New Cisco CCNA Cyber Ops : Are You Ready for Security Analysis ?
In the intensely competitive environment, startups and agile firms are overturning incumbents with digital business models, products, and services. In the 'Digital Era', we are observing the exponential growth in the data over internet. Simultaneously, organizations are facing mounting challenges from cybercrime, cyber-espionage, insider threats, and advanced persistent threats (APT).
As per the Verizon 2015 Data Breach Investigation Report (DBIR), 60 percent of businesses being breached happened within minutes or less and half of these incidents took anywhere from months to even years before being uncovered. We safely can derive inference that breaches tend to happen very quickly and on average take a long time to be detected by the targeted organization. These organizations can be divide into two types: 1) those who have been hacked, and 2) those who don’t yet know that they have been hacked.
Even after the tremendous efforts by the IT security vendors, the below questions still exist:
- Aren’t governments and big businesses investing significant amounts of money already into developing countermeasures to cyberattacks?
- Why are existing security products unable to stop these threats?
Attackers & Defenders have both become highly sophisticated.
Just like IT security solution providers, attackers also have labs for researching products. Hackers test various exploits against the new product until one succeeds, and then either sell the exploit on underground markets, weaponize it for less-skilled attackers, or use it for some other malicious purpose.
Anxiety Is Growing on Boards and in the C-Suite
Most C-suite leaders are still thinking about 'stopping threats' when they could be thinking about the tangible growth that 'cybersecurity excellence' makes possible. Cybersecurity weakness is a “silent disease” that impedes firms’ ability to innovate at precisely the time they can least afford it—when they are being drawn into the Digital Vortex, where digitization, disruption, and exponential changes are the “new normal.” Many companies suffer from this malady, but few are aware that they have it. Left unattended, cybersecurity weakness can be fatal in the Digital Vortex.
Below-par cybersecurity leaves companies in the worst possible competitive position: not innovating fast enough to compete, yet not safe enough from cyberattack despite delaying digital innovations.
In Search of Cybersecurity Excellence
Firms that turn cybersecurity excellence into true competitive advantage can innovate faster and more fully pursue the sort of digital transformation that allows them to respond nimbly to rapidly changing markets. This agility makes them more effective and drives enhanced financial performance.
Cybersecurity excellence also gives firms the opportunity to differentiate their brands by conveying a strong perception of customer trust and this is one of the many reasons organizations develop a Security Operation Center (SOC). They are establishing SOC teams of security professionals who can secure information systems through effective monitoring, detecting, investigating, analyzing, and responding to security events, thus protecting systems from cybersecurity risks, threats, and vulnerabilities.
NOTE: Cybersecurity operations jobs are also among the fastest-growing roles in IT, as organizations set up security operations centers (SOCs), and establish teams to monitor and respond to security incidents. Security is a fundamental requirement for all SOC environments. There are many ways to build in security to a network environment, and it should be a continuous process. One popular saying within Cisco Systems that describes this concept is this: Security is a journey, not a destination.
Cisco is introducing a new $ 10 Million Global Cybersecurity Scholarship program and enhancing its security certification portfolio. Cisco will invest $10 million over a two-year period, to establish a scholarship program with the specific goal of increasing the cybersecurity talent pool. Through the program, Cisco will offer training, mentoring, and certification aligned with the Security Operations Center Analyst role.
Additionally, Cisco will be working with a comprehensive variety of organizations to leverage this scholarship as a platform to spur career interest and jump-start their employees’ careers in information security. This includes diversity organizations, veterans’ groups, and early-in-career audiences. By launching this new scholarship program, Cisco is playing a significant leadership role, helping the industry meet the current and future challenges of network security. In fact, Cisco is offering a practical and valuable solution to address the global shortage of highly-trained IT security experts.
A note in 2018:
There are some great scholarship opportunities available for future information security professionals in both the US and the UK. Sam Cook of Comparitech has written a great piece of article on
While not every potential scholarship you might find is listed here, Sam Cook gives some useful advice on how to find scholarships and other free training opportunities.
Observing the demand for a newly-skilled cybersecurity professional, Cisco is introducing a new CCNA, i.e. CCNA Cyber Ops.
