Based on current best practices, the training includes performance indicators and means that will help those who take it increase their operational skills of tackling cyber incidents.
Network forensics is more important than ever, since more and more data is sent via networks and the internet. When there is a security incident, network forensics can help reduce the time needed to go from Detection to Containment – an essential step in any major security incident.
When used proactively, network forensics provides a better picture of what your network’s ‘normal’ traffic looks like, leading to more intelligent alerting and less false positives.
ENISA makes available a ready-to-use version, including manuals for trainers and students, and provides tools and data related to exercise scenarios through Virtual Machines.
The training consists mainly of exercises focused on logging and monitoring, detection, and analysis or data interpretation. For example, one exercise deals with an attack on an ICS/SCADA environment in the energy sector. It starts with the preparation phase and it is followed by the incident analysis and post-incident activity.
Other scenarios within the training refer to how to detect “exfiltration” in a large finance corporation environment, or the analysis of an airport third-party VPN connection compromise.