Enterprise Network Security Classes

Transcription

1 2012 Enterprise Network Security Classes By

2 Overview About the Training Table of Contents 1.0 Overview Enterprise Network Security Training: Threats and Investigations About the Training Who Should Attend What You Will Learn Class Eligibility Contact Information , LLC. All Rights Reserved. Release v3.1 2 of 6

3 Overview About the Training 1.0 Overview offers two information security classes for commercial and government customers. The first class is useful for undercover personality assessment and intelligence collection purposes, while the second is applicable to IT network cyber security intrusion investigation and defense. We custom-tailor each class we give to match each customer s requirements for their organization s specific content and class duration needs. This publication provides an overview of our IT network cyber security line of classes and their expected learning outcomes, attendance prerequisites, and class eligibility requirements. Release v3.1 3 of 6

4 Enterprise Network Security Training: Threats and Investigations About the Training 2.0 Enterprise Network Security Training: Threats and Investigations 2.1 About the Training Our four-day Enterprise Network Investigations and Threat Profiling class is different from most cybercrimes investigation training courses. Instead of focusing on computer forensics, the course centers on network forensics. Because the most effective network intrusions often employ an organization s own defensive measures to be successful, investigators must possess an intricate understanding of the network s individual and collective vulnerabilities. defines network forensics as an investigative approach which emphasizes an enterprise-level analysis of a network, rather than focusing on individual computers and devices. Students learn to see the environment from an attacker s point of view. This allows them to detect, track, and solve sophisticated attacks and exploits in a fraction of the time normally required. For traditional cybercrimes investigators who are accustomed to time-consuming, highly technical investigations, this class offers a particularly high cost-benefit ratio. The class teaches a better cybercrimes investigation process through developing a thorough analysis and understanding of the individual unique human being(s) behind each cybercrime. This investigation approach is a useful tool to rapidly detect and solve complex personnel insider threat cases in particular, even when all technical evidence has been destroyed or never existed. The threat profiling portion of the course equips the student to conduct rapid investigations in complex intrusion scenarios using anecdotal and seemingly unrelated data to narrow the focus to a small, manageable list of suspects. Finally, attendees learn how to substantially reduce risk by re-engineering and reconfiguring their existing network defenses. 2.2 Who Should Attend Because of the technical nature of this class, it is only recommended for professional, full-time, cybercrime investigators and enterprise network defense professionals responsible for network defense, threat mitigation, incident response and evidence gathering. Attendees should possess a sound understanding of TCP/IP and enterprise authentication, and at least two years of experience with network perimeter defense systems. 2.3 What You Will Learn Enterprise Intrusion Investigations Investigators will gain big picture perspective on the complexities of enterprise class network defense strategy and learn how experienced hackers can successfully circumvent those measures. The class will demonstrate through lectures and real world case studies how improperly implemented authentication across a large organization or a broadly staged infrastructure may lead to an undetectable, catastrophic security breach. These sessions reveal the techniques and thought Release v3.1 4 of 6

5 Enterprise Network Security Training: Threats and Investigations Class Eligibility processes employed in effectively investigating some of the most sophisticated and well-engineered attacks. Pitfalls of Standard Defenses Some investigators skirt the technical details of the most complex cases in favor of a high level approach that relies upon widely accepted investigation tools and techniques. The most experienced attackers, however, apply custom tools and tactics, unconventional thinking, and superb mastery of technical detail to achieve their objectives. The best attackers use a company s own defenses, even its own protective encryption systems, to foster attacks and to prevent discovery. Using real-world case histories, this portion of the course will stimulate the thinking of the most experienced cybercrimes investigators, while guiding less experienced investigators through the use of customized and unconventional investigation techniques and tools to solve these complex cases. Threat Profiling and Identification These sessions introduce attendees to a sophisticated new methodology that allows investigators to detect and to solve complex cases rapidly, even when the evidence appears to be missing, destroyed, or overwritten. These sessions focus on developing the mentality and skill set that leads to the use of these effective investigative techniques. The goal is to teach the attendee to understand and outthink the adversary, not attempt to match technical prowess with elusive foes that are almost always one step ahead. 2.4 Class Eligibility There are two editions of this class. The Commercial edition is open to all commercial cybercrimes investigators, network administrators and information security professionals. U.S. Government personnel without security clearances are also welcome, as are personnel from friendly foreign governments. The Law Enforcement and Government edition is open to all members of U.S. law enforcement and cleared personnel from U.S. government agencies and defense contractors. Release v3.1 5 of 6

6 Contact Information Class Eligibility 3.0 Contact Information For additional information about our classes or to schedule a custom-tailored class for your organization, contact us today. Paul Williams Executive Director of Security Services Office: (888) ext Paul.Williams@whitebadgergroup.com Web: Release v3.1 6 of 6