The cybersecurity threat landscape is in a constant state of change and the number of cyber-attacks continue to increase as adversaries find new ways to access and compromise applications, corporate networks and systems. Vulnerability management is a process that all New Zealand organisations need to address, however many don’t have the knowledge and practical experience to implement a vulnerability management programme.
Vulnerability Management is a set of extremely powerful and effective technical, operational and business processes, and tools that deliver tangible improvements to an organisation’s security posture.
Whilst often overlooked or under-utilised, the proper implementation of these processes and tools add a significant extra barrier to those attempting to compromise your environment.
Vulnerability management fits well in both waterfall and agile development product delivery methodologies and enables both Operations or DevSecOps to regularly audit, patch or reconfigure out the most common vulnerabilities.
Presented by a seasoned penetration tester, this short training course delivers a practical guide for Vulnerability Management. This is very much hands-on training where you will be using a private lab and the Tenable* suite of vulnerability management tools to learn about how to minimize your organisation’s exposure to security breaches.
Who is it for?
This course is designed for:
Entry level through to seasoned IT Security Professionals
Whether you work in an organisation looking to build, deploy or manage a vulnerability management solution or are a IT / security professional looking to get hands on experience in vulnerability management, this Practical Hands-on Guide to Vulnerability Management short course is for you.
Participants should have a general understanding of IT Security and understand the basic concepts of vulnerability management.
The premise behind the use of vulnerability assessment tools and processes
Assets and Devices
Network Installation locations and good practice
Protecting the scanners and data they produce
Separation of duties
Planning and deploying a single scanner
Planning and deploying multiple scanners
Single control panel vs multiple – Benefits of both
Firewalls and OS identification
Known host profiles and expected results
Running a scan
Planning the scan
SCADA and other ICS
Testing your assumptions
Reports and Risk
Understanding risk ratings eg, CVSS/2/3
Confirmation of risks
Types of reports and determining if they are right for your business
What is a vulnerability and why do they exist?
What is / What isn’t Vulnerability Assessment?
Why is asset discovery and classification important?
Deploy real-world Vulnerability Management tools
Install and configure the products
Interact with the UI’s of each product
Configure vulnerability scanners to identify weaknesses
Analyse and understand the results of vulnerability scans
How to determine false positives
Implement Operational processes which improve scores, including:
Regular configuration reviews
Regular upgrades and updates
When will automated tools let you down
Additionally, you will learn the way that penetration testers review report findings and how not all highs, mediums or lows are created equal.
You will use the tools in the private Test-lab, designed specifically for penetration testing and training, and thus providing an abundance of issues and multiple false positives.
*Cyber Prep Academy uses the Tenable suite of vulnerability management tools for this short course, including Tenable.io, Security Center and Nessus Pro products.
What is included
2 days of practical hands-on training with a seasoned penetration tester
Training computer equipment will be provided
Tea/coffee during breaks along with a light catered lunch
Cyber Prep Academy reserves the right to cancel or re-schedule the offered session. In the event of cancellation or rescheduling, a full refund of course fees will be processed within 10 business days of cancellation or rescheduling notice.
Price: $945 + GST