Instrumenting the Environment to Detect Suspicious and Malicious Activity

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Instrumenting the Environment to Detect Suspicious and Malicious Activity (IR214).

Attackers are becoming more sophisticated – and efficient. The time it takes an attacker to begin moving laterally once they have a foothold in the network is 79 minutes, compared to 9 hours in 2019. Security teams require exceptional network visibility to keep pace with top-level threat actors as these breakout times shrink. Triage training and tools can help incident response teams reduce the time an attacker dwells undetected within a network, mitigating attacks before threat actors can accomplish their missions.

This 4-hour skills development cyber range training provides best practices for organizations to strengthen their detection and initial response capabilities for more effective triaging. Through case studies, presentations by expert facilitators, demonstrations, and lab exercises participants will explore the tools and techniques necessary to identify suspicious and malicious activity in an enterprise environment.