RSA NetWitness Analysis

• Course Overview
• Course Content
• Customer Reviews

Course Overview

---

The RSA NetWitness Analysis training course provides a roadmap for adopting Intelligence-Driven Information Security, following the model outlined in the article, "Getting Ahead of Advanced Threats: Achieving Intelligence-Driven Information Security," a 2012 publication of the Security for Business Innovation Council. RSA NetWitness is used to illustrate the key steps that are critical for incident identification and response. RSA NetWitness Investigator and Informer are used extensively in the hands-on exercises to practice the concepts presented.

Course Content

---

The Threat Landscape   

• Security Challenges - Changing the Security Mindset
• Intelligence-Driven Roadmap
• RSA NetWitness Overview
• RSA NetWitness Investigator Overview
• Concepts in Practice: RSA NetWitness Investigator
• Lab: Basic Analysis using Investigator

The Role of the Analyst   

• The Network Security Analyst
• Three Typical Use Cases
• Developing an Analysis Model
• Full Packet Capture
• Covert Channels
• Actionable Intelligence
• Concepts in Practice: RSA NetWitness Investigator
• Lab: Investigate Security Policy Incidents

Developing Sources   

• Defining and Refining sources
• Accessing Source Data using LIVE Subscriptions
• Accessing Source Data using Custom Feeds
• Accessing Log Data using RSA NetWitness for Logs
• Accessing RSA NetWitness Spectrum Data
• Concepts in Practice: RSA NetWitness Live!, RSA NetWitness for Logs, Intro to RSA NetWitness Spectrum
• Lab: Access Resources using Live Manager, Create Custom Feeds and Filters, Access Log Data for Analysis

Defining a Process   

• Defining a Methodology
• Collecting Evidence
• Screening the Data
• Performing Analysis
• Communicating Results
• Concepts in Practice: RSA NetWitness Visualize

Lab: Create Rules and Create Feeds That Use New Metadata to Screen Data for Analysis   

• Assigning Risk: The Analyst's Role
• Short Term (Crisis Management): IoC
• Long Term (Business Continuity): APT
• Take Action: Informing the Enterprise
• Sharing Intelligence and Sources
• Concepts in Practice: RSA NetWitness Investigator and RSA NetWitness Informer
• Lab: Scenario to Determine the Risk Level with a Packet Capture and Make a Recommendation

Introducing Automation   

• Areas of Automation
• Alerting and Reporting
• Presenting Evidence
• Concepts in Practice : RSA NetWitness Informer
• Lab: Generating Informer Reports

Future-Proofing the Enterprise   

• Evolving Enterprise Security
• Continuous Monitoring
• Securing the Cloud
• Accepting the Challenge

Capstone Project   

• Participants are presented with various use cases that require them to determine what types of information and data elements to look for to identify traffic that fits the use case, determine how best to examine the traffic, and create any filters and reports necessary to resolve or communicate concerns.
• Participants will present their findings to the rest of the class justifying their process and results.

Customer Reviews

---

---

---

...more