Securing Cisco Networks with Sourcefire FireAMP (SSFAMP)


The Protecting Against Malware Threats with Cisco© AMP for Endpoints is an instructor-led, lab-based, hands-on course offered by Cisco Learning Services. It is a lab-intensive course that introduces students to the powerful features of Cisco AMP for Endpoints software. Day one of this 3-day virtual class covers modern threats, vulnerabilities, and Cisco Advanced Malware Protection (AMP) technologies. Days two and three detail the Cisco AMP for Endpoints product architecture and how it can be used to protect against malware.

Target Audience

This course is designed for technical professionals who need to know how to deploy and manage Sourcefire FireAMP software in their network environments. The primary audience for this course includes: Security administrators, Security consultants, Network Administrators, System Engineers, Technical support personnel


  • TCP/IP experience including the major protocols, common services, and basic network traffic routing
  • General information security fundamentals
  • Fundamentals of how operating systems work, including OS configuration structures, file system I/O and basic OS usage and management

Course Objectives

After completing this course, you should be able to:

  • Describe malware terminology and recognize malware categories
  • Describe the architecture and individual security features of Windows, Apple Mac, and Linux operating
  • systems and the concept of vulnerabilities
  • Describe the components and behavior of exploit kits and botnets
  • Describe modern attack vectors and trends
  • Recognize the key components and methodologies of Cisco Advanced Malware Protection
  • Recognize the key features and concepts of the AMP for Endpoints product
  • Navigate the AMP for Endpoints console interface and perform first-use setup tasks
  • Configure and customize AMP for Endpoints to perform malware detection
  • Create and configure a policy for AMP-protected endpoints
  • Plan, deploy, and troubleshoot an AMP for Endpoints installation
  • Analyze files and events by using the AMP for Endpoints console and be able to produce threat reports
  • Use the AMP for Endpoints tools to analyze a malware attack
  • Describe all features of the Accounts menu for both public and private cloud installations

Course Outline

Module 1: Modern Malware
Module 2: Operating Systems and Vulnerabilities
Module 3: Exploit Kits and Botnets
Module 4: Attack Vectors and Trends
Module 5: Introduction to Cisco AMP Technologies
Module 6: AMP for Endpoints Overview and Architecture
Module 7: Console Interface and Navigation
Module 8: Outbreak Control
Module 9: Endpoint Policies
Module 10: Groups and Deployment
Module 11: Analysis
Module 12: Analysis Case Studies
Module 13: Accounts

Lab Outline:
Lab 1: Sample Malware Behavior
Lab 2: Accessing AMP for Endpoints
Lab 3: Outbreak Control
Lab 4: Endpoint Policies
Lab 5: Groups and Deployment
Lab 6: Analysis
Lab 7: Zbot Analysis
Lab 8: User Accounts

SLI Main Menu