Course Content
The Threat Landscape: Malware and Advanced Persistent Threat
- Introduction to the Threat Landscape
- Changing the Security Mindset
- Building a Security Capability
- Malware: A Definition
- Concepts in Practice: RSA NetWitness Investigator
- Lab: Using Investigator for Analysis
Developing Sources for Malware Analysis
- Building External Data Sources
- Building Internal Sources
- Gathering Data with RSA NetWitness Live
- Reviewing RSA NetWitness Spectrum Data Analysis Techniques
- Concepts in Practice
- Lab: Selecting content resources, investigating malicious code using metadata and creating a custom action
Analysis for Malware and Advanced Persistent Threat
- Digital Evidence
- Defining Advanced Analysis
- Methods for Detecting Malware
- Parsers (Flexparse and SNORT)
- Concepts in Practice - FlexParse for RSA NetWitness
- Lab: Generating a New Parser for RSA NetWitness Decoder
Defining a Forensic Process
- Obtaining Data
- Filtering the Data
- Performing Analysis (Mad or Bad)
- Communicating Results
- Concepts in Practice - Forensic analysis using RSA NetWitness Investigator
- Lab: Conducting and Reporting an Investigation
Automating Malware Detection: RSA NetWitness Spectrum
- Automating Detection Overview
- RSA NetWitness Spectrum Overview
- Analysis Techniques
- Use Case Examples
- Analysis Tips
- Concepts in Practice: RSA NetWitness Spectrum
- Lab: Automating malware analysis with RSA NetWitness Spectrum
Making Risk Decisions and Taking Action
- Defining and Managing Risk
- Building Reports
- Sharing Intelligence using RSA NetWitness
- Taking Action
- Concepts in Practice: Threat Response Collaboration Framework
- Lab: Generating and Sharing Information
Future-Proofing the Enterprise
- Evolution of Enterprise Security
- Continuous Monitoring
- Incident Response
- Security the Cloud
- Accepting the Challenge
Capstone Project
- Participants are presented with a case study to determine what types of malicious activities are happening on an organization's network using a record of the packets that have passed through the network, including documenting the findings and archiving the relevant artifacts in a forensic repository.
- Participants will design a report that they can use to present as evidence to a decision-maker
- Participants will present their findings to the class