> > > SCYBER

Securing Cisco Networks with Threat Detection and Analysis (SCYBER)


Course Content

The Securing Cisco Networks with Threat Detection and Analysis (SCYBER) v1.2 combines lecture materials and hands-on labs throughout to make sure you are able to understand cybersecurity concepts and recognize specific network threats and attacks. You will learn how a network security operations center (SOC) works and how to begin to monitor, analyze, and respond to security threats within the network.

This lab-intensive training course prepares you to take the Cyber Security Specialist Certification exam (exam ID = 600-199).

Who should attend

This course is designed for technical professionals who need to know how to monitor, analyze, and respond to network security threats and attacks.


  • CCNA equivalent knowledge is preferred
  • Basic understanding of Cisco security product features
  • Basic understanding of open-source and commercial network security tools
  • Basic understanding of Microsoft Windows and UNIX/Linux operating systems, desktops, and servers
  • Basic understanding of the Open Systems Interconnection (OSI) model and TCP/IP

Course Objectives

Upon completion of this course, you will be able to:

  • Describe the tools, techniques, and thought processes of an attacker.
  • Describe the features, functions, and benefits of an SOC.
  • Identify the common sources used to detect an incident, as well as the actions that should be considered in response.
  • Perform basic packet capture and packet analysis.
  • Enable syslog on Cisco devices and to perform basic network log analysis.
  • Discuss the relevance of baselining and some of the most useful steps to be used when deploying a system.
  • Discuss the policies and roles in the typical SOC, as well as some of the common tools used by SOC members.
  • Discuss techniques used to identify anomalies and correlate log entries.
  • Understand techniques used to scope, document, and analyze investigations.
  • Discuss the methodology behind mitigations.
  • Discuss documentation and communication during an incident.
  • Discuss post-incident considerations.

Outline: Securing Cisco Networks with Threat Detection and Analysis (SCYBER)

Module 1: Attacker Methodology

  • Types of Attackers
  • Malware and attacker tools
  • Understand common attacks

Module 2: Defender Methodology

  • Define vulnerabilities, threats, exploits, and attacks
  • Define the network (NOC) and security operations center (SOC)
  • SOC processes and procedures
  • Responsibilities of the SOC
  • Identify security incidents

Module 3: Defender Tools

  • Identify common sources used to detect security incidents
  • Understand event correlation and baseline data
  • Define data across layers of TCP/IP model
  • Data synchronization and data collection
  • Data encryption
  • Network monitoring and event management
  • User Reports
  • Risk analysis and mitigation strategies

Module 4: Packet Analysis

  • Network structures related to packet analysis
  • Analyze packets using Cisco IOS software
    • Access control lists
    • Debug commands
    • IOS embedded packet capture (EPC)
  • Methods used to capture traffic
    • Network taps
    • Local SPAN
    • remote SPAN
  • Conduct network traces
  • Establish a packet baseline using Wireshark

Module 5: Network Log Analysis

  • Use log analysis protocols and tools
  • Explore log mechanics
  • Retrieve syslog data
  • Retrieve DNS events and proxy logs
  • Correlate log files

Module 6: Baseline Network Operations

  • Establish a network baseline
  • Baseline methodologies
  • Exception handling and monitoring tools
  • Network topology mapping
  • Network securing best practices
  • Define and identify mission-critical business components
  • Determine the health state of monitored network components

Module 7: Incident Response Preparation

  • SOC roles and responsibilities
  • Incident response standards
  • IRT roles and responsibilities
  • Remediation, resolution and closure
  • Establish an effective monitoring system
  • Analyze monitoring system

Module 8: Security Incident Detection

  • Identify an incident
  • Correlate data sources
  • SIEM as an automatic correlation
  • Review and classify incident information
  • Identify source of incident

Module 9: Investigations

  • Framework and scope of investigation
  • Data collection process
  • Describe the role of flow data in an investigation
  • Use flow data to monitor, analyze, and visualize network traffic
  • Historical analysis

Module 10: Mitigations and Best Practices

  • Development and deployment
  • Validate and test mitigations
  • Proper documentation methods
  • Describe cyber threat defense solutions and components
  • Implement access control lists (ACLs)
  • Zone-based policy firewall overview
  • Describe default policies, traffic flows, and zone Interaction
  • Implement network-layer mitigations and best practices
  • Implement link-layer best practices

Module 11: Communication

  • Incident documentation requirements and process
  • Incident assessment
  • Solutions

Module 12: Post-Event Activity

  • Conduct an incident post-mortem
  • Policies and procedures
  • Develop security proposals
    • Analyze deficiencies
    • Propose remediations
    • Implement, publicize and monitor remediations


  • Assessing Your Understanding of Network and Security Operations
  • Exploring the Remote Lab Environment
  • Enabling Netflow Export and Syslog
  • Capturing Packets on the Pod Router and using Wireshark to examine the PCAP
  • Capturing Packets using TCPDUMP
  • Examining Logs Manually
  • Enabling AAA for Router SSH Management Access
  • Enabling SMNPv3 on the Pod Router and Pod Switch
  • Performing NMAP Scans and Using Netcat to Connect to Open Ports
  • Analyzing PCAP File with Suspicious Activities Using Wireshark
  • Examining Event Logs Manually
  • Examining Event Logs Using Splunk
  • Analyzing NetFlow Data with Lancope StealthWatch
  • Implementing IOS Zone-Based Firewall
  • Incident Response
Classroom Training

Duration 5 days

  • United States: US$ 4,295
  • Cisco Learning Credits: 43 CLC
Online Training

Duration 5 days

  • United States: US$ 4,295
  • Cisco Learning Credits: 43 CLC
Click City Name To Book Schedule
This is an Instructor-Led Classroom course
United States

Currently there are no training dates scheduled for this course.  You can schedule a private, onsite training session or request a public date by emailing info@fastlaneus.com.

Oct 14-18, 2019 Paris Enroll