starweaver-logo
LOG INGET STARTED
LOG INGET STARTED
  • Browse
  • Doing

  • On Air
  • Channels
  • Career Paths
  • LEARNING

  • Courses
  • Certifications
  • Journeys
  • Test Prep
  • CONNECTING

  • How It Works
  • Community
  • Techbytes
  • Podcasts
  • Leaderboards
  • SUPPORT

  • Support & FAQs
  • Starweaver for Business
  • Starweaver for Campus
  • Teach with Starweaver
footer-brand-logo
  • COMPANY
  • About Us
  • Support and Knowledge Base
  • Policies & Terms
  • Contact
  • CONTENT
  • Courses
  • Certifications
  • Journeys
  • Test Prep
  • Meet the Gurus
  • Techbytes
  • FOR ORGANIZATIONS
  • Starweaver for Business
  • Starweaver for Campus
  • Catalogue
  • Pricing
  • Private Classes
  • PARTNER WITH US
  • Instructors & Teachers
  • Books, Writing & Publishing
  • FOLLOW US
    • facebook
    • twitter
    • linkedin
    • pinterest
    • instagram
    • youtube
Our trademarks include Starweaver®, Make genius happen™, Education you can bank on®, People are your most important assets!®, Body of Knowledge™, StarLabs™, LiveLabs™, Journeys™
© Starweaver Group, Inc. All Rights Reserved.
  1. Courses
  2. >
  3. Mastering Endpoint Security & Threat Defense

Mastering Endpoint Security & Threat Defense

This course gives you a full-stack view of endpoint security management, taking you beyond basic antivirus into the world of EDR, Zero Trust, and Insider Threat defense—all explained in a practical, structured, and beginner-friendly way.

Rohit Mukherjee
Cybersecurity | intermediate | 4 hours |   Published: Aug 2025

    Discussions

Overview

STUDENTS*
RECOMMEND*

This course includes:

  • 4 hours of on-demand video  
  • Certificate of completion  
  • Direct access/chat with the instructor 
  • 100% self-paced online

 

Why Endpoint Security Matters Today 

In today's rapidly evolving threat landscape, endpoint security is no longer just a checkbox—it’s the front line. Whether you're protecting laptops, servers, cloud workloads, or mobile devices, every endpoint is a potential gateway to your organization’s sensitive data. Cybercriminals know this—and so should you. 

This course gives you a full-stack view of endpoint security management, taking you beyond basic antivirus into the world of EDR, Zero Trust, and Insider Threat defense—all explained in a practical, structured, and beginner-friendly way. 

What Makes This Course Different? 

This isn’t a passive slide-show course or a patchwork of tools without context. 

Instead, you’ll gain foundational concepts, real-world scenarios, and hands-on lab walkthroughs using lightweight, open-source tools inside virtual machines—so you can learn by doing without the need for expensive enterprise platforms. 

The content is structured to reflect the actual workflows and decisions made by SOC analysts, system administrators, red/blue teamers, and cybersecurity engineers. Whether you're just starting out or looking to add depth to your infosec skills, this course helps you build an end-to-end understanding of how endpoint defense works in practice. 

What Problem Does This Course Solve? 

Many cybersecurity learners hit a common wall: "I know general concepts, but I don’t understand how endpoint defense works in real life.” 

This course fixes that by helping you: 

  • Understand why endpoints are targeted. 
  • Build up from security fundamentals to threat detection. 
  • Analyze real-world alerts and tools used by defenders. 
  • Deploy simple Zero Trust architectures with free tools. 
  • Correlate logs, behaviors, and techniques the way professionals do. 

What You'll Learn 

In this course, you will develop the skills and knowledge necessary to: 

  • Build a secure endpoint architecture from scratch. 
  • Use Sysmon to monitor and detect endpoint threats. 
  • Correlate logs and behaviors for advanced threat detection. 
  • Ask the right investigative questions like a SOC analyst. 
  • Apply Zero Trust principles using built-in Windows security features. 
  • Detect and respond to insider threats using Sigma. 

ShapeTools You'll Use (All Free & Open-Source) 

Throughout the course, you’ll work with real-world, open-source tools that are commonly used by cybersecurity professionals: 

  • Sysmon – for endpoint telemetry 
  • Process Monitor – for behavior visibility 
  • CIS-CAT Lite – for security baseline assessments 
  • osquery and Velociraptor – for endpoint visibility and live query-based investigation 
  • Sigma – for writing detection rules 
  • Event Viewer & PowerShell – for real-time analysis Shape 

What This Course Will Help You Do 

By the end of this course, you will have the practical skills needed to: 

  • Land an entry-level SOC analyst or blue team job. 
  • Understand how endpoint attacks happen — and how to stop them. 
  • Build detection capabilities without buying expensive software. 
  • Prepare for certifications like CySA+, Blue Team Level 1, and SC-200. 
  • Upskill if you're a sysadmin moving toward security. Shape

If you’re serious about learning how endpoint security works in the real world, from concept to hands-on execution, then this course is built for you. 

Skills You Will Gain

CySA
Blue Team Level 1
SC-200
SOC Analyst

Learning Outcomes (At the end of this program you will be able to)

After completing this course, learners will be able to: 

  • Apply endpoint security principles to evaluate architectural components, identify common attack vectors, and implement baseline hardening techniques. 
  • Configure endpoint telemetry tools to collect and interpret suspicious system activity. 
  • Configure native Windows security controls to enforce Zero Trust at the endpoint level. 
  • Analyze endpoint behavior to detect and respond to potential insider threats. 

