TRENDS delivers Symantec courses in partnership with Red Education.
Symantec Advanced Threat Prevention 3.0: Incident Response
Schedule
Start | End | Duration | Location | Details |
---|
Course Details
Symantec Advanced Threat Prevention 3.0: Incident Response
Course Code: SATPIR3.0
Duration: 2 Days
Prerequisite:
You must have a working knowledge of Symantec Endpoint Protection, Windows operating systems, endpoint and network security concepts.
Course Description:
The Symantec Advanced Threat Protection 3.0: Incident Response course is designed for the IT security professional in a Security Operations position. This class covers how to detect, investigate, remediate, and recover from an incident using Advanced Threat Protection.
Course Objectives:
By the completion of this course, you will be able to:
• Describe Advanced Threat Protection products, components, dependencies, and system hierarchy.
• Configure Advanced Threat Protection to prepare your environment for responding to incidents.
• Detect events and incidents in the ATP Manager and search for indicators of compromise (IOC).
• Remediate threats by isolating breached endpoints and blacklisting suspicious files and addresses.
• Recover from an outbreak using Symantec best practices and update your Cybersecurity plan.
Intended Audience:
This course is for anyone who is charged with the configuration, day-to-day management, and incident response using Advanced Threat Protection and Symantec Endpoint Protection in a variety of network environments.
Course Outline:
Introduction
• Course overview
• The classroom lab environment
Strengthening your Cybersecurity Framework
• Advanced Persistent Threat (APTs) review
• Stages of an Attack
• Preventative steps as defined by STAR/Security Response
• Cybersecurity core functions
Introducing Advanced Threat Protection
• Introduction • Shared technologies
• Examining the ATP architecture and sizing guide
• Becoming familiar with Symantec ATP
• Creating ATP accounts
• Describing views and data analysis per incident response role
Optimizing your ATP Environment
• Configuring Global Settings
• Configuring ATP: Email correlation
• Configuring ATP: Roaming correlation
• Configuring Symantec Endpoint Protection correlation
• Configuring ATP and SEP Detection and Response configuration
Analyzing Events and Incidents to Identify Indicators of Compromise
• ATP detection overview
• Viewing events that occur in your environment
• Analyzing Incidents
• Analyzing the dashboard
• Searching for indicators of compromise (IOC)
Preparing your Endpoint Environment for Incident Response
• Configure Host Integrity and Quarantine Firewall policies for ATP’s Isolate and Rejoin feature
• Configure the Virus and Spyware policy for High Security mode
Remediating and Isolating threats
• Isolating breached endpoints
• Remediating malicious files and reducing false positives
• Responding to threats by blacklisting suspicious addresses
• Examining case studies
Recovering After an Incident
• Recovery best practices
• Gathering information for reporting
• Creating a Lessons Learned report