Course Code: SSFAMP

Back to Courses

Cisco : Protecting against Malware Threats with Cisco AMP for Endpoints v3.0


Velisa Africa is the official Global Knowledge partner in Sub-Saharan Africa. Course details : https://www.globalknowledge.co.uk/courses/cisco_advanced_services_htdls/security/ssfamp.html

This lab-intensive course introduces students to the powerful features of Cisco AMP for Endpoints software. Day one of this virtual class covers modern threats, vulnerabilities, and Cisco Advanced Malware Protection (AMP) technologies. Days two and three detail the Cisco AMP for Endpoints product architecture and how it can be used to protect against malware. You learn how to build and manage a Cisco AMP for Endpoints deployment, create policies for endpoint groups, and deploy connectors. You also analyze malware detections using powerful tools available in the AMP for Endpoints console. Lecture and hands-on labs are combined throughout to make sure that you are able to successfully deploy and manage an AMP for Endpoints deployment.

Pre-Requisites

Attendees should meet the following prerequisites:

  • TCP/IP experience including the major protocols, common services, and basic network traffic routing - ICND2 Recommended
  • General information security fundamentals - IINS Recommended
  • Fundamentals of how operating systems work, including OS configuration structures, file system I/O and basic OS usage and management

  • Module 1: Modern Malware
  • Module 2: Operating Systems and Vulnerabilities
  • Module 3: Exploit Kits and Botnets
  • Module 4: Attack Vectors and Trends
  • Module 5: Introduction to Cisco AMP Technologies
  • Module 6: AMP for Endpoints Overview and Architecture
  • Module 7: Console Interface and Navigation
  • Module 8: Outbreak Control
  • Module 9: Endpoint Policies
  • Module 10: Groups and Deployment
  • Module 11: Analysis
  • Module 12: Analysis Case Studies
  • Module 13: Accounts
  • Lab 1: Sample Malware Behavior
  • Lab 2: Accessing AMP for Endpoints
  • Lab 3: Outbreak Control
  • Lab 4: Endpoint Policies
  • Lab 5: Groups and Deployment
  • Lab 6: Analysis
  • Lab 7: Zbot Analysis
  • Lab 8: User Accounts

After completing this course you should be able to:

  • Describe malware terminology and recognize malware categories
  • Describe the architecture and individual security features of Windows, Apple Mac, and Linux operating systems and the concept of vulnerabilities
  • Describe the components and behavior of exploit kits and botnets
  • Describe modern attack vectors and trends
  • Recognize the key components and methodologies of Cisco Advanced Malware Protection
  • Recognize the key features and concepts of the AMP for Endpoints product
  • Navigate the AMP for Endpoints console interface and perform first-use setup tasks
  • Configure and customize AMP for Endpoints to perform malware detection
  • Create and configure a policy for AMP-protected endpoints
  • Plan, deploy, and troubleshoot an AMP for Endpoints installation
  • Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports
  • Use the AMP for Endpoints tools to analyze a malware attack
  • Describe all features of the Accounts menu for both public and private cloud installations

This course is designed for technical professionals who need to know how to deploy and manage Cisco AMP for Endpoints software in their network environments.

Recommended preparation for the following exams:

  • 500-275 - Securing Cisco Networks with Sourcefire FireAMP Endpoints