SECUR202 - Implementing an Integrated Threat Defense Solution


The Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 course shows you how to identify, isolate, and mitigate network threats using the Cisco® Integrated Threat Defense solution platform.

Through expert instruction and lab-based scenarios, you will be introduced to network threat investigation, and learn how to identify relationships between Cisco products and the stages of the attack lifecycle.

This course is the second in a pair of courses (SECUR201) covering the Cisco Integrated Threat Defense (ITD) solution.

Próximas Datas
Solicitar mais informações
Baixar PDF
Carga Horária:
16 horas
R$ 0,00
Solicitar Cotação
Formatos de Entrega

Público Alvo

This course is designed for technical professionals who need to know how to deploy a Cisco Integrated Threat Defense solution in their network environment.


After taking this course, you should be able to:
• Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage;
• Detail how to locate and mitigate email malware attacks;
• Describe email phishing attacks and the steps taken to locate and mitigate them on the network;
• Identify and mitigate data exfiltration threats on the network;
• Identify malware threats on the network and mitigate those threats after investigation.

Pré Requisitos

To fully benefit from this course, you should have the following knowledge:
• Technical understanding of TCP/IP networking and network architecture
• Technical understanding of security concepts and protocols
• Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch®, Cisco Firepower®, and Cisco Advanced Malware Protection (AMP) for Endpoints is an advantage

Conteúdo Programatico

Course Introduction
Course Outline
Course Objectives

Network Attack Introduction
Anatomy of a Network Attack
Incident Response Plan Methodology

Threat Investigation in the Enterprise
Reactive & Proactive Incident Response
Application of ITD Solution Components

Examining Email Malware Threats
Email Malware Threats
Email Malware Detection & Mitigation
Encrypted Attachments & Zero Day Malware

Investigating and Verifying Email Phishing Threat Mitigation
Email Malware Threat Investigation
Using Detailed Email Reports from Cisco ESA
Monitoring Incoming Email from Cisco ESA
Verifying Email Malware Threat Mitigation

Investigation and Mitigation of Email Phishing Threats
Examining Email Phishing Attacks
Cisco ESA Phishing Detection & Mitigation
Cisco Umbrella Phishing Detection & Mitigation

Configuring Cisco Email Security Appliance (ESA) for URL and Content Filtering
Enabling Content Control
Defining a Content Filter
Modifying the Incoming Email Policy

Investigating and Verifying Email Phishing Threat Mitigation
Investigating Email Phishing with "Umbrella Investigate"
Configuring Cisco FTD Firepower Threat Defense for URL Blacklisting
Verifying Email Phishing Threat Mitigation

Exfiltration Threats: Exploiting Vulnerable Network Servers 
Network Server Vulnerabilities
Attack Life Cycle for Network Servers

Investigating Data Exfiltration Threats
Data Hoarding & Exfiltration Primer
Monitoring Network with Stealthwatch
Investigating Data Exfiltration with Stealthwatch

Mitigating and Verifying Data Exfiltration Threats
Configure Cisco FTD to Mitigate Data Exfiltration Threats
Verifying Data Exfiltration Threat Mitigation

Examining Endpoint Malware Protection
How malware Threatens the Network
Advanced Malware Protection Components
Cisco Threat Grid
Cognitive Threat Analytics (CTA)

Investigating and Mitigating Endpoint Malware Threats
Verifying Endpoint Malware Event Mitigation
Investigating Network Malware Events
Investigating Endpoint Malware Events with Cisco AMP Console
Investigating Endpoint Malware Events with Cisco Firepower FMC

Lab outline
Lab 1: Email Malware Attachments
Lab 2: Email-Based Phishing
Lab 3: Targeted Network Server Threats and Data Exfiltration
Lab 4: Endpoint Malware Investigation and Mitigation