Learn intrusion detection: Using Zeek and Elastic for incident response
Download as PPTX, PDF0 likes439 views
The document outlines a webcast on intrusion detection, featuring discussions on various detection methods, tool demos, and career roles that require skills in this area. It highlights the importance of visibility and tuning in building effective detections while addressing alert fatigue. Additionally, it promotes Infosec Skills subscription services and scholarships for advancing cybersecurity education.
Learn intrusion detection: Using Zeek and Elastic for incident response
- 2. Meet the panel Infosec Skills author & Founder of Enigma Networkz Jeff Peters Director of Content Marketing Infosec Mark Viglione
- 3. Today’s webcast ⮚ Intrusion detection overview ⮚ MITRE ATT&CK and intrusion detection ⮚ Intrusion detection demo ⮚ Use case ⮚ Tools ⮚ Zeek demo ⮚ Elastic demo ⮚ Q&A
- 4. More cybersecurity training resources Learn intrusion detection with Mark Viglione ⮚ Advanced Intrusion Detection learning path ⮚ Read Mark’s intrusion detection blogs Free resources from Infosec ⮚ Create your free Infosec Skills account ⮚ Infosec Skills Monthly Challenge ⮚ Infosec YouTube channel ⮚ Infosec Accelerate Scholarship
- 5. Intrusion detection overview Intrusion detection is a way to detect if any unauthorized activity is occurring on your network or any of your endpoints/systems. Jobs that require IDS knowledge and skills: ⮚ SOC analyst ⮚ Cybersecurity analyst ⮚ Cyber threat hunter ⮚ Network security engineer ⮚ Systems engineer ⮚ Penetration tester
- 6. Intrusion detection overview: 3 types Signature-based detection involves detecting previously known vulnerabilities and attacks Rule-based detection uses a set of rules to determine whether an activity is suspicious Anomaly detection uses methods like machine learning to detect previously unknown threats
- 7. MITRE ATT&K and intrusion detection
- 8. Intrusion detection demo: Use case and tools Intrusion detection example ⮚ Generating Zeek logs from Brim ⮚ Uploading to Elastic, an open- source security information and event management (SIEM) tool ⮚ Exploring the data, walking through a dashboard and setting up detections Demo
- 9. Intrusion detection: What’s next? Visibility is crucial for blue teams and network defenders. You set up the rule. Now what? ⮚ Tuning: Huge part of building valuable detections ⮚ Alert fatigue: Prioritizing alerts/detections ⮚ Choice of tools: Many different tools, how to choose?
- 10. Questions?
- 11. 15 scholarships. 5 categories. $225,000+ value.
- 12. Learn cybersecurity with Infosec Skills Infosec Skills subscription: ➢ 190+ role-based learning paths (e.g., Ethical Hacking, Digital Forensics, Advanced Intrusion Detection) ➢ 100s of hands-on labs in cloud-hosted cyber ranges ➢ Custom certification practice exams and skill assessments aligned to key cybersecurity roles Infosec Skills live boot camp: ➢ Live, instructor-led training (in-person or live online) ➢ Free annual Infosec Skills subscription ➢ 1-year extended access to all boot camp video replays and materials ➢ Exam voucher and Exam Pass Guarantee infosecinstitute.com/skills
- 13. Free year of Infosec Skills And the winner for a one-year subscription to Infosec Skills is … infosecinstitute.com/skills (Valued at $599)
- 14. About us Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. www.infosecinstitute.com