Dragos Training

Assessing, Hunting and Monitoring Industrial Control System Networks

Overview

Assessing, Hunting and Monitoring Industrial Control System Networks is an intensive 5-day, hands-on course that covers ICS basics and security best practices, assessing industrial environments, ICS threat hunting, and industrial network monitoring. In addition to its classroom component, this course includes many hands-on labs and activities to reinforce the concepts learned.


The training is only available for registration to Dragos customers, partners, and the asset owner and operator community as well as full time employees of government agencies with a focus on industrial defense. Course fee is $4500 non customer/$3000 customer.

Who Should Attend

  • IT and OT security professionals seeking to increase their knowledge of ICS security best practices and Dragos’ industrial security methodologies and technologies
  • IT security professionals who want to expand their knowledge of industrial environments and how securing them differs from IT environments

Facility and Instructors

  • State-of-the-art Training Center includes multiple ICS cyber ranges and individual training stations with mini control system kits that enable true hands-on learning
  • Course instructors are drawn from Dragos’ team of ICS cybersecurity experts

Prerequisites

  • A strong desire to understand how to defend industrial environments and a conceptual understanding of programming and scripting
  • A foundational understanding of the Linux command line, networking concepts, and basic security tools like Wireshark

Ben Miller
LinkedIn
Trainer

Ben leads Dragos' team of analysts in performing active defense, threat hunting, incident response, and malware analysis missions for the industrial community inside of ICS/SCADA networks. > FULL BIO

Ben Miller
LinkedIn
Trainer

Ben leads Dragos' team of analysts in performing active defense, threat hunting, incident response, and malware analysis missions for the industrial community inside of ICS/SCADA networks.

Previously the Associate Director, Electricity Information Sharing & Analysis Center (Electricity ISAC), Ben led cyber analysis for the sector. He and his team focused on leading-edge cyber activities as they relate to the North American bulk electric system. Ben has been recognized as instrumental in building new capabilities in information sharing and analytics at the E-ISAC. Prior to that, Ben built and led a team focused on Network Security Monitoring, forensics, and incident response at a Fortune 150 energy firm. His team received numerous accolades from industry and law enforcement. Ben also implemented a CIP project with various enterprise-wide mitigation programs.

Ben has over 18 years’ experience and currently holds the CISSP and GIAC GREM certifications. He served as a member of the NERC Cyber Attack Task Force, a panel member of the NBISE Advanced Defender panel, and adviser on CI Advanced Defender Training program.

Daniel Michaud-Soucy
LinkedIn
Trainer

Daniel Michaud-Soucy is a Principal Consultant, Threat Operations Center at the industrial cyber security company Dragos, Inc.. > FULL BIO

Daniel Michaud-Soucy
LinkedIn
Trainer

Daniel Michaud-Soucy is a Principal Consultant, Threat Operations Center at the industrial cyber security company Dragos, Inc.. Daniel is focusing on threat hunting and incident response services within a variety of industrial environments. Daniel previously worked for Sempra Energy on RD&D tasks revolving around machine to machine automated threat response, data aggregation, advanced threat detection and secure system interfaces for ICS/SCADA. Daniel also worked with Red Tiger Security performing cyber vulnerability assessments and penetration tests on oil & gas, electrical power, water treatment and pharmaceutical ICS/SCADA environments.

Daniel also co-authored and co-taught the Red Tiger Security "SCADA Security Advanced Training" class between 2010 and 2015 training hundreds of professionals around the world.

Course Details

Students will receive hands-on and instructor-led training incorporating real-world case studies and exercises designed to reinforce concepts learned. Students will be placed in various roles designed to give context to the learning, as well as frame hands-on activities. As security and OT personnel for Acme Water & Power (AWP), students will face scenarios including an OT engineer role, a Red Team role, and a Security Operations Center (SOC) analyst role, using real control systems and industrial data through labs and exercises. The course spans four modules over 5 days.


Course takes place at Dragos headquarters

1745 Dorsey Rd, Suite R Hanover, Maryland 21114

February 18, 2019
May 13, 2019
August 19, 2019
November 6, 2019

Module 1: Introduction to Industrial Control Systems and Networks

Students will learn about the various types of ICS environments, as well as their functions and compositions. Other topics covered will include: ICS network architectures, various types of devices, industrial programming languages such as ladder logic, and ICS communication protocols such as ModbusTCP, DNP3, and Profinet.

Module 2: Assessing the Industrial Environment

Students will act as a Red Team member and learn how to safely assess ICS environments. Four types of assessments will be covered: architecture review, vulnerability assessment, penetration testing, and red team. Students will use purpose-built red team virtual machines to assess their environments.

Module 3: Tools, Strategies and Techniques for Successful Hunting in ICS

Students will learn Dragos’ threat hunting methodologies, including: planning, hypothesis generation, collecting and analyzing data, and automating lessons learned post hunt. They will then act as threat hunters through a variety of scenarios covering industrial networks and network/host artifacts.

Module 4: ICS Monitoring and Security Operations

Students will be exposed to attacks modeled off of real-world advanced threats while acting as SOC analysts, performing continuous monitoring, investigation, case management and other SOC-related responsibilities.

Contact Us

Industrial Control Systems

info@dragos.com

Register for Class

Please provide your contact information. Dragos will follow up directly with you to then select dates and complete registration online.