Program Description

This course teaches the concepts, applications, configuration, and implementation of enterprise network monitor and intrusion prevention systems (IPS) technologies. Built on the prerequisite courses, this course is intended to teach the students the breadth and depth of the topics of SNMP, network management, deep packet inspection, log file analysis, anomaly detection, host and network-based IPS, distributed IPS, and Honeynets/Honeypots.

Modules

Intro to Data Collection

Signature-Based Detection with Snort and Suricata

Planning Data Collection

The Bro-Zeek Platform

The Sensor Platform

Anomaly Based Detection with Statistical Data

Session Data

Using Canary Honeypots for Detection

Full Packet Capture Data

Packet Analysis

Packet String Data

Friendly and Threat Intelligence

Detection Mechanism, Indicators of Compromise and Signatures

The Analysis Process

Reputation-Based Detection