Beruflich Dokumente
Kultur Dokumente
Advanced
Security Operations
Anti Fraud
Cyber Defense
Learning Assessments
The Value of
Professional Education
Investing in training and education
makes good business sense and can
have a profound impact on your
team. It enables an organization to:
Decrease operating costs and
increase productivity
Reduce technical infrastructure
costs
Increase effectiveness of your
technology investment
Reduce your organizations overall
information risk
NEW OFFERINGS
RSA Security Analytics
RSA Security Analytics courses have been updated for product version
10.5 and are now available as the following courses:
800-995-5095
International: 781-515-7700
Fax:
781-515-6630
eLearning
Self-paced eLearning provides you with training that is generally one
to three hours in length giving you the convenience of learning at
your own pace.
RSA, The Security Division of EMC
ONSITE TRAINING
Benefits of Onsite
Training
Substantial cost Savings
Save up to 40% compared to
individual public class rates
Less student down time
Reduce travel concerns and
out-of-office time
Convenient, Flexible
Scheduling
Your training can be scheduled
at the time and location most
convenient for you
With RSA Onsite training, you and your people arent locked into a
pre-existing schedule of public classes at a pre-existing location. RSA
Education Services can work with you to schedule your training at the
time and location thats most convenient for you. That means training
doesnt have to conflict with your other business priorities and it can
be timed precisely to support your RSA implementation.
RSA Onsite training rates can save an organization up to 40% when
compared to individual student rates. Additional cost savings are
realized by eliminating the need for student travel. Whats more, since
your students are not preparing for trips or making their way back
from airports after training they are likely to be more productive and
accessible in the days surrounding their training experience.
Benefits of Online
Instructor-led Training
No travel cost or travel time
Live instructor with whom you
can interact and ask questions
Same content as the classroom
version of the course with
hands-on labs to reinforce
concepts
Modest connectivity
requirements allow participation
from anywhere
Training units are simply RSA Education Services currency. They are
deposited into a companys training account and are available for
general consumption by your companys employees. Valid for one
year from date of purchase, pre-paid TUs provide maximum flexibility
to ensure your teams readiness.
With RSA TUs you can satisfy your training requirements as they
evolve throughout the year. You reduce the paperwork and approvals
associated with multiple enrollments by taking care of all your training
needs with a single purchase.
Registration and
Payment
Please complete your
registration at
www.emc.com/rsa-training. Be
sure you register with the e-mail
address of the student attending
class, as this is the only unique
identifier we have for each
student.
Complete details regarding
payment by purchase order,
credit card or check are provided
on our web site.
Certification
EMC2, EMC, RSA, RSA Security, Archer and the RSA logo are registered trademarks of EMC Corporation in the
United States and/or other countries. All other trademarks used herein are the property of their respective owners.
Copyright 2014 EMC Corporation. All rights reserved. Published in the USA.
EDCAT SB 0615 r1
ILT
VILT
e-Learning
Online ILT
ILT
VILT
e-Learning
Online ILT
Anti Fraud
RSA Adaptive Authentication On Premise Administration
RSA Adaptive Authentication for eCommerce Back Office Tools
RSA Adaptive Authentication 12 Migration
RSA Web Threat Detection Essentials
Cyber Defense
RSA Intelligence-Driven Event Analysis
RSA Incident Handling and Response
RSA Threat Intelligence
RSA Malware Analysis
RSA SOC Simulation Challenge
RSA Cyber Defense Workshop
AT-A-GLANCE
Overview
Audience
System, security, or help desk personnel who need to install, deploy and/or maintain RSA
Access Manager.
Duration
4 days
REGISTER FOR CLASSES:
Prerequisite Knowledge/Skills
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Explain the basic architecture and integration of RSA Access Manager in an enterprise
environment
Describe the processes and methodology for performing a successful installation and
implementation of the core servers, data adapter, Administrative Console and
representative Agents
Describe the management functions used for resource and end user administration
Explain the configuration parameters that can be used to tailor the RSA Access
Manager components to accomplish specific tasks and functions
Establish Entitlements and use RSA Access Manager Smart Rules to manage Web
access and protect resources in a classroom Web environment
Perform system troubleshooting and analysis through the use of audit logs and user
reports
Explore how runtime and administrative operations can be extended through the use
of the API library
Course Outline
RSA Access Manager Overview
Managing Resources
Delegated Administration
Troubleshooting
Development Tools
Single Sign-On
Distributed Authorization
10
AT-A-GLANCE
The RSA Via Lifecycle and
Governance Administration
course provides an
overview of the
administrative and
configuration options
associated with the RSA Via
Lifecycle and Governance
platform.
Audience
RSA Via Lifecycle and Governance (formerly RSA IMG) platform administrators,
implementers and other technical users who need to configure, administer, or support the
RSA Via Lifecycle and Governance platform.
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
4 days
Prerequisite Knowledge/Skills
Familiarity with Identity Management concepts, Active Directory, LDAP, and SQL
querying.
Course Objectives
Upon successful completion of this course, participants should be able to:
11
Course Outline
Introduction to RSA Via L&G
RSA Via L&G Platform Overview
Course scenario overview
Data model overview
Prestige Simulation
Administration Overview
AveksaAdmin account
Admin menu
Enabling platform modules
Enabling Notifications
Help system
Task list
UI Security
RSA
Requirements Gathering
Business Resources
Directories and Applications
Out of the Box Attributes
Custom Attributes
Custom Values Lists
Collected VS. ACM Managed Attributes
Hiding attributes
Table options
Users and Identities
Users and Identities Overview
Directories
Directory Groups
Business Units
Identity Data Collectors
Unification Process
Collecting Identities
Authentication
Accounts, Roles and Entitlements
Aveksa Admin roles
Granular Aveksa Admin Privileges
Rapid Application Onboarding
Account Attributes
Account Data Collectors
Orphaned Accounts
Entitlement Attributes
Entitlement Data Collectors
Application Roles
Business Descriptions
Collecting Entitlements
Collecting multiple owners for resources
Roles
Roles Overview
Collecting Application Roles
Roles module vs. BRM
Rules
Rules Overview
Rule Definitions
Out of the box Rules
Creating custom rules
Rules logic
Processing Rules
Violations, Remediations and exceptions
Out of the box and custom rules workflows
Granular security for rules
Reviews
Reviews Overview
Creating Review Definitions
Modifying reviews workflows
Administering Reviews
Performing Reviews
Refreshing Reviews
Watch closures
Completing a Review and Reporting Results
Workflows, Notifications and Escalations
Workflows Overview
Creating Workflows
Out of the box templates
Creating Notification templates
Creating Escalations
Viewing email logs
Dashboards and Reports
Reports Overview
Out of the box reports and charts
Modify OOTB reports using the query tab
Build Custom Reports and Charts
Dashboard options
Build and modify dashboards
Access Request Manager
Access Requests Manager Overview
Custom Forms and controls (fields)
Custom Buttons
Naming policies and naming transforms
Custom User and Entitlement Views
Workflows, Notifications and Escalations
Provisioning options
Provisioning with AFX
Access Fulfillment Express Overview
Deploying Access Fulfillment Express
Importing AFX Connectors
Configuring Connectors
Configuring Endpoint capabilities
Capstone Structured Experience
Complete end-to-end access review cycle
Deploy change requests with automated
provisioning
Publish final reports to simulation auditors
and executives
Additional Resources
Community membership
RSA Secure Care Online
12
The RSA Business Role Manager eLearning module extends the capabilities of the IMG
product to include the ability to group users and entitlements into roles. The RSA BRM
eLearning module provides an overview of BRM components. Topics include terminology,
configuration, and role mining options to tailor the module to a customers needs.
