SEC503: Network Monitoring and Threat Detection In-Depth Online Training

This intermediate SEC503 prepares cybersecurity specialists to analyze the content and behavior of a network's traffic, identify anomalous or unwanted traffic, and handle threats and intrusions.

This course familiarizes security personnel with the equipment and techniques necessary to monitor a network and spot threats, intrusions, and potential incidents. This course covers everything you need to know to identify possible threats before they happen as well as what to do with intrusions once they've occurred. This is an advanced cybersecurity course, but the information in it would be valuable for nearly any cybersecurity professional, no matter where they are in their career.

Once you're done with this cybersecurity skills training, you'll know how to analyze the content and behavior of a network's traffic, identify anomalous or unwanted traffic, and handle threats and intrusions.

For anyone who manages cybersecurity specialists, this cybersecurity training can be used to onboard new cybersecurity specialists, curated into individual or team training plans, or as a cybersecurity reference resource.

SEC503: What You Need to Know

This SEC503 training has videos that cover topics such as:

Basics of intrusion detection and network security monitoring
Capturing and analyzing traffic based on deep network protocol familiarity
Identifying and investigating network-based attacks with packet analysis
Responding to and handling incidents

Who Should Take SEC503 Training?

This SEC503 training is considered associate-level cybersecurity training, which means it was designed for cybersecurity specialists. This network monitoring and threat detection skills course is designed for cybersecurity specialists with three to five years of experience with cybersecurity.

New or aspiring cybersecurity specialists. If you want to work in cybersecurity, this course is a way to specialize and focus your technical expertise before you even begin your first job. Although you won't want to take this course if you have no previous cybersecurity training, you should take it if you want to fast-track your way to positions related to threat detection and response.

Experienced cybersecurity specialists. If you've already got a few years of experience in cybersecurity, this course is a great way to build on that general foundation and focus it into one point: threat detection. Learn the intricacies of network traffic analysis, packet capture and analysis, and operating IDS and IPS – with that knowledge and experience, you'll be prepared for promotions to advanced security positions.

