Course Overview

Learn about the Security Incident Response, Vulnerability Response, and Threat Intelligence applications.

This two-day course covers the foundational topics of the ServiceNow Security Operation suite. The Security Operations Suite includes the Security Incident Response, Vulnerability Response, and Threat Intelligence applications. The Security Operations Suite provides the tools needed to manage the identification of threats and vulnerabilities within your organization as well as specific tools to assist in the management of Security Incidents.

Course Objectives

After you complete this course you will be able to:

  • Discuss the Current State of Security
  • Explain the Security Operations Maturity levels
  • Describe Security Incident Response Components and Configuration
  • Demonstrate the Baseline Security Incident Response Lifecycle
  • Identify Security Incident Response Workflow-Based Responses
  • Configure Vulnerability Assessment and Management Response tools
  • Explore the ServiceNow Threat Intelligence application
  • Employ Threat Sources and Explore Attack Modes and Methods
  • Define Observables, Indicators of Compromise (IOC) and IoC Look Ups
  • Discuss Security Operations Common Functionality
  • Use Security Operations Integrations
  • Demonstrate how to view and analyze Security Operations data

Course Content

Security Operations Overview

  • Current State of Security and Security Operations Maturity Levels
  • Introducing ServiceNow Security Operations
  • Essential Platform and Security Administration Concepts
  • Security Operations Common Functionality
  • Lab 1.3 Security Operations User Administration
  • Lab 1.4.1 Security Operations Common Functionality
  • Lab 1.4.2 Email Parser

Vulnerability Response

  • Vulnerability Response Overview
  • Vulnerability Classification and Assignment
  • Vulnerability Management
  • Configuration Compliance
  • Lab 2.1 Explore the Vulnerability Response Application
  • Lab 2.2 Explore Vulnerable Items and Vulnerability Groups
  • Lab 2.3 Vulnerability Groups (for Grouping Vulnerable Items)
  • Lab 2.4 Vulnerability Remediation

Security Incident Response

  • Security Incident Response Overview
  • Security Incident Response Components and Configuration
  • Baseline Security Incident Response Lifecycle
  • Security Incident Response Workflow-Based Responses
  • Lab 3.2 Security Incident Response Configuration
  • Lab 3.3 Creating Security Incidents

Threat Intelligence

  • Threat Intelligence Definition
  • Threat Intelligence Terminology
  • Threat Intelligence Toolsets
  • Trusted Security Circles
  • Lab 4.3.1 Review and Update an Existing Attack Mode or Method
  • Lab 4.3.2 Working with Indicators of Compromise (IOC) Lookups
  • Lab 4.3.3 Automated Lookups in Security Incidents

Security Operations Integrations

  • Work with Security Operations
  • Lab 5.1 Navigating Security Operations Integrations

Data Visualization

Course Overview

Learn the domain knowledge, technical aspects, and various processes needed to effectively manage a Security Incident Response implementation (SIRI).

This two-day course covers the domain knowledge, common implementation technical aspects, and various processes needed to effectively manage a Security Incident Response implementation (SIRI).

Attendees will learn and practice various tactical skills and strategies that will better prepare them to implement Security Incident Response (SIR). Through lectures, group discussion, hands-on labs and simulations, participants build on existing knowledge and skills by applying implementation best practices.

Course Objectives

After you complete this course you will be able to:

  • Security Incident Response Overview
  • Create Security Incidents
  • Security Incident and Threat Intelligence Integrations
  • Security Incident Response Management
  • Risk Calculations and Post Incident Response
  • Security Incident Automation
  • Data Visualization
  • Family Delta Module
  • Capstone Project

Course Content


Security Incident Response Overview

  • Identify the goals of Security Incident Response (SIR)
  • Discuss the importance of understanding customers and their goals, and discuss how Security Incident Response meets customer expectations

Create Security Incidents

  • Determine how to create Security Incident Response incidents: Setup Assistant, Using the Service Catalog, Manual Creation, and Via Email Parsing

Security Incident and Threat Intelligence Integrations

  • Discuss different integration capabilities
  • Describe the Three Key Security Incident Response Integrations: Custom, Platform, Store & Share.

Security Incident Response Management

  • Describe the Security Incident Response Management process and components: Assignment Options, Escalation Paths, Security Tags, Process Definitions and Selection.

