Workshop Content

The frequency and impact of attacks have drastically increased over the years, leaving companies vulnerable to data and knowledge loss, which in turn causes reputational and financial damage. Implementing new security solutions is crucial for survival in the modern era, but enterprises face the ongoing challenge of mastering new tools and processes.

Professionals seeking to understand global cybersecurity concepts, learn the benefits of various defense tools, and receive kickstart training on daily operations will find everything they need in the WSA101 XDR Essentials Workshop. This workshop equips them to design robust defenses and efficiently operate our XDR.

  • In-person (3 Days)

  • Who should attend WSA101 ?

    • People who are new to information security and in need of an introduction of the security detection concepts.
    • Those who feel overwhelmed by the complexity of the UI and the vast quantity of solutions of the XDR Platform.
    • Professionals who need transversal knowledge of the TEHTRIS Stack without the need of deep operational luggage.
    • Managers who need a precise idea of the level of the induced workload as well as the skillset required to operate a Tehtris XDR.

The XDR Essentials Workshop In depth

Activities

  • Discover common defense tools and their purpose
  • Identify when solution cross coverage is required for efficient incident handling
  • Learn about TEHTRIS Solutions specific and how to take the maximum out of it
  • Take a guided tour of each TEHTRIS Solution UI, and identify valuable data
  • Explore menus and perform common tasks in the UI


Business Key Points

  • Reskill or upskill your team with Vendor-Agnostic concepts about basic security concepts
  • Maximize your security operation success and improve your team communication by using standard terms and definitions
  • Reach a better overall security level by defining a strategy for the use of various security solutions
  • Increase your efficiency by Reducing the time required for main tasks in Tehtris XDR
  • Take the Most out of the XDR metrics to help maturing your information security strategy


Inside the box

  • Identify common threat vectors and how to build an efficient defense line
  • Position your security controls to maximize coverage
  • Understand TEHTRIS Specifics and design your own proactive defenses
  • Leverage all metrics of the XDR to adopt a continuous improvement cycle of your security posture
  • Access what you need, when you need it with no detour, think about your job, not the UI


Expected Results

  • Recognize the different type of security controls
  • Leverage complementary security approaches for best results
  • Understand key metrics and what they are teaching you in term of possible improvements
  • Use the TEHTRIS XDR UI with ease
  • Implement your security policy or any pre-existing configuration
  • Perform Basic Security Posture Improvement Tasks within TEHTRIS XDR: manage Whitelists, Configurations, Policies


Lab Details

  • Install TEHTRIS EPP & EDR Agents
  • Configure your endpoint to forward events to your SIEM
  • Implement a predetermined configuration for EPP & EDR
  • Check for Endpoint Coverage and Alert Distribution
  • Implement an existing security policy in the EDR
  • Enable or Disable SIEM Rules
  • Read and Understand Alerts & Events
  • Configure, Save and Share your display Filters
  • Deal with false Positive & Update Whitelists
  • Support the Incident Containment and Recovery Steps by deploying Temporary Yara, and IOC obtained from your specialists
  • Make your own visualizations with TEHTRIS Analytics
  • Get more details about threats in the Tehtris CTI Platform
  • Configure a Mail Alert via SOAR to be notified of incidents


Syllabus by day

 Day 1:Security & Defense Strategies 
Outline

To operate 24/7 without interruptions IT needs high standard security guarantying Availability, Integrity Confidentiality and Traceability. From the Top Management to IT Security Policies via Business high expectations, Architectures, Configurations and Tooling are shaping your ability to deal with security issues before they cause an Impact on your company revenue and reputation.

A clear vision of what serves what purpose in your Enterprise defense strategy and efficient communication with appropriate language and terminology is the cornerstone of all Security Careers.

Hands-on / Workshop
  • MITRE Attack Coverage Mapping
  • Pair Matching
  • Architecture Design
Subjects
  • Security Processes: Security Management, Risk Assessment, Incident Response
  • Types of Security Detection: Event Logging, Reputation, Signatures, IOC, Blacklists...
  • Security Tooling & Definitions: Firewall, Proxies, AV, EPP, EDR, SIEM, Event, Incident, Alert ...
  • Common Security Architectures designs
  • TEHTRIS Approach on Security and Solutions Specifics
.
 Day 2:TEHTRIS XDR Solutions Basics 
Outline

New solutions imply some new capabilities and new processes. Security is all about how efficiently you plan and deliver, high priority should be allocated be study how to port your current processes into your new platform, and how to fit new features that broaden your options to improve your security posture.

This Section cover all basics from setup, initial configuration to daily operations for TEHTRIS EDR, EPP, SIEM. It's important to train in a safe and foolproof environment to allow analysts to experiment with settings and how the Security Posture Reacts to those settings. And basics Business as usual operations are covered in our exercises. To speed things up the instructor will provide information about a fictive company and its policies to provide guidelines for configuration, allowing end-to-end experience of the security posture implementation.

Hands-on / Workshop
  • Agent Installation
    • EPP
    • EDR 
    • SIEM Log Forwarder
  • Design an Incident Prevention Security Posture
    • EPP Module selection and activation
    • EDR Module selection and activation
  • Convert Company Security Policies to TEHTRIS Solutions Policies 
    • Firewall 
    • Execution Prevention (Application Control)
    • USB
  • Whitelist and Blacklist Management
  • Searching and Filtering Events
  • Check Endpoint Configuration and Performances
Subjects
  • Security in depth
  • Firewall Rules
  • Application Control / Execution Prevention
  • Endpoint Performance
  • Whitelist & False Positive Handling
.
 Day 3:Investigation Process & Continuous Improvement 
Outline

Monitoring is but the beggining of the journey, designing processes and applying them is the most important thing. What is a great plan if it's never put to Action ? 

Modern Attacks are fast, very fast. With 20 minutes average time for complete automated compromise,  Success awaits only Entreprises whose Defenders set Events to trigger notifications and prepare automatic remediation to gain precious time for humans to assess and control the situation.

To maintain a long term strong security posture and keep improving the overall security level, Enterprises need vision. A common challenge for security teams is to understand what metric is available and how to interpret and leverage it. As threats evolve along the internal security vulnerability level, on the long run continuous improvement is the key factor that makes the difference between detection and data breach .

From coverage to signal/noise ratio the TEHTRIS XDR embeds metrics and dashboard capabilities that you can tailor to your needs. That feedback provides valuable insights that will support your control, compliance, quality and security management processes.

Hands-on / Workshop
  • Exploit XDR Dashboards
  • Search Information in TEHTRIS Analytics
  • Create meaningful Analytics visualization
  • Create your Tailored DashBoard
    • Endpoint Coverage
    • Risk Level
    • Signal-Noise Ratio
    • Tailored Metrics
  • Design a simple Incident Handling Process
  • Manage Critical risks with SOAR Remediations
  • Turn Alerts to Notifications with SOAR 
Subjects
  • Security Management
  • Risk Management
  • Incident Handling Process
  • Continuous Improvement
  • Automated Responses
  • Prioritization & Notification
.