Identifying the Core in Incident Analysis

The pinnacle of professional security analyst practice!
Learn how to analyze breach incidents through practice.

Basic competencies of a security analyst ,
Analysis of breach incidents!

When a cyberattack occurs, companies must quickly determine the extent of damage and minimize the business impact through accident recovery. If activities required to comply with laws or regulations required by the industry are omitted, penalties or additional compliance items may be imposed according to related laws or regulations. In order to minimize the business impact, companies focus on responding to incidents across the company, including the security team, public relations team, and legal team. Companies conduct annual or quarterly training through mock drills on the essential activities required to respond when a security incident occurs.

Security analysts perform incident analysis work when a breach occurs in a company or organization or legal issues arise. In order to identify the cause of system abnormalities that occur due to various causes, the ability to distinguish these problem situations is necessary. In particular, when a breach occurs due to an external intrusion or internal employee intrusion, the role of a security analyst is to analyze the damage to the system and the cause of the breach through incident analysis.

In order to analyze the damage caused by a company's accident and to devise countermeasures to prevent accidents from recurring, it is most important to analyze the exact cause of the accident. However, it is very rare and difficult to actually experience the accident analysis process.

The term “Big Root” is commonly used to emphasize the complexity of a problem or situation. “Big Root” means that the root of the problem is large and complex. This indicates that the problem is not limited to a single cause or factor, but rather is a complex intertwining of various factors .

In the case of breaches due to advanced cyberattacks, it is also difficult to resolve the cause of the incident through system analysis that is revealed on the surface. Advanced attacks cause repeated recurrence of incidents and cause continuous damage to the company's business. The corporate security team must check information on various systems and solutions during the analysis process to identify the root cause and vector of the security incident.

Through lectures, you will learn about the security incident response procedures and the types and causes of cybersecurity incidents that cause serious damage to companies. You will learn the capabilities necessary to fundamentally resolve security vulnerabilities that cause hacking incidents.

From concept to practice
The basics of breach analysis.

Through training in breach analysis similar to real-world cases,
You can develop your accident analysis skills.

• Gain the basic knowledge needed to perform your job as a security analyst and practice using analysis tools.
• Identify the causes of cybersecurity incidents based on an understanding of network communications and applications.
• By analyzing threat logs generated from various security devices, you can identify attackers attempting intrusion.
• Learn practical breach incident analysis methods required for performing corporate intrusion response and analysis work.

In this lecture, we will look at the practical perspective of breach incident analysis methods required for performing intrusion response and analysis work in companies . We will provide practitioners performing network-based intrusion detection log or network packet analysis work with the knowledge and know-how of handling analysis tools required by security analysts for analysis, and explain what results should be found through analysis.

In particular, when performing security analysis work, you will use various logs and analysis tools. For those who want to analyze intrusion detection system logs, web server logs, and network packets, I would like to explain the basic concepts and practical techniques of threat analysis. By explaining the basic concepts and techniques as well as the know-how the author acquired from his work, I hope to help students improve their work performance capabilities.

The information analyzed for incident analysis typically includes web logs, IDS/IPS logs, and network packet logs. We plan to conduct incident response training while analyzing logs from systems where actual security incidents occurred. Finally, we will share how to take your career in the future from the perspective of career management.

Efficient analysis learning
I'll help you.

_{Intrusion Response/Analysis
Required for practical use
How we collect information}

_{Breach response/analysis
Used by practitioners
Analysis Tools and Usage}

_{Breach response/analysis
By way of example
Practical know-how}

1) Learn the analytical tools and methods used by breach response/analysis practitioners.

If you do not have much experience in analyzing breaches, you may be at a loss as to where to start when investigating an incident. In this lecture, you will practice cases of each type of incident so that analysts can quickly find the cause of the incident and identify the attack path. Through the practice, you will learn what to focus on and how to analyze efficiently to find traces of the breach when analyzing security logs.

• ✅ Learning about normal log classification criteria cases
• ✅ Practice using a bulk log analysis program
• ✅ Learning about breach incident types

2) It can be applied and utilized in various situations through analysis methods that are not dependent on hacking techniques.

Attackers attempt to infiltrate systems in a variety of ways. By understanding the principles of exploiting vulnerabilities without being tied to specific attack tools or attack methods, you can perform analysis by applying them to various security attack attempts.

Security Analysis Practice for Training.

IDS Log Analysis Training

We provide some filtered attack logs detected by commercial security products for practice. The attack event name, attack time, and other information are configured identically to actual incident cases.

Web Log Analysis Training

We directly analyze the attack techniques targeting web servers and the logs left on the target server. Through analysis, we identify vulnerable settings on the web server and identify the cause of the accident.

Network Packet Analysis

We reproduced a cybersecurity incident case under the same conditions in a lab environment, reproduced the process of attacking the system from the attacker's perspective, and captured network traffic. We analyzed the captured packets to analyze the attack target and the scope of damage.

What you'll learn 📚

You can learn the analysis process by practicing breach analysis through each practical case study. Before learning through the analysis process, you will first perform the analysis yourself and compare the process you analyzed yourself with the contents of the analysis guide.

Q&A 💬

The knowledge sharer for this course is ✒️

Key career highlights

• Security Consultant: Design/build/operate security enhancement strategies through security infrastructure consulting
• Security Control Consulting: SOC construction consulting and operation work
• Security Service Product Development: Development of Next-Generation Security Control Solutions & Services
• Response to breach incidents: Military/public/private companies, etc.
• 2014 KISA K-Shield Security Completion Instructor (AhnLab Network Forensics Training Instructor)
• 2016 Personal Information Security (PIS) FAIR / Presentation Topic 'Security Intelligence'

_{Cyber Breach Incident Analysis Strategy (Acorn Publishing, 2016)}

_{Hacking, Intrusion Incident Analysis (G&S, 2009:
(2009 Ministry of Culture, Sports and Tourism Outstanding Academic Book)}