Need to get some hands on experience and Certification for IPS, Firewall, SIEM

jaguaar

[FONT=&quot] I have been a systems administrator for some time and have done quite a bit of security work. I also have read up a lot on security. i have even mastered the CISSP exam. But each time i go for a cyber security interview i don't get the job because i have never seen what an IPS or IDS looks like. I have never configured a SIEM solution. I have never played with a full fledged Enterprise level IAM software like sailpoint. i have looked at many sites on internet, contacted some institutes bit no one seems to have actual physical IPS IDS Sailpoint F5 Load Balancers etc.
I would love to learn some of the configuration stuff, if possible, in good old hands on technique. The other alternative is to ey to buy find full course and practical videos (that is at least close to hands on) i can use or a resource that i can go to on the internet that would teach me from the very basics?
I am open to travel to Asia and won't mind learning it in India, Thailand or Vietnam. Or can take an online course from someone or from an institute.
Can someone please suggest any good resource for hands-on or online training for the following, preferably with certification (alternatively I can learn from someone who has real life experience)
sailpoint iiq
IPS / IDS
Palo Alto Firewall
Q radar or HP Arc sight.
please help[/FONT]

MitM

So a few suggestions...

For Palo Alto, you can check out routehub.net or this course from Udemy https://www.udemy.com/palofirewalls/learn/v4/overview

The second course covers how to use setup Palo Alto on AWS. This will allow you to get some exposure to the interface.

For F5, you can buy a lab license for like $100 from CDW. This would allow you to set up the virtual appliance on esxi

cyberguypr

Getting training for a commercial SIEM or even getting a trial version is virtually impossible if you are not a customer. Your best bet would be messing with OSSIM and then explaining how those skills transfer over to the big commercial players. OSSIM plus a few client VMs and some network logs should get you good data to play with and create some correlations.

Another free thing that would greatly benefit you is Security Onion. With that you have IDS, NSM, and a whole bunch of tools that will give you a solid grasp of network security monitoring. Extra points if you forward logs to a Splunk or ELK instance and do analysis, baselining, and visualizations.

Keep in mind that this setup and learning process will take a LOT of time. I still remember how much I cursed the first time I installed Security Onion. You wil have to spend many hours looking up things and even figuring out stuff on your own because you will not find training that will cover A through Z. Final piece of advice is to set a plan and execute it little by little. Don’t try to run before you crawl.

GirlyGirl

jaguaar wrote: »

[FONT=&amp]

HP Arc sight.
[/FONT]

I worked for Hewlett Packard Enterprise at one point in time in my life. When I worked for them only staff and (new) consultants went to the training. Matter of fact, you could go to training and be offered a consultant job afterwards. I am not sure how much things have changed. I don't keep up with it nor do I think about it. But, outsiders never attended training. They said they had slots for X month and usually the people in the Security Operations Center had priority.

I am not sure what I am talking about here but Palo Alto has free training. Is free training good training? Training is training in this instance.

636-555-3226

+1 for Security Onion. If someone interviews for a job with me and has been running Security Onion at their house for a few years that's MAJOR bonus points. Just make sure you actually put the (LOTS AND LOTS) of time into learning it. Security gets real deep real fast. I actually feel bad for older people with families to maintain who want to get into a specialized security role with no prior experience. You need to spend lots of dedicated hours learning a lot of things before you even start to drill deeper. Security Onion is a great starting point

gkca

Check this out: https://developer.ibm.com/qradar/ce/

EnderWiggin

Snort is free, download it and run it at home. Splunk has a free version, do the same with that.

jaguaar

incredible!
You guys are beyond awesomeness. I could never imagine that it will be possible to get some hands on experience on such expensive products without joining some organization as even most of the cyber security institutes are lacking very badly in having such devices. Now, thanks to the wonderful contribution to this thread I have managed to find quite a few products and the associated training videos as well.
Thanks all. Much obliged

jaguaar

Thought I might add that I also managed to find free training on Cyber Ark website.
I am looking for training videos on Sailpoint but can't seem to find any decent ones. Not sure if sailpoint offers free training, it would be a shame if they don't.

yoba222

gkca wrote: »

Check this out: https://developer.ibm.com/qradar/ce/

Thanks! Didn't know about that one. Here's my contribution:
https://www.amazon.com/Building-Virt...bs-Hands-ebook

I have a copy of this book and haven't yet built the lab it describes, though it is on my to-do list over the next several weeks. The content of the book looks solid though. It walks you through setting up a segmented network that includes DHCP & DNS, a firewall, an IPS, a SIEM, Kali, and Metasploitable 2.