Symantec Advanced Threat Protection 2.x: Incident Response

Symantec Advanced Threat Protection 2.x: Incident Response Course Description

Duration: 2.00 days (16 hours)

Symantec Advanced Threat Protection 2.x: Incident Response course is designed for the network, IT security, and systems administration professional in a Security Operations position. This course covers how to detect, remediate, and recover from an incident using Advanced Threat Protection.

Next Class Dates

Contact us to customize this class with your own dates, times and location. You can also call 1-888-563-8266 or chat live with a Learning Consultant.

Back to Top

Intended Audience for this Symantec Advanced Threat Protection 2.x: Incident Response Course

  • » This course is for network managers, resellers, systems administrators, client security administrators, systems professionals, and consultants who are charged with the configuration, and day-to-day management of Advanced Threat Protection and Symantec Endpoint Protection in a variety of network environments.

Back to Top

Course Prerequisites for Symantec Advanced Threat Protection 2.x: Incident Response

  • » You must have working knowledge of advanced computer terminology, including TCP/IP networking terms and Internet terms, and an administrator-level knowledge of Microsoft Windows operating systems.

Back to Top

Symantec Advanced Threat Protection 2.x: Incident Response Course Objectives

  • » Describe Advanced Threat Protection products, components, dependencies, and system hierarchy
  • » Configure Advanced Threat Protection to prepare your Symantec Endpoint Protection endpoints for responding to incidents
  • » Detect events and incidents in the ATP Manager and search for indicators of compromise (IOC)
  • » Remediate threats by isolating breached endpoints and suspicious activity
  • » Recover from an outbreak using Symantec best practices and update your Cybersecurity plan

Back to Top

Symantec Advanced Threat Protection 2.x: Incident Response Course Outline

      1. Introduction
        1. Course overview
        2. The classroom lab environment
      2. How ATP Fits Inside The Cybersecurity Framework
        1. Advanced Persistent Threat (APT) review
        2. Stages of an attack
        3. Preventative steps as defined by STAR/Security Response
        4. Cybersecurity core functions
      3. Introducing ATP
        1. Introduction
        2. Shared technologies
        3. Examining the ATP architecture and sizing guide
        4. Becoming familiar with Symantec ATP
        5. Describing views and data analysis per incident response role
      4. Configuring Global Settings and SEPM Integration
        1. Configuring Global Settings
        2. Configuring ATP:Email correlation
        3. Configuring Symantec Endpoint Protection correlation
        4. Configuring ATP and SEP detection and response
      5. Working with Events and Incidents
        1. ATP detection overview
        2. Viewing events
        3. Analyzing Incidents
        4. Analyzing the dashboard
        5. Searching for indicators of compromise (IOC)
      6. Preparing your SEP Endpoint Environment for Response
        1. Configure Host Integrity and Quarantine Firewall policies for ATP quarantine
        2. Configuring the SEP endpoints to communicate with ATP (Insight)
        3. Operational and Alert Mode
      7. Acting on Threats
        1. Isolating breached endpoints
        2. Remediating malicious files and reducing false positives
        3. Responding to threats by blacklisting suspicious addresses
        4. Examining case studies
      8. Recovering After an Incident
        1. Recovery best practices
        2. Gathering information for reporting
        3. Creating a Lessons Learned report

Back to Top

Do you have the right background for Symantec Advanced Threat Protection 2.x: Incident Response?

Skills Assessment

We ensure your success by asking all students to take a FREE Skill Assessment test. These short, instructor-written tests are an objective measure of your current skills that help us determine whether or not you will be able to meet your goals by attending this course at your current skill level. If we determine that you need additional preparation or training in order to gain the most value from this course, we will recommend cost-effective solutions that you can use to get ready for the course.

Our required skill-assessments ensure that:

  1. All students in the class are at a comparable skill level, so the class can run smoothly without beginners slowing down the class for everyone else.
  2. NetCom students enjoy one of the industry's highest success rates, and pass rates when a certification exam is involved.
  3. We stay committed to providing you real value. Again, your success is paramount; we will register you only if you have the skills to succeed.
This assessment is for your benefit and best taken without any preparation or reference materials, so your skills can be objectively measured.

Take your FREE Skill Assessment test »

Back to Top

Award winning, world-class Instructors

Our instructors are passionate at teaching and are experts in their respective fields. Our average NetCom instructor has many, many years of real-world experience and impart their priceless, valuable knowledge to our students every single day. See our world-class instructors.   See more instructors...

Back to Top

Recent Client Testimonials & Reviews

Instructor was knowledgeable and helpful.

- Andrew B.
Course(s) Taken

» Symantec Enterprise Vault 10x for Exchange: Maintain and Troubleshoot - Retired

  More testimonials »  

Back to Top