SEC557: Continuous Automation for Enterprise and Cloud Compliance

Provided by

About the course

SEC557 teaches professionals tasked with ensuring security and compliance how to stop being a roadblock and work at the speed of the modern enterprise. You'll learn how to measure and visualize security data using the same tools that developers and engineers are using, as well as how to extract, load, and visualize data from cloud services, on-premise systems, and security tools. The course includes PowerShell scripting, automation, time-series databases, dashboard software, and even spreadsheets to present management with the strategic information it needs and to facilitate the work of your operations staff with sound tactical data.

What You Will Learn
Using Cloud Security and DevOps Tools to Measure Security and Compliance

COURSE OVERVIEW

Agile development, DevOps, cloud technologies, and virtualization have enabled organizations to build and deploy systems at a terrifyingly fast rate. The old and cumbersome manual ways to test security and compliance can't keep up. You need to understand and use the same tools and techniques that your developers and engineers are using, and you need to be able to generate results quickly and often - without slowing down your organization.

SEC557 uses the ELVis (Extract, Load, and VISualize) technique to help you gather and present useful security and compliance information to your organization. Students will learn how to use PowerShell scripting and automated tools to gather measurements from cloud service providers, operating systems, Active Directory, security tools, web APIs, and datacenter infrastructure. For some data, you'll prepare tactical visualizations on the fly by building spreadsheets, pivot tables, and graphs using scripts. Then import your data into the Graphite time-series database for strategic analysis and reporting. You'll also build Grafana dashboards for use by management, security, compliance, and operations staff.

This Course Will Prepare You To:

  • Turn policies and management requirements into visually presented security metrics
  • Reduce the time and effort required to gather and report on security and compliance data
  • Measure security and compliance in cloud and traditional infrastructure
  • Use PowerShell scripts and command-line tools to extract relevant data from cloud services
  • Gather information from web APIs and security tools
  • Extract information about virtualization infrastructure
  • Query data from fleets of heterogenous systems
  • Monitor servers and endpoints for proper configuration
  • Work with data formats commonly used by security tools, DevOps pipelines, and cloud services
  • Build tactical visual reports for use by operations staff and management
  • Manage and load time-series databases for tracking metrics over time
  • Build strategic dashboards for security and compliance

LAB INFORMATION

SEC557 focuses very heavily on hands-on activities, with as much as 50% of your day being spent at the keyboard. Lab activities for the course include:

  • Introduction to PowerShell
  • Using .NET objects in PowerShell
  • PowerShell date/time handling
  • Working with common data input/output formats: JSON, XML, CSV, HTML, spreadsheets
  • Data acquisition from Web APIs: REST and SOAP
  • Building Excel spreadsheets, pivot tables, and graphs with code
  • Configuring the Graphite time-series database (TSDB)
  • Importing data into Graphite
  • Managing data sources and building dashboards with Grafana
  • Extracting data from the Amazon Web Services (AWS) Command Line Interface (CLI)
  • Acquiring data from AWS security tools
  • Acquiring data from VMWare infrastructure

WHAT YOU WILL RECEIVE

  • Electronic courseware and printed course books
  • Digital download package with a virtual machine

ADDITIONAL RESOURCES

Upcoming three-part webcast series: PowerShell for Audit, Compliance and Security Automation, and Visualization

Part 1: Introduction to Automation with PowerShell, January 2021
Part 2: Audit and Compliance Data Acquisition with PowerShell, January 2021
Part 3: Beyond CSVs - Visualization using PowerShell, Excel, and Grafana, January 2021


Syllabus (18 CPEs)

SEC557.1: Scripting, Data Acquisition, and Visualization Tools

SEC557.2: Acquiring and Visualizing Cloud Service Data

SEC557.3: Acquiring and Visualizing Data from OSes, Virtualization, and Containers

Prerequisites
No other courses are required prior to taking SEC557, but experience with development, operations, security, audit, InfoSec, or IT management will be helpful.

Laptop Requirements
Important! Bring your own system configured according to these instructions!

