Steven Mcnutt
Steven Mcnutt
  • 19
  • 25 854
XDR Primer - From Zero to..Knowing a few things
This 40-minute lecture educates on the fundamentals of security operations and then dives into why XDR is an essential SOC productivity tool. In this talk, I lay out the foundations of security operations and explain how XDR helps. we finish our journey with a dive into Cisco XDR's architecture and examine its structure.
0:00 Title
0:52 Introduction
1:30 What is a SOC
2:13 Purpose and Goal of the SOC
3:18 Services a SOC provides
4:56 SOC Organizational Structure
5:43 The SOC Manager
6:06 Security Engineers
7:04 SOC Analysts
10:16 SOC Process Flow
12:58 Incident Response Teams
14:13 Goals of an Incident Response Team
14:42 Services an IT team Provides
16:08 How is a CSIRT different from a SOC
17:20 Manor Categories of Threats
17:49 Major Categories of Security Controls
18:10 Threat to Control Mapping
18:41 Attacker Process Flow
20:00 Mitre Att&ck Framework
22:38 Defender Process Flow
23:42 PICERL Defender Framework
24:48 Common Incident Response Problems
26:42 Introduction to XDR
27:13 What is XDR?
27:39 What is the purpose of XDR
28:01 How XDR enhances SOC Productivity
28:33 XDR Components
29:00 Architecture
29:17 Integrations
29:35 Assets
31:00 Detection Sources
31:33 Detection Architecture
33:06 Attack Chains
33:47 Incidents
34:49 Risk Scoring
35:24 Response Playbooks
37:00 Worklog
37:21 Response Architecture
38:09 XDR Automation
38:45 Summary
มุมมอง: 197