Risk Calculations Post Incident Response

  • Identify Calculators and Risk Scores
  • Be able to post Incident Reviews.

Security Incident Automation

  • Discuss the Security Incident Response Automation processes available on the ServiceNow Platform: Workflows, Flow Designer, and Playbooks.

Data Visualization

  • Explain the different Security Incident Response Dashboards and Reports available in the ServiceNow platform: Data Visualization, Dashboards and Reporting, Performance Analytics.

Security Incident Response Family Release DELTA

  • Learn about the new, enhanced, and/or deprecated features of the current Security Incident Response family release.

Capstone Project

  • There is a final take-home Capstone project where participants provision a Developer instance and complete directed tasks to reinforce the concepts learned in class.

Course Overview

The Securing the Web with Cisco Web Security Appliance (SWSA) course shows you how to implement, use, and maintain Cisco® Web Security Appliance (WSA), powered by Cisco Talos, to provide advanced protection for business email and control against web security threats. Through a combination of expert instruction and hands-on practice, you’ll learn how to deploy proxy services, use authentication, implement policies to control HTTPS traffic and access, implement use control settings and policies, use the solution’s anti-malware features, implement data security and data loss prevention, perform administration of Cisco WSA solution, and more.

Course Objectives

After completing this course you should be able to:

  • Describe Cisco WSA
  • Deploy proxy services
  • Utilize authentication
  • Describe decryption policies to control HTTPS traffic
  • Understand differentiated traffic access policies and identification profiles
  • Enforce acceptable use control settings
  • Defend against malware
  • Describe data security and data loss prevention
  • Perform administration and troubleshooting

Course Content

Cisco WSA Overview

  • Technology Use Case
  • Cisco WSA Solution
  • Cisco WSA Features
  • Cisco WSA Architecture
  • Proxy Service
  • Integrated Layer 4 Traffic Monitor
  • Data Loss Prevention
  • Cisco Cognitive Intelligence
  • Management Tools
  • Cisco Advanced Web Security Reporting (AWSR) and Third-Party Integration
  • Cisco Content Security Management Appliance (SMA)

Proxy Services

  • Explicit Forward Mode vs.Transparent Mode
  • Transparent Mode Traffic Redirection
  • Web Cache Control Protocol
  • Web Cache Communication Protocol
  • WCCP Upstream and Downstream Flow
  • Proxy Bypass
  • Proxy Caching
  • Proxy Auto-Config (PAC) Files
  • FTP Proxy
  • Socket Secure (SOCKS) Proxy
  • Proxy Access Log and HTTP Headers
  • Customizing Error Notifications with End User Notification (EUN) Pages

Cisco WSA Authentication

  • Authentication Protocols
  • Authentication Realms
  • Tracking User Credentials
  • Explicit (Forward) and Transparent Proxy Mode
  • Bypassing Authentication with Problematic Agents
  • Reporting and Authentication
  • Re-Authentication
  • FTP Proxy Authentication
  • Troubleshooting Joining Domains and Test Authentication
  • Integration with Cisco Identity Services Engine (ISE)

Administration and Troubleshooting

  • Monitor the Cisco Web Security Appliance
  • Cisco WSA Reports
  • Monitoring System Activity Through Logs
  • System Administration Tasks
  • Troubleshooting
  • Command Line Interface

Decryption Policies

  • Transport Layer Security (TLS)/Secure Sockets Layer (SSL) Inspection Overview
  • Certificate Overview
  • Overview of HTTPS Decryption Policies
  • Activating HTTPS Proxy Function
  • Access Control List (ACL) Tags for HTTPS Inspection
  • Access Log Examples

Differentiated Traffic Access Policies and Identification Profiles

  • Overview of Access Policies
  • Access Policy Groups
  • Overview of Identification Profiles
  • Identification Profiles and Authentication
  • Access Policy and Identification Profiles Processing Order
  • Other Policy Types
  • Access Log Examples
  • ACL Decision Tags and Policy Groups
  • Enforcing Time-Based and Traffic Volume Acceptable Use Policies, and End User Notifications

Defending Against Malware

  • Web Reputation Filters
  • Anti-Malware Scanning
  • Scanning Outbound Traffic
  • Anti-Malware and Reputation in Policies
  • File Reputation Filtering and File Analysis
  • Cisco Advanced Malware Protection
  • File Reputation and Analysis Features
  • Integration with Cisco Cognitive Intelligence

