Training

2019 Training

FireEye is pleased to offer the following selection of instructor-led cyber security training courses on October 7-8, 2019 during Cyber Defense Summit 2019. Paid attendance to the following courses also includes free registration to the main Cyber Defense Summit activities on October 9-10. Training class sizes are limited to ensure quality. Registrants will be accepted on a first-come/first-served basis.

Training registration also includes free attendance to the main Cyber Defense Summit activities on October 9-10.

Use Expertise On Demand units for Training

Expertise On Demand subscribers can exchange units to attend CDS Training classes for 2 units per student per class. To order CDS Training using Expertise on Demand units or if you have any questions, email us at EOD@fireeye.com.

Learn more about Expertise On Demand

Alert Analysis

2-Day Course | October 7-8, 2019 | $1999 per student
This course introduces learners to FireEye-generated alerts on our Network Security (formerly NX) and Email Security (formerly EX) platforms. It provides a framework on how to interpret callbacks and how to interpret results of malware binary analysis. Hands-on activities include analyzing alert data to determine the significance of the alerts. Learners will be shown how to distinguish between the different FireEye alert types, as well as how to locate and use critical information in a FireEye alert to assess a potential threat and how to use Indicators of Compromise (IOCs) in a FireEye alert to identify the threat on compromised hosts.

Who should attend:

Network security professionals, incident responders and FireEye administrators and analysts who must work with alerts generated by FireEye Network Security and Email Security products.

Course prerequisites:

Completion of at least one instructor-led or web-based FireEye deployment training course or experience administering FireEye appliances. A working understanding of networking and network security, the Windows operating system, file system, registry and use of the CLI.

What students should bring:

All students must bring a laptop equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

Alert Analysis

Who should attend:

Network security professionals, incident responders and FireEye administrators and analysts who must work with alerts generated by FireEye Network Security and Email Security products.

Course prerequisites:

What students should bring:

All students must bring a laptop equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

Cyber Intelligence Foundations

2-Day Course | October 7-8, 2019 | $1999 per student
This course introduces the discipline of cyber intelligence with a focus on the cyber intelligence lifecycle. It covers current technology trends, common vulnerabilities and a review of noteworthy cyber breaches and adversary activity. It also summarizes relevant U.S. and international standards and policies.

Who should attend:

Managers of technical information security teams and analytic and technical professionals familiar with threat intelligence.

Course prerequisites:

Working understanding of basic information security principles and general understanding of threat intelligence.

What students should bring:

It is recommended that students bring a laptop with a version of Microsoft Windows 7 or newer installed, Administrator access, a minimum of 25GB free space, wireless capabilities, and Microsoft Office or Open Office installed.

Cyber Threat Hunting

2-Day Course | October 7-8, 2019 | $1999 per student
This course covers the fundamentals of threat hunting, how to build out a hunt program in your own environment, and how to identify, define, and execute a hunt mission. We will introduce the essential concepts for network and endpoint hunting and then apply techniques to hunt for anomalous patterns. Learners will have the opportunity to apply hunting techniques using FireEye products, such as FireEye Investigation Analysis (formerly IA), Endpoint Security (formerly HX), and Helix. Throughout the course, hands-on activities will follow real-world use cases to identify attacker techniques. Learners will leave the course with concrete use cases that they can leverage to hunt in their own environment.

Who should attend:

Network security professionals and incident responders who will be using FireEye products to assist with their network and endpoint hunting responsibilities.

Course prerequisites:

Completion of the FireEye Endpoint Security (HX) Deployment and FireEye Network Forensics (PX) courses - access will be provided to these web-based training courses prior to attending the Cyber Threat Hunting course. A working understanding of networking and network security, the Windows operating system, file system, registry and regular expressions, and experience scripting in Python.

What students should bring:

All students must bring a laptop equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

Essentials of Malware Analysis

2-Day Course | October 7-8, 2019 | $1999 per student
This course provides a beginner-level introduction to the tools and methodologies used to perform malware analysis on executables found in Windows systems using a practical, hands-on approach. The course introduces learners to disassembly, preparing them for topics covered in more advanced courses. This content is taught by FLARE malware analysts who are experienced in analyzing a diverse set of malware.

Who should attend:

Information technology staff, information security staff, corporate investigators and others who need to understand how malware functions operate and the processes involved in malware analysis.

Course prerequisites:

General knowledge of computer and operating system fundamentals. Exposure to computer programming fundamentals and Windows Internals experience (recommended).

What students should bring:

Students must bring their own laptop computer with VMware Workstation 12.5+ or VMWare Fusion 7+ installed. Laptops should have at least 30GB of free space. Students must also be able to install software provided on a USB device.

FireEye Helix for Investigations

2-Day Course | October 7-8, 2019 | $1999 per student
FireEye Helix for Investigations is a condensed version of our four and a half day FireEye Helix course covering the workflow, architecture and core functionality of Helix, as well as triaging Helix alerts, creating and scoping cases, the Mandiant Attack Life Cycle as it relates to Helix and an introduction to hunting. Alert validation and investigation using FireEye Network Security and Endpoint Security will be introduced. Hands-on activities include writing MQL searches as well as analyzing and validating Helix, Network Security and Endpoint Security alerts.

