Detecting Active Attacks

Summary:

The "Skills on Demand" training program for Hewlett-Packard Development Company's security analysts and ESMA administrators is designed to improve detection of active attacks through modules such as incident handling, advanced correlation scenarios, network modeling, and more. Participants can choose between the Security Analyst Track or the ESM Administrator Track. The program includes a mix of current and upcoming modules, with certain offerings restricted to Professional Services Solutions Customers. Additionally, the document provides a method for identifying foreign countries' hostile activities related to network security by creating filters in the corporate firewall to detect malicious activity from Chengdu, China targeting the New York City network during the previous hour. This is achieved through field set rules within filter settings. The solution also involves creating a dashboard displaying a pie chart distribution of countries attacking into the NYC network for enhanced situational awareness. Lastly, HP's solution focuses on detecting potential malicious activity patterns by monitoring dropped connections and highlighting them in the data monitor, aiming to provide real-time situational awareness of threats and enhance corporate network defense against hostile activities. Support is available through email, social media handles, or the HP Secure website for further information.

Details:

The document outlines a training program called "Skills on Demand" designed for security analysts and ESMA administrators within Hewlett-Packard Development Company. This program is aimed at enhancing skills in detecting active attacks through various modules, including incident handling, advanced correlation scenarios, network modeling, and more. Participants can choose between two tracks: the Security Analyst Track (for those interested in incident handling) and the ESM Administrator Track (focusing on system health monitoring). The program includes both currently available and soon-to-be-available modules, with certain offerings restricted to Professional Services Solutions Customers. In summary, this document is a training manual for enhancing cybersecurity skills within Hewlett-Packard Development Company by focusing on practical application of skills in an active threat environment. This document outlines several steps for identifying foreign countries' hostile activities related to network security. It starts with creating filters and global variables in the corporate firewall, which is part of "Identify foreign countries' hostile activities" section. The solution involves adding a filter to detect potential malicious activity from Chengdu, China targeting the New York City network during the previous hour. This is achieved by applying field set rules within the filter settings. In the next part under "Deliver situational awareness," it mentions creating a dashboard displaying a pie chart distribution of countries attacking into the NYC network. To accomplish this, another solution involves creating a Filter and Data Monitor, which helps in visualizing the attack patterns from various countries on a single screen through a graphical representation such as a pie chart. Overall, these steps aim to enhance security measures by providing real-time situational awareness of potential threats, allowing for more proactive defense mechanisms against hostile activities targeting corporate networks. This document outlines a solution from Hewlett Packard (HP) that aims to detect potential malicious activity patterns by monitoring dropped connections and highlighting them through icon size in the data monitor. Key points include: 1. **Objective**: Identify and address potential malicious activities, particularly focusing on traffic drops in firewall devices. 2. **Data Monitor Features**: A visual representation of dropped connections will be displayed to help quickly identify which firewall devices are experiencing higher rates of dropped traffic. 3. **Skills on Demand Advantages**: The solution offers several benefits such as remote access with an internet connection, pre-configured environments for easy rollback, real-world scenario training, and self-paced study options. 4. **Contact Information**: For any questions or further information, contact HP through the provided email address (HPESP-Webinars@hp.com), social media handles (@HPSecure on Twitter, and www.facebook.com/hpsecure on Facebook), or visit the HP Secure website at www.hp.com/go/securityuniversity. 5. **Conclusion**: The document concludes with a reiteration of HP's commitment to security in an ever-changing digital landscape.