Symantec Advanced Threat Protection 2.x: Incident Response

Offizielle Schulung von Symantec. Trainer: Ulf Spangenberg, niwis consulting gmbh.

This course is for network managers, resellers, systems administrators, client security administrators, systems professionals, and consultants who are charged with the installation, configuration, and day-to-day management of Symantec Advance Threat Protection in a variety of network environments, and who are responsible for troubleshooting and tuning the performance of this product in the enterprise environment. This class covers how to detect, remediate, and recover from an incident using Advanced Threat Protection.


You must have attended Symantec Endpoint Protection 12.1: Administration (SEP) course or have equivalent experience.


By the completion of this course, you will be able to:

  • Describe Advanced Threat Protection products, components, dependencies, and system hierarchy.
  • Configure Advanced Threat Protection to prepare your Symantec Endpoint Protection endpoints for responding to incidents.
  • Detect even and incidents in the ATP Manager and search for indicators of compromise (IOC).
  • Remediate threats by isolating breached endpoints and suspicious activity.
  • Recover from an outbreak using Symantec best practices and update your Cybersecurity plan.



  • Course overview
  • The classroom lab Environment

How ATP Fits Inside The Cybersecurity Framework

  • Advanced Persistent Threat (APT) Review
  • Stages of an attack
  • Preventative steps as defined by STAR/Security Response
  • Cybersecurity core functions

Introducing ATP 

  • Introduction
  • Shared Technologies
  • Examining the ATP architecture and sizing guide
  • Becoming familiar with Symantec ATP
  • Describing views and data analysis per incident Response role

Configuring Global Settings and SEPM Integration

  • Configuring Global Settings
  • Configuring ATP:Email correlation
  • Configuring Symantec Endpoint Protection correlation
  • Configuring ATP and SEP detection and response

Working with Events and Incidents

  • ATP detection overview
  • Viewing events
  • Analyzing Incidents
  • Analyzing the dashboard
  • Searching for indicators of compromise (IOC)

Preparing your SEP Endpoint Environment for Response

  • Configure Host Integrity and Quarantine Firewall policies for ATP quarantine
  • Configuring the SEP endpoints to communicate with ATP (Insight)
  • Operational and Alert Mode

Acting on Threats

  • Isolating breached endpoints
  • Remediating malicious files and reducing false positives
  • Responding to threats by blacklisting suspicious addresses
  • Examining case studies

Recovering After an Incident

  • Recovery best practices
  • Gathering information for reporting
  • Creating a Lessons Learned Report


  • 14.-15.12 Düsseldorf
  • 18.-19.01.2018 Hamburg
  • 15.- Frankfurt

Ihre Fragen und Anmerkungen sind jederzeit willkommen.

* indicates required field






Kostenloses Forum
mit vielen Tipps & Tricks

Zum Forum


Symantec Schulungen
in 2018



Symantec AntiVirus
User Group