Event details

Mandiant Academy Training Event

  • Course: Protecting the Perimeter: Practical Network Enrichment (on-demand)
  • Date: 3 months to complete from the date of enrollment (not from the date of first login)
  • Cost: $2,000 USD or 2 units
  • Delivery Method: On-demand (self-paced / web-based training)
  • Location: Mandiant Academy learning platform

At a glance

This 8-hour training track provides practical knowledge about network traffic analysis and how to leverage cyber threat intelligence (CTI) to enrich detections and improve visibility. Participants explore five proven methodologies to network traffic analysis, including packet capture, network flow, protocol, baseline and behavioral analysis, and historical analysis.

Using industry standard tools, this track demonstrates how each methodology improves by applying CTI and how analytical tradecraft enhances investigations. The track is divided into 4 courses, each about 2 hours long:

  1. Decoding Network Defense
  2. Analyzing the Digital Battlefield
  3. Insights into Adversaries
  4. The Defender's Arsenal

Course goals

After completing this course, learners should be able to:

  • Explain the need for and importance of network traffic analysis.
  • Understand how cyber threat intelligence enriches network telemetry and associated data sources.
  • Conduct the five most common methods of complementary network traffic analysis to identify threatening activity, behaviors, and patterns.
  • Identify anomalous network activity that may represent malicious influence or interference by threat actors.
  • Recognize the basic functions of network traffic analysis tools including:
    • Augury
    • Censys
    • GreyNoise
    • Netflow
    • RITA
    • Shodan
    • TCPDump
    • tshark
    • urlscan.io
    • Wireshark
    • Zeek

Course outline

The Track consists of the following courses, with demonstrations included throughout.

  1. Decoding Network Defense: This course sets the scene for what Network Analysis entails and refreshes participants on foundational cyber threat intelligence principles and processes. The five methodologies and processes that form the backbone of Network Analysis are explained in brief.
  2. Analyzing the Digital Battlefield: This course provides detail on three of the five methodologies and processes: Packet Capture Analysis, Flow Analysis, and Protocol Analysis. Using common tools, this course demonstrates how each methodology is improved through the use of added intelligence.
  3. Insights into Adversaries: This course covers the remaining two methodologies: Baseline and Behavior Analysis, and Historical Analysis. As the previous course, The improvement of the methodologies through infusion of intelligence are demonstrated using tooling.
  4. The Defender's Arsenal: Participants are introduced to common tools within the Network Analysis discipline that require a good grasp of intelligence principles to optimize their use.

Who this course helps

This course was designed by intelligence professionals for intelligence professionals, but most security-oriented roles will benefit. Professionals who regularly monitor networks, triage incidents, or need to operationalize intelligence will benefit the most from this course.

Participant requirements

This course assumes participants understand foundational intelligence terms and concepts including:

  • The varying forms of cyber threats and their impact on computing and business operations, from both malicious outsiders to trusted insiders.
  • Computer networks, including how they are formed, operate, and interact within a professional working environment.
  • Cyber threat intelligence terminology and a working-knowledge of analytical tradecraft.
  • The general roles and responsibilities of network defense functions like the security operations center (SOC), incident response (IR), and vulnerability management.

Duration

8 hours (about 2 hours per module)

What to bring

Participants should bring their own laptop computer with the latest browser of choice and the ability to connect to the internet. Participants do not require access to the tools demonstrated in this track; however, access to the tools will significantly improve the learning experience and knowledge retention.