Enterprise Security Products Training Plan Guide

Transcription

1 - Enterprise Security Products Training Plan Guide

2 Copyright 2016 Hewlett Packard Enterprise. All rights reserved. Published by Hewlett Packard Enterprise Hewlett Packard Enterprise. The information contained herein is subject to change without notice. The only warranties for HPE products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HPE shall not be liable for technical or editorial errors or omissions contained herein. Trademark acknowledgements if needed. First printing, January 2015 Last Updated: June 16, 2016

3 Contents 1 Enterprise Security Products A Proactive Approach to Information Security The Enterprise Security Landscape The Best Defense Is a Good Offense Security Products Security Services Security Research ExpertOne Certifications for HPE Software Industry Recognized Certifications Latest Course Information Hewlett Packard Enterprise Software Education Control Protecting your Investment Time to Market Return on Investment Getting Ahead of the Game Training Delivery Options Instructor Led Training (ILT) Virtual Instructor Led Training (VILT) elearning Self-Study Customized Training

4 4 Our Instructors Make It Interesting Make It Relevant ESP Learning Solutions Hewlett Packard Enterprise ArcSight Benefits Hewlett Packard Enterprise ArcSight Learning Solutions Hewlett Packard Enterprise ArcSight Learning Path HPE ArcSight Certification Path Hewlett Packard Enterprise ArcSight ESM Courses HPE ArcSight Security Solutions ATP HPE ArcSight ESM 6.5 Administrator and Analyst ATP HPE ArcSight ESM 6.5 Advanced Analyst ASE HPE ArcSight ESM 6.5 Advanced Administrator ASE Building Security Use Cases with HPE ArcSight ESM Creating Advanced ESM Content for Security Use Cases HPE ArcSight ESM Operations Introduction to HPE ArcSight Event Management HPE ArcSight Logger Courses HPE ArcSight Logger+ 6.0 Administration and Operations ASE HPE ArcSight Logger Administration and Operations HPE ArcSight Logger Search and Reporting HPE ArcSight Connectors and Connector Appliance Courses HPE ArcSight SmartConnector Foundations and Tool Kits HPE ArcSight FlexConnector Configuration HPE ArcSight Connector Appliance Administration and Operations HPE ArcSight Express Courses HPE ArcSight Express 4.0, CORR-Engine Administration and Operations HPE ArcSight Management Center Course HPE ArcSight Management Center Administration and Operations HPE ArcSight Courses - Complete HPE ArcSight Solution HPE ArcSight MASE Preparation Course HPE Fortify HPE Fortify Introduction HP Forify Benefits HPE Fortify Learning Solutions HPE Fortify Certification Path HPE Fortify Security Solutions ATP Dynamic Application Testing with HPE WebInspect Using and Administering HPE WebInspect Enterprise Developing with HPE Fortify Application Security HPE Fortify Software Security Center/Static Code Analyzer Working with HPE Fortify SCA, Audit Work Bench, and SSC Fortify for Developers Using Plugins

5 PCI Essentials Advanced Software Security Testing - Tools and Techniques Information Security and Privacy Awareness Introduction to Secure Coding in Java Introduction to Secure Coding in.net Introduction to Secure Coding in C/C Introduction to Secure Coding in PHP Introduction to Security Testing Principles C/C++ Developer Curriculum NET Developer Curriculum Java Developer Curriculum Mobile Developer Curriculum PHP Developer Curriculum Architect Curriculum Manager Curriculum HPE Atalla HPE Atalla Introduction HPE Atalla Benefits HPE Atalla Learning Solutions HPE Enterprise Secure Key Manager (ESKM) Training HPE Atalla Network Security Processor (NSP) Training HPE SecureData (Voltage) HPE SecureData (Voltage) Introduction HPE SecureData Voltage Benefits HPE SecureData Voltage Learning Solutions Introduction to HPE SecureData HPE Voltage SecureData Solutions Training Contact Us Index

6 Trained users require 6x less support than untrained users.

7 1. Enterprise Security Products From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. Hewlett Packard Enterprise Enterprise Security Products (ESP) is our answer to these threats and attacks. 1.1 A Proactive Approach to Information Security Hewlett Packard Enterprise ESP products and services help organizations meet the security demands of a rapidly changing and more dangerous world. ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis, and network-level defense mechanisms unifying the components of a complete security program and reducing risk across your enterprise. 1.2 The Enterprise Security Landscape Hewlett Packard Enterprise is changing the enterprise security landscape with advanced security solutions that uniquely leverage leading threat research and powerful correlation of security events and vulnerabilities to deliver security intelligence spanning IT operations, applications, and infrastructure. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 7 of 59

8 8 Chapter 1: Enterprise Security Products Hewlett Packard Enterprise s comprehensive approach has you covered: we disrupt your adversaries, manage your risk, and extend your capabilities. This strengthens your security posture to minimize incidence impact and control costs while expanding insight for better decisions. 1.3 The Best Defense Is a Good Offense When today s IT is faced with sophisticated threats, it s essential to have the right security solutions to protect your business. With an army of experts and arsenal of products, we work proactively across technologies to keep your data safe. Hewlett Packard Enterprise draws on decades of security experience to take the fight to adversaries before they attack. We can help you predict and disrupt threats, manage risk and compliance, and extend your own security team. 1.4 Security Products Take a proactive approach to security that integrates security information and event management (SIEM), application analysis, and network-level defense. 1.5 Security Services Implement a strategy to mitigate risk and avoid costly penalties for non-compliance. Hewlett Packard Enterprise can detect intrusions within 12 minutes of arrival and resolve 92% of major incidents within 2 hours of identification. And we provide tools, teams, and processes to comply with PCI, SOX, HIPAA, and EU Data. 1.6 Security Research Hewlett Packard Enterprise conducts innovative research and provides industry-leading protection against the latest threats. Security research publications and regular threat briefings include regular updates on the latest threats, Zero-Day initiatives, and application vulnerabilities. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 8 of 59

9 1.7 ExpertOne Certifications for HPE Software ExpertOne Certifications for HPE Software HPE ExpertOne certification puts you on the path to career enhancement and greater success in your chosen profession. Take advantage of a full suite of progressive benefits while increasing your knowledge, effectiveness and marketability. Register now to become an ExpertOne community member. Take your first step toward getting the benefits of HPE ExpertOne! You will gain access to technology tools such as whitepapers, videos, and social media events, and receive your HPE Learner ID. Jump on the path to realizing the many benefits of membership in the ExpertOne community. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 9 of 59

10 10 Chapter 1: Enterprise Security Products Industry Recognized Certifications HPE Certifications on the map in 2014 CIO Magazine 18 Hot IT Certifications for 2014 tom sit PRO Best Big Data Certifications for 2014 tom sit PRO Best Enterprise Architect Certifications for 2014 tom sit PRO 40+ Most Popular Networking Credentials TechTarget Top Cloud Computing Certifications to consider Brandon Hall 2014 Silver Best in Certification Award Winner 1.8 Latest Course Information For the latest course information, please refer to the details presented on the HPE Software Education Learning Management System. Please click the link below to be directed to this site: HPE Software Education Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 10 of 59

