This 1-day Instructor-led security workshop provides insight into security practices to improve the security posture of an organization. The workshop examines the concept of Red team – Blue team security professionals, where one group of security pros--the red team--attacks some part or parts of a company’s security infrastructure, and an opposing group--the blue team--defends against the attack. Both teams work to strengthen a company’s defenses. Since the goal of the two teams is to help the business attain a higher level of security, the security industry is calling this function, the Purple team.
This workshop is part of a larger series of Workshops offered by Microsoft on the practice of Security. While it is not required that you have completed any of the other courses in the Security Workshop series before taking this workshop, it is highly recommended that you start with this workshop in the series, Microsoft Security Workshop: Enterprise Security Fundamentals.
Who should attend
This 1-day workshop is intended for IT Professionals that require a deeper understanding of Windows Security that wish to increase their knowledge level. This course also provides background in cyber-security prior to taking the other security courses in this track.
In addition to their professional experience, students who take this training should already have the following technical knowledge:
- The current cyber-security ecosystem
- Analysis of hacks on computers and networks
- Basic Risk Management
After completing this course, students will be able to:
- Describe the current cybersecurity landscape
- Describe the assume compromise philosophy
- Identify factors that contribute to the cost of a breach
- Distinguish between responsibilities of red teams and blue teams
- Identify typical objectives of cyber attackers
- Describe a kill chain carried out by read teams
- Describe the role, goals, and kill chain activities of the blue team in red team exercises
- Describe the ways limiting how an attacker can compromise unprivileged accounts.
- Describe the methods used to restrict lateral movement.
- Describe how telemetry monitoring is used to detect attacks.
- Explain the concept of Confidentiality, Integrity, and Availability (CIA) triad.
- Describe the primary activities that should be included in organization preparations
- Identify the main principles of developing and maintaining policies.
Follow On Courses
- Microsoft Security Workshop: Managing Identity (40552)
- Microsoft Security Workshop: Planning for a Secure Enterprise - Improving Detection (40553)
- Microsoft Security Workshop: Implementing Windows 10 Security Features (40554)
- Microsoft Security Workshop: Implementing PowerShell Security Best Practices (40555)
- Understanding the cyber-security landscape
- Red Team: Penetration, Lateral Movement, Escalation, and Exfiltration
- Blue Team Detection, Investigation, Response, and Mitigation
- Organizational Preparations