-
Trend Micro™ Deep Discovery™ Advanced Threat Detection 4.0 Training for Certified Professionals is a three-day, instructor-led training course where participants will learn how to plan, deploy, and manage a Trend Micro Deep Discovery threat detection solution using:
- Trend Micro™ Deep Discovery™ Inspector
- Trend Micro™ Deep Discovery™ Analyzer
- Trend Micro™ Deep Discovery™ Director
- Trend Micro™ Deep Discovery™ Director – Network Analytics
Participants explore key concepts and methodologies of using a blend of Deep Discovery solutions for a more complete approach to network security. This course provides a variety of hands-on lab exercises allowing each student to put the lesson content into action. There will be an opportunity to setup and configure Deep Discovery solution management and administration features and test their functionality, using the virtual labs.
The course also explores various deployment considerations and requirements needed to tie Deep Discovery solutions into various other Trend Micro products to provide synchronized threat intelligence sharing for advanced threat detection.
-
Course Contents
-
- Product Overview
- Deep Discovery Inspector
- Configuring Deep Discovery Inspector
- Analyzing Detected Threats in Deep Discovery Inspector
- Deep Discovery Analyzer
- Deep Discovery Director
- Deep Discovery Director – Network Analytics
- Preventing Targeted Attacks Through Connected Threat Defense
In this course, you will receive the Trend Micro course documentation which is also available as a Trend Micro e-Kit.
-
Target Group
-
This course is designed for IT professionals who are responsible for protecting networks from any kind of network, endpoint, or cloud security threats. The individuals who will typically benefit the most include:
- System Administrators
- Network Engineers
- Support Engineers
- Integration Engineers
- Solution and Security Architects
-
Knowledge Prerequisites
-
Before you take this course, Trend Micro recommends that you have a working knowledge of their products and services, as well as basic networking concepts and principles. Experience with the following products and technologies is also necessary:
- Windows® servers and clients
- Firewalls, web application firewalls, packet inspection devices
- General understanding of malware
Product Overview |
Trend Micro Solutions |
Trend Micro Network Defense |
Key Requirements for Trend Micro Network Defense |
Threat Classifications |
Trend Micro Network Defense Solutions |
Trend Micro Deep Discovery |
Product Family |
Deep Discovery Capabilities |
Deep Discovery Integration |
Deep Discovery Inspector |
Network Requirements |
Deep Discovery Inspector Network Connections |
Services Accessed by Deep Discovery Inspector |
Deep Discovery Inspector Deployment Topologies |
Single Connection - Single Deep Discovery Inspector |
Multiple Connections - Single Deep Discovery Inspector |
Multiple Connections - Multiple Deep Discovery Inspectors |
Inter-VM traffic |
Gateway Proxy Servers |
Caveats for Deploying Deep Discovery Inspector Only at Ingress /Egress Points |
Understanding the Attack Cycle |
Phases of a Targeted Attack |
Case Study: Pawn Storm Spear-Phishing |
Deep Discovery Threat Detection Technology Overview |
Configuring Deep Discovery Inspector |
Pre-Configuration Console |
Configuring Network Settings |
Configuring System Settings |
Performing Administration Tasks |
Integrating with Syslog Servers |
Deep Discovery Inspector Virtual Analyzer |
Configuring Deep Discovery Inspector Detection Rules |
Avoiding False Positives |
Troubleshooting Deep Discovery Inspector |
Checking System Performance |
Analyzing Detected Threats in Deep Discovery Inspector |
Using the Dashboard to View Detected Threats |
Using the Detections Menu to View and Analyze Detected Threats |
Obtaining Key Information for Analyzing Threat Detections |
Detection Severity Information |
Attack Phase Information |
Detection Type Information |
Suspicious Objects |
Viewing Hosts with Command and Control Callbacks |
Virtual Analyzer Settings |
Virtual Analyzer Cache |
Virtual Analyzer Sample Processing Time |
File Submission Issues |
Deep Discovery Analyzer |
Key Features |
Deep Discovery Analyzer Specifications |
Ports Used |
What is Deep Discovery Analyzer Looking For? |
Deep Discovery Analyzer Sandbox |
Scanning Flow |
Configuring Network Settings for Deep Discovery Analyzer |
Using the Deep Discovery Analyzer Web Console |
Performing System Management Functions |
Performing Deep Discovery Analyzer Sandbox Tasks |
Product Compatibility and Integration |
Submitting Samples to Deep Discovery Analyzer |
Viewing Sample Submission Details |
Obtaining Full Details for Analyzed Samples |
Managing the Suspicious Objects List |
Interpreting Results |
Generating Reports |
Using Alerts |
Preparing and Importing a Custom Sandbox |
Deep Discovery Director |
Deep Discovery Director Key Features |
System Requirements |
Planning a Deployment |
Installing Deep Discovery Director |
Configuring Network Settings in the Pre-Configuration Console |
Managing Deep Discovery Director |
Configuring Deployment Plans |
Managing Threat Detections |
Cyber-Threat Intelligence Sharing |
Threat Sharing Interoperability |
Sharing Advanced Threats and Indicators of Compromise (IOCs) through STIX and TAXII |
Using STIX and TAXII in Deep Discovery Director |
Deep Discovery Director - Network Analytics |
Deploying Deep Discovery Director – Network Analytics Overview |
How it Works |
Deploying Deep Discovery Director - Network Analytics |
Managing Deep Discovery Director – Network Analytics |
Accessing Deep Discovery Director – Network Analytics Settings |
Registering to Deep Discovery Inspector |
Adding a Syslog Server |
Configuring Additional Settings |
Correlation Overview |
Metadata Samples |
Using Correlation Data for Threat Analysis |
Viewing Correlation Data (Correlated Events) |
Reviewing Correlation Data Summary |
Viewing the Correlation Data Graph |
Viewing Correlation Data for Suspicious Objects |
Threat Sharing |
Preventing Targeted Attacks through Connected Threat Defense |
Connected Threat Defense Life-Cycle |
Combating Targeted Attacks with Connected Threat Defense |
Key Features of Connected Threat Defense |
Connected Threat Defense Requirements |
Connected Threat Defense Architecture |
Suspicious Object List Management |
Setting Up Connected Threat Defense |
Suspicious Objects Handling Process |
Tracking Suspicious Objects in Deep Discovery Analyzer |
Suspicious Object Sharing Scenarios |
Appendices |
What’s new |
Deep Discovery Inspector 5.6 |
Deep Discovery Analyzer 6.8 |
Deep Discovery Director 5.1 SP1 |
Deep Discovery Director - Network Analytics 5.0 |
Trend Micro Threat Connect |
Trend Micro Product Integration |
Deep Discovery Threat Detection Technologies |
Creating Sandboxes |
Installing and Configuring Deep Discovery Inspector |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses
-
Trend Micro™ Deep Discovery™ Advanced Threat Detection 4.0 Training for Certified Professionals is a three-day, instructor-led training course where participants will learn how to plan, deploy, and manage a Trend Micro Deep Discovery threat detection solution using:
- Trend Micro™ Deep Discovery™ Inspector
- Trend Micro™ Deep Discovery™ Analyzer
- Trend Micro™ Deep Discovery™ Director
- Trend Micro™ Deep Discovery™ Director – Network Analytics
Participants explore key concepts and methodologies of using a blend of Deep Discovery solutions for a more complete approach to network security. This course provides a variety of hands-on lab exercises allowing each student to put the lesson content into action. There will be an opportunity to setup and configure Deep Discovery solution management and administration features and test their functionality, using the virtual labs.
The course also explores various deployment considerations and requirements needed to tie Deep Discovery solutions into various other Trend Micro products to provide synchronized threat intelligence sharing for advanced threat detection.
-
Course Contents
-
- Product Overview
- Deep Discovery Inspector
- Configuring Deep Discovery Inspector
- Analyzing Detected Threats in Deep Discovery Inspector
- Deep Discovery Analyzer
- Deep Discovery Director
- Deep Discovery Director – Network Analytics
- Preventing Targeted Attacks Through Connected Threat Defense
In this course, you will receive the Trend Micro course documentation which is also available as a Trend Micro e-Kit.
-
Target Group
-
This course is designed for IT professionals who are responsible for protecting networks from any kind of network, endpoint, or cloud security threats. The individuals who will typically benefit the most include:
- System Administrators
- Network Engineers
- Support Engineers
- Integration Engineers
- Solution and Security Architects
-
Knowledge Prerequisites
-
Before you take this course, Trend Micro recommends that you have a working knowledge of their products and services, as well as basic networking concepts and principles. Experience with the following products and technologies is also necessary:
- Windows® servers and clients
- Firewalls, web application firewalls, packet inspection devices
- General understanding of malware
Product Overview |
Trend Micro Solutions |
Trend Micro Network Defense |
Key Requirements for Trend Micro Network Defense |
Threat Classifications |
Trend Micro Network Defense Solutions |
Trend Micro Deep Discovery |
Product Family |
Deep Discovery Capabilities |
Deep Discovery Integration |
Deep Discovery Inspector |
Network Requirements |
Deep Discovery Inspector Network Connections |
Services Accessed by Deep Discovery Inspector |
Deep Discovery Inspector Deployment Topologies |
Single Connection - Single Deep Discovery Inspector |
Multiple Connections - Single Deep Discovery Inspector |
Multiple Connections - Multiple Deep Discovery Inspectors |
Inter-VM traffic |
Gateway Proxy Servers |
Caveats for Deploying Deep Discovery Inspector Only at Ingress /Egress Points |
Understanding the Attack Cycle |
Phases of a Targeted Attack |
Case Study: Pawn Storm Spear-Phishing |
Deep Discovery Threat Detection Technology Overview |
Configuring Deep Discovery Inspector |