11 2. Hewlett Packard Enterprise Software Education The mission of the HPE Software Education organization is to deliver the best possible Enterprise Security Products learning experience. With a global team of experienced trainers, and subject matter experts, our business offers you well-designed training courses across the entire range of Information Management solutions. We educate you, support you, and put you in control of your investment to ensure real-world success. 2.1 Control Enterprise Software drives your business forward by automating processes and increasing efficiencies. Your cutting-edge investment requires end users who know how to get the most out of the technology. Meanwhile, your technical staff must learn how to configure, optimize, maintain, and administer the technology. Training addresses the needs of both of these users, giving them the knowledge to take control. 2.2 Protecting your Investment It s one thing to buy a plane, but quite another to fly it! You ve made the right decision to invest in HPE Software technologies. Now is the time to invest in your team, to train them on the solution and equip Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 11 of 59

12 12 Chapter 2: Hewlett Packard Enterprise Software Education them with the knowledge to get the best out of the technology. Learning from the professionals ensures that you are protecting that investment. As a result, your team will navigate and fly in the right direction. 2.3 Time to Market Enabling your team means your project will run more smoothly and efficiently and reach completion in shorter time frames. Our education services reinforce formal classroom instruction with extensive hands-on practical experience. The majority of the classes are in a workshop environment that challenges the trainee, aids them during the learning process, and accelerates the knowledge transfer. The earlier your team gains expertise, the more successful your project will be. Analyst reports suggest that 75% of managers believe effective training will increases the chances of a project meeting its deadlines. Furthermore, 80% of IT managers believe effective training is critical to the success of a project. 2.4 Return on Investment Cost is always a key consideration; education offers a way to lower the total cost of ownership. Our education courses present your team members with best practices in design, deployment, and administration of your HPE Software solutions. This translates into decreased technical support costs, lower ongoing administrative overhead, and the ability to work more effectively with our Consulting Services. Effective learning also leads to lower hardware costs with better-configured systems, decreased network load, and increased return on investment for integrated third-party applications. Thus, our training results in a return on multiple levels. 2.5 Getting Ahead of the Game The learning curve never stops, so if you want to lead the market with cutting-edge, world-class solutions you need to give your team the training they need to keep you competitive. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 12 of 59

13 3. Training Delivery Options Hewlett Packard Enterprise Software Education wants your Enterprise Security Products training delivered in the environment best suited to your needs. 3.1 Instructor Led Training (ILT) HPE Software Education operates instructor-led training sessions in facilities around the globe. Each course is designed to provide students with hands-on experience and is lab-based to keep learning practical. The class experience offers students the opportunity to personally interact with one of our certified instructors who has extensive experience and industry knowledge. We have a range of courses designed to accommodate both beginner and advanced students. To ensure that adequate attention is provided to each student attending an instructor-led class, HPE Software Education maintains class sizes between six to twelve participants. HPE Software Education also provides Instructor-Led on-site training and this is most convenient when your team members are located in the same region. As long as the host provides adequate on-site training facilities, HPE Software Education will send one of our instructors to your chosen site to conduct the training. We then deliver standard or customized training that addresses your unique business needs. Please note that the maximum class size for on-site training is limited to 12 students to ensure that adequate individual attention is provided. The benefits of on-site training are identical to VILT training with the added benefit of receiving face-to-face training in your domain. 3.2 Virtual Instructor Led Training (VILT) Virtual Instructor Led Training (VILT) classes are a good alternative to sending your staff to a public training course. This option reduces travel and expense costs in the event your staff are geographically Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 13 of 59

14 14 Chapter 3: Training Delivery Options dispersed. Furthermore, VILT saves valuable time by permitting the student to stay in the office during the training sessions. VILT are live, instructor-led sessions. Students connect to the virtual classroom using their own computer, telephone, or Internet connection. VILT instructors facilitate live sessions for participants around the globe. 3.3 elearning HPE elearning is interactive Web-based training that gets teams up to speed fast and is available ondemand 24x7. With hands-on exercises and easy-to-follow instructions, HPE elearning emphasizes key learning points and can support your team either as stand-alone learning or as a supplement to traditional training programs. HPE Software Education also offers a tailored elearning service to meet your business requirements. 3.4 Self-Study Our new self-study courses make learning easier and more enjoyable than ever. This offering allows participants to learn about a product by reading the course manual and then practice what they have learned by stepping through detailed hands-on exercises using a dedicated remote lab environment. This means participants do not need to lose valuable working hours traveling to a training location, and they have the flexibility to learn during business hours, or during evenings and weekends. 3.5 Customized Training From a detailed Training Needs Analysis through to building custom training courses, HPE Software Education can address your unique business needs. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 14 of 59

15 4. Our Instructors The Enterprise Security Products learning experience we deliver is the most important aspect of our service. For this reason HPE provides the highest quality of trainers in the industry. Our instructors are dedicated full-time professionals, highly trained as subject matter experts in their field. 4.1 Make It Interesting Our instructors deliver training with enthusiasm and are respectful of students and their needs at all times. It is through this process and our structured learning development philosophy that our classes are greatly valued and appreciated by participants. 4.2 Make It Relevant The key to effective and enjoyable training is to deliver material in a structured and well-organized manner, with clear learning objectives and multiple methods of assessment to measure and improve student progress. With many years of teaching experience, our instructors deliver engaging training courses, ensuring that all students enjoy achieving their set learning objectives. HPE Software Education courses are delivered through a holistic approach, combining theory and practical lessons to suit individual learning styles and provide engaging hands-on training. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 15 of 59

16 Training is an investment in your organization and in your people.

17 5. ESP Learning Solutions Hewlett Packard Enterprise Software Education offers a wide variety of ESP training courses, from basic to advanced, from business- and end-user to technical administrator and developer to enhance your knowledge of the various ESP platforms. 5.1 Hewlett Packard Enterprise ArcSight Hewlett Packard Enterprise ArcSight Introduction With ever-expanding network environments, business assets, commerce, processes, and communication are readily accessible from various locations. Critical data transactions cross multiple network boundaries, making business operations faster, cheaper, quicker, and more responsive. Though these interconnected network transactions make for good business it also puts a business environment at risk, due to security vulnerabilities. To manage these business risks you need to understand what is going on within your organization. To understand your business you must connect the dots and this means: Collecting information from across your enterprise The key to getting the big picture is to collect event data from all data sources, including firewalls, routers, servers, desktops, application servers, and so on. Analyzing information Analysis of information to obtain a clear view of your security standpoint Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 17 of 59

18 18 Chapter 5: ESP Learning Solutions Taking preventive action Proactive preventative action to secure sensitive data and avoid a potential problems in the future Hewlett Packard Enterprise ArcSight solutions help customers identify and prioritize security threats, organize and track incident response activities, and simplify audit and compliance activities Benefits The Hewlett Packard Enterprise ArcSight approach helps safeguard business data by giving users complete visibility into activity across the IT infrastructure through use of the following solutions: Hewlett Packard Enterprise ArcSight Logger Unify collection, storage, log analysis, and machine data from any device, vendor, and source. Builtin rules and reports enable monitoring, alerting, and forensic investigation of security events. Hewlett Packard Enterprise ArcSight Enterprise Security Management (ESM) Using enterprise security management software, combines event correlation and security analytics to identify and prioritize threats in real time and remediate incidents early. Hewlett Packard Enterprise ArcSight Application View Increase application visibility and security intelligence. Hewlett Packard Enterprise ArcSight Management Center (ArcMC) Centrally manage your Hewlett Packard Enterprise ArcSight deployments through a unified interface. 5.2 Hewlett Packard Enterprise ArcSight Learning Solutions Learn from a full assortment of role-based, product-oriented courses with delivery options designed to support the most demanding security needs. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 18 of 59

