Security Event Triage: Detecting Network Anomalies with Behavioral Analysis

In this course on network behavioral analysis, you will explore the use of frequency, protocol, and population analysis methodologies to uncover events associated with multiple threat actors intrusions into a simulated enterprise network.
Course info
Level
Advanced
Updated
Sep 6, 2018
Duration
2h 1m
Table of contents
Description
Course info
Level
Advanced
Updated
Sep 6, 2018
Duration
2h 1m
Description

Developing the skills necessary for a security analyst to properly detect and triage advanced network intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting Network Anomalies with Behavioral Analysis, you will learn foundational knowledge required to separate good network traffic from bad and identify a myriad threat actor activity on an enterprise network. First, you will learn how to use frequency analysis to detect command and control, automated logins, and beaconing. Next, you will learn to leverage protocol analysis to identify DNS tunneling, anomalous HTTPS traffic, authentication brute forcing, and DHCP abuse. Finally, you will explore the use of population analysis by harnessing machine learning to identify HTTPS exfiltration and connect the dots associated with enterprise network intrusions. When you are finished with this course, you will have the skills and knowledge of network behavioral analysis needed to detect and triage events found at multiple levels of the cyber kill chain. Create your own network behavioral analysis workstation to follow along using your own environments data using the guide located here: https://github.com/arosenmund/pluralsight/tree/master/NBAD. This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.

About the author
About the author

Aaron M. Rosenmund is a cyber security operations and incident response subject matter expert, with a background in federal and business system administration, virtualization and automation.

More from the author
Hunting for Fileless Malware
Intermediate
1h 40m
Dec 18, 2018
More courses by Aaron Rosenmund
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone, my name's Aaron Rosenmund, and welcome to my course: Security Event Triage: Detecting Network Anomalies with Behavioral Analysis. I'm an author evangelist with a focus on incident response and security operations at Pluralsight. In the ever advancing field of security operations, you have the near impossible job of understanding not just the concepts of cyber security, but the ins and outs of network engineering, systems administration, adversary tactics, and everything else that falls under the heading of cyber; so that you can detect and analyze events on the network and systems that you monitor. The Security Event Triage series is designed to quickly expose you to the full spectrum of multi-vector attacks from different threat actors over a multitude of applications, operating systems, and services; to get you the experience that you need separating good from bad to level up quickly. In this course, we're going to cover the timing of computer and human action, the use and abuse of common protocols, as well as the application of machine learning technique, the behavior of different network populations; all to grant you the abilities to detect and triage network events with more accuracy and efficiency. By the end of this course, you'll not only have the knowledge to practically apply these network analysis techniques yourself, but also, how to integrate them into your daily workflow. Before beginning, you should be familiar with the security fundamentals, and from here, you should feel comfortable diving in to additional security event triage with courses on monitoring network application services, detecting system anomalies in machine data, and analyzing live systems, processes, and files. I hope you'll join me on this journey to learn advanced network anomaly detection, with the Security Event Triage: Detecting Network Anomalies with Behavioral Analysis course, at Pluralsight.