Security Analyst

Cybersecurity Analyst is one of the high demand job roles by the reputed organizations for their security positions.

Course Overview

A security analyst is a member of network security operations team  and is responsible to monitor as well as perform cyber incident  investigation when attack is under way or has been successfully completed with impact to an organization. As security analyst your job is to scrutinize logs and other data to determine techniques as well tactics used to compromise organization systems. .They are expected to spend time researching new cyber attack trends and be aware of the threat landscape.

During this role you are responsible for evidence gathering, handling incidents and support audit assessments. You shall maintain data and facilitate reports when demanded by an information security compliance officer. 

This course is intended for anyone who carries experience of working with IT networked systems and now wants to acquire the skills to work in the Cybersecurity field as a Cybersecurity Analyst. During this training program you will learn concepts of network security, endpoint protection, log analysis,log correlation & incident response. You will learn about threat intelligence and tools to gather data to analyse as well as prevent an attack. You will be trained to recognize the means and methods of criminals.

Our trainor carries 10+ years of cyber security experience who worked with large enterprises for various cybersecurity projects.

During this course we will equip participants with the Security Incident Event Management (SIEM) and Endpoint Detection & Response (EDR) tools to help address malicious cyber activity in the network while paving the way for a sustainable career. 

What is SIEM

Security Information and Event Management (SIEM) is a software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.SIEM collects security data from network devices, servers, domain controllers, and more. SIEM stores, normalizes, aggregates, and applies analytics to that data to discover trends, detect threats, and enable organizations to investigate any alerts.

SIEM provides two primary capabilities to an Incident Response team:

• Reporting and forensics about security incidents
• Alerts based on analytics that match a certain rule set, indicating a security issue

At its core, SIEM is a data aggregator, search, and reporting system. SIEM gathers immense amounts of data from your entire networked environment, consolidates and makes that data human accessible. With the data categorized and laid out at your fingertips, you can research data security breaches with as much detail as needed.

Course Outline

This course will provide in-depth knowledge on all the core fundamentals of SIEM. You will gain hands-on skills to configure use cases, deploy, and administer ArcSight Enterprise Security Manager (ESM) platform for security operations. You will learn to perform log analysis, log correlation, perform diagnosis, threat intelligence integration, incident investigation and reporting. You will also learn to recover Arcsight SIEM from failure.

Course Duration – 24 hours

Course Content

Module -1 SIEM

• What is  ArcSight Enterprise Security Manager (ESM) software and how it helps Security Analysts in Security Operations.
• UNderstand Arcsight ESM software architecture and components (connector, logger & ESM) role.
• What is correlation?
• What are indicators of compromise (IOC) and Threat Intelligence.
• Arcsight ESM deployment /installation requirement.
• Installing Arcsight
• How to integrate network devices to collect logs for storage and analysis.
• In this course, you learn the methodologies to develop use cases for current business scenarios.
• With the help of ArcSight ESM SIEM console and ArcSight Command Center user interfaces you will learn how to monitor security events.
• Learn how to create filter, setup rules and manage users and ESM resources. 
• How to create custom dashboards for different stake holders.
• You will discover how to tailor standard ArcSight ESM content to acquire, search, and correlate actionable event data. 
• You will learn to perform remedial activities such as incident analysis and stakeholder notification.
• Customize and generate reports for organization stakeholders.

Module -2 EDR

You will learn following with the help of Endpoint Detection and Response capabilities:

• Install EDR on the endpoint windws system
• Configure EDR policies for detection and response.
• Execute malware samples on the system installed with EDR software.
• Learn to search malware activity data search – Forensics investigation or Threat Hunting.
• Capture malware techniques & tactics.
• Record and present alert triage for forensics investigation.
• Contain impacted endpoint with malicious activity.