RSA NetWitness Analysis

( Duration: 4 Days )

The RSA NetWitness Analysis training course provides a roadmap for adopting Intelligence-Driven Information Security, following the model outlined in the article, “Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security,” a 2012 publication of the Security for Business Innovation Council. RSA NetWitness is used to illustrate the key steps that are critical for incident identification and response. RSA NetWitness Investigator and Informer are used extensively in the hands-on exercises to practice the concepts presented.

By attending RSA NetWitness Analysis workshop, Participants will learn to:

  • Identify the security challenges facing companies today
  • Describe the Intelligence-Driven Roadmap process
  • Describe RSA NetWitness components and architecture
  • Apply the scientific method to resolve a security problem
  • Access source data through RSA NetWitness Live Manager
  • Apply a defined process to Participants investigations
  • Differentiate between short-term and long-term strategies for mitigating risk
  • Share intelligence Using RSA NetWitness
  • Articulate the benefits of various modes of presentation
  • Present data using RSA NetWitness Informer
  • Describe how to address future challenges and improve response

Participants should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise data networking and communications is required. Programming language experience is helpful but not required. Basic knowledge of the TCP/IP protocol stack is useful.

Security analysts who are new to RSA NetWitness and are responsible for incident identification and response.



The Threat Landscape

  • Security Challenges – Changing the Security Mindset
  • Intelligence-Driven Roadmap
  • RSA NetWitness Overview
  • RSA NetWitness Investigator Overview
  • Concepts in Practice: RSA NetWitness Investigator

The Role of the Analyst

  • The Network Security Analyst
  • Three Typical Use Cases
  • Developing an Analysis Model
  • Full Packet Capture
  • Covert Channels
  • Actionable Intelligence
  • Concepts in Practice: RSA NetWitness Investigator

Developing Sources

  • Defining and Refining sources
  • Accessing Source Data using LIVE Subscriptions
  • Accessing Source Data using Custom Feeds
  • Accessing Log Data using RSA NetWitness for Logs
  • Accessing RSA NetWitness Spectrum Data
  • Concepts in Practice: RSA NetWitness Live!, RSA NetWitness for Logs, Intro to RSA NetWitness Spectrum

Defining a Process

  • Defining a Methodology
  • Collecting Evidence
  • Screening the Data
  • Performing Analysis
  • Communicating Results
  • Concepts in Practice: RSA NetWitness Visualize

Lab: Create Rules and Create Feeds That Use New Metadata to Screen Data for Analysis

  • Assigning Risk: The Analyst’s Role
  • Short Term (Crisis Management): IoC
  • Long Term (Business Continuity): APT
  • Take Action: Informing the Enterprise
  • Sharing Intelligence and Sources
  • Concepts in Practice: RSA NetWitness Investigator and RSA NetWitness Informer

Introducing Automation

  • Areas of Automation
  • Alerting and Reporting
  • Presenting Evidence
  • Concepts in Practice : RSA NetWitness Informer

Future-Proofing the Enterprise

  • Evolving Enterprise Security
  • Continuous Monitoring
  • Securing the Cloud
  • Accepting the Challenge

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 3,500 Modules on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 20,000 corporate candidates across india and abroad
  • All our trainings are conducted in workshop mode with more focus on hands-on

View our other course offerings by visiting http://encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop for a group of 10+ candidates at our venue