This intense three-day training covers the most modern, sophisticated attacks used by advanced persistent threat (APT) actors and teaches students how to engage in effective analysis and incident response against real world threats. Using a virtualized environment that simulates typical IT infrastructure such as network segments, workstations, servers and applications, teams use ThreatSpace to assess their technical capabilities, processes and procedures as they investigate simulated attack scenarios. Experienced incident response practitioners facilitate the exercise and share practical experiences from the field. All exercises are conducted on-site using a cloud-based cyber range.
Learning Objectives
After completing this course, learners should be able to: • Describe primary sources of data in incident response • Perform triage and in-depth analysis of an affected enterprise network • Effectively structure and organize a response team across multiple disciplines • Identify malicious behavior and create useful timelines of activity
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Incident Response