Acceptable Use Control Settings

  • Controlling Web Usage
  • URL Filtering
  • URL Category Solutions
  • Dynamic Content Analysis Engine
  • Web Application Visibility and Control
  • Enforcing Media Bandwidth Limits
  • Software as a Service (SaaS) Access Control
  • Filtering Adult Content

Data Security and Data Loss Prevention

  • Data Security
  • Cisco Data Security Solution
  • Data Security Policy Definitions
  • Data Security Logs

Labs:

  • Discovery Lab 1: Configure the Cisco Web Security Appliance
  • Discovery Lab 2: Configure Proxy Authentication
  • Discovery Lab 3: Configure Reporting Services and Web Tracking
  • Discovery Lab 4: Configure the Cisco Secure Emial and Web Manager for Tracking and Reporting
  • Discovery Lab 5: Configure HTTPS Inspection
  • Discovery Lab 6: Create and Enforce a Time/Date-Based Acceptable Use Policy
  • Discovery Lab 7: Configure Advanced Malware Protection
  • Discovery Lab 8: Configure Referrer Header Exceptions
  • Discovery Lab 9: Utilize Third-Party Security Feeds and MS Office 365 External Feed
  • Discovery Lab 10: Validate an Intermediate Certificate

Course Overview

The Securing Cloud Deployments with Cisco Technologies course shows you how to implement Cisco cloud security solutions to secure access to the cloud, workloads in the cloud, and software as a service (SaaS) user accounts, applications, and data. Through expert instruction and hands-on labs, you’ll learn a comprehensive set of skills and technologies including: how to use key Cisco cloud security solutions; detect suspicious traffic flows, policy violations, and compromised devices; implement security controls for cloud environments; and implement cloud security management. This course covers usage of Cisco Cloudlock, Cisco Umbrella, Cisco Cloud Email Security, Cisco Advanced Malware Protection (AMP) for Endpoints, Cisco Stealthwatch Cloud and Enterprise, Cisco Firepower NGFW (next-generation firewall), and more.

Course Objectives

After completing this course you should be able to:

  • Contrast the various cloud service and deployment models.
  • Implement the Cisco Security Solution for SaaS using Cisco Cloudlock Micro Services.
  • Deploy cloud security solutions using Cisco AMP for Endpoints, Cisco Umbrella, and Cisco Cloud Email Security.
  • Define Cisco cloud security solutions for protection and visibility using Cisco virtual appliances and Cisco Stealthwatch Cloud.
  • Describe the network as a sensor and enforcer using Cisco Identity Services Engine (ISE), Cisco Stealthwatch Enterprise, and Cisco TrustSec.
  • Implement Cisco Firepower NGFW Virtual (NGFWv) and Cisco Stealthwatch Cloud to provide protection and visibility in AWS environments.
  • Explain how to protect the cloud management infrastructure by using specific examples, defined best practices, and AWS reporting capabilities.

Course Content

Introducing the Cloud and Cloud Security

  • Describe the Evolution of Cloud Computing
  • Explain the Cloud Service Models
  • Explore the Security Responsibilities Within the Infrastructure as a Service (IaaS) Service Model
  • Explore the Security Responsibilities Within the Platform as a Service (PaaS) Service Model
  • Explore the Security Responsibilities Within the SaaS Service Model
  • Describe Cloud Deployment Models
  • Describe Cloud Security Basics

Implementing the Cisco Security Solution for SaaS Access Control

  • Explore Security Challenges for Customers Using SaaS
  • Describe User and Entity Behavior Analytics, Data Loss Prevention (DLP), and Apps Firewall
  • Describe Cloud Access Security Broker (CASB)
  • Describe Cisco CloudLock as the CASB
  • Describe OAuth and OAuth Attacks

Deploying Cisco Cloud-Based Security Solutions for Endpoints and Content Security

  • Describe Cisco Cloud Security Solutions for Endpoints
  • Describe AMP for Endpoints Architecture
  • Describe Cisco Umbrella
  • Describe Cisco Cloud Email Security
  • Design Comprehensive Endpoint Security

