Takaisin

PaloAlto Traps 4.1: Deploy and optimize

Palo Alto Networks® Traps™ Advanced Endpoint Protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks. Successful completion of this two-day, instructor-led course should prepare the student to deploy Traps in large-scale or complex configurations and optimize its configuration.

Course Objectives

Students should learn how to design, build, implement, and optimize large-scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.

Course level: Intermediate

Course format: Combines instructor-facilitated lecture with hands-on labs • Software version: Palo Alto Networks Traps Advanced Endpoint Protection 4.1

Target Audience: Security Engineers, System Administrators, and Technical Support Engineers

Prerequisites

Students should have completed “Traps 4.1: Install, Configure, and Manage” or (for Palo Alto Networks employee and partner SEs) “PSE: Endpoint Associate” training. Windows system administration skills and familiarity with enterprise security concepts also are required.

Module 1: Scaling serve infrastructure

  • Small site architectures
  • Large site architectures
  • TLS/SSL deployment considerations

Module 2: Scaling Agent Deployment

  • Distributing Traps via GPO
  • Configuring Virtual Desktop Infrastructure with Traps

Module 3: ESM Tuning

  • Tuning ESM settings
  • External logging and SIEM integration
  • Role Based Access Control (RBAC)
  • Defining Conditions
  • Tuning Policies
  • Implementing ongoing maintenance

Module 4: Windows migrations for Traps

  • SQL database migration
  • SSL certificate migration

Module 5: Advanced Traps Forensics

  • Best practices for managing forensic data
  • Agent queries • Resources for malicious software testing
  • Exploit challenge testing with Metasploit
  • Exploit dump analysis with windbg

Module 6: Advanced Traps Troubleshooting

  • ESM and Traps architecture
  • Troubleshooting scenarios using dbconfig and cytool
  • Troubleshooting application compatibility and BITS connectivity
Näytä lisää Sulje
Exclusive Networks

Kurssi järjestetään yhteistyössä Exclusive Networksin kanssa Spektri Business Parkissa.

Ilmoittaudu kurssille