Automating Cisco Endpoint Security Solutions Using APIs
Inserting security appliances into your enterprise network is necessary but not sufficient. This course will teach you how to programmatically manage Cisco AMP, ThreatGrid, and Umbrella to provide next-generation protection for endpoints.
What you'll learn
Endpoint security is often overlooked or deferred in the context of enterprise security due to challenges with scalable management. Leveraging automation can greatly simplify endpoint security operations. In this course, Automating Cisco Endpoint Security Solutions Using APIs, you'll explore Cisco's flagship anti-malware product, Advanced Malware Protection (AMP) for endpoints, and interact with it using a robust REST API. Next, you'll discover how to improve the effectiveness of AMP by tying it into ThreatGrid, a detonation chamber for suspected malware, again using the REST API. Finally, you'll learn how to protect roaming users from Internet attacks using Cisco Umbrella, a cloud-hosted, DNS-based security service. Specifically, we’ll focus on the Umbrella Reporting, Enforcement, and Investigate APIs. When you're finished with this course, you'll have the skills and knowledge of security endpoint management to operate and maintain modern solutions at scale using automation.
Table of contents
- Course Introduction, Prerequisites, and Business Scenario 2m
- How Does Cisco AMP Work? 5m
- Demo: Downloading Malware and Installing AMP on Windows 4m
- Demo: Getting Started with the AMP API 4m
- Demo: Building a Hierarchical SDK Framework 8m
- Demo: Scanning for Malware Using AMP 7m
- Demo: Changing Computer Group Assignments 4m
- Demo: Blocking Custom Applications 6m
- Module Summary and Homework Challenge 1m
- Introducing Cisco ThreatGrid 3m
- Demo: Developer Resources to Help You 3m
- Demo: Collecting ThreatGrid Samples 4m
- Demo: Submitting Samples for Analysis 6m
- Demo: Exploring Indications of Compromise (IOCs) and Threats 4m
- Demo: Conducting Basic ThreatGrid Searches 3m
- Module Summary and Homework Challenge 1m
- DNS-based Security with Cisco Umbrella 4m
- Demo: The Quirks of Umbrella APIs 5m
- Demo: Viewing Site Activity Using the Reporting API 7m
- Demo: Building Custom Integrations Using the Enforcement API 6m
- Demo: Exploring Domains in Detail Using the Investigate API 8m
- Module Summary and Homework Challenge 1m
About the author
Nicholas (Nick) Russo, CCDE #20160041 and CCIE #42518, is an internationally recognized expert in IP/MPLS networking and design. To grow his skillset, Nick has been focused advancing Network DevOps via automation for his clients. Recently, Nick has been sharing his knowledge through online video training and speaking at industry conferences. Nick also holds a Bachelor's of Science in Computer Science from the Rochester Institute of Technology (RIT). Nick lives in Maryland, USA with his wife, Car... more