Introducing Cisco Security Solutions for Cloud Protection and Visibility

  • Describe Network Function Virtualization (NFV)
  • Describe Cisco Secure Architectures for Enterprises (Cisco SAFE)
  • Describe Cisco NGFWv/Cisco Firepower Management Center Virtual
  • Describe Cisco ASAv
  • Describe Cisco Services Router 1000V
  • Describe Cisco Stealthwatch Cloud
  • Describe Cisco Tetration Cloud Zero-Trust Model

Describing the Network as the Sensor and Enforcer

  • Describe Cisco Stealthwatch Enterprise
  • Describe Cisco ISE Functions and Personas
  • Describe Cisco TrustSec
  • Describe Cisco Stealthwatch and Cisco ISE Integration
  • Describe Cisco Encrypted Traffic Analytics (ETA)

Implementing Cisco Security Solutions in AWS

  • Explain AWS Security Offerings
  • Describe AWS Elastic Compute Cloud (EC2) and Virtual Private Cloud (VPC)
  • Discover Cisco Security Solutions in AWS
  • Explain Cisco Stealthwatch Cloud in AWS

Describing Cloud Security Management

  • Describe Cloud Management and APIs
  • Explain API Protection
  • Illustrate an API Example: Integrate to ISE Using pxGrid
  • Identify SecDevOps Best Practices
  • Illustrate a Cisco Cloud Security Management Tool Example: Cisco Defense Orchestrator
  • Illustrate a Cisco Cloud Security Management Tool Example: Cisco CloudCenter™
  • Describe Cisco Application Centric Infrastructure (ACI)
  • Describe AWS Reporting Tools

 Labs

  • Lab1: Explore the Cisco Cloudlock Dashboard and User Security
  • Lab 2: Explore Cisco Cloudlock Application and Data Security
  • Lab 3: Explore Cisco AMP Endpoints
  • Lab 4: Perform Endpoint Anaylsis Using the AMP Endpoint Console
  • Lab 5: Examine the Umbrella Dashboard
  • Lab 6: Examine Cisco Umbrella Investigate
  • Lab 7: Explore Email Ransomware Protection by Cisco Cloud Email Security
  • Lab 8: DNS Ransomware Protection by Cisco Umbrella
  • Lab 9: Explore File Ransomware Protection by Cisco AMP for Endpoints
  • Lab 10: Explore a Ransomware Execution Example
  • Lab 11: Implement Cisco ASAv in ESXi
  • Lab 12: Configure and Test Basic Cisco ASAv Network Address Translation (NAT)/Access Control List (ACL) Functions
  • Lab 13: Explore Cisco Stealthwatch Cloud
  • Lab 14: Explore Stealthwatch Cloud Alerts Settings, Watchlists, and Sensors
  • Lab 15: Explore the Network as the Sensor and Enforcer
  • Lab 16; Explore Cisco Stealthwatch Enterprise
  • Lab 17: Deploy NGFWv and FMCv in AWS
  • Lab 18: Troubleshoot FTD and FMC in AWS – Scenario 1
  • Lab 19: Troubleshoot FTD and FMC in AWS – Scenario 2
  • Lab 20: Troubleshoot FTD and FMC in AWS – Scenario 3
  • Lab 30: Explore AWS Reporting Capabilities

Course Overview

Securing Cisco Networks with Snort Rule Writing Best Practices is a lab-intensive course that introduces users of open source Snort or Sourcegire FIRESIGHT systems to the Snort rules language and rule-writing best practices. Users focus exclusively on the Snort rules language and rule writing. Starting from rule syntax and structure to advanced rule-option usage, you will analyze exploit packet captures and put the rule writing theories learned to work—implementing rule-language features to trigger alerts on the offending network traffic.This course also provides instruction and lab exercises on how to detect certain types of attacks, such as buffer overflows, utilizing various rule-writing techniques. You will test your rule-writing skills in two challenges: a theoretical challenge that tests knowledge of rule syntax and usage, and a practical challenge in which we present an exploit for you to analyze and research so you can defend your installations against the attack.This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully understand and implement open source rules.

