Security Event Triage: Detecting Malicious Traffic with Signature and Session Analysis

Cyber attacks can take different forms and be performed by threat groups with different goals and methods. In this course, you will learn how signature and session analysis can be used to detect those attacks with network data.
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
1h 59m
Table of contents
Description
Course info
Level
Intermediate
Updated
Feb 28, 2019
Duration
1h 59m
Description

Cyber attacks evolve constantly, and detecting them requires the use of different techniques, some of which are more useful for specific scenarios than others. In this course, Security Event Triage: Detecting Malicious Traffic With Signature and Session Analysis, you will gain the ability to detect those attacks by leveraging signature and session analysis. First, you will learn how to detect attacks with common, detectable characteristics using signature analysis with tools like Snort. Next, you will discover how session analysis, with tools like Zeek and Kibana, can allow you to detect attacks by spotting suspicious behavior, in a way that is much harder to evade than simple signatures. Finally, you will explore how to detect suspicious patterns even in encrypted traffic, without the need to decrypt it. When you are finished with this course, you will have the skills and knowledge of signature and session analysis needed to detect attacks using network data. This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.

About the author
About the author

Guillaume Ross is an experienced information security professional, providing services to many organizations as the lead consultant and founder of Caffeine Security Inc.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Guillaume Ross, and welcome to my course in the Security Event Triage series, Detecting Malicious Traffic with Signature and Session Analysis. I'm a cybersecurity expert, having managed blue teams, security architecture teams, and currently producing training and performing consulting for different clients through my company, Caffeine Security. In this course, we're going to talk about detecting different types of attacks using signatures or a session analysis. Some of the major topics that we'll cover include the pros and cons of each technique, detecting attacks with signatures, using session analysis to detect suspicious behavior, and leveraging metadata to pinpoint suspicious encrypted connections without decrypting them. By the end of this course, you'll know where and how to use both signature and session analysis, as well as which attack techniques can be used to bypass them. Before beginning the course, you should be familiar with network security fundamentals, and from here, you should feel comfortable diving into network security monitoring, signature and session analysis, with further courses on security event triage, incident response, as well as more advanced security operations courses. I hope you'll join me on this journey to learn how to secure our networks with the Security Event Triage series, Detecting Malicious Traffic with Signature and Session Analysis course.