3 arrows

Get 50% Off ForgeRock Training Bundles


Symantec Advanced Threat Protection 2.x: Incident Response

  • Tuition USD $1,440 List Price $1,800
  • Reviews star_rate star_rate star_rate star_rate star_half 3224 Ratings
  • Course Code SC1413
  • Duration 2 days
  • Available Formats Classroom

The Symantec Advanced Threat Protection 2.x: Incident Response course is designed for the network, IT security, and systems administration professional in a Security Operations position. This class covers how to detect, remediate, and recover from an incident using Advanced Threat Protection.

Skills Gained

  • Describe Advanced Threat Protection products, components, dependencies, and system hierarchy.
  • Configure Advanced Threat Protection to prepare your Symantec Endpoint Protection endpoints for responding to incidents.
  • Detect events and incidents in the ATP Manager and search for indicators of compromise (IOC).
  • Remediate threats by isolating breached endpoints and suspicious activity.
  • Recover from an outbreak using Symantec best practices and update your Cybersecurity plan.

Who Can Benefit

This course is for network managers, resellers, systems administrators, client security administrators, systems professionals, and consultants who are charged with the configuration, and day-to-day management of Advanced Threat Protection and Symantec Endpoint Protection in a variety of network environments.


You must have working knowledge of advanced computer terminology, including TCP/IP networking terms and Internet terms, and an administrator-level knowledge of Microsoft Windows operating systems.

Course Details


  • Course overview
  • The classroom lab environment

How ATP Fits Inside The Cybersecurity Framework

  • Advanced Persistent Threat (APT) review
  • Stages of an attack
  • Preventative steps as defined by STAR/Security Response
  • Cybersecurity core functions

Introducing ATP

  • Introduction
  • Shared technologies
  • Examining the ATP architecture and sizing guide
  • Becoming familiar with Symantec ATP
  • Describing views and data analysis per incident response role

Configuring Global Settings and SEPM Integration

  • Configuring Global Settings
  • Configuring ATP:Email correlation
  • Configuring Symantec Endpoint Protection correlation
  • Configuring ATP and SEP detection and response

Working with Events and Incidents

  • ATP detection overview
  • Viewing events
  • Analyzing Incidents
  • Analyzing the dashboard
  • Searching for indicators of compromise (IOC)

Preparing your SEP Endpoint Environment for Response

  • Configure Host Integrity and Quarantine Firewall policies for ATP quarantine
  • Configuring the SEP endpoints to communicate with ATP (Insight)
  • Operational and Alert Mode

Acting on Threats

  • Isolating breached endpoints
  • Remediating malicious files and reducing false positives
  • Responding to threats by blacklisting suspicious addresses
  • Examining case studies

Recovering After an Incident

  • Recovery best practices
  • Gathering information for reporting
  • Creating a Lessons Learned report

When does class start/end?

Classes begin promptly at 9:00 am, and typically end at 5:00 pm.

Does the course schedule include a Lunchbreak?

Lunch is normally an hour long and begins at noon. Coffee, tea, hot chocolate and juice are available all day in the kitchen. Fruit, muffins and bagels are served each morning. There are numerous restaurants near each of our centers, and some popular ones are indicated on the Area Map in the Student Welcome Handbooks - these can be picked up in the lobby or requested from one of our ExitCertified staff.

How can someone reach me during class?

If someone should need to contact you while you are in class, please have them call the center telephone number and leave a message with the receptionist.

What languages are used to deliver training?

Most courses are conducted in English, unless otherwise specified. Some courses will have the word "FRENCH" marked in red beside the scheduled date(s) indicating the language of instruction.

What does GTR stand for?

GTR stands for Guaranteed to Run; if you see a course with this status, it means this event is confirmed to run. View our GTR page to see our full list of Guaranteed to Run courses.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals and private on sites. View our group training page for more information.

Does ExitCertified deliver group training?

Yes, we provide training for groups, individuals, and private on sites. View our group training page for more information.

the lab book mentions t3 EC2 instances but it actually should be t2. other than that, the labs were setup very well.

Very professional, excellent follow up and attention to detail throughout the whole process.

Program was well done from initial invitation to actual class and follow-up

The Course material and lab infrastructure and the overall Experience is very good.

Great remote learning experience. Instruction was delivered with enthusiasm and expertise.

0 options available

There are currently no scheduled dates for this course. If you are interested in this course, request a course date with the links above. We can also contact you when the course is scheduled in your area.

Contact Us 1-800-803-3948
Contact Us
FAQ Get immediate answers to our most frequently asked qestions. View FAQs arrow_forward