Course Objectives

After completing this course, you should be able to:

  • Describe rule structure, rule syntax, rule options and their usage.
  • Configure and create Snort rules
  • Describe the rule optimization process to create efficient rules
  • Describe preprocessors and how data is presented to the rule engine
  • Create and implement functional Regular Expressions in Snort rules
  • Design and apply rules using byte_jump/test/extract rule options
  • Understand the concepts behind protocol modeling to write rules that perform better

Course Content

Module 1: Welcome to the Cisco and Sourcefire Virtual Network

Module 2: Basic Rule Syntax and Usage

Module 3: Rule Optimization

Module 4: Using Perl Compatible Regular Expressions (PCRE) in Rules

Module 5: Using Byte_Jump/Test/Extract Rule Options

Module 6: Protocol Modeling Concepts and Using Flowbits in Rule Writing

Module 7: Case Sudies in Rule Writing and Packet Analysis

Module 8: Rule Performance Monitoring

Module 9: Rule Writing Practiceal Labs, Exercises, and Challenges

Labs

  • Lab 1: Infrastructure Familarization
  • Lab 2: Writing Custom Rules
  • Lab 3: Drop Rules
  • Lab 4: Replacing Content
  • Lab 5: SSH Rule Scenerio
  • Lab 6: Optimizing Rules
  • Lab 7: Using PCREtest to Test Regex Options
  • Lab 8: Use PCREtest to Test Custom Regular Expressions
  • Lab 9: Writing Rules That Contain PCRE
  • Lab 10: Exploiting SADMIND Trust
  • Lab 11: Using the Bitwise AND Operation in Byte_Test Rule Option
  • Lab 12: Detecting ZenWorks Directory Traversal Using Byte_Extract
  • Lab 13: Writing a Flowbit Rule
  • Lab 14: Extra Flowbits Challenge
  • Lab 15: Strengthen Your Brute-Force Rule with Flowbits
  • Lab 16: Research and Packet Analysis
  • Lab 17: Revisiting the Kaminsky Vulnerability
  • Lab 18: Configuring Rule Profiling
  • Lab 19: Testing Rule Performance
  • Lab 20: Configure Rule Profiling to View PCRE Performance
  • Lab 21: Preventing User Access to a Restricted Site
  • Lab 22: SQL Injection
  • Lab 23: The SQL Attack Revisited

Course Overview

The Securing Cisco Networks with Open Source Snort course shows you how to deploy a network intrusion detection system based on Snort. Through a combination of expert instruction and hands-on practice, you will learn how to install, configure, operate, and manage a Snort system, rules writing with an overview of basic options, advanced rules writing, how to configure PulledPork, and how to use OpenAppID to provide protection of your network from malware. You will learn techniques of tuning and performance monitoring, traffic flow through Snort rules, and more.

Course Objectives

After completing this course, you should be able to:

  • Describe Snort technology and identify the resources available for maintaining a Snort deployment 
  • Install and configure a Snort deployment 
  • Configure the command-line options for starting a Snort as a sniffer, a logger, and an intrusion detector, and create a script to start Snort automatically 
  • Identify and configure available Snort intrusion detection outputs 
  • Describe rule sources, updates, and utilities for managing rules and updates 
  • Detail the components of the snort.lua file and determine how to configure it for your deployment 
  • Configure Snort for inline operation using the inline-only features 
  • Configure rules for Snort using basic rule syntax 
  • Describe how traffic flows through Snort and how to optimize rules for better performance 
  • Configure advanced-rule options for Snort rules 
  • Configure OpenAppID features and functionality 
  • Tune Snort for efficient operation and profile system performance 

Course Content

Snort Technology Introduction

  • Snort Basics
  • Snort Resources

Snort Installation

  • Installation Prerequisites
  • Performing the Snort Installation

Snort Operation Introduction

  • Running Snort from the Command Line
  • Configuring Snort to Start Automatically

Snort Intrusion Detection Output

  • Configuring Snort Intrusion Detection Output

Rule Management

  • Snort Rulesets
  • PulledPork Installation and Configuration

Snort Configuration

  • Examining the snort.lua File
  • Inspector Configuration

Inline Operation and Configuration

  • Configuring Inline Operation
  • Configuring Inline-Specific Features

Snort Rule Syntax and Usage

  • Basic Rule Syntax
  • Common Rule Options

Snort Rule Traffic Processing Flow

  • Examining Snort Traffic Flow

Advanced Rule Options

  • PCRE Rule Options
  • Hash Rules
  • Byte Rule Options
  • Implementing Flowbits
  • File Detention

