Zero Trust
Cybersecurity: Security Operations - Powered by FortiGuard (4 of 5)

This cybersecurity module will explore practical use of Fortinet security operations solutions to detect, investigate and respond to Advanced Persistent Threats (APT). Comprised of theory lessons and hands-on labs, this course will get the students to understand how advanced threats are executed, how threat actors behave, and how security operations handles such threats.

Students will leverage widely adopted industry frameworks and models to comprehend advanced complex attacks (APTs) and adversary behavior. They will then use these foundations to build detection capabilities and emulate adversary activity. Finally, students will go through industry guidelines for incident handling and practical utilization of Fortinet solutions to detect, analyze and respond to the previously emulated incident.

Pre-Requisites

  • Basic knowledge of security operations 
  • Having attended the following NSE training:
    • NSE 5 – FortiSIEM 
  • Recommended:
    • Basic knowledge of FortiSOAR
    • NSE 5 Certification (having passed FortiSIEM exam)
    • NSE 7 Network Security Architect or have attended NSE 7 Advanced Threat Protection training

Content

  1. Introduction (lecture)
  2. Security operations (lecture)
    1. Concepts and definitions
    2. Fortinet SOC Automation Framework
  3. Attack frameworks (lecture + hands-on lab)
    1. Cyber Kill Chain
      1. MITRE ATT&CK
        1. Overview
        2. Tactics
        3. Techniques & Sub-Techniques
        4. Procedures, Mitigation & Detection
        5. ATT&CK model relationships
        6. Common use cases
        7. TTPs and the “Pyramid of Pain”
  4. Adversary behavior (hands-on lab)
    1. Map adversary behavior
  5. Building detection capabilities (hands-on lab)
    1. Configuring data sources
    2. Configuring detection rules
  6. Adversary emulation and detection (hands-on lab)
    1. Attack execution
  7. Incident handling
    1. NIST 800-61 – Computer Security Incident Handling Guide (lecture)
      1. Overview
      2. Detection and Analysis
      3. Containment, Eradication & Recovery
  8. Incident handling (hands-on lab)
    1. Detection and analysis
    2. Containment, Eradication and Recovery