This course is designed for technical professionals who will be supporting Sophos Central and provides an overview of how to troubleshoot the product.

Sophos Central Technician Training (2 days Training) – Tuesday 2 March 2021– Wednesday 3 March 2021 

The course is expected to take 1 ½ days (10 hours) to complete, of which approximately half will be spent on the practical exercises. 

On completion of this course, trainees will be able to:

• Understand the support tools required to investigate common issues
• Identify common issues when reported
• Perform appropriate troubleshooting steps

Prerequisites 

Prior to taking this course you should:

• Have completed and passed the Sophos Central Certified Engineer course
• This course uses Windows tools and utilities as part of the troubleshooting process. Students should be comfortable working with following:
• Windows Administrator command prompt
• Control Panel settings
• File and folder permissions
• Windows Services (services.msc)
• Registry Editor (regedit.exe)
• Windows Firewall with Advanced Security
• Active Directory Users and Computers
• Active Directory Group Policies.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Introduction to Troubleshooting Sophos Central
• Module 2: Client Installation
• Module 3: Active Directory Synchronization
• Module 4: Updating
• Module 5: Policies
• Module 6: Infection and Detection
• Module 7: Threat Response

Certification

+ exam: Sophos Central Technician

Duration 1 1/2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1 Tuesday 2 March 2021 

9:30-10:35 Module 1: Introduction to Troubleshooting Sophos Central

• Troubleshooting process
• Alerts and logins in Sophos Central
• Sophos Tools
• Windows Tools
• Client Log Files
• Labs (40 mins)
• Lab Preparation
• Install Server Protection
• Install and Configure AD Sync
• Deploy an Update Cache and Message Relay
  

10:35-12:40 Module 2: Client Installation

Installation Overview

• Active Directory Group Policy Deployment Failure
• Download Failure
• Competitor Removal Tool
• Package Installation Failure
• Labs (75 mins)
• Troubleshoot CRT Issues
• Uninstall a Deleted Endpoint
• Customize the Competitor Removal Tool
• Troubleshoot Deployment using a Startup Script
• Troubleshoot Failure to Download the Installer
• Troubleshoot Package Installation Failure
  

12:40-13:20 Lunch

13:20-14:30  Module 3: Active Directory Synchronization

• Active Directory Synchronization Overview
• Windows Password Changed
• Central Password Changed
• Unable to Connect
• Users No Longer Being Synced
• erifying Filters
• Labs (45 mins)
• Troubleshoot Synchronization Failure
• Troubleshoot Connection Errors for Synchronization
• Troubleshoot Groups Not Synchronizing
• Troubleshoot a Missing UserIPsec VPN Could Not Be Established (Scenario 2)

14:30-15:45  Module 4: Updating

Updating (30 mins)

• Updating Overview
• Techniques for Troubleshooting
• Disk Space and Permissions Problems
• Name Resolution
• Sophos Central
• Sophos Certified Technician
• Client Firewall
• Network Firewall
• Labs (45 mins)
• Investigate the Current Configuration
• Simulate Failure of the Update Cache Server
• Modify Proxy Settings
• Modify Firewall Settings

15:45-16:00 Break  

16:00-17:05  Module 5:Policies

• Policies Overview
• Management Communication
• Message Relays
• Troubleshooting Connectivity
• Client Deleted from Central
• Labs (45 mins)
• Establish the Current Configuration for Management Communication
• Configure Web Control policies and Global Settings
• Configure Server Groups and Policies

Day 2  Wednesday 3 March 2021 

9:30-10:45 Module 6: Infection and Detection

• Cleanup
• Quarantine
• False positives
• Labs (30 mins)
• Release a File from SafeStore
• View File Information in EndPoint Self Help
• Use the Source of Infection Tool

10:45-12:00 Module 7 Threat Response

• Endpoint Detection and Response
• How to read a threat case
• Search for threats
• Detection scenarios
• How to find help from Sophos.
• Labs (30 mins)
• Generate and Analyze Threat Cases
• Create and View a Forensic Snapshot

This course is designed for technical professionals who will be supporting Sophos XG Firewall and provides an overview of how to troubleshoot the product.

Sophos XG Technician Training (2 days Training) – Tuesday 23 February 2021– Wednesday 24 February 2021

The course is expected to take 2 days (16 hours) to complete, of which approximately 4 hours will be spent on the practical exercises.

On completion of this course, trainees will be able to:

• Apply the troubleshooting process to issues
• Use the tools available on the XG Firewall to gather information and investigate issues
• Locate and read log files on the XG Firewall
• Identify and resolve common issues

Prerequisites

Prior to taking this training, you should:

• Have completed and passed the XG Firewall Certified Engineer course and any subsequent delta modules up to version 18.0
• We recommend students have the following knowledge and experience:
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience configuring network security devices
• Experience configuring and administering Linux/UNIX systems

If you are uncertain whether you meet the necessary prerequisites to take this course, please email us at globaltraining@sophos.com and we will be happy to help.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment that simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Getting Started with Troubleshooting XG Firewall
• Module 2: Troubleshooting Network Protection
• Module 3: Troubleshooting Network Protection II
• Module 4: Troubleshooting Authentication
• Module 5: Troubleshooting Web Protection and Application Control
• Module 6: Troubleshooting Synchronized Security
• Module 7: Troubleshooting Web Server Protection
• Module 8: Troubleshooting Wireless Protection
• Module 9: Troubleshooting Email Protection
• Module 10: Troubleshooting Reporting and How to Get Help

Certification

+ exam: Sophos XG Technician

Duration 2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1, Tuesday 23 February 2021

9:30-11:25 Module 1: Getting Started with Troubleshooting XG Firewall

• Apply the troubleshooting process to issues
• Resolve common device access issues
• Identify the cause of XG Firewall going into failsafe mode
• Troubleshoot and resolve common high availability issues
• Troubleshoot routing issues
• Labs   
  