OpenAppID Detection Configuration

  • Exploring the Open AppID Preprocessor
  • Examining AppID Events and Statistics
  • Detector Basics

Snort Tuning

  • Viewing Performance Statistics
  • Configuring Snort Rule Filters
  • Implementing BPFs in Snort
  • Performance Profiling

Labs

  • Discovery Lab 1: Connecting to the Lab Environment
  • Discovery Lab 2: Snort Installation
  • Discovery Lab 3: Snort Operation
  • Discovery Lab 4: Snort Intrusion Detection Output
  • Discovery Lab 5: PulledPork Installation
  • Discovery Lab 6: Configuring Variables
  • Discovery Lab 7: Reviewing Inspector Configurations
  • Discovery Lab 8: Inline Operation
  • Discovery Lab 9: Basic Rule Syntax and Usage
  • Discovery Lab 10: Advanced Rule Options
  • Discovery Lab 11: OpenAppID Configuration
  • Discovery Lab 12: Tuning Snort

Course Overview

Learn how to deploy and use Cisco® Email Security Appliance to establish protection for your email systems against phishing, business email compromise and ransomware. Help streamline email security policy management. This hands-on course provides you with the knowledge and skills to implement, troubleshoot, and administer Cisco Email Security Appliance, including key capabilities such as advanced malware protection, spam blocking, anti-virus protection, outbreak filtering, encryption, quarantines, and data loss prevention.

This course is worth 24 Continuing Education (CE) Credits.

Course Objectives

After completing this course you should be able to:

  • Describe and administer the Cisco Email Security Appliance (ESA)
  • Control sender and recipient domains
  • Control spam with Talos SenderBase and anti-spam
  • Use anti-virus and outbreak filters
  • Use mail policies
  • Use content filters
  • Use message filters
  • Prevent data loss
  • Perform LDAP queries
  • Authenticate Simple Mail Transfer Protocol (SMTP) sessions
  • Authenticate email
  • Encrypt email
  • Use system quarantines and delivery methods
  • Perform centralized management using clusters
  • Test and troubleshoot

Course Content

Describing the Cisco Email Security Appliance

  • Cisco Email Security Appliance Overview
  • Technology Use Case
  • Cisco Email Security Appliance Data Sheet
  • SMTP Overview
  • Email Pipeline Overview
  • Installation Scenarios
  • Initial Cisco Email Security Appliance Configuration
  • Centralizing Services on a Cisco Content Security Management Appliance (SMA)
  • Release Notes for AsyncOS 11.x

Controlling Sender and Recipient Domains

  • Public and Private Listeners
  • Configuring the Gateway to Receive Email
  • Host Access Table Overview
  • Recipient Access Table Overview
  • Configuring Routing and Delivery Features

Controlling Spam with Talos SenderBase and Anti-Spam

  • SenderBase Overview
  • Anti-Spam
  • Managing Graymail
  • Protecting Against Malicious or Undesirable URLs
  • File Reputation Filtering and File Analysis
  • Bounce Verification

Using Anti-Virus and Outbreak Filters

  • Anti-Virus Scanning Overview
  • Sophos Anti-Virus Filtering
  • McAfee Anti-Virus Filtering
  • Configuring the Appliance to Scan for Viruses
  • Outbreak Filters
  • How the Outbreak Filters Feature Works
  • Managing Outbreak Filters

Using Mail Policies

  • Cisco Email Security Manager Overview
  • Mail Policies Overview
  • Handling Incoming and Outgoing Messages Differently
  • Configuring Mail Policies
  • Matching Users to a Mail Policy
  • Message Splintering

Using Content Filters

  • Content Filters Overview
  • Content Filter Conditions
  • Content Filter Actions
  • Filter Messages Based on Content
  • Text Resources Overview
  • Using and Testing the Content Dictionaries Filter Rules
  • Understanding Text Resources
  • Text Resource Management
  • Using Text Resources

Using Message Filters

  • Message Filters Overview
  • Components of a Message Filter
  • Message Filter Processing
  • Message Filter Rules
  • Message Filter Actions
  • Attachment Scanning
  • Examples of Attachment Scanning Message Filters
  • Using the CLI to Manage Message Filters
  • Message Filter Examples
  • Configuring Scan Behavior

