The Symantec Endpoint Security Complete Administration R1.2 course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with the day-to-day operation of a SESC endpoint security environment. The course focuses on SES Complete cloud-based management using the ICDm management console.

By the completion of this course, you will be able to:

• Describe the benefits of using a multi-layered cloud-based environment for endpoint security.
• Secure endpoints against network, file based, and emerging threats.
• Control endpoint integrity and compliance.
• Respond to security threats using SESC monitoring and reporting.
• Enforce adaptive security compliance.
• Protect Active Directory
• Use SESC in a Hybrid Environment / Migrate to the Cloud

This course assumes that students have a basic understanding of advanced computer terminology, an administrator-level knowledge of Microsoft Windows operating systems, and have viewed the "Symantec Endpoint Security Complete - Getting Started" eLearning content prior to attending this course.

Module 1: Introduction to Endpoint Security Complete

• Introduction
• SES Complete Architecture
• SES Complete Cloud-Based Management
• SES Complete in a Hybrid Environment
• Managing Devices and Policies with ICDm
• SES Complete Client Deployment

Module 2: Configuring SES Complete Security Controls

• Policy Overview
• Threat Overview and the MITRE ATT&CK Framework
• Preventing Initial Access
• Preventing Execution
• Preventing Persistence
• Preventing Privilege Escalation
• Preventing Defense Evasion
• Preventing Discovery
• Blocking Command & Control
• Blocking Exfiltration
• Blocking the Impact Phase
• Managing Content Updates
• Policy Versioning and History

Module 3: Responding to Threats with ICDm

• The ICDm Home Page
• Searching SES Data
• Using SES Reports
• Managing Mitigation
• Acting on Events

Module 4: Endpoint Detection and Response

• Enabling Endpoint Detection and Response
• Understanding Suspicious & Malicious Activity
• Investigating Threats
• Capturing Endpoint Data
• LiveShell
• Retrieving and Submitting Files for Analysis
• Quarantining Devices
• Blocking and Quarantining Files

Module 5: Attack Surface Reduction

• Reduce the Attack Surface with Adaptive Protection
• Reduce the Attack Surface with Application Control
• Reduce the Attack Surface with Custom Application Behavior
• Reduce the Attack Surface with Host Integrity

Module 6: Mobile and Modern Device Security

• Definition of Modern and Mobile Devices
• Modern and Mobile Threats
• Introducing Network Integrity
• Network Integrity Policy Configuration
• Network Integrity for Windows 10 Modern Devices
• Network Integrity for Mobile Devices
• Exploring Generated Alerts

Module 7: Threat Defense for Active Directory

• Active Directory Security Challenges
• Introducing Threat Defense for Active Directory
• Configuration
• Threat Scenarios and Remediation

Module 8: Working with a Hybrid Environment

• Reasons for Choosing a Hybrid Environment
• SES Hybrid Architecture
• SEPM Enrollment Process in ICDm
• Policies and Device Management from the Cloud
• Migrating to the Cloud

250-561 ENU: Symantec Endpoint Security Complete
Administration R1