McAfee Data Loss Prevention Endpoint Administration Training

Print Friendly, PDF & Email
Introduction

McAfee Data Loss Prevention Endpoint Administration Training Course with Exercises

The McAfee McAfee Data Loss Prevention Endpoint Administration Training course from ENO provides in-depth training on the tools you need to design, implement, configure, and use McAfee Data Loss Prevention Endpoint to safeguard intellectual property and ensure compliance. The McAfee Data Loss Prevention Endpoint Administration Training course details how this solution uses McAfee ePolicy Orchestrator for centralized management. It also explains how to monitor and address day-to-day end-user risky actions such as emailing, web posting, printing, clipboards, screen captures, device control, uploading to the cloud, and more.

Duration: 4 days

McAfee Data Loss Prevention Endpoint Administration Training Related Courses

 
Customize It

● If you are familiar with some aspects of this McAfee Data Loss Prevention Endpoint Administration Training course, we can omit or shorten their discussion.
● We can adjust the emphasis placed on the various topics or build the McAfee Data Loss Prevention Endpoint Administration Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
● If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the McAfee Data Loss Prevention Endpoint Administration Training course in manner understandable to lay audiences.

Audience / Target Group

This McAfee Data Loss Prevention Endpoint Administration Training course is intended for system and network administrators, security personnel, auditors, and/ or consultants concerned with network and system security.

McAfee Data Loss Prevention Endpoint Administration Training - Objectives:

After completing this McAfee Data Loss Prevention Endpoint Administration Training course, attendees will be able to:

● Plan the deployment.
● Install and configure McAfee Data Loss Prevention Endpoint software on the McAfee ePolicy Orchestrator server.
● Install the McAfee Data Loss Prevention Endpoint client endpoints.
● Use classification, tagging, and protection rules to safeguard sensitive information.
● Locate information with endpoint discovery rules.
● Monitor incidents and events and generate queries and reports.

McAfee Data Loss Prevention Endpoint Administration Training - Course Content:

About the Course

Acronyms and Terms in This Course
Locating Helpful Resources
Intel Security Expert Center
Lab Environment

McAfee Data Loss Prevention Endpoint Solution Overview

Sources of Data Loss
Causes of Data Loss
McAfee Data Loss Prevention (DLP)
Portfolio
Choosing a Data Loss Prevention
Solution
McAfee DLP Endpoint Overview
New/Enhanced for DLP 9.4X
How McAfee DLPe Works
Classify
Track
Protect
Monitor

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment

Planning Overview
Strategy and Goals: Internal Assessment
Strategy and Goals: Role Assessment
Strategy and Goals: Technical Assessment
Strategy and Goals: Risk Assessment
Strategy and Goals: Privacy Laws
Classification: Sensitivity
Classification: Methods
Classification Scenario: Organizational Level

Planning a McAfee ePolicy Data Loss Prevention Endpoint Deployment (Continued)

Classification Scenario: Applications
Classification Scenario: End Users and Clients
Classification: Find, Apply, and Enforce
Deployment Planning
Solution Requirements: ePO Platform
Solution Requirements: Database
Solution Requirements: Clients
Supported Third-party Software
Pilot Plan
Post Pilot Validation and Enterprise Rollout
Other Planning Considerations
Resource: Deployment Planning Questionnaire
ePO Server and Infrastructure Credentials
Product-specific Questions
Network Requirements
McAfee ePO and McAfee Agent
Microsoft SQL Server Requirements
Client Requirements

Preparing the Enterprise Environment

Adding Active Directory Security Groups
Adding Users to Active Directory Security Groups
Verifying Active Directory Group Membership
Preparing Resource Folders
Configuring Sharing for Resource Folders
Configuring Permissions for Resource Folders
Verifying Sharing Settings
Configuring Custom Permission Entries
Changing Folder Permissions
Removing Inheritable Permissions from Parent
Check Point
Adding Permission Entries
Verifying New Permission Entries

