SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

Overview Key Takeaways Who Should Attend ICT and SS Competency Framework Course Structure Instructors Fees Upcoming Classes How To Register

Overview

Duration	5 days
Course Time	9.00am - 5.00pm
Enquiry	Click here to contact us

This course is delivered by SANS Institute.

SEC541 is a cloud security course that investigates how attackers are operating against Amazon Web Services (AWS) and Microsoft Azure environments, the attacker's characteristics, and how to detect and investigate suspicious activity in your cloud infrastructure. You will learn how to spot the malice and investigate suspicious activity in your cloud infrastructure. In order to protect against cloud environment attacks, an organization must know which types of attacks are most likely to happen in your environment, be able to capture the correct data in a timely manner, and be able to analyze that data within the context of their cloud environment and overall business objectives.

Key Takeaways

At the end of this course, the participants will be able to:

BUSINESS TAKEAWAYS:

Decrease the average time an attacker is in your environment
Demonstrate how to automate analytics, thus reducing time
Help your organization properly set up logging and configuration
Decreases risk of costly attacks by understanding and leveraging cloud specific security services
Lessen the impact of breaches that do happen
Learn how to fly the plane, not just the ability to read the manual

SKILLS LEARNED:

Research attacks and threats to cloud infrastructure and how they could affect you
Break down a threat into detectable components
Effectively use AWS and Azure core logging services to detect suspicious behaviors
Make use of cloud native API logging as the newest defense mechanism in cloud services
Move beyond the cloud-provided Graphic User Interfaces to perform complex analysis
Perform network analysis with cloud-provided network logging
Understand how application logs can be collected and analyzed inside the cloud environment
Effectively put into practice the AWS and Azure security specific services
Integrate container, operating system, and deployed application logging into cloud logging services for more cohesive analysis
Centralize log data from across your enterprise for better analysis
Perform inventory of cloud resources and sensitive data using scripts and cloud native tooling
Analyzing Microsoft 365 activity to uncover threats
Ability to leverage cloud native architecture to automate response actions to attacks

Who Should Attend

Anyone who performs monitoring, threat detection, incident response, or is responsible for logging in a cloud environment, including:
• Security Analysts
• Security Engineer
• Security Architects
• Vulnerability Assessor
• Incident Responders

NICE Framework Job Roles
• Cyber Defense Analyst: PR-CDA-001
• Cyber Defense Infrastructure Support Specialist: PR-INF-001
• Cyber Defense Incident Responder: PR-CIR-0001
• Adversary Emulation Specialist / Red Teamer: PR-VAM-001
• Threat/Warning Analyst: AN-TWA-001

Prerequisites
Students should be familiar with AWS or Azure and have worked with them hands-on, especially security professionals working in the cloud security field who understand basic threats and attack vectors.

The course assumes that students can understand or do the following without help:

Understand basic cloud resources such as virtual machines, storage services, and Identity Access Management
Hands-on experience in the command line, as much of the labs will be leveraging a Linux command line console.
Understand how identity access roles/policies work in cloud environments
Understand basic cloud networking capabilities

ICT and SS Competency Framework

As part of the ICTCF, this course falls under the Apps Development cluster and tagged to the following competencies:

Apps Development: Application Security Testing
Cybersecurity: Cloud Security

The course is mapped to the following job roles:

Software Engineer
DevOps Engineer
Quality Engineer
Cybersecurity Engineer

Course Structure

This course will cover the following topics in order of day:

Management Plane and Networking Logging
Computer and Cloud Services Logging
Cloud Services and Data Discovery
Microsoft Ecosystem
Automate Response Actions and CloudWars

Instructors

Fees

	Full Fee
Full course fee	S$11060
7% GST on nett course fee	S$774.20
Total nett course fee payable, including GST	S$11834.20

With effect till 31 Dec 2022

	Full Fee
Full course fee	S$11060
8% GST on nett course fee	S$884.80
Total nett course fee payable, including GST	S$11944.80

With effect from 1 Jan 2023 till 31 Dec 2023

	Full Fee
Exam fee (exl. GST)	S$1328.60
Total exam fee payable, including 7% GST	S$1421.60

With effect till 31 Dec 2022

	Full Fee
Exam fee (exl. GST)	S$1328.60
Total exam fee payable, including 8% GST	S$1434.89

With effect from 1 Jan 2023 till 31 Dec 2023

Note:

Additional terms and conditions apply for this course. For more information, visit https://www.sans.org/mlp/digital-academy-govtech-singapore/

Upcoming Classes

Class 1

Duration: 5 days

22 May 2023 to 26 May 2023 (Full Time)

When :

May:

22, 23, 24, 25, 26

Time : Day 1: 8.30am to 5pm; Day 2-5: 9am to 5pm

Registration:

Class 2

Duration: 5 days

13 Nov 2023 to 17 Nov 2023 (Full Time)

When :

Nov:

13, 14, 15, 16, 17

Time : Day 1: 8am to 4.30pm; Day 2-5: 8.30am to 4.30pm

Registration:

How To Register

For GovTech Officers For WOG Officers

Agency-sponsored

Step 1

Apply through your organisation's training request system

Step 2

Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the course.

Your organisation will send registration information to the academy.

Organisation HR L&D or equivalent staff can click here for details of the registration submission process.

Step 3

The Digital Academy will inform you whether you have been successful in enrolment.