ABOUT NETCOM LEARNING NetComLearning isanaward-winning global leader in managedlearning services,training andtalentdevelopment. Founded : 1998 Headquarters : NewYorkCity DeliveryCapability : Worldwide CEO : RussellSarder 100K+ Professionalstrained | |© 1998 2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266 14K+ Corporateclients 3500 IT,Business& SoftSkillscourses 96% Of recommendcustomersustoothers 8.6/9 eInstructorvaluations 20+ Leadingrecognitionsvendors Microsoft’s Worldwidetraining partner of the year 80% Trainedofthe Fortune100 Top20 ITTrainingCompany © 1998 2021 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266||© Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
| |© 1998 2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266© 1998 2022 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266|| CLICK HERE TO WATCH © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning Access the Recorded Session here!
© 1998-2022 NetCom Learning WHY IS INCIDENT RESPONSE IMPORTANT? Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com Data breaches cost companies’ operational downtime, reputational, and financial loss. The longer any vulnerability stays in a system, the more lethal it becomes. For most of the organizations, breaches lead to devaluation of stock value and loss of customer trust. To eliminate such risks, companies need a well-planned cybersecurity incident response plan, which aims at –• Restoring daily business operations • Minimizing financial and reputational losses • Fixing cyber vulnerabilities comprehensively and quickly • Strengthening security posture to avoid future attacks Another important objective is to align the security posture with applicable regulatory standards. Organizations should comply with these standards to avoid hefty fines and penalties. A few of the significant acts and regulations are listed below –HIPAA, PCI DSS, GLBA, FISMA etc.
© 1998-2022 NetCom Learning AGENDA Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com Introduction to Incident Handling & Response Incident Handling & Response Process Forensic Readiness & First Response Malware Incidents Email Security Incidents Network Security Incidents Web Application Security Incidents Cloud Security Incidents Insider Threats
© 1998-2022 NetCom Learning INCIDENT HANDLING AND RESPONSE (IH&R) Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • Taking organized and careful steps, when reacting to a security incident. • Set of procedures, actions and measures taken. • Helps organizations to identify and mitigate various business risks • Restoring normal business operations as quickly as possible with minimal business impact
© 1998-2022 NetCom Learning INTRODUCTION TO INCIDENT HANDLING AND RESPONSE Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com WHAT I NEED TO KNOW AS AN INCIDENT HANDLER • Elements of information Security: CIA Triad. • Securing Information: Defense in Depth, Policies etc. • Information security threats and attack vectors: goals of attacks, Top attacks, types of threat actors, impact of attacks etc. • Information security Incidents: types, Signs of incident, cost of an incident etc. • Incident Management: Incident handling & Response Process. • Vulnerability Management: vulnerability, research, classification, assessment. • Threat Assessment: common targeted assets, threat intelligence, correlation etc.
© 1998-2022 NetCom Learning CONTD. Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com WHAT I NEED TO KNOW AS AN INCIDENT HANDLER • Risk Management: risk, management, level, matrix, mitigation, control, Tools-PILAR • Incident response automation • Best Practices- OWASP, ENISA(European Union Agency for Cybersecurity ), GPG18 (Good Practice Guidelines) and Forensic Readiness Planning • Cybersecurity Frameworks: CIS (Center for Internet Security) controls, COBIT (Control Objectives for Information and Related Technologies), NIST 800-61 • Role of laws in Incident Handling
© 1998-2022 NetCom Learning INCIDENT HANDLING AND RESPONSE PROCESS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com
© 1998-2022 NetCom Learning FORENSIC READINESS AND FIRST RESPONSE Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com Phases involved in computer forensics • Pre-investigation phase- CFL, Investigation team, Review policies & laws, quality assurance process, data destruction standards, risk assessment etc. • Investigation Phase-First response, search & seizure, collecting evidence, secure evidence, chain of custody, data acquisition, order of volatility, data analysis, antiforensics • Post Investigation Phase-Evidence assessment, documentation & reporting, testify as an expert witness. • Forensic Readiness • First Response- His roles, health & safety issues, secure crime scene, collecting incident information, • Principles of Digital Evidence- ACPO (Association of Chief Police Officers), SWDGE (Scientific Working Group on Digital Evidence)
© 1998-2022 NetCom Learning MALWARE INCIDENTS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • PREPARATION: Malware incident response team- Handling malware safely- Preparing testbed, Malware analysis tools • DETECTION: Indications, Detection techniques (Static/Dynamic Analysis) • CONTAINMENT: Separate compromised system, analyze logs, analyze compromised systems • ERADACTION: Content filtering tools, Network security devices, blacklisting, scan, patch etc. • RECOVERY: Wipe effected media, rebuild compromised systems, scan etc.
