The RSA Cyber Defense courses help safeguard an organization's mission by addressing the necessary knowledge and skills of the people who respond to security threats within a SOC environment. These courses address:
- Best practices and tools for responding to an identified threat
- Processes and procedures for incident handling and response
- Use of threat intelligence to detect and correlate data
- Application of tools and techniques for analyzing malware and extracting indicators of compromise
- SOC simulation game that provides participants with an opportunity to practice
The threat landscape is becoming more complicated every day. With the advent and enhancement of technical innovations like cloud computing, social media, mobile devices and big data, organizations are finding it very difficult to keep ahead of advanced threats. Security products, while necessary, can only go so far in identifying and mitigating potential breaches. A skilled security analyst is key to the success of any Information Security strategy.
As a result of the volume and sophistication of advanced threats, organizations cannot simply add headcount to address the problem. Security analysis is a complex process, requiring a level of expertise and experience that is beyond the traditional abilities of an IT professional. Currently, the security industry is facing a serious shortage of the specialized skills needed to detect, investigate and respond to cyber attacks.
The RSA Cyber Defense courses address these challenges by offering comprehensive training on analytic processes and techniques that are independent of a specific attack technique or security product. These courses focus on analysis skills that are directly relevant to the current security climate. The curriculum also provides a path for security analysts to advance their skills by offering an approach based on roles that are generally consistent with the roles and responsibilities of a SOC.
These courses leverage a combination of open source analysis tools and RSA solutions. Previous experience with RSA products is not necessary.
For security analysts working in a Security Operations Center (SOC), a Critical Incident Response Center (CIRC), or in a more loosely-organized incident response capacity.
RSA Intelligence-Driven Event Analysis
This course introduces the student to the people, processes, and technology that make up a Security Operations Center
(SOC). They learn the formats associated with the various sources in information available in a SOC, from alerts and log data
to intelligence feeds. Students gain an understanding of a Security Analyst's typical workflow from gathering and monitoring
data as well as correlating, prioritizing, documenting and escalating incidents. Students develop a fundamental understanding
of system security, hardening, host scanning tools, and host/network-based instruction detection systems.
RSA Incident Handling & Response
This course prepares a Security Analyst to take on broader responsibility within an incident response team. Students learn the
tasks, workflows and tools used by a Security Analyst/Incident Handler. They investigate a variety of critical incident response
scenarios, which emphasizes decision-making and prioritization with the goal of teaching students how to make assessments
in a short period of time. Students develop a broader understanding of the role the SOC fulfills in the large organization,
including the legal and compliance issues associated with incident response and assessing organizational risk.
RSA Threat Intelligence
This course helps students to develop a proactive approach to the detection and investigation of Advanced Persistent Threats
(APTs) and Zero-Day attacks. Students learn the tools and tactics to perform threat modeling and to detect suspicious
patterns and anomalies. Students will engage in exercises to practices strategies for analyzing attacks and mitigating their
effects, and for applying intelligence drive security practices in their own organizations.
RSA SOC Simulation Challenge ("SOCSim")
This forensic analysis experience exposes participants to network and forensic analysis within a real-world breach scenario
using simulated SOC dynamics. Participants are presented with a use case that requires them to analyze data flowing over the
network. They are guided through the analysis by challenge questions using a "Jeopardy!" style interface based on the Cyber
Kill Chain methodology.
RSA Ma|ware Analysis
This course provides security analysts with the knowledge and skills to develop a strategy for analyzing malware. Students
analyze commonly exploited file formats and examine the behavior of malware and its interaction with its environment using
both static and dynamic analysis tools and techniques. They investigate the behavior of malware using a debugger and
identify and overcome anti-analysis techniques.
RSA Cyber Defense Workshop
In this highly interactive workshop, students assume different roles within a SOC environment and manage security events
occurring over the course of a three day scenario. Day-to-day security incidents will occur alongside potentially catastrophic
activity related to the advanced tactics of determined and persistent adversaries. Each member of the SOC Team will have to
use skills and tools in order to detect, investigate, contain and eradicate the threat as well as document the incident for