Ready to enroll in a course?
View Course Catalog

Plan Your Development

Select the product below to view the available courses.


CB Predictive Security Cloud (PSC)

The CB Predictive Security Cloud (PSC) simplifies everything: one cloud, one sensor, one set of data that delivers comprehensive endpoint protection. Our competency-based approach is designed to provide you with the information to learn and apply the skills you need.

The PSC curriculum in Carbon Black Technical Academy provides a library of curricula, which you can self-tailor to find learning related to topics and applications that you use day to day. Our competency-based approach is designed to provide you with the information to learn and apply the skills you need. Each set of curricula utilizes a badge system, so you can identify the learning you need and track your progress.

View Course

Whether you use CB Defense to actively respond to possible threats or you set up and manage CB Defense policies, our CB Defense curriculum can help. This self-service curriculum (including video, interactive modules, and live workshops) is organized by badge path. Each of these badge paths helps you identify the content relevant to you and how you use CB Defense.


BADGE PATHS AVAILABLE:

  • THE BIG PICTURE: Gain a general understanding of Defense. This path is intended for managers and/or read-only users who do not use Defense day-to-day but who want an understanding of how it works.
  • ARCHITECT: Get Defense up and running. This path includes content related to deploying and managing sensors, understanding policies, and managing advanced settings.
  • PROTOCOL: Create and manage policies for your organization. Policies are the sets of rules applied to endpoints that dictate how Defense behaves. For example, policy rules dictate how Defense responds to possible malware, allows files you want to run, and what files you want to upload for analysis.
  • ENFORCEMENT: Investigate and respond to possible threats. This path includes content related to alerts, responding to alerts, and investigating threats.

CB LiveOps™ on the PSC is a real-time security operations solution that enables organizations to ask questions of all endpoints and take action to instantly remediate issues. CB LiveOps™ is delivered through the CB Predictive Security Cloud and is comprised of two features - Live Query and Live Response.


BADGE PATH AVAILABLE:

  • LIVEOPS™: How to use CB LiveOps™ to ask questions of all endpoints and take action to instantly remediate issues

CB ThreatHunter on the PSC combines custom and cloud-delivered threat intel, automated watchlists and integrations with the rest of the security stack to efficiently scale hunting across the enterprise. This content teaches you how to explore environments for abnormal activity, leverage cloud-delivered threat intelligence, and automate repeat hunts.


BADGE PATHS AVAILABLE:

  • THE BIG PICTURE: Gain a general overview of CB ThreatHunter and the PSC.
  • ARCHITECT: Get the PSC and CB Threathunter up an running.
  • PROTOCOL: Create and manage policies and watchlists for your organization.
  • ENFORCEMENT: Investigate and respond to alerts and notifications.

CB Protection

Take first Then take these advanced courses
OR

CB Protection Administrator provides an in-depth, technical understanding of the CB Protection system through comprehensive coursework and hands-on scenario-based labs.

This course is intended for the CB Protection Administrator responsible for the configuration and maintenance of the CB Protection system according to their organization's security posture and operational policies. This person may lead, or be a member of, the installation and configuration team. Each implementation of CB Protection typically has one Administrator, although many organizations could have multiple administrators.

Course Approach: This course blends asynchronous, on-demand learning modules and live, virtual, instructor-led training. You are required to complete the first two asynchronous modules, Introduction and Getting Started, in order to be successful in the full-day instructor-led training.

Duration: 8 hours
Prerequisites: None
Recommended Follow-Up Courses: CB Protection Rules and CB Protection Diagnostics and Troubleshooting

Topics include:

  • System overview
  • File Hashing
  • Server Installation
  • Console Overview
  • Login Accounts and Groups
  • Integrations
  • Unified Management
  • Login Accounts and Groups
  • Policies
  • Modes and Enforcement Levels
  • Notifiers
  • Computer Details
  • Automatic Local Approval
  • Local Approval and Timed Policy Override
  • Software Approvals
  • Custom Rules
  • Tools
  • Meters and Alerts
  • Events
  • Baseline Drift
View Course Catalog

CB Protection Rules is an advanced, half-day virtual instructor-led course that reviews the parameters that drive rules in CB Protection and showcases best practices and lessons learned to optimize your own use of rules.

CB Protection rules can lighten the workload of an Administrator because the system will take action when specific conditions are met. But if the rules are too broad or too specific, too complex or not complex enough, they may not do exactly what you intended, and may allow or prohibit things you did not want to be impacted. In addition, excessive rules or excessively complex rules can impact your system performance.

Duration: 4 hours
Prerequisites: CB Protection Administrator
Recommended Follow-Up Courses: CB Protection Diagnostics and Troubleshooting

Topics include:

  • Custom Rule Basics
  • Custom Rule Best Practices
  • Rule Types
  • Optimizing Custom Rules
  • Event Rules
View Course Catalog

CB Protection Diagnostics and Troublshooting presents real-life troubleshooting scenarios, drawn from the experience of top Carbon Black field consultants. Note that the CB Protection Agent troubleshooting section will focus on the Windows Agent.

