SITCS: Implementing Cisco Threat Control Systems


Important notice

This course and corresponding exam is retiring, due to the launch of Cisco`s new training and certifications. 

Please see replacements:

New courses for Cisco Security

Courses for CCNP Security






Implementing Cisco Threat Control Solutions is designed to provide security engineers with the knowledge and hands-on experience required to deploy Cisco’s Email Security (ESA); Web Security (CWS, WSA); Advanced Malware Protection (AMP); and Next Generation Intrusion Prevention Systems (NGIPS).

Students will learn how to implement and manage security threat controls by leveraging the capabilities of Cisco’s FirePOWER NGIPS, AMP, WSA, CWS, and ESA products and solutions. The hands-on labs will provide experience in configuring advanced Cisco security solutions to mitigate outside threats, and to secure traffic traversing the network and security systems.


This course is aimed at engineers invovled in the implementation and support of Cisco Security Solutions that include NGIPS and AMP, Web Security. Email Security and Cloud Web Security Applicances. This course is also required for engineers looking to achieve the Cisco Certified Network Professional Certification for Security.


Attendees should meet the following prerequisites:

  • Cisco Certified Network Associate (CCNA) Security Certification ICND1 and IINS
  • Knowledge of Microsoft Windows operating system

Course objectives

After completing this course you should be able to:

  • Describe and Implement Cisco Web Security Appliance (WSA)
  • Describe and Implement Cisco Web Security(CWS)
  • Describe and Implement Cisco Email Security Appliance(ESA)
  • Describe and Implement Advanced Malware Protection(AMP)
  • Describe and Implement Cisco FirePower Next-Generation IPS
  • Describe and Implement Cisco ASA FirePower Services Module

Course content

Cisco Web Security Appliance

  • Describing The Cisco Web Security Appliance (WSA) Solutions
  • Integrating the Cisco Web Security Appliance
  • Configuring Cisco Web Security Appliance Identities and User Authentication Controls
  • Configuring Cisco Web Security Appliance Acceptable Use Control
  • Configuring Cisco Web Security Appliance Anti-Malware Controls
  • Configuring Cisco Web Security Appliance Decryption
  • Configuring Cisco Web Security Appliance Data Security Controls

Cisco Cloud Web Security

  • Describing the Cisco Cloud Web Security Solutions
  • Configuring Cisco Cloud Web Security Connectors
  • Describing the Web Filtering Policy in Cisco ScanCenter

Cisco Email Security Appliance

  • Describe the Cisco Email Security Solutions
  • Describing the Cisco Email Security Appliance Basic Setup Components
  • Configuring Cisco Email Security Appliance Basic Incoming and Outgoing Mail Policies

Advanced Malware Protection for Endpoints

  • AMP for Endpoints Overview and Architecture
  • Customizing Detection and AMP Policy
  • IOCs and IOC Scanning
  • Deploying AMP Connectors
  • AMP Analysis Tools

Cisco FirePOWER Next-Generation IPS

  • Describing the Cisco FireSIGHT System
  • Configuring and Managing Cisco FirePOWER Devices
  • Implementing an Access Control Policy
  • Understanding Discovery Technology
  • Configuring File-Type and Network Malware Detection
  • Managing SSL Traffic with Cisco FireSIGHT
  • Describing IPS Policy and Configuration Concepts
  • Describing the Network Analysis Policy
  • Creating Reports
  • Describing Correlation Rules and Policies
  • Understanding Basic Rule Syntax and Usage

Cisco ASA FirePOWER Services Module

  • Installing Cisco ASA 5500-X Series FirePOWER Services (SFR) Module


  • Lab 1: Configure Cisco Web Security Appliance Explicit Proxy and User Authentication
  • Lab 2: Configure Cisco Web Security Appliance Acceptable Use Controls
  • Lab 3: Configure Cisco Email Security Appliance Basic Policies
  • Lab 4: Accessing the AMP Public Cloud Console
  • Lab 5: Customizing Detection and AMP Policy
  • Lab 6: IOCs and IOC Scanning
  • Lab 7: Deploying AMP Connectors
  • Lab 8: AMP Analysis Tools
  • Lab 9: Configure Inline Interfaces and Create Objects
  • Lab 10: Create Access Control Policy Rules
  • Lab 11: Configure Network Discovery Detection
  • Lab 12: Create a File Policy
  • Lab 13: Create an Intrusion Policy
  • Lab 14: Create a Network Analysis Policy
  • Lab 15: Compare Trends
  • Lab 16: Create Correlation Policies


This course is recommended preparation for exam 300-210 SITCS

This is 1 of 4 exams that is needed to obtain the Cisco Certified Network Professional Security (CCNP Security).