Symantec Advanced Threat Protection (SATP)

Introduction

• Course overview
• The classroom lab environment

Strengthening your Cybersecurity Framework [/b]

• Advanced Persistent Threat (APTs) review
• Stages of an Attack
• Preventative steps as defined by STAR/Security Response
• Cybersecurity core functions

Introducing Advanced Threat Protection

• Introduction
• Shared technologies
• Examining the ATP architecture and sizing guide
• Becoming familiar with Symantec ATP
• Creating ATP accounts
• Describing views and data analysis per incident response role

Optimizing your ATP Environment

• Configuring Global Settings
• Configuring ATP:Email correlation
• Configuring Symantec Endpoint Protection correlation
• Configuring ATP and SEP Detection and Response configuration

Analyzing Events and Incidents to Identify Indicators of Compromise

• ATP detection overview
• Viewing events that occur in your environment
• Analyzing Incidents
• Analyzing the dashboard
• Searching for indicators of compromise (IOC)

Preparing your Endpoint Environment for Incident Response

• Configure Host Integrity and Quarantine Firewall policies for ATP’s Isolate and Rejoin feature
• Configure the Virus and Spyware policy for High Security mode

Remediating and Isolating threats

• Isolating breached endpoints
• Remediating malicious files and reducing false positives
• Responding to threats by blacklisting suspicious addresses
• Examining case studies

Recovering After an Incident

• Recovery best practices
• Gathering information for reporting
• Creating a Lessons Learned report