Security Event Triage: Detecting Network Anomalies with Behavioral Analysis

Focused View

Aaron Rosenmund

2:00:52

109 View

Exercise Files

set-detecting-network-anomalies-behavioral-analysis.zip

Module 1 - Course Overview

1. Course Overview.mp4

01:52

Module 2 - Introduction to Network Behavioral Analysis

1. Introduction to Network Behavioral Analysis.mp4

02:34

2. Collecting the Data from Your Network.mp4

01:57

3. Putting NBAD to Work.mp4

05:00

4. Practicing How You Play.mp4

01:36

Module 3 - Frequency Analysis

01. Getting Started with Frequency Analysis.mp4

03:31

02. What Does a Scan Look Like.mp4

02:25

03. Identifying Internal and External Scans.mp4

08:04

04. What Does Beaconing Look Like.mp4

01:37

05. Identifying Beaconing Activity.mp4

05:05

06. What Does Command and Control Look Like.mp4

01:19

07. Identifying Command and Control Behavior.mp4

04:02

08. What Does Brute Force Look Like.mp4

01:18

09. Identifying Brute Force Failures and Success.mp4

03:21

10. Fitting Frequency Analysis into Daily Operations.mp4

03:00

Module 4 - Protocol Analysis

1. Following the Rules and Protocols.mp4

02:35

2. Discovering DNS Command and Control.mp4

11:31

3. Deducing the Activity of Encrypted Web Traffic.mp4

06:57

4. Analyzing SSH Authentication Behavior.mp4

05:40

5. Customizing DHCP Detection for Your Network.mp4

05:43

6. Exploring Other Protocols and Whats Next.mp4

02:34

Module 5 - Population Analysis

1. Introduction to Population Analysis with Machine Learning.mp4

02:20

2. Leveraging Machine Learning to Discover Encrypted Exfiltration.mp4

11:04

3. Investigating Client Device Relationship Anomalies.mp4

03:28

4. Revealing Hidden Connections.mp4

07:04

5. Successfully Integrating Network Triage and Population Analysis.mp4

01:44

Module 6 - Detecting the Anomalies

1. Introducing NBAD to Daily Operations.mp4

03:05

2. Turning Alerts into Triage Worthy Investigations.mp4

01:56

3. Recording the Results of NBAD Triage Methods.mp4

02:55

4. Identifying the Missing Links.mp4

03:50

5. Putting It All in Perspective.mp4

01:45

Description

In this course on network behavioral analysis, you will explore the use of frequency, protocol, and population analysis methodologies to uncover events associated with multiple threat actors intrusions into a simulated enterprise network.

What You'll Learn?

Developing the skills necessary for a security analyst to properly detect and triage advanced network intrusion tactics and techniques requires experience and the use of advanced detection capabilities. Neither of which are easily obtained. In this course, Security Event Triage: Detecting Network Anomalies with Behavioral Analysis, you will learn foundational knowledge required to separate good network traffic from bad and identify a myriad threat actor activity on an enterprise network. First, you will learn how to use frequency analysis to detect command and control, automated logins, and beaconing. Next, you will learn to leverage protocol analysis to identify DNS tunneling, anomalous HTTPS traffic, authentication brute forcing, and DHCP abuse. Finally, you will explore the use of population analysis by harnessing machine learning to identify HTTPS exfiltration and connect the dots associated with enterprise network intrusions. When you are finished with this course, you will have the skills and knowledge of network behavioral analysis needed to detect and triage events found at multiple levels of the cyber kill chain. Create your own network behavioral analysis workstation to follow along using your own environments data using the guide located here: https://github.com/arosenmund/pluralsight/tree/master/NBAD.

This course is part of our Security Event Triage series which leverages MITRE ATT&CK to identify advance persistent threat tactics at all levels of the cyber kill chain.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Cyber Security

Network Security

Information Security

Aaron Rosenmund

Instructor's Courses

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber security workforce and technologies for business and national enterprises alike. In support of the Air National Guard, he contributes those skills part time in various initiatives to defend the nation in cyberspace. Certifications: GIAC GCIA, GIAC GCED, CCNA Cyber Operations, Pentest+, CySa+, CASP www.AaronRosenmund.com @arosenmund "ironcat"

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.