Training - Enterprise Network Investigation
and Threat Profiling
This class teaches how to detect, track and solve sophisticated attacks and intrusions in large, complex IT networks in a fraction of the time that would normally be required, even in most cases when no evidence exists or has been destroyed. All classroom lessons are based on actual real-world case histories taken from years of Clarity Consulting’s personnel solving numerous high profile cyber-crimes cases.
Based on actual case history dissections, this class is taught from three distinctly different but complementary perspectives at the same time:
• From a cyber-crime investigator's standpoint;
• From a network defender's standpoint;
• From a professional attacker's standpoint.
Class sessions are interactive and include hands-on learning, brain storming sessions and instructor led, real-world case investigations with case resolutions.
About the Training
The threat profiling portion of the course equips the student to conduct rapid investigations in complex intrusion scenarios using anecdotal and seemingly unrelated data to narrow the focus to a small, manageable list of suspects. Finally, in a bonus section class attendees learn how to eliminate substantial amounts of internal and external cyber security risk by re-engineering and reconfiguring the existing network defenses.
Who Should Attend
Due to the sensitive and technical nature of this class, it is only recommended for professional, full-time, cyber-crime investigators and enterprise network defense professionals responsible for network defense, threat mitigation, incident response and evidence gathering. Corporate and government employees are welcome.**
Attendees should possess a sound understanding of TCP/IP and enterprise authentication, and at least two years of experience with network perimeter defense systems.
What You Will Learn
Investigators will gain big picture perspective on the complexities of enterprise class network defense strategy and learn how experienced hackers can successfully circumvent those measures. The class will demonstrate through lectures and real world case studies how improperly implemented authentication across a large organization or a broadly staged infrastructure may lead to an undetectable, catastrophic security breach. These sessions reveal the techniques and thought processes employed in effectively investigating some of the most sophisticated and well-engineered attacks.
Pitfalls of Standard Defenses
Some investigators skirt the technical details of the most complex cases in favor of a high level approach that relies upon widely accepted investigation tools and techniques. The most experienced attackers, however, apply custom tools and tactics, unconventional thinking, and superb mastery of technical detail to achieve their objectives.
The best attackers use a company's own defenses, even its own protective encryption systems, to foster attacks and to prevent discovery. Using real-world case histories, this portion of the course will stimulate the thinking of the most experienced cybercrimes investigators, while guiding less experienced investigators through the use of customized and unconventional investigation techniques and tools to solve these complex cases.
Threat Profiling and Identification
These sessions introduce attendees to a sophisticated new methodology that allows investigators to detect and to solve complex cases rapidly, even when the evidence appears to be missing, destroyed, or overwritten. These sessions focus on developing the mentality and skill set that leads to the use of these effective investigative techniques. The goal is to teach the attendee to understand and out-think the adversary, not attempt to match technical prowess with elusive foes that are almost always one step ahead.
Attendees will learn that insider threats can be largely eliminated through implementation of covert psychological profiling in the pre-employment review process, combined with periodic follow up assessments of active duty personnel.
**Disclaimer: Clarity Consulting Corporation reserves the right to reject any and all non-law enforcement applicants for any reason without explanation. Alternatively, Clarity Consulting Corporation may elect to modify our class content to reduce its sensitivity for non-law enforcement applicants.