Back to All Events

A Practical Hands-on Guide to Vulnerability Management


  • Cyber Prep Academy 4/19 Great South Road Epsom New Zealand (map)

The cybersecurity threat landscape is in a constant state of change and the number of cyber-attacks continue to increase as adversaries find new ways to access and compromise applications, corporate networks and systems. Vulnerability management is a process that all New Zealand organisations need to address, however many don’t have the knowledge and practical experience to implement a vulnerability management programme.

Vulnerability Management is a set of extremely powerful and effective technical, operational and business processes, and tools that deliver tangible improvements to an organisation’s security posture.

Whilst often overlooked or under-utilised, the proper implementation of these processes and tools add a significant extra barrier to those attempting to compromise your environment.

Vulnerability management fits well in both waterfall and agile development product delivery methodologies and enables both Operations or DevSecOps to regularly audit, patch or reconfigure out the most common vulnerabilities.

Presented by a seasoned penetration tester, this short training course delivers a practical guide for Vulnerability Management. This is very much hands-on training where you will be using a private lab and the Tenable* suite of vulnerability management tools to learn about how to minimize your organisation’s exposure to security breaches.

Level: Intermediate

Who is it for?

This course is designed for:

  • Entry level through to seasoned IT Security Professionals

  • Security Engineers

  • Security Analysts

  • Security Architects

  • IT Professionals

  • IT Administrators

Whether you work in an organisation looking to build, deploy or manage a vulnerability management solution or are a IT / security professional looking to get hands on experience in vulnerability management, this Practical Hands-on Guide to Vulnerability Management short course is for you.

Participants should have a general understanding of IT Security and understand the basic concepts of vulnerability management.

Course outline:

Fundamentals

  • The premise behind the use of vulnerability assessment tools and processes

  • Assets and Devices

  • Network Installation locations and good practice

  • Protecting the scanners and data they produce

  • Separation of duties

Installation

  • Planning and deploying a single scanner

  • Planning and deploying multiple scanners

  • Single control panel vs multiple – Benefits of both

Functional Testing

  • Firewalls and OS identification

  • Known host profiles and expected results

Running a scan

  • Planning the scan

  • Printers

  • SCADA and other ICS

  • Testing your assumptions

Reports and Risk

  • Understanding risk ratings eg, CVSS/2/3

  • Confirmation of risks

  • False positives

  • False negatives

  • Types of reports and determining if they are right for your business

Learning outcomes:

  • What is a vulnerability and why do they exist?

  • What is / What isn’t Vulnerability Assessment?

  • Why is asset discovery and classification important?

  • Prioritising vulnerabilities

  • Deploy real-world Vulnerability Management tools

    • Install and configure the products

    • Interact with the UI’s of each product

    • Configure vulnerability scanners to identify weaknesses

    • Analyse and understand the results of vulnerability scans

    • Generate reports

    • Interpret findings

    • How to determine false positives

    • Implement Operational processes which improve scores, including:

      • Patching

      • Regular configuration reviews

      • Regular upgrades and updates

      • When will automated tools let you down

Additionally, you will learn the way that penetration testers review report findings and how not all highs, mediums or lows are created equal.

You will use the tools in the private Test-lab, designed specifically for penetration testing and training, and thus providing an abundance of issues and multiple false positives.

*Cyber Prep Academy uses the Tenable suite of vulnerability management tools for this short course, including Tenable.io, Security Center and Nessus Pro products.

What is included

  • 2 days of practical hands-on training with a seasoned penetration tester

  • Training computer equipment will be provided

  • Tea/coffee during breaks along with a light catered lunch

Cyber Prep Academy reserves the right to cancel or re-schedule the offered session. In the event of cancellation or rescheduling, a full refund of course fees will be processed within 10 business days of cancellation or rescheduling notice.

Price: $945 + GST

Register Now

Name *
Name
Phone *
Phone