Gain an understanding of how to monitor, analyse and prevent intrusions.
This course looks at Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) and examines their suitability for different business contexts. It will also look at the nature of the evidence that can be gathered by these systems and how to maintain the provenance of the evidence.
- IDS and IPS
- Different approaches to I(D/P)S
- End and Net I(D/P)S, Endpoint Detection and Response (EDR) and IDS evasion
- Log analysis
- Security information and event management (SIEM) / Urchin tracking module (UTMs)
- Autonomic computing (AI and network)
- Self-healing systems
What will you achieve?
By the end of the course, you‘ll be able to...
- Identify a suitable I(D/P)S for a given environment
- Assess the quality of evidence given by an I(D/P)S
- Evaluate potential I(D/P)S evasion strategies and suggest alternative action and reform
Who is the course for?
This course is for MSc Cyber Security students.
Please note that the staff described in the ‘Who will you learn with?’ section below may be subject to change.