Description

Duration: 3 days
Version: 6.0

Continuing Education credits: 24 points

Schedule of CLC-eligible Courses: here
Price in Cisco Learning Credits (CLCs): 30
Note: Cisco may charge you VAT or Sales Tax if and where applicable.



The Protecting Against Malware Threats with Cisco AMP for Endpoints (SSFAMP) is an instructor-led or virtual instructor-led course that shows you how to deploy and use Cisco AMP for Endpoints, a next-generation endpoint security solution that prevents, detects, and responds to advanced threats. Through expert instruction and hands-on lab exercises, you will learn how to implement and use this powerful solution through a number of step-by-step attack scenarios. You’ll learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using the tools available in the AMP for Endpoints console, Cisco Threat Grid, and the Cisco Orbital Advanced Search Tool.

This training will help you:
  • learn how to deploy and manage Cisco AMP for Endpoints,
  • succeed in today’s high-demand security operations roles.

Objectives

After taking this course, you should be able to:
  • Identify the key components and methodologies of Cisco Advanced Malware Protection (AMP)
  • Recognize the key features and concepts of the AMP for Endpoints product
  • Navigate the AMP for Endpoints console interface and perform first-use setup tasks
  • Identify and use the primary analysis features of AMP for Endpoints
  • Use the AMP for Endpoints tools to analyze a compromised host
  • Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports
  • Configure and customize AMP for Endpoints to perform malware detection
  • Create and configure a policy for AMP-protected endpoints
  • Plan, deploy, and troubleshoot an AMP for Endpoints installation
  • Use Cisco Orbital to pull query data from installed AMP for Endpoints connectors

Outline

Outline:
  • Introducing to Cisco AMP Technologies
  • Introducing AMP for Endpoints Overview and Architecture
  • Navigating the Console Interface
  • Using Cisco AMP for Endpoints
  • Identifying Attacks
  • Analyzing Malware
  • Managing Outbreak Control
  • Creating Endpoint Policies
  • Working with AMP for Endpoint Groups
  • Using Orbital for Endpoint Visibility
  • Introducing AMP REST API
  • Navigating Accounts

Lab outline:
  • Amp Account Self-Registration
  • Accessing AMP for Endpoints
  • Attack Scenario
  • Analysis Tools and Reporting
  • Outbreak Control
  • Endpoint Policies
  • Groups and Deployment
  • Testing Your Configuration
  • Endpoint Visibility Using Orbital
  • REST API
  • Endpoint Isolation Using Cisco AMP API
  • User Accounts

Prerequisite Knowledge

To fully benefit from this course, you should have the following knowledge and skills:
  • Technical understanding of TCP/IP networking and network architecture
  • Technical understanding of security concepts and protocols

The recommended Cisco offering may help you meet these prerequisites:
The primary audience for this course is as follows:
  • Cisco integrators, resellers, and partners
  • Network administrators
  • Security administrators
  • Security consultants
  • Systems engineers
  • Technical support personnel