Threat Detection in an Enterprise

Name: Threat Detection in an Enterprise
Rating: 4.4 (35 reviews)

Learn about Microsoft Threat Detection concepts, tools and services (with Hands-on Lab and review questions)

Created byIT New Courses

Last updated 10/2021

English

What you'll learn

Describe signature-based and behavioral / heuristic detection methods
Name the capabilities of hybrid and cloud threat detection and mitigation tools
List the capabilities of on-premise threat detection and mitigation tools
Recognize the importance of Enterprise threat detection monitoring

Course content

7 sections • 26 lectures • 6h 19m total length

Instructor Introduction1:44
About The Course8:55
Explore threat detection across on-premises, hybrid, and cloud environments using Microsoft security tools, with a hands-on lab and final exam to train as a cybersecurity professional.
Set Up The Lab Environment19:08
Learn to set up the lab environment by installing virtualization software (VirtualBox), importing three pre-configured virtual machines, and meeting hardware prerequisites to run the threat detection hands-on lab.

An Overview of the Modern Cyber Threat Landscape46:24
Explore the modern cyber threat landscape, detailing attack phases, advanced persistent threats, and detection strategies, including pre breach and post breach approaches, the OODA loop, and evolving identity perimeter.
Integrating Pre-Breach and Post-Breach Approaches to Mitigate Cyber Threats11:04
Integrate pre-breach and post-breach strategies with detection in depth to protect, detect, and respond, leveraging EDR solutions like Microsoft Defender to raise attackers’ costs and enable rapid investigation.
Comparing Signature-Based and Behavioral Heuristics Detection Methods8:49
Compare signature-based and behavioral heuristic detection methods in enterprise threat protection, emphasizing the shift to indicators of compromise and indicators of attack powered by machine learning.
Combating Threat Persistence14:04
Forge a defense-in-depth security ecosystem that integrates security tools across users, data, apps, devices, and infrastructure to improve detection and rapid response in cloud and on-premises environments.
Section 1 Review Questions

Windows Event Forwarding and Intrusion Detection15:05
Detect intrusions by forwarding Windows events to a central collector for on-premises environments. Use event subscriptions, group policy, and winrm to forward logs to a siem for analysis.
Microsoft Advanced Threat Analytics18:46
Explore Microsoft Advanced Threat Analytics as an on premises threat detection tool, detailing gateway and lightweight gateway architecture, center management, and deterministic and behavioral analytics for detecting attacks.
Microsoft Defender for Endpoint (Microsoft Defender Advanced Threat Protection)14:52
Explore how Microsoft Defender ATP detects and responds to advanced threats via endpoint sensors, cloud analytics, and threat intelligence, and learn deployment planning and onboarding across Windows, Linux, and macOS.
Microsoft Enterprise Threat Detection10:01
Explore Microsoft enterprise threat detection, a Microsoft managed service that uses Windows built-in agents to monitor attacks and forward telemetry. Learn its architecture: error reporting and cyber threat intelligence.
Microsoft Security Risk Detection5:26
Explore how Microsoft security risk detection uses fuzzing and artificial intelligence to uncover vulnerabilities in enterprise software.
Antimalware Scan Interface (AMSI)3:11
Logging and Auditing10:27
Monitor Windows event logs and audit policies across workstations and servers, identify signs of compromise, and implement baselines and policy recommendations for secure enterprise threat detection.
Threat Detection Tools7:31
Explore the Cisco internal suite for threat detection on Windows, including System Monitor, Process Explorer, Auto Runs, Sic Check, and List Deals, plus investigating suspicious processes.
Section 2 Review Questions

