Cisco/Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0

Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 Certification Training Course Overview

Enrol for the 2-day Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 course from Koenig Solutions accredited by Cisco. This course helps you to understand how to identify, isolate, and mitigate network threats using the Cisco® Integrated Threat Defense solution platform.

Through a blend of hands-on labs and interactive lectures, you will be introduced to network threat investigation, and learn how to identify relationships between Cisco products and the stages of the attack lifecycle. This course is the second in a pair of courses (SECUR201) covering the Cisco Integrated Threat Defense (ITD) solution.3

Target Audience:

  • Network analysts
  • Network investigators
  • Cisco integrators and partners

Learning Objectives

  • Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage
  • Detail how to locate and mitigate email malware attacks
  • Describe email phishing attacks and the steps taken to locate and mitigate them on the network
  • Identify and mitigate data exfiltration threats on the network
  • Identify malware threats on the network and mitigate those threats after investigation

Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 (16 Hours) Download Course Contents

Live Virtual Classroom 1100
Group Training
01 - 02 Nov GTR 09:00 AM - 05:00 PM CST
(8 Hours/Day)

06 - 07 Dec GTR 09:00 AM - 05:00 PM CST
(8 Hours/Day)

1-on-1 Training (GTR)
4 Hours
8 Hours
Week Days
Weekend

Start Time : At any time

12 AM
12 PM

GTR=Guaranteed to Run
Classroom Training (Available: London, Dubai, India, Sydney, Vancouver)
Duration : On Request
Fee : On Request
On Request
Special Solutions for Corporate Clients! Click here
Hire Our Trainers! Click here

Course Modules

Module 1: Detecting Intrusions with Snort 3.0
  • History of Snort
  • IDS
  • IPS
  • IDS vs. IPS
  • Examining Attack Vectors
  • Application vs. Service Recognition
Module 2: Sniffing the Network
  • Protocol Analyzers
  • Configuring Global Preferences
  • Capture and Display Filters
  • Capturing Packets
  • Decrypting Secure Sockets Layer (SSL) Encrypted Packets
Module 3: Architecting Nextgen Detection
  • Snort 3.0 Design
  • Modular Design Support
  • Plug Holes with Plugins
  • Process Packets
  • Detect Interesting Traffic with Rules
  • Output Data
Module 4: Choosing a Snort Platform
  • Provisioning and Placing Snort
  • Installing Snort on Linux
Module 5: Operating Snort 3.0
  • Topic 1: Start Snort
  • Monitor the System for Intrusion Attempts
  • Define Traffic to Monitor
  • Log Intrusion Attempts
  • Actions to Take When Snort Detects an Intrusion Attempt
  • License Snort and Subscriptions
Module 6: Examining Snort 3.0 Configuration
  • Introducing Key Features
  • Configure Sensors
  • Lua Configuration Wizard
Module 7: Managing Snort
  • Pulled Pork
  • Barnyard2
  • Elasticsearch, Logstash, and Kibana (ELK)
Module 8: Analyzing Rule Syntax and Usage
  • Anatomy of Snort Rules
  • Understand Rule Headers
  • Apply Rule Options
  • Shared Object Rules
  • Optimize Rules
  • Analyze Statistics
Module 9: Use Distributed Snort 3.0
  • Design a Distributed Snort System
  • Sensor Placement
  • Sensor Hardware Requirements
  • Necessary Software
  • Snort Configuration
  • Monitor with Snort
Module 10: Examining Lua
  • Introduction to Lua
  • Get Started with Lua
Module 11: Lab Outline
  • Capture and Analyze Packets
  • Initiate the Snort Installation
  • Complete an Installation of Snort
  • Configure and Run Snort
  • Tweak the Installation
  • Rapid Deployment with Lua
  • Integrate Snort Optimizers
  • Analyze Rule Syntax
  • Hello World Lua Style
Download Course Contents

Request More Information

Course Prerequisites
  • Technical understanding of TCP/IP networking and network architecture
  • Technical understanding of security concepts and protocols
  • Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch®, Cisco Firepower®, and Cisco Advanced Malware Protection (AMP) for Endpoints is an advantage