Securing Cisco Networks with Threat Detection and Analysis

This course is designed to teach you how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. Whilst the requirements for a security analyst will vary from industry to industry and differ in the private sector versus the public sector the base requirements will remain the same.

Czas trwania

5 dni

cena szkolenia netto

 Skontaktuj się z nami

Kod szkolenia


Profil uczestnika

This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.


Attacker Methodology

  • Defining the Attacker Methodology
  • Identifying Malware and Attacker Tools
  • Understanding Attacks

Defender Methodology

  • Enumerating Threats, Vulnerabilities and Exploits
  • Defining SOC Services
  • Defining SOC Procedures
  • Defining the Role of a Network Security Analyst
  • Identifying a Security Incident

Defender Tools

  • Collecting Network Data
  • Understanding Correlation and Baselines
  • Assessing Sources of Data
  • Understanding Events
  • Examining User Reports
  • Introducing Risk Analysis and Mitigation

Packet Analysis

  • Identifying Packet Data
  • Analyzing Packets Using Cisco IOS Software
  • Accessing Packets in Cisco IOS Software
  • Acquiring Network Traces
  • Establishing a Packet Baseline

Network Log Analysis

  • Using Log Analysis Protocols and Tools
  • Exploring Log Mechanics
  • Retrieving Syslog Data
  • Retrieving DNS Events and Proxy Logs
  • Correlating Log Files

Baseline Network Operations

  • Baselining Business Processes
  • Mapping the Network Topology
  • Managing Network Devices
  • Baselining monitored Networks
  • Monitoring Network Health

Incident Response Preparation

  • Defining the Role of the SOC
  • Establishing Effective Security Controls
  • Establishing an Effective Monitoring System

Security Incident Detection

  • Correlating Events Manually
  • Correlating Events Automatically
  • Assessing Incidents
  • Classifying Incidents
  • Attributing the Incident Source


  • Scoping the Investigation
  • Investigating Through Data Correlation
  • Understanding NetFlow
  • Investigating Connection USing NetFlow

Mitigations and Best Practices

  • Mitigating Incidents
  • Cisco Cyber Threat Defense Overview
  • Implementing Cisco IOS ACLs and Zone-Based Policy Firewall
  • Implementing Network-Layer Mitigations and Best Practices
  • Implementing Link-Layer Best Parctices


  • Documenting Incident Details
  • Communicating Incidents

Post-Event Activity

  • Conducting an Incident Post-Mortem
  • Improving Security of Monitored Networks


  • Lab 1: Assess Understanding of Network and Security Operations
  • Lab 2: Exploring the Remote Lab Environment
  • Lab 3: Enabling Netflow Export and Syslog
  • Lab 4: Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
  • Lab 5: Capturing Packets using the TCPDUMP
  • Lab 6: Examining Logs Manually
  • Lab 7: Enabling AAA for Router SSH management Access
  • Lab 8: Enabling SMNPv3 on the Pod Router and Pod Switch
  • Lab 9: Performing NMAP Scans and Using NetCat to Connect to Open Ports
  • Lab 10: Analyzing PCAP File with Suspicious Activities Using Wireshark
  • Lab 11: Examining Event Logs Manually
  • Lab 12: Examining Event Logs Using Splunk
  • Lab 13: Analyzing NetFlow Data with LancopeStealthWatch
  • Lab 14: Implementing IOS ZOne-Based Firewall
  • Lab 15: Incident Response

Wymagane przygotowanie uczestników

  • CCNA Certification (ICND1 and ICND2 ) as a minimum, CCNA Security (ICND1 and IINS) is a plus
  • Basic Understanding of CIsco Security Product Features
  • Basic Understanding of Open-Source and Commercial Network Security Tools
  • Basic Understanding of Microsoft Windows and Unix/Linux operating systems, desktops and servers.
  • Basic Understanding of the Open Systems Interconnection (OSI) model and TCP/IP


  • Monitor security events
  • Configure and tune security event detection and alarming
  • Analyze traffic for security threats
  • Respond appropriately to security incidents
Zapisz się