Global cybersecurity firm Kaspersky has announced the launch of a newly designed Windows Incident Response training course aimed at improving skills for responding to cyberattacks including ransomware.
The online course will offer in-house cybersecurity teams and InfoSec professionals an opportunity to expand their analytical skills in the incident response domain.
According to the recent Kaspersky survey conducted among senior non-IT management and business owners, 73% of firms can’t handle a ransomware attack alone or with the help of regular IT service providers.
These firms will have to seek the help of external incident response providers’ in the event of a ransomware attack, despite 66% of respondents consider there is a high possibility of these attacks on their organization.
The Windows Incident Response training was developed by experts from the company’s Global Emergency Response Team (GERT) with more than 12 years’ experience in the field.
The self-guided training course includes 40 video lessons and 100 hours of virtual lab time for hands-on learning. The estimated training duration is 15 hours, but participants will have six months of access to the platform to finish the training.
Throughout the course, which is heavily focused on practical skills, Kaspersky’s digital forensics and incident response manager Ayman Shaaban and senior incident response specialist Kai Schuricht will take students through incident detection using the example of a real-life REvil ransomware case.
Kai Schuricht said incident response capabilities require specialized skills to verify and handle threats in a timely manner, as well as to minimize the damage from an incident.
“Since no one is immune to a cyberattack, and it becomes increasingly more difficult to prevent a security perimeter penetration, remediation and the knowledge and experience of how to respond are more in demand than ever before,” he said.
“Responding to complex incidents and uncovering attack steps is a huge challenge for InfoSec experts. Within this new course we’ve concentrated GERT knowledge gained from handling security incidents for Kaspersky customers around the globe. Our aim was not only to provide extensive theory around the subject, but to also provide real applied skills through end-to-end ransomware case investigation,” said Ayman Shaaban.
Students will also study various attack techniques and a targeted attack anatomy through the Cyber Kill Chain. They will be granted access to a simulated virtual working environment with all the necessary tools, including ELK stack, PowerShell, Suricata, YARA, and more, to practice IR techniques.
Participants will master evidence acquisition, all phases of incident detection, log file analysis, network analysis and the creation of IoCs, and also get introduced to memory forensics.
By the end of the course IT security practitioners will know how to identify and respond to a cyber-incident and will be able to differentiate APTs from other threats.