To offer in-house cybersecurity teams and information security (InfoSec) professionals an opportunity to expand their analytical skills in the incident response domain, cybersecurity solutions firm Kaspersky has designed a new Windows Incident Response training course.

According to the recent Kaspersky survey conducted among senior non-IT management and business owners, 73% of firms can’t handle a ransomware attack alone or with the help of regular IT service providers. The lack of skilled technical staff who can detect and respond to complex incidents, along with a lack of visibility across infrastructure and consistent management, have been the biggest challenges for businesses in dealing with complicated cyber threats.

The recent global study by Kaspersky titled “How do business executives perceive ransomware threat?” confirms that most firms (73%) will have to seek the help of external incident response providers’ in the event of a ransomware attack. This is despite the fact that 66% of respondents consider there to be a high possibility of these attacks on their organization.

9 in 10 ransomware victims will pay if attacked again — Kaspersky
YouTube, TikTok, Messenger most popular apps among Filipino kids — Kaspersky

It is also likely that companies that have never experienced a ransomware attack overestimate the skills of their regular security providers and in-house IT teams. The statistics show that organizations that have previously been exposed to such threats rely less on their existing resources.

Cyber Kill Chain

For companies looking to improve the expertise of their in-house digital forensics and incident response teams, as well as for IT security practitioners looking to upgrade relevant skills, Kaspersky has expanded its online expert training portfolio. The Windows Incident Response training was developed by experts from the company’s Global Emergency Response Team (GERT).

During the course, which is heavily focused on practical skills, Ayman Shaaban, Digital Forensics and Incident Response manager and Kai Schuricht, senior Incident Response specialist, will take students through incident detection using the example of a real-life REvil ransomware case.

APT

By the end of the course, IT security practitioners will know how to identify and respond to a cyber incidents and will be able to differentiate APTs (advanced persistent threats) from other threats, as well as study various attack techniques and targeted attack anatomy through the Cyber Kill Chain. Participants will master evidence acquisition, all phases of incident detection, log file analysis, network analysis and the creation of IoCs, and also get introduced to memory forensics.

Students will be granted access to a simulated virtual working environment with all the necessary tools, including ELK stack, PowerShell, Suricata, YARA, and more, to practice IR techniques.

The self-guided training course includes 40 video lessons and 100 hours of virtual lab time for hands-on learning. The estimated training duration is 15 hours, but participants will have six months of access to the platform to finish the training.