Course Overview
Trend Micro™ Deep Discovery™ Advanced Threat Detection 2.1 Training for Certified Professionals is a three-day, instructor-led training course where participants will learn how to plan, deploy, and manage a Trend Micro Deep Discovery threat detection
solution using:
• Trend Micro™ Deep Discovery™ Inspector
• Trend Micro™ Deep Discovery™ Analyzer
• Trend Micro™ Deep Discovery™ Email Inspector
• Trend Micro™ Deep Discovery™ Director
Participants explore key concepts and methodologies using a blend of Deep Discovery solutions for a more complete approach to network threat detection. This course details the architecture, deployment options, threat security management, and system administration fundamentals, as well as troubleshooting and best practices for these products.
This course incorporates a variety of hands-on lab exercises, allowing participants to put the lesson content into action.
Course Objectives
Upon completion of this course, students will be able to:
• Describe the purpose, features, and capabilities of Trend Micro Deep Discovery Advanced Threat Detection solutions
• Configure and use security management and administration settings for:
• Trend Micro Deep Discovery Inspector
• Trend Micro Deep Discovery Email Inspector
• Trend Micro Deep Discovery Analyzer
• Explain how Deep Discovery products fit into Trend Micro’s Connected Threat Defense
• Describe functionality of Deep Discovery Director and how to connect Deep Discovery products to it for centralized management and visibility
Pre-Requisite
Before you take this course, Trend Micro recommends that you have a working knowledge of their products and services, as well as basic networking concepts and principles.
Experience with the following products and technologies is also necessary:
• Windows® servers and clients
• Firewalls, web application firewalls, packet inspection devices
• General understanding of malware
Participants are required to bring a laptop computer with a recommended screen resolution of at least 1980 x 1080 or above and a display size of 15” or above.
Who Should Attend
This course is designed for IT professionals who are responsible for protecting networks from any kind of network, endpoint, or cloud security threats. The individuals who will typically benefit the most include:
• System Administrators
• Network Engineers
• Support Engineers
• Integration Engineers
• Solution and Security Architects
Related Certification Exam
Upon completion of this course, participants may choose to complete the certification examination to obtain designation as a Trend Micro Certified Professional for Deep Discovery Advanced Threat Detection.
Course Modules
Product Overview
• Introduction to Trend Micro solutions
• Deep Discovery key features
• Deep Discovery solution platforms
• Trend Micro Deep Discovery Inspector
• Trend Micro Deep Discovery Analyzer
• Trend Micro Deep Discovery Email Inspector
• Deep Discovery Director
• Trend Micro Control Manager™
• Key business needs for network defense
Deep Discovery Solution Overview
• The evolving threat landscape
• Phases of a targeted attack
• Deep Discovery threat detection overview
Deep Discovery Inspector Product Overview
• Key features
• Network setup
• Form factors
• Deep Discovery Inspector requirements
• Installation design
• Positioning Deep Discover Inspector in the network
Installing and Configuring Deep Discovery Inspector
• Information provisioning for setup
• Obtaining ISOs, hotfixes/patches
• Performing an installation
• Configuring initial system settings (preconfiguration console)
• Finalizing Deep Discovery Inspector configuration (web console)
• Testing the deployment
• Viewing installation logs
• Operational settings and boot options
Threat Detect Technologies
• Network content inspection engine (NCIE)/ virus-scanning application program interface (VSAPI)
• Advanced Threat Scan Engine (ATSE)/virusscanning application program interface (VSAPI)
• Network content correlation engine (NCEE)/computer-aided verification (CAV)
• Virtual analyzer
• Community file reputation (census)
• Trend Micro cloud sandbox service
• Community domain/internet protocol (IP) reputation service (domain census)
• Certified safe software service (CSSS)/ global resource information database (GRID)
• URL filtering engine
• Network reputation with Trend Micro™ Smart Protection Network™
• Mobile application reputation service (MARS)
• Trend machine learning
• Threat detection overview
• Processing stages
Virtual Analyzer
• Key features and functionality
• What is virtual analyzer looking for?
• Virtual Analyzer components
• Sending files to Virtual Analyzer for analysis
• Virtual Analyzer process flow
• Virtual Analyzer stages
• Overall sample ratings and risk level
• Viewing detection details
• Interpreting analysis results
• Virtual Analyzer feedback blacklist
• Hosts with command and control (C&C) callbacks
• Deny/allow list
• Virtual Analyzer settings
• Importing a custom sandbox into Deep Discovery Inspector for use by the Virtual Analyzer
Deep Discovery Inspector Administration
• Logging in
• Dashboard
• Analyzing detected threats
• Viewing key fields in events
• Detection type examples
• Running reports and obtaining threat detection metrics
• System administration functions
Deep Discovery Analyzer Product Overview
• Key features
• Network setup
• Form factors
• Required services and port information
• Uniquely identifying samples
• Product integration
Information Provisioning
• Defining the architecture
• Obtaining ISOs, hotfixes/patches
• Performing the installation
• Configuring initial system settings
• Configuring final settings for
Deep Discovery Analyzer
• User accounts
• Web console overview
• Analyzing samples and results
• Submitting samples to Deep Discovery Analyzer
• Virtual Analyzer report
• Managing suspicious objects list
• Exceptions
• Deep Discovery Analyzer sandbox management
• Reports
• Alerts
• Managing the system
• Updating components, creating user accounts, performing backups, and accessing the Debug Portal, and etc.
Deep Discovery Email Inspector
• Key features
• Form factors
• Deployment modes
• Multi-target-application (MTA), blind carbon copy (BCC), switch port analyzer (SPAN)/ testaccess point (TAP)
• Ports used
• Scanning technologies
• Deep Discovery Email Inspector scanning
• Risk levels
Installing and Configuring Deep Discovery Email Inspector for installing
• Testing your deployment
Deep Discovery Email Inspector Administration
• Logging in
• Accounts
• Web console overview
• Dashboard and widgets
• Managing threat detections
• Steps for analyzing detections
• Configuring policies
• Setting up recipient notifications
• Defining email message tags
• Configuring time-of-click protection
• Configuring Business Email Compromise (BEC) protection
• Configuring redirects (for un-scannable attachments)
• Generating reports
• Accessing log files
• End user quarantine (EUQ)
• Performing administrative tasks
• Component and product updates, backup/restore, debug, and etc.
Deep Discovery Director Product Overview
• Form factors and requirements
• Planning a deployment
• Installing Deep Discovery Director
• Deep Discovery appliance management
• Viewing detections
Connected Threat Defense Overviewnected Threat Defense works
• Integration with Control Manager
• Suspicious objects and community exchanged indicators of compromise (IOCs)
Appendices
• What’s new in Deep Discovery Inspector 5.0?
• What’s new in Deep Discovery Analyzer 6.0?
• What’s new in Deep Discovery Email Inspector 3.0?
• Monitoring virtual machine traffic with Deep Discovery Inspector
• Trend Micro Threat Connect
• Integration
• Deep Discovery
