Skip to main content

Search Shelves Books Log in

Details

Revision #1

Created 11 months ago by naruzkurai

Updated 10 months ago by naruzkurai

Actions

Revisions

Export

Contained Web File.html
PDF File.pdf
Plain Text File.txt
Markdown File.md

Book Navigation

[Completed] Professional Google Cybersecurity Specialization C6/8; Sound the Alarm: Detection and Response
Introduction to Course 6
Terms and definitions from the certificate
Dave: Grow your cybersecurity career with mentors
Welcome to week 1
Introduction to the incident response lifecycle
Incident response teams
Fatima: The importance of communication during incident response
Roles in response
Incident response plans
Incident response tools
The value of documentation
Intrusion detection systems
Overview of detection tools
Alert and event management with SIEM and SOAR tools
Wrap-up; Terms and definitions from Course 6, Week 1
Welcome to week 2
Casey: Apply soft skills in cybersecurity
The importance of network traffic flows
Maintain awareness with network monitoring
Data exfiltration attacks
Packets and packet captures
Learn more about packet captures
Interpret network communications with packets
Reexamine the fields of a packet header
Investigate packet details
Packet captures with tcpdump
example tcp dump activity
Activity: Research network protocol analyzers
Wrap-up; Terms and definitions from Course 6, Module 2
Welcome to module 3 ; The detection and analysis phase of the lifecycle
Cybersecurity incident detection methods
MK: Changes in the cybersecurity industry
Indicators of compromise
Analyze indicators of compromise with investigative tools
Analyze indicators of compromise with investigative tools
The benefits of documentation
Document evidence with chain of custody forms
Best practices for effective documentation
The value of cybersecurity playbooks
Generic Phishing Playbook Version 1.0
The role of triage in incident response
Robin: Foster cross-team collaboration
The triage process
The containment, eradication, and recovery phase of the lifecycle
Business continuity considerations
The post-incident activity phase of the lifecycle
Post-incident review
Wrap-up; Terms and definitions from Course 6, Module 3
read
Welcome to module 4
The importance of logs
The importance of logs
Best practices for log collection and management
Rebecca: Learn new tools and technologies
Variations of logs
Overview of log file formats
Security monitoring with detection tools
Detection tools and techniques
Grace: Security mindset in detection and response
Components of a detection signature
Examine signatures with Suricata
Examine signatures with Suricata
Examine Suricata logs
Overview of Suricata
Activity: Explore signatures and logs with Suricata
Reexamine SIEM tools
Log sources and log ingestion
Query for events with Splunk
Search methods with SIEM tools
Follow-along guide for Splunk sign-up
Wrap-up; Glossary terms from module 4
Course wrap-up
Terms and definitions from Course 6, course 6 glossary

Books

[Completed] Profession...

The importance of netw...

The importance of network traffic flows

In many organizations, network communication travels over multiple networks in different countries and across different devices.

Data can get unintentionally sent and stored in insecure places, like personal email inboxes or cloud storage platforms.

Users trust that their data is safely and securely sent and stored.

And it's the job of security professionals like you to help protect these communications in transit and at rest.

Previously, you may recall learning how to identify and secure critical assets through security controls like data classification and encryption.

Coming up, we'll expand on this topic and examine how network traffic analysis can be used to monitor network activity and identify potential malicious activity.

So what is network traffic?

Network traffic is the amount of data that moves across a network.

While network data is the data that's transmitted between devices on a network.

Depending on the size of a network, there can be a huge volume of network traffic at any given moment.

For example, in a large, multinational organization, there may be thousands of employees sending and receiving emails at any given time.

That's a lot of network traffic.

With such large volumes of traffic being produced, how do you know what's normal behavior, or what's unusual and requires investigation as a potential security incident?

Imagine being stuck in unexpected traffic during your regular drive to work.

And, as you move along, you realize something unusual caused the traffic, like a minor vehicle collision which slowed down the expected flow.

On the road,

we have certain expectations about traffic flows based on our commuting experience.

Peak traffic patterns like morning and evening rush are normal and expected, while abnormal traffic during off-peak times reveals that something

unexpected has happened, like a vehicle collision.

Network traffic works in the same way.

By understanding how data should be flowing across the network, you can develop an understanding of expected network traffic flow.

By knowing what's normal, you can easily spot what's abnormal.

We can detect traffic abnormalities through observation to spot indicators of compromise, also known as IoC, which are observable evidence that suggests signs of a potential security incident.

Take, for instance, data exfiltration, which is the unauthorized transmission of data from a system.

Attackers use data exfiltration to steal or leak data such as user names, passwords, or intellectual property.

By observing network traffic, we can determine if there's any indicators of compromise, such as large volumes of outbound traffic leaving a host.

This is a sign of possible data exfiltration which can be further investigated.

Understanding and monitoring network traffic for inconsistencies is an important aspect of a security professional's job.

Coming up, we'll explore what a data exfiltration attack looks like in real-time.

Meet you there.

No Comments

Back to top