Trend Micro™ Deep Discovery Advanced Threat Detection 3.3 - DEEPDISC
WGAC-TRM-DEEPDISC

Schedule
See all events for this courseDescription
This course is designed for IT professionals who are responsible for protecting networks from any kind of network, endpoint, or cloud security threats.
The individuals who will typically benefit the most include:
Participants explore key concepts and methodologies of using a blend of Deep Discovery solutions for a more complete approach to network security. This course provides a variety of hands-on lab exercises, allowing each student to put the lesson content into action. There will be an opportunity to setup and configure various Deep Discovery solution management and administration features and test their functionality using the virtual labs.
A comprehensive look is provided on the purpose, features, and capabilities of Deep Discovery network security solutions, including recommendations on best practices and general troubleshooting steps for a successful implementation and long-term maintenance of a Deep Discovery environment.
The course also explores various deployment considerations and requirements needed to tie Deep Discovery solutions into other Trend Micro products to provide synchronized threat intelligence sharing for advanced threat detection.
Before you take this course, Trend Micro recommends that you have a working knowledge of their
products and services, as well as basic networking concepts and principles.
Experience with the following products and technologies is also necessary:
Participants are required to bring a laptop computer with a recommended screen resolution
of at least 1980 x 1080 or above, and a display size of 15” or above.
Upon completion of this course, students will be able to:
Describe the purpose, features, and capabilities of Trend Micro’s Deep Discovery advanced threat detection solutions
o Trend Micro Deep Discovery Inspector
o Trend Micro Deep Discovery Analyzer
o Trend Micro Deep Discovery Director
o Trend Micro™ Deep Discovery™ Director – Network Analytics
Product Overview
- Key requirements for Trend Micro Network Defense
- Threat classifications
- Trend Micro Network Defense solutions
- Product family
- Deep Discovery capabilities
- Deep Discovery Integration
Deep Discovery Inspector
- Deep Discovery Inspector deployment topologies
- Single connection—single Deep Discovery Inspector
- Multiple connections—single Deep Discovery Inspector
- Multiple connections—multiple Deep Discovery Inspectors
- Inter-VM traffic
- Gateway proxy servers
- Caveats for deploying Deep Discovery Inspector only at ingress/egress point
- Understanding the attack cycle
- Phases of a targeted attack
- Case study: Pawn storm spear-Phishing
- Deep discovery Threat Detection Technology Overvieuw
Configuring Deep Discovery Inspector
Analyzing Detected Threats in Deep Discovery Inspector
o Detection Severity Information
o Attack Phase Information
o Detection Type Information
o Virtual Analyzer Cache
o Virtual Analyzer Sample Processing Time
o File Submission Issues
Deep Discovery Analyzer
Deep Discovery Director
Deep Discovery Director - Network Analytics
o Accessing Deep Discovery Director – Network Analytics Settings
o Registering to Deep Discovery Inspector
o Adding a Syslog Server
o Configuring Additional Settings
o Metadata Samples
o Viewing Correlation Data (Correlated Events)
o Reviewing Correlation Data Summary
o Viewing the Correlation Data Graph
Preventing Targeted Attacks Through Connected Threat Defense
Appendices
o Deep Discovery Inspector 5.6
o Deep Discovery Analyzer 6.8
o Deep Discovery Director 5.1 SP1
o Deep Discovery Director - Network Analytics 5.0