GB
/
GBP
/
EN

Shaping the future of IT skills

Maximising IT performance through learning

Symantec Advanced Threat Protection 2.x: Incident Response - ATP-IR

WGAC-SYM-ATP-IR

Broadcom Symantec

Description

Show Tabs
Introduction

The Symantec Advanced Threat Protection 2.x: Incident Response course is designed for the network, IT security, and systems administration professional in a Security Operations position. This class covers how to detect, remediate, and recover from an incident using Advanced Threat Protection.

Prerequisites & Audience

You must have working knowledge of advanced computer terminology, including TCP/IP networking terms and Internet terms, and an administrator-level knowledge of Microsoft Windows operating systems.

Course Benefits

By the completion of this course, you will be able to:

  • Describe Advanced Threat Protection products, components, dependencies, and system hierarchy.
  • Configure Advanced Threat Protection to prepare your Symantec Endpoint Protection endpoints for responding to incidents.
  • Detect events and incidents in the ATP Manager and search for indicators of compromise (IOC).
  • Remediate threats by isolating breached endpoints and suspicious activity.
  • Recover from an outbreak using Symantec best practices and update your Cybersecurity plan.
  • Course Topics

    Introduction

  • Course overview
  • The classroom lab environment
    How ATP Fits Inside The Cybersecurity Framework
    • Advanced Persistent Threat (APT) review
    • Stages of an attack
    • Preventative steps as defined by STAR/Security Response
    • Cybersecurity core functions

    Introducing ATP
    • Introduction
    • Shared technologies
    • Examining the ATP architecture and sizing guide
    • Becoming familiar with Symantec ATP
    • Describing views and data analysis per incident response role

    Configuring Global Settings and SEPM Integration
    • Configuring Global Settings
    • Configuring ATP:Email correlation
    • Configuring Symantec Endpoint Protection correlation
    • Configuring ATP and SEP detection and response
    Working with Events and Incidents
    • ATP detection overview
    • Viewing events
    • Analyzing Incidents
    • Analyzing the dashboard
    • Searching for indicators of compromise (IOC)

    Preparing your SEP Endpoint Environment for Response
    • Configure Host Integrity and Quarantine Firewall policies for ATP quarantine
    • Configuring the SEP endpoints to communicate with ATP (Insight)
    • Operational and Alert Mode
    Acting on Threats
    • Isolating breached endpoints
    • Remediating malicious files and reducing false positives
    • Responding to threats by blacklisting suspicious addresses
    • Examining case studies

    Recovering After an Incident
    • Recovery best practices
    • Gathering information for reporting
    • Creating a Lessons Learned report

  • Broadcom Symantec courses


    SSL Visibility 5.0 Administration - SSLV
    CODE: WGAC-SYM-SSLV
    Symantec Security Analytics 7.x: Professional - SSA-PROF
    CODE: WGAC-SYM-SSA-PROF
    Symantec Security Analytics 8 Administrator - SSA-ADMIN
    CODE: WGAC-SYM-SSA-ADMIN
    Symantec Messaging Gateway 10.6: Administration - SMG-ADMIN
    CODE: WGAC-SYM-SMG-ADMIN
    Symantec IT Management Suite 8.0: Administrators - SITS-ADMIN
    CODE: WGAC-SYM-SITS-ADMIN
    Symantec Deployment Solution 7.5: Administration - SDS-ADMIN
    CODE: WGAC-SYM-SDS-ADMIN
    Symantec Cyber Security Services R1 - SCSS-R1
    CODE: WGAC-SYM-SCSS-R1
    Symantec Endpoint Protection 14.x: Plan and Implement - ENDPOINT-PI
    CODE: WGAC-SYM-ENDPOINT-PI
    Symantec Endpoint Protection 14x Maintain and Troubleshoot - ENDPOINT-MT
    CODE: WGAC-SYM-ENDPOINT-MT
    Symantec Endpoint Protection 14.x: Manage and Administer - ENDPOINT-MA
    CODE: WGAC-SYM-ENDPOINT-MA
    Symantec Endpoint Protection 14.x: Configure and Protect - ENDPOINT-CP
    CODE: WGAC-SYM-ENDPOINT-CP
    Symantec Encryption Management Server 3.3 and Desktop 10.3: Administration - EMSD-ADMIN
    CODE: WGAC-SYM-EMSD-ADMIN
    Symantec Data Loss Prevention 15.x: Administration - DLP
    CODE: WGAC-SYM-DLP
    Symantec Data Center Security: Server Advanced 6.7 Administration - DCSSA-ADMIN
    CODE: WGAC-SYM-DCSSA-ADMIN
    Symantec Client Management Suite 7.6: Implementation - CMS-IMPL
    CODE: WGAC-SYM-CMS-IMPL
    Symantec Client Management Suite 7.6: Administration - CMS-ADMIN
    CODE: WGAC-SYM-CMS-ADMIN
    Symantec Cloud SOC R1 - CLD-SOC-R1
    CODE: WGAC-SYM-CLD-SOC-R1
    Symantec Control Compliance Suite Vulnerability Manager 12.x Foundations - CCSVM-FOUNDATION
    CODE: WGAC-SYM-CCSVM-FOUNDATION
    Symantec Control Compliance Suite CCS 11.0 Module Course - CCS-MODUL
    CODE: WGAC-SYM-CCS-MODUL
    Symantec Control Compliance Suite 11.0: Administration - CCS-ADMIN
    CODE: WGAC-SYM-CCS-ADMIN
    Symantec Content Analysis 2.x: Administration - CAS
    CODE: WGAC-SYM-CAS
    Symantec Advanced Threat Protection 2.x: Incident Response - ATP-IR
    CODE: WGAC-SYM-ATP-IR
    ProxySG 7.3 Administration with Secure Web Gateway
    CODE: WGAC-BRO-PROXYADM
    ProxySG 6.7 Diagnostics and Troubleshooting
    CODE: WGAC-BRO-PROXYDT
    We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.