New Skills

New Training: Host Based Analysis

by Team Nuggets
New Training: Enumerating Services and Vulnerabilities picture: A
Published on February 23, 2021

In this 5-video skill, CBT Nuggets trainer Bob Salmans explores the process of analyzing hosts for signs of compromise. Gain an understanding of host-based security technologies, and learn how to analyze a malware sandbox report. Watch this new Cisco training.

Watch the full course: Cisco Certified CyberOps Associate

This training includes:

  • 5 videos

  • 36 minutes of training

You’ll learn these topics in this skill:

  • Endpoint Security Monitoring Technologies

  • Identifying the Role of Attribution

  • Comparing Disk Images

  • Interpreting Logs

  • Analyzing Sandbox Reports

Endpoint Monitoring is the New Antivirus Solution

Antivirus software is no longer a complete protection scheme for endpoints in the enterprise environment. It is reported that AV software only blocks about 40% of attacks. Though businesses still need to utilize an antivirus solution, the sad truth is that infosec analysts need a more robust protection method. That's where endpoint monitoring and response come into play.

What is an Endpoint?

An endpoint can be considered any device on the network that has access to the internet. This could be something like a webserver, workstation, or smartphone.

What is Endpoint Monitoring?

Endpoint monitoring works a little differently than traditional antivirus software. Instead of using signatures to match threats, endpoint monitoring watches behavior. As an example, if a user's workstation is attacked with crypto-malware, it might send strange packets to an unknown source that no one in that business has communicated with prior. It also causes a lot of disk and CPU usage. Since those behaviors are abnormal, an endpoint monitoring system would flag that workstation as having a potential issue.

Of course, that is an oversimplification of how endpoint monitoring works. Endpoint monitoring comprises of multiple tools like sandboxes, log file analyzers, etc… There are a lot of endpoint monitoring solutions available today. Infosec analysts will need to understand what these tools offer to pick the best solution for their business.

Recommended Articles