New CCNA Cyber Ops
The new CCNA Cyber Ops certification would prepare candidates to begin a career working with associate-level cybersecurity analysts within security operations centers offered by Cisco to its clients. They will learn how to detect and respond to security threats using the latest technology, as such jobs require the knowledge of basic cybersecurity and principles.
It assesses individuals on the skills needed to assist with monitoring IT security systems, detecting cyber-attacks, gathering and analyzing evidence, correlating information, and coordinating responses to cyber incidents.
Benefits of CCNA Cyber Ops:
- Begin a career in the rapidly growing area of cybersecurity operations at the Associate level, working in or with a Security Operations Center (SOC)
- Gain the foundational knowledge and skills to prepare for more advanced job roles in Cybersecurity Operations, working with Security Operations team
- Gain a basic understanding of how a SOC team detects and responds to security incidents, and how they protect their organization's information from modern threats
- Understand further how modern organizations are dealing with detecting and responding to cybercrime, cyberespionage, insider threats, advanced persistent threats, regulatory requirements, and other information security issues facing their organizations and their customers
- Exam 210-250 Understanding Cisco Cybersecurity Fundamentals - SECFND v1.0
- Exam 210-255 Implementing Cisco Cybersecurity Operations - SECOPS v1.0
Likely skill-set for new CCNA Cyber Ops
Since the detailed Exam Syllabus is not available for both exams as of now, we have attempted to make an intelligent guess of likely skills which might be embed in new CCNA Cyber Ops.
- Network Concepts
Identify Network Devices in a Topology, The Function of Layer 1, 2 & 3 Devices & Layer 4, Host to Host Communication using TCP/IP Internet Layer, High-Level Concepts, Introduction to Networking Concepts, LAN Switching, Cisco IP Routing Overview, etc.
- Security Concepts
Network Security Concepts and Policies, IP Network Traffic Plane Security Concepts, Basic Firewall Terminology, IDS and IPS Overview, DNS Best Practices, Network Protections, and Attack Identification, Network Security Using Cisco IOS IPS, Cisco IOS IPS, Advanced Malware Protection (AMP), Cisco Advanced Malware Protection for Endpoints, Cisco Advanced Malware Protection
Diffie Hellman Exchange, Cryptography, Deploying Cisco IOS Security with a Public-Key Infrastructure, Cisco IOS PKI Overview Understanding and Planning a PKI, Next Generation Encryption
- Host-based Security Analysis
Host systems are end-user PC, laptops, servers or mobile devices of different vendors; Understanding of basic working of Microsoft, Linux, Android, Apple, etc.; Microsoft Processes and Threads, Microsoft Services; Linux Processes and threads, service; other devices OS processes.
- Security Monitoring
Network Telemetry, Security Analytics and Forensics with NetFlow, Syslog Server etc.
- Attack Methods
Strategies to Protect Against Distributed Denial of Service (DDoS) Attacks, ARP Poisoning Attack and Mitigation Techniques, Social Engineering – the Exploit that Predates Computers, Understanding SQL Injection, Drive by Web Exploits, Cisco Phishing Overview, Network IPS Traffic Analysis Methods, Evasion Possibilities, and Anti-Evasive Countermeasures, Characterizing and Tracing Packet Floods Using Cisco Routers, Types of Attacks
- Endpoint Threat Analysis and Computer Forensics
Common Vulnerability Scoring System, Comparing NTFS and FAT file systems, Description of NTFS date and time stamps for files and folders, File Times, File system Timestamps: What Makes Them Tick?, General overview of the Linux file system, EXT4, Cisco IOS Software Integrity Assurance, The Evolution of Scoring Security Vulnerabilities, AMP
- Network Intrusion Analysis
Firepower Management Center, Wireshark, NetFlow Export Datagram Format
- Incident Response
Computer Security Incident Handling, 5 Steps to an Effective Data Incident Response Program, Health Insurance Portability and Accountability Act, Cisco Web Security and the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley (SOX) Compliance, Cisco PCI Solution for Retail 2.0 Design and Implementation, PCI SECURITY
- Data and Event Analysis
Describe 5-tuple correlation, Baseline Process
- Incident Handling
Security Vulnerability Policy, Incident Detection Phase, incident categories, Incident Severity, Incident Analysis Phase Process
Some Features To Watch Out In CCNA: Cyber Ops
Cisco Advanced Malware Prevention (AMP)
Advanced Malware Prevention can be used for network and endpoints. Network AMP is enabled on an appliance running FirePOWER services and continuously evaluates all files seen on all networks being monitored. AMP uses a multisource indication of compromise approach, leveraging both network intelligence and cloud security research, which includes sandboxing files of interest and comparing hashes of files with data from other networks.
