Securing Cisco Networks with Sourcefire FireAMP1 (SSFAMP) for Endpoints is two days instructor-led virtual course, delivered through Cisco WebEx® and offered by Cisco Learning Services High-Touch Delivery. It is a lab-intensive course that introduces students to the powerful features of Sourcefire FireAMP software. This two-day virtual class covers information on Cisco Advanced Malware Protection (AMP) technology, deployment, management, and analysis.

You will learn how to build and manage an AMP deployment, create policies for endpoint groups, and deploy connectors. You will also analyze malware detections using powerful tools available in the Sourcefire FireAMP console.

This course combines lecture materials and hands-on labs throughout to make sure that you are able to successfully deploy and manage a Sourcefire FireAMP deployment.

Upon completing this course, the learner will be able to meet these overall objectives:

• Describe the architecture and various components of Sourcefire FireAMP and FireAMP cloud
•  Describe security concerns around malware and how attacks unfold
•  Describe and navigate the Sourcefire FireAMP interface, dashboard, and its components
•  Manage malware detection mechanisms
•  Describe advanced policy configuration for endpoints
•  Describe how to deploy and distribute the Sourcefire FireAMP connector
•  Describe file analysis and Sourcefire FireAMP reporting
•  Describe the private cloud offering

Course Outline

•  Module 1: Sourcefire FireAMP Overview and Architecture
•  Module 2: Console Interface and Navigation
•  Module 3: Outbreak Control
•  Module 4: Endpoint Policies
•  Module 5: Groups and Deployment
•  Module 6: Analysis
•  Module 7: Analysis Case Studies
•  Module 8: Accounts

 Lab Outline

•  Lab 1: Performing the Initial Setup
•  Lab 2: Initialize the Private Cloud
•  Lab 3: Accessing the Sourcefire FireAMP Console
•  Lab 4: Reviewing the Interface
•  Lab 5: Simple Custom Detection
•  Lab 6: Advanced Custom Detection
•  Lab 7: Application Blocking
•  Lab 8: Whitelisting
•  Lab 9: DFC IP Blacklist
•  Lab 10: Creating a Sourcefire FireAMP Policy
•  Lab 11: Creating Groups
•  Lab 12: Deploying the Connector
•  Lab 13: Connector Command-line Installation
•  Lab 14: Querying the History Database
•  Lab 15: Installing a Policy Manually
•  Lab 16: Testing Your Policy
•  Lab 17: Working with Sourcefire FireAMP Events
•  Lab 18: Detection and Quarantine Events
•  Lab 19: File Trajectory
•  Lab 20: Device Trajectory
•  Lab 21: Reporting
•  Lab 22: ZBot Analysis and Remediation
•  Lab 23: User Accounts
•  Lab 24: Enabling Demo Data

This course is designed for technical professionals who need to know how to deploy and manage Sourcefire FireAMP software in their network environments. The primary audience for this course includes:

• Security administrators
• Security consultants
• Network administrators
• System engineers
• Technical support personnel
• Channel partners and resellers

The recommended knowledge and skills that a learner should have for the best learning outcome include:

•  Technical understanding of TCP/IP networking and network architecture
•  Basic familiarity with the concepts of malware detection