Who should attend:

Network security professionals, incident responders and FireEye administrators and analysts who must work with Helix Threat Analytics to analyze data in noisy event streams.

Course prerequisites:

A working understanding of networking and network security, the Windows operating system, file system, registry and use of the command line interface (CLI).

What students should bring:

All students must bring a laptop equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark is recommended.

Investigations with Endpoint Security

2-Day Course | October 7-8, 2019 | $1999 per student
This course covers the methodology of live forensic analysis and investigations centering on enterprise systems. Using the Mandiant Attack Lifecycle as a framework, the learner will use hands-on activities to understand where to locate forensically significant evidence of malware and attack TTPs (techniques, tactics, and procedures). Analysis of enterprise systems will be performed using FireEye Endpoint Security and other freely available tools. Activities focus on investigation techniques using Endpoint Security (formerly HX) features such as the Triage Summary, Audit Viewer, Enterprise Search, and custom Data Acquisitions. An introduction to memory analysis using Volatility will also be presented. Learners will also work with the HX API to automate actions and explore integrating Endpoint Security (HX) with other systems.

Who should attend:

Network security professionals and incident responders who must use FireEye Endpoint Security to investigate, identify and stop cyber threats.

Course prerequisites:

Completion of the Endpoint Security Deployment course -- access will be provided to this web-based training course prior to attending the Investigations with Endpoint Security course. A working understanding of networking and network security, the Windows operating system, file system, registry and regular expressions, and experience scripting in Python.

What students should bring:

All students must bring a laptop equipped with one of the following browsers: Chrome (latest), Firefox (latest), or Internet Explorer (10 or greater). Wireshark and Redline are recommended.

Network Traffic Analysis

2-Day Course | October 7-8, 2019 | $1999 per student
Sophisticated attackers frequently go undetected in a victim’s network for an extended period. Attackers can blend legitimate traffic with malicious network activity that only skilled network analysts know how to detect. This course shows learners how to identify malicious network activity. It provides an overview of network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. Learners review the types of network monitoring and the tools commonly used to analyze captured network traffic. The course also explores the best techniques for investigating botnets and how to use honeypots in network monitoring. The course includes lectures and hands-on lab sessions to reinforce technical concepts.

Who should attend:

Information technology and security staff, corporate investigators and other staff members who need to understand networks, network traffic, network traffic analysis and network intrusion investigations.

Course prerequisites:

A basic understanding of TCP/IP and Windows and UNIX platforms. Familiarity with security terminology and a working knowledge of Wireshark is also recommended.

What students should bring:

Students will need to bring a laptop computer with Windows 7 or newer operating system installed, Core i5 or equivalent processor, 6 GB (preferably 8 GB) of RAM and 25 GB or more of free HDD space, wireless capabilities, Microsoft Office or Open Office installed, and must be able to boot from a USB device. Virtual machines are acceptable provided at least 4 GB of RAM can be allocated.

Windows Enterprise Incident Response

2-Day Course | October 7-8, 2019 | $1999 per student
This intensive course is designed to teach the fundamental investigative techniques needed to respond to today’s cyber threats. The fast-paced course is built upon a series of hands-on labs that highlight the phases of a targeted attack, sources of evidence and principles of analysis. Examples of skills taught include how to conduct rapid triage on a system to determine whether it is compromised, uncover evidence of initial attack vectors, recognize persistence mechanisms and investigate an incident throughout an enterprise.

Although the course is focused on analyzing Windows-based systems and servers, the techniques and investigative processes are applicable to all systems and applications. The course includes detailed discussions of common forms of endpoint, network and file-based forensic evidence collection and their limitations as well as how attackers move around in a compromised Windows environment.

The course also explores information management that enriches the investigative process and bolsters an enterprise security program. Discussion topics include the containment and remediation of a security incident, and the connection of short-term actions to longer-term strategies that improve organizational resiliency.

Who should attend:

This is a fast-paced technical course that is designed to provide hands-on experience with investigating targeted attacks and the analysis steps required to triage compromised systems. The content and pace are intended for students with some background in conducting forensic analysis, network traffic analysis, log analysis, security assessments, and penetration testing, or even security architecture and system administration duties. It is also well suited for those managing CIRT / incident response teams or in roles that require oversight of forensic analysis and other investigative tasks.

Course prerequisites:

A working understanding of the Windows operating system, file system, registry, and use of the command-line. Familiarity with Active Directory, basic Windows security controls, and common network protocols.

What students should bring:

Students must bring their own laptop or virtual machine with a version of Microsoft Windows 7 or newer installed, Administrator access, a minimum of 25GB free space, wireless capabilities, Microsoft Office or Open Office installed, and must be able to install software provided on a USB device.

Mainstage

Speakers

Breakout Sessions

2019 Training

Use Expertise On Demand units for Training

Alert Analysis

Alert Analysis

Cyber Intelligence Foundations

Cyber Threat Hunting

Essentials of Malware Analysis

FireEye Helix for Investigations

Investigations with Endpoint Security

Network Traffic Analysis

Windows Enterprise Incident Response

Cyber Defense Summit 2020, don't miss out!

Thank you for attending Cyber Defense Summit 2019.

#FireEyeSummit