Explore diagnostic components, tools, and common issues for both the CB Protection Server and the CB Protection Agent in this advanced, half-day virtual instructor-led course. Discover what tools are recommended for uncovering issues, identifying flaws in other software, or tackling unexpected behavior.

Duration: 4 hours
Prerequisites: CB Protection Administrator
Recommended Follow-Up Courses: CB Protection Rules

Topics include:

  • System Consideration
  • Server Capabilities
  • Agent Capabilities
View Course Catalog
CB Response
Take first Then take these advanced courses
OR

CB Response Introductory Analyst is an entry-level course recommended for those who will use CB Response on a daily basis for incident response but who will not be responsible for setting corporate security policy. A CB Response Analyst may be someone who will use CB Response to identify, contain, and remediate a security incident. These individuals may be responsible for tuning the detection and response capabilities of the CB Response platform. Job titles may include Information Security Analyst, Security Operations Center Analyst, IT Security Specialist, or Endpoint Security Specialist.

CB Response Introductory Analyst is a one-day course that covers everyday best practices for analysts using Carbon Black Response. Learners who have taken CB Response Administrator should not take this course.

Duration: 8 hours
Prerequisites: None
Recommended Follow-Up Courses: CB Response Advanced Administrator or CB Response Advanced Analyst

Topics include:

  • Threat Intelligence
  • Process Search
  • Investigations
  • Advanced Query Skills
  • Binary Search
  • Watchlists
  • Alerts
  • Dashboard
  • Network Isolation
  • CB Live Response
  • Troubleshooting
View Course Catalog

CB Response Advanced Analyst is an advanced, one-day course. Following the highly regarded PICERL methodology (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned), this course traces each step in threat hunting and resolution through the Carbon Black Response interface. Hands-on labs reinforce lessons learned and build familiarity building effective watchlists, queries and filters, process analysis, endpoint control, and investigations.

Duration: 8 hours
Prerequisites: CB Response Administrator or CB Response Introductory Analyst
Recommended Follow-Up Courses: None

Topics include:

  • Phase 1: Preparation Pre-Incident Operational Readiness
  • Phase 2: Incident Detection and Identification – The Four Zones of Protection
  • Phase 3: Incident Containment & Scoping
  • Phase 4: Eradication and Removal of Malicious Artifacts
  • Phase 5: Recovery to Baseline
  • Phase 6: Lessons Learned & Enhancing Environmental Security Posture
View Course Catalog
OR
Take first Then take these advanced courses
OR

CB Response Administrator is an entry-level course recommended for those who will need a technical understanding of CB Response and who will be responsible for or involved in implementing the decisions that define their organization's security posture. This is someone who may lead, or be a member of, the installation team. This person also might be involved in integrating CB Response into the organization's infrastructure. Advanced configuration, maintenance, and sustainment of CB Response may also fall within this person's responsibilities as a lead or supporting team member. Every implementation is required to have one CB Response Administrator, though many organizations have multiple administrators. Job titles may include Information Security Administrator, IT System Administrator, Information Security Engineer, or Cybersecurity Engineer.

CB Response Administrator is a one-day course during which we will present you with a comprehensive view of the application's capabilities, including the Carbon Black Alliance. You will see aspects of how an actual incident response investigation is conducted using Carbon Black Response. Extensive content addresses the User Interface and Query Language, giving you the skills and understanding you need to conduct focused searches that lead to valuable findings. You will learn to enable and set up Feeds, Alerts, and Watchlists that keep an eye out for query results.

Duration: 8 hours
Prerequisites: None
Recommended Follow-Up Courses: CB Response Advanced Administrator or CB Response Advanced Analyst

Topics include:

  • Planning
  • Installation
  • Configuration
  • Threat Intelligence
  • Process Search
  • Process Analysis
  • Binary Search
  • Watchlists
  • Alerts
  • Dashboard
  • Network Isolation
  • CB Live Response
  • Investigations
  • Adding Descriptions/Custom Events
  • Administration
  • Advanced Query Skills
  • Using the API
  • Troubleshooting
View Course Catalog

CB Response Advanced Administrator is an advanced, one-day course. This course is intended for those who directly access and manage their CB Response environment. If the Carbon Black Cloud Operations Team handles management activities, then most topics are not relevant. This class is designed for on-premise customers.

During the CB Response Advanced Administrator course, we will examine the functionality and configuration of advanced components, highlighting how to adjust CB Response to suit the unique needs of an environment. Real world experiences of the vendor and other CB Response users will also be incorporated. The overall purpose of this training is to enable the security engineer to take their organization's CB Response instance to that next level of customization, thus empowering SOC and IR teams to greater effectiveness.

Note: This class focuses exclusively on advanced technical topics related to the technical back end configuration and maintenance.

