Symantec Data Loss Prevention 15.0 Administration
Length – 5 days
The Symantec Data Loss Prevention 15.0 Administration course is designed to provide you with the fundamental knowledge to configure and administer the Symantec Data Loss Prevention Enforce platform. The hands-on labs include exercises for configuring Enforce server, detection servers, and DLP agents as well as performing policy creation and incident detection, incident response, incident reporting, and user and role administration. Additionally, you are introduced to deployment best practices and the following Symantec Data Loss Prevention products: Network Monitor, Network Prevent, Cloud Service for Email, Cloud Detection Service, Network Discover, Network Protect, Cloud Storage, Endpoint Prevent, and Endpoint Discover. Note that this course is delivered on a Microsoft Windows platform.
This course assumes that students have a basic understanding of Windows server-class operating systems and commands, as well as networking and network security concepts.
The Symantec Data Loss Prevention Administration course is intended for attendees who are responsible for configuring and maintaining Symantec Data Loss Prevention. Additionally, this course is intended for technical users responsible for creating and maintaining Symantec Data Loss Prevention policies and the incident response structure.
Module 1: Data Loss Prevention Landscape
Data Loss Prevention landscape
Data loss risk management
Data Loss Prevention real-world use cases
Module 2: Overview of Symantec Data Loss Prevention
Symantec Data Loss Prevention Suite
Symantec Data Loss Prevention architecture
Module 3: Identifying and Describing Confidential Data
Identifying confidential data
Configuring Symantec Data Loss Prevention to recognize confidential data
Described Content Matching (DCM)
Exact Data Matching (EDM)
Indexed Document Matching (IDM)
Vector Machine Learning (VML)
Sensitive Image Recognition
Custom file-type detection
Module 4: Locating Confidential Data at Rest
Determining where to search for confidential data
Locating confidential data on corporate repositories
Locating confidential data in the cloud
Locating confidential data on endpoint computers
Module 5: Understanding How Confidential Data is Being Used
Monitoring confidential data moving across the network
Monitoring confidential data being used on endpoint computers
Module 6: Educating End Users to Adopt Data-Protection Practices
Implementing corporate training on data protection policies
Providing notifications of user policy violations
Module 7: Preventing Unauthorized Exposure of Confidential Data
Using response rules to prevent the exposure of confidential data
Protecting confidential data in motion
Protecting confidential data in use
Protecting confidential data at rest
Module 8: Remediating Data Loss Incidents and Tracking Risk Reduction
Reviewing risk management frameworks
Using incident reporting options to identify and assess risk
Creating tools that support the organization’s risk reduction process
Communicating risk to stakeholders
Understanding advanced reporting options and analytics
Module 9: Enhancing Data Loss Prevention Through Integrations
Understanding Symantec DLP integration mechanisms
Understanding Symantec DLP in the context of Symantec Information Centric Security
Understanding additional Symantec DLP integrations with other Symantec solutions
Module 10: Review of Symantec Data Loss Prevention
Review of Symantec DLP products and architecture
Review of the stages in a Data Loss Prevention implementation
Symantec Endpoint Protection 14.x Manage and Configure
Length – 5 days
The Symantec Endpoint Protection 14.x: Manage and Administer course is designedfor the network, IT security, and systems administration professional in a Security Operations position tasked with the day – to – day operation of the SEPM management console. The class covers configuring sever – client communication, domains, groups, and locations and Active Directory integration. You also learn how Symantec Endpoint Protection uses LiveUpdate servers and Group Update Providers to deliver content to clients. In addition, you learn how to respond to incidents using monitoring and reporting.
The Symantec Endpoint Protection 14.x: Configure and Protect course is designed for the network, IT security, and systems administration professionals in a Security Operations position who are tasked with configuring optimum security settings for endpoints protected by Symantec Endpoint Protection 14. This class brings context and examples of attacks and tools used by cybercriminals.
You must have working knowledge of advanced computer terminology, including TCP/IP networking terms and Internet terms, and an administrator – level knowledge of Microsoft Windows operating systems.
This course is for IT and system administration professionals who are charged with managing and monitoring Symantec Endpoint Protection endpoints.
By the completion of this course, you will be able to:
Describe how the Symantec Endpoint Protection Manager (SEPM) communicates with clients and make appropriate changes as necessary.
Design and create Symantec Endpoint Protection group structures to meet the needs of your organization.
Respond to threats using SEPM monitoring and reporting.
Analyze the content delivery system (LiveUpdate).
Reduce bandwidth consumption using the best method to deliver content updates to clients.
Configure Group Update Providers.
Create location aware content updates.
Use Rapid Release definitions to remediate a virus outbreak.
Secure endpoints against network and file – based threats.
Control endpoint integrity and compliance.
Enforce adaptive security posturę.
Symantec Endpoint Protection 14.0: Maintain and Troubleshoot
Length– 3 days
The Symantec Endpoint Protection 14.x: Maintain and Troubleshoot course is designed for the IT security management professional tasked with troubleshooting Symantec Endpoint Protection 14.x. Students learn how to troubleshoot installations, monitor and troubleshoot the SEPM, client-to-SEPM communication, content distribution, client deployments, and protection technologies. The class also covers how to follow Symantec best practices for remediating a virus outbreak, automating functionality with REST APIs, and integrating Symantec Endpoint Protection with 3rd party applications.
You must have attended Symantec Endpoint Protection 14: Configure and Protect or have relevant experience maintaining a SEP environment, including basic troubleshooting.
This course is for IT and system administration professionals who are charged with planning and installing a Symantec Endpoint Protection environment.
The classroom lab environment.
Troubleshooting Techniques and Tools
Use a systematic approach for problemsolving.
Describe Symantec and third-party troubleshooting tools and how they are used.
Know which SEPM and SEP client logs to research when troubleshooting specific issues.
Use the Symantec Knowledge Base and interact with Symantec Technical Support.
Troubleshooting the Console
Describe the components that make up the Symantec Endpoint ProtectionManager.
Describe SEPM services and their roles.
Troubleshoot problems related to the SEPM services that prevent you from logging onto the console.
Describe the database configuration and connection methods.
Configure email to enable an administrator to reset passwords and know where to check administrator permissions.
Installation and Migration Issues
Troubleshoot and resolve a failed Symantec Endpoint Protection Manager installation.
Troubleshoot and resolve a failed Symantec Endpoint Protection for Windows client install.
Troubleshoot and resolve a failed Symantec Endpoint Protection for Macclient install.
Troubleshoot and resolve a failed Symantec Endpoint Protection for Linux client install.
Client Communication Issues
Identify the interactions between the client and the SEPM.
Identify heartbeat process.
Locate and configure debug logs for client communication issues.
Describe communications issues from the client perspective.
Identify Linux and Mac communication issues.
Content Distribution Issues
Troubleshoot and resolve LiveUpdate issues on the SEPM and client.
Troubleshoot and resolve issues between a client and management server.
Troubleshoot and resolve issues from clients who retrieve updates from a Group Update Provider.
Extending the SEP infrastructure
Describe how data is transferred during replication and know which replication logs are affected.
Automate functionality with Rest APIs.
Integrate Symantec Endpoint Protection with third party applications.
Responding to a Security Incident
Identify and examine useful SEPM reports for incident response.
Learn the best approach for handling a virus outbreak.
Identify and submit false positives to Symantec.
Assess SEP performance using sizing and scalability recommendations.
Optimize performance for theSEPM.
Optimize performance for the SEP client.
Utilities and other resources.