11:25-11:40 break 

11:40-13:40 Module 2: Troubleshooting Network Protection

• Troubleshoot and resolve common configuration issues with firewall rules and NAT rules
• Manage TLS decryption errors
• Determine whether traffic is flowing through the FastPath
• Troubleshooting problems with IPS settings
• Manage ATP alerts
• Labs (40 mins)
• Cannot Access Server in New York from London (Scenario 2)
• DNAT Not Working (Scenario 1)
• DNAT Not Working (Scenario 2)
• Remote Desktop Not Working

13:40-14:15 Lunch

14:15-16:00  Module 3: Troubleshooting Network Protection II

• Troubleshoot and resolve common connection issues for IPsec site-to-site VPNs
• Identify and resolve common SSL VPN issues
• Locate the logs for Sophos Connect and modify the configuration file
• Troubleshoot and resolve common issues for Remote Ethernet Devices (RED)
• Labs (30 mins)
• IPsec VPN Could Not Be Established (Scenario 1)
• IPsec VPN Could Not Be Established (Scenario 2)
• SSL VPN Could Not Be Established

16:00-16:15 Break  

16:15-17:45  Module 4: Troubleshooting Authentication

• Troubleshoot issues with the captive portal
• Identify and resolve authentication issues
• Work through the authentication flow to troubleshoot and resolve issues
• Resolve issues with tokens being out of sync
• Labs (20 mins)
• User Cannot Authenticate
• User Not Authenticated with STAS

Day 2,  Wednesday 24 February 2021

9:30-11:00 Module 5: Troubleshooting Web Protection and Application Control

• Explain the differences between DPI web scanning and the web proxy, and troubleshoot basic web policy issues
• Enable debug logging for DPI web scanning
• Troubleshoot web proxy performance issues
• Troubleshoot web categorization
• Troubleshoot application control policy issues
• Labs (20 mins)
• Site Incorrectly Blocked for User
• Application Not Working for User

11:00-11:15 Break

11:15-12:45 Module 6 Troubleshooting Synchronized Security

Identify and resolve issues registering XG Firewall with Sophos Central

• Troubleshooting and resolve issues with Security Heartbeat
• Resolve problems with Synchronized User Identity
• Investigate and resolve problems related to lateral movement protection
• Labs (20 mins)
• Cannot Register XG Firewall with Sophos Central
• Endpoint Cannot Establish a Heartbeat with XG Firewall Configure VPN network NATing

12:45-13:30 Break and Lunch

 13:30- 14:40 Module 7: Troubleshooting Web Server Protection

• Perform basic web server protection configuration
• Troubleshoot and resolve static URL hardening errors
• Troubleshoot and resolve static form hardening errors
• Troubleshoot and resolve threat filter rule errors
• Identify whether web server authentication issues are caused by the XG Firewall or the web server
• Labs (10 mins)
• Error Using Webmail Server

14:40-15:35 Module 8: Troubleshooting Wireless Protection

• Troubleshoot the access point deployment process
• Resolve common wireless network issues Resolve common wireless network issues
• Identify common causes of performance issues and the configuration that can help resolve them
• List the ports used by wireless protection and how to connect to the access point to gather additional informationLabs (Authenticate users over a site to site VPN)

15:35-15:50 Break 

15:50-17:20  Module 9 : Troubleshooting Email Protection

• Identify and resolve basic mail flow problems
• Troubleshoot virus emails that are not detected
• Troubleshoot false positive and false negative spam detections
• Identify the cause of, and resolve, missing quarantine digest issues
• Labs (30 mins)
• Cannot Receive Email
• Cannot Send Email
• Virus Email Delivered

17:20-18:00 Module 10: Troubleshooting Reporting and How to Get Help

• Troubleshoot issues with report generation
• Find help when you are unable to resolve issues yourself

Source: Datto

As 2020 comes to a close, we look back on another year of increased attacks on managed service providers (MSPs), their small and medium business (SMB) clients, and the ecosystem of tools used within the community. In the face of these events, the MSP community showed the desire to tackle the underlying challenges with increased engagement, new peer forums, and attention in hardening their services. As we look forward to what 2021 might bring, now is a great time to develop or update your plan for managing cyber risk.

Understanding Threats

As a practitioner of risk management at Datto, I look at where we can best spend our time and what areas are the most important to address when it comes to cybersecurity. This is an important concept for MSPs to master in 2021 — it’s a continuous process, and requires adaptability as new threats emerge. While we care about knowing about the possible actors we may face, for example, cybercriminal organizations and loss scenarios such as ransomware within internal systems, it’s how these unfold that is one of the most important pieces to analyze. In this blog, we’ll focus on applying a process to a handful of techniques used by threat actors, surface mitigations, and provide a few tips on prioritization.

Let’s start with three key techniques threat actors have successfully utilized over the last few years as the starting point for our 2021 planning. In stepping through this process you can apply the same thinking to any number of techniques that you uniquely identify.

Phishing

Through the use of various sub-techniques such as malicious attachments and links, these are highly effective for actors in meeting their objectives. The weakness to understand here is the end user and being able to create a situation where they take an action that leads to credential or host compromise.

Stolen Credentials

Often in conjunction with phishing or compromising of a third party, the actor utilizes valid credentials to access websites and services, or to escalate privileges internally. The weakness here is identity and access management.

External Remote Services

MITRE’s ATT&CK framework states, “Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations.” There are two potential weaknesses we will focus on for this exercise, user accounts, and vulnerabilities within the exposed services.

Defining Risk Mitigations

Now that we have a better understanding of the techniques used by bad actors and the underlying weaknesses, the next step is to populate a list of mitigations to help reduce the likelihood of these techniques being successful. The list of examples is not exhaustive and in practice should focus on the top ways to reduce risk based on deficiencies in your environment.

Phishing

• Email Security Services – provides additional security capabilities on top of email services above what Exchange and Gmail provide as a part of their base service.
• Security Awareness Training – provided in many forms of content, and phishing simulations.
• Endpoint Controls – if a malicious attachment or link is successful, ensuring the device is patched, services and configuration hardened and has a quality AV/EDR/MDR solution adds layers of security (and resilience!).