McAfee ePolicy Orchestrator Review

McAfee ePO Solution Overview
McAfee ePO Platform Requirements
Default Ports
Communications: Tomcat Service
Logging into the McAfee ePO Web Interface
Quick Tour of the McAfee ePO Web
Interface
Reporting Options
Systems Options
Policy Options
Software Options
Automation Options
User Management Option

Installing McAfee Data Loss Prevention Endpoint Software

Obtaining McAfee DLPe Software
McAfee DLPe Software Overview
Checking in the McAfee DLPe Package
Installing the McAfee DLPe Extension
Installing the McAfee DLPe License
Verifying the McAfee DLPe Installation

Permission Sets

Viewing and Editing DLP Server Settings
Permission Sets Overview
Adding New DLP Permission Sets
Default DLP Permissions: Policy Catalog
Default DLP Permissions: DLP Policy Manager
Default DLP Permissions: Classifications
Default DLP Permissions: Definitions
Default DLP Permissions: Operational Events
Default DLP Permissions: Case Management
Help Desk Permissions
Case Study: DLPe Group Admin
Case Study: Incident Reviewer
Case Study: Redaction Reviewer
Creating Help Desk Permission Sets
Permissions Exclusive to Administrator
User Management Review
Guidelines for Authentication Types
Creating DLPe Users

Deploying the McAfee Data Loss Prevention Endpoint Clients

McAfee DLPe Client Overview
Deploying Client Software from McAfee ePO Console
Comparing Client Software Deployment Methods
Creating Product Deployment Project
Creating Client Deployment Task
DLP Endpoint Console

McAfee DLP Policy Overview and Initial Configuration

Review:
DLP Policies
Rules and Rule Sets
Definitions
Policy Architecture
Classification and Tagging
Policy Overview
McAfee DLP Client Configuration Policy Operational Modes
Device Control and full content protection versus Device Control only
Data Protection Modules
Protection Settings: Whitelist
Content Tracking
Corporate Connectivity
Debugging and Logging
Evidence Copy Service
Quarantine
Removable Storage Protection
Screen Capture Protection
Web Post Protection
User Interface Components
McAfee DLP Policy
Assigning Active Rule Sets
Configuring Endpoint Discovery Scan
Defining Global Settings

McAfee DLP Policy Manager Overview

McAfee DLP Policy Manager Review
Rule Sets Tab
Types of Rules
Policy Assignment Tab
Definitions Tab
Supported Definitions
Example Data Definitions
Example Device Control Definition
Example Definitions: Notification
Example Definitions: Other
Example Definitions: Source / Destination
Other Features

Privileged Users and End-User Group Definitions

Overview: Privileged Users, EndUser
Group Definitions, and Active Directory
Registering an LDAP Server
Active Directory Considerations
Creating Privileged Users
Example Privileged User
Defining End-User Group Definitions
Example End-User Group Definitions
Multiple User Sessions

Device Control

Device Control Overview
Device Management Overview
Device Management Overview:
Device Classes
Device Management Overview:
Device Definitions
Device Management Overview: PnP Devices
Device Management Overview: Removable Storage
Device Management Overview: Fixed Hard Drive
Working with Device Classes
Built-in Device Classes (Read-only)
Adding New Device Class
Locating Device GUI
Working with Device Definitions
Built-in Device Definitions (Readonly)
Adding New Device Definition
Example Conventions: Device Definitions
Example: File System Definition
Example: Plug and Play Device Definition
Example: Removable Storage Device Definition
Example: Whitelisted Plug and Play Devices
Overriding Device Class Settings in DLP Policy
Viewing Incidents

McAfee Device Rule Sets and Rules

Device Rule Sets and Rules Overview
Built-in Device Rule Sets and Rules
Working with Device Rules
Device Control Rule Tab
Adding a Device Rule
Example Conventions: Device Definitions
Naming Conventions: Device Rules
Citrix Device Rule Overview
Citrix Device Rule Configuration
Fixed Hard Drive Device Rule Overview
Fixed Hard Drive Device Rule Configuration
Plug and Play Device Rule Overview