Skill:
Concepts of TCP/IP
- 1. Overview
  1 min
- 2. Supplemental File
  1 min
- 3. Concepts of TCP/IP
  1 min
- 4. Part of the Bigger Picture
  1 min
- 5. Different parts of TCP/IP
  1 min
- 6. Replay the Traffic
  1 min
- 7. Learning Binary and Hex
  1 min
- 8. Conclusion
  1 min
Skill:
Introduction to Wireshark
- 1. Overview
  1 min
- 2. Introduction to Wireshark
  1 min
- 3. Being Promiscuous
  1 min
- 4. Saving our Work for Later
  1 min
- 5. Exporting Things From Wireshark
  1 min
- 6. Filtering Results
  1 min
- 7. Conclusion
  1 min
Skill:
UNIX Command Line Processing
- 1. Overview
  1 min
- 2. UNIX Command Line Processing
  3 mins
- 3. Network Analysis on POSIX-based Systems
  1 min
- 4. Burpsuite
  1 min
- 5. sslstrip
  1 min
- 6. Back to the Field… Manual
  5 mins
- 7. Conclusion
  1 min
Skill:
Network Access Link Layer 2
- 1. Overview
  1 min
- 2. Network Access Link Layer 2
  1 min
- 3. Identifying Layer 2
  1 min
- 4. Layer 2 Communication
  1 min
- 5. Packet Examples
  1 min
- 6. Conclusion
  1 min
Skill:
IP Layer 3
- 1. Overview
  1 min
- 2. IP Link Layer 3
  1 min
- 3. Identifying Layer 3
  1 min
- 4. Layer 3 Communication
  1 min
- 5. Packet Examples
  1 min
- 6. Conclusion
  1 min
Skill:
Real-World Application: Researching a Network
- 1. Overview
  1 min
- 2. Real-world Application
  2 mins
- 3. Knowing the Packet
  1 min
- 4. Quirks in IP Addressing
  1 min
- 5. Layer 3 Protocols
  1 min
- 6. Encryption Issues
  1 min
- 7. Capturing Those Packets
  1 min
- 8. Conclusion
  1 min
Skill:
ICMP
- 1. Overview
  1 min
- 2. ICMP
  1 min
- 3. Identifying ICMP
  7 mins
- 4. ICMP Communication
  1 min
- 5. ICMP Addressing
  1 min
- 6. Packet Examples
  1 min
- 7. Conclusion
  1 min
Skill:
UDP
- 1. Overview
  1 min
- 2. UDP
  1 min
- 3. Identifying UDP
  1 min
- 4. UDP Communication
  1 min
- 5. UDP Addressing
  1 min
- 6. Packet Examples
  11 mins
- 7. Conclusion
  1 min
Skill:
TCP
- 1. Overview
  1 min
- 2. TCP
  1 min
- 3. Identifying TCP
  1 min
- 4. TCP Communication
  1 min
- 5. TCP Addressing
  1 min
- 6. Packet Examples
  1 min
- 7. Conclusion
  1 min
Skill:
IP6
- 1. Overview
  1 min
- 2. IPv6
  1 min
- 3. Identifying IPv6
  1 min
- 4. IPv6 Communication
  1 min
- 5. IPv6 Addressing
  1 min
- 6. Packet Examples
  1 min
- 7. Conclusion
  1 min
Skill:
IP4
- 1. Overview
  1 min
- 2. IPv4
  1 min
- 3. Identifying IPv4
  1 min
- 4. IPv4 Communication
  1 min
- 5. IPv4 Addressing
  1 min
- 6. Packet Examples
  1 min
- 7. Conclusion
  1 min
Skill:
Wireshark Display Filters
- 1. Overview
  1 min
- 2. To the Boolean-Mobile!
  1 min
- 3. Knowing the Basic Filters
  1 min
- 4. Expanding on Basic Filters
  1 min
- 5. Syntax is Everything
  1 min
- 6. Apply Filtering to Live Capture
  1 min
- 7. Conclusion
  1 min
Skill:
Layer 4 and Beyond
- 1. Overview
  1 min
- 2. Layer 4 and Beyond
  1 min
- 3. Pen to Paper
  1 min
- 4. DNS
  1 min
- 5. Microsoft Protocols
  1 min
- 6. HTTP
  1 min
- 7. Conclusion
  1 min
Skill:
Advanced Wireshark
- 1. Overview
  1 min
- 2. Advanced Wireshark
  1 min
- 3. Magic Numbers
  1 min
- 4. Regular Expressions
  1 min
- 5. BPF Filtering
  1 min
- 6. Supplemental Material
  1 min
- 7. Conclusion
  1 min
Skill:
Introduction to Suricata
- 1. Overview
  1 min
- 2. Introduction to Suricata
  1 min
- 3. Installing Suricata
  1 min
- 4. Continuing our Install
  1 min
- 5. Setting up Suricata
  1 min
- 6. Rule Configuration
  1 min
- 7. Conclusion
  1 min
Skill:
DNS
- 1. Overview
  1 min
- 2. DNS
  4 mins
- 3. Identifying DNS
  9 mins
- 4. DNS Communication
  1 min
- 5. DNS Addressing
  1 min
- 6. Packet Examples
  1 min
- 7. Conclusion
  1 min
Skill:
Microsoft Protocols
- 1. Overview
  1 min
- 2. Microsoft Protocols
  3 mins
- 3. NETBIOS
  13 mins
- 4. LDAP
  7 mins
- 5. RDP
  7 mins
- 6. Kerberos
  9 mins
- 7. SMB
  12 mins
- 8. RPC
  8 mins
- 9. Conclusion
  1 min
Skill:
Modern HTTP
- 1. Overview
  1 min
- 2. Modern HTTP
  1 min
- 3. HTTP Basics
  8 mins
- 4. HTTP Delivery
  5 mins
- 5. Understanding HTTP on the Network
  1 min
- 6. Files From Within
  1 min
- 7. Looking for Web Traffic
  1 min
- 8. Conclusion
  1 min
Skill:
Real-World Application: Identifying Traffic of Interest
- 1. Overview
  1 min
- 2. Real-world Applications
  1 min
- 3. Solarwinds
  1 min
- 4. Starting up our Solarwinds
  1 min
- 5. Basic Configurations
  1 min
- 6. Adding a Log Source
  11 mins
- 7. Conclusion
  1 min
Skill:
How to Research a Protocol
- 1. Overview
  1 min
- 2. How to Research a Protocol
  2 mins
- 3. There’s something strange, and it don’t look good…
  1 min
- 4. Requesting a comment
  1 min
- 5. Tying in the Results to our Packets
  1 min
- 6. Other Protocols Moving Forward
  3 mins
- 7. Conclusion
  1 min
Skill:
Scapy
- 1. Overview
  1 min
- 2. Scapy
  2 mins
- 3. Installing Scapy
  1 min
- 4. Crafting with Scapy
  1 min
- 5. Making Our Packets Look Legit
  1 min
- 6. Conclusion
  1 min
Skill:
Introduction to Snort
- 1. Overview
  1 min
- 2. Snort
  1 min
- 3. Installing Snort
  1 min
- 4. Setting up Snort
  1 min
- 5. Configuring Some Rules
  8 mins
- 6. Security Considerations
  7 mins
- 7. Conclusion
  1 min
Skill:
Burpsuite
- 1. Overview
  1 min
- 2. Burp Suite
  1 min
- 3. Getting the Software
  1 min
- 4. Configuration of Burp Suite
  1 min
- 5. Crawling Around
  1 min
- 6. Burp Suite Detection
  1 min
- 7. Conclusion
  1 min
Skill:
Introduction to Network Forensic Analysis
- 1. Overview
  1 min
- 2. Introduction to Network Forensic Analysis
  3 mins
- 3. Finding Our Practice
  1 min
- 4. Starting Our Practice
  1 min
- 5. Checking Our Results
  3 mins
- 6. Conclusion
  1 min
Skill:
Zeek
- 1. Overview
  1 min
- 2. Some of the Basics
  1 min
- 3. Running Zeek
  1 min
- 4. Examining the Results
  1 min
- 5. Practice at Home
  1 min
- 6. Conclusion
  1 min
Skill:
Network Architecture
- 1. Overview
  1 min
- 2. Network Architecture
  3 mins
- 3. The Internal Network
  1 min
- 4. The External Network
  1 min
- 5. Mapping out the Cloud
  1 min
- 6. Putting Pen to Paper
  1 min
- 7. Let's Review
  6 mins
- 8. Conclusion
  1 min
Skill:
Introduction to Network Monitoring at Scale
- 1. Overview
  1 min
- 2. Introduction to Network Monitoring at Scale
  1 min
- 3. Understanding the Network
  1 min
- 4. Solarwinds (Again)
  1 min
- 5. Monitoring with Solarwinds
  1 min
- 6. Other Network Monitoring Options
  1 min
- 7. Conclusion
  1 min
Skill:
IDS and IPS Evasion Theory
- 1. Overview
  1 min
- 2. IDS and IPS Evasion Theory
  1 min
- 3. Understanding What Evasion Actually Is
  1 min
- 4. Fragmentation
  1 min
- 5. Spoofing
  1 min
- 6. Sledding Past the IDS/IPS
  1 min
- 7. Forging a Signature
  1 min
- 8. Conclusion
  1 min
Skill:
Threat Hunting and Visualization
- 1. Overview
  1 min
- 2. Threat Hunting and Visualization
  2 mins
- 3. Examining a Netflow
  1 min
- 4. Replaying the Traffic
  1 min
- 5. Is It Something Bad?
  1 min
- 6. Stress Testing Our Packet Captures
  1 min
- 7. Let’s Review
  1 min
- 8. Conclusion
  1 min