Demonstrations illustrate the tasks involved in configuring, maintaining, and utilizing the
Business Role Manager module.
The course is comprised of lecture content as well as recorded product demonstrations to
illustrate the RSA BRM product in action.
Audience
RSA Identity and Access Management/Identity Management and Governance/RSA Via
Lifecycle and Governance administrators, implementers and other technical users who
need to configure, administer, or support the RSA Business Role Manager module.
Duration
4 hours (eLearning)
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
Completion of the RSA Identity Management and Governance (IMG) course (or former
RSA ACM Foundations course).
Course Objectives
Upon successful completion of this course, participants should be able to:
Understand the functionality and capabilities of the Roles and Business Role Manager
modules
ED-VLG-ADM-TRAINUNIT
Training Units
13
Course Outline
Definition of a Role
Manage Roles
BRM Features
Create a Role
Role metrics
Discover Roles
14
This eLearning course discusses the use of the RSA Data Access Governance module as a
tool to collect and manage user access to data resources. Topics include collection
configuration, access reviews, user access requests, and data resource ownership.
Recorded demonstrations (eLearning) reinforce the tasks involved in configuring,
maintaining, and utilizing the Data Access Governance module.
Audience
RSA Identity and Access Management/Identity Management and Governance
administrators, implementers and other technical users who need to configure,
administer, or support the RSA IMG Business Role Manager module.
Duration
2 hours (eLearning)
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
Course Objectives
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Understand how RSA DAG and StealthBits StealthAUDIT work together to collect
data resource information
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Outline
15
AT-A-GLANCE
This course provides an
overview of the
administrative
responsibilities associated
with an RSA SecurID
system.
Overview
The working principles behind RSA Authentication Manager and RSA SecurID
authenticators are discussed, including product architecture, time synchronization,
managing external Identity Sources and exploring all aspects of an administrative
structure. Extensive hands-on labs reinforce the administrative tasks involved in
managing a user population and token assignment.
The subject matter in this course prepares students with the classroom component
recommended for the RSA Authentication Manager Certified Administrator
certification.
Audience
System, security, or help desk administrators who need to administer and support
RSA SecurID products.
Duration
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
2 days
Prerequisite Knowledge/Skills
Familiarity with Microsoft Windows or UNIX/Linux system administration.
Course Objectives
Upon successful completion of this course, participants should be able to:
Understand the basic architecture and theory of operation of the RSA SecurID
product suite
16
Course Outline
Product and Technology Overview
System Administration
Authenticator Management
authenticator types
Risk-Based Authentication
Report customization
Troubleshooting procedures
Policy Management
17
AT-A-GLANCE
This course offers hands-on
training on the installation
and configuration of RSA
Authentication Manager,
Authentication Agents, Web
Tier, and other RSA
SecurID system
components..
Overview
This course assumes that the student has attended the RSA Authentication
Manager Administration course or has equivalent operation and administrative
experience with RSA Authentication Manager administrative tasks are not
covered as part of this course.
Audience
Technical personnel who install, service and support RSA Authentication Manager
and RSA SecurID deployments.
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Install and configure RSA Authentication Agents for local workstation and web
access protection
18
Course Outline
RSA Authentication Manager
System Architecture
Identity Sources
Firewall configurations
RADIUS communication
System Utilities
Post-deployment tasks
System Configurations
Replica Instances
19
AT-A-GLANCE
This course provides the
fundamental information
about an RSA SecurID
system deployment to assist
Help Desk representatives
respond to end users.
Overview
An overview of RSA Authentication Manager and RSA SecurID authenticators and
authentication methods are presented, as well as how functions and controls are
accessed in the administrative interface. Instructor demonstrations of important
operations relating to typical end user cases reinforce the steps that Help Desk
representatives can take for troubleshooting and assisting their user population.
This course is useful for new representatives supporting RSA SecurID users as well
as a refresher course for representatives who infrequently work with RSA SecurID
support issues.
Audience
Help Desk representatives who need to assist and support RSA SecurID users
Duration
1 day
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
General familiarity with system administration functions
Course Objectives
Upon successful completion of this course, participants should be able to:
20
Course Outline
The following modules are designed to support the
course objectives:
RSA SecurID System Overview
High level description of RSA SecurID and
RSA Authentication Manager system
components
On-Demand Authentication
Risk-Based Authentication
User Troubleshooting
Troubleshooting procedures
Security considerations
Self-service Console
User self-service functions
System Configurations
Organizational structures users, groups,
Security Domains and Identity Sources
Authenticator Operations
Hardware tokens
Software tokens
On-demand codes
21
AT-A-GLANCE
This eLearning course
guides the participant
through the steps to
accomplish a standard
migration from RSA
Authentication Manager
version 6.1 to version 8.x.
Overview
Product functionality that is pertinent to the migration of v6.1 is discussed as well
as the process and considerations for migrating to a v8.x environment.
Note that this course discusses migration of out-of-box deployments and does
not address migration of customized APIs running under v6.1.
Audience
Technologists who are responsible for an RSA SecurID system and intend on
migrating from RSA Authentication Manager v6.1 to v8.
Prerequisite Knowledge/Skills
Familiarity with RSA SecurID technology and RSA Authentication Manager v6.1.
This course describes the features and functions that are new to RSA
Authentication Manager v8.x as well as how database objects and structures map
from v6.1 to v8.x. It details several deployment and migration scenarios and the
steps required to migrate v6.1 data to a v8.x installation.
Duration
Approximately 1 hour
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
Approximately 15 minutes
22
Course Objectives
Course Objectives
Course Outline
Comparison of v6.1/v8.x Architecture and
Administrative Structures
Course Outline
Overview of v8.1 Architecture
Migration Steps
Pre-Migration Preparation
Post-Migration Considerations
23
AT-A-GLANCE
This eLearning course
guides the participant
through the steps to
accomplish a standard
migration from RSA
Authentication Manager
version 7.1 to version 8.x.
