The Symantec Endpoint Detection and Response 4.x Planning, Implementation, and Administration course is designed for the IT security and systems administration professional in a Security Operations role. This course covers how to investigate, remediate, and recover from a security incident using Symantec Endpoint Detection and Response, as well as the prerequisite sizing and architecture configurations for implementing Symantec Endpoint Detection and Response On-Prem.

By the completion of this course, you will be able to:

• Plan and implement a Symantec Endpoint Detection
  and Response deployment
  
• Configure SEDR to perform endpoint detection and
  response
  
• Identify evidence of suspicious and malicious activity
  
• Search for indicators of compromise
  
• Block, isolate, and remove threats in the
  environment
  
• Collect forensic information

This course assumes that students are familiar with
Symantec Endpoint Detection & Response and
Symantec Endpoint Protection.

Module 1: Introduction

• The Evolving Threat Landscape
  
• Challenges of Endpoint Detection and Response in
  the environment
  
• How Symantec Endpoint Detection and Response
  meets objectives
  
• Components of Symantec Endpoint Detection and
  Response
  
• Shared Technologies
  
• Symantec Endpoint Detection and Response AddOns and Integrations
  

Module 2: Architecture and Sizing

• Architecture and Sizing Overview
  
• Architecture
  
• Sizing
  

Module 3: Implementation

• System Requirements
  
• Installing and Bootstrapping
  
• Setup Wizard
  
• Management Console Overview
  
• Managing Certificates
  
• User Accounts and Roles
  
• Symantec Endpoint Protection Integration
  

Module 4: Detecting Threats

• Understanding Suspicious & Malicious Activity
  
• Prerequisite configuration or considerations
  
• Identifying evidence of suspicious/malicious activity
  with Symantec EDR
  

Module 5: Investigating Threats

• General Stages of an Advanced Attack
  
• Understanding Indicators of Compromise
  
• Searching for Indicators of Compromise
  
• Analyzing Endpoint Activity Recorder Data
  
• Additional Investigation Tools
  

Module 6: Responding to Threats

• Cybersecurity Framework
  
• Isolating Threats in The Environment
  
• Blocking Threats in The Environment
  
• Removing Threats in The Environment
  
• Tuning the Environment
  

Module 7: Reporting on Threats

• Recovery Overview
  
• Notifications and Reporting
  
• Collecting forensic data for further investigation of
  security incidents
  
• Using Symantec EDR to create a Post Incident
  Report