SEC541: Cloud Security Attacker Techniques, Monitoring, and Threat Detection

Overview

Overview

Duration 5 days
Course Time 9.00am - 5.00pm
Enquiry Click here to contact us

This course is delivered by SANS Institute.

SEC541 is a cloud security course that investigates how attackers are operating against Amazon Web Services (AWS) and Microsoft Azure environments, the attacker's characteristics, and how to detect and investigate suspicious activity in your cloud infrastructure. You will learn how to spot the malice and investigate suspicious activity in your cloud infrastructure. In order to protect against cloud environment attacks, an organization must know which types of attacks are most likely to happen in your environment, be able to capture the correct data in a timely manner, and be able to analyze that data within the context of their cloud environment and overall business objectives.


 


Key Takeaways

Key Takeaways

At the end of this course, the participants will be able to:

BUSINESS TAKEAWAYS:

  • Decrease the average time an attacker is in your environment
  • Demonstrate how to automate analytics, thus reducing time
  • Help your organization properly set up logging and configuration
  • Decreases risk of costly attacks by understanding and leveraging cloud specific security services
  • Lessen the impact of breaches that do happen
  • Learn how to fly the plane, not just the ability to read the manual

SKILLS LEARNED:

  • Research attacks and threats to cloud infrastructure and how they could affect you
  • Break down a threat into detectable components
  • Effectively use AWS and Azure core logging services to detect suspicious behaviors
  • Make use of cloud native API logging as the newest defense mechanism in cloud services
  • Move beyond the cloud-provided Graphic User Interfaces to perform complex analysis
  • Perform network analysis with cloud-provided network logging
  • Understand how application logs can be collected and analyzed inside the cloud environment
  • Effectively put into practice the AWS and Azure security specific services
  • Integrate container, operating system, and deployed application logging into cloud logging services for more cohesive analysis
  • Centralize log data from across your enterprise for better analysis
  • Perform inventory of cloud resources and sensitive data using scripts and cloud native tooling
  • Analyzing Microsoft 365 activity to uncover threats
  • Ability to leverage cloud native architecture to automate response actions to attacks

Who Should Attend

Who Should Attend

Anyone who performs monitoring, threat detection, incident response, or is responsible for logging in a cloud environment, including:
• Security Analysts
• Security Engineer
• Security Architects
• Vulnerability Assessor
• Incident Responders

NICE Framework Job Roles
• Cyber Defense Analyst: PR-CDA-001
• Cyber Defense Infrastructure Support Specialist: PR-INF-001
• Cyber Defense Incident Responder: PR-CIR-0001
• Adversary Emulation Specialist / Red Teamer: PR-VAM-001
• Threat/Warning Analyst: AN-TWA-001

Prerequisites
Students should be familiar with AWS or Azure and have worked with them hands-on, especially security professionals working in the cloud security field who understand basic threats and attack vectors.

The course assumes that students can understand or do the following without help:

  • Understand basic cloud resources such as virtual machines, storage services, and Identity Access Management
  • Hands-on experience in the command line, as much of the labs will be leveraging a Linux command line console.
  • Understand how identity access roles/policies work in cloud environments
  • Understand basic cloud networking capabilities

ICT and SS Competency Framework

ICT and SS Competency Framework

As part of the ICTCF, this course falls under the Apps Development cluster and tagged to the following competencies:
  • Apps Development: Application Security Testing 
  • Cybersecurity: Cloud Security
The course is mapped to the following job roles:
  • Software Engineer
  • DevOps Engineer
  • Quality Engineer
  • Cybersecurity Engineer

Course Structure

Course Structure

This course will cover the following topics in order of day:

  1. Management Plane and Networking Logging
  2. Computer and Cloud Services Logging
  3. Cloud Services and Data Discovery
  4. Microsoft Ecosystem
  5. Automate Response Actions and CloudWars

Instructors

Instructors


Fees

Fees


Full Fee

Full course fee 

S$11060

7% GST on nett course fee

S$774.20

Total nett course fee payable, including GST S$11834.20

With effect till 31 Dec 2022


Full Fee

Full course fee 

S$11060

8% GST on nett course fee

S$884.80

Total nett course fee payable, including GST S$11944.80

With effect from 1 Jan 2023 till 31 Dec 2023



Full Fee

Exam fee (exl. GST)

S$1328.60

Total exam fee payable, including 7% GST S$1421.60

With effect till 31 Dec 2022


Full Fee

Exam fee (exl. GST)

S$1328.60

Total exam fee payable, including 8% GST S$1434.89

With effect from 1 Jan 2023 till 31 Dec 2023


Note:

Additional terms and conditions apply for this course. For more information, visit https://www.sans.org/mlp/digital-academy-govtech-singapore/

Upcoming Classes

Upcoming Classes

Class 1

Duration: 5 days

22 May 2023 to 26 May 2023 (Full Time)

When :
May:
22, 23, 24, 25, 26

Time : Day 1: 8.30am to 5pm; Day 2-5: 9am to 5pm
Registration:

Class 2

Duration: 5 days

13 Nov 2023 to 17 Nov 2023 (Full Time)

When :
Nov:
13, 14, 15, 16, 17

Time : Day 1: 8am to 4.30pm; Day 2-5: 8.30am to 4.30pm
Registration:

How To Register

How To Register


Agency-sponsored

Step 1 Apply through your organisation's training request system

Step 2 Your organisation's training request system (or relevant HR staff) confirms your organisation's approval for you to take the course.

Your organisation will send registration information to the academy.

Organisation HR L&D or equivalent staff can click here for details of the registration submission process.


Step 3 The Digital Academy will inform you whether you have been successful in enrolment.