Performing CyberOps Using Cisco Security Technologies (CBRCOR)

Home
Courses
CISCO
CCNP CyberOps Cisco Security Technologies CBRCOR

The Performing CyberOps Using Cisco Security Technologies (CBRCOR) v1.0 course covers cybersecurity operations fundamentals, methods, and automation.
The knowledge you gain in this course will prepare you for the role of Information Security Analyst on a Security Operations Center (SOC) team.
You will learn foundational concepts and their application in real-world scenarios, and how to leverage playbooks in formulating an Incident Response (IR).
The course shows you how to use automation for security using cloud platforms and a SecDevOps methodology.
You will learn the techniques for detecting cyberattacks, analyzing threats, and making appropriate recommendations to improve cybersecurity.

Expand your knowledge in the following areas:
Monitoring for cyberattacks
Analyzing high volume of data using automation tools and platforms—both open source and commercial
Accurately identifying the nature of attack and formulate a mitigation plan
Scenario-based questions; for example, using a screenshot of output from a tool, you may be asked to interpret portions of output and establish conclusions

Course Outline

Module 1: Fundamentals

Interpret the components within a playbook
Determine the tools needed based on a playbook scenario
Apply the playbook for a common scenario (for example, unauthorized elevation of privilege, DoS and DDoS, website defacement)
Infer the industry for various compliance standards (for example, PCI, FISMA, FedRAMP, SOC, SOX, PCI, GDPR, Data Privacy, and ISO 27101)
Describe the concepts and limitations of cyber risk insurance
Analyze elements of a risk analysis (combination asset, vulnerability, and threat)
Apply the incident response workflow
Describe characteristics and areas of improvement using common incident response metrics
Describe types of cloud environments (for example, IaaS platform)
Compare security operations considerations of cloud platforms (for example, IaaS, PaaS)

Module 2: Techniques

Recommend data analytic techniques to meet specific needs or answer specific questions
Describe the use of hardening machine images for deployment
Describe the process of evaluating the security posture of an asset
Evaluate the security controls of an environment, diagnose gaps, and recommend improvement
Determine resources for industry standards and recommendations for hardening of systems
Determine patching recommendations, given a scenario
Recommend services to disable, given a scenario
Apply segmentation to a network
Utilize network controls for network hardening
Determine SecDevOps recommendations (implications)
Describe use and concepts related to using a Threat Intelligence Platform (TIP) to automate intelligence
Apply threat intelligence using tools
Apply the concepts of data loss, data leakage, data in motion, data in use, and data at rest based on common standards
Describe the different mechanisms to detect and enforce data loss prevention techniques
Recommend tuning or adapting devices and software across rules, filters, and policies
Describe the concepts of security data management
Describe use and concepts of tools for security data analytics
Recommend workflow from the described issue through escalation and the automation needed for resolution
Apply dashboard data to communicate with technical, leadership, or executive stakeholders
Analyze anomalous user and entity behavior (UEBA)
Determine the next action based on user behavior alerts
Describe tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools)
Evaluate artifacts and streams in a packet capture file
Troubleshoot existing detection rules
Determine the tactics, techniques, and procedures (TTPs) from an attack

Module 3: Processes

Prioritize components in a threat model
Determine the steps to investigate the common types of cases
Apply the concepts and sequence of steps in the malware analysis process:
Interpret the sequence of events during an attack based on analysis of traffic patterns
Determine the steps to investigate potential endpoint intrusion across a variety of platform types (for example, desktop, laptop, IoT, mobile devices)
Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs), given a scenario
Determine IOCs in a sandbox environment (includes generating complex indicators)
Determine the steps to investigate potential data loss from a variety of vectors of modality (for example, cloud, endpoint, server, databases, application), given a scenario
Recommend the general mitigation steps to address vulnerability issues
Recommend the next steps for vulnerability triage and risk analysis using industry scoring systems (for example, CVSS) and other techniques

Module 4: Automation

Compare concepts, platforms, and mechanisms of orchestration and automation
Interpret basic scripts (for example, Python)
Modify a provided script to automate a security operations task
Recognize common data formats (for example, JSON, HTML, CSV, XML)
Determine opportunities for automation and orchestration
Determine the constraints when consuming APIs (for example, rate limited, timeouts, and payload)
Explain the common HTTP response codes associated with REST APIs
Evaluate the parts of an HTTP response (response code, headers, body)
Interpret API authentication mechanisms: basic, custom token, and API keys
Utilize Bash commands (file management, directory navigation, and environmental variables)
Describe components of a CI/CD pipeline
Apply the principles of DevOps practices
Describe the principles of Infrastructure as Code

What you will learn

Describe the types of service coverage within a SOC and operational responsibilities associated with each
Compare security operations considerations of cloud platforms
Describe the general methodologies of SOC platforms development, management, and automation
Explain asset segmentation, segregation, network segmentation, micro-segmentation, and approaches to each, as part of asset controls and protections
Describe Zero Trust and associated approaches, as part of asset controls and protections
Perform incident investigations using Security Information and Event Management (SIEM) and/or security orchestration and automation (SOAR) in the SOC
Use different types of core security technology platforms for security monitoring, investigation, and response
Describe the DevOps and SecDevOps processes
Explain the common data formats, for example, JavaScript Object Notation (JSON), HTML, XML, Comma-Separated Values (CSV)
Describe API authentication mechanisms
Analyze the approach and strategies of threat detection, during monitoring, investigation, and response
Determine known Indicators of Compromise (IOCs) and Indicators of Attack (IOAs)
Interpret the sequence of events during an attack based on analysis of traffic patterns
Describe the different security tools and their limitations for network analysis (for example, packet capture tools, traffic analysis tools, network log analysis tools)
Analyze anomalous user and entity behavior (UEBA)
Perform proactive threat hunting following best practices