McAfee Device Rule Sets and Rules (Continued)

Plug and Play Device Rule Configuration
Example Removable Storage File Access Device Rule
Removable Storage File Access Device Rule Configuration
Removable Storage File Access Device Rule Configuration
TrueCrypt Device Rule Overview
TrueCrypt Device Rule Configuration
Case Studies

Content Protection Overview

Data Protection Overview
Defining a Protection Strategy
Business Requirements
Rule Architecture
Is Classification Criteria Sufficient?
Is Tagging Criteria Needed?
What are the Rule Parameters?
What is the Desired Result or Outcome?
Review: Definitions
Example Conventions
Data - File Extension Definition
Notification – Justification Definition
Notification – User Notification Definition
Configuring Notification Placeholders
Application Template Definition
Email Address Definition
Local Folder Definition
Network Address (IP address) Definition
Network Port Definition
Network Printer Definition
Network Share Definition
Process Name Definition
URL List Definition
Window Title Definition
Bringing it All Together
Creating a Protection Rule
Naming Conventions: Data Protection Rules

Content Classification and Tagging

Classification Review
Tag Propagation
Tagging Rules
More on Tagging
Creating Classification Criteria
Example Classifications and Criteria
Creating Tagging Criteria
Manual Classification
Register Documents
Whitelisted Text

Removable Storage Protection

Removable Storage Protection Overview
Removable Storage Protection Advanced Options
Protect TrueCrypt Local Disks Mounts
Portable Devices Handler (Media Transfer Protocol)
Advanced File Copy Protection Deletion Mode
Removable Storage Protection Use Case
Example Configuration
User Notification

Email Protection

Email Protection Overview
Client Configuration Guidelines
Third-party Email Classification
Use Case
Example Configuration

Web Protection

Web Protection Overview
Browsers
Client Configuration Guidelines
Use Case
Example Configuration

Printer Protection

Printer Protection Overview
Client Configuration Guidelines
Use Case
Example Configuration

Screen Capture Protection

Screen Capture Protection Overview
Applications Protected
Use Case
Example Configuration

Clipboard Protection

Clipboard Protection Overview
Use Case
Example Configuration

Cloud Protection

Cloud Protection Overview
Use Case
Example Configuration

Application File Access Protection

Application File Access Protection Overview
Use Case
Example Configuration

Endpoint Discovery

Endpoint Discovery Overview
Running the Discovery Crawler
Verifying Discovery Settings
Discovery Rule Sets and Rules
Demonstration
Creating a Discovery Rule
Scheduler Definition
Creating Scheduler Definition
Example Scheduler Definition
Scheduler Definition Fields
Naming Conventions: Endpoint Discovery Rules
Setting up a Discovery Scan
Example Endpoint Scan Configuration
Quarantined Files or Email Items

Monitoring and Reporting

DLP Incident Manager
DLP Incident Manager: Incident List
DLP Incident Manager: Incident Tasks
DLP Incident Manager: Incident History
DLP Operational Events
Creating Set Reviewer Rule
Creating Automatic Mail Notification Rule
DLP Case Management
Creating Cases
Create a Set Reviewer Task
DLP Server Tasks
Working with Server Tasks
Queries Overview
Data Loss Prevention Queries
Creating Queries
Data Loss Prevention Reports

Monitoring and Reporting (Continued)

Creating Reports
Working with Reports
DLP Dashboards
DLP Dashboards
Working with Dashboards and Monitors

Basic Troubleshooting

Diagnostic Tool Overview
Generating Client Bypass Key
Diagnostic Tool Layout and Design
General Information Tab
DLPE Modules Tab
Data Flow Tab
Tools Tab
Process List
Devices Tab
Active Policy Tab
Policy Tuning: High CPU Use
Policy Tuning: Tagging
Debug Logging

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0