19 5.1 Hewlett Packard Enterprise ArcSight Hewlett Packard Enterprise ArcSight Learning Path HPE ArcSight learning solutions prepare you for fast implementation and efficient operation. Learn from a full assortment of role-based, product-oriented courses. HPE ArcSight ESM Courses Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 19 of 59

20 20 Chapter 5: ESP Learning Solutions HPE ArcSight Connectors and Connector Appliance Courses HPE ArcSight Logger Courses HPE ArcSight Express Courses Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 20 of 59

21 5.4 HPE ArcSight Certification Path HPE ArcSight Certification Path The recommended HPE ArcSight certification path is to begin with one of our HPE ArcSight ATP offerings. To move on to the ASE certification, you must pass the HPE ArcSight ESM Security Administrator and Analyst exam. To achieve HPE ArcSight ASE certification you must pass the the HP Logger Administration and Operations exam and either the HPE ArcSight ESM Advanced Administrator exam OR the HPE ArcSight ESM Advanced Analyst exam. Professionals who want to show mastery of all HPE ArcSight solutions can continue on with the Master ASE (MASE) certification. This is a three-day, handson exam. To successfully pass this exam, we recommend at least three years of experience with the solutions as well as a host of HPE ArcSight courses. NOTE: There is a 5-day course entitled HPE ArcSight MASE Preparation course, which prepares you for this exam. ATP ASE Master ASE HPE ArcSight Security Solutions HPE ArcSight Logger Admin & Operations HPE ArcSight ESM Advanced Analyst HPE ArcSight Master ASE HPE ArcSight ESM Admin & Analyst HPE ArcSight ESM Advanced Admin Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 21 of 59

22 22 Chapter 5: ESP Learning Solutions 5.5 Hewlett Packard Enterprise ArcSight ESM Courses HPE ArcSight Security Solutions ATP HPE ArcSight Security Solutions ATP provides an introduction to the common security problems addressed by Hewlett Packard Enterprise ArcSight s products. Each module provides a high-level overview of each Hewlett Packard Enterprise ArcSight product and describes how it solves the security risks experienced by digitally connected organizations. HPE ArcSight Security Solutions ATP provides an introduction to the common security problems addressed by Hewlett Packard Enterprise ArcSight s products. Each module provides a high-level overview of each Hewlett Packard Enterprise ArcSight product and describes how it solves the security risks experienced by digitally connected organizations. Operators, Analysts, Administrators Gathering business requirements for the Hewlett Packard Enterprise ArcSight solution; Designing a simple security solution using Hewlett Packard Enterprise ArcSight products ILT, VILT, Onsite None Two days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 22 of 59

23 5.5 Hewlett Packard Enterprise ArcSight ESM Courses HPE ArcSight ESM 6.5 Administrator and Analyst ATP HPE ArcSight ESM 6.5 Administrator and Analyst training details the Enterprise Security Manager (ESM) product facilities while performing related tasks on a live HPE ArcSight ESM. You use the Hewlett Packard Enterprise ArcSight Console, Hewlett Packard Enterprise ArcSight Command Center, and Hewlett Packard Enterprise ArcSight Web user interfaces to monitor security events, configure ESM, and manage users and ESM network intelligence resources. Using Hewlett Packard Enterprise ArcSight ESM workflow, you isolate, document, escalate, and resolve security incidents. This course enables tailoring standard Hewlett Packard Enterprise ArcSight ESM content to acquire, search, and correlate actionable event data, and perform remedial activities such as incident analysis, stakeholder notification, and reporting security conditions within your network environment. Managers, Sales, Executive users Install ESM; Create user accounts and implement built-in solutions content; Implement Network and Asset Modeling facilities; Investigate, identify, analyze, and remediate security issues; Use workflow management; Modify and run standard reports; Establish ESM peering ILT, VILT, Onsite, elearning None Four days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 23 of 59

24 24 Chapter 5: ESP Learning Solutions HPE ArcSight ESM 6.5 Advanced Analyst ASE HPE ArcSight ESM 6.5 Advanced Analyst provides you with the knowledge required to use advanced Hewlett Packard Enterprise ArcSight ESM content to find and correlate event information, perform actions such as notifying stakeholders, analyzing event data graphically, and reporting on security incidents within your security environment. You will familiarize and/or reinforce your understanding of the advanced correlation capabilities within Hewlett Packard Enterprise ArcSight ESM that provide a significant edge in detecting active attacks. This course covers the Hewlett Packard Enterprise ArcSight security problem solving methodology using advanced Hewlett Packard Enterprise ArcSight ESM content to find, track, and remediate security incidents. During the training, you learn to use variables and correlation activities, customize report templates for dynamic content, and customize notification templates to send the appropriate notification based upon specific attributes of an event. Analysts, Senior Analysts Correlate, investigate, analyze, and remediate both exposed and obscure threats; Construct HPE ArcSight variables to provide advanced analysis of the event stream; Develop Hewlett Packard Enterprise ArcSight lists and rules to allow advanced correlation activities; Optimize event-based data monitors to provide real-time viewing of event traffic and anomalies; Design new report templates and create functional reports, Find events through the search tools ILT, VILT, Onsite None required; Recommended: ESM 6.5 Admin and Analyst ILT: Five days VILT: Four days Note: The VILT version of the course does not include the certification exam. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 24 of 59

25 5.5 Hewlett Packard Enterprise ArcSight ESM Courses HPE ArcSight ESM 6.5 Advanced Administrator ASE HPE ArcSight ESM 6.5 Advanced Administrator provides you with techniques to proactively analyze and troubleshoot the ESM CORR-Engine database and Hewlett Packard Enterprise ArcSight ESM Manager to provide efficient services to your organization. This course teaches you to design and deploy hierarchical, fault tolerant manager implementations as well integration strategies between Hewlett Packard Enterprise ArcSight ESM and other Hewlett Packard Enterprise ArcSight appliances such as Logger, Connector Appliance, and the Hewlett Packard Enterprise ArcSight Management Center products. Administrators Design, deploy, and configure an Hewlett Packard Enterprise ArcSight ESM multi-manager layout; Assess and implement integration strategies; Provide credentials for Hewlett Packard Enterprise ArcSight ESM, including RADIUS and LDAP/AD; Use available Hewlett Packard Enterprise ArcSight tools; Implement Hewlett Packard Enterprise ArcSight best practices for backup and recovery ILT, Onsite None required; Recommended: ESM 6.5 Admin and Analyst ILT: Five days VILT: Four days Note: The VILT version of the course does not include the certification exam. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 25 of 59

26 26 Chapter 5: ESP Learning Solutions Building Security Use Cases with HPE ArcSight ESM Building Security Use Cases with HPE ArcSight ESM provides you with detailed knowledge of the Hewlett Packard Enterprise ArcSight security problem solving methodology within the ESM context. In this course, you learn the methodologies to develop use cases for current business scenarios derived from the top business drivers in the market. Senior Analysts Define use cases; Generate requirement statements and prioritize objectives; Identify data sources and ESM resources; Create identified ESM content; Construct Hewlett Packard Enterprise ArcSight Active Channels; Develop Hewlett Packard Enterprise ArcSight rules; Build event-based data monitors; Package formulated ESM content ILT, Onsite None Three days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 26 of 59

