McAfee Advanced Threat Defense enables organizations to detect advanced targeted attacks and convert threat information into immediate action and protection. Unlike traditional sandboxes, it includes additional inspection capabilities that broaden detection and expose evasive threats. In this course, you will learn how to set up and administer a McAfee Advanced Threat Defense solution, as well as integrate it with other Intel® Security solutions for sharing of threat intelligence across the network infrastructure.
Pre-Requisites
Solid knowledge of Windows and system administration, network technologies.
Solid knowledge of computer security, command line syntax, malware/anti-malware, virus/antivirus, and web technologies.
Prior experience with one or more of these McAfee solutions: McAfee ePO software, McAfee Network Security Platform, and/or McAfee Web Gateway Integration.
Course objectives
Solution Overview
Describe the solution, including key features, benefits, and enhancements within this latest release.
Planning
Plan the deployment.
Installing and Setting up McAfee Advanced Threat Defense
Ensure appliance is installed, configure initial appliance settings, and verify the web application is accessible.
Navigating the Web Interface
Log in to and navigate the web application, identify commonly used web application, pages and command line interface, and become familiar with interface conventions and controls.
Configuring Appliance Settings
Configure and manage McAfee Advanced Threat Defense appliance settings, as necessary. For example: user accounts, external servers, telemetry, and web certificates.
Creating Analyzer Virtual Machines
Identify how to create an analyzer virtual machine for a supported operating system, upload and convert a virtual machine disk (VMDK) file, and view log files to monitor the status.
Managing Virtual Machine and Analyzer Profiles
Create and manage analyzer virtual machine (VM) profiles.
Analyzing Malware
Submit content for analysis, interpret the results, generate reports, and manage the whitelist and blacklist.
Configuring an Advanced Threat Defense Cluster
Configure and manage an Advanced Threat Defense cluster.
Managing Content and Software
Manage security content and software updates and upgrades.
Basic Troubleshooting
Identify and use resources and tools helpful for basic troubleshooting.
Integration and Threat Information Sharing
Integrate other McAfee solutions with Advanced Threat Defense, benefits of integration, and integrate selected McAfee solutions for deeper analysis and threat information sharing.
Target Audience:
This course is intended for system and network administrators, security personnel, auditors, and/or consultants concerned with system endpoint security.
Day 1
Welcome
Solution Overview
Planning the Deployment
Installing and Setting Up McAfee Advanced Threat Defense
Navigating the Web Interface
Configuring Appliance Settings
Creating Analyzer Virtual Machines
Day 2
Managing Virtual Machine and Analyzer Profiles
Analyzing Malware
Configuring an Advanced Threat Defense Cluster
Managing Content and Software
Basic Troubleshooting
Day 3
McAfee Network Security Platform Integration
McAfee Web Gateway Integration
McAfee Email Gateway Integration
McAfee Enterprise Security Manager Integration
McAfee ePolicy Orchestrator® (McAfee ePO™) software Integration
McAfee Data Layer Exchange Fundamentals
McAfee Data Exchange Layer (DXL) Deployment and Use
McAfee Threat Intelligence Exchange Fundamentals
McAfee Threat Intelligence Exchange Deployment and Use