Kaspersky launches online training program to improve cyberattack response capabilities. The Windows Incident Response course also covers ransomware.
To enable in-house cybersecurity teams and InfoSec professionals to expand their Incident Response (IR) analytical skills, Kaspersky has developed a new Windows Incident Response course [1].
Improve responsiveness to cyber attacks
In recent years, the lack of qualified technical staff capable of detecting and responding to complex incidents, as well as the lack of infrastructure transparency and inconsistent management have been among the top challenges for companies in dealing with complex cyber threats [2].
For organizations looking to improve the expertise of their internal digital forensics and incident response teams, as well as IT security professionals looking to expand their skillset, Kaspersky has expanded its online expert training portfolio [3]. Windows Incident Response Training was developed by experts from the company's Global Emergency Response Team (GERT), who have over 12 years of experience in the field. Ayman Shaaban, Digital Forensics and Incident Response Manager, and Kai Schuricht, Senior Incident Response Specialist, will guide the course participants through incident detection using a real case with the REvil ransomware as an example [4].
Detect cyber incident in practice
As part of the course, IT security practitioners will learn how to detect and respond to a cyber incident. In addition, they will be able to distinguish APTs from other threats, as well as analyze different attack techniques and targeted attack anatomy through the cyber kill chain. Participants will master evidence gathering, all phases of incident detection, log file analysis, network analysis and IoC (Indicators of Compromise) creation. In addition, they are also introduced to the topic of memory forensics.
Attendees will have access to a simulated virtual work environment with all the necessary tools including ELK Stack, PowerShell, Suricata, YARA and more to practice IR techniques.
"Incident response skills require specific skills to verify and manage threats in a timely manner and minimize the damage caused by an incident," said Kai Schuricht, Senior Incident Response Specialist at Kaspersky. "As no one is immune from a cyberattack and it becomes increasingly difficult to prevent intrusion into a security perimeter, remedial action and the knowledge and experience of how to respond is more needed than ever."
Great challenges for InfoSec professionals
“Responding to complex incidents and analyzing attack steps are major challenges for InfoSec professionals,” adds Ayman Shaaban, Digital Forensic and Incident Response Manager at Kaspersky. “In this new course we have bundled the GERT knowledge from handling security incidents for Kaspersky customers around the world. Our goal was not only to train extensive theoretical knowledge on the topic, but also to provide practical skills by investigating ransomware cases.”
The self-paced course includes 40 video lessons and 100 hours of virtual lab time of hands-on learning. The duration of the training is approximately 15 hours, with participants having six months time and access to the platform to complete the training.
[1] https://xtraining.kaspersky.com/courses/windows-incident-response[2] https://www.computerwoche.de/a/fachkraeftemangel-erhoeht-das-sicherheitsrisiko,3550024
[3] https://xtraining.kaspersky.com
[4] https://de.wikipedia.org/wiki/REvil More at Kaspersky.com