CYBV400

Active Cyber Defense

Course Description

CYBV 400 will provide students with an introduction to the policies, techniques and operational capabilities and limitations of implementing an Active Cyber Defense program. A broad survey of development of defensible network architectures; integration of passive defensive technologies; consumption and production of Cyber Threat Intelligence (CTI) products; implementation of Network Security Monitoring (NSM) and Hunt Teaming (HT) operations; employment of Incident Response (IR) plans; and Threat and Environment Manipulation techniques (TEM) will be presented, and students will use hands-on labs to practice and implement active defense methodologies. CYBV 400 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for Cyber Defenses.

Learning Outcomes

The student will:

• Describe the technologies and methods utilized to actively defend systems and networks.
• Describe, evaluate, and operated a defensive network architecture employing multiple layers of protection using technologies appropriate to meet mission security goals.
• Explain how to consume and create Cyber Threat Intelligence (CTI) within an Active Cyber Defense program.
• Describe and demonstrate how to conduct Network Security Monitoring (NSM) and Hunt Team operations.
• Demonstrate and explain the preparation, identification, containment, eradication, recovery and lessons learned incident response cycle.
• Identify and explain how environment and threat manipulation techniques can mitigate security vulnerabilities.

Course Objectives

The student will:

• Implement Defense in Depth methodologies
• Implement secure network infrastructure design
• Identify and generate CTI
• Participate in threat hunting activity
• Participate in Incident Response activity and identify CTI
• Use CTI to create IDS signatures