrant a different approach. You can communicate technical risk to decision makers. Risk is necessary – without risk, the organization would cease to function. Many risks are worth taking, as long as the reward is greater.
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Vulnerability Management
• • • •
The process of discovering, analyzing, and controlling vulnerabilities to lower risk. Incorporates thorough assessments and penetration testing. Produces a list of vulnerabilities that you need to remediate. Supported by continuous monitoring and testing of systems. • Ensures that remediation efforts remain effective over time.
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Managing Vulnerabilities in the Organization
• • • •
Implement a Vulnerability Management Plan Assess Common Vulnerabilities Conduct Vulnerability Scans Conduct Penetration Tests on Network Assets
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
System Hacking Tools and Exploitation Frameworks
Password Sniffers • • • • • •
Wireshark Cain & Abel tcpdump Kismet Ettercap Microsoft Message Analyzer • Nagios Network Analyzer
Password Crackers • • • • • • •
John the Ripper Cain & Abel THC Hydra pwdump Ophcrack Medusa Ncrack
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Exploitation Frameworks • • • • •
Metasploit Framework Core Impact CANVAS W3af BeEF
©1998-2019 NetCom Learning
Hijacking and Spoofing Tools
• Spoofing: • • • • •
hping Nmap Cain & Abel Ettercap Nemesis
• Session hijacking: • CookieCatcher • DroidSheep • CookieMonster
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Mobile Infrastructure Hacking Tools
• AnDOSid • Spooftooph • DroidBox • APKInspector • Androrat • Burp Suite
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Vulnerability Management Process
Inventory
Identify Requirements
Identify Vulnerabilities
Report on Results
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Remediate
Implement Continuous Monitoring
Š1998-2019 NetCom Learning
Incident Handling and Response Planning
• Design an incident handling capability that: • Detects compromises quickly and efficiently. • Responds to incidents quickly. • Identifies the cause effectively.
• In response to an incident: • • • • • • •
Secure data. Contain the incident. Return operations to normal. Identify how the incident occurred. Identify how to prevent further exploitation. Assess the damage and impact. Update security policies and procedures based on lessons learned. www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Recorded Webinar Video
To watch the recorded webinar video for live demos, please access the link: https://goo.gl/BGT397
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
About NetCom Learning
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
Recommended Courses & Marketing Assets Courses: » CompTIA Cybersecurity Analyst (CySA+) Certification Prep (Exam CS0-001) – Class scheduled on Apr 8
» CompTIA Security+ Certification Prep (Exam SY0-501) – Class scheduled on Apr 15 » Certified Information Systems Security Professional (CISSP) Certification – Class scheduled on Apr 22 » CompTIA PenTest+ Certification Prep (Exam PT0-001) » CompTIA Security+ Certification eLearning
Marketing Assets: • •
Blog - Top Information Security Certification and Training Courses to Upgrade the Skills of Your Cybersecurity Team Blog - 5 Cybersecurity KPIs You Should Know www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
• • • • • • • •
Illustrator for Web Design: Wireframing AWS: What's New in Amazon EC2 Microsoft Word Essentials: Tips and Tricks for Better Productivity IT Pros: What's New in Windows Server 2019 Angular Architecture: Planning, Organizing and Structuring Ethical Hacking: Enumeration Introduction to Data Analysis Using Microsoft Excel Machine Learning & AI Foundations: A Guide to Predictive Modeling & More…
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Promotions
It’s time for a SALEbration! NetCom Learning is headed for its next milestone – 21 years of nonstop training and learning. To commemorate, we will kick off the best SALEbration of the year – Security Courses at 21% OFF! Learn More www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning
Follow Us On:
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
Š1998-2019 NetCom Learning
THANK YOU !!!
www.netcomlearning.com | info@netcomlearning.com | (888) 563 8266
©1998-2019 NetCom Learning