1. Symantec Data Loss Prevention 10.5 Administration
COURSE DESCRIPTION
Prerequisites
The Symantec Data Loss Prevention 10.5 Administration You must have a working knowledge of windows server-class
course is designed to provide you with the fundamental operating systems and commands, as well as networking and
knowledge and hands-on lab experience to configure and network security concepts.
administer the Symantec Data Loss Prevention Enforce
platform. The hands-on labs include exercises for Hands-On
reporting, workflow, and incident response management, This course includes practical exercises that enable you to test
policy management and detection, response your new skills and begin to transfer them into your working
management, user and role administration, directory environment.
integration, and filtering. Additionally, you are introduced
to the following Symantec Data Loss Prevention
products: Network Monitor, Network Prevent, Network
Discover, Network Protect, Endpoint Prevent, and
Endpoint Discover, as well as deployment best practices. COURSE OUTLINE
Note that this course is delivered on a Microsoft Windows Introduction to Symantec Data Loss Prevention
platform and does not include installation and initial • Symantec Data Loss Prevention overview
configuration for each server. • Symantec Data Loss Prevention architecture
Delivery Method Navigation and Reporting
Instructor-led • Navigating the user interface
• Reporting and analysis
Duration
• Report navigation, preferences, and features
Four days
• Report filters
Course Objectives • Report commands
This course provides instruction on Symantec Data Loss • Incident snapshot
Prevention 10.5. At the completion of the course, you will • Hands-On Labs: Become familiar with navigation and tools
be able to: in the user interface. Create, filter, summarize, and
• Describe the features, concepts, components, and distribute reports. Create users, roles, and attributes.
terminology of Symantec Data Loss Prevention 10.5.
Incident Remediation and Workflow
• Configure reports and remediate incidents.
• Create and modify policies and response rules. • Incident remediation and workflow
• Leverage policy and response management best • Managing users and attributes
practices. • Hands-On Labs: Remediate incidents and configure a
• Create and modify Discover targets. user’s reporting preferences.
• Create and manage roles and users.
Policy Management
• Carry out system administration tasks including
• Policy overview
performance management.
• Creating policy groups
• Describe enterprise enablement best practices.
• Using policy templates
• Perform diagnostics.
• Building policies
• Leverage deployment best practices.
• Hands-On Labs: Use policy templates and policy builder to
Who Should Attend configure and apply new policies.
This course is intended for those responsible for the
application configuration, maintenance, and Response Rule Management
troubleshooting of Symantec Data Loss Prevention. • Response rule overview
Additionally, this course is applicable for the technical • Creating Automated Response rules
users responsible for creating and maintaining Symantec • Creating Smart Response rules
Data Loss Prevention policies and the incident response • Response rule best practices
structure. • Hands-On Labs: Create and use Automated and Smart
Response rules.
VERSION 3 1
E:MC20091208

2. TrueMatch Detection Methods
• Overview of TrueMatch detection methods Introduction to Endpoint Discover
• Described Content Matching (DCM) • Endpoint Discover overview
• Exact Data Matching (EDM) • Creating and running Endpoint Discover targets
• Directory Group Matching (DGM) • Using Endpoint Discover reports and reporting features
• Indexed Document Matching (IDM) • Hands-On Labs: Create Endpoint Discover targets, run
• Hands-On Labs: Create policies that include DCM, Endpoint Discover targets, and view Endpoint Discover
EDM, DGM, and IDM rules (including policies that incidents.
combine these methods) and then use those policies
to capture incidents. Enterprise Enablement
• Preparing for risk reduction
Advanced EDM • Policy development best practices
Advanced EDM • Risk reduction
Network Monitor Review System Administration
• Review of Network Monitor • Architecture
• Protocols • Server administration
• Traffic filtering • Custom attribute lookup
• Network Monitor best practices • Troubleshooting
• Hands-On Labs: Apply IP and L7 Filters. • Hands-On Labs: Interpret event reports and traffic
Reports. Configure alerts and custom attribute look-ups
Introduction to Network Prevent using a .csv file.
• Network Prevent overview
• Introduction to Network Prevent (Email)
• Introduction to Network Prevent (Web)
• Hands-On Labs: Configure Network Prevent (Email)
response rules, incorporate them into policies, and
use the policies to capture incidents.
Introduction to Network Discover and Network
Protect
• Network Discover and Network Protect overview
• Configuring Discover targets
• Protecting data
• FlexResponse platform
• Running and managing scans
• Reports and remediation (Includes Data Insight
integration configuration)
• Network Discover and Network Protect best
practices
• Hands-On Labs: Create and run a file system target
using various response rules, including quarantining.
Introduction to Endpoint Prevent
• Endpoint Prevent overview
• Configuring Endpoint Prevent
• Detection capabilities at the Endpoint
• Managing agents
• Creating Endpoint response rules
• Capturing Endpoint Prevent incidents and viewing
them in reports
• Endpoint Prevent best practices
• Hands-On Labs: Create Endpoint response rules,
monitor and block Endpoint actions, and view
Endpoint Incidents.
Copyright © 2009 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Veritas are trademarks or registered trademarks of Symantec Corporation or its affiliates in 2
the U.S. and other countries. Other names may be trademarks of their respective owners. Specifications and product offerings are subject to change without notice.