Viale Premuda 14, 20129 Milano - academy@digiacademy.it - 0250030724

Corsi Microsoft

Microsoft Security Workshop: Enterprise Security Fundamentals

Codice corso: 40551A
Durata corso: 1gg

Introduzione

This 1-day Instructor-led security workshop provides insight into security practices to improve the security posture of an organization. The workshop examines the concept of Red team – Blue team security professionals, where one group of security pros--the red team--attacks some part or parts of a company’s security infrastructure, and an opposing group--the blue team--defends against the attack. Both teams work to strengthen a company’s defenses. Since the goal of the two teams is to help the business attain a higher level of security, the security industry is calling this function, the Purple team.

This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with this workshop in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.

This 1-day workshop is intended for IT Professionals that require a deeper understanding of Windows Security that wish to increase their knowledge level. This course also provides background in cyber-security prior to taking the other security courses in this track.

Obiettivi del corso

After completing this course, students will be able to:

Describe the current cybersecurity landscape

Describe the assume compromise philosophy

Identify factors that contribute to the cost of a breach

Distinguish between responsibilities of red teams and blue teams

Identify typical objectives of cyber attackers

Describe a kill chain carried out by read teams

Describe the role, goals, and kill chain activities of the blue team in red team exercises

Describe the ways limiting how an attacker can compromise unprivileged accounts.

Describe the methods used to restrict lateral movement.

Describe how telemetry monitoring is used to detect attacks.

Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad.

Describe the primary activities that should be included in organization preparations 

Identify the main principles of developing and maintaining policies

Prerequisiti

In addition to their professional experience, students who take this training should already have the following technical knowledge:

The current cyber-security ecosystem

Analysis of hacks on computers and networks

Basic Risk Management

Struttura del Corso

MODULE 1: Understanding the cyber-security landscape

In this module, you will learn about the current cybersecurity landscape and learn how adopting the assume compromise philosophy, you can you restrict an attacker’s ability to move laterally between information systems and to restrict their ability to escalate privileges within those systems. The current cyber-security landscape is vast and likely impossible for any one individual to comprehend in its entirety. There are, however, several aspects of that landscape to which those interested in the fundamentals of enterprise security should pay attention.

Lessons

After completing this module, students will be able to:

Describe the current cybersecurity landscape

Describe the Assume Compromise Philosophy

Identify factors that contribute to the cost of a breach

MODULE 2: Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration

In this module you will learn the Practice Red team versus Blue team approach to detecting and responding to security threats.

Lessons

Red Team versus Blue Team Exercises

After completing this module, students will be able to:

Distinguish between responsibilities of red teams and blue teams

Identify typical objectives of Cyber Attackers

Describe a Kill Chain carried out by red teams

MODULE 3: Blue Team Detection, Investigation, Response, and Mitigation

In this module you will learn about the Blue Team roles and goals in the attack exercises. You will learn the structure of an attack against an objective (Kill Chain) and the ways limiting how an attacker can compromise unprivileged accounts. You will also learn the methods used to restrict lateral movement that prevent attackers from using a compromised system to attack other systems and how telemetry monitoring is used to detect attacks.

Lessons

After completing this module, students will be able to:

Describe the Blue Team rRole,  and Ggoals, and kill chain activities of the blue team  in the red team exercises

Describe the structure of an attack against an objective (Kill Chain)

Describe the ways limiting how an attacker can compromise unprivileged accounts

Describe the methods used to restrict Lateral Movement

Describe how telemetry monitoring is used to Detect Attacks

MODULE 4: Organizational Preparations

In this module, we will take a closer look at some of them. You will learn about a conceptual model for thinking about the security of information and how to approach information security and to prepare properly including ensuring your organization has a deliberate approach to information security.

Lessons

After completing this module, students will be able to:

Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad

Describe the primary activities that should be included in Organization Preparations

Identify the main principles of developing and Maintaining Policies

Design a high-level approach to mitigating threats

Recommend tools and methodology facilitating tracking down origins of cyberattacks

Provide high level steps of a recovery effort

Recommend methods of preventing cyberattacks

Describe regulatory challenges that result from malware exploits

Lab : Designing a Blue Team strategy

P.IVA 06249920965
C.C.I.A.A. REA: MI - 1880014
Cap. Soc. € 12.000,00

Contatti

Viale Premuda n. 14 ,20129 Milano
Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
Tel.: +39 02 50030 724
Fax.: +39 02 50030 725

© Copyright DI.GI. Academy
Privacy Policy | Cookie Policy

L’area Formazione è certificata ISO 9001