top of page

Security Operation Centre (SOC):

Network with Threat Detection and Analysis  Workshop

DURATION: 40 hours (5 days)

Course Description

Crucial to securing your organization's IT environment in this age of advanced and persistent cyber threats is the implementation of sophisticated detection and prevention technologies. Having a SOC team composed of security analysts organized to detect, analyze, respond to, report on, and prevent cybersecurity incidents is one of the first few steps you can do to take a proactive approach to network and infrastructure security. 

 

This 5-day workshop is designed for participants to have a firm understanding of Network Security Threats using non-vendor biased technology and to create actionable intelligence which could give an organization advanced preparation with the likelihood of attacks.

Pre-requisite

Participants attending this course should have working knowledge in the following areas: 

 

  • Fundamentals of Networking Technologies

  • Fundamentals of Linux Operating Systems

  • Knowledge of types of Attacks and Threats

  • Programming Language (Python, PERL or C) would be an added advantage

Who Should Attend

This course is intended for cyber security professionals, network and infrastructure security professionals and network administrators. 

Course Outline 

This course is intended for cyber security professionals, network and infrastructure security professionals and network administrators. 

 

Day 1

  • Real-world cyber threat case study

  • Understanding cyber threats from a government standpoint

  • Understanding Security Operation Functionality

  • Understanding Security Operation Technologies requirement

  • SOC – Job Functions and Levels involved in operations

  • Incident Detection Methodology

  • Incident Detection Technology 

 

Day 2

  • Understanding Logging Requirements

  • Understanding Large Data Requirements for Logging and Log Types

  • Understanding Big Data Concept and Mapping Government Log Management

  • Introduction to ELK - Elasticsearch / Logstash and Kibana

  • Government Log Management Solutions and Practices

  • SOC Case Study - Log Review Practices

  • Log Management Service Deployment Technologies 

 

Day 3

  • Understanding Technological Risk

  • Risk Assessment and Risk Management

  • Mitigation Procedures

  • Fundamentals of PCAP analysis

  • Types of Capture files and its usage

  • Lawful Interception vs Unlawful Interception

  • Decoding and Deciphering Packet Contents 

 

Day 4

  • Understanding Firewall Technologies and Firewall Log output

  • Analysing Firewall Traffic

  • Understanding Intrusion Detection Systems

  • SNORT as an IDS/IPS

  • IDS/IPS Implementation Methodologies & Requirements

  • Understanding DMZ Events (DNS / A / MX) logs

  • Network Topology Mapping

 

Day 5

  • Fundamentals of Incident Management

  • Incident Escalation and Incident Management Process

  • Applying Appropriate Controls SOC

  • Overview of TIA - 942 Compliance in SOC – Datacentre

  • Security Policies & Requirements for SOC

  • SOC Management Process & Staffing Requirements

  • Incident Reporting Best Practices and Incident Post Mortem

  • Integrating Vendor Specific and Vendor Neutral Appliances in SOC

bottom of page