Cisco® Securing Cisco® Networks with Threat Detection and Analysis (SCYBER) 1.0

Course Overview

This course is designed to teach students how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network and will help prepare students for the Cisco Cybersecurity Specialist exam (600-199 SCYBER).

Who Should Attend

This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.

Suggested Prerequisites

Course Outline

1 - Attacker Methodology

  • Defining the Attacker Methodology
  • Identifying Malware and Attacker Tools
  • Understanding Attacks

2 - Defender Methodology

  • Enumerating Threats, Vulnerabilities, and Exploits
  • Defining SOC Services
  • Defining SOC Procedures
  • Defining the Role of a Network Security Analyst
  • Identifying a Security Incident

3 - Defender Tools

  • Collecting Network Data
  • Understanding Correlation and Baselines
  • Assessing Sources of Data
  • Understanding Events
  • Examining User Reports
  • Introducing Risk Analysis and Mitigation

4 - Packet Analysis

  • Identifying Packet Data
  • Analyzing Packets Using Cisco IOS Software
  • Accessing Packets in Cisco IOS Software
  • Acquiring Network Traces
  • Establishing a Packet Baseline
  • Analyzing Packet Traces

5 - Network Log Analysis

  • Using Log Analysis Protocols and Tools
  • Exploring Log Mechanics
  • Retrieving Syslog Data
  • Retrieving DNS Events and Proxy Logs
  • Correlating Log Files

6 - Baseline Network Operations

  • Baselining Business Processes
  • Mapping the Network Topology
  • Managing Network Devices
  • Baselining Monitored Networks
  • Monitoring Network Health

7 - Incident Response Preparation

  • Defining the Role of the SOC
  • Establishing Effective Security Controls
  • Establishing an Effective Monitoring System

8 - Security Incident Detection

  • Correlating Events Manually
  • Correlating Events Automatically
  • Assessing Incidents
  • Classifying Incidents
  • Attributing the Incident Source

9 - Investigations

  • Scoping the Investigation
  • Investigating Through Data Correlation
  • Understanding NetFlow
  • Investigating Connections Using NetFlow

10 - Mitigations and Best Practices

  • Mitigating Incidents
  • Using ACLs
  • Implementing Network-Layer Mitigations and Best Practices
  • Implementing Link-Layer Best Practices

11 - Communication

  • Documenting Communication
  • Documenting Incident Details

12 - Post-Event Activity

  • Conducting an Incident Post-Mortem
  • Improving Security of Monitored Networks

Enroll Today

This is a 5-day class

Price: $3,750.00
Payment Options

ILT Instructor‑Led Training


GTR  Guaranteed to Run

Class times are listed Eastern time. This class is available for Private Group Training

To sort by location or date, click the ‘When’ and ‘Where’ column headings.

Cart When Time   Where How
03/19/2018 9:00AM - 5:00PM GTR Online LIVE OLL
06/11/2018 9:00AM - 5:00PM GTR Online LIVE OLL

Class times are listed Eastern time
This class is available for Private Group Training