Stolen Credentials

• Multi-factor Authentication – ensuring all systems that support it have it enabled, even if you are on network.
• Password Manager – a number of mature solutions exist with the goals of not reusing passwords and having a secure means of generating them for use.
• Notifications – a fairly novel use of the built-in mechanism, and free, alert the user of new logins and device registrations. It’s understood that this is how FireEye detected the most recent breach.

External Remote Services

• Multi-factor Authentication – ensuring all systems that support it have it enabled, worth repeating twice as it is still a major driver of successful attacks on External Remote Services.
• Baseline configurations – expose the bare minimum number of services required, ensure they are vulnerability free, and that they are designed for external connectivity. It’s 2021 and we still have a large number of attacks attributed to Microsoft’s Remote Desktop Protocol being made externally available without a gateway.
• Vulnerability scanning – Whether it is a new vulnerability or a tech mistakenly opening up a vulnerable web service, regular perimeter scans serve as a continuous monitoring source that helps reduce the window that vulnerabilities are exposed to the internet.

Prioritizing the Action Plan

Arguably the hardest part of this exercise is the prioritization of activities in an action plan and finding the time to work through them. As we mentioned in this case study from 2019, don’t tackle the entire list but do put some thought into the activities and their value. While traditional risk management practices take into account financial loss in prioritization, below are a few less structured ways of approaching this problem.

• Attack Frequency – How many times have the techniques on your list been successfully used against your tech stack and user base? The more times something has occurred in the past is a good signal of future likelihood.
• Costs – Is the suggested mitigation a new tool, or is it using what you already have in new ways? Endpoint patching and configuration hardening, and enabling multi-factor authentication are still areas of improvement for MSPs. Even creative use of notifications can lead to more resilient outcomes.
• Business advantage – Determining if the required investment would be a business advantage in marketing and quality of managed services is a useful dimension. (Note: this should almost always be the case, some will just be more visible than others).

As we look at the steps we laid out above, you should walk away with the foundations to build a process that can be used and reused to harden your IT infrastructure. It’s best to set a goal of quarterly assessments at a minimum that review your program’s cyber risk in the face of trending attacks and focus on any new techniques being used.

Business continuity and disaster recovery (BCDR) solutions should serve as a foundational component in every partner’s technology stack. It’s imperative that in 2021, the MSP community’s trend of building in security practices continues. It’s through continuously assessing and improving cyber resiliency that the BCDR solutions will become the last card played rather than the only card.

Source: Datto

In today’s global economy, businesses must be compliant with standards established by various countries so they can service customers around the world.

One such regulation you can’t afford to ignore is the GDPR (General Data Protection Regulation), which is the core of Europe’s digital privacy legislation.

The GDPR applies to any organization that operates within the EU or offers goods or services to customers based in the EU.

These companies need to ensure that personal data is gathered legally and under strict conditions, as well as protected from misuse and exploitation.

Violation of GDPR rules can result in hefty fines, currently set at up to €20 million ($23.3 million), or 4% of a company’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

To ensure that you’re adhering to GDPR guidelines, you need to protect your customers’ information. Here are six technologies that can help you stay compliant:

1. Managed File Transfer (MFT)

Managed file transfer (MFT) solutions use industry-standard network protocols and encryption methods to streamline the management of company data.

These solutions automate data transfer across the organization, network, systems, applications, partners, and cloud environments using a centralized interface.

To use an MFT solution, you’d first securely send a file through an MFT program or email plugin. The software then encrypts the file and delivers it to the intended recipients. Finally, the recipients will decrypt the files so they can read the content.

MFT applications help ensure the secure collection, movement, and usage of personally identifiable data by providing organizations with a holistic view of their data movement processes. Some key security-enhancing capabilities to look for include data encryption, access rights management, and full audit trails.

Related Reading: What is Managed File Transfer (MFT)?

2. Automated data protection processes

You can use these solutions to automate data protection processes and gain better visibility into the movement of sensitive information in and out of your organization. This helps eliminate inefficiencies, errors, and delays caused by manual procedures.

Many of these solutions also offer protection against data loss and data theft while providing enhanced visibility into data breaches.

To make automation work for your business, first define and standardize procedural and technological controls for protecting personal data.

Based on your business model and criteria, you can then select a solution that offers the right features, such as encryption, multi-factor authentication, and pseudonymization to implement the automation.

Related Reading: 5 Benefits of Automation

3. Privacy impact assessments

These technologies help organizations evaluate the potential impact that their business decisions will have on users’ data privacy. Companies can be clued into potential violations early on, so they can avoid issues down the road.

Such assessments are particularly useful in supporting new product launches, geographic expansions, and mergers and acquisition activities.

Organizations can identify high-risk data that’s being collected, assess gaps in their compliance efforts, remediate areas of concern, and create an audit trail to stay compliant.

4. Individual rights compliance

Since the GDPR grants individual users the rights over how businesses use their data, you need the tools that will enable customers to enact the right to access their data, restrict or object to the processing of their data, and data portability.

These solutions allow you to create custom individual rights request forms, provide notifications, and set automated reporting to meet individual rights requirements.

You can identify the storage locations of the data requested by users and fulfill requests within the required 30-day time frame without interfering existing business processes.

Related Reading: What You Need to Know to Prepare for GDPR Compliance

5. Data mapping

Staying GDPR compliant can be particularly challenging for organizations that don’t have an exacting data management practice.

This is because a large part of GDPR focuses on justifying the type and scope of data being collected and demonstrating compliance in a timely manner. Instead of being data processors, organizations need to act as data controllers.

Data mapping solutions help you understand what data your organization is collecting, where the information is being stored, and who has access to it.

With such knowledge, you can determine what additional obligations may apply to the data based on sensitivity, geography, or other factors.

6. Pseudonymization technologies

These technologies allow you to implement a data-masking tactic, which is referenced in the actual text of the regulation.

The technologies work by storing an individual’s information in many separate files and under many different names.