AMP for endpoints requires a lightweight connector to be installed on host devices such as laptops and mobile tablets, providing visibility of all applications and process. Like AMP for networks, the goal is to detect malware and retrospectively identify where it came from. AMP for endpoints can also offer auto-remediation of threats seen by AMP for network and by the AMP for endpoint client. The below figure shows AMP for endpoint quarantining multiple malicious files on an Apple laptop of a user.
Next-Generation Encryption Protocols
The industry is always looking for new algorithms for encryption, authentication, digital signatures, and key exchange to meet escalating security and performance requirements. The U.S. government selected and recommended a set of cryptographic standards called 'Suite B' because it provides a complete suite of algorithms that are designed to meet future security needs. Suite B has been approved for protecting classified information at both the secret and top secret levels. Cisco participated in the development of some of these standards. The Suite B next-generation encryption (NGE) includes algorithms for authenticated encryption, digital signatures, key establishment, and cryptographic hashing.
Host-based Security Analysis
Host-based IPS and IDS technology typically complements antivirus with signature detection, along with adding some additional behavior detection capabilities. Typically, host-based security software packages offer a combination of antivirus, firewall, and IPS features as one application installed to monitor all traffic coming/leaving the system. Some common examples of vendors offering host security software packages are Symantec, Sophos, and McAfee, etc. Other examples are open-source host firewalling such as using IPTables or IPCop, both used in Linux environments. The logs generated by host device can be and should be use for host-based security analysis. With the help of Syslog server can be used, to collect the logs from the different device for monitoring purpose.
Security Monitoring Procedures
Processes and procedures under security monitoring address how commonly occurring events and incident reports should be examined, assessed, and escalated if necessary. This can include some or all of the following:
Telemetry Data: Network Flows
Every network connection attempt is transported by one or more physical or virtual network devices, presenting you with an opportunity to gain vital visibility and awareness of traffic and usage patterns.
Depending on your platform, a router (or any other flow-collection device) can support sampled/unsampled flow collection, as shown in figure respectively. In the case of sampled flow collection, to update its flow records, the router looks at every n'th packet (for example, 1 in every 128) rather than at every packet that traverses it. This behavior introduces probabilistic security threat detection, meaning some flows might be missed. In unsampled flow collection, every packet undergo the threat detection system and this provide more details which are much more valuable, and best practice is using the most current version if possible.
DoS & DDoS Attacks
DoS attacks attempt to consume all of a critical computer or network resource in order to make it unavailable for valid use. A TCP SYN Flood attack is a classic example of a DoS attack. When a DoS attempt derives from a single host of the network, it constitutes a DoS attack.
Malicious hosts can also coordinate to flood a victim with an abundance of attack packets, so that the attack takes place simultaneously from potentially thousands of sources. This type of attack is called a DDoS attack. DDoS attacks typically emanate from networks of compromised systems that are known as botnets.
Common Vulnerability Scoring System (CVSS) v3
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability, and produce a numerical score reflecting its severity, as well as a textual representation of that score. The numerical score can then be translated Into a qualitative representation (such as low, medium high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.
Endpoint Breach Detection
The security products which are found in the operating systems, are capable to stop the many attacks but these are unable to detect the advanced persistent threats (APT) e.g. modifying boot records or file polymorphism. Features for endpoint breach detection should include tactics to identify day-zeros and auto remediation, track modifications, verify files against external reputation sources, and export threats for further analysis.
Most endpoint breach-detection products include a centralized manager that should be able to export logs to the SOC centralized data-collection tool. The below figure shows the Cisco AMP for endpoint dashboards showing the capture of six Trojans on a Mac laptop running McAfee antivirus and the Cisco AMP agent.