Overview
Product functionality that is pertinent to the migration is discussed as well as
virtual and hardware appliance deployment, Web Tier, and Risk-Based
Authentication options that are new in v8.x.
Note that these courses discuss migration of out-of-box deployments and do not
address migration of customized environments or APIs running under v7.1.
Audience
Technologists who are responsible for an RSA SecurID system and intend on
migrating from RSA Authentication Manager v7.1 to v8.
Prerequisite Knowledge/Skills
Familiarity with RSA SecurID technology and RSA Authentication Manager v7.1.
This course describes the features and functions that are new to RSA
Authentication Manager v8.x. It details several deployment and migration
scenarios and the steps required to migrate v7.1 data to a v8.x installation.
Duration
Approximately 1 hour
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
Approximately 15 minutes
24
Course Objectives
Course Objectives
Course Outline
Course Outline
Migration Steps
Migration Steps
Post-Migration Tasks
Migration Assistance
25
AT-A-GLANCE
This course provides an
overview of the concepts,
processes, and procedures
necessary to successfully
begin implementation of an
Enterprise Risk Management
(ERM) system.
Overview
Students will gain knowledge of the key RSA Archer ERM components through
presentations and hands-on exercises.
Audience
Risk management team members who will be using the RSA Archer Risk
Management solution to define, support, and maintain a risk management
initiative. This may include managers, team leads, and anyone involved in scoping
a risk project.
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Familiarity with RSA Archer eGRC framework and a general familiarity with
organizational Risk concepts.
Course Objectives
Upon successful completion of this course, participants should be able to:
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
26
Course Outline
Introduction to Risk Management
What is Risk?
Types of Risk
Digging Deeper
Phases of Growth:
Risk Identification
Assessment
Decision
Treatment
Monitoring
Other Solutions
27
AT-A-GLANCE
This course provides an
overview of the concepts,
processes, and procedures
necessary to successfully
begin implementation of a
Policy and Compliance
Management system.
Overview
Students will gain knowledge of the key RSA Archer Policy and Compliance
Management components through presentations and hands-on exercises.
Audience
Policy and Compliance management team members who will be using the RSA
Archer Policy and Compliance Management solution to define, implement, and
maintain a policy and compliance management initiative. This may include
managers, team leads, and anyone involved in consolidating policies and ensuring
compliance with authoritative sources.
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Familiarity with the RSA Archer eGRC framework and a general familiarity with
policy and compliance concepts.
Course Objectives
Upon successful completion of this course, participants should be able to:
Illustrate the structure of the RSA Archer Policy and Compliance Management
Solution
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
28
Course Outline
Introduction to Policy and Compliance
Management
Post-Implementation Processes
Request
Compliance Strategies
Control-Based Compliance
Asset-Based Compliance
Additional Resources
29
GRC Overview
Course Description
AT-A-GLANCE
This e-Learning course
provides a general
introduction to Governance,
Risk, and Compliance
concepts.
This eLearning course is not
product specific.
Overview
This self-paced eLearning course introduces the general concepts of Governance,
Risk and Compliance (GRC) from a business perspective. It focusses on why GRC is
important to business and how GRC impacts each area of a business.
Audience
-
RSA Customers
Duration
Approximately 30 minutes (e-Learning)
Prerequisite Knowledge/Skills
None
Course Objectives
Upon successful completion of this course, participants should be able to:
Understand the impact of GRC on people and processes within the business
Course Outline
CONTACT US:
Email:
trainingregistration@rsa.com
What is GRC?
Phone: 800-995-5095
Enterprise GRC
Intl:
781-515-7700
781- 515-6630
Fax:
30
AT-A-GLANCE
This course provides an
overview to the concepts,
processes, and procedures
necessary to successfully
design and administer the
RSA Archer platform.
Overview
Students will gain knowledge of the key RSA Archer platform components such as
applications, security management, and communication tools through
presentations and hands-on exercises. After taking this course, students will be
able to plan, configure, and manage the RSA Archer environment.
The subject matter in this course prepares students with the classroom component
recommended for the RSA Archer Certified Administrator certification.
Audience
Archer administrators who are responsible for building and managing the
RSA Archer eGRC product.
Duration
4 days
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
None
Course Objectives
Upon successful completion of this course, participants should be able to:
Import data
Complete a questionnaire
Set up a dashboard
31
Course Outline
Introduction to RSA Archer
Questionnaires
Interface components
Completing a Questionnaire
General Navigation
Managing Themes
Integration Options
Quick Search
Advanced Search
Reporting
Data structure
Field Management
Page Layout
iViews
Navigation Menu
Dashboards
Workspaces
Import Data
Creating Letterheads
Troubleshooting Tips
Data-Driven Events
Calculated Fields
Troubleshooting Tips
Creating Packages
Installing Packages
User Accounts
Access Roles
Groups
Record Permissions
Private Fields
Troubleshooting Tips
Course Summary
32
AT-A-GLANCE
This course provides handson training on the
administration,
configuration and bestpractice deployment of the
RSA Archer Platform.
Overview
Throughout the course, students will be presented with a diverse collection of realworld governance, risk, and compliance problems and be shown and guided
through the recommended steps involved in solving these pain points by using the
features available in the RSA Archer eGRC Suite.
Extensive hands-on labs reinforce the tasks involved in designing and automating
GRC processes and extending the value of the RSA Archer eGRC Suite throughout
the organization. After completing this class, students will be prepared to use the
RSA Archer eGRC Suite to solve an extensive array of GRC problems and meet the
business requirements of various enterprise stakeholders.
Audience
Governance, risk, and/or compliance professionals, business owners, or IT
personnel who need to automate and streamline existing processes, integrate the
RSA Archer platform with third-party systems, or deliver assessments across the
enterprise.
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
4 days
Prerequisite Knowledge/Skills
Previous experience creating applications within the RSA Archer product or
successful participation in the standard RSA Archer Administration course.
Course Objectives
Upon successful completion of this course, participants should be able to:
Import existing information from a legacy system into RSA Archer applications
and questionnaires
Integrate the RSA Archer product with third-party systems and data sources to
consolidate enterprise information
Construct complex search criteria to locate key information and identify data
trends
33
Course Outline
Streamlining GRC Processes Day One
34
AT-A-GLANCE
This e-Learning course
provides an overview of the
RSA Archer GRC Platform,
RSA Archer Solution
modules, and Out-of-theBox business use cases.
Overview
This self-paced, interactive e-Learning course provides an introduction to the RSA
Archer Platform and its application to the management of Governance, Risk, and
Compliance in an organization. RSA Archers Solution modules are described and
use cases discussed for Out-of-the-Box applications.
Audience
RSA Customers
RSA Partners
RSA Internal Staff
Duration
Approximately 20 minutes (e-Learning)
Prerequisite Knowledge/Skills
Students should be familiar with basic principles of GRC (Governance, Risk, and
Compliance).
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Course Objectives
Upon successful completion of this course, participants should be able to:
Describe each RSA Archer Solution module and summarize key features and
benefits.
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
35
Course Outline
GRC Defined
Organizational Challenges
Operational Risk
Regulatory Compliance
Audit
Business Resiliency
Threat Management
Vendor Management
Risk Management
SecOps Management
Compliance Management
Incident Management
Policy Management
Audit Management
36
This course provides practitioner-level training on the business need for managing
security operations and the business impact of the RSA Archer Security Operations
Management (SecOps) solution and its basic functionality. Content provides a basic
understanding of the challenges of managing IT security operations, and describes
how SecOps is positioned to address those challenges. Students will learn about
the basic functionality of SecOps from managing a Security Operations Center
(SOC) to managing incident response and data-breach response and will learn
how the SecOps solution enables organizations to manage the entire lifecycle with
integrated business context and best practices aligned with industry standards.
This course introduces the key personas involved in security operations
management, as well as presenting typical security operations management
workflows and describes how various roles have full visibility into the entire
process lifecycle with focused workflows, dashboards, and reports.
Audience
RSA Archer Security Operations Management Practitioners.
Duration
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
Archer GRC Solutions Overview and knowledge about the GRC industry.
Course Objectives
Upon successful completion of this course, participants should be able to:
37
Course Outline
Module 6 Remediation
Remediation workflow
Review workflow
Exception request workflow
38
Students will gain knowledge of the structure and operations of the RSA Security
Operations Management Solution through presentations and hands-on exercises.
This course addresses the tasks and responsibilities of several typical roles and
personas that are part of an organizations Security Operations Center.
Audience
Customers who perform the following jobs can benefit from this course:
Breach coordinator
Incident coordinator
Incident handler
IT Helpdesk analyst
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
To receive the most benefit from this training, we recommend that students have:
Basic understanding of the use and management of RSA Archer and RSA
Archer Enterprise Management Solution
Course Objectives
Upon successful completion of this course, participants should be able to:
Understand the industry standards such as VERIS, NIST, and SANS with
respect to reporting and managing a security incident response process; and
how RSA Security Operations Management Solution is so aligned
Explain and navigate the built-in dashboards of the RSA Security Operations
Management Solution
Identify and understand the differences between the six personas (roles)
supported by the RSA Security Operations Management Solution
Understand the workflows in the solution for the respective SOC personas
39
Course Outline
Security Operations Management Overview
Incident Response
Incident types
Solution architecture
Incident escalation
Declaring a breach
Remediation
Findings process
Exception process
Remediation plan
40
Overview
RSA Archer supports business-level management of enterprise governance, risk and
compliance. With RSA Archer you have the ability to adapt a solution to your
requirements without touching a single line of code. The most demanding Fortune 500
companies have seized the power of RSA Archer to automate business process,
streamline workflow, control user access, and tailor a user interface and report in real
time.
To ensure that your RSA Archer solution is being leveraged to its maximum potential,
RSA Education Services offers the RSA Archer Custom End-User Training Service to
guide you through the process of training your organizations end user population.
Offering Details
With practical experience using Archer solutions, business process and risk management
expertise, and instructional design and training delivery skills, an RSA Training
Consultant will work closely with you to understand your specific RSA Archer use case
and identify learning objectives. Youll have the opportunity to review the training
content along the way to ensure that you receive deliverables that will successfully meet
your training objectives.
While every customers use case is unique, training may include topics like the following:
General Navigation
This education service is based on a single use case and includes the following:
Content branded with the organizations logo and standard .PPT template
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
41
ABOUT RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business
acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security
challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving
compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and
Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to
millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit
www.RSA.com and www.EMC.com, or email RSA_Global_Services_Sales@RSA.com.
42
AT-A-GLANCE
This course provides
comprehensive instruction
in the administration and
configuration of the RSA
Data Loss Prevention (DLP)
Suite.
Overview
Theory and product basics such as the RSA DLP Suite architecture, integration of
RSA DLP components, and the importance of various configuration parameters are
discussed.
Students participate in hands-on exercises that build on the basic concepts and
allow practical experience in building an RSA DLP system.
Audience
System, security, or help desk personnel who need to install, deploy and/or
maintain an RSA Data Loss Prevention system.
Duration
4 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
List the features and benefits of the RSA Data Loss Prevention Suite of
products including DLP Network, DLP Datacenter, and DLP Endpoint
Deploy RSA Data Loss Prevention agents and grid scan groups
Review what remediation actions are available and what the benefit of each is
43
Course Outline
Introduction to Data Loss Prevention
List the key features of the RSA DLP Suite
Identify the key components of the RSA DLP
Suite
Describe the role of RSA DLP Enterprise
Manager
Explain the differences between RSA DLP
Network, Datacenter, and Endpoint
Define how policy violations are handled by
RSA DLP Endpoint Enforce
44
This eLearning provides an overview of RSA ECATs role and core functionality.
Students will gain familiarity with the ECAT interface, a broad understanding of the
team responsibilities necessary for effective threat detection, and a detailed
understanding of basic threat analysis. Video-based instruction is used to reinforce
the students familiarity with ECAT and the key Modules and Machines views.
Concept review and further User Interface engagement is provided in the form of a
series of interactive challenges.
Audience
Enterprise security analysts, consultants, incident response staff and managers,
RSA ECAT administrators, and any other technical users who will employ or
support the tool.
Duration
90 minutes
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
No prerequisites; familiarity with network, security, and general IT principles will
be helpful.
Course Objectives
Upon successful completion of this course, participants should be able to:
Describe the role of RSA ECAT in endpoint threat detection
Understand the roles and responsibilities required within an ECAT team
Detect known and some unknown malware executables and processes
Determine the general ECAT architecture of any deployment
Interpret module and machine lists in the ECAT interface
Detect malicious characteristics and behaviors in endpoint files and processes
45
Course Outline
Overview
The Challenge: Malware Inside
A Malware Rogues Gallery
Threats from Basic to Advanced
Monitoring the Modules in the Endpoints
ECATs Approach to Endpoint Threat
Detection
ECATs Scan Techniques
Timeline of Typical Attack
ECAT Architecture
Option: The Roaming Agent Relay
Installation and Deployment
Tuning, Optimization, and Administration
Getting Started
Meet the Team
Process: Getting Started
Continual Analysis, Occasional Re-Tuning
Main Menu
Dashboard
Machines
Modules
IP List
Certificates
Instant IOCs
Downloads
Events
User Interface Walkthrough
ECAT Packager
Threat Detection
Out of the Box Monitoring
Whitelisting and Blacklisting
Automatic Whitelisting and Blacklisting
Additional Tuning and Optimization
Analysis: Review Which Modules?