As a result, hackers can’t get their hands on customers’ full information by simply stealing one file or reassembling personally identifiable information from multiple sources.

7. Data classification

The first step to a strong data protection posture is data classification. It provides a firm foundation towards onward compliance, and integrating data classification with necessary data protection tools such as DLP, rights management, encryption and many more will elevate your data protection strategy.

The industry-leading Boldon James Classifier is key to GDPR compliance, as it is designed to reduce data loss incidents and improve DLP solution effectiveness. Visual labelling enhances your workforce’s awareness of the value of the data they are using, whilst metadata labels facilitate more effective application of data security, data management and retention policies.

Related reading: Classification By Design: The Foundation Of Effective Data Protection Compliance

Final thoughts

A data breach will not only cost you a hefty penalty but also tarnish your reputation, erode trust with customers, and impact your long-term profitability.

Investing in the right technologies for GDPR compliance will pay for itself by helping you implement the right measures in risk management and analytics, regulatory compliance, and auditing and reporting so you can stay secure and compliant.

Source: Boldon James

Managed service providers (MSPs) have #giftgoals too, so we’ve put together a “Holiday Wish List” for MSPs with gift ideas to help them maximize efficiencies, deliver great customer service, protect clients from cyber threats and work smarter, not harder, in 2021 and beyond.

1. Universal Two-Factor Authentication (2FA) would bring Joy to the World. With threat actors finding ways to bypass preventative measures, 2FA becomes more critical. To be as effective as possible, clients that deploy it on both workstations and server logins gain an extra layer of protection.
2. Let us grow, let us grow, let us grow! MSPs become part of a growing community of MSPs when they partner with Datto. Beyond just dependable technology, Datto provides access to the industry’s best resources, education, and marketing tools to grow and scale their business.
3. It’s beginning to look a lot like efficiency. Efficiency is the name of the game for any MSP. Gain access to valuable tools and insight with Autotask PSA and Datto RMM, optimizing service delivery, increasing productivity, and finding more time for billable tasks.
4. I’m dreaming of no downtime. Businesses have had a tough year, and what better way to improve in 2021 than ensuring they never have to be without their mission-critical systems and data? Give your clients peace of mind with a business continuity solution to get them back up in running in the event of downtime.
5. Silver and Gold. Building stronger, trusted relationships with clients is one of the best gifts to receive. MSPs can show clients they deliver exceptional value with quarterly business reviews and detailed performance reporting.
6. Clients who *believe* in the power of backup. MSPs know how important backup is when disaster strikes. The best way to protect servers, files, PCs, and SaaS applications all tailored to a client’s needs is with Datto Unified Continuity solutions.
7. It’s the most wonderful time of the year for SMBs to migrate to the cloud. Clients that migrate to the cloud see increased efficiencies, more productivity, and cost savings. Plus, bundle in Datto SaaS Protection to back it up, and you’ve just raised your margin on a recurring service.
8. All is calm, all is bright. SMBs who invest in data protection and take the security recommendations MSPs make bring their MSPs peace of mind. Datto can help MSPs educate clients about the importance of continuity solutions to strengthen security measures.
9. All I want for Christmas is a clear ticket queue. MSPs had a busy year with a near-complete shift to remote working. Give the gift of an empty ticket queue with an intuitive ticket user interface that enables immediate action and resolves issues quickly with Autotask PSA.
10. I’ll Be Home for Christmas. Wherever home is, the simple joys of celebrating with loved ones is on everyone’s wish list this year.

Source: Datto

We at Acunetix and Invicti are deeply concerned with the aftermath of the SolarWinds hack and offer our deepest commiserations to all the security personnel who are facing this situation just before Christmas, and to SolarWinds themselves who have been an unwilling agent to the compromise of more than 18,000 organizations.

At the same time, we would like to reassure our customers, partners, and prospects that we are not a customer of SolarWinds and are therefore not in any way affected by this hack. As always, we continue to take the utmost care to ensure that our on-premises and online software and our update download servers are not compromised in any way.

What Happened at SolarWinds?

If you’re not up to date on the news: The SolarWinds Orion network monitoring software, used by more than 18,000 organizations all over the world, was compromised several months ago. An update, downloadable from the SolarWinds update server, was poisoned with a malicious backdoor. This backdoor allowed unknown threat actors to spy on SolarWinds Orion customers and potentially control their systems remotely or escalate into their networks.

The original attack vector remains unknown but there are hints that might give us a clue of what originally happened. Since the first traces of backdoor being used date back to March 2020, it is very probable that SolarWinds was hacked at the beginning of 2020 or in late 2019. This is in line with certain Tweets that suggest that SolarWinds had an open repository on GitHub and used weak passwords. This would not be surprising at all. Openly accessible repositories and exposed databases account for some of the biggest hacks in recent years and common password vulnerabilities are often the underlying cause of major break-ins.

Another potential vector is that the SolarWinds Office 365 account was supposedly compromised, according to information that SolarWinds received from Microsoft. SolarWinds believes that data contained in emails might have allowed the attackers to gain access to other systems (which also suggests poor email culture – you should not use email to send sensitive data). This yet again suggests that it might have been a weak password policy that has been the underlying cause of the breach. Remember, it just takes one user with a weak password for a malicious hacker to enter.

Conclusions from the SolarWinds Hack

While the hack itself is most probably nothing out of the ordinary, what is very much out of the ordinary in this situation is the fact how long it has remained undiscovered. This is what suggests that while the vulnerability might have been trivial, the exploitation itself was not. The attackers, whoever they really are, took a great deal of care to remain undetected in all the infiltrated networks. This is why it is believed that it must have been a major intelligence operation.

This leads to the conclusion that even if you consider a vulnerability or an asset just a minor one, it may be used by the attacker to escalate deeper into your systems – for example, a simple SQL injection on a database that contains no personal data may lead to a complete system compromise. What’s even worse, the attacker may then use your compromised systems to perform an attack on others – an attack that may be even harder to detect, such as in the case of SolarWinds.

