Search Results

My name is Fatima, and I'm a tech lead manager on Google's Detection and Response Team. If there is a hacker on the network, our job is to find them.  Working in detection is really like an artist preparing for a show. We spend all this time developing ...

So far, you've been introduced to the National Institute of Standards and Technology (NIST) Incident Response Lifecycle, which is a framework for incident response consisting of four phases: Preparation Detection and Analysis Containment, Eradic...

So you've learned about incident response teams, the different types of roles, and their respective responsibilities. Now, let's talk about how teams respond to incidents using incident response plans. When an incident occurs, inc...

As a security analyst, you'll play an important role in incident detection. After all, you're going to be at the front lines actively detecting threats. To do this, you'll not only rely on the security knowledge you've developed so far, but you'll ...

Hi there. Previously, you learned how an incident handler's journal is used for documenting the 5 W's of an incident: who, what, where, when, and why an incident occurred.  In this section, we'll continue our discussion on documentation by exploring...

In this video, we'll introduce you to intrusion detection and intrusion prevention systems. Imagine that you've just installed a home intrusion security system. You've installed intruder sensors for each entry and exit point in your...

Previously, you explored intrusion detection system (IDS) and intrusion prevention system (IPS) technologies. In this reading, you’ll compare and contrast these tools and learn about endpoint detection and response (EDR). As a security analyst, you'll likely w...

Our discussion on detection tools may have left you wondering where alerts are sent and how alerts are accessed by security analysts. This is where security information and event management, or SIEM, tools are used. SIEM is a tool...

Way to go! You made it through a new section, and you've learned a lot. As a refresher, we first covered the incident response lifecycle as a framework to support incident response processes. You were also given yo...

Welcome back! I'm so glad you're joining us. Previously, you were introduced to incident detection and response. You may also remember learning about networking from a previous course. To recap, you learned about how devices talk ...

Hi, my name is Casey and I'm part of the Google Cloud Enterprise Security sales team. First of all, the biggest piece of advice I can give is: do it. I want you to be here.  We need all the people.  It's a non-stop, ever-changing world in cybersecurity...

In many organizations, network communication travels over multiple networks in different countries and across different devices. Data can get unintentionally sent and stored in insecure places, like personal email inboxes or cloud storage platforms. ...

Network communication can be noisy! Events like sending an email, streaming a video, or visiting a website all produce network communications in the form of network traffic and network data. As a reminder, network traffic is the amount of data that moves acros...

Monitoring network traffic helps security professionals detect, prevent, and respond to attacks.  In my experience as a security professional, monitoring for deviations from typical network traffic patterns has yielded big results. Even if information...

Whether it's an employee sending an email or a malicious actor attempting to exfiltrate confidential data, actions that are performed on a network can be identified through examining network traffic flows. Understanding these network ...

The role of security analysts involves monitoring and analyzing network traffic flows. One way to do this is by generating packet captures and then analyzing the captured traffic to identify unusual activity on a network. Previously, you explored the fundamen...

If a packet capture is like intercepting an envelope in the mail, then packet analysis is like reading the letter inside of the envelope. Let's discuss how analyzing packets can help us interpret and understand network communications. ...

While there are many different tools available to use, it's important as a security analyst that you learn how to read and analyze packets manually.  To do so, let's examine an important packet component: IP headers. Previously, you ...

So far, you've learned about how network protocol analyzers (packet sniffers) intercept network communications. You've also learned how you can analyze packet captures (p-caps) to gain insight into the activity happening on a network. As a security analyst, yo...

Tcpdump is a popular network analyzer. It's pre-installed on many Linux distributions and can be installed on most Unix-like operating systems, like macOS. You can easily capture and monitor network traffic such as TCP, IP, ICMP, and many more. ...