SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsDeploying new security solutions requires consideration of the incident handling process. New solutions can impact the various phases of incident handling: Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned. An implementation of Cisco Security Agent (CSA) is analyzed and impacts to the incident handling process are identified. In addition, guidance is provided to configure CSA to support the incident handling process. An example malware incident is used to demonstrate the differences in incident handling with CSA and without CSA. Conficker is used as the malware sample. In order to understand the incident and required response, Conficker behaviors and how to test for them are documented.