GBP

Shaping the future of IT skills

Maximising IT performance through learning

Trend Micro™ Deep Discovery Advanced Threat Detection 3.3 - DEEPDISC

WGAC-TRM-DEEPDISC

Schedule

See all events for this course

Currently there are no events for this course. Please contact us.

Description

Show Tabs

Introduction

This course is designed for IT professionals who are responsible for protecting networks from any kind of network, endpoint, or cloud security threats.

The individuals who will typically benefit the most include:

System Administrators

Network Engineers

Support Engineers

Integration Engineers

Solution and Security Architects

Participants explore key concepts and methodologies of using a blend of Deep Discovery solutions for a more complete approach to network security. This course provides a variety of hands-on lab exercises, allowing each student to put the lesson content into action. There will be an opportunity to setup and configure various Deep Discovery solution management and administration features and test their functionality using the virtual labs.

A comprehensive look is provided on the purpose, features, and capabilities of Deep Discovery network security solutions, including recommendations on best practices and general troubleshooting steps for a successful implementation and long-term maintenance of a Deep Discovery environment.

The course also explores various deployment considerations and requirements needed to tie Deep Discovery solutions into other Trend Micro products to provide synchronized threat intelligence sharing for advanced threat detection.

Prerequisites & Audience

Before you take this course, Trend Micro recommends that you have a working knowledge of their

products and services, as well as basic networking concepts and principles.

Experience with the following products and technologies is also necessary:

Windows® servers and clients

Firewalls, web application firewalls, packet inspection devices

General understanding of malware

Participants are required to bring a laptop computer with a recommended screen resolution

of at least 1980 x 1080 or above, and a display size of 15” or above.

Course Benefits

Upon completion of this course, students will be able to:

Describe the purpose, features, and capabilities of Trend Micro’s Deep Discovery advanced threat detection solutions

Configure Deep Discovery Inspector, and enable threat detection

Setup and use administrative and security management features in:

o Trend Micro Deep Discovery Inspector

o Trend Micro Deep Discovery Analyzer

o Trend Micro Deep Discovery Director

o Trend Micro™ Deep Discovery™ Director – Network Analytics

Explain how Connected Threat Defense works

Describe key features of Deep Discovery Director and how to integrate with other Deep Discovery products for centralized management and visibility

Course Topics

Product Overview

Trend Micro solutions

Trend Micro Network Defense

Key requirements for Trend Micro Network Defense
Threat classifications
Trend Micro Network Defense solutions

Trend Micro Deep Discovery

Product family
Deep Discovery capabilities
Deep Discovery Integration

Deep Discovery Inspector

Network requirements

Deep Discovery Inspector network connections

Services accessed by Deep Discovery Inspector

Deep Discovery Inspector deployment topologies
Single connection—single Deep Discovery Inspector
Multiple connections—single Deep Discovery Inspector
Multiple connections—multiple Deep Discovery Inspectors
Inter-VM traffic
Gateway proxy servers
Caveats for deploying Deep Discovery Inspector only at ingress/egress point
Understanding the attack cycle
Phases of a targeted attack
Case study: Pawn storm spear-Phishing
Deep discovery Threat Detection Technology Overvieuw

Configuring Deep Discovery Inspector

Pre-Configuration Console

Configuring Network Settings

Configuring System Settings

Performing Administration Tasks

Integrating with Syslog Servers

Deep Discovery Inspector Virtual Analyzer

Configuring Deep Discovery Inspector Detection Rules

Avoiding False Positives

Troubleshooting Deep Discovery Inspector

Checking System Performance

Analyzing Detected Threats in Deep Discovery Inspector

Using the Dashboard to View Detected Threats

Using the Detections Menu to View and Analyze Detected Threats

Obtaining Key Information for Analyzing Threat Detections

o Detection Severity Information

o Attack Phase Information

o Detection Type Information

Suspicious Objects

Viewing Hosts with Command and Control Callbacks

Virtual Analyzer Settings

o Virtual Analyzer Cache

o Virtual Analyzer Sample Processing Time

o File Submission Issues

Deep Discovery Analyzer

Key Features

Deep Discovery Analyzer Specifications

Ports Used

What is Deep Discovery Analyzer Looking For?

Deep Discovery Analyzer Sandbox

Scanning Flow

Configuring Network Settings for Deep Discovery Analyzer

Using the Deep Discovery Analyzer Web Console

Performing System Management Functions

Performing Deep Discovery Analyzer Sandbox Tasks

Product Compatibility and Integration

Submitting Samples to Deep Discovery Analyzer

Viewing Sample Submission Details

Obtaining Full Details for Analyzed Samples

Managing the Suspicious Objects List

Interpreting Results

Generating Reports

Using Alerts

Preparing and Importing a Custom Sandbox

Deep Discovery Director

Deep Discovery Director Key Features

System Requirements

Planning a Deployment

Installing Deep Discovery Director

Configuring Network Settings in the Pre-Configuration Console

Managing Deep Discovery Director

Configuring Deployment Plans

Managing Threat Detections

Cyber-Threat Intelligence Sharing

Threat Sharing Interoperability

Sharing Advanced Threats and Indicators of Compromise (IOCs) through STIX and TAXII

Using STIX and TAXII in Deep Discovery Director

Deep Discovery Director - Network Analytics

Deploying Deep Discovery Director – Network Analytics Overview

How it Works

Deploying Deep Discovery Director - Network Analytics

Managing Deep Discovery Director – Network Analytics

o Accessing Deep Discovery Director – Network Analytics Settings

o Registering to Deep Discovery Inspector

o Adding a Syslog Server

o Configuring Additional Settings

Correlation Overview

o Metadata Samples

Using Correlation Data for Threat Analysis

o Viewing Correlation Data (Correlated Events)

o Reviewing Correlation Data Summary

o Viewing the Correlation Data Graph

Viewing Correlation Data for Suspicious Objects

Threat Sharing

Preventing Targeted Attacks Through Connected Threat Defense

Connected Threat Defense Life-Cycle

Combating Targeted Attacks with Connected Threat Defense

Key Features of Connected Threat Defense

Connected Threat Defense Requirements

Connected Threat Defense Architecture

Suspicious Object List Management

Setting Up Connected Threat Defense

Suspicious Objects Handling Process

Tracking Suspicious Objects in Deep Discovery Analyzer

Suspicious Object Sharing Scenarios

Appendices

What’s new

o Deep Discovery Inspector 5.6

o Deep Discovery Analyzer 6.8

o Deep Discovery Director 5.1 SP1

o Deep Discovery Director - Network Analytics 5.0

Trend Micro Threat Connect

Trend Micro Product Integration

Deep Discovery Threat Detection Technologies

Creating Sandboxes

Installing and Configuring Deep Discovery Inspector

Trend Micro courses

Filter courses

Trend Micro™ Certified Professional Deep Security 20 - DEEPSEC

CODE: WGAC-TRM-DEEPSEC

Trend Micro™ Deep Discovery Advanced Threat Detection 3.3 - DEEPDISC

CODE: WGAC-TRM-DEEPDISC

Trend Micro™ Trend Micro Apex One - APEX

CODE: WGAC-TRM-APEX

We use cookies to understand how you use our site and to improve your experience. To learn more, click here. Read our revised Privacy Policy and Terms and Conditions.