Objectives

Students will learn how Traps protects against exploits and malware-driven attacks. In hands-on lab exercises, students will install and configure the Endpoint Security Manager (ESM) and Traps endpoint components; build rules; enable and disable process protections; and integrate Traps with Palo Alto Networks WildFireâ„¢, which provides prevention and detection of zero-day malware.

Outline

Module 1: Traps Overview

• How sophisticated attacks work today
• The design approach of Traps
• Main features of Traps
• Traps resources

Module 2: Installing Traps

• Planning the installation
• Installing ESM Server and database
• Installing ESM Console
• Installing agents
• Managing content updates
• Upgrading Traps

Module 3: Malicious Software Overview

• Exploitation techniques and their prevention
• Malware techniques and their prevention

Module 4: Consoles Overview

• Introduction to ESM Console
• Introduction to the Traps Agent Console

Module 5: Traps Protection Against Exploits

• Architecture and overview
• Configuring exploit protection

Module 6: Traps Protection Against Malware (including WildFire)

• Architecture and Overview
• WildFire
• Local Analysis
• Trusted Publishers
• Malware Restrictions and Malware Protection Modules

Module 7: Managing Traps

• System monitoring
• License administration
• Important server and agent settings
• Agent actions

Module 8: Traps Forensics

• Forensic information retrieval
• Responding to prevention events

Module 9: Basic Traps Troubleshooting

• Troubleshooting Resources
• Working with Technical Support
• Troubleshooting scenarios

Target Audience

• Security Engineers, System Administrators, and Technical Support Engineers

Prerequisites

• Students must have Windows system administration skills and familiarity with enterprise security concepts.