FireMon Solutions Expert Certification Class for Version 8 The FireMon Solutions Expert class is offered both online and in the classroom. The purchased training includes one training seat, certification exam attempt, online access to self-­‐paced certification course, a training guide to provide supplemental detail to the instructor’s presentation, and hands-­‐on experience to give training participants the opportunity to apply their knowledge in real-­‐world scenarios. BECOME A CERTIFIED FIREMON SOLUTIONS EXPERT The FMSE certification is an effective way to validate your skills and show that you’re qualified and properly trained in the administration and use of FireMon security solutions. After class completion, participants will have immediate access to the self-­‐paced certification course and exam. See below for certification FAQs. MODULES COVERED The training sessions and training manual are divided into topics or modules. Each module has learning objectives — the skills and knowledge users should possess after completing the module. Module 1: Introduction to the Security Intelligence Platform Version 8 delivers powerful functionality in a security management solution that scales with your organization. Find out how FireMon can help you. Learning Objectives: • • • • • • Identify the main functionality of the platform. Identify ways that your organization can benefit from its use. Identify features that can help you in your day-­‐to-­‐day job duties. Describe the Security Manager components. Describe the communication model. Understand the required outbound and listening ports. Module 2: Navigate the Interface The web client is a powerful, intuitive interactive environment. Use this module to familiarize yourself with the interface and how to get to the features you’ll use most. Learning Objectives: • Log in for the first time. • Switch between applications. • Identify the main sections of Administration and Security Manager. © 2013-­‐2014 FireMon, LLC. 1 Module 3: Licenses and Domains Learn how to manage your product license and configure domains for MSSP users. Learning Objectives: • • • • View license information. Manage and upload your license. Describe differences between a non-­‐MSSP and MSSP license. Create, edit, and delete domains. Module 4: Users and Permissions Learn how to add FireMon Security Manager users, edit login information, and choose the authentication mechanism that suits your company’s needs. Then give your users access to only the portions of the Administration Center and Security Manager they need. With FireMon’s flexible permissions assignments, you can modify or change their authorization at any time. Learning Objectives: • Define users and user groups. • Add an authentication server. • Assign permissions to Users. Module 5: Add and Monitor Devices Learn how to add devices and group them into logical representations of your network. Then determine whether the device was properly added and communicating with Security Manger. Learning Objectives: • Configure devices to be monitored by Security Manager. • Add devices in Security Manager. • Identify the different device statuses and troubleshoot connectivity. Module 6: Configure the Device Map Version 8's map has been completely redesigned to allow customers to fully customize and build a more accurate representation of their network. Building an accurate map is a requirement for certain features, like Rule Recommendation and Service Risk Analysis. Learning Objectives: • • • Create network segments and zones. Create representations of device clusters on the map. Group device interfaces into segments. © 2013-­‐2014 FireMon, LLC. 2 Module 7: Configuration Retrieval and Display Security Manager actively monitors network devices for change so that you don’t have to. But you can also retrieve configurations and policies ad hoc or according to a schedule. Once retrieved, you can open a configuration in different “displays” or formats. Security Manager will analyze these configurations and provide action items to help improve your overall security posture. Learning Objectives: • • • Locate and open retrieved configurations. Find objects using search capabilities. Determine action items based on analysis of a device or device group. Module 8: Change Management Security Manager retrieves not only configurations, but also changes to those configurations. Use the change management tools to see changes within the context of your policy or a simple list of differences between two configurations. By identifying the changes between configurations, you can better understand how those changes will affect device behavior. Then provide documentation of the change for later reporting. Learning Objectives: • • • • Compare two configurations to identify differences between them. Run a change report to identify changes between configurations. Identify a few uses for change comparisons. Add documentation to track and manage changes. Module 9: Reduce Policy Complexity with Usage Analysis Usage Analysis shows a policy’s rule and object usage over time. Use this data to reorganize rules for efficiency, remove unused rules and objects, and reduce overly permissive rules. Learning Objectives: • • • Locate usage data and determine how it can reduce complexity. Run Traffic Flow Analysis to identify rules for improvement. Run Usage Analysis reports. Module 10: Compliance Auditing With Security Manager’s compliance capabilities, you can create custom assessments or run pre-­‐built ones, like PCI and NIST. You can even automate assessment to run whenever a configuration changes. Learning Objectives: • • • • Identify the different controls and assessments available. Create custom controls and assessments. Schedule and run assessments. Assign assessments to devices to automatically run. © 2013-­‐2014 FireMon, LLC. 3 Module 11: Security Intelligence Query Language (SIQL) Security Intelligence Query Language (SIQL) is a domain specific language designed to query various entities managed by Firemon. It is accessible as a set of REST services. The services accept a SIQL query string, and return a JSON response. Learning Objectives: • • • Describe SIQL's syntax structure. Identify uses for SIQL. View and edit sample queries. Module 12: Updates, Backups, and Event Logging Learn how to perform updates to Security Manager with a simple FMOS command. Also, learn how to back up and restore Security Manager data. Then learn where to see every transaction that is initiated via the web client and processed by the Application Server. Learning Objectives: • • • • Upgrade the server to the latest version. Create manual and automatic backups of Security Manager data. Restore data with a backup. Describe the data available in the Security Manager Event Log. © 2013-­‐2014 FireMon, LLC. 4 FIREMON SOLUTIONS EXPERT (FMSE) CERTIFICATION FAQS How do I become certified? You must pass the online exam with a score of 75%. Where can I take the exam? This is not a proctored exam, so you can take the exam online from your home or office. Please ensure that you are on a reliable internet connection before starting the exam. How long is the certification good for? The certification is good for each major version. We are currently certifying people on Security Manager Version 7 and 8. Where can I take the exam? This is not a proctored exam, so you can take the exam online from your home or office. Please ensure that you are on a reliable internet connection before starting the exam. How do I get access to take the exam? The exam will be delivered through the FMSE online course. Course access can be requested through the User Center from the Training page under the Support tab. How should I prepare for the exam? Take the FMSE online course (only available for version 8) and work with all aspects of Security Manager and the Admin Center before taking the exam. Candidates that have used the product regularly (i.e., more than twice a week) for over 3 months seem to have the most success. How many questions are on the exam and what is the time limit? You have 90 minutes to answer 50 questions that are pulled from a question bank What is the cost of the exam and how much are retakes? The first attempt is free with purchase of a seat in the FireMon Solutions Expert Class. Additional attempts can be purchased for $100 through your FireMon account representative How long do I have to wait to retake the exam? A purchase order must be received and reconciled before the exam can be taken again. This can take up to 10 business days. How long does it take to receive my certificate? Certificates will be mailed within 30 days. How long is the certification good for? The certification is good for the major version. We are currently certifying for Security Manager version 7 and 8. How can I remove my name from the public database of certified experts? Send an email to training@firemon.com to remove your name from the database. © 2013-­‐2014 FireMon, LLC. 5