Preventing Data Loss

  • Data Loss Prevention (DLP) Scanning Process
  • Setting Up Data Loss Prevention
  • Policies for Data Loss Prevention
  • Message Actions
  • Updating the DLP Engine and Content Matching Classifiers

Using LDAP

  • Overview of LDAP
  • Working with LDAP
  • Using LDAP Queries
  • Authenticating End-Users of the Spam Quarantine
  • Configuring External LDAP Authentication for Users
  • Testing Servers and Queries
  • Using LDAP for Directory Harvest Attack Prevention
  • Spam Quarantine Alias Consolidation Queries
  • Validating Recipients Using an SMTP Server

Describing SMTP Session Authentication

  • Configuring AsyncOS for SMTP Authentication
  • Authenticating SMTP Sessions Using Client Certificates
  • Checking the Validity of a Client Certificate
  • Authenticating User Using LDAP Directory
  • Authenticating SMTP Connection Over Transport Layer Security (TLS) Using a Client Certificate
  • Establishing a TLS Connection from the Appliance
  • Updating a List of Revoked Certificates

Using Email Authentication

  • Email Authentication Overview
  • Overview of Sender Policy Framework (SPF) and SIDF Verification
  • Configuring DomainKeys and DomainKeys Identified Mail (DKIM) Signing
  • Verifying Incoming Messages Using DKIM
  • Domain-based Message Authentication Reporting and Conformance (DMARC) Verification
  • Forged Email Detection

Using Email Encryption

  • Overview of Cisco Email Encryption
  • Encrypting Messages
  • Determining Which Messages to Encrypt
  • Inserting Encryption Headers into Messages
  • Encrypting Communication with Other Message Transfer Agents (MTAs)
  • Working with Certificates
  • Managing Lists of Certificate Authorities
  • Enabling TLS on a Listener’s Host Access Table (HAT)
  • Enabling TLS and Certificate Verification on Delivery
  • Secure/Multipurpose Internet Mail Extensions (S/MIME) Security Services

Administering the Cisco Email Security Appliance

  • Distributing Administrative Tasks
  • System Administration
  • Managing and Monitoring Using the Command Line Interface (CLI)
  • Other Tasks in the GUI
  • Advanced Network Configuration
  • Using Email Security Monitor
  • Tracking Messages
  • Logging

Using System Quarantines and Delivery Methods

  • Describing Quarantines
  • Spam Quarantine
  • Setting Up the Centralized Spam Quarantine
  • Using Safelists and Blocklists to Control Email Delivery Based on Sender
  • Configuring Spam Management Features for End Users
  • Managing Messages in the Spam Quarantine
  • Policy, Virus, and Outbreak Quarantines
  • Managing Policy, Virus, and Outbreak Quarantines
  • Working with Messages in Policy, Virus, or Outbreak Quarantines
  • Delivery Methods

Centralized Management Using Clusters

  • Overview of Centralized Management Using Clusters
  • Cluster Organization
  • Creating and Joining a Cluster
  • Managing Clusters
  • Cluster Communication
  • Loading a Configuration in Clustered Appliances
  • Best Practices

Testing and Troubleshooting

  • Debugging Mail Flow Using Test Messages: Trace
  • Using the Listener to Test the Appliance
  • Troubleshooting the Network
  • Troubleshooting the Listener
  • Troubleshooting Email Delivery
  • Troubleshooting Performance
  • Web Interface Appearance and Rendering Issues
  • Responding to Alerts
  • Troubleshooting Hardware Issues
  • Working with Technical Support

Labs

  • Discovery Lab 1: Verify and Test Cisco ESA Configuration
  • Discovery Lab 2: Advanced Malware in Attachments (Macro Detection)
  • Discovery Lab 3: Protect Against Malicious or Undesirable URLs Beneath Shortened URLs
  • Discovery Lab 4: Protect Against Malicious or Undesirable URLs Inside Attachments
  • Discovery Lab 5: Intelligently Handle Unscannable Messages
  • Discovery Lab 6: Leverage AMP Cloud Intelligence Via Pre-Classification Enhancement
  • Discovery Lab 7: Integrate Cisco ESA with AMP Console
  • Discovery Lab 8: Prevent Threats with Anti-Virus Protection
  • Discovery Lab 9: Applying Outbreak Filters
  • Discovery Lab 10: Configure Attachment Scanning
  • Discovery Lab 11: Configure Outbound Data Loss Prevention
  • Discovery Lab 12: Integrate Cisco ESA with LDAP and Enable the LDAP Accept Query
  • Discovery Lab 13: DomainKeys Identified Mail (DKIM)
  • Discovery Lab 14: Sender Policy Framework (SPF)
  • Discovery Lab 15: Forged Email Detection
  • Discovery Lab 16: Configure the Cisco SMA for Tracking and Reporting
  • Discovery Lab 17: Configure the Cisco Secure Email and Web Manager for Tracking and Reporting

