Partager cette formation
Introduction
- Introduction
• Course environment
• Lab environment
Securing Endpoints against Network-Based Attacks
- Introducing Network Threats
• Describing how Symantec Endpoint Protection protects each layer of the network stack
• Discovering the tools and methods used by attackers
• Describing the stages of an attack - Protecting against Network Attacks and Enforcing Corporate Policies using the Firewall Policy
• Preventing network attacks
• Examining Firewall Policy elements
• Evaluating built-in rules
• Creating custom firewall rules
• Enforcing corporate security policy with firewall rules
• Blocking network attacks using protection and stealth settings
• Configuring advanced firewall feature - Blocking Threats with Intrusion Prevention
• Introducing Intrusion Prevention Technologies
• Configuring the Intrusion Prevention policy
• Managing custom signatures
• Monitoring Intrusion Prevention events
Securing Endpoints against File-Based Threats
- Introducing File-Based Threats
• Describing threat types
• Discovering how attackers disguise their malicious applications
• Describing threat vectors
• Describing Advanced Persistent Threats and a typical attack scenario
• Following security best practices to reduce risks - Preventing Attacks with SEP Layered Security
• Virus and Spyware protection needs and solutions
• Describing how Symantec Endpoint Protection protects each layer of the network stack
• Examining file reputation scoring
• Describing how SEP protects against zero-day threats and threats downloaded through files and email
• Describing how endpoints are protected with the Intelligent Threat Cloud Service
• Describing how the emulator executes a file in a sandbox and the machine learning engine’s role and function - Securing Windows Clients
• Platform and Virus and Spyware Protection policy overview
• Describing how Symantec Endpoint Protection protects each layer of the network stack
• Ensuring real-time protection for clients
• Detecting and remediating risks in downloaded files
• Identifying zero-day and unknown threats
• Preventing email from downloading malware
• Configuring advanced options
• Monitoring virus and spyware activity - Securing Mac Clients
• Touring the SEP for Mac client
• Securing Mac clients
• Monitoring Mac clients - Securing Linux Clients
• Navigating the Linux client
• Tailoring Virus and Spyware settings for Linux clients
• Monitoring Linux clients - Controlling Application and File Access
• Describing Application Control and concepts
• Creating application rulesets to restrict how applications run
• Monitoring Application Control events - Restricting Device Access for Windows and Mac Clients
• Describing Device Control features and concepts for Windows and Mac clients
• Enforcing access to hardware using Device Control
• Discovering hardware access policy violations with reports, logs, and notifications - Hardening Clients with System Lockdown
• What is System Lockdown?
• Determining to use System Lockdown in Whitelist or Blacklist mode
• Discovering hardware access policy violations with reports, logs, and notifications
• Creating whitelists for blacklists
• Protecting clients by testing and Implementing System Lockdown.
Enforcing Adaptive Security Posture
- Customizing Policies based on Location
• Creating locations to ensure the appropriate level of security when logging on remotely
• Determining the criteria and order of assessment before assigning policies
• Assigning policies to locations
• Monitoring locations on the SEPM and SEP client - Managing Security Exceptions
• Creating file and folder exceptions for different scan types
• Describing the automatic exclusion created during installation
• Managing Windows and Mac exclusions
• Monitoring security exceptions