Pre-Configuration Console |
Configuring Network Settings |
Configuring System Settings |
Performing Administration Tasks |
Integrating with Syslog Servers |
Deep Discovery Inspector Virtual Analyzer |
Configuring Deep Discovery Inspector Detection Rules |
Avoiding False Positives |
Troubleshooting Deep Discovery Inspector |
Checking System Performance |
Analyzing Detected Threats in Deep Discovery Inspector |
Using the Dashboard to View Detected Threats |
Using the Detections Menu to View and Analyze Detected Threats |
Obtaining Key Information for Analyzing Threat Detections |
Detection Severity Information |
Attack Phase Information |
Detection Type Information |
Suspicious Objects |
Viewing Hosts with Command and Control Callbacks |
Virtual Analyzer Settings |
Virtual Analyzer Cache |
Virtual Analyzer Sample Processing Time |
File Submission Issues |
Deep Discovery Analyzer |
Key Features |
Deep Discovery Analyzer Specifications |
Ports Used |
What is Deep Discovery Analyzer Looking For? |
Deep Discovery Analyzer Sandbox |
Scanning Flow |
Configuring Network Settings for Deep Discovery Analyzer |
Using the Deep Discovery Analyzer Web Console |
Performing System Management Functions |
Performing Deep Discovery Analyzer Sandbox Tasks |
Product Compatibility and Integration |
Submitting Samples to Deep Discovery Analyzer |
Viewing Sample Submission Details |
Obtaining Full Details for Analyzed Samples |
Managing the Suspicious Objects List |
Interpreting Results |
Generating Reports |
Using Alerts |
Preparing and Importing a Custom Sandbox |
Deep Discovery Director |
Deep Discovery Director Key Features |
System Requirements |
Planning a Deployment |
Installing Deep Discovery Director |
Configuring Network Settings in the Pre-Configuration Console |
Managing Deep Discovery Director |
Configuring Deployment Plans |
Managing Threat Detections |
Cyber-Threat Intelligence Sharing |
Threat Sharing Interoperability |
Sharing Advanced Threats and Indicators of Compromise (IOCs) through STIX and TAXII |
Using STIX and TAXII in Deep Discovery Director |
Deep Discovery Director - Network Analytics |
Deploying Deep Discovery Director – Network Analytics Overview |
How it Works |
Deploying Deep Discovery Director - Network Analytics |
Managing Deep Discovery Director – Network Analytics |
Accessing Deep Discovery Director – Network Analytics Settings |
Registering to Deep Discovery Inspector |
Adding a Syslog Server |
Configuring Additional Settings |
Correlation Overview |
Metadata Samples |
Using Correlation Data for Threat Analysis |
Viewing Correlation Data (Correlated Events) |
Reviewing Correlation Data Summary |
Viewing the Correlation Data Graph |
Viewing Correlation Data for Suspicious Objects |
Threat Sharing |
Preventing Targeted Attacks through Connected Threat Defense |
Connected Threat Defense Life-Cycle |
Combating Targeted Attacks with Connected Threat Defense |
Key Features of Connected Threat Defense |
Connected Threat Defense Requirements |
Connected Threat Defense Architecture |
Suspicious Object List Management |
Setting Up Connected Threat Defense |
Suspicious Objects Handling Process |
Tracking Suspicious Objects in Deep Discovery Analyzer |
Suspicious Object Sharing Scenarios |
Appendices |
What’s new |
Deep Discovery Inspector 5.6 |
Deep Discovery Analyzer 6.8 |
Deep Discovery Director 5.1 SP1 |
Deep Discovery Director - Network Analytics 5.0 |
Trend Micro Threat Connect |
Trend Micro Product Integration |
Deep Discovery Threat Detection Technologies |
Creating Sandboxes |
Installing and Configuring Deep Discovery Inspector |
-
Classroom training
- Do you prefer the classic training method? A course in one of our Training Centers, with a competent trainer and the direct exchange between all course participants? Then you should book one of our classroom training dates!
-
Hybrid training
- Hybrid training means that online participants can additionally attend a classroom course. The dynamics of a real seminar are maintained, and the online participants are able to benefit from that. Online participants of a hybrid course use a collaboration platform, such as WebEx Training Center or Saba Meeting. To do this, a PC with browser and Internet access is required, as well as a headset and ideally a Web cam. In the seminar room, we use specially developed and customized audio- and video-technologies. This makes sure that the communication between all persons involved works in a convenient and fault-free way.
-
Online training
- You wish to attend a course in online mode? We offer you online course dates for this course topic. To attend these seminars, you need to have a PC with Internet access (minimum data rate 1Mbps), a headset when working via VoIP and optionally a camera. For further information and technical recommendations, please refer to.
-
Tailor-made courses
-
You need a special course for your team? In addition to our standard offer, we will also support you in creating your customized courses, which precisely meet your individual demands. We will be glad to consult you and create an individual offer for you.
Request for customized courses