Symantec Advanced Threat Protection 2.x: Incident Response
Offizielle Schulung von Symantec. Trainer: Ulf Spangenberg, niwis consulting gmbh.
This course is for network managers, resellers, systems administrators, client security administrators, systems professionals, and consultants who are charged with the installation, configuration, and day-to-day management of Symantec Advance Threat Protection in a variety of network environments, and who are responsible for troubleshooting and tuning the performance of this product in the enterprise environment. This class covers how to detect, remediate, and recover from an incident using Advanced Threat Protection.
Voraussetzungen
You must have attended Symantec Endpoint Protection 12.1: Administration (SEP) course or have equivalent experience.
Kursziele
By the completion of this course, you will be able to:
- Describe Advanced Threat Protection products, components, dependencies, and system hierarchy.
- Configure Advanced Threat Protection to prepare your Symantec Endpoint Protection endpoints for responding to incidents.
- Detect even and incidents in the ATP Manager and search for indicators of compromise (IOC).
- Remediate threats by isolating breached endpoints and suspicious activity.
- Recover from an outbreak using Symantec best practices and update your Cybersecurity plan.
Kursinhalt
Introduction
- Course overview
- The classroom lab Environment
How ATP Fits Inside The Cybersecurity Framework
- Advanced Persistent Threat (APT) Review
- Stages of an attack
- Preventative steps as defined by STAR/Security Response
- Cybersecurity core functions
Introducing ATP
- Introduction
- Shared Technologies
- Examining the ATP architecture and sizing guide
- Becoming familiar with Symantec ATP
- Describing views and data analysis per incident Response role
Configuring Global Settings and SEPM Integration
- Configuring Global Settings
- Configuring ATP:Email correlation
- Configuring Symantec Endpoint Protection correlation
- Configuring ATP and SEP detection and response
Working with Events and Incidents
- ATP detection overview
- Viewing events
- Analyzing Incidents
- Analyzing the dashboard
- Searching for indicators of compromise (IOC)
Preparing your SEP Endpoint Environment for Response
- Configure Host Integrity and Quarantine Firewall policies for ATP quarantine
- Configuring the SEP endpoints to communicate with ATP (Insight)
- Operational and Alert Mode
Acting on Threats
- Isolating breached endpoints
- Remediating malicious files and reducing false positives
- Responding to threats by blacklisting suspicious addresses
- Examining case studies
Recovering After an Incident
- Recovery best practices
- Gathering information for reporting
- Creating a Lessons Learned Report
Termine:
- auf Anfrage
Ihre Fragen und Anmerkungen sind jederzeit willkommen.
