Trend Micro Deep Discovery Advanced Threat Detection 3.0 Edition 3 for Certified Professionals (DDATCP) – Outline

Detailed Course Outline

Product Overview
  • Trend Micro solutions
  • Trend Micro Network Defense
    • Key requirements for Trend Micro Network Defense
    • Threat classifications
    • Trend Micro Network Defense solutions
  • Trend Micro Deep Discovery
    • Product family
    • Deep Discovery capabilities
    • Deep Discovery Integration
Deep Discovery Inspector
  • Network requirements
  • Deep Discovery Inspector network connections
  • Services accessed by Deep Discovery Inspector
    • Deep Discovery Inspector deployment topologies
    • Single connection—single Deep Discovery Inspector
    • Multiple connections—single Deep Discovery Inspector
    • Multiple connections—multiple Deep Discovery Inspectors
    • Inter-VM traffic
    • Gateway proxy servers
    • Caveats for deploying Deep Discovery Inspector only at ingress/egress point
    • Understanding the attack cycle
    • Phases of a targeted attack
    • Case study: Pawn storm spear-Phishing
    • Deep discovery Threat Detection Technology Overview
Configuring Deep Discovery Inspector
  • Pre-Configuration Console
  • Configuring Network Settings
  • Configuring System Settings
  • Performing Administration Tasks
  • Integrating with Syslog Servers
  • Deep Discovery Inspector Virtual Analyzer
  • Configuring Deep Discovery Inspector Detection Rules
  • Avoiding False Positives
  • Troubleshooting Deep Discovery Inspector
  • Checking System Performance
Analyzing Detected Threats in Deep Discovery Inspector
  • Using the Dashboard to View Detected Threats
  • Using the Detections Menu to View and Analyze Detected Threats
  • Obtaining Key Information for Analyzing Threat Detections
    • Detection Severity Information
    • Attack Phase Information
    • Detection Type Information
  • Suspicious Objects
  • Viewing Hosts with Command and Control Callbacks
  • Virtual Analyzer Settings
    • Virtual Analyzer Cache
    • Virtual Analyzer Sample Processing Time
    • File Submission Issues
Deep Discovery Analyzer
  • Key Features
  • Deep Discovery Analyzer Specifications
  • Ports Used
  • What is Deep Discovery Analyzer Looking For?
  • Deep Discovery Analyzer Sandbox
  • Scanning Flow
  • Configuring Network Settings for Deep Discovery Analyzer
  • Using the Deep Discovery Analyzer Web Console
  • Performing System Management Functions
  • Performing Deep Discovery Analyzer Sandbox Tasks
  • Product Compatibility and Integration
  • Submitting Samples to Deep Discovery Analyzer
  • Viewing Sample Submission Details
  • Obtaining Full Details for Analyzed Samples
  • Managing the Suspicious Objects List
  • Interpreting Results
  • Generating Reports
  • Using Alerts
  • Preparing and Importing a Custom Sandbox
Deep Discovery Director
  • Deep Discovery Director Key Features
  • System Requirements
  • Planning a Deployment
  • Installing Deep Discovery Director
  • Configuring Network Settings in the Pre-Configuration Console
  • Managing Deep Discovery Director
  • Configuring Deployment Plans
  • Managing Threat Detections
  • Cyber-Threat Intelligence Sharing
  • Threat Sharing Interoperability
  • Sharing Advanced Threats and Indicators of Compromise (IOCs) through STIX and TAXII
  • Using STIX and TAXII in Deep Discovery Director
Deep Discovery Director - Network Analytics
  • Deploying Deep Discovery Director – Network Analytics Overview
  • How it Works
  • Deploying Deep Discovery Director - Network Analytics
  • Managing Deep Discovery Director – Network Analytics
    • Accessing Deep Discovery Director – Network Analytics Settings
    • Registering to Deep Discovery Inspector
    • Adding a Syslog Server
    • Configuring Additional Settings
  • Correlation Overview
    • Metadata Samples
  • Using Correlation Data for Threat Analysis
    • Viewing Correlation Data (Correlated Events)
    • Reviewing Correlation Data Summary
    • Viewing the Correlation Data Graph
  • Viewing Correlation Data for Suspicious Objects
  • Threat Sharing
Preventing Targeted Attacks Through Connected Threat Defense
  • Connected Threat Defense Life-Cycle
  • Combating Targeted Attacks with Connected Threat Defense
  • Key Features of Connected Threat Defense
  • Connected Threat Defense Requirements
  • Connected Threat Defense Architecture
  • Suspicious Object List Management
  • Setting Up Connected Threat Defense
  • Suspicious Objects Handling Process
  • Tracking Suspicious Objects in Deep Discovery Analyzer
  • Suspicious Object Sharing Scenarios
Appendices
  • What’s new
    • Deep Discovery Inspector 5.6
    • Deep Discovery Analyzer 6.8
    • Deep Discovery Director 5.1 SP1
    • Deep Discovery Director - Network Analytics 5.0
  • Trend Micro Threat Connect
  • Trend Micro Product Integration
  • Deep Discovery Threat Detection Technologies
  • Creating Sandboxes
  • Installing and Configuring Deep Discovery Inspector