Cisco-Ausbildung

Insoft Services ist einer der wenigen Schulungsanbieter in EMEAR, der ein umfassendes Angebot an Cisco-Zertifizierungen und spezialisierten Technologieschulungen anbietet.

Lesen Sie mehr

Cisco Zertifizierungen

Erleben Sie einen Blended-Learning-Ansatz, der das Beste aus von Lehrern geleiteten Schulungen und E-Learning zum Selbststudium kombiniert, um sich auf Ihre Zertifizierungsprüfung vorzubereiten.

Lesen Sie mehr

Cisco Learning Credits

Cisco Learning Credits (CLCs) sind Prepaid-Schulungsgutscheine, die direkt bei Cisco eingelöst werden und die Planung für Ihren Erfolg beim Kauf von Cisco-Produkten und -Services erleichtern.

Lösen Sie Ihre CLCs ein

Cisco Continuing Education

Das Cisco Continuing Education Program bietet allen aktiven Zertifizierungsinhabern flexible Optionen zur Rezertifizierung, indem sie eine Vielzahl von in Frage kommenden Schulungselementen absolvieren.

Lesen Sie mehr

Cisco Digital Learning

Zertifizierte Mitarbeiter sind GESCHÄTZTE Vermögenswerte. Erkunden Sie die offizielle Digital Learning Library von Cisco, um sich durch aufgezeichnete Sitzungen weiterzubilden.

CDLL-Katalog

Cisco Business Enablement

Das Cisco Business Enablement Partner Program konzentriert sich auf die Verbesserung der Geschäftsfähigkeiten von Cisco Channel Partnern und Kunden.

Lesen Sie mehr

Cisco Schulungskatalog

Lesen Sie mehr

Technische Zertifizierung

Das Fortinet Network Security Expert (NSE) -Programm ist ein achtstufiges Schulungs- und Zertifizierungsprogramm, um Ingenieuren ihre Netzwerksicherheit für Fortinet FW-Fähigkeiten und -Erfahrungen beizubringen.

Technische Kurse

Fortinet-Ausbildung

Insoft ist als Fortinet Authorized Training Center an ausgewählten Standorten in EMEA anerkannt.

Lesen Sie mehr

Fortinet Schulungskatalog

Lesen Sie mehr

ATC Status

Überprüfen Sie unseren ATC-Status in ausgewählten Ländern in Europa.

Lesen Sie mehr

Fortinet Service-Pakete

Insoft Services hat eine spezielle Lösung entwickelt, um den Prozess der Installation oder Migration zu Fortinet-Produkten zu rationalisieren und zu vereinfachen.

Lesen Sie mehr

Microsoft-Ausbildung

Insoft Services bietet Microsoft-Schulungen in EMEAR an. Wir bieten technische Schulungen und Zertifizierungskurse von Microsoft an, die von erstklassigen Instruktoren geleitet werden.

Technische Kurse

Extreme-Ausbildung

Erfahren Sie außergewöhnliche Kenntnisse und Fähigkeiten von Extreme Networks.

Technische Kurse

Technische Zertifizierung

Wir bieten einen umfassenden Lehrplan für technische Kompetenzen zur Zertifizierung an.

Lesen Sie mehr

Extreme Schulungskatalog

Hier finden Sie alle Extreme Networks online und den von Lehrern geleiteten Kalender für den Klassenraum.

Lesen Sie mehr

ATP-Akkreditierung

Als autorisierter Schulungspartner (ATP) stellt Insoft Services sicher, dass Sie die höchsten verfügbaren Bildungsstandards erhalten.

Lesen Sie mehr

Lösungen & Dienstleistungen

Wir bieten innovative und fortschrittliche Unterstützung bei der Konzeption, Implementierung und Optimierung von IT-Lösungen. Unsere Kundenbasis umfasst einige der größten Telcos weltweit.

Beratungspakete

Ein weltweit anerkanntes Team von zertifizierten Experten unterstützt Sie bei einem reibungsloseren Übergang mit unseren vordefinierten Beratungs-, Installations- und Migrationspaketen für eine breite Palette von Fortinet-Produkten.

