The SEC511 course, “Continuous Monitoring and Security Operations,” offered by GIAC, is designed to help security professionals adapt to the ever-evolving landscape of cybersecurity threats and technology shifts. This course equips professionals with the knowledge and skills needed to protect and monitor modern hybrid enterprises effectively.
Key Points:
- Duration: 6 days (in-person) or available online
- CPEs: 48
- Target Audience: Security professionals responsible for protecting and monitoring modern hybrid enterprises, including public cloud, on-premises, and remote workers.
- Key Focus: Defensible Security Architecture, Network Security Monitoring (NSM), Continuous Diagnostics and Mitigation (CDM), and Continuous Security Monitoring (CSM).
- GIAC Continuous Monitoring (GMON) Certification: The course leads to the GMON certification, validating the ability to deter intrusions and detect anomalous activity.
Course Highlights:
- Addresses the rapid pace of technological change and the need for security defenses to continuously adapt.
- Focuses on modern hybrid enterprises, including cloud, on-premises, and remote workforce protection.
- Teaches core protection practices and applies them to various environments.
- Emphasizes the importance of balancing cloud and on-premises security.
- Highlights the need for security teams to evolve and adapt continuously.
Certification:
- GIAC Continuous Monitoring (GMON) certification validates the ability to deter intrusions and quickly detect anomalous activity.
- Covers various aspects of security architecture, network security monitoring, endpoint security, and automation.
Prerequisites:
- No specific prerequisites are mentioned, but a background in cybersecurity or related fields would be beneficial.
- The course accommodates students with diverse backgrounds and technical exposure.
In summary, SEC511 is a comprehensive course that prepares security professionals to protect and monitor modern hybrid enterprises effectively. It emphasizes the importance of defensible security architecture and continuous monitoring. The course also leads to the GIAC Continuous Monitoring (GMON) certification, demonstrating proficiency in modern defensive techniques.
Difficulty: 2 out of 5.
SEC511/GMON is an excellent course for delving into the realms of Network Security and Security Architecture, equipping participants with valuable skills essential for analysts. While its primary focus revolves around these concepts, what sets this course apart is its emphasis on fostering analytical thinking. The content is presented in a clear and digestible manner, making it accessible for learners. For professionals operating in a Security Operations Center (SOC), the course content proves invaluable for both daily tasks and long-term projects. It effectively reinforces the mindset of "assume breach" and provides insights into expanding detective capabilities. The hands-on labs and daily netwars sessions are instrumental in honing the skills needed to analyze various logs and navigate the Linux command line effectively.
Some things covered in the course are:
-Egress Analysis with Elastic Stack
-Passively decrypting TLS
-DNS over HTTPS (DoH)
-PCAP carving with Zeek
-Suspicious TLS analysis with Suricata
-Honey Tokens for breach detection
-Application Control via AppLocker
-Detecting WMI-based attacks, including Impacket
-Sysmon Merlin C2 Analysis
-Cobalt Strike detection and analysis
-Analyzing Windows events
The certification is pretty straightforward, covering aspects such as understanding security architecture, the purpose of various tools, their placement for detecting specific threats, and the meticulous review of logs to identify potentially malicious activities.
In summary, this course is ideal for beginners venturing into the field of security or those new to SOC environments seeking to enhance their knowledge of network security and analytical abilities. However, for individuals with a few years of experience, the course content might be somewhat basic. Nonetheless, even experienced professionals can find valuable nuggets of information.
A word of caution: I recommend against self-funding this course, as there are alternative resources available, such as books, that cover similar topics at a significantly lower cost.
The Practice of Network Security Monitoring
Applied Network Security Monitoring: Collection, Detection, and Analysis