A properly configured system is required to fully participate in this course. These requirements are the mandatory minimums. If you do not carefully read and follow these instructions, you will likely leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course. We strongly urge you to start the course with a system meeting all the requirements specified for the course.

It is critical that you back-up your system before class. It is also strongly advised that you do not use a system storing any sensitive data.

System Hardware Requirements

CPU: 64-bit Intel i5/i7 2.0+ GHz processor: Your system's processor must be a 64-bit Intel i5 or i7 2.0 GHz processor or higher. Your CPU and OS must support a 64-bit guest virtual machine.

VMware provides a free tool for Windows that will detect whether or not your host supports 64-bit guest virtual machines.
Windows users can use this article to learn more about their CPU and OS capabilities.
Apple users can use this support page to learn more information about Mac 64-bit capability. Note: Apple systems using the M1 processor cannot perform the necessary virtualization at this time and cannot be used for this course.
BIOS: Enabled Intel-VT: Intel's VT (VT-x) hardware virtualization technology should be enabled in your system's BIOS or UEFI settings. You must be able to access your system's BIOS throughout the class. If your BIOS is password-protected, you must have the password.

USB: USB 3.0 Type-A port: The USB port must not be locked in hardware or software. Some newer laptops may have only the smaller Type-C ports. In this case, you will need to bring a USB Type-C to Type-A adapter.

RAM: 16 GB RAM: 16 GB RAM is required for the best experience. To verify on Windows 10, press the Windows key + "I" to open Settings, then click "System", then "About". Your RAM information will be toward the bottom of the page. To verify on a Mac, click the Apple logo at the top left-hand corner of your display and then click "About this Mac".

Hard Drive Free Space: 100 GB Free space: 100 GB of FREE space on the hard drive is critical to host the VMs and additional files we distribute. SSD drives are also highly recommended, as they allow virtual machines to run much faster than mechanical hard drives.

Operating System: Windows 10 Pro or macOS 10.12+: Your system must be running either Windows 10 Pro or macOS 10.12 or higher. Make sure your operating system is fully updated with the correct drivers and patches prior to arriving in class.

Additional Hardware Requirements

The requirements below are in addition to baseline requirements provided above. Prior to the start of class, you must install virtualization software and meet additional hardware and software requirements as described below. If you do not carefully read and follow these instructions, you will leave the class unsatisfied because you will not be able to participate in hands-on exercises that are essential to this course.

Additional Software Requirements

Microsoft Office: Install Microsoft Office 2013+ with Excel on your host: You can download Office Trial Software free for 30 days.

VMware

Credential Guard: If your host computer is running Windows, Credential Guard may interfere with the ability to run VMs. It is important that you start up VMWare prior to class and confirm that virtual machines can run. It is required that Credential Guard be turned off prior to coming to class.

System Configuration Settings

Local Admin: Have an account with local admin privileges. Some of the tools used in the course will require local admin access. This is absolutely required. If your company will not permit this access for the duration of the course, then you should make arrangements to bring a different system.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement
"When I started performing IT and security audits in the 1990s, it was reasonable to ask during an annual engagement 'What has changed since the last time I was here?' My clients could point out physical servers in the data center and tell me what functions were performed by each. We could work for weeks on a software audit without slowing down the development.

"Then came virtualization, agile development, microservices, the cloud, and DevOps. The old ways of measuring security and compliance aren't fast enough for the modern enterprise. SEC557 answers the question 'How can the (manager/auditor/security/compliance professional) possibly keep up?' It teaches you to leverage and integrate with the processes used by your developers and engineers so that you can enforce security and compliance requirements without becoming an obstacle."

Clay Risenhoover

Ways to Learn
Live Online
Live, interactive sessions with SANS instructors over the course of one or more weeks, at times convenient to students worldwide.

Who Should Attend SEC557?
IT Operations Managers
Security Managers
Risk and Compliance Auditors
Security Auditors
Security Engineers
Security Analysts
System Administrators
See prerequisites 

Related article

At GIAC, we believe that hands-on testing is the future of cybersecurity certification. With five certification exams featuring CyberLive , and thr...