The Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 course is a 2-day instructor-led or virtual instructor-led, lab-based, hands-on course. The overall course goal is to enable students to identify, isolate, and mitigate network threats using the Cisco Integrated Threat Defense solution platforms. This course is the second in a pair of courses covering the Cisco Integrated Threat Defense solution.

This course will introduce students to network threat investigation and then reinforce student learning through a series of lab scenarios designed to identify relationships between the Cisco products and the stages of the attack lifecycle.


Upon completion of this course, you should be able to:
  • Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage
  • Detail how to locate and mitigate email malware attacks
  • Describe email phishing attacks and the steps taken to locate and mitigate them on the network
  • Identify and mitigate data exfiltration threats on the network
  • Identify malware threats on the network and mitigate those threats after investigation


The course contains these components:
  • Network Threat Investigation Introduction
    • Network Attack Introduction
    • Hunting Network Threats in the Enterprise
  • Investigation and Mitigation of Email Malware Threats
    • Examining Email Malware Threats
    • Investigating and Verifying Email Malware Threat Mitigation
  • Investigation and Mitigation of Email Phishing Threats
    • Examining Email Phishing Attacks
    • Configuring Cisco ESA for URL and Content Filtering
    • Investigating and Verifying Email Phishing Threat Mitigation
  • Investigation and Mitigation of Data Exfiltration Threats
    • Exploiting Vulnerable Network Servers
    • Investigating Data Exfiltration Threats
    • Mitigating and Verifying Data Exfiltration Threats
  • Investigation and Mitigation of Malware Threats
    • Examining Endpoint Malware Protection
    • Investigating and Mitigating Endpoint Malware Threats
Lab outline:
  • Connecting to the Lab Environment
  • Threat Scenario 1: Email Malware Attachments
  • Threat Scenario 2: Email-Based Phishing
  • Threat Scenario 3: Targeted Network Server Threats and Data Exfiltration
  • Threat Scenario 4: Endpoint Malware Investigation and Mitigation

Prerequisite Knowledge

The knowledge and skills that a student must have before attending this course are as follows:
● Technical understanding of TCP/IP networking and network architecture
● Technical understanding of security concepts and protocols
● Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch, Cisco Firepower, and Cisco AMP for Endpoints is an advantage