Intrusion Defense School

Your organization's ability to fend off spyware, computer viruses and the latest breed of information security threats hinges on the strength and cohesion of your intrusion defense strategy.

Intrusion Defense School focuses on network intrusion prevention and detection key defense elements -- antivirus, antispyware, IDS/IPS, etc. -- to help you implement an information security strategy that meets your organization's needs.

Table of contents:

Considerations for antimalware deployments

New Early antivirus products were host-based agents that used basic signature detection to scan hard drives for malicious code. Today’s antimalware is more sophisticated with enterprises operating not only within the network perimeter, but on mobile devices and in the cloud. Traditional antimalware deployments aren’t good enough anymore. You need to consider your company’s needs by user and location and protect assets accordingly. In this lesson, you’ll learn how to effectively architect antimalware solutions for your enterprise.

About the author:
Diana Kelley is a partner with Amherst, N.H.-based consulting firm SecurityCurve.

Enterprise mobile device defense fundamentals

Zeus Kerravala
Mobile device security is approaching a tipping point: attackers are spending more time poking and prodding various mobile device platforms and applications, looking for exploitable weaknesses that will lead to a pathway into the enterprise. This lesson examines the realities of the security threat posed by mobile devices such as smartphones and tablets, the methods used by savvy attackers and the technology and policy decisions to consider regarding personal devices and corporate data stored and accessed by consumer devices.

About the expert:
Zeus Kerravala is principal analyst for ZK Research.

Data breach prevention strategies

New This lesson will establish a baseline data breach prevention strategy every enterprise should have in place to protect key enterprise data -- such as credit card payment information, intellectual property and customer and employee records. Learn about the importance of a risk assessment and defining and prioritizing potential threats based on your organization's unique criteria; what access controls and audit capabilities that must be in place; what essential technologies you need to secure data; and the key security program elements that can prevent a security lapse from becoming a security breach.

About the expert:
Nick Lewis, CISSP, is an information security architect at Saint Louis University.

Reinventing defense in depth

A sophisticated, modern defense-in-depth architecture is essential for every enterprise in order to avoid catastrophic information security incidents. But it can be a significant challenge for an organization to understand how to assess its current security posture, identify technical gaps, choose the best technologies to fill those gaps and then finally ensure those pieces are all integrated and managed effectively. This lesson explores those concepts to enable an enterprise to ensure it has all the pieces in place for an effective layered defense that can successfully withstand a multitude of evolving threats.

About the expert:
Mike Chapple is an IT security professional with the University of Notre Dame and a technical editor for SearchSecurity.com.

How DAM can help detect and trace attacks

In this lesson, explore effective deployment techniques and configurations to best detect and trace attacks, explain different use cases, and ensure the data your tool collects is accurate and doesn't drag down database performance.

About the expert:
Adrian Lane is CTO with independent consulting firm, Securosis, LLC.

Practical strategies to mitigate insider threats

With more logging and monitoring tools available, detecting illicit insider activity should be easier. Why has the number of insider cases increased dramatically? Because most insiders who commit fraud, theft, IT sabotage, or espionage use authorized access and perform the same online actions that they perform every day. In this lesson, learn what patterns to watch for and what tools you should have in your arsenal to thwart insider threats.

About the expert:
Dawn Cappelli is a senior member of technical staff for the CERT Program at Carnegie Mellon University.

Anatomy of an attack

Attackers are more resourceful, determined and prolific than ever before. This lesson will help you know your enemy and understand how to respond to and defend against increasingly complex types of hacker attacks and techniques.

About the expert:
Dr. Markus Jakobsson is a principal scientist at Palo Alto Research Center.

Advanced malware, rootkit and Trojan defense

In a matter of months, the threat landscape has changed dramatically. In this lesson, learn how to thwart sophisticated attacks featuring custom rootkits, Trojans and malware designed to exploit unknown vulnerabilities.

About the expert:
Lenny Zeltser is a SANS Institute instructor and noted author.

Securing Windows Server 2008

The release of Windows Server 2008 included a number of significant security-related changes. This lesson will provide an overview of the features and enhancements, including read-only domain controllers, Network Access Protection and more.

About the expert:
Elizabeth Quinlan is the technical lead for HynesITe where she is a trainer/consultant.

Developing a strategy for malware defense

Get expert insight on the state of the malware landscape as it pertains to SMBs, including the most common types of malware. Learn how malware works, what it is designed to do and what makes it unique. Also see case study examples and key principles of a successful lean and mean antimalware program.

About the expert:
Lenny Zeltser is a SANS Institute instructor and noted author.

Web application attacks: Building hardened apps

Learn about the myriad of Web application attacks happening today, including detailed explanations of SQL injection attacks, clickjacking, cross-site scripting, cross-site request forgery and other Web-based attacks that lead right to sensitive information stored in a back-end database. Understand how to assess production Web apps for dangerous flaws and how to architect a software development process that can help counter these threats in both QA and production.

About the expert:
Cory Scott is a director with security consultancy Matasano Security.

Preventing Web server attacks

Web servers need constant hardening, testing and monitoring to prevent Web server attacks. In this lesson, learn tactics, policies and best practices for keeping enterprise Web servers safe and secure.

About the expert:
Michael Cobb is the founder and managing director of Cobweb Applications Ltd.

Entrance exam: Web attack prevention and defense

Test your knowledge of Web security to see if you'd benefit from our Intrusion Defense School lesson, "Preventing Web server attacks."

Choosing a Web security gateway

The Web has become a top threat vector, and organizations must respond by ramping up their gateway protections. Web security gateways, which provide integrated URL filtering, antimalware protection and application controls, are becoming a popular choice, but how does a company choose which product is the best fit for their needs? In this Security School lesson, you'll learn about the different features available in Web security gateways, key product selection considerations and how to ensure the deployment is successful.

About the expert: Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a UK-based application security consultancy.

Targeted attacks

Mathias
Hackers are long past mass-mailing worms that set off a denial-of-service condition on email or Web servers. Instead, they’re after high-value, data-rich targets using a combination of new attacks and tweaks on old attacks to capture valuable information. In this Security School lesson, you’ll learn more about how targeted attacks are developed, where your soft spots may be, how attackers are moving data off your networks and what you can do about it.

About the expert: Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 15 years of experience in the IT industry and another 16 years of experience in finance. He is the founder and managing director of Cobweb Applications Ltd., a consultancy that helps companies to secure their networks and websites, and also helps them achieve ISO 27001 certification. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications.