Active Cyber Defense
CYBV 400 will provide students with an introduction to the policies, techniques and operational capabilities and limitations of implementing an Active Cyber Defense program. A broad survey of development of defensible network architectures; integration of passive defensive technologies; consumption and production of Cyber Threat Intelligence (CTI) products; implementation of Network Security Monitoring (NSM) and Hunt Teaming (HT) operations; employment of Incident Response (IR) plans; and Threat and Environment Manipulation techniques (TEM) will be presented, and students will use hands-on labs to practice and implement active defense methodologies. CYBV 400 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for Cyber Defenses.
The student will:
- Describe the technologies and methods utilized to actively defend systems and networks.
- Describe, evaluate, and operated a defensive network architecture employing multiple layers of protection using technologies appropriate to meet mission security goals.
- Explain how to consume and create Cyber Threat Intelligence (CTI) within an Active Cyber Defense program.
- Describe and demonstrate how to conduct Network Security Monitoring (NSM) and Hunt Team operations.
- Demonstrate and explain the preparation, identification, containment, eradication, recovery and lessons learned incident response cycle.
- Identify and explain how environment and threat manipulation techniques can mitigate security vulnerabilities.
The student will:
- Implement Defense in Depth methodologies
- Implement secure network infrastructure design
- Identify and generate CTI
- Participate in threat hunting activity
- Participate in Incident Response activity and identify CTI
- Use CTI to create IDS signatures