Cisco FirePOWER Services
Cisco first introduced application layer firewall capabilities as a software option that could be installed on the second-generation ASA or ASA-X series using the internal virtualized security module space. Cisco’s application layer firewall offering is known as FirePOWER services. The below figure shows various Cisco FirePOWER-capable devices.
All modules offer the same features based on three different license options. FirePOWER license options are as follows:
- Application Visibility & Control (AVC)
- URL Filtering Subscription
- IPS Subscription
- AMP Subscription
All versions of FirePOWER, regardless of whether run on an ASA or as a dedicated physical or virtual appliance, are managed by a centralized physical or virtual manager known as FirePOWER Management Center (FMC).
The FMC can generate an e-mail, SNMP trap (SNMPv1, SNMPv2, or SNMPv3), or syslog.
Information Security Incident Response
Detecting and responding to information security incidents is at the core of security operations. The team assigned to security operations is expected to monitor the organization’s assets within scope and react to security events and incidents, including the detection and investigation of what would be considered indicators of compromise (IOC). IOCs are technical and nontechnical security compromise signals that could be detected with technology, processes, and people. For example, detecting a user accessing files from a USB memory device on an enterprise desktop machine can indicate that a policy related to restricting the use of USB memory devices has been violated and that a security control has been circumvented. Another example is detecting the IP address of an Internet botnet command-and-control server inside your network probably indicates that one or more of your systems have been compromised.
Here’s how to quickly establish an incident response program:
- Identify an incident response leader who has good knowledge of your business and who is an effective and responsible problem solver.
- Assemble and empower a team of critical stakeholders, with clearly defined roles and responsibilities.
- Draft your incident response process and establish documentation standards. The key is consistency in how you respond to incidents. There’s no need for a complicated plan. Just make sure it works for your organization’s culture.
- Connect people and tools with the needed capabilities from around your organization. Chances are, much of what you need is already in place.
- Understand the most significant capability gaps relative to your draft incident response process and build a plan to address those gaps. Start with a minimum viable process, and then enhance it over time.
“When you launch a new initiative, cybersecurity is included in your business case and project management process. You’ve got to hit all the buttons. You’ll have milestones for data security. You’ll have compliance people involved. Everyone has to sign off.”
—Former VP of Human Resources, Fortune 100 Bank
This article is written & published by Ms. Meena, Senior Manager - IT, at Luminis Consulting Services Pvt Ltd, India. She can be reached at Email: and/or Linkedin: https://www.linkedin.com/in/meena1
Abdinur Hashi Farah, Qatar
The training was really well organized and we learnt a lot in a short period, the course materials were inline and easy to practice by your own. It was little bit challenging to balance work and study within 12 days consecutively, but Meena made very comfortable and enjoyed sessions because she makes you want to come to class to learn about more and she explains the content so well and doesn’t move on until students really understand it. She was very helpful on exam preparation questions. Finally, I’m feeling comfortable and understood all the concept and preparing for exam. I recommend this class to all....
Amar Kermia, Algeria
Ingénieur Système Réseau
CCNP R&S, CCNA R&S, MCSE 2012 R2 Server Infrastructure and Cloud
The CCNA security Training is the basic knowledge for us to clarify and prepare for the CCNA to CCIE Security Certification. During the 13 days of training, we have Increased our Knowledge and we have well understood all theories part and practical part as well. We are working in ALL what we covered on the training. CCNA security is the same practice, what we find in our client Infrastructure. I was really satisfied by the Online training of Luminis, also by the trainer, Meena.
Sunday Ogali, Nigeria
IT Administrator at Chris Ejik Group of Companies
CCNP R&S, CCNA R&S
Fantastic training sessions with so much interactivity. I personally enjoyed the labs and the communication methods of the trainer. Ensuring that the whole class was carried along every step of the way, she also made sure to check if we all understood everything before proceeding. Training material was also in line with the curriculum, and I must say that this training has added more knowledge to me. The exam preparation sessions were also made very easy, thanks to the trainer. I will surely take my certification exams to validate my knowledge, and I definitely will enroll for more trainings in the future. Good job! Thumbs up!