Another important conclusion from this hack is that if SolarWinds Orion was a cloud product, the hack would not be possible because there would be no downloadable updates. If the organizations had no internal networks (if they had all their applications in the cloud) and they never needed Orion in the first place, it would not happen either. This may be yet another nudge for organizations to move their assets to the cloud. However, they must not forget that the cloud also has its security concerns. And one of these security concerns is the fact that all cloud apps are web applications.

How Can Acunetix Help?

Since we deal with web application security, Acunetix cannot help organizations with securing their legacy applications and internal networks, such as those that have been infiltrated by the backdoor in SolarWinds Orion. However, Acunetix is an indispensable tool for when you move those applications to the cloud – we also check for exposed databases and weak passwords. To keep all your web assets secure, your best bet is to start with a web vulnerability scanner.

Sophos published its newest threat report. The report encapsulates the work of multiple teams within Sophos, including SophosLabs, Cloud Security, Data Science, and Rapid Response. The daily work of these and other groups in the company help protect Sophos’ customers from an ever-increasing variety and intensity of acts of malfeasance targeting their computer systems and data.

The past year presented the world with challenges that humans haven’t faced in more than a century. While the internet gave us the ability to cope with a global pandemic better than was possible in 1918, we faced new complications in 2020 from ransomware, cryptojackers, and digital theft targeting every conceivable platform – even security appliances.

In our threat report (which you can download here), we’ve attempted to bring a bit of order to the chaos of the past year. We’ve structured the report to discuss the four key domains in which we focused our protection efforts in 2020 and which will guide our planning into 2021:

• The increasingly dire threat of ransomware in all its new forms
• Conventional Windows malware, including tools criminals use to steal data and deliver malicious payloads
• Unconventional malware that targets platforms not traditionally thought of as part of an organization’s attack surface
• How the pandemic impacted attacker behavior as much as how we now work, play, shop, go to school, and socialize – and the challenges involved in protecting those functions.

This was the year that ransomware, for instance, decided that merely encrypting our data and holding it hostage wasn’t quite evil enough. Threat actors discovered that even organizations with the best backups still are willing to pay big money to prevent sensitive data being leaked to the world, turning ransomware attacks into a hybrid hostage-extortion crisis.

It was also a year when threat actors pushed the ransomware envelope in another way: Initial ransom demands skyrocketed into the millions of dollars per incident, though some criminals made it clear they were willing to bargain with their victims.

As office workers shifted into a work-from-home, lockdown mode, businesses had to devise new ways to provide their employees with secure access into internal computer systems, extending the enterprise perimeter to encapsulate thousands of homes. And as organizations rapidly deployed these remote-access features, attackers devised new ways to use them against us, targeting our VPNs and other internet-facing services and devices for special attention.

For instance, in incidents where we were called in to investigate, we discovered that Windows’s built-in RDP was not only targeted as an initial point of access, but once threat actors gained a foothold inside the perimeter, they began to take advantage of RDP to navigate laterally within an organization.

When the Sophos Rapid Response team investigates incidents, they attempt to determine the root cause of attacks. Beyond RDP, the Rapid Response team have also found that attackers increasingly make use of mundane, conventional, common malware to deliver ransomware and other more serious payloads. Any detection, no matter how banal, may be the precursor to a devastating attack.

Attackers also put effort into targeting attacks at technology not traditionally considered part of the attack surface: Networked IoT devices, firewalls, Linux servers, and Macs did not evade the attention of criminals who leveraged vulnerabilities to install cryptominers or other malicious code. And the attackers who did target Windows servers and workstations increasingly employ the tools created by the security industry to probe for or exploit weaknesses, using our analysis tools against us.

The pandemic factored into everything we did in information security this year, and it sharpened one point: In times of crisis, when systems all around us are under stress, protecting what still works is vitally important to maintaining our ability to survive and thrive. Under attack from all sides, the information security industry and many thousands of practitioners set aside competition and stepped up to work together, as a community, to push back against the darkness.

Source: Sophos

Sophos Home provides the industry’s best protection against ransomware, viruses, malware, exploits, and more. It’s the same enterprise-grade protection available in our business products, which protect millions of computers in the world’s most valuable organizations.

And the newly-launched Sophos Home mobile management app – available now for both iOS and Android – makes remotely monitoring and managing your loved one’s devices easier and more effective than ever before. You’ll enjoy being able to access your Sophos Home dashboard from your mobile device without having to use your computer.

Features include…

• Instant notifications and alerts of new threats
• Remote scanning of computers, regardless of location
• Easy management of device protection settings
• Built-in phone security features such as Face ID, fingerprint scanning, and passcodes
• Optional two-factor authentication for an extra layer of security
• Live chat with customer support to help you tackle more difficult challenges

The Sophos Home mobile management app is available to all Sophos Home Premium customers and anyone trying our free 30-day Sophos Home trial.

Ready to get started? You can download the Sophos Home Mobile Management app at the Apple App Store or Google Play Store.

Don’t already have a Sophos Home Premium account? Head to home.sophos.com to start a 30-day free trial.

Source: Sophos

December 2, Athens, Greece – NSS, an international value-added distributor of leading cutting-edge IT solutions, today announced its partnership with Datto, the leading global provider of cloud-based software and technology solutions purpose-built for delivery by managed service providers (MSPs). This strategic distribution agreement brings Datto’s enterprise-grade technology to small and medium enterprises in Southeast Europe.

Founded in 2007 in the U.S., Datto is a global leader in business continuity and disaster recovery, business management, and networking solutions. The presence of Datto’s technology in Southeast Europe will enable IT solution providers and resellers to continue to grow and address the IT needs of SMEs. With this agreement, Datto’s cloud-based software and technology solutions will be available to MSPs by NSS. Datto’s solutions are built to integrate with “best of breed” tools, software, and applications that MSPs use most.

