Security Analytics 8.2.5 Administration

Course Description

The Symantec Security Analytics 8.2.5 Administration course is designed for participants who want to learn how to use the Symantec Security Analytics platform to perform various types of network-based monitoring and forensic analysis, including incident response investigation, increased real-time situational awareness, and continuous monitoring for indicators of compromise (IOCs) and advanced persistent threats (APTs).

Prerequisites

This course assumes that students have a solid understanding of networking concepts, such as local-area networks (LANs), the Internet, security, and IP protocols.

Target Audience

Hands-On

This course includes practical hands-on exercises that enable you to test your new skills and begin to use those skills in a working environment

 

Learning Objectives

By the completion of this course, you will be able to-

  • Understand key concepts of network forensics, with a focus on threat hunting and incident response
  • Use basic and advanced filtering techniques to assist in reducing response time by narrowing down searches for specific data
  • Perform detection of potential security incidents hidden in network traffic through file and artifact extraction
  • Improve incident response through data enrichment and integrated threat intelligence services
  • Identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident 
  • Discover how Security Analytics' open API enables integration with existing Symantec and third-party security solutions

Content Outline

This module will introduce Symantec Security Analytics and why the network visibility that Security Analytics provides is critical in protecting business operations.

  • This module will introduce computer forensics, with a focus on modern network forensics concepts. It will discuss terminology and common methods and tools used in the SOC today.

This module will talk about what present-day cyber-attacks look like and the core challenges around discovering and resolving these attacks. It will cover how the cyber kill-chain methodology can be used in combination with threat hunting techniques to interrupt ongoing attacks. This module will also discuss the fundamentals of incident response, including terminology and core concepts used when performing remediation of discovered security incidents.

  • This module addresses the planning and solution-design process for deployments of Security Analytics solutions. It identifies the points within a network where Security Analytics can most effectively capture packet data. It will also cover installation options and basic configuration.

This module will discuss the challenges around lengthy incident response times. It will also cover how filtering can assist in reducing response time by narrowing down searches for specific data. It will also demonstrate, with filtering, that removing excess "noise", especially in very large data sets improves overall response time. Best practices for filtering and searching will also be covered.

  • This module will examine the challenges with the detection of potential security incidents hidden in network traffic. It will cover how Security Analytics provides file and artifact extraction from captured packet data. Topics include what artifacts are and how Security Analytics can provide additional context for and process any interesting artifacts that may be found. Use cases that demonstrate contextualization benefits for incident responders and security administrators will also be discussed.
  • This module will talk about best practices for network-based analysis using Security Analytics. This module will also examine how Security Analytics can identify suspicious activity and correlate Indicators of Compromise to an attack vector or specific incident
  • This module will address incident response challenges around inadequate information and cover basic and advanced reporting tools within Security Analytics. Improved incident prevention and response from the enhanced information available will be discussed.
  • This module will discuss how Security Analytics' open API enables integration with existing Symantec and third-party security solutions, providing customers with the valuable context and evidence they lack. Threat intelligence integration will also be examined.
  • This module will provide a review of topics covered in this course.

FAQs

Information security, often referred to as InfoSec, refers to the processes & tools designed & deployed to protect sensitive business information from disruption, modification, destruction, and inspection.

 

When we discuss data & information, we must consider the CIA triad. The CIA triad refers to an information security model constituted of the three main components- confidentiality, integrity and availability. Each piece represents a fundamental objective of information security.

 

Protecting the data that the organization collect & use-

The significance of the data motivated the attackers to steal or corrupt the data. This is important for the integrity and the value of the organization's data. Information security allows the protection of both data in motion and data in rest.

 

Broadcom is a leading provider of enterprise security solutions worldwide leveraging the breadth and depth of expertise in both hardware and software security.

To attend the training session, you should have operational Desktops or Laptops with the required specifications, along with a good internet connection to access the labs. 

 

We would always recommend you attend the live session to practice & clarify the doubts instantly and get more value from your investment. However, if, due to some contingency, you have to skip the class, Radiant Tech learning will help you with the recorded session of that particular day. However, those recorded sessions are not meant only for personal consumption and NOT for distribution or any commercial use.

 

Radiant Tech learning has a data center containing the Virtual Training environment for the purpose of participant hand-on-practice. Participants can easily access these labs over Cloud with the assistance of a remote desktop connection. Radiant virtual labs provide you the flexibility to learn from anywhere in the world and in any time zone. 

The learners will be enthralled as we engage them in real-world and Oriented industry projects during the training program. These projects will improve your skills and knowledge, and you will gain a better experience. These real-time projects will help you a lot in your future tasks and assignments.

You can request a return if you do not desire to enroll in the course.

Yes you can.

 

We use the ideal standards in Internet security. Any data retained is not communicated with third parties.

 

It is recommended but not mandatory. Being acquainted with the primary course material will enable students and the trainer to move at the desired pace during classes. You can access courseware for most vendors.

You can buy online from the page by clicking on "Buy Now". You can view alternate payment methods on the payment options page.

 

Yes, students can pay from the course page.

 

The course completion certification will be awarded to all the professionals who have completed the training program & the project assignment given by your instructor. You can use the certificate in your future job interviews which will surely help you to achieve your dream job.

 

Radiant believes in a practical & creative approach to training & development, which distinguishes it from other activity & developmental platforms. Moreover, training courses are undertaken by some experts with a range of experience in their domain.

 

Radiant team of experts will be available at e-mail support@radianttechlearning.com to answer your technical queries even after the training program.

 

Yes, Radiant will provide you with the most updated high, value & relevant real-time projects & case studies in each training program.

 

Technical issues are unpredictable & might occur with us as well. Participants have to ensure they have access to the required configuration with good internet speed.

 

Radiant Techlearning offers training programs on weekdays, weekends & combination of weekdays & weekends. We provide you with complete liberty to choose the schedule that suits your needs.

Radiant has highly intensive selection criteria for Technology Trainers & Consultants, who deliver you training programs. Our trainers & consultants undergo rigorous technical and behavioural interview and assessment processes before they are on board in the company.

Our Technology experts/trainers & consultants carry deep-dive knowledge in the technical subject & are certified from the OEM.

Our training programs are practically oriented with 70% – 80% hands on the training technology tool.  Our training program focuses on one-on-one interaction with each participant, latest content in curriculum, real-time projects and case studies during the training program.

Our faculty will provide you with the knowledge of each course from the fundamental level in an easy way and you are free to ask your doubts any time from your respective faculty.

Our trainers have patience and ability to explain complex concepts in a simplistic way with depth and width of knowledge.

To ensure quality learning, we provide a support session even after the training program.

 

Send a Message.


  • Enroll