Protecting the Perimeter: Practical Network Enrichment

This eight-hour training track provides practical knowledge about network traffic analysis and how to leverage cyber threat intelligence (CTI) to enrich detections and improve visibility. Participants explore five proven methodologies to network traffic analysis, including packet capture, network flow, protocol, baseline and behavioral analysis, and historical analysis.

Using industry standard tools, this track demonstrates how each methodology improves by applying CTI and how analytical tradecraft enhances investigations. The track is divided into four courses, each about two hours long:

1. Decoding Network Defense
2. Analyzing the Digital Battlefield
3. Insights into Adversaries
4. The Defender's Arsenal

After completing this course, participants should be able to:

• Explain the need for and importance of network traffic analysis
• Understand how cyber threat intelligence enriches network telemetry and associated data sources
• Conduct the five most common methods of complementary network traffic analysis to identify threatening activity, behaviors, and patterns
• Identify anomalous network activity that may represent malicious influence or interference by threat actors
• Recognize the basic functions of network traffic analysis tools including: Augury, Tcpdump, Censys, TShark, GreyNoise, urlscan.io, NetFlow, Wireshark, RITA, Zeek, Shodan

This course was designed by intelligence professionals for intelligence professionals, but most security-oriented roles will benefit. Professionals who regularly monitor networks, triage incidents, or need to operationalize intelligence will benefit the most from this course.

On-demand training

Eight hours

Participants should bring their own laptop computer with the latest browser of choice and the ability to connect to the internet. Participants do not require access to the tools demonstrated in this track, however, access to the tools will significantly improve the learning experience and knowledge retention.