• Watch a preview of this course • Discover how to take this course: Online, In-Person sans.org/sec501 SEC501: Advanced Security Essentials – Enterprise Defender Effective cybersecurity is more important than ever as attacks become stealthier, have a greater financial impact, and cause broad reputational damage. SEC501: Advanced Security Essentials – Enterprise Defender builds on a solid foundation of core policies and practices to enable security teams to defend their enterprise. It has been said of security that “prevention is ideal, but detection is a must.” However, detection without response has little value. Network security needs to be constantly improved to prevent as many attacks as possible and to swiftly detect and appropriately respond to any breach that does occur. This PREVENT - DETECT - RESPONSE strategy must be in place both externally and internally. As data become more portable and networks continue to be porous, there needs to be an increased focus on data protection. Critical information must be secured regardless of where it resides or what paths it travels. The primary way to PREVENT attacks begins with assuring that your network devices are optimally configured to thwart your adversary. This is done by auditing against established security benchmarks, hardening devices to reduce their attack surface, and validating their increased resilience against attack. Prevention continues with securing hostname resolution (an obvious adversary target for establishing a Machine-in-the-Middle position) and goes even further with securing and defending cloud infrastructure (both public and private) against compromise. Enterprises need to be able to DETECT attacks in a timely fashion. This is accomplished by understanding the traffic that is flowing on your networks, monitoring for indications of compromise, and employing active defense techniques to provide early warning of an attack. Of course, despite an enterprise’s best efforts to prevent network attacks and protect its critical data, some attacks will still be successful. Performing penetration testing and vulnerability analysis against your enterprise to identify problems and issues before a compromise occurs is an excellent way to reduce overall organizational risk. Once an attack is identified, you must quickly and effectively RESPOND, activating your incident response team to collect the forensic artifacts needed to identify the tactics, techniques, and procedures being used by your adversaries. With this information you can contain their activities, ensure that you have scoped out all systems where they have had an impact, and eventually eradicate them from the network. This can be followed by recovery and remediation to PREVENT their return. Lessons learned through understanding how the network was compromised can then be fed back into more preventive and detective measures, completing the security lifecycle. It costs enterprises worldwide billions of dollars annually to respond to malware, and particularly Ransomware, attacks. So it is increasingly necessary to understand how such software behaves. Ransomware spreads very quickly and is not stealthy; as soon as your data become inaccessible and your systems unstable, it is clear something is amiss. Beyond detection and response, when prevention has failed, understanding the nature of malware, its functional requirements, and how it achieves its goals is critical to being able to rapidly reduce the damage it can cause and the costs of eradicating it. Business Takeaways • Improve the effectiveness, efficiency, and success of cybersecurity initiatives • Build defensible networks that minimize the impact of attacks • Identify your organization’s exposure points to ultimately prioritize and fix the vulnerabilities, increasing the organization’s overall security You Will Be Able To • Build a defensible network architecture by auditing router configurations, launching successful attacks against them, hardening devices to withstand those same attacks, and using active defense tools to detect an attack and generate an alert • Perform detailed analysis of traffic using various sniffers and protocol analyzers, and automate attack detection by creating and testing new rules for detection systems • Identify and track attacks and anomalies in network packets • Use various tools to assess systems and web applications for known vulnerabilities, and exploit those vulnerabilities using penetration testing frameworks and toolsets • Analyze Windows systems during an incident to identify signs of a compromise • Find, identify, analyze, and clean up malware such as Ransomware using a variety of techniques, including monitoring the malware as it executes and manually reversing its code to discover its secrets 6 Day Program 38 CPEs Laptop Required GCED Enterprise Defender giac.org/gced GIAC Certified Enterprise Defender The GIAC Certified Enterprise Defender (GCED) certification builds on the security skills measured by the GIAC Security Essentials certification. It assesses more advanced, technical skills that are needed to defend the enterprise environment and protect an organization as a whole. GCED certification holders have validated knowledge and abilities in the areas of defensive network infrastructure, packet analysis, penetration testing, incident handling and malware removal. • Incident handling and computer crime investigation • Computer and network hacker exploits • Hacker tools (Nmap, Nessus, Metasploit and Netcat) GCED Enterprise Defender giac.org/gced
