Securing Cisco Networks with Threat Detection and Analysis (SCYBER) 1.2

600-199 SCYBER
Retired: July 27, 2018

Course Duration:

5 Days


It is recommended, but not required, that students have the following knowledge and skills before attending this course:

  • CCNA Basic Cisco IOS Software switch and router configuration skills
  • CCNA Routing and Switching Certification
  • CCNA Security Certification

Course Content

This lab-intensive training course prepares you to hit the ground running as an entry level security analyst team member. The course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand cyber security concepts and to recognize specific threats and attacks on your network. It will teach you how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network. The job role for a security analyst will vary from industry to industry and differ in the private sector versus the public sector.
Upon completing this course, students will have the following knowledge and skills:

  • Describe the tools, techniques, and thought processes of an attacker
  • Describe the features, functions, and benefits of an SOC
  • Identify the common sources used to detect an incident, as well as the actions that should be considered in response
  • Perform basic packet capture and packet analysis
  • Enable syslog on Cisco devices and to perform basic network log analysis
  • Discuss the relevance of baselining and some of the most useful steps to be used when deploying a system
  • Discuss the policies and roles in the typical SOC, as well as some of the common tools used by SOC members
  • Discuss techniques used to identify anomalies and correlate log entries
  • Understand techniques used to scope, document, and analyze investigations
  • Discuss the methodology behind mitigations
  • Discuss documentation and communication during an incident
  • Discuss post-incident considerations

Course Outline

  • Course Introduction
  • Module 1: Attacker Methodology
  • Module 2: Defender Methodology
  • Module 3: Defender Tools
  • Module 4: Packet Analysis
  • Module 5: Network Log Analysis
  • Module 6: Baseline Network Operations
  • Module 7: Incident Response Preparation
  • Module 8: Security Incident Detection
  • Module 9: Investigations
  • Module 10: Mitigations and Best Practices
  • Module 11: Communication
  • Module 12: Post-Event Activity

Who Should Attend

  • This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks