The Symantec Endpoint Security Complete Administration R1.3 course is designed for the network, IT security, and systems administration professional in a Security Operations position tasked with the day-to-day operation of a SESC endpoint security environment. The course focuses on SES Complete cloud-based management using the ICDm management console.

• Describe the benefits of using a multi-layered cloud-based environment for endpoint security.
• Secure endpoints against network, file based, and emerging threats.
• Control endpoint integrity and compliance.
• Respond to security threats using SESC monitoring and reporting.
• Enforce adaptive security compliance.
• Protect Active Directory
• Use SESC in a Hybrid Environment / Migrate to the Cloud

Module 1: Introduction to Endpoint Security Complete

• Introduction
• SES Complete Architecture
• SES Complete Cloud-Based Management
• SES Complete in a Hybrid Environment
• SES Complete Device Group Management
• SES Complete Client Deployment
• SES Device Management

Module 2: Configuring SES Complete

• Security Controls
• Policy Overview
• Threat Overview and the MITRE ATTACK Framework
• Preventing Initial Access
• Preventing Execution
• Preventing Persistence
• Preventing Privilege Escalation
• Preventing Defense Evasion
• Preventing Discovery
• Blocking Command & Control
• Blocking Exfiltration
• Blocking the Impact Phase
• Managing Content Updates
• Policy Versioning and History

Module 3: Responding to Threats with ICDm

• The ICDm Home Page
• Searching SES Data
• Using SES Reports
• Configuring Alerts
• Managing Mitigation
• Acting on Events

Module 4: Endpoint Detection and Response

• Introduction to EDR
• Detecting Threats
• Investigating Threats
• Responding to Threats

Module 5: Attack Surface Reduction

• Reduce the Attack Surface with Adaptive Protection
• Reduce the Attack Surface with Application Control
• Reduce the Attack Surface with Custom Application Behavior
• Reduce the Attack Surface with Host Integrity

Module 6: Mobile and Modern Device Security

• Definition of Modern and Mobile Devices
• Modern and Mobile Threats
• Introducing Network Integrity
• Network Integrity Policy Configuration
• Network Integrity for Windows 10 Modern Devices
• Network Integrity for Mobile Devices
• Exploring Generated Alerts

Module 7: Threat Defense for Active Directory

• Active Directory Security Challenges
• Introducing Threat Defense for Active Directory
• TDAD Configuration
• Threat Scenarios and Remediation

Module 8: Working with a Hybrid Environment

• Reasons for Moving to the Cloud
• SES / SEP Hybrid Architecture
• Moving to Hybrid Managed
• Policies and Device Management from the Cloud
• Migrating to the Cloud

This course assumes that students have a basic understanding of advanced computer terminology, an administrator-level knowledge of Microsoft Windows operating systems, and have viewed the “Symantec Endpoint Security Complete – Basic Administration” eLearning content prior to attending this course.