Kgomotso KG Selebogo, South Africa
Network Engineer at EOH Network Solutions
CCNP R&S, CCNA R&S, JNCA, NSE 4, NSE3, NSE1, NSE2, ACIS - Avaya Fabric Networking Solutions, Avaya Fabric Networking Solutions Integration Exam
I feel that the training needs more practical portions to it. I also feel that the trainees need to be given the chance to do the practical’s on their own before the instructor just gives us the answer on -- how to configure. The instructor needs to articulate more. For exmaple, we only did Private VLan’s and the FirePOWER section last day during the exam-questions session. I felt that for they were important, but we just rushed through them. For someone who has worked on Palo Alto, Watchguard and Fortigate, I feel that the training I have done for the other vendors was stronger than the one I did for cisco. I was expecting a lot more from the Cisco CCNA Security training.
Thusoetsile Seetelo, South Africa
Network Engineer at Vodacom
CCNP R&S, CCNA R&S
The training was good, the trainer provided good content. The trainer gave student platform to express what they have learned. The trainer knew how to interact with students.
Ramesh Naik, Nigeria
It is my first time undergoing an online training and I have to say it was an absolutely great experience. The level of engagement the Trainer had with the student was top-notch which discouraged anyone being left behind, with active troubleshooting for every student issues in order to progress was outstanding. We had theoretical explanations for each concept, practical examples and scenarios to back them up which transformed an abstract idea into real life situations. I would say joining this training has been a life changing decision for the better as I have greatly increased my knowledge in Networking and the zeal to push and attain higher goals. It is worthy of note to mention Meena has been absolutely fantastic, and I greatly appreciate the sacrifice she has made to make this project a success. I’d be eternally grateful to Luminisindia for the opportunity to be a part of this story and I look forward to more sessions like this.
William Kisemei, Kenya
Network Communications Officer at Wells Fargo Ltd
I admit that the training was absolutely of high pedigree and full of examples, concepts and well labelled explanations. Meena has been on fore-front in making sure that every student understood the discussed topic. Her engagement with the class had been tremendous and most of the time she would like to hear from the students on their issues. The training had meet my personal threshold of being on higher level just like a physical class …I will have a good compliment to other people about changing their career path through such causes i.e. CCNA Security.
Sulaiman Abaniwonnda, Nigeria
IT Specialist, Financial Technologist,Trainer
CCNA R&S, MCSE Security, CCNSP, ITIL v3, ISO/IEC 27002, MCSA Messaging, etc
I am pleased to be part of the training. It is an opportunity that I could not take 100% benefits because of technical issues (Internet and Power). However, it was a well-prepared training with quality and summarized presentations. All the necessary materials provided were very helpful. The time for the training, though it was tiring because one have almost down as a result of the work, but I always felt happy and eager to join the session on daily basis. The timing were very right. The duration, 12 days was actually loaded with so much, though in a simple manner, but participants may need to revise the contents, video and jottings before a new session, this was not always easy to achieve. As for our formidable tutor, teacher and trainer, Meena, I am blessed to know her and part of her students. If I have future opportunity, I will love to have her as my teacher once again. A strong woman, she never tired, and always encourages the participants to be at alert. Well done, Meena. Namaste!
Prashan Kanjee, South Africa
Systems Engineer: ICT Infrastructure, Software & Server Maintenance at South Cape TVET College
CCNA R&S, Microsoft Windows Server
I would like to say that this CCNA Security course has really broaden my knowledge not only in Cisco configurations but also in terms of security. The trainer explained all the concepts in a way that made understanding those concepts easy as well as how those concepts were applied. I am grateful to the trainer for giving her time to educate me on key and important concepts of security. I will definitely be taking my CCNA Security exam in the near future. The trainer also provided me with all the resource required in order for me to better prepare myself for the upcoming exam. The training was of a high standard and I would definitely be recommending Luminis to my colleagues. Thank You Luminis for this wonderful opportunity you’s have provided me with.
Mbuso Sibeko, South Africa
Network Support Engineer at Vodacom Business South Africa
CompTia A+, Network+ and Cisco IT essentials, CCNA R&S
It’s been a very interesting journey, We learnt a lot in a short space period of time. All the theory and practical were very informative. Some days were challenging but that’s how we learn. This was a very interesting journey sadly it came to an end so soon. I wish to do more bootcamps with Meena in future. Once again, many thanks for this incredible training opportunity, please continue to change people’s lives. Thanks you, Meena, for your massive effort, for encouraging us and for your positive energy towards us. Much appreciated!
