Active Cyber Defense

Course Description

CYBV 400 will provide students with an introduction to the policies, techniques and operational capabilities and limitations of implementing an Active Cyber Defense program. A broad survey of development of defensible network architectures; integration of passive defensive technologies; consumption and production of Cyber Threat Intelligence (CTI) products; implementation of Network Security Monitoring (NSM) and Hunt Teaming (HT) operations; employment of Incident Response (IR) plans; and Threat and Environment Manipulation techniques (TEM) will be presented, and students will use hands-on labs to practice and implement active defense methodologies. CYBV 400 meets the National Security Agency (NSA) Center of Academic Excellence in Cyber Operations (CAE-CO) academic requirements for Cyber Defenses.

Learning Outcomes

The student will:

  • Describe the technologies and methods utilized to actively defend systems and networks.
  • Describe, evaluate, and operated a defensive network architecture employing multiple layers of protection using technologies appropriate to meet mission security goals.
  • Explain how to consume and create Cyber Threat Intelligence (CTI) within an Active Cyber Defense program.
  • Describe and demonstrate how to conduct Network Security Monitoring (NSM) and Hunt Team operations.
  • Demonstrate and explain the preparation, identification, containment, eradication, recovery and lessons learned incident response cycle.
  • Identify and explain how environment and threat manipulation techniques can mitigate security vulnerabilities.

Course Objectives

The student will:

  • Implement Defense in Depth methodologies
  • Implement secure network infrastructure design
  • Identify and generate CTI
  • Participate in threat hunting activity
  • Participate in Incident Response activity and identify CTI
  • Use CTI to create IDS signatures