27 5.5 Hewlett Packard Enterprise ArcSight ESM Courses Creating Advanced ESM Content for Security Use Cases Creating Advanced ESM Content for Security Use Cases covers Hewlett Packard Enterprise ArcSight security problem solving methodology within the ESM context. In this course, you learn advanced techniques to use Hewlett Packard Enterprise ArcSight ESM content to find, track, and remediate security incidents specifically identified in the course use cases. This advanced course is intended for those whose primary responsibilities include defining the organization s security objectives and building Hewlett Packard Enterprise ArcSight ESM content to adhere to those objectives. Define use cases; Generate requirement statements and prioritize objectives; Identify data sources and ESM resources; Create identified ESM content; Construct Hewlett Packard Enterprise ArcSight active channels; Develop Hewlett Packard Enterprise ArcSight rules; Provide real time viewing of event traffic and anomalies; Implement custom velocity macros for notification; Package formulated ESM contents for the use case into an Hewlett Packard Enterprise ArcSight resource bundle ILT, VILT, Onsite None Five days HPE ArcSight ESM Operations HPE ArcSight ESM Operations provides you with comprehensive training on ESM operations. This course offers exercises for common functionality and procedures needed to quickly retrain or cross train a broader group of ESM operators. The modular format of this course enables you to select the topics and lessons applicable to your job tasks and allows you to return to lessons to refresh what you have previously learned. Operators Computer desktop, browser, and file system navigation skills; Basic understanding of TCP/IP networking and database concepts; Enterprise security experience elearning None Estimated ten hours Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 27 of 59

28 28 Chapter 5: ESP Learning Solutions Introduction to HPE ArcSight Event Management Introduction to HPE ArcSight Event Management provides you with the fundamental concepts of an Hewlett Packard Enterprise ArcSight ESM implementation. Understanding these basic concepts is critical for anyone who wants to administer an Hewlett Packard Enterprise ArcSight ESM implementation or perform analysis on security data within Hewlett Packard Enterprise ArcSight ESM. This course is also a prerequisite for additional Hewlett Packard Enterprise ArcSight ESM training. Operators Computer desktop, browser, and file system navigation skills; Basic understanding of TCP/IP networking and database concepts; Enterprise security experience elearning None Estimated three hours 5.6 HPE ArcSight Logger Courses HPE ArcSight Logger+ 6.0 Administration and Operations ASE HPE ArcSight Logger+ 6.0 Administration and Operations provides you the essentials of the Hewlett Packard Enterprise ArcSight Logger solution, both hardware and software, as well as giving you information about how to architect a complete solution. This five-day ILT course covers the core features of the Hewlett Packard Enterprise ArcSight Logger solution as well as more advanced features. Business users, Administrators Common network device functions, such as routers, switches, and hubs; TCP/IP functions, such as CIDR blocks, subnets, addressing, communications; Windows operating system tasks, such as installations, services, sharing, and navigation ILT, VILT None ILT: Five days VILT: Four days Note: The VILT version of the course does not include the certification exam. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 28 of 59

29 5.6 HPE ArcSight Logger Courses HPE ArcSight Logger Administration and Operations HPE ArcSight Logger Administration and Operations provides you with comprehensive training to quickly configure your Logger Appliance or downloadable Software Logger and bring it into an operational state. Learning content is specifically intended for team members of security operations, network operations, auditing, and compliance. Business users, Administrators Computer desktop, browser, and file system navigation skills; Enterprise security experience elearning None Three hours, online, self-paced elearning HPE ArcSight Logger Search and Reporting HPE ArcSight Logger Search and Reporting elearning provides you with task-focused training to quickly configure and use your Logger s event search and reporting capabilities. Learning content is specifically intended for team members of security operations, network operations, auditing, and compliance. Note: This course is a subset of the HPE ArcSight Logger Administration and Operations elearning course. If you have purchased or plan to purchase the HPE ArcSight Logger Administration and Operations elearning course, do not purchase this course. This is a base-level course that provides you with specific end-user event search and reporting topics intended for team members of security operations, network operations, as well as personnel responsible for auditing and compliance. Computer desktop, browser, and file system navigation skills; Basic understanding of TCP/IP networking and database concepts; Enterprise security experience elearning None Seven hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 29 of 59

30 30 Chapter 5: ESP Learning Solutions 5.7 HPE ArcSight Connectors and Connector Appliance Courses HPE ArcSight SmartConnector Foundations and Tool Kits HPE ArcSight SmartConnector Foundations provides you with detailed knowledge to install and configure Hewlett Packard Enterprise ArcSight SmartConnectors. Included in the course are detailed walk-throughs for 11 of our most popular Smart and Flex connectors. Administrators Install and configure SmartConnector software; Configure, enable, disable, alter, and remove SmartConnector settings elearning None Estimated eight hours, online, self-paced elearning HPE ArcSight FlexConnector Configuration HPE ArcSight FlexConnector Configuration training provides you with an overview of the Hewlett Packard Enterprise ArcSight SmartConnectors framework and explains the Hewlett Packard Enterprise ArcSight ESM Schema. It teaches you how to construct and manipulate FlexConnector configuration and property files and use various parsing methods including fixed delimited, regular expressions, and database query. Examples from standard connectors are used to illustrate devicespecific methodologies. Advanced configuration options such as multi-line Regex, parser linking, and conditional mapping are also covered. Administrators Install Hewlett Packard Enterprise ArcSight Connector software; Configure a functional FlexConnector and test with an ESM Active Channel; Create fixed delimited configuration files; Create common and sub-message parsing and token-to-event mapping; Create a tailored categorization file; Navigate the connector configuration file hierarchy VILT None Three days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 30 of 59

31 5.8 HPE ArcSight Express Courses HPE ArcSight Connector Appliance Administration and Operations HPE ArcSight Connector Appliance Administration and Operations provides you with the knowledge to administer, configure, and effectively manage an Hewlett Packard Enterprise ArcSight Connector Appliance. Administrators Install and configure the Connector Appliance; List the components that make up a Connector Appliance and describe how they interoperate; Mount remote file systems with a Connector Appliance; Configure a SmartConnector on the Connecter Appliance; Upgrade, back up, and restore SmartConnectors and the Connector Appliance ILT and VILT, None Two days 5.8 HPE ArcSight Express Courses HPE ArcSight Express 4.0, CORR-Engine Administration and Operations HPE ArcSight Express Administration and Operations provides you with comprehensive training for Hewlett Packard Enterprise ArcSight Express. This course includes hands-on training exercises on packaged content and functionality for you to bring the Hewlett Packard Enterprise ArcSight Express appliance into production environments. Note: This course is intended for users of Hewlett Packard Enterprise ArcSight Express 4.0. CORR-Engine. This is not for use with Hewlett Packard Enterprise ArcSight Express 4.5 or 5.0. Administrators, Analysts, Operators Use Hewlett Packard Enterprise ArcSight Express built-in content; Isolate, investigate, analyze, and remediate exposed security issues; Configure Hewlett Packard Enterprise ArcSight settings, system settings, and user resources appropriately; Configure Network and Asset Modeling ILT None Five days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 31 of 59

