Plan Your Development


VMware Carbon Black Cloud

The VMware Carbon Black Cloud simplifies everything: one cloud, one sensor, one set of data that delivers comprehensive endpoint protection. Our competency-based approach is designed to provide you with the information to learn and apply the skills you need.

The VMware Carbon Black Cloud curriculum provides a library of modules that you can self-tailor to find learning related to topics and applications that you use day to day. Our competency-based approach is designed to provide you with the information to learn and apply the skills you need. Each set of modules utilizes a badge system, so you can identify the learning you need and track your progress.

 

 

Curricula:

Endpoint Standard

Whether you use Endpoint Standard to actively respond to possible threats or you set up and manage Endpoint Standard policies, our Endpoint Standard curriculum can help. This self-service curriculum (including video, interactive modules, and live workshops) is organized by badge path. Each of these badge paths helps you identify the content relevant to you and how you use Endpoint Standard.

Available Badge Paths

THE BIG PICTURE:
Gain a general understanding of Endpoint Standard. This path is intended for managers and/or read-only users who do not use Defense day-to-day but who want an understanding of how it works.

ARCHITECT:
Get Endpoint Standard up and running. This path includes content related to deploying and managing sensors, understanding policies, and managing advanced settings.

PROTOCOL:
Create and manage policies for your organization. Policies are the sets of rules applied to endpoints that dictate how Endpoint Standard behaves. For example, policy rules dictate how Endpoint Standard responds to possible malware, allows files you want to run, and what files you want to upload for analysis.

ENFORCEMENT:
Investigate and respond to possible threats. This path includes content related to alerts, responding to alerts, and investigating threats.

Curricula:

Audit and Remediation

Audit and Remediation on the VMware Carbon Black Cloud is a real-time security operations solution that enables organizations to ask questions of all endpoints and take action to instantly remediate issues. Audit and Remediation is delivered through the VMware Carbon Black Cloud.

Available Badge Paths

Audit and Remediation:
How to use Audit and Remediation to ask questions of all endpoints and take action to instantly remediate issues.

Curricula:

Enterprise EDR

Enterprise EDR on the VMware Carbon Black Cloud combines custom and cloud-delivered threat intelligence, automated watch lists and integrations with the rest of the security stack to efficiently scale hunting across the enterprise. This content teaches you how to explore environments for abnormal activity, leverage cloud-delivered threat intelligence, and automate repeat hunts.

Available Badge Paths

THE BIG PICTURE:
Gain a general overview of Enterprise EDR and the VMware Carbon Black Cloud.

ARCHITECT:
Get the VMware Carbon Black Cloud and Enterprise EDR up an running.

PROTOCOL:
Create and manage policies and watch lists for your organization.

ENFORCEMENT:
Investigate and respond to alerts and notifications.

VMware Carbon Black App Control

Course:

App Control Administrator

App Control Administrator provides an in-depth, technical understanding of the App Control system through comprehensive coursework and hands-on scenario-based labs.

This course is intended for the App Control Administrator responsible for the configuration and maintenance of the App Control system according to their organization's security posture and operational policies. This person may lead, or be a member of, the installation and configuration team. Each implementation of App Control typically has one Administrator, although many organizations could have multiple administrators.

This course blends asynchronous, on-demand learning modules and live, virtual, instructor-led training. You are required to complete the first two asynchronous modules, Introduction and Getting Started, in order to be successful in the full-day instructor-led training.

Duration:8 hours

Prerequisites:None

Recommended Follow-Up Courses: App Control Rules and App Control Diagnostics and Troubleshooting.

Topics Include:

  • System overview

  • File Hashing

  • Server Installation

  • Console Overview

  • Login Accounts and Groups

  • Integrations

  • Unified Management

  • Login Accounts and Groups

  • Policies

  • Modes and Enforcement Levels

  • Notifiers

  • Computer Details

  • Automatic Local Approval

  • Local Approval and Timed Policy Override

  • Software Approvals

  • Custom Rules

  • Tools

  • Meters and Alerts

  • Events

  • Baseline Drift

Course:

App Control Rules

App Control Rules is an advanced, half-day virtual instructor-led course that reviews the parameters that drive rules in App Control and showcases best practices and lessons learned to optimize your own use of rules.

App Control rules can lighten the workload of an Administrator because the system will take action when specific conditions are met. But if the rules are too broad or too specific, too complex or not complex enough, they may not do exactly what you intended, and may allow or prohibit things you did not want to be impacted. In addition, excessive rules or excessively complex rules can impact your system performance.

Duration: 4 hours

Prerequisites: App Control Administrator

Recommended Follow-Up Courses: App Control Diagnostics and Troubleshooting

Topics Include

  • Custom Rule Basics

  • Custom Rule Best Practices

  • Rule Types

  • Optimizing Custom Rules

  • Event Rules

 
 

Course:

App Control Diagnostics and Troubleshooting

App Control Diagnostics and Troubleshooting presents real-life troubleshooting scenarios, drawn from the experience of top VMware Carbon Black field consultants. Note that the App Control Agent troubleshooting section will focus on the Windows Agent.