Module Review
Network Monitoring
Behavior Tracking
Confirm Trusted Module
Confirm Malicious Module
Forward to Security Analytics
Edit Status and Remediation Action
Active Hunting Tactics
Team-Based Hunting
A Week of ECAT
Concept Review
Interactive Interface Quiz
46
AT-A-GLANCE
Overview
Audience
RSA
RSA
RSA
RSA
RSA
RSA
RSA
Customers
Professional Services Consultants
and Partner Technical Support Engineers and Consultants
Project Managers
Solutions Success Managers
Solutions Architects
Sales Engineers
Duration
Approximately 1 hour (E-learning)
Prerequisite Knowledge/Skills
Students should be familiar with basic computer architecture, data networking
fundamentals and general information security concepts. A background in Enterprise
networking and data communications is required. Basic knowledge of the TCP/IP protocol
stack is required.
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Identify, describe, and compare the components and appliances of RSA Security
Analytics
47
Course Outline
RSA Security Analytics Overview
Customer Implementations
Suggested training
48
AT-A-GLANCE
Overview
This E-learning course provides an overview of the new and exciting features being
introduced in RSA Security Analytics 10.5, such as platform updates, licensing
changes, data privacy and cloud visibility.
Audience
Anyone interested in an overview of the new features of RSA Security Analytics 10.5.
Duration
30 minutes (E-learning)
Prerequisite Knowledge/Skills
Students should be familiar with previous versions of the RSA Security Analytics
product.
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Platform updates
Data privacy
Incident management
Workbench
Cloud visibility
49
AT-A-GLANCE
Overview
This Instructor Led Training (ILT) course provides a foundational overview of the
core components of RSA Security Analytics. Students gain insight into the core
concepts, uses, functions and features of RSA Security Analytics and also gain
practical experience by performing a series of hands-on labs.
Audience
Anyone new to RSA Security Analytics.
Duration
3 days (ILT)
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Create new meta values using Application and Correlation rules and RSA Live
content
Create alerts using ESA and reporting rules to track potential threats
50
Course Outline
1. RSA Security Analytics Overview
2. Investigation Basics
What is metadata?
Creating reports
Managing incidents
Creating incidents
51
AT-A-GLANCE
Overview
This Instructor Led Training (ILT) course provides an overview of essential administrative
tasks that are performed for RSA Security Analytics. Students gain insight into
Configuring Devices, Monitoring and User Management within RSA Security Analytics and
also gain practical experience by performing a series of hands-on labs.
Audience
Anyone interested in the administration topics listed below for RSA Security Analytics.
Duration
2 days (ILT)
Prerequisite Knowledge/Skills
Students should have completed the RSA Security Analytics Foundations (3-day) ILT
course prior to attending this course.
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
52
Course Outline
1. Configuring RSA Security Analytics
Discovering hosts
Configuring ESA
Viewing statistics
Viewing logs
REST API
3. Managing Users
53
AT-A-GLANCE
Overview
This Instructor Led Training (ILT) course presents methods and techniques
prescribed by security experts for quickly locating anomalies on the network and for
enhancing the data set to highlight suspicious activity. It provides recommended
strategies and processes for searching for threats along with specific use cases
where you will apply the techniques and processes to real-world situations.
Audience
Anyone interested in using RSA Security Analytics to locate anomalies on the
network and identify suspicious activity
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Students should have completed the RSA Security Analytics Foundations (3-day) ILT
course prior to attending this course.
Students should be familiar with basic computer architecture, data networking
fundamentals and general information security concepts. A background in Enterprise
networking and data communications is required. Strong knowledge of the TCP/IP
protocol stack as well as protocols such as DNS, RDP, SSH, ICMP, CIFS, and HTTP
are highly recommended.
Course Objectives
Upon successful completion of this course, participants should be able to:
Identify RSA Security Analytics functions to use in analysis and creation of new
intelligence
54
Course Outline
1. Hunting Strategies
Protocol anomalies
Geographical irregularities
Webshell
Malicious Insider
55
Audience
-
RSA Customers
Duration
Approximately 2.5 hours (e-Learning)
REGISTER FOR CLASSES:
Prerequisite Knowledge/Skills
Students should have the following skills or knowledge prior to attending class:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
56
Course Outline
Introduction
Component Architecture
Data Flow
Platform Overview
Life-Cycle of Data
Assessment
Course Evaluation
57
AT-A-GLANCE
Overview
Audience
System, security, or help desk administrators who need to install, configure and/or
maintain an RSA Adaptive Authentication On-Premise system.
Duration
3 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Familiarity with user and system administration, networking fundamentals, and general
information security concepts.
Course Objectives
Upon successful completion of this course, participants should be able to:
Explain the basic architecture and theory of operation of RSA Adaptive Authentication
On-Premise
Perform the installation tasks involved in installing RSA Adaptive Authentication OnPremise
Explain the steps required to integrate RSA Adaptive Authentication On-Premise with
a web application
Use the Back Office Applications to configure, manage, and administer RSA Adaptive
Authentication On-Premise
Perform the day to day administrative tasks to keep the RSA Adaptive Authentication
On-Premise functioning properly
58
Course Outline
Operations Session (Day 1 and 2)
RSA Adaptive Authentication On-Premise Overview
Relevant terminology
Features and benefits of RSA Adaptive
Authentication On-Premise
Risk-Based authentication
Device profiling
Behavioral profiling
What is multi-factor authentication?
How RSA Adaptive Authentication On-Premise
provides for multi-factor authentication
RSA Adaptive Authentication On-Premise
Architecture
System components overview
Network Integration
RSA eFraudNetwork
RSA Risk Engine
Policy Management
Back Office Applications
RSA Central
GeoIP Service
Scheduler
Adaptive Authentication utilities
RSA Adaptive Authentication On-Premise Workflows
and Processes
Terminology used in workflows
RSA Adaptive Authentication On-Premise
workflows
RSA Adaptive Authentication On-Premise Installation
RSA
Pre-installation overview
Installing RSA Adaptive Authentication OnPremise
Post-installation tasks
Setting up maintenance and development
utilities
RSA Central
59
AT-A-GLANCE
Overview
The working principles behind RSA Adaptive Authentication technology, architecture, and
system components are discussed. Video demonstrations reinforce the tasks involved in using
the RSA Adaptive Authentication Back Office Tools.
Audience
Team Leaders/Fraud Strategists responsible for fraud prevention planning. Customer Service
Representatives who provide support for card holders requiring online transaction assistance,
and Fraud Investigators/Analysts.
Duration
Approximately 2 hours
The modules and content presented depends on the students job role. The job role is selected
from a menu presented at the beginning of the training.
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Prerequisite Knowledge/Skills
Familiarity with general information security concepts.
