Palo Alto Networks® Traps™ Advanced Endpoint Protection prevents sophisticated vulnerability exploits and unknown malware-driven attacks.
Successful completion of this two-day, instructor-led course equips the student to deploy Traps in large-scale or complex configurations and optimize its configuration.

Course Objectives

Students will learn how to design, build, implement, and optimize large scale Traps deployments: those with multiple servers and/or thousands of endpoints. In hands-on lab exercises, students will distribute Traps endpoint software in an automated way; prepare master images for VDI deployment; build multi-ESM deployments; design and implement customized policies; test Traps with exploits created using Metasploit; and examine prevention dumps with windbg.

Scope

  • Course level: Intermediate
  • Course duration: 2 days
  • Course format: Combines instructor-facilitated lecture with hands-on labs
  • Software version: Palo Alto Networks Traps Advanced Endpoint Protection 3.4

Sessions

Mod 1: Deploying Traps

  • Distributing endpoint software
  • TLS/SSL options
  • Virtual Desktop Infrastructure (VDI) deployment
  • External logging and SIEM integration

Mod 2: Scaling Traps Deployments Up

  • Role-based Access Control
  • Deployment patterns, including Multi-ESM Server deployment
  • Migration tasks

Mod 3: Optimizing Traps

  • Optimizing server settings
  • Defining conditions
  • Designing optimized policies
  • Implementing ongoing maintenance

Mod 4: Advanced Traps Forensics

  • Agent queries
  • Resources for malicious software testing
  • Exploit challenge testing with Metasploit
  • Exploit dump analysis with windbg

Mod 5: Advanced Traps Troubleshooting

  • Endpoint Security Manager and Traps architecture
  • Troubleshooting scenarios using dbconfig and cytool
  • Troubleshooting application compatibility
  • Troubleshooting BITS connectivity

 

Security Engineers, System Administrators, and Technical Support Engineers

Prerequisite

Students should have completed “Traps: Install, Configure, and Manage” or (for Palo Alto Networks employee and partner SEs) “PSE: Endpoint Associate” training. Windows system administration skills and familiarity with enterprise security concepts also are required.

No schedule at the moment