New SANS course teaches infosec pros how to ruin attackers’ day

Once an adversary gains initial access into a network the vast majority, many of whom are maneuvering adroitly throughout the organization with stolen credentials, go undetected; sometimes for years.

SANS Institute announced the addition of a new security training course that provides security professionals with the critical tools and skills needed to frustrate, deceive and catch these malicious actors.

The SEC550: Active Defense, Offensive Countermeasures and Cyber Deception course will explore proven anticipatory and active defense techniques that are missing from most security programs today.

“Traditional defenses are failing organizations. While firewalls, intrusion detection systems, end-point security suites and other traditional defenses provide a critical first line of defense, they are no longer enough. Advanced persistent threat (APT) groups bypass traditional defenses as a course of business,” said Bryce Galbraith, SANS instructor and contributing author of the course.

“As our adversaries get better, so must we. The SEC550 course is unique in many ways and is specifically designed to empower defenders to take their defenses to the next level as they systematically and deliberately thwart, frustrate, and deceive their adversaries. Students will learn techniques that are designed to ruin adversaries’ day.”

Students participating in this new course will learn:

  • How to force an attacker to take more moves to attack a network — moves that in turn may increase a defender’s ability to detect that attacker
  • How to gain better attribution as to who is attacking and why
  • How to gain access to a bad guy’s system
  • Most importantly, they will learn how to do the above legally.

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception is based on the Active Defense Harbinger Distribution live Linux environment funded by the Defense Advanced Research Projects Agency (DARPA). This virtual machine is built from the ground up for defenders to quickly implement Active Defenses in their environments.

The course is filled with hands-on activities focusing on active defenses which students will be able to quickly and easily implement in their own network environment, and it will make its debut at SANS San Jose 2015 in late July.




Share this