Nasir (Oyeniyi) Bello, Nigeria
IT Support Specialist at Enterprise Business Info System
CCNA R&S, PRINCE2 Project Management
I would like to use the medium to say a big thank you to LUMINIS INDIA, specially my Facilitator Meena R. For the wonderful opportunity given to participate in this CCNA SECURITY TRAINING. Thank you so much for your support and I will be glad to participate in any of your training program online with Network Career and other IT program that will help me improve my knowledge in this wonderful IT WORLD.
Oladipupo Subair, Nigeria
Network Administrator, IT Support
CompTia A+, CCNA R&S, Dell-EMC Data Science, Oracle Certified Associate
The practicals and examples were very useful. The recordings helped too. The teacher took time to re-explain in case students did not understand. And the past test questions was a good idea too. I guess the practice project was also a good idea. The whole 13 days was a good experience.
Obinna Ohajuru, Nigeria
IT & System Support Officer at RTCom Nigeria Limited
CCNA, CCNSP, Windows Server 2012 R2: Server Networking
The quality of content and way of content delivery was excellent as trainer did not withhold any information sort of that needed to be shared. I connected to the trainer as though it was a one-on-training as room was given for questions, hands-on practical section and verifying each steps done. I am more vast in CCNA Security and with more little study I would be ready to take my certification exam soon. Thanks, I really appreciate being honored to be ...tutored by Luminis Consulting Team!
Olumayowa Akinkuehinmi, Nigeria
Transmission Engineer at MainOne
6500 MSPP & Passive Optics Network O&C
The training was informative and the trainer did a good job to make sure the whole concept was understood. Meena took her time to make sure I understand whatever she is talking about with illustrations. Also the study guides and also the projects went a long way to give more insight into CCNA Security.
Peter Sunday Odejide, Nigeria
EUS / IT Officer (Huawei NE) at CWG PLC
Cisco SMB Specialization for Engineers Intel Technology Expert HP Enterprise Networking HP Service Sales
Meena is not just a blessing to Indians but the whole world, the training was well understood. Meena took the class with passion and the training was comprehensive. The practical process was well cordinated and she gives explanation when there’s need. She makes everyone feel among. The content, material were in depth. Many thanks, Meena!
Simon Selwana, South Africa
Acting IT Manager at National Library of South Africa
CCNA R&S, Certified Linux Administrator
We had a very mind blowing 13 days of CCNA Security (210-260) Online Training Bootcamp, ...was a bit clueless about few security concepts. I have learned and gained more about the following: (1) Secure Routing and Switching, (2) Cisco Firewall Technologies and Intrusion Prevention System Technologies, (3) Content and Endpoint Security. With full knowledge of above, I think it paved a way for me to easily write my CCNA security exam.
Charles Amon, South Africa
IT Manager at Redwill ICT
CCNA Cyber Ops, CCNA R&S
The training has been so helpful. Ms. Meena was so committed in doing this training. She was spending more hours and sleeping late each night. This has been an ultimate gift since it was a fantastic training. I would like to thank her and the entire team that made this happen. Technically, this training was so well laid out. The content of the training was so thorough and Ms. Meena is so skilled with the security part. She taught and demonstrated so well and answered every question informatively. Study material were provided, support was provided and everything.. that we required. I really appreciate to known her and I hope she will be available always to when I have something to ask. Much appreciated!
Xolisa Ndzishe, South Africa
Site Manager at Bronitek Technologies
CCNA R&S, Certified Fiber Optic Technician
Course was very informative and it expanded my knowledge. It gave me an opportunity to fine tune my networking skills .The good side of it is that you can plan, deploy the network and configure network security by applying the theoretical knowledge. The Instructor knew the subject very well....
Lee Wendo, Kenya
Switch Support Analyst at IPSL (Integrated Payments Services Limited)
CCNP R&S, ITIL
I found the training to be effective and informative, really opened my mind to understand the concepts better. The practical sessions made the understanding much better and gave me a hands-on feel. Going through the exam dumps gave me a feel of how the actual exam will be. The project assignment will be a good platform to practice all the knowledge learned and acquired. At the end of the process, it will make me more confident to prepare and sit for the exam.