32 32 Chapter 5: ESP Learning Solutions 5.9 HPE ArcSight Management Center Course HPE ArcSight Management Center Administration and Operations ArcSight Management Center (ArcMC) simplifies policy configuration, deployment maintenance and monitoring tasks. This course covers techniques needed to centralize device management, user management, and configuration management with ArcMC. Learn integration strategies to reduce daily management of ArcMC, Logger, Connector Appliance and Connectors products. System Administrators Administer, configure, maintain, and troubleshoot HPE ArcSight ArcMCs, Loggers, Connector Appliances, and Connectors, Manage users roles and entitlements for ArcSight ArcMCs, Loggers, Connector Appliances, and Connectors ILT None Three days 5.10 HPE ArcSight Courses - Complete HPE ArcSight Solution HPE ArcSight MASE Preparation Course The HPE ArcSight Master ASE Preparation Course covers design and implementation considerations of a complete enterprise SIEM deployment. This course provides participants with hands-on activities through a practical solutions-based approach to address common business requirements. Methodologies, terms, and concepts are explored in progressive examples using built-in product configuration and management facilities. Product architectures are coupled with deployment best practices within the context of the HPE ArcSight product line as a complete log management and event correlation platform. Experienced HPE ArcSight IT Security experts Identify business requirements; Develop an implementation and installation plan using HPE ArcSight solutions; Design and implement HPE ArcSight resources to analyze network level events and provide enterprise-wide visibility and correlation; Develop custom solutions using HPE ArcSight technologies ILT None required three years experience; ESM Admin & Analyst; Adv Admin; Adv Analyst; Logger Admin & Operations; SmartConnector Foundations; FlexConnector Configuration; Connector Appliance Administration; Five days + three-day exam Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 32 of 59

33 5.11 HPE Fortify HPE Fortify HPE Fortify Introduction When it comes to network and data security, it is essential that web applications are defended against threats and attacks. A common misperception is that firewalls protect an application from all attacks. While a firewall is necessary and an effective solution to control access and protect an organization, it often proves to be ineffective in preventing an application exploit. A firewall cannot protect every parameter of every application that resides behind it. Nor can it completely protect access to the applications. It is for this reason that an effective suite of tools specifically designed to protect web applications is essential. HPE Fortify web application security solutions, available on-premise or on-demand, help you secure your software applications including legacy, mobile, third-party, and open source HP Forify Benefits HPE Fortify combines comprehensive static and dynamic testing technologies across 21 languages, with timely security intelligence from the HP Security Research team. HPE Fortify can be deployed in-house, as a managed service or in a hybrid model taking advantage of the best of both worlds. This flexible delivery model allows security groups to get started quickly and scale in response to business changes while protecting their assets and investments in application security. These technologies, include: HPE Fortify on Demand HPE Fortify on Demand is a managed application security testing service that enables organizations to quickly test the application security of a few applications or launch a comprehensive security program without additional investment in software and personnel. HP WebInspect HP WeInspect is an automated, dynamic testing tool that mimics real-world hacking techniques and attacks, and provides comprehensive dynamic analysis of complex web applications and services. HP Application Defender HP s application self-protection can help you stop security threats that no one else can even see by protecting production applications from the inside. It s application security simplified. HPE Fortify Static Code Analyzer (SCA) HPE Fortify Static Code Analyzer provides automated static code analysis to help developers eliminate vulnerabilities and build secure software. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 33 of 59

34 34 Chapter 5: ESP Learning Solutions HPE Fortify Learning Solutions HPE Fortify Learning Solutions provide a full assortment of role-based, product-oriented courses with delivery options designed to support the most demanding security needs. HPE Fortify Learning Path Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 34 of 59

35 5.11 HPE Fortify 35 Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 35 of 59

36 36 Chapter 5: ESP Learning Solutions 5.12 HPE Fortify Certification Path HPE Fortify Certification offerings include both ATP- and ASE-level certifications for the HPE Fortify products and solutions. To obtain the HP ATP Fortify Security v1 certification, you must successfully pass the Fortify Security Solutions ATP exam. To obtain the HP ASE Fortify Security v1 certification, you must successfully pass the Dynamic Application Testing with HP WebInspect OR the HPE Fortify SCA/SSC exam HPE Fortify Security Solutions ATP HPE Fortify Security Solutions ATP training consists of two days of intensive training in application security and developing and testing software solutions using HPE Fortify products. You will learn about the threats to applications and the architecture and operation of the HPE Fortify solution. Through lectures and hand-on activities, you learn to implement HPE Fortify Static Code Analyzer (SCA), HPE Fortify Software Security Center, HP WebInspect, and HPE Fortify Runtime. Software Developers, Product Managers, Development Managers, Q/A Managers, Q/A Analysts, and Application Security Analysts Knowledge of software development methodologies; Implementation of HPE Fortify products; Knowledge of HPE Fortify Solutions Architecture ILT and VILT None Two days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 36 of 59

37 5.12 HPE Fortify Certification Path Dynamic Application Testing with HPE WebInspect This HPE WebInspect course outlines HPE s comprehensive, automated web application and Web services vulnerability scanning solution. In this training, security professionals and compliance auditors learn how to quickly and easily analyze the numerous web applications and web services in their environment. This course includes extensive hands-on exercises. Application Developers, Application Testers HPE WebInspect licensing installation; Use of HPE WebInspect as a dynamic analysis security testing (DAST) tool; Manual, mobile, and work-flow driven scan creation; Web macros and report creation ILT None Three days Using and Administering HPE WebInspect Enterprise The goal of this course is to introduce you to WebInspect Enterprise which manages dynamic and static scanning focuses to ensure effective and efficient application security during your SDLC. This course will demonstrate how to create and manage your automated web application vulnerability scans and provide security risk solutions. Also, this course provides participants with hands-on activities using a practical, solutions-based approach to identify and mitigate today s biggest application security risks. Students learn to create, scan, and manage projects using both HPE Fortify SSC (Software Security Center) and WebInspect Enterprise. This course is intended for application security analysts already using HPE WebInspect to perform DAST on their applications, as well as static analysis through SSC. It is also useful for development managers, security-focused QA testers, security leads, and auditors. Basic programming skills (able to read Java, C/C++, or.net.), basic understanding of web technologies: HTTP Requests and Responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP or similar), familiarity with some of the most common Web application vulnerabilities (i.e. OWASP Top 10), familiarity with application security, experience working with Fortify WebInspect ILT None Two days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 37 of 59

38 38 Chapter 5: ESP Learning Solutions Developing with HPE Fortify Application Security Developing with HPE Fortify Application Security provides participants with an introduction to application security through the context of using the HPE Fortify Security Center Application to thwart attacks. This course provides conceptual information, as well as demonstrations and optional handson activities using a practical, solutions-based approach to identify and mitigate today s most common business security risks. Application Developers, QA Testers, Security Testers, Development Managers, Security Experts Basic understanding of web technologies: HTTP requests and responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP, or similar) elearning None Estimated four hours, online, self-paced elearning HPE Fortify Software Security Center/Static Code Analyzer This course provides participants with demonstrations and hands-on activities using a practical, solutions-based approach to identify and mitigate today s most common business security risks. You learn to scan, assess, and secure applications using HPE Fortify Software Security Center (SSC) and the Static Code Analyzer (SCA). This course includes extensive hands-on activities. Application Developers, QA Testers, Security Testers Application scanning; Security remediation; Knowledge of integrating HPE Fortify products with current SDLC practices ILT None Four days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 38 of 59