“Datto is expanding in Europe and sees a great opportunity to bring our critical technology, tools, and expertise to businesses in Greece, Cyprus, Malta and Bulgaria,” said James Vyvyan, VP Sales EMEA, Datto. “We’ve chosen a trusted go-to-market partner in NSS, and look forward to working together to deliver IT solutions through MSPs in an increasingly complex IT environment.”

“As a leader in cloud-based software and technology solutions, we are thrilled to add Datto’s offering to our portfolio and distribute these critical solutions,” said George F. Kapaniris, Executive Director, NSS. “We look forward to helping MSPs protect their end customers and grow their businesses”.

NSS will distribute Datto’s solutions in the markets of Greece, Cyprus, Malta and Bulgaria. By offering Datto’s comprehensive and unique set of cloud-based solutions, NSS is expanding its portfolio to meet the increasing IT requirements and security needs of businesses during the age of digital transformation.                          

To find out more please visit: https://www.nss.gr/en/products/systems/datto/

About NSS 

NSS is an international Value Added Distributor of Affordable Cutting Edge IT solutions, covering technology areas that include information security, network optimization, communications and infrastructure systems. NSS has strategic partnerships with superior vendors offering products & services with leading technologies that place the company ahead of the competition in today’s crowded market. NSS products can be acquired through a selected channel of resellers in Greece, Cyprus, Malta, the Balkan and Adriatic Countries.

Αθήνα, 2 Δεκεμβρίου 2020 – Η NSS, Διεθνής Διανομέας Προστιθέμενης Αξίας (Value-Added Distributor / VAD) λύσεων πληροφορικής υψηλής τεχνολογίας ανακοίνωσε τη συνεργασία της με την Datto, παγκόσμια ηγέτιδα στην παροχή cloud-based λογισμικού και εξειδικευμένων τεχνολογικών λύσεων που απευθύνονται σε MSPs (Managed Service Providers). Αυτή η στρατηγική συμφωνία διανομής φέρνει τις τεχνολογίες επιχειρησιακής κλάσης της Datto σε μικρές και μεσαίες επιχειρήσεις στη Νοτιοανατολική Ευρώπη.

Η Datto, που ιδρύθηκε το 2007 στις Η.Π.Α. αποτελεί παγκόσμιο ηγέτη στους τομείς της Διαχείρισης Επιχειρησιακών Διαδικασιών (Business Management), την Αποκατάσταση από Καταστροφή (Disaster Recovery), την Επιχειρησιακή Συνέχεια (Unified Continuity) και τις Λύσεις Δικτύωσης. Η παρουσία των τεχνολογιών της Datto στη Νοτιοανατολική Ευρώπη θα επιτρέψει στους παρόχους λύσεων πληροφορικής και στους μεταπωλητές να συνεχίσουν να αναπτύσσονται και να ανταποκρίνονται στις ανάγκες πληροφορικής των μικρομεσαίων επιχειρήσεων. Με αυτή τη συμφωνία, το cloud-based λογισμικό και οι τεχνολογικές λύσεις της Datto θα είναι διαθέσιμες στους MSPs από την NSS. Οι λύσεις της Datto σχεδιάστηκαν για να συνδυάζονται επίσης άψογα με τα πιο διαδεδομένα εργαλεία, το λογισμικό και τις εφαρμογές που χρησιμοποιούν  οι MSPs σήμερα στην αγορά.

«Η Datto επεκτείνεται στην Ευρώπη και έχουμε μπροστά μας μια μεγάλη ευκαιρία να φέρουμε την τα τεχνολογικά εργαλεία υψηλής απόδοσης και την τεχνογνωσία που διαθέτουμε σε επιχειρήσεις στην Ελλάδα, την Κύπρο, τη Μάλτα και τη Βουλγαρία» δήλωσε ο James Vyvyan, Αντιπρόεδρος Πωλήσεων EMEA της Datto. «Επιλέξαμε την NSS, έναν αξιόπιστο εταίρο για τη μετάβαση μας στην αγορά και ανυπομονούμε να συνεργαστούμε για την παροχή λύσεων πληροφορικής μέσω των MSPs στο ολοένα και πιο περίπλοκο περιβάλλον πληροφορικής σήμερα» συμπλήρωσε ο κ. James Vyvyan.

«Ως ηγέτης στο λογισμικό που βασίζεται στο cloud και τις τεχνολογικές λύσεις που έχουν δημιουργηθεί ειδικά για τους παρόχους διαχειριζόμενων υπηρεσιών (MSPs), είμαστε ενθουσιασμένοι οι εξαιρετικές λύσεις της Datto προστίθενται στο χαρτοφυλάκιο των προϊόντων που διανέμουμε», δήλωσε ο Γιώργος Καπανίρης, Εκτελεστικός διευθυντής της NSS. «Ανυπομονούμε να βοηθήσουμε τους MSPs να προστατεύσουν τους πελάτες τους και να αναπτύξουν τις επιχειρήσεις τους».

Η NSS θα διανέμει τις λύσεις της Datto στις αγορές της Ελλάδας, της Κύπρου, της Μάλτας και της Βουλγαρίας. Προσφέροντας το ολοκληρωμένο και μοναδικό σύνολο τεχνολογικών λύσεων που βασίζονται στο σύννεφο της Datto, η NSS επεκτείνει το χαρτοφυλάκιο της για να ανταποκριθεί στις ολοένα αυξανόμενες απαιτήσεις πληροφορικής και ασφάλειας των επιχειρήσεων στην εποχή του ψηφιακού μετασχηματισμού.

Μάθετε περισσότερα στην ιστοσελίδα της NSS: https://www.nss.gr/el/products/systems/datto/

Σχετικά με την NSS:

Η NSS είναι ένας διεθνής διανομέας λύσεων πληροφορικής υψηλής τεχνολογίας, που καλύπτει τεχνολογικούς τομείς όπως η ασφάλεια πληροφοριών, η βελτιστοποίηση των δικτυακών υποδομών, οι επικοινωνίες και τα συστήματα υποδομών. Η NSS έχει συνάψει στρατηγικές συνεργασίες με κορυφαίους προμηθευτές που προσφέρουν τεχνολογίες αιχμής και τοποθετούν την εταιρεία μπροστά από τον ανταγωνισμό στη σημερινή αγορά. Τα προϊόντα που προσφέρει η NSS είναι διαθέσιμα μέσω ενός επιλεγμένου καναλιού μεταπωλητών στην Ελλάδα, την Κύπρο, τη Μάλτα, στα Βαλκάνια και στις χώρες της Αδριατικής.

