University of Wisconsin–Madison

Join us for a lunch and learn training session for Cisco AMP on Jan 14 and Jan 22

(Email message)

IT Colleagues:

You’re invited to attend a lunch and learn training session for Cisco Advanced Malware Protection (AMP). The training session is available on Jan 14 and Jan 22. 

AMP is recommended as a replacement for Symantec Endpoint Protection (SEP) on managed University-owned devices, and it is available at no cost to campus units. AMP, configured in partnership with the UW–Madison Office of Cybersecurity, aligns with the UW–System Information Security Program. Units are encouraged to implement AMP now to replace the campus SEP licenses expiring in June 2020.

The purpose of the session is to familiarize and train IT admins across campus with the AMP endpoint connector and the AMP administrative console. There is a significant portion of time set aside for questions – so come prepared to participate!

Cicso AMP  Session 1

11:30am-1:00pm

Tues, Jan 14

Computer Science Building, Room 3139AB

Signup: https://go.wisc.edu/mu0t6l

 

Cicso AMP  Session 2

11:30am-1:00pm

Wed, Jan 22

HSLC, Room 1220/1222

Signup: https://go.wisc.edu/p7d7v6

 Agenda:

  1. Brief introduction to AMP connector and how it functions (10 minutes)
  2. Getting started (5 minutes):
    1. Requesting AMP console account & endpoint connectors
    2. Downloading the AMP connector
    3. Deployment options available through BigFix, SCCM, JAMF, Airwatch, etc.    
  3. Detailed Threat Analysis in the AMP Console (10-15 minutes)
    1. Viewing and reviewing events
    2. Drilling down into the details
  4. Tuning for performance (10-15 minutes)
    1. Whitelisting files
    2. Setting up exclusions
  5. Configuring policy settings and detection engines (15 minutes)
    1. Tetra/Clam AV traditional AV scanning (and scheduling scans)
    2. File, Network, Malicious Activity Protection, System Process Protection detection engines
    3. Enabling/disabling the local GUI
  6. Maintenance (5-10 minutes) 
    1. Updating AMP via the console
    2. What happens with imaging/duplicate endpoints?
    3. Checking endpoint health & known issues
  7. Answer audience questions regarding AMP (remaining time)

Contact Information:

If you have questions about the lunch and learn sessions or AMP questions, please email oakes.dobson@wisc.edu

If you have questions about the Endpoint Management & Security Project, please email endpoints@office365.wisc.edu.

Thank you,

Endpoint Management & Security Project Team