Objectives

• Explain how a SOC operates and describe the different types of services that are performed from a Tier 1 SOC analyst’s perspective
• Explain the use of SOC metrics to measure the effectiveness of the SOC
• Explain the use of a workflow management system and automation to improve the effectiveness of the SOC
• Describe the Windows operating system features and functionality
• Provide an overview of the Linux operating system
• Understand common endpoint security technologies
• Explain the network security monitoring (NSM) tools that are available to the network security analyst
• Describe security flaws in the TCP/IP protocol and how they can be used to attack networks and hosts
• Explain the data that is available to the network security analyst
• Describe the basic concepts and uses of cryptography
• Understand the foundational cloud security practices, including deployment and service models, shared responsibilities, compliance frameworks, and identity and access management, to effectively secure cloud environments against cyberthreats
• Understand and implement advanced network security, data protection, secure application deployment, continuous monitoring, and effective disaster recovery strategies to secure cloud deployments
• nderstand the kill chain and the diamond models for incident investigations, and the use of exploit kits by threat actors
• Identify the common attack vectors
• Identify malicious activities
• Identify patterns of suspicious behaviors
• Identify resources for hunting cyber threats
• Explain the need for event data normalization and event correlation
• Conduct security incident investigations
• Explain the use of a typical playbook in the SOC
• Describe a typical incident response plan and the functions of a typical computer security incident response team (CSIRT)

Prerequisites
There are no prerequisites for this training. However, the knowledge and skills you are recommended to have before attending this training are:
• Familiarity with Ethernet and TCP/IP networking
• Working knowledge of the Windows and Linux operating systems
• Familiarity with basics of networking security concepts
These skills can be found in the following Cisco Learning Offering:
• Implementing and Administering Cisco Solutions (CCNA)

Outline

• Defining the Security Operations Center
• Understanding SOC Metrics
• Understanding SOC Workflow and Automation
• Understanding Windows Operating System Basics
• Understanding Linux Operating System Basics
• Understanding Endpoint Security Technologies
• Understanding Network Infrastructure and Network Security Monitoring Tools
• Understanding Common TCP/IP Attacks
• Exploring Data Type Categories
• Understanding Basic Cryptography Concepts
• Cloud Security Fundamentals
• Securing Cloud Deployments
• Understanding Incident Analysis in a Threat-Centric SOC
• Identifying Common Attack Vectors
• Identifying Malicious Activity
• Identifying Patterns of Suspicious Behavior
• Identifying Resources for Hunting Cyber Threats
• Understanding Event Correlation and Normalization
• Conducting Security Incident Investigations
• Using a Playbook Model to Organize Security Monitoring
• Describing Incident Response

Lab Outline

• Explore the Windows Operating System
• Explore the Linux Operating System
• Explore Endpoint Security
• Explore TCP/IP Attacks
• Use NSM Tools to Analyze Data Categories
• Explore Cryptographic Technologies
• Investigate Hacker Methodology
• Investigate Browser-Based Attacks
• Analyze Suspicious DNS Activity
• Explore Security Data for Analysis
• Investigate Suspicious Activity Using Security Onion
• Hunt Malicious Traffic
• Cisco XDR to Splunk Enterprise Integration Simulation
• Correlate Event Logs, PCAPs, and Alerts of an Attack
• Investigate Advanced Persistent Threats
• Explore SOC Playbooks