Explore diagnostic components, tools, and common issues for both the App Control Server and the App Control Agent in this advanced, half-day virtual instructor-led course. Discover what tools are recommended for uncovering issues, identifying flaws in other software, or tackling unexpected behavior.

Duration: 4 hours

Prerequisites: App Control Administrator

Recommended Follow-Up Courses: App Control Rules

Topics Include

  • System Consideration

  • Server Capabilities

  • Agent Capabilities

VMware Carbon Black EDR

Course:

EDR Introductory Analyst

EDR Introductory Analyst is an entry-level course recommended for those who will use VMware Carbon Black EDR on a daily basis for incident response but who will not be responsible for setting corporate security policy. A EDR Analyst may be someone who will use VMware Carbon Black EDR to identify, contain, and remediate a security incident. These individuals may be responsible for tuning the detection and response capabilities of the VMware Carbon Black platform. Job titles may include Information Security Analyst, Security Operations Center Analyst, IT Security Specialist, or Endpoint Security Specialist.

EDR Introductory Analyst is a one-day course that covers everyday best practices for analysts using VMware Carbon Black EDR. Learners who have taken EDR Administrator should not take this course.

Duration: 8 hours

Prerequisites: None

Recommended Follow-Up Courses:
EDR Advanced Administrator or EDR Advanced Analyst

Topics Include:

  • Threat Intelligence

  • Process Search

  • Investigations

  • Advanced Query Skills

  • Binary Search

  • Watch-lists

  • Alerts

  • Dashboard

  • Network Isolation

  • CB Live Response

  • Troubleshooting

Course:

EDR Advanced Analyst

EDR Advanced Analyst is an advanced, one-day course. Following the highly regarded PICERL methodology (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned), this course traces each step in threat hunting and resolution through the VMware Carbon Black EDR interface. Hands-on labs reinforce lessons learned and build familiarity building effective watch-lists, queries and filters, process analysis, endpoint control, and investigations.

Duration: 8 hours

Prerequisites: EDR Administrator or EDR Introductory Analyst

Recommended Follow-Up Courses: None

Topics Include

  • Phase 1: Preparation Pre-Incident Operational Readiness

  • Phase 2: Incident Detection and Identification – The Four Zones of Protection

  • Phase 3: Incident Containment & Scoping

  • Phase 4: Eradication and Removal of Malicious Artifacts

  • Phase 5: Recovery to Baseline

  • Phase 6: Lessons Learned & Enhancing Environmental Security Posture

Course:

EDR Administrator

EDR Administrator is an entry-level course recommended for those who will need a technical understanding of VMware Carbon Black EDR and who will be responsible for or involved in implementing the decisions that define their organization's security posture. This is someone who may lead, or be a member of, the installation team. This person also might be involved in integrating VMware Carbon Black EDR into the organization's infrastructure. Advanced configuration, maintenance, and sustainment of VMware Carbon Black EDR may also fall within this person's responsibilities as a lead or supporting team member. Every implementation is required to have one EDR Administrator, though many organizations have multiple administrators. Job titles may include Information Security Administrator, IT System Administrator, Information Security Engineer, or Cyber-security Engineer.

EDR Administrator is a one-day course during which we will present you with a comprehensive view of the application's capabilities, including the VMware Carbon Black Alliance. You will see aspects of how an actual incident response investigation is conducted using VMware Carbon Black EDR. Extensive content addresses the User Interface and Query Language, giving you the skills and understanding you need to conduct focused searches that lead to valuable findings. You will learn to enable and set up Feeds, Alerts, and Watch lists that keep an eye out for query results.

Duration: 8 hours

Prerequisites: None

Recommended Follow-Up Courses: EDR Advanced Administrator or EDR Advanced Analyst

Topics Include

  • Planning

  • Installation

  • Configuration

  • Threat Intelligence

  • Process Search

  • Process Analysis

  • Binary Search

  • Watch lists

  • Alerts

  • Dashboard

  • Network Isolation

  • CB Live Response

  • Investigations

  • Adding Descriptions

  • Custom Events

  • Administration

  • Advanced Query Skills

  • Using the API

  • Troubleshooting

Course:

EDR Advanced Administrator

EDR Advanced Administrator is an advanced, one-day course. This course is intended for those who directly access and manage their VMware Carbon Black EDR environment. If the VMware Carbon Black Cloud Operations Team handles management activities, then most topics are not relevant. This class is designed for on-premise customers.

During the EDR Advanced Administrator course, we will examine the functionality and configuration of advanced components, highlighting how to adjust VMware Carbon Black EDR to suit the unique needs of an environment. Real world experiences of the vendor and other VMware Carbon Black EDR users will also be incorporated. The overall purpose of this training is to enable the security engineer to take their organization's VMware Carbon Black EDR instance to that next level of customization, thus empowering SOC and IR teams to greater effectiveness.