Über uns

Insoft bietet autorisierte Schulungs- und Beratungsdienstleistungen für ausgewählte IP-Anbieter. Erfahren Sie, wie wir die Branche revolutionieren.

Lesen Sie mehr
  • +49 6151 277 6496
  • Endpoint Detection Response Administration

    Duration
    2 Tage
    Delivery
    (Online Und Vor Ort)
    Price
    Preis auf Anfrage

    Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams.

     

    MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.

    What is EDR?

    • Recall how MVISION EDR plays a part in the company portfolio
    • Define MVISION EDR components
    • Distinguish how MVISION EDR helps the SOC Mission
    • Identify MVISION EDR capabilities
    • Describe the MITRE ATT&CK Matrix

     

    Architecture:

    • Describe the product/solution architecture
    • Distinguish between deployment options
    • Recall common log and product files
    • Identify product/solution communication paths and ports

     

    Setup and Deployment:

    • Identify the supported platform, environment, or operating systems
    • Recall the first steps for adding MVISION EDR to your environment
    • Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
    • Check in the required product extension(s)
    • Deploy the MVISION EDR Client to endpoints

     

    Monitoring:

    • Recall what Cyber Threat Hunting is.
    • Identify different Threat Hunting styles.
    • Describe why Threat Hunting is required.
    • Recall Threat Hunting tips.
    • View threat events in the Monitoring dashboard.
    • Recall the MVISION EDR threat detection approach.
    • Recall how to take action from the Monitoring dashboard.

     

    Alerting:

    • Leverage the Alerting dashboard to view the raw events from managed devices
    • View how alert events match to the MITRE observed tactics and techniques

     

    Device Search:

    • Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
    • Recall the Device Search investigation capabilities.

     

    Historical Search:

    • Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
    • Recall the Historical Search investigation capabilities

     

    Real-time Search:

    • Obtain information about processes currently running on managed endpoints using real-time search queries
    • Leverage the query syntax to combine collectors and build powerful search expressions
    • Take action on search results to execute reaction code onto managed endpoints

     

    Investigating:

    • Analyze an investigation using the key findings and key artifacts discovered.
    • View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
    • Recall what is a cyber security incident.
    • Identify the different vectors of cyber incidents.
    • Describe what is Incident Response (IR) and its importance.

     

    Catalog:

    • Navigate to the Catalog dashboard to view built-in collectors and reactions.
    • Use the Catalog dashboard to create or delete custom collectors and reactions.

     

    Action History:

    • View the details of actions performed through the Action History dashboard.

     

    Performance Metrics:

    • View the Performance Metrics page to analyze the amount of time spent on resolving investigations.

     

    Troubleshooting:

    • Walk through actions to take if no events are seen in the Monitoring dashboard
    • View MVISION EDR tenancy status
    • Perform troubleshooting steps for Investigations
    • Troubleshoot DXL connectivity

     

    Use Cases:

    • Use the monitoring dashboard to identify threats
    • Create an investigation
    • Quarantine a system or process
    • Perform in depth analysis using real-time search
    • Increase familiarity and workflow with MVISION EDR

    Day 1

    • Welcome
    • What is EDR?
    • Architecture
    • Setup and Deployment
    • Monitoring
    • Alerting
    • Device Search
    • Historical Search

     

    Day 2

    • Real-time Search
    • Investigating
    • Catalog
    • Action History
    • Performance Metrics
    • Troubleshooting
    • Use Cases
    • Incident Response
    • Threat Hunting

    This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of:

    • Networking and system administration concepts
    • Computer security concepts
    • Network security concepts and practices
    • Malware analysis, forensics, tactics and techniques

    Adversaries maneuver in covert ways—camouflaging their actions within the most trusted components already in your environment. They don’t always install something tangible like malware, but they always leave behind a behavioral trail. Endpoint detection and response (EDR) continuously monitor and gather data to provide the visibility and context needed to detect and respond to threats. But current approaches often dump too much information on already stretched security teams.

     

    MVISION EDR helps to manage the high volume of alerts, empowering analysts of all skill levels to do more and investigate more effectively. This course prepares SOC Analysts to understand, communicate, and use the features provided by Endpoint Detection and Response. Through hands-on lab exercises, you will learn how to detect advanced device threats, fully investigate, and quickly respond.