Loading transcripts...

Conclusion

Access all premium content with a free week!

Start a free week

Explore Features

Course overview

4 HOURS OF TRAINING

29 SKILLS

169 VIDEOS

0 VIRTUAL LABS

0 PRACTICE EXAMS

Erik Choron

Nugget trainer since 2022

Read the full bio

What is it like to train with us?

Our learners say it best.

Helps me learn the skills I need when I need them

THOMAS S. | SYSTEMS ENGINEER & CONSULTANT

Read Reviews

SEC503: Network Monitoring and Threat Detection In-Depth FAQs: Cost, Training, Value

Is the GIAC Certified Intrusion Analyst Certification (GCIA) certification worth it?

GIAC certifications are expensive, challenging and time-intensive – whether or not they're worth it for you depends a lot on your career goals. That said, GIAC certifications are very well respected because they thoroughly cover levels of depth that many other cybersecurity certifications don't. The Certified Intrusion Analyst Certification (GCIA) in particular is one of the best traffic analysis and intrusion detection certifications available: it's often worth it for system and security analysts, network engineers and security managers.

How much does the Certified Intrusion Analyst Certification (GCIA) SEC-503 cost?

GIAC certifications aren't cheap, and the GCIA is no exception. GCIA's one exam, SEC-503, costs $949 to attempt. If you can't pass it on your first attempt, subsequent retakes will cost $849. If you need a little more time between failing and retaking, you can purchase an attempt extension for $459. Unofficial practice exams for GCIA certifications are hard to come by, and official practice tests cost $399.

How difficult is the SEC-503 (GCIA certification exam)?

The SEC-503 has been called by some one of the most challenging cybersecurity exams they've taken. Earning the GCIA and passing SEC-503 requires an in-depth familiarity with threat identification and mitigation. The exam is 4 hours long and dives deep into how network protocols work to better understand how network threats and attacks surface and operate. The test also includes challenging critical thinking portions which focus on your ability to make good judgment calls with limited information.

Does the GCIA certification expire?

Yes, GIAC certifications (and that includes GCIA) expire after four years. In order to maintain an active GCIA, you'll need to maintain a certain number of continuing education credits (which can be obtained in a number of different ways) and pay the renewal fee. There are many different ways to demonstrate your ongoing proficiency and earn the credits you need to renew, from other cybersecurity certifications to college courses and online seminars provided by GIAC.

How to study for the Certified Intrusion Analyst Certification (GCIA) SEC-503?

The learning objectives for SEC-503 are on GIAC's website, so you could just study each topic on your own. What's recommended, though, is to take an online course modeled off the GCIA exam itself. Not only does a SEC-503 course provide the information you need in the way that's easiest to learn, but it should come with virtual simulations and practice environments to learn the real-world skills that employers actually want you to have.

CompTIA Security+ (SY0-601)

CompTIA Cybersecurity Analyst CySA+ (CS0-002)

What is it like to train with us?

Our learners say it best.

SEC503: Network Monitoring and Threat Detection In-Depth FAQs: Cost, Training, Value

Let's chat!