Prerequisites

No prior security experience is required, but basic familiarity with Windows and using virtual machines will be helpful. 

Who Should Attend

  • Entry-Level SOC Analyst or Security Intern 
  • IT Administrator Transitioning into Security 
  • Cybersecurity Student or Academic Learner 
  • Red Teamer or Pentester Learning Blue Team Tactics 

Curriculum

Instructors

Frequently Asked Questions

How much do the courses at Starweaver cost?

We offer flexible payment options to make learning accessible for everyone. With our Pay-As-You-Go plan, you can pay for each course individually. Alternatively, our Subscription-Based plan provides you with unlimited access to all courses for a monthly or yearly fee.

Do you offer any certifications upon completion of a course at Starweaver?

Yes, we do offer a certification upon completion of our course to showcase your newly acquired skills and expertise.

Does Starweaver offer any free courses or trials?

No, we don't offer any free courses, but we do offer 5-day trial only on our subscriptions-based plans.

Are Starweaver's courses designed for beginners or advanced students?

Our course is designed with three levels to cater to your learning needs - Core, Intermediate, and Advanced. You can choose the level that best suits your knowledge and skillset to enhance your learning experience.

What payment options are available for Starweaver courses?

We accept various payment methods such as major credit cards, PayPal, wire transfer, and company purchase orders. For more information related to payments contact customer support.

Do you offer refunds?

Yes, we do offer a 100% refund guarantee for our courses within a specified time frame. If you are not satisfied with the course, contact our customer support team to request a refund with your order details. Some restrictions may apply.

*Where courses have been offered multiple times, the “# Students” includes all students who have enrolled. The “%Recommended” shown is also based on this data.
Rohit Mukherjee

Rohit Mukherjee

A passionate cybersecurity professional specializing in Incident Response, Threat Hunting, and Managed Detection & Response (MDR), with experience in identifying, analyzing, and mitigating cyber threats using EDR, SIEM, and cloud security solutions. Demonstrates proficiency in malware analysis, log analysis, and detecting adversary tactics, techniques, and procedures (TTPs).

VIEW MY CHANNEL
1Lesson 00 - Introduction
2Lesson 1.1 - Foundations & Baseline Hardening
3Lesson 1.2 - Core Security Concepts
4Lesson 1.3 - Endpoint Security Architecture & Assessment
5Lesson 2.1 - EDR Fundamentals
6Lesson 2.2 - Log Generation & Collection
7Lesson 2.3 - Endpoint Alert Handling & EDR Analysis
8Lesson 3.1 - Foundations of Zero Trust
9Lesson 3.2 - Inside Zero Trust Architecture
10Lesson 3.3 - Zero Trust in Practice
11Lesson 4.1 - Understanding Insider Threats
12Lesson 4.2 - Detection Strategies & Endpoint Monitoring
13Lesson 4.3 - Simulating and Identifying Insider Threat Behavior

Segement 00 - Intro Video to Course

Segement 01 - Module Introduction

Segement 02 - What Is an Endpoint and Why it Matters

Segement 03 - Common Attack Vectors

Segement 04 - Real-world Attacks

Segement 08 - Key Components of Endpoint Security Systems

Segement 09 - Security Baseline _ Compliance Standards

Segement 10 - Running a Baseline Scan with CIS-CAT Lite on Windows

Segement 05 - CIA Triad in Endpoint Context

Segement 06 - Hardening Techniques _ Best Practices

Segement 07 - Endpoint vs. Network Security

Segement 18 - Endpoint Visibility with osquery Architecture _ Live Queries

Segement 19 - Investigating a Suspicious File-Based Alert with Velociraptor

Segement 20 - Response Discussion and EDR Limitations

Segement 11 - Module Introduction

Segement 12 - From Antivirus to EDR

Segement 13 - EDR Pipeline Collect Detect Respond

Segement 14 - MITRE ATT_CK in EDR

Segement 28 - Hardening the Endpoint for Host Security-

Segement 29 - Advanced Windows Hardening ASR_ Folder Access_ Exploit Protection

Segement 30 - Monitoring and Tamper Protection Logs_ Audit_ Baselines

Segement 38 - Simulating Suspicious Activity

Segement 39 - Capturing Behavior with Sysmon _ Sigma

Segement 40 - Investigating the Insider Trail

Segement 41 - Intro Video to Course

Segement 25 - Trust Evaluation Workflow

Segement 26 - Policy Decision vs Enforcement

Segement 27 - Enterprise Reference Models

Segement 21 - Module Introduction

Segement 22 - What Is Zero Trust

Segement 23 - Why Traditional Models Fail

Segement 25 - Pillars of Zero Trust

Segement 35 - Detection via Logs and Baselines

Segement 36 - Risks Posed by Privileged Users

Segement 37 - Policy and Legal Considerations

Segement 15 - Key Artifacts Process_ File_ Registry_ and Network

Segement 16 - Intro Video to Course

Segement 17 - Visualizing Endpoint Activity with Process Monitor 

Segement 31 - Module Introduction

Segement 32 - What Are Insider Threats

Segement 33 - Types of Insiders _ Motivations

Segement 34 - Key Indicators of Insider Behavior