© 1998-2022 NetCom Learning EMAIL INCIDENTS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • PREPARATION: Email filtering, email monitoring, training & awareness to employees, AUP, log analysis tools etc. • DETECTION AND CONTAINMENT: Indications, detecting phishing/spam mails, analyzing email headers, analyzing email logs etc. • ERADICATION- Report spam and phishing, Spam and phishing guidelines etc. • RECOVERY- recovery of deleted mails, email security tools • TOOLS: • Email Recovery: Recover my email • Antiphishing: Gophish • Antispam: SPAMfighter • Email Security: Gpg4win
© 1998-2022 NetCom Learning NETWORK SECURITY INCIDENTS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com Unauthorized Access Incidents, Inappropriate Usage Incidents, DoS Incidents, Wireless Incidents • PREPARATION: Configure network security devices, syslog, standard protocols, tool kit, train employees, network traffic and employee monitoring etc. • DETECTION: General Indicators, tools, Unauthorized access incidents (reconnaissance, SE, sniffing & spoofing,). Inappropriate usage (high resource utilization, malware, log analysis) • CONTAINMENT: Unauthorized access (isolate affected systems, disable affected service etc.) Inappropriate usage (port & URL filtering, POLP, change password, IDS, IPS, VPN, ) • ERADICATION: Physical security measures, authentication and authorization, host security and network security measures, Firewall, IDS/IPS, URL Filtering, encrypted protocols, VPN, log monitoring, employee training, • RECOVERY: Data backup, patching, update policies, employee training, AV updated
© 1998-2022 NetCom Learning WEB APPLICATIONS SECURITY INCIDENTS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • PREPARATION: Plan, backup site, monitoring tools, Deploy WAF-dotDefender, SIEM-AlienVault OSSIM • DETECTION & ANALYSIS: Indicators, automated detection, manual detection, log analysis tools- OSSEC, Apache Logs Viewer • CONTAINMENT: Deny unnecessary access, whitelist/blacklist, web content filtering etc. • ERADICATION: techniques vary asper attack type (SQL, broken authentication, sensitive data exposure, XSS, DDoS, CSRF, cookie poisoning etc.) • RECOVERY: patch, scan, trusted backups, Tools- ApexSQL log, CrowdStrike Falcon, etc. • BEST PRACTICE- fuzz test, source code review, security testing tools- Acunetix, Watcher Web, Netsparker
© 1998-2022 NetCom Learning CLOUD SECURITY INCIDENTS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • PREPARATION: IR Teams, monitoring devices, enable logging, DLP, SIEM etc. • DETECTION & ANALYSIS: Indicators, (network, storage, server, virtualization, application related incidents), cloud-based log analysis tools-loggly • CONTAINMENT: Block communication with external network, check backups, disconnected malware affected systems, block source IP, stop vulnerable service, isolate effected VMs, tool- CloudPassage Quarantine etc. • ERADICATION: Remove malware files, update security solutions, deny access to compromised accounts, issue alerts and alarms, MFA, contact developers about security flaws, patch vulnerabilities, employee training, encrypt traffic, scan, update VMs, security best practice • RECOVERY: Ensure malware free environment, recover from backup, security updates
© 1998-2022 NetCom Learning INSIDER THREATS Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • PREPARATION: Train employees, implement policies, strict passwords, background checks, employee monitoring, auditing, POLP, honeypot, DLP, SIEM, IDS, Log management etc. • DETECTION & ANALYSIS: Indicators, suspicious activity, behavioral analysis, sniff network traffic, log analysis, network analysis, system analysis, browser data, database analysis, physical security analysis, tools- ObserveIT, DataRobot, ekran system etc. • CONTAINMENT: Isolate affected systems, block all access of suspicious employees, seize allocate devices, restrict premises access, formal complaint, issues guidelines to others also • ERADICATION: allocate least amount of access, data encryption, isolate storage, change password regularly, data audit and protection, strict policy, examine employee behavior, proper training, background check again. • RECOVERY: Gather evidence, change passwords, remove malware traces, recovery process, backup.