Course Overview

This course is designed for students who are planning to take the Secure storage for Azure Files and Azure Blob Storage assessment, and provides a bridge between fundamental level skills and entry-level associate skills. This course helps learners progress in multiple IT roles, including infrastructure, security, and networking.

Course Objectives

In this course, the student will have many opportunities to practice configuring and securing storage. These skills include creating and configuring storage accounts, blob containers, file shares, storage networking, and storage security.

Course Content

This course will cover;

  • Create and configure a storage account
  • Create and configure Blob Storage
  • Create and configure Azure Files
  • Configure networking for storage
  • Configure encryption for storage

Course Overview

This learning path guides you in securing Azure services and workloads using Microsoft Cloud Security Benchmark controls in Microsoft Defender for Cloud via the Azure portal.

Course Objectives

  • Filter network traffic with a network security group using the Azure portal
  • Create a Log Analytics workspace for Microsoft Defender for Cloud
  • Set up Microsoft Defender for Cloud
  • Configure and integrate a Log Analytics agent and workspace in Defender for Cloud
  • Configure Azure Key Vault networking settings
  • Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

Course Content

Module 1: Filter network traffic with a network security group using the Azure portal

  • In this module, we will focus on filtering network traffic using Network Security Groups (NSGs) in the Azure portal. Learn how to create, configure, and apply NSGs for improved network security.

Module 2: Create a Log Analytics workspace for Microsoft Defender for Cloud

  • In this module, you’ll discover how to create a Log Analytics workspace in the Azure portal for Microsoft Defender for Cloud, improving data collection and security analysis.

Module 3: Set up Microsoft Defender for Cloud

  • In this module, you’ll learn how to implement Microsoft Defender for Cloud using the Azure portal, to strengthen security and threat detection in your Azure environment.

Module 4: Configure and integrate a Log Analytics agent and workspace in Defender for Cloud

  • This module will guide you to configure and integrate a Log Analytics agent with a workspace in Defender for Cloud via the Azure portal, boosting security analysis.

Module 5: Configure Azure Key Vault networking settings

  • In this module, you’ll learn to configure Azure Key Vault networking settings via the Azure portal, ensuring secure and controlled access to your stored secrets.

Module 6: Connect an Azure SQL server using an Azure Private Endpoint using the Azure portal

  • This module will guide you on securely connecting an Azure SQL server via Azure Private Endpoint in the Azure portal, enhancing data communication security.

Course Overview

Red Hat Single Sign-On Administration (DO313) is designed for system administrators who want to install, configure and manage Red Hat Single Sign-On servers for securing applications. Learn about the different ways to authenticate and authorize applications using single sign-on standards like OAuth and OpenID Connect (OIDC). You will also learn how to install and configure Red Hat SIngle Sign-On on the OpenShift Container Platform. This course is based on Red Hat Single Sign-On version 7.6.

Course Objectives

  • Installing Red Hat Single Sign-On on virtual machines and on OpenShift Container Platform
  • Authenticating and authorizing applications using OAuth and OIDC
  • Configuring Identity Brokering and user identity federation from external systems
  • Configuring password policies

Course Content

Introduce Red Hat Single Sign-On

Identify the main components of Red Hat Single Sign-OnInstall and Configure Red Hat Single Sign-On

Identify the best option for installing and configuring RHSSO depending on the infrastructureAuthentication and Authorization

Configure authentication and authorization for applicationsIdentity Brokering and User Federation

Configure RHSSO to secure applications from multiple identity providers by using user federation and social loginsRed Hat Single Sign-On on OpenShift

Install and configure Red Hat Single Sign-On on OpenShift