39 5.12 HPE Fortify Certification Path Working with HPE Fortify SCA, Audit Work Bench, and SSC Working with HPE Fortify SCA, Audit Work Bench, and SSC provides demonstrations and optional hands-on activities using a practical, solutions-based approach to identify and mitigate today s most common business security risks. You learn to scan, assess, and secure applications using HPE Fortify Software Security Center (SSC). Application Developers, QA Testers, Security Experts Developing with HPE Fortify Applications Security or equivalent knowledge; Basic programming skills (able to read Java, C/C++, or.net.); Basic understanding of web technologies: HTTP requests and responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP, or similar); Computer desktop, browser, and file system navigation skills elearning None Estimated seven hours, online, self-paced elearning Fortify for Developers Using Plugins Learn how to integrate HP Fortify with IDE Plugins (Microsoft Visual Studio and Eclipse), part of the HP Fortify product suite, into your software development processes to help you achieve application security. This training will help you recognize how websites get attacked as well as the OWASP Top 10 vulnerabilities to websites, so you can understand cyber-attacks and their impact on applications. Then, you will learn, through the HP Fortify plugins (Microsoft Visual Studio and Eclipse), how to scan, analyze, and fix vulnerabilities in your application code to build secure applications. Application Developers using the Fortify Plugins (Microsoft Visual Studio, Eclipse) Developing with HPE Fortify Applications Security or equivalent knowledge; Basic programming skills (able to read Java, C/C++, or.net.); Basic understanding of web technologies: HTTP requests and responses, HTML tags, JavaScript, and server-side dynamic content (JSP, ASP, or similar); Computer desktop, browser, and file system navigation skills elearning None Estimated four hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 39 of 59

40 40 Chapter 5: ESP Learning Solutions Security Awareness Curriculum PCI Essentials PCI Essentials comprises 10 highly interactive modules, approximately 15 minutes long, each focusing on a specific area of cardholder and information security. The training is designed to address all the security awareness topics needed for compliance with the training requirements of Payment Card Industry Data Security Standards. (PCI-DSS) Staff involved with payment card transactions and handling Knowledge of Payment Card Industry Data Security Standards (PCI-DSS) elearning None Estimated two hours online, self-paced elearning Advanced Software Security Testing - Tools and Techniques This course delves deeply into the techniques for testing specific security weaknesses. The class is broken down into the three areas where bugs are most often found: insecure interaction between components, risky resource management, and poor defenses. Tools and techniques for security testing are presented, including ten different types of attacks such as SQL Injection, Command Injection, Crosssite Scripting, Buffer Overflow and Access Spoofing. After taking this course, the student will be able to understand the ten types of attacks; know which tools to use to test for these attacks; test software applications for susceptibility to the ten specific attacks; describe the expected mitigations required to prevent these attacks. Software Security Testers Completed Application Security Fundamentals; An understanding of basic software testing elearning None Estimated 90 minutes, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 40 of 59

41 5.12 HPE Fortify Certification Path Information Security and Privacy Awareness This series of modules is designed for general staff in roles such as human resources, legal, marketing, finance, sales, operations and customer service. These highly interactive scenario-based modules equip employees to recognize the value of different types of information; to understand the scope, nature and origin of the diverse risks to such information; and to behave proactively to protect this information in their everyday work. Each module combines instruction with a suite of complementary communications materials, designed to enhance the learning process. All employees with access to computer systems and information Basic understanding of Information Security elearning None Estimated 1.5 hours, online, self-paced elearning Introduction to Secure Coding in Java This course is designed to teach learners the importance of security for web applications written in the Java language, illustrating why web applications are vulnerable, identifying what vulnerabilities look like and understanding how to mitigate these threats. Learners will also be able to understand how to identify data access threats and protect sensitive information. Application Developers, Information Security Architects Knowledge of the Java language; Familiarity with creating Java applications elearning None Estimated one hour, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 41 of 59

42 42 Chapter 5: ESP Learning Solutions Introduction to Secure Coding in.net This course is designed to teach learners the importance of security for web applications written in the.net framework, illustrating authentication and authorization methods, identifying how to properly handle exceptions and understanding basic session management. Learners will also be introduced to many common application testing approaches. Note: This course is also available in Spanish. Application Developers, Information Security Architects Knowledge of the.net framework; Familiarity with creating.net applications elearning None Estimated two hours, online, self-paced elearning Introduction to Secure Coding in C/C++ This course is designed for software developers creating applications in the C/C++ family of languages. This highly interactive, scenario-based course equips developers to recognize the common causes of software bugs to mitigate security issues. Along with summarizing the mechanics of memory corruption bugs, and understanding the difference between good and bad exception handling with design bugs, learners will be able to express the implications of privacy issues and understand various approaches to code review. C/C++ Application Developers Knowledge of the C/C++ language; Familiarity with creating C/C++ applications elearning None Estimated 30 minutes, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 42 of 59

43 5.12 HPE Fortify Certification Path Introduction to Secure Coding in PHP This course is designed to teach the importance of security for web applications written in the PHP language, illustrating why web applications are vulnerable, identifying what vulnerabilities look like, and understanding how to mitigate these threats. Learners will also be able to understand how to securely interact with supporting systems to holistically address security concerns. Application Developers, Information Security Architects Understanding of applications security fundamentals; Knowledge of the PHP language; Familiarity with creating PHP applications elearning None Estimated two hours, online, self-paced elearning Introduction to Security Testing Principles This course is designed to introduce those who are involved in software testing to the basics of application security testing. Using the methodology of cyber criminals and incorporating real-world examples, the course introduces the learner to types of testing methods that uncover software issues before attackers do. The course also covers the skills necessary to properly report discovered issues within the organization. Application Developers, Development Leads, QA/Test personnel Completed Application Security Fundamentals; An understanding of basic software testing elearning None Estimated 1.25 hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 43 of 59

44 44 Chapter 5: ESP Learning Solutions Security Awareness Subscription-Based Curriculum C/C++ Developer Curriculum This HPE Fortify elearning Track provides eight complete courses of application security training for C/C++ developers. It first introduces the concepts of secure architecture and proceeds to more indepth coverage of security best practices, common threats, risk analysis, and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced developers and then bring them to life in specific C/C++ coding and implementation practices. These courses provide the deep technical knowledge needed by C/C++ developers to address the critical challenges of secure application development. This subscription contains the following courses: Fundamentals of Application Security Fundamentals of Secure Development Creating Secure Code C/C++ Foundations Creating Secure Code Windows 7 Foundations Creating Secure Code C/C++ Buffer Overflows Attacks and Countermeasures Introduction to Cryptography This curriculum was specifically constructed for C/C++ Application Developers Knowledge of the C/C++ language; Familiarity with creating C/C++ applications elearning None Estimated 12 hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 44 of 59