© 1998-2022 NetCom Learning RELEVANT CERTIFICATION Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com • https://www.eccouncil.org/wp-content/uploads/2019/02/ECIH-V2-Brochure.pdf • https://www.netcomlearning.com/ec-council-ecih-certified-incident-handler/course/44650/
Recommended Courses NetCom Learning offers a comprehensive portfolio for Security » EC-COUNCIL ECIH: CERTIFIED INCIDENT HANDLER - Class Scheduled on Sep 12 » EC-COUNCIL CHFI: COMPUTER HACKING FORENSIC INVESTIGATOR V10 - Class Scheduled on Oct 17 » EC-COUNCIL CND: CERTIFIED NETWORK DEFENDER V2 - Class Scheduled on Sep 12 » EC-COUNCIL CERTIFIED ETHICAL HACKER (CEH) MASTER - Class Scheduled on Sep 19 | | You can also access the below Marketing Assets » Free 1hr Training - Build a Core Network Security Team in 40 Minutes » Free On-Demand Training - An Introduction to CompTIA Security+ SY0601 » Blog - Accelerating federal upskilling to meet the requirements of the modern digital landscape © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Other Marketing Assets COURSES & CERTIFICATIONS OUR FREE VIRTUAL EVENTS BLOGS SAVINGS PROGRAMS & PROMOS © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Stay Digital Safe - Assess and Upskill your team against cyber threats now ! NetCom Learning's end-user Cybersecurity Awareness Training & Phishing Simulation Solution offers phishing simulations on email, voice, and text to organizations, and is bundled with 90+ interactive security awareness video courses for the end users. Request a Demo © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Learning Passport Flexible Team Training Package Specifically designed to be customized for the number of learners you plan to train on top notch technology providers – including Microsoft, AWS, Cisco, CompTIA, Adobe, Autodesk, PMI, EC-Council, and more. Redeemable over 4,000+ official courses Flexible fund validity of 12 months Contact Us Now To Schedule your appointment with our learning consultants. Toll free Phone: 1 888 563 8266 | Email: info@netcomlearning.com Learn More © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
NetCom Individual Learner Subscription Get 24/7 access to unlimited virtual instructor-led and self-paced IT and business training for 12 months. NetCom+ includes over 250 e-Learning and 140 virtual instructor led courses across various domains. $2,999 per learner per year * Additional discounts available for enterprises + Learn More © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Exclusive Government Savings Solutions For FY22 This fiscal year, take full advantage of your FY22 training budget and strengthen your workforce's skillset across 9 domains such as Cloud, Security, Networking, Project Management, and more, delivered by certified instructors equipped with security clearance and government and military training experience. Learning Passport Experience up to a 100% increase in purchasing power and secure your yearly training Get Special Pricing Get exclusive Special Pricing for Government and Military on courses up to $3,600 NetCom+ Subscription Save training dollars and get unlimited access to virtual Instructor-led and on-demand courses Help teams earn and maintain certifications as per Department of Defense (DoD) directive 8140 (Formerly known as DoD 8570) © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
NetCom Learning serves all Government agencies through our GSA schedule, 47QTCA22D004B. Our GSA Schedule provides more than 800 classroom training solutions available for delivery at one of our many training facilities, at your location or at an off site that offers maximum convenience. NetCom Learning is also approved as GSA Small Business for GSA Set Asides. We accept GSA SmartPay and GCPC credit cards | We participate in GSA Advantage © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Continue your Cybersecurity Skilling Journey with Microsoft FundamentalsSecurity You will get access to your free Microsoft Official Courseware on SC-900T00: Microsoft Security, Compliance, And Identity Fundamentals in the NetCom365 Learning Portal. Access Now © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
FOLLOW US ON Lin er YouTube | |© 1998 2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266 Instagram © 1998 2021 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266||© Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
| |© 1998 2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266© 1998 2022 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266|| A BOOK FROM RUSSELL SARDER CEO - NETCOM LEARNING A framework to build a smarter workforce, adapt to change and drive growth. Download © Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
Thankyou © 1998 2019NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266 || |© 1998 2022 NetCom Learning www.netcomlearning.com info@netcomlearning.com 1 888 563 8266||© Interested in training? Contact us! | www.netcomlearning.com | (888) 563-8266 | eccouncil@netcomlearning.com1998-2022 NetCom Learning
