SEC503: Network Monitoring and Threat Detection In-Depth
SEC503: Network Monitoring and Threat Detection In-Depth Training (GCIA)
SEC503: Network Monitoring and Threat Detection In-Depth delivers the technical knowledge, insight, and hands-on training you need to confidently defend your network, whether traditional or cloud-based. You will learn about the underlying theory of TCP/IP and the most used application protocols so that you can intelligently examine network traffic to identify emerging threats, perform large-scale correlation for threat hunting, and reconstruct network attacks. 37 Hands-on Labs + Capstone Challenge
Training at a glance
Level
Intermediate
Duration
6 Days
Experience
4 years: IT & Security
Average Salary
$79,000
Labs
Yes
Level
Intermediate
Duration
6 Days
Experience
4 years: IT & Security
Average Salary
$79,000
Labs
Yes
Training Details
SEC503 is the most important course that you will take in your information security career. Past students describe it as the most difficult but most rewarding course they've ever taken. If you want to be able to perform effective threat hunting to find zero-day activities on your network before public disclosure, this is definitely the course for you. SEC503 is not for people looking to understand alerts generated by an out-of-the-box network monitoring tool; rather, it is for those who want to deeply understand what is happening on their network today, and who suspect that there are very serious things happening right now that none of their tools are telling them about.
You Will Learn
- How to analyze traffic traversing your site to avoid becoming another headline
- How to identify zero-day threats for which no network monitoring tool has published signatures
- How to place, customize, and tune your network monitoring for maximum detection
- How to triage network alerts, especially during an incident
- How to reconstruct events to determine what happened, when, and who did it
- Hands-on detection, analysis, and network forensic investigation with a variety of tools
- TCP/IP and common application protocols to gain insight about your network traffic, enabling you to distinguish normal from abnormal traffic
- The benefits and problems inherent in using signature-based network monitoring tools
- The power of behavioral network monitoring tools for enterprise-wide automated correlation, and how to use them effectively
- How to perform effective threat modeling for network activities
- How to translate threat modeling into detection capabilities for zero-day threats
- How to use flow and hybrid traffic analysis frameworks to augment detection in traditional, hybrid, and cloud network environments
Lesson 1: Network Monitoring and Analysis: Part I
Lesson 2: Network Monitoring and Analysis: Part II
Lesson 3: Signature-Based Threat Detection and Response
Lesson 4: Building Zero-Day Threat Detection Systems
Lesson 5: Large-Scale Threat Detection, Forensics, and Analytics
Lesson 6: Advanced Network Monitoring and Threat Detection Capstone
Hands-On Cybersecurity Training
- Configure and run Snort and Suricata
- Create and write effective and efficient Snort, Suricata and FirePOWER rules
- Configure and run open-source Zeek to provide a hybrid traffic analysis framework
- Create automated threat hunting correlation scripts in Zeek
- Understand TCP/IP component layers to identify normal and abnormal traffic for threat identification
- Use traffic analysis tools to identify signs of a compromise or active threat
- Perform network forensics to investigate traffic to identify TTPs and find active threats
- Carve out files and other types of content from network traffic to reconstruct events
- Create BPF filters to selectively examine a particular traffic trait at scale
- Craft packets with Scapy
- Use NetFlow/IPFIX tools to find network behavior anomalies and potential threats
- Use your knowledge of network architecture and hardware to customize placement of network monitoring sensors and sniff traffic off the wire
Network monitoring, system, Security Operations Center, and security analysts
Analysts will be introduced to or become more proficient in the use of traffic analysis tools for network monitoring and threat detection in cloud and traditional environments.
Network engineers/ administrators
Network engineers/ administrators will understand the importance of optimal placement of network monitoring sensors and how the use of network forensics such as log data and network flow data can enhance the capability to identify threats.
Hands-on security managers
Hands-on security managers will come to understand the complexities of network monitoring and assisting analysts by providing them with the resources necessary for success.
NICE Framework Work Roles
- Cyber Defense Analyst (OPM 511)
The hands-on training in SEC503 is intended to be both approachable and challenging for beginners and seasoned veterans. There are two different approaches for each exercise. The first contains guidance and hints for those with less experience, and the second contains no guidance and is directed toward those with more experience. In addition, an optional extra credit question is available for each exercise for advanced students who want a particularly challenging brain teaser.
Depending on your current role or future plans, one of these courses is a great next step in your cybersecurity journey:
Security Engineer
- SEC505: Securing Windows and PowerShell Automation
- SEC511: Cybersecurity Engineering: Advanced Threat Detection and Monitoring
- SEC573: Automating Information Security with Python
- SEC586: Security Automation with PowerShell
Security Architect
- SEC530: Defensible Security Architecture and Engineering: Implementing Zero Trust for the Hybrid Enterprise
Security Lead or Manager
- SEC547: Defending Product Supply Chains
- LDR551: Building and Leading Security Operations Centers
Upcoming Classes
We Offer More Than Just SANS Training
Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.