In a move that we believe highlights our ongoing commitment to innovation and market leadership, Gartner has named Sophos as one of only two Visionaries among 18 vendors included in the 2020 Magic Quadrant for Network Firewalls.

A defining strength of Sophos XG Firewall is Synchronized Security, our XDR-style integration that enables our endpoint, firewall, and other next-generation security solutions to share information and automate detection and response in ways that isolated point solutions cannot. Customers say that they would need to double their security headcount to maintain the same level of protection without Synchronized Security. They also tell us that they experience fewer security incidents and can identify and respond quicker to issues that do occur.

Extended Detection and Response (XDR) capabilities that reduce the complexity of security configuration, threat detection, and response have emerged as one of the most critical needs as security and risk management leaders struggle with too many security tools from different vendors with little integration of data and a lack of orchestrated response.

“The primary value propositions of an XDR product are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole that offers multiple streams of telemetry, presenting options for multiple forms of detection and concurrently enabling multiple methods of response”  Gartner, “Innovation Insight for Extended Detection and Response” (2020).

We believe Gartner’s recognition demonstrates our innovation in XDR and clear understanding of what security leaders need to achieve greater visibility, easier management, and better threat detection and response across their entire ecosystem.

Staying ahead of the evolving threat landscape

Advanced adversaries continually change and escalate their tactics, techniques, and procedures (TTPs) to circumvent legacy security controls, prolong or evade detection, and execute successful attacks. In 2020, in particular, adversary groups and malware strains have evolved, as evidenced with Maze, WastedLocker and other modern ransomware attacks.

Keeping pace with sophisticated attackers requires constant innovation. Earlier this year, we introduced a new “Xstream” architecture for Sophos XG Firewall, ushering in a host of new and enhanced features, including:

• Inspection of TLS 1.3 to detect cloaked malware: New port-agnostic TLS engine doubles crypto operation performance over previous XG versions
• Optimized critical application performance: New FastPath policy controls accelerate – up to wire speed – the performance of SD-WAN applications and traffic, including Voice over IP, SaaS, and others
• Threat analysis with SophosLabs intelligence: Protection against zero-day threats and emerging ransomware variants with multiple best-in-class machine learning models and unmatched insights into suspicious files entering your network.
• Adaptive traffic scanning: The newly enhanced Deep Packet Inspection (DPI) engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33% across most network environments
• Comprehensive cloud management and reporting in Sophos Central: Centralized management and reporting capabilities in Sophos Central provide customers with group firewall management and flexible cloud reporting across an entire estate without additional charge

Visit our website for more information on XG Firewall and the Xstream architecture.

In the world of IT security in general, 2020 so far could be called the year of ransomware. The news is full of reports of new ransomware attacks and based on the trends so far, we can expect the situation to keep getting worse.

Many organizations, aware of this situation, concentrate their efforts on protecting themselves against ransomware. This often means that they shift their budgets away from web security. Unfortunately for them, it means they are actually making their IT systems less secure against ransomware.

Here are 5 reasons why taking care of your web security is very important to avoid ransomware.

1. Ransomware Is a Result of Attack Escalation

Ransomware is not the attack itself, it is the result of the actual attack.

If we were to compare the effect of ransomware to an illness, ransomware software would represent a virus or bacteria. Once the virus or bacteria gets into the body of the host, it is able to multiply and infect the entire system, often with fatal results. It is the same with ransomware, once it enters the system, it may be impossible to stop.

However, just like a bacteria or a virus does not simply fly from one host to another, neither does ransomware. It must somehow be introduced into the system. And the most effective measures of defense are at this stage – aimed to prevent ransomware from entering the system in the first place.

Just like bacteria and viruses, ransomware may be delivered using different paths. For example, a bacteria or a virus may spread by touch or by saliva droplets. Similarly, ransomware may just as easily be delivered by phishing and social engineering or by exploiting vulnerabilities in the system. And nowadays, most such vulnerabilities are web vulnerabilities (for an explanation of why – see Reason 3 below).

Conclusion: To protect from ransomware, you must completely focus on protecting yourself against the attacks that can be used to deliver ransomware to your systems. Once ransomware is in your system, it is too late.

2. Web Attacks Are Used to Spread Ransomware

Phishing and social engineering are believed to be the most common way to deliver ransomware. However, phishing is often empowered by common web vulnerabilities such as cross-site scripting (XSS). Such vulnerabilities allow attackers to use renowned domain names, for example, your business name, to deliver attacks to your employees and others.

Just imagine that your web application has an XSS vulnerability. This allows the attacker to send your employees an URL with your domain name. However, upon visiting this domain, your employee would be automatically redirected to a malicious download location and download a ransomware installer. Do you think that your employees won’t fall for such a trick? Think again.

Even worse, the attacker may use your vulnerable web application to attack your business partners, your customers, and even the general public, exposing your system weakness and harming your reputation irreparably. If you want to avoid this, you must make sure that none of your systems that use your domain names have such XSS vulnerabilities.

Conclusion: Your web vulnerabilities may enable phishing attacks against your own organization, your partners, your clients, or even the general public. This may cause irreparable harm to your reputation.

3. Move to Cloud Means that More Criminals Aim for the Cloud

As mentioned in Reason 1, ransomware may be delivered to the target system using different methods, very often taking advantage of vulnerabilities. A while ago, most such vulnerabilities would exist in on-premises systems – these would be network vulnerabilities, for example, resulting from out-of-date software or misconfiguration of local networks. Now, especially in 2020 when most businesses moved to remote work, on-premises networks are losing even more ground.