Duration: 8 hours
Prerequisites: CB Response Introductory Analyst or CB Response Administrator
Recommended Follow-Up Courses: None

Topics include:

  • Architecture
  • Advanced Components
  • Next Level of Customization
  • Device Integration
  • API Programming
  • Intelligence Feed Deep Dive
View Course Catalog

Certifications

Join the Carbon Black Certified Community! Measure your proficiency against the rigorous standards we apply to our technical teams!

Carbon Black's Product Certification Program provides you with a means to streamline your mastery of best practices using our technology. Our programs provide in-depth learning opportunities for IT and Information Security professionals to build proficiency while preparing to pass the certification exams. Build upon the foundational product knowledge acquired during administration-level training in a measurable way.


WHY GET CERTIFIED?

Prove your proficiency. Accelerate your career growth. Earn continuing professional education (CPE) credits.

This open-book certification exam is administered online through CB Technical Academy and consists of 50 questions.

Prerequisites: Complete the CB Predictive Security Cloud (PSC) course.
We recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time: Total study time varies with the prerequisite of the CB Predictive Security Cloud (PSC) self-service course.

Note: Depending on when you completed the course and how diligently you have stayed current with product releases, you may elect to complete the CB Predictive Security Cloud (PSC) course again. However, we only require that you have completed the course at least once. The CB Defense certification program is occasionally updated, as the CB Defense product is updated.

Exam time limit: 65 minutes

Certification requirement: Pass the exam. Results display immediately upon completion.

Expiration: There is no expiration on participation. Once you purchase access to the exam, the Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact Carbon Black Technical Academy.

View Course Catalog

The CB Protection Associate Analyst certification offers two levels of engagement to meet the needs of IT and Information Security professionals.

ENGAGEMENT LEVELS:
Since certification candidates learn differently and have different levels of product proficiency, we offer two levels of engagement. You must purchase the examination at a minimum. Note that a passing score on the examination is the only requirement for certification.

Exam only: For IT and InfoSec professionals with substantial experience using CB Protection, we offer the ability to take the exam online with no study assistance from Carbon Black Training. The candidate will have two attempts to achieve a passing score, with a mandatory one-week waiting period between attempts.

Knowledge Sets (plus Exam): For IT and InfoSec professionals who have taken the CB Response Administrator course, the Knowledge Sets extend beyond the foundational material contained in the introductory administrator training class. Each Knowledge Set consists of a series of self-paced learning activities (on-demand whitepapers, videos, and quizzes) to support specific learning objectives and, ultimately, prepare the candidate for the online certification exam.

About this certification exam: Open-book certification exam administered online through CB Technical Academy

Prerequisites: Complete the CB Protection Administrator course.
This exam is based on CB Protection version 8.0. Depending on when you attended training and how closely you have stayed up to date with new releases, you may elect to attend CB Protection Administrator training again. We also recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time: Total study time varies, however the materials encompass 3 hours total.

Exam time limit: 65 minutes

Certification requirement: Pass the exam. Results display immediately upon completion.

Expiration: There is no expiration on participation. Once you purchase access to the exam, the Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact Carbon Black Technical Academy.

View Course Catalog

The CB Response Asoociate Analyst certification offers two levels of engagement to meet the needs of IT and Information Security professionals.

ENGAGEMENT LEVELS:
Since certification candidates learn differently and have different levels of product proficiency, we offer two levels of engagement. You must purchase the examination at a minimum. Note that a passing score on the examination is the only requirement for certification.

Exam only: For IT and InfoSec professionals with substantial experience using CB Response, we offer the ability to take the exam online with no study assistance from Carbon Black Training. The candidate will have two attempts to achieve a passing score, with a mandatory one-week waiting period between attempts.

Knowledge Sets (plus Exam): For IT and InfoSec professionals who have taken the CB Response Administrator course, the Knowledge Sets extend beyond the foundational material contained in the administrator training class. Each Knowledge Set consists of a series of self-paced learning activities to support specific learning objectives and, ultimately, prepare the candidate for the online certification exam.

About this certification exam: Open-book certification exam administered online through CB Technical Academy

Prerequisites: Complete the CB Response Administrator course.
This exam is based on CB Response version 6.2. Depending on when you attended training and how closely you have stayed up to date with new releases, you may elect to attend CB Response Administrator training again. We also recommend candidates have security software experience and domain knowledge. We do not require a verifiable number of field hours working with the product.

Study time: Total study time varies, however the materials encompass 2 hours total.

Exam time limit: 65 minutes

Certification requirement: Pass the exam. Results display immediately upon completion.

Expiration: There is no expiration on participation. Once you purchase access to the exam, the Carbon Black Training Team will send you a program welcome message with access details.

If you are unsuccessful on your first attempt, you automatically receive a second attempt one week later. Scores are confidential. Only you and the program administrators will have access to your exam results.

For more information, contact Carbon Black Technical Academy.

View Course Catalog

 
Last modified: Monday, January 28, 2019, 4:59 PM