Many schools have embraced and accelerated this migration of data, assets, and services to a cloud-based approach as a result of COVID-19. This migration has introduced the need for a Secure Access Services Edge (SASE) implementation that introduces a flexible security approach without impacting learning or productivity. Cisco’s security solutions provide visibility and policy enforcement that are identity-centric, cloud-native, and globally distributed.
In this ITsavvy workshop, you will learn how the components of Cisco’s SASE solutions provide visibility, simplicity and efficiency for SecOps teams. You will leverage these tools as you research real-world attack scenarios executed by malicious actors. You will learn the role of these tools in incident response, threat hunting and event analysis. Meet the facilitator for the workshop, Bill O’Malley
These solutions include:
- Cisco AMP for Endpoints (A4E)
- Cisco AMP Threat Grid (TG)
- Cisco Email Security Appliance (ESA)
- Duo Security
- SecureX Threat Response (SXTR)
- Cisco Umbrella
A secondary device is highly encouraged.
What are the skill requirements?
You do not need an in-depth understanding of security operations or Cisco security products. The labs provide an easy-to-follow, step-by-step guide to understanding today’s threat landscape and successfully securing your network before, during, and after an attack. Access to all the required products and tools will be provided.
All students completing the workshop have the potential to earn 8 CPE credits and receive a certificate of completion!
Lab Scenarios
Silence – Detect:
The activities of the APT known as “Silence” have drawn the interest of the C-suite in your industry. Have they gotten into your environment? How would you know if they had? In this module, you are going to find some observables related to Silence, as well as get an idea of the Tactics, Techniques, and Procedures (TTP’s) the adversaries are using.
Silence – Scope and Contain:
As you progress through the modules, you will find that your boss’ fears were not unfounded; you will find that you have Silence running in your environment. How will you combat the TTP’s? How do you detect evidence of Living-off-the-Land techniques?
Silence – Remediate:
You successfully removed Silence’s activity on the compromised machine and prevented new outbreaks across your environment. Now, it’s time to ensure that the machine(s) affected by it are back to normal. Using the MITRE ATTACK framework of this adversary, can you find all the breadcrumbs left by them?
Matthew Butler