INCVDO, Cisco Cyber Vision Deployment and Operation, is a 3-day instructor-led course. Security is every enterprise’s top priority in today’s connected world and keeping enterprise architecture secure will protect business values and outcomes. Thus, a critical element to the success of any network is ensuring and maintaining security – it’s a need that is applicable to all networks and network devices, including those that power Cisco Internet of Things technologies and solutions. In an effort to simplify cybersecurity and increase device visibility within systems utilized by our IoT customers and partners, Cisco introduces Cisco Cyber Vision – a software cybersecurity solution for Operations Technology (OT). This course uses Cisco Validated Designs (CVD) to build a foundational understanding of the potential security threats impacting today's IoT Extended Enterprise and IT – OT integration using Cyber Vision. The goal of this course is to help the student understand the types of attacks, the types of targets and the tools available to protect the Industrial IoT architecture and to use Cyber Vision to keep the IoT infrastructure safe. Practical skills will be achieved using real-world scenarios and examples in a lab developed for such a purpose.
Cisco Cyber Vision provides organizations the ability to gain visibility into industrial environments including full details of what assets are on the network, how those assets are communicating, and application level understanding of operational information. As a result, Cisco Cyber Vision provides views and capabilities, including integrations, that can be leveraged by security teams, IT infrastructure teams, and operational teams to ensure system integrity and protect against cyber risks.
Features Cyber Vision 5.4
The course qualifies for 18 Cisco Continuing Education Credits (CE).
Course Objectives:
Upon completion of this course, the learner will be able to meet these overall objectives:
The primary audience for this course is as follows:
Module 1: OT Cybersecurity Fundamentals and Cisco Cyber Vision Introduction
Module 2: Cisco Cyber Vision Deployment and Implementation
Module 3: Cisco Cyber Vision Operational Management
Module 4: Cisco Cyber Vision Integration with Cisco Catalyst Center
Module 5: Cisco Cyber Vision Integration with Cisco Identity Services Engine (ISE)
Module 6: Cisco Cyber Vision Integration with Splunk (SIEM)
Lab Outline:
Labs are designed to assure learners a whole practical experience, through the following practical activities:
Discovery Lab 1: Installation of Cyber Vision Center and Global Center
Task 1: Cyber Vision Architecture Overview
Task 2: Installation of Cisco Cyber Vision
Task 3: Loading a PCAP
Task 4: Initial interaction and familiarity with Cisco Cyber Vision GUI
Discovery Lab 2: Exploring practical OT attack scenarios and their potential impacts
Task 1: Unauthorized PLC Control Command
Task 2 Unauthorized Write to PLC Variables
Discovery Lab 3: Configue Catalyst 9300 for CCV Sensor deployment
Task 1 Catalyst 9300 configuration
Discovery Lab 4: Deploy CCV Sensor on Cat9300
Task 1: Install CCV Deployment Tool
Discovery Lab 5: Configure event-forwarding from Cisco Cyber Vision to Splunk (CEF/syslog)
Task 1: Manage Cyber Vision apps in Splunk
Task 2: Generate an API token in Cyber Vision Center
Task 3: Add Account to Cisco Cyber Vision Splunk Add-On
Discovery Lab 6: Import and configure Cyber Vision dashboards and analytics views in Splunk
Task 1: Add inputs to Splunk
Task 2: Add syslog data source in Splunk
Task 3: Add syslog configuration in Cyber Vision Center
Discovery Lab 7: Organizing initial dataset using groups and network presets
Task 1: Organizing the Devices in Groups
Task 2: Organize Data by Preset Filters
Discovery Lab 8: Creating and managing security baselines, event management, and real-time alerting
Task 1: Creating and managing security baselines
Task 2: Review CCV Events
Task 3: Filter and Search in the Events
Discovery Lab 9: Performing Active Discovery and Identify Vulnerabilities
Task 1: Active Discovery
Task 2: Vulnerability Dashboard
Discovery Lab 10: System administration and practical configuration tasks: user management, licensing, RBAC
Task 1: Create an Account
Task 2: Licensing
Discovery Lab 11: Configuring advanced IDS profiles and analyzing threat data
Task 1: Anomaly Detection and IDS
Discovery Lab 12: Configure pxGrid integration between Cisco Cyber Vision and Cisco ISE
Task 1: Enable pxGrid in Cisco ISE
Task 2: Create profiling policies in Cisco ISE using the endpoint device attribute data collected from Cisco Cyber Vision
Task 3: Generate Client Certificate in Cisco ISE
Task 4: Create Client Certificate in Cisco Cyber Vision
Task 5: Import Cisco Cyber Vision's Certificate Authority into Cisco ISE and Enable Trust for Authentication
Task 6: Validate the integration in Cisco ISE and Cisco Cyber Vision
Discovery Lab 13: Cisco Catalyst Center and ISE Integration
Task 1: Integrating ISE with Catalyst Center
Task 2 Cisco Cyber Vision Sensor discovery
Discovery Lab 14: Practical scenario: detection, observation, correlation, and response to simulated OT network security events via Splunk dashboards and features
Task 1 Cyber Vision dashboards
Task 2: Detection, observation, correlation, and response to simulated OT network security events via Splunk dashboards
The knowledge and skills that the learner should have before attending this course are as follows:
