The Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 course is a 2-day instructor-led or virtual instructor-led, lab-based, hands-on course. The overall course goal is to enable students to identify, isolate, and mitigate network threats using the Cisco Integrated Threat Defense solution platforms. This course is the second in a pair of courses covering the Cisco Integrated Threat Defense solution.

This course will introduce students to network threat investigation and then reinforce student learning through a series of lab scenarios designed to identify relationships between the Cisco products and the stages of the attack lifecycle.

The price in Cisco Learning Credits (CLC) for the SECUR202 course is 19 CLCs per person.

Choose date

Price chage currency
Date: from 8.4.2021 to 9.4.2021
Language: English
Location: Europe/Africa
1550 $ Book now
Date: from 12.8.2021 to 13.8.2021
Language: English
Location: Europe/Africa
1550 $ Book now


Upon completion of this course, you should be able to:
  • Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage
  • Detail how to locate and mitigate email malware attacks
  • Describe email phishing attacks and the steps taken to locate and mitigate them on the network
  • Identify and mitigate data exfiltration threats on the network
  • Identify malware threats on the network and mitigate those threats after investigation


The course contains these components:
  • Network Threat Investigation Introduction
    • Network Attack Introduction
    • Hunting Network Threats in the Enterprise
  • Investigation and Mitigation of Email Malware Threats
    • Examining Email Malware Threats
    • Investigating and Verifying Email Malware Threat Mitigation
  • Investigation and Mitigation of Email Phishing Threats
    • Examining Email Phishing Attacks
    • Configuring Cisco ESA for URL and Content Filtering
    • Investigating and Verifying Email Phishing Threat Mitigation
  • Investigation and Mitigation of Data Exfiltration Threats
    • Exploiting Vulnerable Network Servers
    • Investigating Data Exfiltration Threats
    • Mitigating and Verifying Data Exfiltration Threats
  • Investigation and Mitigation of Malware Threats
    • Examining Endpoint Malware Protection
    • Investigating and Mitigating Endpoint Malware Threats
Lab outline:
  • Connecting to the Lab Environment
  • Threat Scenario 1: Email Malware Attachments
  • Threat Scenario 2: Email-Based Phishing
  • Threat Scenario 3: Targeted Network Server Threats and Data Exfiltration
  • Threat Scenario 4: Endpoint Malware Investigation and Mitigation

Prerequisite Knowledge

The knowledge and skills that a student must have before attending this course are as follows:
● Technical understanding of TCP/IP networking and network architecture
● Technical understanding of security concepts and protocols
● Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch, Cisco Firepower, and Cisco AMP for Endpoints is an advantage