Such on-premises networks are being replaced by the cloud. And the cloud is based completely on web technologies. Therefore, the move to the cloud is associated with the growing importance of web vulnerabilities. Vulnerabilities that used to, perhaps, affect just marketing websites now may affect business-critical systems and business-critical data.

The creators of ransomware also stay ahead of the times. They are aware that it is no longer enough for a malicious encryptor to crawl through a local network and infect local desktops and servers. They are aware that nowadays, more and more potential victims use thin clients (browsers) and access data that is being stored in the cloud. Therefore, they realize that they must take advantage of more and more web/cloud vulnerabilities to ensure their ransomware software is the most effective.

Conclusion: Most organizations either already use the cloud or are moving to it, making network security obsolete. Focusing on network security instead of web security in this day and age makes security efforts futile.

4. Organizations Do Not Report Attack Details

It is very difficult to know how to defend your business against ransomware because other organizations that have fallen victim to ransomware most often do not share their experiences. They simply inform the public that they have been the victim of a ransomware attack – nothing more.

Such behavior is understandable. First of all, attacked organizations may be unable to fix their security weaknesses immediately. Second of all, organizations are afraid to share attack vector details so that they don’t make themselves more open to other attacks. Third of all, many organizations wrongly believe that admitting their mistakes may hurt their reputation.

Unfortunately, this behavior slows down the development of efficient protection methods and has an overall negative impact on IT security worldwide. This situation could be compared to a country that was affected by a deadly virus and would not share any details about it for political reasons.

Conclusion: Not sharing the details of attack vectors used to deliver ransomware to victim systems makes it more difficult for other businesses to avoid ransomware.

5. Media Focuses on the Problem, Not the Solution

What makes the situation even worse is the fact that in those rare cases when attack details are known, most media decide not to mention any such details. This is true in the case of all security breaches. Instead, the media focus on popular topics such as the business impact of the ransomware attack.

For example, to find out that the Capital One data breach from 2019 was caused by a server-side request forgery (SSRF), you would have to dig very deep in search engines. Most media sources did not bother to mention this crucial information.

In the light of media and business behavior that leads to ransomware being even more of a problem for businesses everywhere, it is a pleasant surprise to see that there are major enterprises that follow the best possible practices. There is probably no better example of this than Cloudflare. For example, when in 2019 Cloudflare experienced a major outage caused by human error and the use of a web application firewall (WAF), they described the entire incident using an impressive level of detail – and this is their regular practice.

Conclusion: We heartily recommend that the media share known attack details. If we share the information and learn about the first steps of a ransomware attack, we will all have a better chance to protect ourselves against such attacks in the future.

If you’re one of the many organizations already managing your network through Sophos Central, you’re intimately familiar with the benefits it provides for easy management and reporting.

If you’re still managing your XG Firewall customer networks through Sophos Firewall Manager (SFM) or using iView for central reporting, you probably realize that these platforms are aging, struggling to stay current, and difficult to learn and use.

These legacy platforms are being retired with end-of-life coming up soon. These aging platforms are not scalable, do not meet our standards for security, and are difficult and expensive to maintain.

Now is the time to switch to Sophos Central for all your firewall management and reporting needs. Sophos Central offers a completely modern platform with the ultimate in security, scalability, and performance, all while enabling us to accelerate feature development to add tremendous time savers for you and your team.

Why Sophos Central?

Have a quick look at all the great central management capabilities in this short video:

Why customers love Sophos Central:

• Better usability – workflows are more intuitive, streamlined, efficient, and task oriented
• Better accessibility – check on your network from anywhere, at anytime
• Better features – with a modern development platform and architecture, we can accelerate our roadmap to deliver more features faster
• Better integration – you can not only centrally manage your firewalls, but all your other Sophos products from a common interface – and this integration is essential for Synchronized Security, XDR, MTR, ZTNA and the future of cybersecurity

Features and capabilities you get today with Sophos Central:

• Group firewall management – makes managing multiple firewalls easy, including recently added support for HA pairs
• Zero-touch deployment – saves time and money deploying new firewall devices
• Backup management – a central repository for all your firewall backups
• Central inventory – see all your firewall devices under management at a glance
• Central secure access – with full control over which admins can access which firewalls so you don’t need to expose your webadmin access to the WAN
• Firmware updates and scheduling – with one-click ease and new scheduling options
• Audit logging and tracking – with a full change log history and synchronization status
• High-availability management – supported as of v18 MR3 to manage HA pairs together
• Central Firewall Reporting – with useful built-in reports, flexible custom report building tools, export and scheduling options, and multi-firewall reporting

What’s next?

Firmware update scheduling – update scheduling is already included in Sophos Central, but you need v18 MR3 running on your firewalls to take advantage of it, making it helpful for the next firmware update.

SD-WAN orchestration – giving you point-and-click options to establish multiple site-to-site VPN networks.

Below, you can see a full list of features in Sophos Central today, what’s coming soon, and compare that with the legacy SFM/CFM platforms. Sophos Central already includes much requested features that that are missing today in the legacy platforms, and more enhancements are coming soon.

Making the switch

If you haven’t already, now is the time to make the switch. Migrating management and reporting for your XG Firewalls to Sophos Central is as easy as 1-2-3…

1. Register your firewall to Sophos Central
2. Enable Management and Reporting
3. Approve the management in Sophos Central

Detailed Instructions

If you have many firewalls to migrate, there is an open-source tool available to help automate the process.

If you require assistance with migration, your nearby Sophos Partner can provide all the help you need, or you can reach out to our Professional Services team.

If you want to learn more about Sophos Central and what it can do for you, check out our website for more information.

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Requirement

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

On completion of this course, trainees will be able to:

• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Duration: 3 days 

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 mins)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation

• Demonstrate how to create a forensic snapshot and interrogate the database

• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Agenda

Trainer: Michael Eleftheroglou

Day 1,  Tuesday,  November 24th,  2020

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

Day 2,  Wednesday, November 25th,  2020

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

Day 3, Thursday, November 26th, 2020

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams