The Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202)

COURSE OUTLINE:

Description

This course will introduce students to network threat investigation and then reinforce student learning through a series of lab scenarios designed to identify relationships between the Cisco products and the stages of the attack lifecycle. This course is the second in a pair of courses covering the Cisco Integrated Threat Defense (ITD) solution.

Audience

This course is designed for technical professionals who need to know how to use a deployed Integrated Threat Defense (ITD) network solution to identify, isolate, and mitigate network threats.

The primary audience for this course includes:

  • Network analysts
  • Network investigators

Prerequisites

The knowledge and skills that a student must have before attending this course include:

  • Technical understanding of TCP/IP networking and network architecture
  • Technical understanding of security concepts and protocols
  • Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch, Cisco Firepower, and Cisco AMP for Endpoints

Learning Objectives

Upon completion of this course, you should be able to:

  • Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage
  • Detail how to locate and mitigate email malware attacks
  • Describe email phishing attacks and the steps taken to locate and mitigate them on the network
  • Identify and mitigate data exfiltration threats on the network
  • Identify malware threats on the network and mitigate those threats after investigation

Module 1: Network Threat Investigation Introduction
  • Network Attack Introduction
  • Hunting Network Threats in the Enterprise
Module 2: Investigation and Mitigation of Email Malware Threats
  • Examining Email Malware Threats
  • Investigating and Verifying Email Malware Threat Mitigation
Module 3: Investigation and Mitigation of Email Phishing Threats
  • Examining Email Phishing Attacks
  • Configuring Cisco ESA for URL and Content Filtering
  • Investigating and Verifying Email Phishing Threat Mitigation
Module 4: Investigation and Mitigation of Data Exfiltration Threats
  • Exploiting Vulnerable Network Servers
  • Investigating Data Exfiltration Threats
  • Mitigating and Verifying Data Exfiltration Threats
Module 5: Investigation and Mitigation of Malware Threats
  • Examining Endpoint Malware Protection
  • Investigating and Mitigating Endpoint Malware Threats