This course provides a comprehensive review of tools, techniques, and procedures for monitoring network events and assets to build a secure network architecture. It then looks at methods for hunting attackers that could bypass designed network defence mechanisms in an enterprise.
Upon successful completion of this course, students will have demonstrated the ability to:
1. Identify, interpret, and evaluate continuous monitoring and cyber threat hunting requirements of organizations of different sizes;
2. Examine deficiencies in existing network architectures to build a defensible architecture that supports continuous monitoring;
3. Leverage different machine learning and data mining techniques to build intelligent data-driven systems for active defence;
4. Integrate legal and ethical requirements and best practices in monitoring network activities; and
5. Work collaboratively in teams to conduct research and communicate rational and reasoned arguments using appropriate methods.
Session 1: Introduction, privacy and ethical issues in network monitoring and threat hunting
Session 2,3: Setting up network monitoring and threat hunting infrastructure
Session 4,5: Applied machine learning for cyber threat detection and analysis
Session 6,7: Network attacks, attack tools and network monitoring
Session 8,9: Proactive network threat hunting and monitoring
Session 10,11: Network events and attack analysis
Session 12: Network vulnerability management and automated threat hunting