Note: This class focuses exclusively on advanced technical topics related to the technical back end configuration and maintenance.

Duration: 8 hours

Prerequisites: EDR Introductory Analyst or EDR Administrator

Recommended Follow-Up Courses: None

Topics Include

  • Architecture

  • Advanced Components

  • Next Level of Customization

  • Device Integration

  • API Programming

  • Intelligence Feed Deep Dive

 

Certifications

Join the VMware Carbon Black Certified Community! Measure your proficiency against the rigorous standards we apply to our technical teams!

VMware Carbon Black's Product Certification Program provides you with a means to streamline your mastery of best practices using our technology. Our programs provide in-depth learning opportunities for IT and Information Security professionals to build proficiency while preparing to pass the certification exams. Build upon the foundational product knowledge acquired during administration-level training in a measurable way.

Why Get Certified

  • Prove Your Proficiency

  • Accelerate Your Career Growth

  • Earn Continuing Professional Education (CPE) Credits.



Certification:

Endpoint Standard Associate Analyst

This open-book certification exam is administered online through VMware Carbon Black Technical Academy and consists of 50 questions.

Prerequisites:

Complete the VMware Carbon Black Cloud course.

We recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time:

Total study time varies with the prerequisite of the VMware Carbon Black Cloud self-service course.

Note: Depending on when you completed the course and how diligently you have stayed current with product releases, you may elect to complete the VMware Carbon Black Cloud course again. However, we only require that you have completed the course at least once. The Endpoint Standard certification program is occasionally updated, as the Endpoint Standard product is updated.

Exam time limit:

65 minutes

Certification requirement:

Pass the exam. Results display immediately upon completion.

Expiration:

There is no expiration on participation.

Once you purchase access to the exam, the VMware Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact the VMware Carbon Black Technical Academy.

Certification:

App Control Associate Analyst

The App Control Associate Analyst certification offers two levels of engagement to meet the needs of IT and Information Security professionals.

Engagement Levels

Since certification candidates learn differently and have different levels of product proficiency, we offer two levels of engagement. You must purchase the examination at a minimum. Note that a passing score on the examination is the only requirement for certification.

Exam only:

For IT and InfoSec professionals with substantial experience using VMware Carbon Black App Control, we offer the ability to take the exam online with no study assistance from VMware Carbon Black Training. The candidate will have two attempts to achieve a passing score, with a mandatory one-week waiting period between attempts.

Knowledge Sets (Plus Exam):

For IT and InfoSec professionals who have taken the VMware Carbon Black EDR Administrator course, the Knowledge Sets extend beyond the foundational material contained in the introductory administrator training class. Each Knowledge Set consists of a series of self-paced learning activities (on-demand white-papers, videos, and quizzes) to support specific learning objectives and, ultimately, prepare the candidate for the online certification exam.




About this certification exam:

Open-book certification exam administered online through VMware CB Technical Academy

Prerequisites:

Complete the App Control Administrator course. This exam is based on App Control version 8.0. Depending on when you attended training and how closely you have stayed up to date with new releases, you may elect to attend App Control Administrator training again. We also recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time:

Total study time varies, however the materials encompass 3 hours total.

Exam time limit:

65 minutes

Certification requirement:

Pass the exam. Results display immediately upon completion.

There is no expiration on participation.

Once you purchase access to the exam, the VMware Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact VMware Carbon Black Technical Academy.

Certification:

EDR Associate Analyst

The EDR Associate Analyst certification offers two levels of engagement to meet the needs of IT and Information Security professionals.

Engagement Levels

Since certification candidates learn differently and have different levels of product proficiency, we offer two levels of engagement. You must purchase the examination at a minimum. Note that a passing score on the examination is the only requirement for certification.

Exam only:

For IT and InfoSec professionals with substantial experience using VMware Carbon Black EDR, we offer the ability to take the exam online with no study assistance from VMware Carbon Black Training. The candidate will have two attempts to achieve a passing score, with a mandatory one-week waiting period between attempts.

Knowledge Sets (plus Exam):

For IT and InfoSec professionals who have taken the EDR Administrator course, the Knowledge Sets extend beyond the foundational material contained in the introductory administrator training class. Each Knowledge Set consists of a series of self-paced learning activities (on-demand white-papers, videos, and quizzes) to support specific learning objectives and, ultimately, prepare the candidate for the online certification exam.




About this certification exam:

Open-book certification exam administered online through VMware CB Technical Academy

Prerequisites:

Complete the EDR Administrator course.This exam is based on VMware Carbon Black EDR version 6.2. Depending on when you attended training and how closely you have stayed up to date with new releases, you may elect to attend EDR Administrator training again. We also recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time:

Total study time varies, however the materials encompass 2 hours total.

Exam time limit:

65 minutes

Certification requirement:

Pass the exam. Results display immediately upon completion.

Expiration:

There is no expiration on participation.

Once you purchase access to the exam, the VMware Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact VMware Carbon Black Technical Academy.

Last modified: Wednesday, April 15, 2020, 4:15 PM