Cybersecurity for IT Online

Creating a strong corporate cybersecurity posture is impossible without the systematic education of employees. Most enterprises provide cybersecurity education and training on two levels – expert training for IT Security teams and security awareness for non-IT employees (Kaspersky has a comprehensive set of products for both). But what’s missing? Right: IT teams, service desks, and other technically advanced staff. Standard awareness programs are not enough for them, but companies still don’t need to turn these employees into cybersecurity experts: it is too expensive, too lengthy and too risky.

FIRST-LEVEL INCIDENT RESPONSE

Kaspersky is launching first-on-the-market online skills training for generalist Enterprise IT professionals. This consists of 4 modules:

  • Malicious software
  • Potentially unwanted programs and exploits
  • Investigation basics
  • Phishing & Opensource Intelligence

The training equips IT professionals with practical skills on how to recognize a possible attack scenario in an ostensibly benign PC incident, and how to collect incident data for handover to IT Security. It also creates a passion for hunting out malicious symptoms – cementing the role of all IT team members as the first line of cybersecurity defense.

TRAINING FORMAT

This is a completely online training – trainees only need Internet access and Chrome browser on their PC. Each of 4 modules consists of a short theoretical overview, practical tips and 4-13 exercises – each practicing certain skill and teaching how to use IT Security tools and software in everyday work.

The course is designed to take about a year of study. We recommend that you complete 1 exercise per week. Each exercise will take you from 5 to 45 minutes.

Training is recommended for all IT specialists within the organization, first of all service desks and system administrators. Most of non-expert IT Security team members will also benefit from this course.

Malicious software

Knowledge gained: Malware classification. Malicious and suspicious software actions and signs

Personal attitude: Malware may exist in any place on the computer. Malware is able to steal data in multiple non-trivial ways. Its mandatory to report all suspicious potential incidents to Security team

Skills gained: Verification of existence or absence of incident related to malware

Practice given in the module: Using tools ProcessHacker, Autoruns, Fiddler, Gmer for detecting the malware

Practical exercises amount: 13

Tools: ProcessHacker, Autoruns, Fiddler, Gmer


PuPs and exploits

Knowledge gained: The basics of statistical and dynamic analysis of the software samples

Personal attitude: Documents (pdf, docx) can contain exploits. Unsigned files can contain malware. Digital signature does not guarantee that the file does not contain malicious functionality

Skills gained: Working with event monitors of the systems and sandboxes. Using statistical engines (virustotal). Removing PuPs

Practice given in the module: Static (signature) and statistical (virustotal) analysis of the software samples. Using procmon, for finding exploits and malicious behavior of the software.

Practical exercise amount: 4

Tools: Procmon, Hashdeep, Virustotal, AVZ, Cuckoo sandbox

Investigation basics

Knowledge gained: Incident Response process, methods of log analysis, specifics of storing the digital information

Personal attitude: If one suspect the cyber security incident, immediately report to security team and collect digital evidence. Analysis should be done under supervision and together with the security team

Skills gained: Incident localization, Data collection, Collecting digital evidence

Practice given in the module: Collected various data types on computers. Log analysis to find the source and the links of the attack

Practical exercise amount: 5

Tools: FTK-imager, Eventlog Explorer, Autopsy, Ntop

Phishing and OSINT

Knowledge gained: Modern phishing methods. Methods of detecting targeted phishing

Personal attitude: Phishing can be very sophisticated to discover. Phishing can always be detected by manual investigation. Phishing emails need to be deleted from user mailboxes

Skills gained: Phishing emails lookup. Verification of the incident related to phishing. OSINT

Practice given in the module: Exchange Compliance Search and removal of the phishing emails. Verification of the suspicious email using open sources (lookup for the Counterfeit data)

Practical exercise amount: 6

Tools: Exchange Mailbox Search, Recon-ng