The Cisco Integrated Threat Defense Investigation and Mitigation (SECUR202) v1.0 course shows you how to identify, isolate, and mitigate network threats using the Cisco Integrated Threat Defense solution platform. Through expert instruction and lab-based scenarios, you will be introduced to network threat investigation, and learn how to identify relationships between Cisco products and the stages of the attack lifecycle. This course is the second in a pair of courses (SECUR201) covering the Cisco Integrated Threat Defense (ITD) solution.


* Actual course outline may vary depending on offering center. Contact your sales representative for more information.

Learning Objectives

After taking this course, you should be able to:
- Describe the stages of the network attack lifecycle and identify ITD solution platform placement based on a given stage
- Detail how to locate and mitigate email malware attacks
- Describe email phishing attacks and the steps taken to locate and mitigate them on the network
- Identify and mitigate data exfiltration threats on the network
- Identify malware threats on the network and mitigate those threats after investigation

  • Network Threat Investigation Introduction

  • Network Attack Introduction
    Hunting Network Threats in the Enterprise

  • Investigation and Mitigation of Email Malware Threats

  • Examining Email Malware Threats
    Investigating and Verifying Email Malware Threat Mitigation

  • Investigation and Mitigation of Email Phishing Threats

  • Examining Email Phishing Attacks
    Configuring Cisco Email Security Appliance (ESA) for URL and Content Filtering
    Investigating and Verifying Email Phishing Threat Mitigation

  • Investigation and Mitigation of Data Exfiltration Threats

  • Exploiting Vulnerable Network Servers
    Investigating Data Exfiltration Threats
    Mitigating and Verifying Data Exfiltration Threats

  • nvestigation and Mitigation of Malware Threats

  • Examining Endpoint Malware Protection
    Investigating and Mitigating Endpoint Malware Threats


This course is best for Network analysts, Network investigators, Cisco integrators and partners.




To fully benefit from this course, you should have the following knowledge: - Technical understanding of TCP/IP networking and network architecture - Technical understanding of security concepts and protocols - Familiarity with Cisco Identity Services Engine, Cisco Stealthwatch, Cisco Firepower, and Cisco Advanced Malware Protection (AMP) for Endpoints is an advantage


Length: 2.0 days (16 hours)


Not Your Location? Change

Course Schedule:

To request a custom delivery, please chat with an expert.