45 5.12 HPE Fortify Certification Path NET Developer Curriculum This HPE Fortify elearning Track provides seven courses of application security training for.net developers. It first introduces the concepts of secure architecture and proceeds to more in-depth coverage of security best practices, common threats, risk analysis,and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced developers and then bring them to life in specific.net coding and implementation practices. These courses provide the deep technical knowledge needed by.net developers to address the critical challenges of secure application development. This subscription contains the following courses: Fundamentals of Application Security OWASP Top 10 - Threats and Mitigations Fundamentals of Secure Development Creating Secure Code -.NET 2.0 Creating Secure Code -.NET 4.0 Web Vulnerabilities - Threats and Mitigations Creating Secure ASP.NET Code Creating Secure C# Code This curriculum was specifically constructed for.net Developers Knowledge of the.net language elearning None Estimated 15 hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 45 of 59

46 46 Chapter 5: ESP Learning Solutions Java Developer Curriculum This HPE Fortify elearning Track provides six courses of application security training for Java developers. It first introduces the concepts of secure architecture and proceeds to more in-depth coverage of security best practices, common threats, risk analysis, and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced developers and then bring them to life in specific Java coding and implementation practices. These courses provide the deep technical knowledge needed by Java developers to address the critical challenges of secure application development. This subscription contains the following courses: Fundamentals of Application Security OWASP Top 10 - Threats and Mitigations Fundamentals of Secure Development Creating Secure Code - JRE Web Vulnerabilities - Threats and Mitigations Creating Secure J2EE Code This curriculum was specifically constructed for Java Developers Knowledge of the Java language elearning None Estimated 10 hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 46 of 59

47 5.12 HPE Fortify Certification Path Mobile Developer Curriculum This HPE Fortify elearning Track provides six courses of application security training for mobile application developers. It first introduces the concepts of secure architecture and proceeds to more indepth coverage of security best practices, common threats, risk analysis, and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced developers and then bring them to life in specific mobile coding and implementation practices. These courses provide the deep technical knowledge needed by developers to address the critical challenges of secure application development. This subscription contains the following courses: Fundamentals of Application Security Fundamentals of Security Awareness - Mobile and Social Media Fundamentals of Secure Development Fundamentals of Secure Mobile Development Creating Secure Code - iphone Foundations Creating Secure Code - Android Foundations This curriculum was specifically constructed for Mobile Application Developers Knowledge of at least one mobile development language elearning None Estimated eight hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 47 of 59

48 48 Chapter 5: ESP Learning Solutions PHP Developer Curriculum This HPE Fortify elearning Track provides six courses of application security training for PHP application developers. It first introduces the concepts of secure architecture and proceeds to more indepth coverage of security best practices, common threats, risk analysis, and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced developers and then bring them to life in specific PHP coding and implementation practices. These courses provide the deep technical knowledge needed by developers to address the critical challenges of secure application development. This subscription contains the following courses: Fundamentals of Application Security OWASP Top 10 - Threats and Mitigations Fundamentals of Secure Development Creating Secure Code - JRE Web Vulnerabilities - Threats and Mitigations Creating Secure PHP Code This curriculum was specifically constructed for PHP Application Developers Knowledge of the PHP language elearning None Estimated eight hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 48 of 59

49 5.12 HPE Fortify Certification Path Architect Curriculum This HPE Fortify elearning Track provides eleven courses of application security training for software architects. It first introduces the concepts of secure architecture and proceeds to more in-depth coverage of security best practices, common threats, risk analysis, and the tools and techniques used to mitigate risk. The courses are designed to be taken in sequence and provide a strong foundation in application security concepts for new as well as experienced architects. This extensive training track provide broad technical knowledge needed to address the critical challenges of secure application design. This subscription contains the following courses: Fundamentals of Application Security Introduction to the Microsoft SDL How to Create Application Security Design Requirements SDLC Gap Analysis and Remediation Techniques How to Create an Application Security Threat Model Fundamentals of Secure Architecture OWASP Top 10 - Threats and Mitigations Architecture Risk Analysis and Remediation This curriculum was specifically constructed for Software Architects Knowledge of secure architecture elearning None Estimated 13 hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 49 of 59

50 50 Chapter 5: ESP Learning Solutions Manager Curriculum This HPE Fortify elearning Track provides seven courses of application security training specifically selected for management staff responsible for teams of application developers, architects, or testers. After an introduction to the fundamental principles of application security the managers are introduced to the Microsoft SDL and the principles of application security design. These are followed by training in gap analysis and remediation techniques and the fundamental principles of secure architecture. This track concludes with coverage of the OWASP Top Ten and the fundamental requirements of the PCI-DSS security standards for financial transactions. This subscription contains the following courses: Microsoft SDL for Managers How to Create Application Security Design Requirements SDLC Gap Analysis and Remediation Techniques Fundamentals of Secure Architecture OWASP Top 10 - Threats and Mitigations Fundamentals of the PCI-DSS This curriculum was specifically constructed for management staff responsible for teams of Application Developers, Architects, or Testers Knowledge of managing application development, architect, and test teams elearning None Estimated eight hours, online, self-paced elearning Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 50 of 59

51 5.13 HPE Atalla HPE Atalla HPE Atalla Introduction HPE Atalla solutions safeguard data throughout its entire lifecycle at rest, in motion, in use across cloud, on-premise, and mobile environments with continuous protection. Protect, manage, and control access to sensitive data by using HPE Atalla products and solutions HPE Atalla Benefits HPE Atalla Information Protection Solutions offer a suite of products that deliver information protection, seamless data security, and superior cryptography. 1. HPE Atalla Cloud Encryption Atalla Cloud Encryption combines powerful data encryption with patented homomorphic split-key encryption technology to increase security and protect keys even when they are used in the cloud. It easily encrypts any disk or data storage unit with proven encryption algorithms such as AES-256 and makes it safe from hackers, unauthorized access, competitors, and other threats. 2. HPE Atalla Information Proctection and Control (IPC) HPE Atalla Information Protection and Control (IPC) Suite solves the complex challenge of providing data classification and data security by providing organizations the means to bring protection to the data itself. HPE Atalla IPC applies protection at a point where information is created, and makes that protection persistent, so it follows the information wherever it goes. This secures sensitive data no matter where it actually resides. 3. HPE Atalla Network Security Processor (NSP) HPE Atalla NSP hardware security modules (HSM) are designed specifically for payment processing solutions, delivering high-performing cryptography and key management capabilities for card payment authorization and real-time fraud prevention. 4. HPE Atalla Enterprise Secure Key Manager Enterprise Secure Key Manager (ESKM) is a complete solution for generating, storing, serving, controlling, and auditing access to data encryption keys in a secure appliance. Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 51 of 59

52 52 Chapter 5: ESP Learning Solutions HPE Atalla Learning Solutions HPE Atalla learning solutions include product-oriented courses on the HPE Atalla and NSP products. HPE Atalla Learning Path HPE Enterprise Secure Key Manager (ESKM) Training HPE Enterprise Secure Key Manager (ESKM) Training is designed to introduce the HP ESKM product. This hands-on training includes installation of the ESKM solutions, system configuration, viewing log messages, and performing product upgrades. This course includes hands-on, interactive lab exercises. Individuals working with the ESKM product Basic understanding of system installations and configurations; Basic understanding of Command Line Interface (CLI) ILT None One day HPE Atalla Network Security Processor (NSP) Training HPE Atalla Network Security Processor (NSP) Training is designed to introduce the HPE Atalla NSP product. This hands-on training introduces you to NSP features and functionality, including hardware and software features, TCP/IP configuration, and NSP configuration. This course includes hands-on, interactive lab exercises. Individuals working with the NSP product Understanding system installations and configurations; Understanding of Command Line Interface (CLI); Understanding of TCP/IP configuration ILT None Two days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 52 of 59