วีดีโอ

Duo, AD, Microsoft 365 hybrid cloud lab in 20.
มุมมอง 29011 หลายเดือนก่อน
In this video, I do a speed run showing my duo hybrid cloud lab setup and three use cases. 00:00 Intro 00:30 Lab topology 01:42 Windows RDP 05:25 Windows offline login 07:21 Microsoft 365 13:46 Why duo desktop is awesome 14:41 SAML VPN login 19:36 The beer drinker's guide to SAML
XDR in 20
มุมมอง 714ปีที่แล้ว
Extended Detection and Response (XDR) explained and demonstrated in under 20 minutes Table of Contents: 00:29 - Hype 01:33 - Attack 03:32 - Defend 05:57 - Why Response is slow 06:48 - Taming Tool Sprawl 09:29 - XDR description 11:39 - One page explainer 12:09 - Demo 17:06 - Summary 17:25 - Near Future
Firepower Custom Security Intelligence Feeds
มุมมอง 795ปีที่แล้ว
Table of Contents: 00:00 - Intro 00:18 - Overworked Security Engineers 00:58 - Give the SOC their own Block Feed! 01:44 - Lab Setup 02:08 - Test with python http server 02:41 - Create blacklist.txt 04:09 - Create SI Feed Object in FMC 06:03 - using exmple.com as a test point 07:03 - Update the feed 07:17 - Locate the blocklist file on the Firewall 09:49 - Manually pull feed update 11:43 - Verif...
National Cybersecurity Strategy review
มุมมอง 453ปีที่แล้ว
I read the National Cybersecurity Strategy document, so you don't have to! Document located here: www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf
Firepower 3100 hardware overview
มุมมอง 4932 ปีที่แล้ว
In this Video I give a brief synopsis of the firepower 3100 appliances. Then I fire up a TLS 1.2 decrypt stress test using a Spirent CyberFlood. While that's running, I use Linux shell commands on the sensor to discover some details about the hardware in the machine. I wrap up by reviewing the TLS decryption performance test results. Chapters: 0:00 Introduction 0:12 Performance specifications 0...
Cisco Secure Client Overview and Demo
มุมมอง 9K2 ปีที่แล้ว
In this video, I give a brief overview of Secure Client, then we head to the SecureX console and take a look at Device Insights, Data Sources, Profiles, and Deployments. I extract a deployment file to examine its contents. Finally, I deploy Secure client with Secure endpoint, Umbrella, and VPN modules. Chapters: 0:00 Introduction 0:21 Overview 2:50 Device Insights Dashboard 4:44 Endpoint Detail...
3.11 FlexVPN - Flex Server w/NGE. Design, VRFs, and device enrollment
มุมมอง 7227 ปีที่แล้ว
In this kickoff installment of the flexvpn server demonstation, we review the cryptographic suite selection, the routing design, and enroll our devices with Elliptic Curve Certificates.
Densemode 3.10: IKEv2/FlexVPN Smart defaults
มุมมอง 3227 ปีที่แล้ว
In this video I demonstrate how to configurea site to site vpn using smart defaults. We also take a quick overflight of the major config blocks and inspect them.
Denmode PKI Setup: Elliptic Curve CA
มุมมอง 7597 ปีที่แล้ว
In this video we set up a two tier Elliptic Curve CA, verify the installation, and enroll a user and a router. We're buiding the whole thing in one go so buckle up! Resources associated with this video are available at www.densemode.com
Densemode PKI Setup: Windows Certificate Autoenrollment
มุมมอง 5297 ปีที่แล้ว
In this Video set set up the Active directory plumbing needed to do Certificate Autoenrollment for users and computers. Learn more at densemode.com
Densemode PKI Setup: Network Device Enrollment Service
มุมมอง 6K7 ปีที่แล้ว
In this video we configure NDES to provide in-band certficiate enrollment to our routers. Find out more at www.densemode.com
Densemode PKI setup: Web enrollment
มุมมอง 5837 ปีที่แล้ว
In this video we configure the Web enrollment service, set up a template for our routers, and issue a certificate to a router. Find out more at www.densemode.com
Densemode - Setting up the Online Responder
มุมมอง 3047 ปีที่แล้ว
Accompanying blog post at densemode.com/?p=949
Densemode PKI Setup: RSA Issuing CA
มุมมอง 4487 ปีที่แล้ว
We build on our prior video where we created an offline Root and create an enterprise issuing Certification Authority. Starting to get to the fun stuff now! Learn more about PKI and other topics at www.densemode.dom
Densemode PKI setup: - Web Server
มุมมอง 4127 ปีที่แล้ว
Densemode PKI setup: - Web Server
Densemode: PKI setup - RSA offline Root
มุมมอง 4467 ปีที่แล้ว
Densemode: PKI setup - RSA offline Root
Densemode - Firepower SSL decrypt
มุมมอง 3.3K7 ปีที่แล้ว
Densemode - Firepower SSL decrypt
Densemode - Diffie Hellman for people who suck @ math
มุมมอง 7797 ปีที่แล้ว
Densemode - Diffie Hellman for people who suck @ math

ความคิดเห็น

  • @waisudinfarzam4056
    @waisudinfarzam4056 7 หลายเดือนก่อน

    Great video, thank you Steve, you are awesome.

  • @CarpeDMVPN
    @CarpeDMVPN ปีที่แล้ว

    Awesome video!

  • @kwiatriot6190
    @kwiatriot6190 ปีที่แล้ว

    Great job and thanks for putting it out for all to learn from!

  • @MrBrooksJr87
    @MrBrooksJr87 ปีที่แล้ว

    Thanks for sharing, Steve.

  • @pimentelrobert1
    @pimentelrobert1 ปีที่แล้ว

    Great job Steve!!!

  • @SnortDefence
    @SnortDefence ปีที่แล้ว

    Steven, Looking more vlogs on FTD topics and it would be good of you add some lab testing and took to test various FTD policy

  • @maniemakes1760
    @maniemakes1760 ปีที่แล้ว

    I'm 5 years late to this videos

  • @raygomez3935
    @raygomez3935 ปีที่แล้ว

    is the network installer more beneficial for cases where we are on CSE version 8.0+ and have the Cisco Secure Client installed but need to pull the cloud management for all the other modules?

  • @raygomez3935
    @raygomez3935 ปีที่แล้ว

    hey hey now.. lets not take any shots at ASDM lol

  • @WagnerCecatoMavigno
    @WagnerCecatoMavigno 2 ปีที่แล้ว

    Hi Steven. Is there any documentation or tutorial to help migrate from AnyConnect 4.10 to Cisco securing Client using secured device insights ?

