- Security Assessment
- Red Teaming
- Compliance Audit
- Pre-IR Assessment
- Compromise Assessment
- Cyber Education
- GIB Crypto
SOC teams are the first responders of the cybersecurity community. Their role is to quickly determine whether an incident is a false positive or needs to be escalated. They do this with lightning efficiency thanks to their knowledge of the fundamentals of the incident response and remediation processes, including threat hunting, network forensics, and malware detonation. This comprehensive knowledge base is invaluable when handling an emergency.
SOC teams also possess an intimate knowledge of the threat landscape, which they monitor and from which they collect valuable information and indicators of compromise. By keeping up to date with the latest trends, SOC analysts help companies handle passive and active threats quicker and more effectively.quicker and more effectively.
The three-day SOC Analyst course addresses each of the abovementioned functions of a SOC worker.
The course is broken up into three days. The lessons cover a vast array of topics, including the basics of incident response and SOC operations, IoC categorization, hypothesis generation, network forensics, and malware analysis. Each day will include hands-on practice of each new skill learned.
The course is designed for newcomers to the field, but experienced professionals are likely to benefit from the structure it provides to existing skills and knowledge. You may be surprised at how much you’ll learn.
Day 1 will start with a short introduction to current cybersecurity trends, which will give you an understanding of what kind of threat landscape you’ll be jumping into. Next, we’ll explain how a security operations center is structured, what functions it performs, and how it cooperates with other information security departments. We’ll show you the best practices applied by high-performance SOCs and lay out the metrics and requirements you need to set to maximize SOC efficiency (e.g. time frames for response and escalation, dwell time).
Since SOC analysts serve as the first line of defense in a security incident, we’ll explain the basic principles of incident handling, including how to evaluate the severity of incidents and identify false positives. The instructors will give you the tools and methods needed for data collection, and show you how to distinguish between good and bad indicators of compromise (IoCs).
Finally, we’ll touch upon threat hunting and how it’s relevant — and important — for SOCs. You’ll be taught how to apply the scientific method (i.e. hypothesis testing) in threat hunting and which sources of events to search for (i.e. where you find additional information in the system to aid in your hunt).
The day will end with our Hypogame, during which you’ll create your own hypotheses and test them together with your peers and instructor.
Another key to being a successful SOC analyst is a base knowledge of network forensics. You will receive basic information about fundamental network protocols, their fields, their working principles, and how they can be used during attacks. The instructor will explain the features of the traffic collection process and analysis, and how to search for, extract, and analyze artifacts from network traffic. You will then complete exercises as part of which you’ll analyze network traffic dumps.
The last part of the day will be spent on learning the basic principles of intrusion detection systems using Suricata and how to write rules for Suricata and similar systems.
The more angles you consider when analyzing a security incident, the better you’ll be able to understand its severity and scope. To this end, you’ll need to know the basics of searching for and analyzing artifacts at the host level. This is how Day 3 will start. You’ll learn the main sources of artifacts and how to perform an express analysis of Windows-based systems.
We will then take things one step further and you’ll be introduced to sandboxes and how to use them to detect malicious activity. You will learn the basics of malware detonation and practice launching malware in a controlled environment to obtain IoCs. The instructor will also give recommendations on how to extract helpful IoCs from sandbox reports.
Attackers are becoming increasingly clever and are always coming up with new ways of bypassing sandboxes and other technologies. To help you stay one step ahead of them, our course will go over the most common methods used by attackers to bypass sandboxes.
Lecture videos and practical materials used during training
Personal certificate of completion
Valuable information that you can put into practice
Insight on malware analysis and how it can fit in IS practices
Our training courses are based on 1300+ successful investigations worldwide.
All courses are led by GCFA-, EnCE- and MCFE-certified experts.
The course instructors are current Group-IB specialists, which translates to the most up-to-date and first-hand information for course participants.
Practical exercises based on real-life cases make up 70% of the course.
Course materials are regularly updated with new cases from Group-IB’s experience, which ensures that the course program always reflects the latest trends.
Group-IB’s training courses provide a wide range of competencies for creating an effective information security department in any company.
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®