• Online, Instructor-Led
  • Classroom
Course Description

An Intrusion Detection/Prevention System (IDS/IPS) can automate the process of identifying attacks
among the thousands of connections on a network. Taught by leaders in network defense who work in
the cybersecurity industry, this course demonstrates how to defend large-scale network infrastructures
by building and maintaining IDS/IPS and mastering advanced signature-writing techniques. With IDS and
trained network security auditors, organizations have a reliable means to prioritize and isolate the most
critical threats in real time.

Learning Objectives

Successful completion of this course will enable students to:

  • Recognize the benefits and limitations of different intrusion detection system types (network-based, host-based, and distributed systems)
  • Identify optimal sensor placement and gaps in coverage
  • Write basic IDS signatures to identify traffic of interest and tune them to reduce false positives
  • Use reassembly and pre-processing engines to automatically reconstruct streams of network data prior to analysis
  • Apply decoding and other techniques to overcome IDS evasion efforts
  • Develop complex signatures employing rule chaining, event filtering and post-detection analysis to identify distributed attacks, multi-stage events, and other more complex threats
  • Use regular expressions to effectively detect variable or morphing attacks
  • Manage rule sets to reduce redundancy and maintain system efficiency

Framework Connections