53 5.14 HPE SecureData (Voltage) HPE SecureData (Voltage) HPE SecureData (Voltage) Introduction HPE SecureData (Voltage) Products HPE SecureData (formerly known as Voltage) is a leading expert in data encryption and tokenization data security solutions for thousands of mid-sized businesses including healthcare organizations, regional banks and insurance providers including transportation, retail, insurance, high tech, healthcare, telecom and the public sector. HPE SecureData solutions provide continuous protection through data classification, data encryption, and key management, offering flexibility, reliability, and manageability HPE SecureData Voltage Benefits HPE SecureData Voltage Solutions offer data encryption and tokenization security solutions; across enterprise, cloud, mobile, and Big Data environments. 1. HPE Secur Easy-to-use global scale encryption inside and outside enterprise 2. HPE SecureData Enterprise Complete Protection of PII, PHI, and PCI data for enterprises handling sensitive Information 3. HPE SecureData for Hadoop Protect sensitive data at rest, in motion, and in use in Hadoop and Big Data systems 4. HPE SecureData Payments End-to-end cardholder data protection for merchants and processors 5. HPE SecureData Mobile Provides end-to-end data encryption from native mobile applications to enterprise-trusted hosts 6. HPE SecureData Web End-to-end protection for Web transactions 7. HPE SecureData Sandbox Step-by-step data-centric security experience for architects and developers 8. HPE SecureData Suite for Test and Dev Data-centric protection for sensitive data in test and development environments 9. HPE SecureStorage Manage volume-level encryption for Big Data and other Linux environments 10. HPE SecureFile Enterprise document and file encryption, inside and outside the Cloud Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 53 of 59

54 54 Chapter 5: ESP Learning Solutions HPE SecureData Voltage Learning Solutions HPE SecureData Voltage learning solutions include product-oriented courses on HPE SecureData Voltage products and solutions. HPE SecureData Voltage Learning Path Introduction to HPE SecureData The Introduction to HPE SecureData (formerly known as Voltage) elearning course provides a highlevel overview of the SecureData suite of products and describes how these solutions work to protect sensitive data. This course is designed to equip you with the information needed to maximize the impact of HPE SecureData products by utilizing and customizing their full range of features. In doing so, you be able to reduce downtime and costs as you leverage the strength of each product feature. This introductory course is intended for anyone interested in learning about HPE SecureData solutions. Basic understanding of of your organization s security requirements and Basic understanding of the HPE SecureData solution elearning None Approximately One hour HPE Voltage SecureData Solutions Training HPE Voltage SecureData Solutions Training is designed to help customers extend the functionality of Voltage SecureData products, aimed at meeting their organization s requirements. This course provides participants with demonstrations and hands-on activities using a practical, solutions-based approach. This course is intended for all members of the project team, including security teams, architects, project managers, developers, and operations personnel. Basic understanding of of your organization s security requirements and the HPE Voltage SecureData solution ILT None Two Days Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 54 of 59

55 Education empowers people.

56 This page intentionally left blank.

57 6. Contact Us Want to enroll in a Training class? Schedule onsite or web-based training? Or ask a Training question? Contact us, we re here to help! Hewlett Packard Enterprise Software Education operates in the Americas, Europe, Middle East, Africa, Asia Pacific & Japan. For questions about training in your region, please contact us through: Hewlett Packard Enterprise Enterprise Security University From this webpage you can view course descriptions and course schedules, as well as enroll in ESP courses. HP terms and conditions may be found at: HPE Software Education Terms and Conditions Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 57 of 59

58 Index Best Defense Is a Good Offense, 8 Contact Us, 57 Enterprise Security Products, 7 Approach, 7 ExpertOne Certifications for HPE Software, 9 Industry Recognized Certifications, 10 Hewlett Packard Enterprise ArcSight, 17 Benefits, 18 Introduction, 17 Learning Solutions, 18 HPE ArcSight Creating Advanced ESM Content for Security Use Cases, 27 ArcSight Management Center Administration and Operations, 32 Building Security Use Cases with ESM, 26 Certification Path, 21 Connector Appliance Administration and Operations, 31 ESM 6.5 Administrator and Analyst ATP, 23 ESM 6.5 Advanced Administrator ASE, 25 ESM 6.5 Advanced Analyst ASE, 24 ESM Operations, 27 Express 4.0 CORR-Engine Administration and Operations, 31 FlexConnector Configuration, 30 Introduction to HPE ArcSight Event Management, 28 Logger 6.0 Administration and Operations ASE, 28 Logger Administration and Operations, 29 Logger Search and Reporting, 29 Master ASE Preparation Course, 32 Security Solutions ATP, 22 SmartConnector Foundations and Tool Kits, 30 HPE Atalla, 51 Benefits, 51 HPE Enterprise Secure Key Manager (ESKM) Training, 52 Introduction, 51 Learning Solutions, 52 Network Security Processor (NSP) Training, 52 HPE Fortify, 33.NET Developer Curriculum, 45 Advanced Software Security Testing - Tools and Techniques, 40 Architect Curriculum, 49 Benefits, 33 C/C++ Developer Curriculum, 44 Certification Path, 36 Developing with HPE Fortify Application Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 58 of 59

59 INDEX 59 Security, 38 Fortify for Developers Using Plugins, 39 Information Security and Privacy Awareness, 41 Introduction, 33 Java Developer Curriculum, 46 Learning Solutions, 34 Manager Curriculum, 50 Mobile Developer Curriculum, 47 PHP Developer Curriculum, 48 Security Solutions ATP, 36 Software Security Center/Static Code Analyzer, 38 Using and Administering HPE WebInspect, 37 WebInspect Dynamic Application Testing, 37 Working with SCA, Audit Work Bench, and SSC, 39 HPE SecureData Voltage, 53 Benefits, 53 Introduction, 53 Learning Solutions, 54 HPE Software Education, 11 Control, 11 Getting Ahead of the Game, 12 Protecting your Investment, 11 Return on Investment, 12 Time to Market, 12 HPE Voltage SecureData HPE Voltage SecureData Solutions Training, 54 Introduction to HPE Fortify Secure Coding in.net, 42 Secure Coding in C/C++, 42 Secure Coding in Java, 41 Secure Coding in PHP, 43 Security Testing Principles, 43 Introduction to HPE SecureData HPE SecureData, 54 Latest Course Information, 10 Our Instructors, 15 Make It Interesting, 15 Make It Relevant, 15 PCI Essentials, 40 Security Awareness Curriculum, 40 Security Awareness Subscription-Based Curriculum, 44 Security Products, 8 Security Research, 8 Security Services, 8 Training Delivery Options, 13 Customized Training, 14 elearning, 14 Instructor Led Training (ILT), 13 Self-Study, 14 Virtual Instructor Led Training, 13 Hewlett Packard Enterprise Software Education ESP Training Plan Guide Page 59 of 59