SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

Overview

This programme is delivered by SANS Institute.

SEC541 is a cloud security course that investigates how attackers are operating against Amazon Web Services (AWS) and Microsoft Azure environments, the attacker's characteristics, and how to detect and investigate suspicious activity in your cloud infrastructure. You will learn how to spot the malice and investigate suspicious activity in your cloud infrastructure. In order to protect against cloud environment attacks, an organisation must know which types of attacks are most likely to happen in your environment, be able to capture the correct data in a timely manner, and be able to analyse that data within the context of their cloud environment and overall business objectives.

Key Takeaways

At the end of this programme, you will be able to:

BUSINESS TAKEAWAYS:

• decrease the average time an attacker is in your environment
• demonstrate how to automate analytics, thus reducing time
• help your organisation properly set up logging and configuration
• decreases risk of costly attacks by understanding and leveraging cloud specific security services
• lessen the impact of breaches that do happen
• learn how to fly the plane, not just the ability to read the manual

SKILLS LEARNED:

• research attacks and threats to cloud infrastructure and how they could affect you
• break down a threat into detectable components
• effectively use AWS and Azure core logging services to detect suspicious behaviors
• make use of cloud native API logging as the newest defense mechanism in cloud services
• move beyond the cloud-provided Graphic User Interfaces to perform complex analysis
• perform network analysis with cloud-provided network logging
• understand how application logs can be collected and analyzed inside the cloud environment
• effectively put into practice the AWS and Azure security specific services
• integrate container, operating system, and deployed application logging into cloud logging services for more cohesive analysis
• centralise log data from across your enterprise for better analysis
• perform inventory of cloud resources and sensitive data using scripts and cloud native tooling
• analyse Microsoft 365 activity to uncover threats
• gain ability to leverage cloud native architecture to automate response actions to attacks

Who Should Attend

• Please refer to the job roles section.
• ICT&SS Professional who performs monitoring, threat detection, incident response, is responsible for logging in a cloud environment or in a Security Analyst, Security Engineer, Security Architect, Vulnerability Assessor or Incident Responder role.
• ICT&SS Professiobal in a NICE Framework job role such as 
  
  • Cyber Defense Analyst: PR-CDA-001
  • Cyber Defense Infrastructure Support Specialist: PR-INF-001
  • Cyber Defense Incident Responder: PR-CIR-0001
  • Adversary Emulation Specialist / Red Teamer: PR-VAM-001
  • Threat/Warning Analyst: AN-TWA-001