Information security managers must have the most efficient tools to detect potential security incidents at their disposal. In this course, you'll explore several tools that can be used to detect anomalies and learn how to take action to mitigate these anomalies.
You'll learn to differentiate intrusion detection from intrusion prevention, before using Snort for network anomaly detection. You'll then examine how honeypots provide insight related to malicious user techniques. Next, you'll analyze various types of Windows logs, before working with logging in Linux.
Lastly, you'll configure data loss prevention in the cloud, view compliance reports, and outline how SIEM and SOAR can be used for incident detection and response.
This course is one of a collection of courses that prepares learners for the Certified Information Security Manager (CISM) certification.
Learning Objectives
{"discover the key concepts covered in this course"}