Call : (+91) 968636 4243
Mail : info@EncartaLabs.com
EncartaLabs

Symantec Security Analytics - Administration

( Duration: 3 Days )

In Symantec Security Analytics - Administration training course, you will learn to use the Symantec Security Analytics platform to perform various types of network-based monitoring and forensic analysis, including incident-response investigation, increased real-time situational awareness, and continuous monitoring for indicators of compromise (IOCs) and advanced persistent threats (APTs).

By attending Symantec Security Analytics - Administration workshop, delegates will learn to:

  • Understand key concepts of network forensics, with a focus on threat hunting and incident response
  • Use basic and advanced filtering techniques to assist in reducing response time by narrowing down searches for specific data
  • Perform detection of potential security incidents hidden in network traffic through file and artifact extraction
  • Improve on incident response through data enrichment and integrated threat intelligence services
  • Identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident
  • Discover how Security Analytics' open API enables integration with existing Symantec and third-party security solutions

  • Solid understanding of networking concepts, such as local-area networks (LANs), the Internet, security, and IP protocols.

This Symantec Security Analytics - Administration class is ideal for anyone who wants to master the core functions of Security Analytics to perform threat hunting and incident response.

COURSE AGENDA

1

Introduction to Security Analytics

  • This module will introduce Symantec Security Analytics and why the network visibility that Security Analytics provides is critical in protecting business operations.
2

Introduction to Network Forensics

  • This module will introduce computer forensics, with a focus on modern network forensics concepts. It will discuss terminology and common methods and tools used in the SOC today.
3

Threat Hunting and Incident Response

  • This module will talk about what present-day cyber-attacks look like and core challenges around discovering resolving these attacks. It will cover how the cyber kill-chain methodology can be used in combination with threat hunting techniques to interrupt on-going attacks. This module will also discuss the fundamentals of incident response, including terminology and core concepts used when performing remediation of discovered security incidents.
4

Improving security posture through effective planning and solution design

  • This module addresses the planning and solution-design process for deployments of Security Analytics solutions. It identifies the points within a network where Security Analytics can most effectively capture packet data. It will also cover installation options and basic configuration.
5

Reduce incident response time

  • This module will discuss the challenges around lengthy incident response times. It will also cover how filtering can assist in reducing response time by narrowing down searches for specific data. It will also demonstrate, with filtering, that removing excess "noise", especially in very large data sets improves on overall response time. Best practices for filtering and searching will also be covered.
6

Detecting network traffic anomalies

  • This module will examine the challenges with detection of potential security incidents hidden in network traffic. It will cover how Security Analytics provides file and artifact extraction from captured packet data. Topics include what artifacts are and how Security Analytics can provide additional context for and processing of any interesting artifacts that may be found. Use cases that demonstrate contextualization benefits for incident responders and security administrators will also be discussed.
7

Improve on early incident detection

  • This module will talk about best practices for network-based analysis using Security Analytics. This module will also examine how Security Analytics can identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident.
8

Enriching incident response efforts

  • This module will address incident response challenges around inadequate information and cover basic and advanced reporting tools within Security Analytics. Improved incident prevention and response from the enhanced information available will be discussed.
9

Enhancing incident response through integrations with other security products

  • This module will discuss how Security Analytics' open API enables integration with existing Symantec and third-party security solutions, providing customers with the valuable context and evidence they lack. Threat intelligence integration will also be examined.
10

Review of Security Analytics Administration

  • This module will provide a review of topics covered in this course.

Encarta Labs Advantage

  • One Stop Corporate Training Solution Providers for over 6,000 various courses on a variety of subjects
  • All courses are delivered by Industry Veterans
  • Get jumpstarted from newbie to production ready in a matter of few days
  • Trained more than 50,000 Corporate executives across the Globe
  • All our trainings are conducted in workshop mode with more focus on hands-on sessions

View our other course offerings by visiting https://www.encartalabs.com/course-catalogue-all.php

Contact us for delivering this course as a public/open-house workshop/online training for a group of 10+ candidates.

Top
Notice
X