CIDR – A comprehensive Threat Hunting and Incident Response Security Training
Cyber attackers are outpacing businesses by weaponizing themselves with sophisticated attack patterns and techniques to perform cyber-attacks.
Even though organizations are using high-level AVs, SIEM, and FIM solutions, attacks are happening. Analyzing and interpreting Indicators of Compromise (IoC) in complex infrastructures has become a challenge.
Cyber attackers are leaving no traces of malware making it difficult for organizations to suspect any adverse activity. This, in turn, increases the dwell time and gives intruders an advantage for lateral movement inside networks.
The latest data breach statistics show a staggering increase in the dwell time from 99 days to 101 days between 2017-18. If the time to detect and mitigate a threat is reduced, then the end game of an adversary can be abated, saving the cost for organizations to face aftermaths of data breaches.
More than 77% of breach impact on organizations can be reduced if we can reduce the dwell time to 7 days. In this context, there is a serious need for Threat Hunting and Incident Response training and skills to save organizations from serious cyber-attacks
SISA’s CIDR is an extensive Threat Hunting and Incident Response training program with payments forensics knowledge as the kernel. The training program equips participants with the right methods to introspect and ask the right questions on Incident scoping and containment.
The CIDR security training was designed by Mr. Renju Varghese Jolley, PCI council approved core Payments Forensics Investigator with immense virtuosity of investigating data breaches around the world.
CIDR is a 2-day concept-driven comprehensive coverage of security incident management skills to help participants in proactive threat detection and mitigation. The program also focuses on the importance of effective Security Operations Center to efficiently hunt, detect, and prevent adverse activities. Many grey areas, ignored by most cybersecurity processes today are covered in the CIDR course.
The security training is useful for Security Analysts & Engineers, Red Teaming & Penetration Testing professionals, and IT security professionals. The contents covered in the CIDR training are helpful for CISOs and Information Security officials to conduct effective team reviews to drive efficient security architecture, focusing on reducing dwell time.
- Introduction to the payments world
- Payment Transaction Flow
- Various Payment Systems (Card, SWIFT, NEFT), Protocols, and Payment Security Standards
- Overview of the Payment Risks
- Simulation of a Payment Breach, Breach Case Scenarios
- Payment Security risks
- Threat Hunting
- Introduction, requirement and various methods for threat hunting
- Hands on exercise in conducting active threat hunting
- Incident Response
- How to conduct live analysis of a system
- Quick tour on how to conduct memory analysis, and reverse engineering of a malicious file
- Incident Containment
- How to search for the indicator of compromise across the network and contain the incident
- Closing Discussion
- 10 Steps to be taken during a payment breach
- Compliance Requirements as per Regulatory Mandates
SISA’s CIDR Authorized Trainer:
- Understanding various types of payment risk
- Identify incidents using the network, service logs, OS logs
- Prepare the incident management program for your organization
- How to perform image forensic analysis
- Incident scoping and containment, and Regulatory Mandates
Who should participate?
- Security Operations Center analysts and engineers
- Penetration testers/Red team members
- Network security engineers
- Incident response team members
- Information security consultants and IT auditors
- Managers who want to understand how to create threat hunting teams and intelligence capabilities
- Anyone who is interested in threat hunting and threat intelligence
- The course is designed and updated regularly with the use cases and key learnings from SISA’s in house SIEM solution, EOT
- The trainer of this course is the chief architect of SISA’s EOT and the head for Payments Forensics Investigation department with immense industry experience
- The course is a blend of SIEM and PFI and addresses the grey areas, ignored in most of the current day cybersecurity practices