  • @TheMarrrv
    @TheMarrrv 2 ปีที่แล้ว

    Thanks for the content, Steve. I noticed you are running 7.1 but, as you mentioned, the FPGA hardware support, is only enabled as of 7.2. I know the FPGA helps with IPSec decryption. Does it also help with TLS? It would be interesting to see before and after with 7.1 vs. 7.2 software testing vis à vis the impact of that FPGA being enabled.

    • @stevenmcnutt5656
      @stevenmcnutt5656 ปีที่แล้ว

      That's a great idea, Marvin. Let me see what I can do.

  • @ivanalvarenga18
    @ivanalvarenga18 2 ปีที่แล้ว

    Hi Steven, Thank so much for uploading this video. Can I deploy Cisco Secure Client on all PCs using Cisco FMC ?

    • @stevenmcnutt5656
      @stevenmcnutt5656 2 ปีที่แล้ว

      Hi Ivan. Sort of. What I mean by that is you would use FMC to upload the files to the Firepower Threat Defense (FTD) device acting as the VPN head end. FTD delivers the bits to your client devices, config is performed through FMC.

  • @ankitkumarrajput1134
    @ankitkumarrajput1134 2 ปีที่แล้ว

    Hey Steven, Hows it going ? Do you have any detail document which explain about Windows CA Migration from 2016 to 2022, I have Windows Sub CA which singed from offline Root CA. Plan is to migrate that with different host-name and Issuer name. I do need to migrate OCSP ... I thought to Add a second subordinate server in a two-tier pki hierarchy

  • @krishnaprakashratnapalli9606
    @krishnaprakashratnapalli9606 3 ปีที่แล้ว

    Nice Demo!

  • @vanillacoke899
    @vanillacoke899 4 ปีที่แล้ว

    Good thing that I am watching the videos in reverse order. Great tutorials despite that mistake!

  • @helloworld9730
    @helloworld9730 4 ปีที่แล้ว

    The beauty of these videos is: You always put yourself in the viewer place, in order to find vague points to elaborate on. Practical explanation with best practices in the real world. Thanks for Sharing Steven.

  • @Exen88
    @Exen88 4 ปีที่แล้ว

    Love it! Good work, man!

  • @Exen88
    @Exen88 4 ปีที่แล้ว

    Awesome video! Very easy to follow. I have a question btw. I have an RSA root and I want to add an EC CA as a subordinate CA to that RSA root. Is that possible and do you have tips or tutorials for that? Thanks

  • @kool1311
    @kool1311 4 ปีที่แล้ว

    Thank

  • @jayratford6681
    @jayratford6681 4 ปีที่แล้ว

    If you don't enforce CRLs on the Branch what happens if your head-end certs get compromised?

  • @benjaminpaxson1330
    @benjaminpaxson1330 4 ปีที่แล้ว

    Thanks for making this video!

  • @najimabdelwahad4579
    @najimabdelwahad4579 5 ปีที่แล้ว

    Thanl you very much

  • @majusae
    @majusae 5 ปีที่แล้ว

    Hi. Great video. I have 2 questions. Can i use a self Signed certificate? All ssl decrypt works if my sensor is in inline modelo (i mean layer 2)

  • @SnortDefence
    @SnortDefence 5 ปีที่แล้ว

    Good one Steven... i wish, we would have many more series coming from you on security stuff

  • @lugourtech
    @lugourtech 5 ปีที่แล้ว

    Can you use a wildcard cert

  • @deepakrawat6240
    @deepakrawat6240 5 ปีที่แล้ว

    Gr8 learning .Thank you..

  • @RogueDire
    @RogueDire 5 ปีที่แล้ว

    Nice video, SSL Decrypt well explained! please bring more like this on FTD, how about active authentication etc, thanks!

  • @atag512
    @atag512 6 ปีที่แล้ว

    Is it ok for internal certificates or is it recommended that we generate via a public certificate authority

  • @jameshofsisscissp6812
    @jameshofsisscissp6812 6 ปีที่แล้ว

    What kind of performance impact do you see from using the Firepower device to perform SSL decryption and inspection?