Description

The Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) is a 3-day lab-intensive virtual instructor-led course that introduces learners to the powerful features of Cisco Advanced Malware Protection (AMP) for Endpoints software. Day one of this class covers modern threats, vulnerabilities, and Cisco AMP technologies. Days two and three detail the Cisco AMP for Endpoints product architecture and how it can be used to protect against malware.
Learners learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. Learners also analyze malware detections using powerful tools available in the Cisco AMP for Endpoints console.
This course combines lecture materials and hands-on labs throughout to make sure that learners are able to successfully deploy and manage deployment of a Cisco AMP for Endpoints.

Objectives

Upon completing this course, the learner will be able to meet these overall objectives:
  • Describe malware terminology and recognize malware categories
  • Describe the architecture and individual security features of Microsoft Windows, Apple Mac, and Linux operating systems and the concept of vulnerabilities
  • Describe the components and behavior of exploit kits and botnets
  • Describe modern attack vectors and trends
  • Recognize the key components and methodologies of Cisco AMP
  • Recognize the key features and concepts of the Cisco AMP for Endpoints product
  • Navigate the Cisco AMP for Endpoints console interface and perform first-use setup tasks
  • Configure and customize Cisco AMP for Endpoints to perform malware detection
  • Create and configure a policy for Cisco AMP-protected endpoints
  • Plan, deploy, and troubleshoot a Cisco AMP for Endpoints installation
  • Analyze files and events by using the Cisco AMP for Endpoints console and be able to produce threat reports
  • Use the Cisco AMP for Endpoints tools to analyze a malware attack
  • Describe all features of the Accounts menu for both public and private cloud installations

Outline

The course contains these components:
  • Modern Malware
  • Operating Systems and Vulnerabilities
  • Exploit Kits and Botnets
  • Attack Vectors and Trends
    • Lab: Sample Malware Behavior
  • Introduction to Cisco AMP Technologies
  • AMP for Endpoints Overview and Architecture
    • Lab: Accessing AMP for Endpoints
  • Console Interface and Navigation
  • Outbreak Control
    • Lab: Outbreak Control
  • Endpoint Policies
    • Lab: Endpoint Policies
  • Groups and Deployment
    • Lab: Groups and Deployment
  • Analysis
    • Lab: Analysis
  • Analysis Case Studies
    • Lab: Zbot Analysis
  • Accounts
    • Lab: User Accounts

Prerequisite Knowledge

The knowledge and skills that a learner should possess before attending this course are as follows:
  • TCP/IP experience including the major protocols, common services, and basic network traffic routing
  • General information security fundamentals
  • Fundamentals of how operating systems work, including operating system configuration structures, file system I/O and basic operating system usage and management