Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Mastering Endpoint Security & Threat Defense

Starweaver via Coursera

Go to class Write review

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
In today’s evolving cyber threat landscape, every endpoint—whether a laptop, server, cloud workload, or mobile device—represents a potential gateway to sensitive data. Cybercriminals know this, making endpoint security the true front line of defense. This course provides a structured, beginner-friendly introduction to endpoint security, taking you beyond traditional antivirus into modern defenses like EDR, Zero Trust, and insider threat detection. Through real-world scenarios and guided labs inside virtual machines, you’ll gain practical skills using lightweight, open-source tools such as Sysmon, Velociraptor, osquery, and Sigma. Instead of abstract concepts, you’ll work with the same workflows and investigative methods that SOC analysts, sysadmins, and blue teamers use daily. By the end of the course, you’ll know how to design secure endpoint architectures, monitor and correlate logs for advanced threat detection, and apply Zero Trust principles using built-in security features. Whether you’re preparing for certifications like CySA+, Blue Team Level 1, or SC-200, aiming for an entry-level SOC role, or transitioning from system administration into security, this course equips you with the skills to stop real-world attacks and build effective defenses without costly tools.

Syllabus

  • Course Introduction
    • In this course, you’ll learn how to build and manage endpoint security as the first line of defense in today’s threat landscape. You’ll focus on designing secure endpoint architectures, applying Zero Trust principles, and using tools like Sysmon, Sigma, and Velociraptor to detect and investigate threats. Through expert-led instruction, real-world scenarios, and hands-on labs in virtual environments, you’ll gain the skills to monitor processes, analyze alerts, and respond to insider and external threats. By the end, you’ll be equipped to think like a SOC analyst, correlate logs and behaviors, and implement practical defenses that protect endpoints and strengthen overall cybersecurity posture.
  • Introduction to Endpoint Security Management
    • In this module, you’ll learn why endpoints are a critical focus in cybersecurity and how attackers often exploit them to reach organizational data. You’ll explore endpoint types, common attack vectors, the CIA triad, and baseline hardening principles, and analyze real-world attack scenarios to see these concepts in action. You’ll also work with CIS-CAT Lite in hands-on labs to assess configurations and understand how architectural components like agents and policy engines interact. Finally, you’ll apply foundational security practices to strengthen baseline defenses and build a resilient endpoint environment.
  • Endpoint Detection and Response (EDR)
    • In this module, you’ll learn how Endpoint Detection and Response (EDR) strengthens modern security beyond traditional antivirus solutions. You’ll explore how EDR collects and analyzes telemetry, apply frameworks like MITRE ATT&CK to shape detection strategies, and practice using tools such as Sysmon, Process Monitor, osquery, and Velociraptor for visibility and threat hunting. Through hands-on configuration and guided workflows, you’ll build skills in interpreting endpoint telemetry, investigating suspicious activity, and applying structured analysis techniques to real-world defense scenarios.
  • Zero Trust Architecture
    • In this module, you’ll learn why Zero Trust is essential in today’s borderless networks and how it transforms access control beyond traditional perimeter defenses. You’ll explore core principles such as continuous verification, least privilege, and microsegmentation across identity, device, and application layers. Through real-world reference architectures and policy enforcement models, you’ll gain practical insight into Zero Trust design. Finally, you’ll apply these concepts in a hands-on lab using OpenZiti and endpoint hardening to rethink access workflows and experiment with identity-based segmentation.
  • Insider Threat Management
    • In this module, you’ll learn how to identify and mitigate insider threats—one of the most challenging risks in cybersecurity. You’ll explore insider motives, behavioral indicators, and monitoring techniques based on log analysis and baseline deviations, while also considering the legal and ethical implications of monitoring trusted users. Through case studies, detection strategies, and hands-on simulations with Sysmon and Sigma, you’ll practice analyzing behavior patterns, interpreting activity trails, and evaluating potential misuse of privileges to build a responsible and effective insider threat program.
  • Course Conclusion
    • In this wrap-up module, you’ll consolidate everything learned across the course by demonstrating your ability to secure, monitor, and investigate a real-world endpoint scenario. Through a graded assessment, hands-on project, and final reflections, you’ll apply endpoint hardening techniques, configure telemetry, simulate insider or malware-like activity, and conduct a structured investigation using free tools. By the end, you’ll showcase the practical skills of a SOC analyst—detecting, responding, and reporting on endpoint threats—while reinforcing your readiness for professional roles and certifications in cybersecurity defense.

Taught by

Starweaver and Rohit Mukherjee

Reviews

Start your review of Mastering Endpoint Security & Threat Defense

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.