EC-Council Certified SOC Analyst (CSA v2)

Price
$2,097.00 USD

Duration
3 Days

 

Delivery Methods
Virtual Instructor Led
Private Group

Add Exam Voucher
$250.00

Request More Information
Download Course Details
Course Details Only
Course Details & Schedule
Skip to Class Dates

Course Overview

The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

CSA is a training and credentialing program that helps the candidate acquire trending and in-demand technical skills through instruction by some of the most experienced trainers in the industry. The program focuses on creating new career opportunities through extensive, meticulous knowledge with enhanced level capabilities for dynamically contributing to a SOC team. Being an intense 3-day program, it thoroughly covers the fundamentals of SOC operations, before relaying the knowledge of log management and correlation, SIEM deployment, advanced incident detection, and incident response. Additionally, the candidate will learn to manage various SOC processes and collaborate with CSIRT at the time of need.

As the security landscape is expanding, a SOC team offers high quality IT-security services to actively detect potential cyber threats/attacks and quickly respond to security incidents. Organizations need skilled SOC Analysts who can serve as the front-line defenders, warning other professionals of emerging and present cyber threats.

Who Should Attend?

  • SOC Tier 3 Analyst
  • SOC Security Analyst
  • SOC Analyst I
  • Cyber Security Analyst
  • Security Incident Response Analyst / SOC Analyst
  • Information Assurance Compliance Analyst
  • Junior SOC Analyst
  • Junior Program Analyst
  • Junior Program Analyst
  • SOC Tier 2 Analyst
  • Cyber Incident Response Analyst / SOC Analyst
  • Junior Monitoring Analyst
  • Security Analyst I
  • Jr. Vulnerability Analyst
  • Global Information Security SOC Team Lead
  • Program Analyst
  • Top-rated instructors: Our crew of subject matter experts have an average instructor rating of 4.8 out of 5 across thousands of reviews.
  • Authorized content: We maintain more than 35 Authorized Training Partnerships with the top players in tech, ensuring your course materials contain the most relevant and up-to date information.
  • Interactive classroom participation: Our virtual training includes live lectures, demonstrations and virtual labs that allow you to participate in discussions with your instructor and fellow classmates to get real-time feedback.
  • Post Class Resources: Review your class content, catch up on any material you may have missed or perfect your new skills with access to resources after your course is complete.
  • Private Group Training: Let our world-class instructors deliver exclusive training courses just for your employees. Our private group training is designed to promote your team’s shared growth and skill development.
  • Tailored Training Solutions: Our subject matter experts can customize the class to specifically address the unique goals of your team.

Agenda

1 – Security Operations and Management

  • Understand the principles of security management and identify the role of security operations in effective security management
  • Discuss Security Operations Center (SOC) and analyze its importance, capabilities, and functions.
  • Describe the SOC workflow flow and identify the People, Process and Technology involved in SOC
  • Compare different SOC models and their respective advantages and disadvantages
  • Explain the concept of SOC maturity models and evolution of SOC
  • Identify KPI's, challenges and implement best practices for effective SOC operations and management

2 – Understanding Cyber Threats, IoCs, and Attack Methodology

  • Understand Cyber threats and its impact on Cyber Security
  • Understand Network Attack Tactics, Techniques, and Procedures (TTPs)
  • Understand Host Attack Tactics, Techniques, and Procedures (TTPs)
  • Understand Application Attack Tactics, techniques, and Procedures (TTPs)
  • Understand Social Engineering Attack Tactics, Techniques, and Procedures (TTPs)
  • Understand Email Attack Tactics, Techniques, and Procedures (TTPs)
  • Understand Insider Attack Tactics, Techniques, and Procedures (TTPs)
  • Understand and Recognize the Indicators of Compromise (IoCs) of Various Attacks
  • Understanding Attack Methodology and Frameworks

3 – Log Management

  • Understand Log Management its importance and approaches
  • Understand and Analyze Local Logging Practices: Windows, Linux and Mac Logs
  • Understand and Analyze Local Logging Practices: Firewall and Router Logs
  • Understand and Analyze Local Logging Practices: Web Server, Database, Email
  • Understand and Implement Centralized Logging

4 – Incident Detection and Triage

  • Understand the Importance and Architecture of Security Information and Event Management (SIEM)
  • Understand Types of SIEM Solutions and their advantages and Disadvantages
  • Understand Deploying a SIEM solution
  • Understand SIEM Use case Management
  • Learn Incident Detection with SIEM
  • Understand the use of AI for generating SIEM rule
  • Understand Handling Alert Triaging and Analysis
  • Understand Visualization and Dashboard Management in SOC
  • Understand SOC Reports

5 – Proactive Threat Detection

  • Learn Fundamental Concepts of Threat Intelligence
  • Understand Types and Strategies of Threat Intelligence
  • Understand the Various Threat Intelligence Sources
  • Understand Threat Intelligence Platforms (TIP)
  • Understanding Threat Intelligence-Driven SOC and Its Benefits to SOC Team
  • Demonstrate the Use of Threat Intelligence Use Cases to Enhance Incident Response
  • Understand Threat Hunting and its Significance
  • Understand Threat Hunting Frameworks
  • Demonstrate Threat Hunting using PowerShell, Yara, and Threat Hunting Tools

6 – Incident Response

  • Understand about Incident Response
  • Learn Various Phases in Incident Response Process
  • Learn to Responding to Network Security Incidents
  • Learn to Responding to Application Security Incidents
  • Learn to Responding to Email Security Incidents
  • Learn to Respond to Insider Incident
  • Learn to Respond to Malware Incidents
  • Understanding the Role of SOC Playbooks in Incident Response
  • Understand Enhanced Incident Response using Endpoint Detection and Response (EDR) / Extended Detection and Response (XDR)

7 – Forensics Investigation and Malware Analysis

  • Understand about Forensic Investigation
  • Investigating Network Security Incidents
  • Learn to Investigate Application Security Incidents
  • Learn to Investigate Email Security Incidents
  • Learn to Investigate Insider Incidents
  • Understand Malware Analysis
  • Learn to Perform Static Malware Analysis
  • Learn to Perform Dynamic Malware Analysis

8 – SOC for Cloud Environments

  • Introduction to Cloud SOC
  • Understand Azure SOC Architecture, Microsoft Sentinel and Security Tools
  • Understand AWS SOC Architecture, AWS Security Hub and security tools
  • Understand Google Cloud Platform (GCP) SOC Architecture, Security Command Center, Chronicle and security tools
 

Get in touch to schedule training for your team
We can enroll multiple students in an upcoming class or schedule a dedicated private training event designed to meet your organization’s needs.

               
 



Do You Have Additional Questions? Please Contact Us Below.

contact us contact us 
Contact Us about Starting Your Business Training Strategy with New Horizons