Creating a strong corporate cybersecurity posture is impossible without the systematic education of employees. Most enterprises provide cybersecurity education and training on two levels – expert training for IT Security teams and security awareness for non-IT employees (Kaspersky has a comprehensive set of products for both). But what’s missing? Right: IT teams, service desks, and other technically advanced staff. Standard awareness programs are not enough for them, but companies still don’t need to turn these employees into cybersecurity experts: it is too expensive, too lengthy and too risky.
Kaspersky is launching first-on-the-market online skills training for generalist Enterprise IT professionals. This consists of 4 modules:
The training equips IT professionals with practical skills on how to recognize a possible attack scenario in an ostensibly benign PC incident, and how to collect incident data for handover to IT Security. It also creates a passion for hunting out malicious symptoms – cementing the role of all IT team members as the first line of cybersecurity defense.
This is a completely online training – trainees only need Internet access and Chrome browser on their PC. Each of 4 modules consists of a short theoretical overview, practical tips and 4-13 exercises – each practicing certain skill and teaching how to use IT Security tools and software in everyday work.
The course is designed to take about a year of study. We recommend that you complete 1 exercise per week. Each exercise will take you from 5 to 45 minutes.
Training is recommended for all IT specialists within the organization, first of all service desks and system administrators. Most of non-expert IT Security team members will also benefit from this course.
Knowledge gained: Malware classification. Malicious and suspicious software actions and signs
Personal attitude: Malware may exist in any place on the computer. Malware is able to steal data in multiple non-trivial ways. Its mandatory to report all suspicious potential incidents to Security team
Skills gained: Verification of existence or absence of incident related to malware
Practice given in the module: Using tools ProcessHacker, Autoruns, Fiddler, Gmer for detecting the malware
Practical exercises amount: 13
Tools: ProcessHacker, Autoruns, Fiddler, Gmer
Knowledge gained: The basics of statistical and dynamic analysis of the software samples
Personal attitude: Documents (pdf, docx) can contain exploits. Unsigned files can contain malware. Digital signature does not guarantee that the file does not contain malicious functionality
Skills gained: Working with event monitors of the systems and sandboxes. Using statistical engines (virustotal). Removing PuPs
Practice given in the module: Static (signature) and statistical (virustotal) analysis of the software samples. Using procmon, for finding exploits and malicious behavior of the software.
Practical exercise amount: 4
Tools: Procmon, Hashdeep, Virustotal, AVZ, Cuckoo sandbox
Knowledge gained: Incident Response process, methods of log analysis, specifics of storing the digital information
Personal attitude: If one suspect the cyber security incident, immediately report to security team and collect digital evidence. Analysis should be done under supervision and together with the security team
Skills gained: Incident localization, Data collection, Collecting digital evidence
Practice given in the module: Collected various data types on computers. Log analysis to find the source and the links of the attack
Practical exercise amount: 5
Tools: FTK-imager, Eventlog Explorer, Autopsy, Ntop
Knowledge gained: Modern phishing methods. Methods of detecting targeted phishing
Personal attitude: Phishing can be very sophisticated to discover. Phishing can always be detected by manual investigation. Phishing emails need to be deleted from user mailboxes
Skills gained: Phishing emails lookup. Verification of the incident related to phishing. OSINT
Practice given in the module: Exchange Compliance Search and removal of the phishing emails. Verification of the suspicious email using open sources (lookup for the Counterfeit data)
Practical exercise amount: 6
Tools: Exchange Mailbox Search, Recon-ng