Contenuti dettagliati del Corso
Introduction:
- Evolving Threats
- Anatomy of a Targeted Attack
- Point of Entry - Spear Phishing
- How Long Can Targeted Attacks Stay Hidden?
- Why Monitor Your Network?
- Why Deep Discovery?
Deep Discovery Solution Overview:
- What is Deep Discovery?
- Deep Discovery Attack Detection
- Deep Discovery Threat Detection Overview
- Deep Discovery Solution Map
- Trend Micro Deep Discovery Inspector
- Trend Micro Deep Discovery Analyser
- Trend Micro Deep Discovery Email Inspector
- Control Manager
- Custom Threat Defence
- Deep Discovery Director
Deep Discovery Inspector Overview:
- Architecture
- Key Features and Benefits
- Network Setup
- Form Factors
- Deep Discovery Inspector Models
- Deep Discovery Inspector Requirements
- Installation Design
- Positioning Deep Discover Inspector in the Network
- What’s new in Deep Discover Inspector 3.8 SP5?
Deep Discovery Inspector Installation and Configuration:
- Information Provisioning for Setup
- Defining Architecture and Traffic to Capture
- Obtaining ISOs, Hot Fixes/Patches
- Performing an Installation
- Configuring Initial System Settings (Pre-Configuration Console)
- Finalizing Deep Discovery Inspector Configuration (Web Console)
- Testing the Deployment
- Viewing Installation Logs
- Enabling IP Rewriting
- Connecting Deep Discovery Inspector to Deep Discovery Director
Threat Detect Technologies:
- Acronyms
- Detection Logic
- Engines versus Detections
- Network Content Inspection Engine (NCIE / VSAPI)
- Advanced Threat Scan Engine (ATSE / VSAPI)
- Network Content Correlation Engine (NCCE / CAV)
- Virtual Analyser
- Community File Reputation (Census)
- Certified Safe Software Service (CSSS / GRID)
- Trend Micro URL Filtering Engine (TMUFE)
- Network Reputation with Smart Protection Network
- Mobile Application Reputation Service (MARS)
- Summary - Detection Events and Actions
Virtual Analyzer:
- Virtual Analyzer Functionality
- What is Virtual Analyzer Looking For?
- Virtual Analyzer Components
- Communications Flow for Samples
- Overall Sample Ratings and Risk Level
- Virtual Analyzer Outputs
- File Processing Time
- Supported File Types
- How to Explain a Malicious Result
- Sending Files to Virtual Analyzer for Analysis
- Virtual Analyzer Feedback in Deep Discovery Inspector
- Importing a Custom Sandbox into Deep Discovery Inspector for use by the Virtual Analyzer
- Troubleshooting
Deep Discovery Inspector Administration:
- Default Accounts
- Dashboard
- Analyzing Detected Threats
- Running Reports and Obtaining Threat Detection Metrics
- Report Examples
- System Management and Configuration
- Accessing Log Files
- Monitoring System Performance and Resources
Deep Discovery Analyzer Product Overview:
- Key Features
- Network Setup
- Form Factors
- Required Services and Port Information
- Uniquely Identifying Samples
- Integration
- What’s New in Deep Discovery Analyzer 5.8?
Deep Discovery Analyzer Installation and Configuration:
- Information Provisioning
- Defining the Architecture
- Obtaining ISOs, Hot Fixes/Patches
- Performing the Installation
- Configuring Initial System Settings
- Configuring Final Settings for Deep Discovery Analyzer
- Testing the Deployment
Deep Discovery Analyzer Administration:
- Accessing the Web Console
- Console Overview
- Analyzing Events
- Submitting Samples to Deep Discovery Analyzer
- Deep Discovery Analyzer Reports
- Managing Suspicious Objects List
- Exceptions
- Deep Discovery Analyzer Sandbox Management
- Reports
- Alerts
- System Management and Configuration
Deep Discovery Email Inspector:
- Key Functionality
- Supported Hardware
- Deployment Modes
- Ports Used
- Summary of Operation Modes
- Threat Detection in Deep Discovery Email Inspector
- Engine Architecture Overview
- What’s New in Deep Discovery Email Inspector 2.6?
Deep Discovery Email Inspector Installation and Configuration:
- Information Provisioning
- Defining the Architecture
- Obtain ISOs, Hot Fixes/Patches
- Performing the Installation
- Configuring Initial System Settings using the Pre-Configuration Tool
- Configuring Final Deep Discovery Email Inspector Settings
- Testing the Deployment
- Connecting Deep Discovery Email Inspector to Deep Discovery Director
Deep Discovery Email Inspector Administration:
- Management Console Overview
- Analyzing Threat Detections
- Configuring Policies
- Setting up Recipient Notifications
- Defining Email Message Tags
- Configuring Redirects (Non-Scannable Attachments)
- Adding Policy Exceptions
- Configuring Alerts
- Generating Reports
- Accessing Log Files
- System Administration
- Performing System Maintenance Tasks
Threat Connect:
- Content
- Using Threat Connect
- Report Content
Connected Threat Defense:
- Integration is Key to Effective Security
- Connected Threat Defense Requirements
- Connected Threat Defense Components
- Integrating Deep Discovery Inspector with Control Manager
- Suspicious Objects Handling with Control Manager
Integration:
- Open Architecture
- Deep Discovery Inspector Integration
- Integration with Syslog Servers and SIEM Systems
- Third-Party Blocking Integration
- Check Point Open Platform for Security
- HP TippingPoint Security Management System
- IBM Security Network Protection
- Palo Alto Firewalls
- Blue Coat ProxySG
- Deep