    What is EDR?

    • Recall how MVISION EDR plays a part in the company portfolio
    • Define MVISION EDR components
    • Distinguish how MVISION EDR helps the SOC Mission
    • Identify MVISION EDR capabilities
    • Describe the MITRE ATT&CK Matrix

     

    Architecture:

    • Describe the product/solution architecture
    • Distinguish between deployment options
    • Recall common log and product files
    • Identify product/solution communication paths and ports

     

    Setup and Deployment:

    • Identify the supported platform, environment, or operating systems
    • Recall the first steps for adding MVISION EDR to your environment
    • Install MVISION EDR on an on-premise (local) or MVISION ePO deployment
    • Check in the required product extension(s)
    • Deploy the MVISION EDR Client to endpoints

     

    Monitoring:

    • Recall what Cyber Threat Hunting is.
    • Identify different Threat Hunting styles.
    • Describe why Threat Hunting is required.
    • Recall Threat Hunting tips.
    • View threat events in the Monitoring dashboard.
    • Recall the MVISION EDR threat detection approach.
    • Recall how to take action from the Monitoring dashboard.

     

    Alerting:

    • Leverage the Alerting dashboard to view the raw events from managed devices
    • View how alert events match to the MITRE observed tactics and techniques

     

    Device Search:

    • Use device data to assist with analyzing how a threat occurred in the system and what triggered it.
    • Recall the Device Search investigation capabilities.

     

    Historical Search:

    • Use historical data to assist with analyzing how a threat occurred in the system and what triggered it
    • Recall the Historical Search investigation capabilities

     

    Real-time Search:

    • Obtain information about processes currently running on managed endpoints using real-time search queries
    • Leverage the query syntax to combine collectors and build powerful search expressions
    • Take action on search results to execute reaction code onto managed endpoints

     

    Investigating:

    • Analyze an investigation using the key findings and key artifacts discovered.
    • View details to investigated items, linked investigations, i nvestigation guides, and similar cases in the investigation workspace.
    • Recall what is a cyber security incident.
    • Identify the different vectors of cyber incidents.
    • Describe what is Incident Response (IR) and its importance.

     

    Catalog:

    • Navigate to the Catalog dashboard to view built-in collectors and reactions.
    • Use the Catalog dashboard to create or delete custom collectors and reactions.

     

    Action History:

    • View the details of actions performed through the Action History dashboard.

     

    Performance Metrics:

    • View the Performance Metrics page to analyze the amount of time spent on resolving investigations.

     

    Troubleshooting:

    • Walk through actions to take if no events are seen in the Monitoring dashboard
    • View MVISION EDR tenancy status
    • Perform troubleshooting steps for Investigations
    • Troubleshoot DXL connectivity

     

    Use Cases:

    • Use the monitoring dashboard to identify threats
    • Create an investigation
    • Quarantine a system or process
    • Perform in depth analysis using real-time search
    • Increase familiarity and workflow with MVISION EDR

    Day 1

    • Welcome
    • What is EDR?
    • Architecture
    • Setup and Deployment
    • Monitoring
    • Alerting
    • Device Search
    • Historical Search

     

    Day 2

    • Real-time Search
    • Investigating
    • Catalog
    • Action History
    • Performance Metrics
    • Troubleshooting
    • Use Cases
    • Incident Response
    • Threat Hunting

    This course is intended for customers, acting as either or both Analysts and Engineers, responsible for configuration, management, and monitoring activity on their systems, networks, databases and applications using the MVISION EDR solution. A working knowledge of networking, system administration, computer security concepts, and a general understanding of networking and application software.

    It is recommended that students have a working knowledge of:

    • Networking and system administration concepts
    • Computer security concepts
    • Network security concepts and practices
    • Malware analysis, forensics, tactics and techniques
      Termine
      Datum auf Anfrage

    Follow Up Courses

    Filter
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 2 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 5 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now
    • 4 Tage
      Datum auf Anfrage
      Price on Request
      Book Now

    Know someone who´d be interested in this course?
    Let them know...

    Use the hashtag #InsoftLearning to talk about this course and find students like you on social media.