Microsoft Cloud App Security and O365 Cloud App Security14:12
Discover shadow IT and protect cloud apps with Microsoft cloud app security and Office 365 cloud app security. Learn to connect apps, monitor activity, and enforce data loss prevention policies.
Microsoft Defender for O365 (former Office 365 Advanced Threat Protection)10:55
Explore Microsoft Defender for Office 365, an email protection service with safe links, safe attachments, spoof intelligence, quarantine, and anti-phishing, and learn to enable policies across Exchange Online and Teams.
Office 365 Threat Inteligence7:01
Office 365 threat intelligence provides real-time insights from the Microsoft Intelligent Security Graph to detect and remediate threats, with Threat Explorer dashboards, malware trends, and Defender ATP and SIEM integration.
Azure Advanced Threat Detection27:55
Azure advanced threat detection equips enterprises with Azure Active Directory identity protection, privileged identity management, Azure Security Center analytics, anomaly detection, and marketplace-based third-party defenses for cloud and hybrid environments.
Azure Logging and Auditing5:22
Explore azure logging and auditing to detect threats using centralized monitoring, timely alerts, and SIEM integration that connects on-premises and cloud resources.
Microsoft Enterprise Mobility + Security (EMS)7:16
Discover how Microsoft Enterprise Mobility Plus Security protects identities, data, and cloud apps with identity protection, conditional access, and cloud app security, plus advanced threat detection.
Microsoft 3655:43
Section 3 Review Questions

Layered Machine Learning defenses in Windows Defender Antivirus15:34
Learn how Windows Defender Antivirus uses layered machine learning defenses, including local models, behavior analytics, and cloud protection, with detonation-based analysis for robust enterprise threat detection.
Detecting Persistent Threats using MDE (Microsoft Defender ATP)27:21
Discover how enterprise threat detection uses Microsoft Defender ATP to detect and investigate persistent threats with machine learning, contextual signals, and techniques like cross-process injection and process hollowing.
Enterprise Threat Detection behavioral monitoring8:28
Explore enterprise threat detection through behavioral monitoring, focusing on reflective dll loading detected via memory analysis and Windows error reporting, enhanced by Defender ATP integration.
Microsoft comprehensive approach to cyber threat detection16:09
Discover Microsoft's comprehensive approach to cyber threat detection, integrating Defender ATP, Azure Security Center, and Office 365 to enable detection, disruption, and rapid incident response.
Section 4 Review Questions

Requirements

Basic experience with the current cybersecurity ecosystem
Basic analysis capabilities of hacks on computers and networks
Basic understanding of Risk Management

Description

In this course, we will examine the concepts of Threat Detection in an Enterprise using the Microsoft tools and security services for On-Premises, Hybrid and Cloud environments.

You will go through several threats and attack techniques and the tools to detect them and mitigate them as well.

After completing this course, you will be able to:

Describe signature-based and behavioral / heuristic detection methods
List the capabilities of on-premise threat detection and mitigation tools
Name the capabilities of hybrid and cloud threat detection and mitigation tools
Recognize the importance of Enterprise threat detection monitoring

This course is designed to get you started as quickly as possible. There are a variety of self-paced learning activities. You will get:

Video lectures on each topic explaining each concept thoroughly with examples (and Demonstrations where applicable)
Review questions at the end of each section (quizz) to test your knowledge on the topics learned in the section
Hands-on Lab at the end of the course in which you will practice at your own pace. You will have a step by step instruction file available to complete the Lab tasks like: installing detection tools, performing several types of cyber attacks, detecting the attacks and much more.
Final Exam at the end of the course - 42 questions to test your knowledge on the topics and concepts learned in the course
Links to official Microsoft resources/blogs/videos for further documentation.

This course is the 2nd course from a series of 9 courses which address all aspects to become a Microsoft Cyber Security Professional . This cyber security track is designed to teach you, or fill in the knowledge gaps, all the aspects and technologies to become a successful cyber security professional. The entire track addresses mostly Microsoft security technologies, including the latest cloud services made available by Microsoft like: Microsoft Defender Suite, Office 365 security features and services, Microsoft Graph, Azure Active Directory Security and many more.

Microsoft, Windows, Microsoft 365 and Microsoft Azure are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. This course is not certified, accredited, affiliated with, nor endorsed by Microsoft Corporation.

Who this course is for:

Security Administrators, Security Analysts, System Administrator
Any IIT enthusiast who wnts to get started in cyber security and be confortable with the Microsoft Security services

Threat Detection in an Enterprise

What you'll learn

Explore related topics

Course content

Introduction3 lectures • 30min

Introduction to Threat Detetction4 lectures • 1hr 20min

Detecting Threats in On-Premises Environments8 lectures • 1hr 25min

Detecting Threats in Hybrid Cloud Environments7 lectures • 1hr 18min

Analyzing Threat Detection Solutions in Action4 lectures • 1hr 8min

Hands-On Lab0

FInal Exam0

Requirements

Description

Who this course is for: