SSFAMP - Protecting Against Malware Threats with Cisco AMP for Endpoints

Introdução

The Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) v5.0 course shows you how to deploy and use Cisco AMP for Endpoints, a next-generation endpoint security solution that prevents, detects, and responds to advanced threats. Through expert instruction and hands-on lab exercises, you will learn how to implement and use this powerful solution through a number of step-by-step attack scenarios.

You’ll learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using the tools available in the AMP for Endpoints console.

Calendário
Próximas Datas
Data
Solicitar mais informaçõess
Baixar PDF
Carga Horária:
24 horas
Investimento:
Preço sob consulta
Solicitar Cotação
Formatos de Entrega

Público Alvo

Technical professionals who need to know how to deploy and manage Cisco AMP for Endpoints software in their network environments.

Objetivo

After taking this course, you should be able to:
• Identify the key components and methodologies of Cisco Advanced Malware Protection (AMP);
• Recognize the key features and concepts of the AMP for Endpoints product;
• Navigate the AMP for Endpoints console interface and perform first-use setup tasks;
• Identify and use the primary analysis features of AMP for Endpoints;
• Use the AMP for Endpoints tools to analyze a compromised host;
• Describe malware terminology and recognize malware categories;
• Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports;
• Use the AMP for Endpoints tools to analyze a malware attack and a ZeroAccess infection;
• Configure and customize AMP for Endpoints to perform malware detection;
• Create and configure a policy for AMP-protected endpoints Plan, deploy, and troubleshoot an AMP for Endpoints installation;
• Describe the AMP Representational State Transfer (REST) API and the fundamentals of its use;
• Describe all the features of the Accounts menu for both public and private cloud installations.

Pré Requisitos

To fully benefit from this course, you should have the following knowledge and skills:
• Technical understanding of TCP/IP networking and network architecture;
• Technical understanding of security concepts and protocols.

Conteúdo Programatico

Course Introduction
Course Overview
Course Goals

Introduction to Cisco AMP Technologies
Examining Talos
Examining the AMP Security Model
Examining the Protection Framework
Examining the Retrospection

AMP for Endpoints Overview and Architecture
Examining the AMP for Endpoints
Examining the AMP Cloud Architecture
Examining the AMP Private Cloud
Examining AMP for Endpoints Management Components

Console Interface and Navigation
Setting Up For First Use
Exploring the Dashboard
Examining the Menu System

Using AMP for Endpoints
Exploring Your Environment with AMP Console
Operating the System

Detecting an Attacker — A Scenario
Identifying an Active Attacker
Performing Further Analysis

Modern Malware
Examining Modern Malware
Examining Exploit Kits

Analysis
Analyzing Events
Examining File Analysis & Repository Features
Examining File and Device Trajectories
Examining Further Analysis Features
Reporting

Analysis Case Studies
Malware Detection Case Study
ZeroAccess Detection Example

Outbreak Control
Managing Malware Detections
Managing Indications of Compromise

Endpoint Policies
Defining Endpoint Policies

Groups & Deployments
Examining Groups
Configuring Exclusions
Preparing For a Deployment
Deploying Windows Connectors
Windows Installation & Connector Interface
Troubleshooting

AMP REST API
Examining AMP REST API
REST API Documentation & Resources
Query Response Data Structure JSON
REST API Authentication
Performing REST API Transactions
Using REST API Data in Other Applications

Accounts
User Administration
Further Account Options

Lab outline
Lab 1: Accessing AMP for Endpoints
Lab 2: Attack Scenario
Lab 3: Attack Analysis
Lab 4: Analysis Tools and Reporting
Lab 5: Zbot Analysis
Lab 6: Outbreak Control
Lab 7: Endpoint Policies
Lab 8: Groups and Deployment
Lab 9: Testing Your Policy Configuration
Lab 10: REST API
Lab 11: User Accounts