Securing Cisco Networks with Sourcefire FireAMP for Endpoints (SSFAMP)

Securing Cisco Networks with Sourcefire FireAMP for Endpoints (SSFAMP)
  • Securing Cisco Networks with Sourcefire FireAMP for Endpoints (SSFAMP)

    2 Days Course
    Security (CLS)
    1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 3.67 out of 5)


    Course Details


    Securing Cisco Networks with Sourcefire FireAMP1 (SSFAMP) for Endpoints is two days instructor-led virtual course, delivered through Cisco WebEx® and offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the powerful features of Sourcefire FireAMP software. This two-day virtual class covers information on Cisco Advanced Malware Protection (AMP) technology, deployment, management, and analysis.


    You will learn how to build and manage an AMP deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using powerful tools available in the Sourcefire FireAMP console.


    This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully deploy and manage a Sourcefire FireAMP deployment.


    Associated Exam:

    This course prepares you to take the Securing Cisco Networks with Sourcefire FireAMP for Endpoints exam.


    Upon completing this course, the learner will be able to meet these overall objectives:

    • Describe the architecture and various components of Sourcefire FireAMP and FireAMP cloud
    • ┬áDescribe security concerns around malware and how attacks unfold
    • ┬áDescribe and navigate the Sourcefire FireAMP interface, dashboard, and its components
    • ┬áManage malware detection mechanisms
    • ┬áDescribe advanced policy configuration for endpoints
    • ┬áDescribe how to deploy and distribute the Sourcefire FireAMP connector
    • ┬áDescribe file analysis and Sourcefire FireAMP reporting
    • ┬áDescribe the private cloud offering


    • ┬áModule 1: Sourcefire FireAMP Overview and Architecture
    • ┬áModule 2: Console Interface and Navigation
    • ┬áModule 3: Outbreak Control
    • ┬áModule 4: Endpoint Policies
    • ┬áModule 5: Groups and Deployment
    • ┬áModule 6: Analysis
    • ┬áModule 7: Analysis Case Studies
    • ┬áModule 8: Accounts

     Lab Outline

    • ┬áLab 1: Performing the Initial Setup
    • ┬áLab 2: Initialize the Private Cloud
    • ┬áLab 3: Accessing the Sourcefire FireAMP Console
    • ┬áLab 4: Reviewing the Interface
    • ┬áLab 5: Simple Custom Detection
    • ┬áLab 6: Advanced Custom Detection
    • ┬áLab 7: Application Blocking
    • ┬áLab 8: Whitelisting
    • ┬áLab 9: DFC IP Blacklist
    • ┬áLab 10: Creating a Sourcefire FireAMP Policy
    • ┬áLab 11: Creating Groups
    • ┬áLab 12: Deploying the Connector
    • ┬áLab 13: Connector Command-line Installation
    • ┬áLab 14: Querying the History Database
    • ┬áLab 15: Installing a Policy Manually
    • ┬áLab 16: Testing Your Policy
    • ┬áLab 17: Working with Sourcefire FireAMP Events
    • ┬áLab 18: Detection and Quarantine Events
    • ┬áLab 19: File Trajectory
    • ┬áLab 20: Device Trajectory
    • ┬áLab 21: Reporting
    • ┬áLab 22: ZBot Analysis and Remediation
    • ┬áLab 23: User Accounts
    • ┬áLab 24: Enabling Demo Data

    Target Audience

    This course is designed for technical professionals who need to know how to deploy and manage Sourcefire FireAMP software in their network environments. The primary audience for this course includes:

    • Security administrators
    • Security consultants
    • Network administrators
    • System engineers
    • Technical support personnel
    • Channel partners and resellers


    The recommended knowledge and skills that a learner should have for the best learning outcome include:

    • ┬áTechnical understanding of TCP/IP networking and network architecture
    • ┬áBasic familiarity with the concepts of malware detection

    Course Schedule