Course Objectives
Upon successful completion of this course, participants should be able to:
Explain the basic system architecture and components of RSA Adaptive Authentication for
eCommerce
Provide an overview of the RSA Adaptive Authentication for eCommerce Back Office Tools
Customer Service
Case Management
Policy Manager
Intl:
781-515-7700
Fax:
781- 515-6630
60
Course Outline
RSA Adaptive Authentication for eCommerce
Overview
Describe a case
Transaction Monitoring
Customer Service
Case Management
Policy Manager
Manage groups
Manage CSRs
working cases
Add rules
Reporting
Manage cardholders
61
AT-A-GLANCE
This e-learning course
provides an overview
modifications for the RSA
Adaptive Authentication 12
product through a
combination of lecture and
demonstrations.
Overview
This e-learning course describes the back office applications of RSA Adaptive
Authentication version 12, with emphasis on the changes compared to the previous
version: version 11.
The course is comprised of recorded product demonstrations to illustrate RSA
Adaptive Authentication 12 in action.
Audience
Customers who may perform any of the following roles related to an RSA Adaptive
Authentication deployment: administration, configuration or maintenance.
Duration
60 minutes
781-515-7700
Fax:
781- 515-6630
Prerequisite Knowledge/Skills
Students should have the following prerequisite knowledge:
Course Objectives
Upon successful completion of this course, participants should be able to work
effectively with the new back office applications of RSA Adaptive Authentication 12,
including:
Policy Management
Case Management
Customer Service
Web Reports
62
Course Outline
Pre-requisites
Upgrading API
Provisioning
Data Migration
Re-creating policies
New Features
Back Coloring
eFN Enhancements
URLs
Case Management
63
AT-A-GLANCE
This course provides
customers with the
knowledge and skills they
need to use the RSA Web
Threat Detection Product
solutions.
Overview
On Day One, users navigate the RSA Web Threat Detection Back Office applications
such as the Dashboard, Profile Timeline and more, in their own environment and
learn how to evaluate and diagnose web session trends and threats via the RSA
Web Threat Detection Dashboard interface. On Day Two, users learn to write rules
that result in alerts and actions that provide critical information for further analysis
and reporting. All training is delivered on-site at the customers location.
During these two days, the training will include real-world examples and best
practices that RSA Web Threat Detection Threat Analysts use today.
Audience
Security analysts and/or administrators who will be using the RSA Web Threat
Detection system.
Duration
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
2 days
Prerequisite Knowledge/Skills
Day One attendees will need:
Course Objectives
Upon successful completion of this course, participants should be able to:
64
Course Outline
Day One:
Introduction to RSA Web Threat Detection
Analysis tools
Day Two:
Introduction to Rules
Rules Interface
Structure of a Rule
Rules Language
Data
Functions
Threat Scores
Dashboard
Profile Timeline
Risk Indicators
Page Analysis
User Analysis
Registers
IP Analysis
Score trends
Recent incidents
Search
Advanced Techniques
Rules Management
Best Practices
Search Overview
Step-by-Step Process
Search Examples
Example Rules
Glossary
Appendix
Rules Overview
Rules Typologies
Rules Data
Rule Format
Rule Syntax
Rule Functions
Use Cases
65
AT-A-GLANCE
The RSA Intelligence-Driven
Event Analysis course
discusses an intelligencedriven approach to event
and incident management
for a Security Analyst in a
forward-thinking Security
Operations Center (SOC).
Overview
Participants learn about intelligence-driven SOC processes, standard operating
procedures (SOPs), and monitoring tools. They learn to recognize the formats
associated with the various sources of information available in a network environment.
The course follows the end-to-end workflow of a Security Analyst, including all
appropriate steps that are needed to handle each type of identified security incident.
Audience
IT professionals with 2 to 3 years of experience in a troubleshooting role, such as a
systems/network engineer, a system administrator, network operations analyst, or a
newly-hired security analyst. Knowledge of security fundamentals is required.
Duration
2 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Course Objectives
Upon successful completion of this course, participants should be able to:
Describe how Security Analysts interact with information and data in the SOC
environment.
Monitor incoming event queues for potential security events and/or incidents using
various security tools per operational procedures.
Investigate/analyze an incident.
Apply concepts that are learned in the classroom setting to their specific working
environment.
PsTools
Sysinternals Suite
Nmap/ZenMap
RSA Archer
Wireshark
Process Explorer
66
Course Outline
Roles and Responsibilities in a Security
Operations Center
Describe the purpose of a Security
Operations Center (SOC) and its basic
structure.
Define an event and an incident and
describe the difference between the two
terms.
Identify the roles and responsibilities in a
SOC.
Name some of the tools that are
commonly used to monitor events in the
SOC.
Outline some of the key components in
the incident processing workflow
Interpreting Sources of Information
Diagram the components and tools of
technical environment you are working
in
Categorize sources of information
available to a security analyst
Recognize information formats
Establish the context of the observed
information/data
Assimilate external threat data and
threat intelligence
Apply internal and external sources of
intelligence to an incident
Interacting with Information (Identifying
Events)
Become the eyes on glass
Analyze logs from distributed system
and network security devices
Monitor all alerting systems
Inspect network packet data
View information using a console
Correlating Events
Define event correlation
Use several correlation engines
Assist in the identification of potential computer and
communications security issues
Correlate events and incidents with knowledge base
of historical events and incidents
Triaging Events
Follow the triage process
Prioritize incidents
Apply standard operating procedures
Analyzing incidents using sources of information
Explain the incident is your system infected?
Demonstrate fundamental understanding of all
standard information sources
Determine whether an incident occurred and handle
appropriately
Escalation and Handoff
Escalate an event for further analysis to the incident
handler
Follow the SLA to resolution or escalation
Standard operating procedures and analysis
Documenting and Communicating Issues
Update the internal knowledge base and wiki
Perform maintenance activities on security related
databases
Assimilate external threat data and threat intelligence
67
Audience
Security Analysts with 6-12 months of experience working in a Security Operations
Center, Network Operation Center (NOC), Critical Incident Response Team (CIRT) or
similar function.
Duration
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
3 days
Prerequisite Knowledge/Skills
Students who have taken the RSA Intelligence-Driven Event Analysis training course and
have 6-12 months of experience as a security analyst.
Course Objectives
Upon successful completion of this course, participants should be able to:
Outline sustainable and repeatable tasks, process, procedures, escalation points and
workflows of the Security Analyst/Incident Handler.
Participate in risk analysis for central and distributed networks to include the impact
of cloud based infrastructures as part of the SOC.
Outline sustainable and repeatable tasks, process, procedures, escalation points and
workflows of the Security Analyst/Incident Handler.
Investigate all incidents aligned to proper process, procedure and escalation points.
Prioritize incident response relative to threat severity, business context and activity
volume.
68
Course Outline
The Tools and Tasks of an Incident Handler
List the tasks, processes, procedures
and escalation points of a level two
security analyst
Identify the tools used by the Incident
Handler
Provide examples of the types of
incidents handled by the Level Two
security analyst
Ingest daily intelligence reports and
previous shift logs for efficient
operations handoffs, escalations and
transitions
Investigating an Incident
Outline the steps to take when investigating a
security incident.
Develop a set of questions when presented with an
incident.
Gather data important to describing and
documenting the incident.
Document all collected data.
Analyze the collected data in order to put the pieces
together to tell a story.
Make recommendations for next steps for the
incident investigation.
Recommending Remediation
RSA Archer
69
AT-A-GLANCE
The RSA Threat Intelligence
course provides Security
Analysts with comprehensive
instruction on the global
threat ecosystem and
strategies that organizations
can take to protect their
assets.
Overview
In the context of the current threat environment, students learn ways to detect and correlate
data for better threat analysis; reduce breach exposure time and break the cyber kill chain;
and manage current and future threats. As participants progress through the course, their
perceptions of threats will evolve, and they will receive instruction on the role of threat
intelligence in security systems that are evolving along with the threat environment.
Students participate in hands-on and table-top exercises to practice strategies for analyzing
attacks and mitigating their effects, and for applying intelligence-driven security practices in
their own organizations.
Audience
781-515-7700
Fax:
781- 515-6630
Security analysts who investigate, analyze, and resolve or escalate incidents and issues;
monitor external security information sources; or feed actionable intelligence back into
systems
SOC managers who want to implement a Threat Intelligence capability
Novice security analysts who meet prerequisites and want to advance their skills
Duration
2 days
Prerequisite Knowledge/Skills
Students who have taken the RSA intelligence-Drive Event Analysis course. Familiarity with
computer architecture principles; networking concepts, and information security theory.
Course Objectives
Upon successful completion of this course, participants should be able to:
70
Course Outline
Threat Overview
Current Threat Ecosystem
Ecosystem Overview
Communities of Attackers
Targets
Vulnerabilities
Avenues of Attack
Tactics, Techniques, and Procedures
Advanced Persistent Threats
Threat Intelligence in an Advanced Security
Program
Shortcomings of Traditional Security
Measures
Advanced Approaches to Information
Security
Advanced Security Operations Center Model
Planning Advanced Defenses
Guiding Principles for Defending the
Enterprise
Defining a Cyber Footprint
Quantifying Risk
Applying Security Best Practices
Promoting User Education
Types of Threats
Crimeware
Advanced Persistent Threats (APTs)
Cyber Kill Chain
Attack Progression
Anatomy of an Attack
Cyber Kill Chain Model
Kill Chain Interventions
Detecting Attacks
Indicators of Compromise
Network-based Indicators
Host-based Indicators
Intelligence Sources
Government
Industry Associations & Networks
Commercial Sources
Open Source
Extended Enterprise
Internal Organization Sources
Threat Modeling
Threat Modeling Perspective
Profiling Targets
APT Targets
Reconnoitering Targets, Web Presence,
Industries, Social Media, High-Value Assets
Threat Actor Attribution
Actor Identification
Target Identification
Actor Behaviors
Communication Strategy
Threat Modeling Resources
Developing Threat Intelligence
Command and Control Protocol Decoding
Passive DNS Monitoring
Email Operations
Threat Infrastructure Enumeration
Command and Control Domain Correlation
Intrusion Set Attribution
Public-Facing Web Infrastructure
Threat Management
Detecting Threats
Threat Mitigation Strategy
Predicting Threats
71
AT-A-GLANCE
The RSA Malware Analysis
course provides security
analysts with tools and
techniques for analyzing
malware and extracting
indicators of compromise.
Overview
The RSA Malware Analysis course provides students with the knowledge and skills to
identify and act on actionable intelligence gathered through the process of malware
analysis. Students are introduced to the threat landscape and common malware vectors.
They learn to select and apply the tools and techniques required to reverse, monitor, and
detect a malware threat. Students develop a workflow to gather intelligence and apply it
to their security environment.
Audience
Security analysts, computer forensic investigators, incident responders who have basic
knowledge of malware analysis and want to know more about the tools and techniques
associated with gathering and responding to actionable intelligence.
Duration
4 days
Prerequisite Knowledge/Skills
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Students who have taken the Intelligence-Driven Event Analysis, Incident Handling &
Response, and Threat Intelligence courses or have commensurate experience. Familiarity
with computer architecture principles, operating system theory, networking principles
(including protocols and communication channels), and fundamental principles of
computer security. Experience with programming and scripting concepts is also required.
(Python is used during the course.)
Course Objectives
Upon successful completion of this course, participants should be able to:
Describe the RSA Cyber Defense recommended workflow for reverse engineering
current malware threats.
Examine behavior of malware and its interaction with its environment using dynamic
analysis tools and techniques.
Deduce the program instructions of a malware executable through the use static
analysis tools.
Combine static and dynamic analysis methods to investigate more complex features
of malware using disassembly and debugging tools.
Collect and report actionable intelligence gained from reverse engineering malware.
Process Monitor
Process Explorer
Regshot
Wireshark
CFF Explorer
Volatility
Yara
JSBeautifier
JD-GUI
Process Hacker
HBGary Flypaper
Immunity Debugger
Malzilla
Peepdf
72
Course Outline
Introduction to Malware Analysis
Define the components of malware and how
they work together to compromise a system
Identify common malware vectors
Describe the phases of the intrusion kill chain
Outline the tasks involved in malware analysis
Create a safe environment for investigating
malware code and behavior.
Assessing the Existence and Persistence of Malware
Establish Indicators of Compromise
Identify host-based artifacts.
Identify network-based artifacts.
Locate indicators of compromise.
Determine malwares method of persistence.
Outline the procedure for assessing the
presence of malware on a system.
Dynamic Analysis of Malware
Outline process of dynamic analysis
Apply dynamic analysis techniques in order to
investigate malwares behavior in a virtual
environment.
Examine malware execution using a debugger.
Identify anti-analysis techniques.
Defend against anti-analysis techniques.
Analyze commonly exploited file formats.
Investigating Command and Control
Communications
Describe C2 techniques.
73
Overview
RSA SOCSim, a forensic analysis experience, exposes participants to network and host
forensic analysis within a real-world breach scenario using simulated SOC dynamics.
Participants are presented with a use case that requires them to analyze data flowing
over the network. They are guided through the analysis by challenge questions using a
Jeopardy! style interface based on the Cyber Kill Chain methodology. Answers are
derived through data exploration and investigation of sophisticated "puzzles within
puzzles" such as protocol and application analysis, steganography, reverse
engineering, encryption/decryption, open source intelligence and much more...
AT-A-GLANCE
Experience the challenge of
competition while
responding to questions
based on a real-world
breach scenario.
Audience
Security analysts, computer forensic investigators, incident responders who have had
exposure to network, log and host forensic analysis, and want to challenge themselves
with simulated breach scenarios.
REGISTER:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
Approximately 6 hours.
Prerequisite Knowledge/Skills
Exposure to network, log and host forensic analysis is beneficial. Some security
operations experience would be helpful. Working knowledge of RSA Security Analytics
is required.
Course Objectives
At the end of the challenge, participants will walk away with hands on experience and
exposure to:
74
AT-A-GLANCE
The RSA Cyber Defense
Workshop is designed to
give participants practical
experience as security
analysts who work in a
Security Operations Center
(SOC), Critical Incident
Response Center (CIRC) or
other critical incident
response capacity.
Overview
In this advanced workshop, participants are immersed in a simulated CIRC
environment where they assume different roles and manage the security events
that take place over the course of a three-day scenario. Day-to-day security
incidents will occur alongside potentially catastrophic activity related to the
advanced tactics of determined and persistent adversaries. Each member of the
CIRC Team will have to utilize skills and tools in order to detect, contain and
eradicate the threat as well as document the incidents for executive review. There
is virtually no lecture associated with this workshop; participants learn by doing.
This is the perfect opportunity for members of security teams to sharpen their skills
related to the newest attacks in a controlled environment assisted by experts. The
Workshop provides valuable insights for determining the specific skillsets and tools
that an organization needs in order to mitigate these most advanced types of
attacks against corporate assets.
Audience
REGISTER FOR CLASSES:
For an up-to-date schedule of
Instructor-led classes and other
training options, visit the RSA
Training and Certification web
site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
Duration
3 days
Prerequisite Knowledge/Skills
Participation in the RSA Incident Handling & Response course or commensurate
experience. Some exposure to malware analysis, incident response, and
risk/compliance are beneficial. Participants should have some security operations
experience. Some experience with RSA Security Analytics would be helpful.
75
75
76
Copyright 2015 EMC Corporation. All rights reserved.
01/2015
EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries.
76
Service Highlights
Risk Assessment
One of the key components of RSAs offerings is the ability to assess the risk that
an organizations members pose through lack of knowledge or by unwarily opening
an email attachment or browsing to a web site.
TO REGISTER:
Visit the RSA Training and
Certification web site:
www.emc.com/rsa-training
CONTACT US:
Email:
trainingregistration@rsa.com
Phone: 800-995-5095
Intl:
781-515-7700
Fax:
781- 515-6630
RSAs services can assess users knowledge, target specific users or groups, and
simulate attacks to appraise and measure response. With such powerful
information, appropriate training can be identified and disseminated to users, which
helps close the gap between ignorance and intelligence in the realm of information
security.
Delivery Options
Much of the training delivered to end users is in the form of eLearning, which allows
a high degree of flexibility and acceptance by participants. Some technical subjects
may also be delivered as instructor-led sessions.
Hosting of elearning material can be arranged by RSA or can be delivered from an
organizations own learning portal.
77
IT Staff
Role-based Security Awareness training for IT staff targets topics of particular interest and relevance to IT professionals who
can build a security mindset into their daily tasks and toils. Whether involved with networking, systems management, or
database administration, RSAs training programs address the security considerations that can make a difference in these
day-to-day operations.
Development Staff
Role-based Security Awareness training for Development Staff is designed to help build security controls and protection into
development projects on a variety of platforms. Participants learn the common programming flaws and how to test projects
from a security standpoint. In todays environment, applications secured at the design and development level are essential
to minimize the expense and logistics of distributing security patches and to help prevent product denigration through
vulnerabilities.
ABOUT RSA
RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions
for business acceleration. RSA helps the worlds leading organizations succeed by solving their most complex and
sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access
and collaboration, proving compliance, and securing virtual and cloud environments.
Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss
Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA
brings visibility and trust to millions of user identities, the transactions that they perform and the data that is
generated. For more information, please visit www.RSA.com and www.EMC.com
78
781-515-7700
Fax:
781- 515-6630
Access Control
Telecommunications and Network Security
Information Security Governance & Risk Management
Software Development Security
Cryptography
Security Architecture and Design
Security Operations
Business Continuity and Disaster Recovery
Legal, Regulations, Investigations and Compliance
Physical (Environmental) Security
RSA Education Services is not affiliated with ISC2 or its subsidiaries. Participation in this course does
not guarantee the successful completion of the ISC2 CISSP Exam. RSA Education Services has
developed the course content from direct experience in the areas of the Common Body of Knowledge
topics on the exam. Course costs do not include exam fees or facilitate exam registration. Exam
and has used the ISC2 CISSP Candidate Information Bulletin as a reference as to technical depth and
schedules are available on ISC2.org.
79
AT-A-GLANCE
Free to individuals and
organizations
Easy online access
Measures knowledge
of RSA products and
other security-related
concepts.
Group assessments
can be administered to
identify gaps across a
team
Customization of
assessments & reports
WHERE TO GO
Individuals can take an online
RSA Learning Assessment at:
www.emc.com/rsa-training
For group assessments, contact
us at:
learningassessments@rsa.com
RSA Education Services
Phone: 800-995-5095
International: 781-515-7700
174 Middlesex Turnpike
Bedford, Massachusetts 01730
KEY BENEFITS
RSA Learning Assessments are useful for organizations who recognize a need for
training but arent quite sure what training their team really needs. By leveraging
RSA Learning Assessments, you can better understand the learning gaps and make
an informed decision about the most effective individual and group training plans
for your team.
And, online RSA Learning Assessments are available to you at no charge. An
assessment can be completed within 15-20 minutes with immediate results
provided to the assessment taker. For a team assessment, management reports
can be provided that evaluates individual and group results.
Youll have greater confidence that both the time and financial investment in
training will more quickly enable your technology adoption and increase
productivity.
80
80
SAMPLE REPORTS
ABOUT RSA
RSA is the premier provider of
security, risk and compliance
management solutions for business
acceleration. RSA helps the worlds
leading organizations succeed by
solving their most complex and
sensitive security challenges.
These challenges include managing
organizational risk, safeguarding
mobile access and collaboration,
proving compliance, and securing
virtual and cloud environments.
Combining business-critical
controls in identity assurance,
encryption & key management,
SIEM, Data Loss Prevention and
Fraud Protection with industry
leading eGRC capabilities and
robust consulting services, RSA
brings visibility and trust to
millions of user identities, the
transactions that they perform and
the data that is generated. For
more information, please visit
www.emc.com/rsa-training.
81
Copyright 2013 EMC Corporation. All rights reserved.
08/2013
H12172
EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries.
81