We are thrilled to announce that Intercept X received a 100% total accuracy rating in the enterprise, SMB, and consumer protection tests by SE Labs.

Whether you are protecting your employees at work, or them and their families at home, you will get outstanding protection with Intercept X technology.

The world’s best endpoint protection

Intercept X is the strongest endpoint security on the market, delivering more advanced protection in one solution than anything else out there.

Deep learning AI excels at detecting and neutralizing threats that have never been seen before. Anti-ransomware protection blocks malicious encryption processes and returns affected files to safe, unencrypted states. Advanced defenses against fileless, memory-based attacks keep your organization safe against the latest obfuscated, script-based threats.

Intercept X also includes options for Endpoint Detection and Response (EDR), so you can perform detailed threat hunting and IT security operations hygiene across your endpoints and servers, and a managed service (MTR) that gives you access to a team of Sophos cybersecurity specialists that will hunt threats and take appropriate action on your behalf.

Constant innovation

Our team of cybersecurity experts are constantly enhancing the powerful features in Intercept X. This year alone we’ve incorporated:

• AMSI protection – enhanced protection against fileless attacks, such as obfuscated PowerShell scripts
• Intrusion Prevention System – protects devices against network-based attacks (currently in early access)
• EFSGuard, CTFGuard, and more

Try Intercept X for free

Testing the powerful features in Intercept X couldn’t be more straightforward. Take a free 30 day trial, or if you’d like to learn more head over to Sophos.com.

For a limited time, Sophos customers can add Sophos Home edition at no addition cost.

To view the detailed results from SE Labs: Enterprise | SMB | Consumer

Αυτό το τριήμερο πρόγραμμα εκπαίδευσης σχεδιάστηκε και προορίζεται για έμπειρους τεχνικούς που θέλουν να εγκαθιστούν, αναπτύσσουν, διαμορφώνουν και να υποστηρίζουν το XG Firewall σε παραγωγικά περιβάλλοντα και είναι το αποτέλεσμα βαθιάς μελέτης πάνω στο τείχος προστασίας επόμενης γενιάς της Sophos.
Το πρόγραμμα αποτελείται από παρουσιάσεις και πρακτικές ασκήσεις εργαστηρίων για την ενίσχυση του διδακτικού περιεχομένου. Λόγω της φύσης της παράδοσης και της ποικίλης εμπειρίας των εκπαιδευομένων, ενθαρρύνεται η ανοικτή συζήτηση κατά τη διάρκεια της εκπαίδευσης/ κατάρτισης.

Sophos XG Architect Training (Τρίτη 16 Ιουνίου 2020– Πέμπτη 18 Ιουνίου 2020)

(3 days Training)

Προαπαιτούμενα

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Συνιστώμενες γνώσεις

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Περιεχόμενο της εκπαίδευσης

• Module 1: Deployment
• Module 2: Base Firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Public Cloud

Certification

+ exam: Sophos XG Architect

Διάρκεια: 3 ημέρες

Πρόγραμμα

Εκπαιδευτής: Μιχάλης Ελευθέρογλου

Ημέρα 1η 16 Ιουνίου  2020

9:30-10:45 Module 1: Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs

10:45-11:00 Διάλειμμα
11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewal can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Διάλειμμα
14:00-16:00 Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Διάλειμμα
16:15-17:15 Module 3: Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Ημέρα 2η Τετάρτη 17 Ιουνίου 2020

9:30-11:00: Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Διάλειμμα
11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Διάλειμμα και Γεύμα
14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Ημέρα 3η Πέμπτη 18 Ιουνίου 2020

9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15 Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Διάλειμμα
11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10: Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability 

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Διάλειμμα και Γεύμα

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15 (Εξετάσεις)

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (Tuesday 16 June 2020– Thursday 18 June 2020)

(3 days Training)

Requirement

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

1. Knowledge of networking to a CompTIA N+ level
2. Knowledge of IT security to a CompTIA S+ level
3. Experience configuring network security devices
4. Be able to troubleshoot and resolve issues in Windows networked environments
5. Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days 

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 16 June  2020

9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewal can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 17 June  2020

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 18 June  2020

9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

What strange times we are currently living in. With workers who are able to work from home (WFH) being told to do so, and essential key workers (emergency services, the military, essential supplies and utility industries) needing to brave the external environment. I have talked to many folks this week about their experience of WFH and hearing many of their woes. VPNs not able to sustain the volume of connections needed, applications which apparently are not set up for remote connections, through to security policies that are not able to determine which sensitive information should be allowed to be accessed from where.

What I have noticed is that WFH shows we are all human. Children in the background who need entertaining, dogs that need attention and cats that need stroking. All of a sudden we gain a more empathetic relationship with our clients and colleagues, and let’s face it most of us go to work because we need to support our family, whatever shape that may take. I am lucky that my daughter has a senior role in in the Emergency Room and that means with her now having to work full time to support Covid-19 patients, my wife and I get to spend more time with our grandson, and he has enlivened a few of my video conferences and help us all realise what is important in these times.

It is very easy for clients that I talk to, to take the option of do nothing, but once we get through the initial, and important, challenge of getting workers to be able to work remotely, they can start to look at how they can improve that experience. All organisations should consider the security of their data and information; more and more people are starting to understand that pure security based labelling is not sufficient. Restricted or sensitive actually mean nothing to a remote worker. If the system gives me access, then I will use it.  Personally I have already received in two days, three files which I am sure the originating organisations did not mean to send to me, because their security policies were one dimensional, and not a business taxonomy.

What do I mean by that?  Multiple labels that a business user can understand, Sensitive /HR/Salaries or Internal/ Support/Client Data or even Confidential/ Board Only/Project X/Aggressive Takeover.

So until you start to use day-to-day business language in your classification terms, do not be surprised if your staff get it wrong. Helpfully some of those labels can be automatically applied depending upon the departments, and roles they have, so even less user involvement is needed.

However, let me not finish without saying now is a great time to hold proof of concepts, once your immediate tasks of getting remote workers are all up and running. This will then help you to make decisions which can safeguard your organisation’s information and data in a controlled manner.

Governments are telling us not to panic buy, that there will be a plentiful supply of food and essentials. We need to continue the cycle of money for economies to survive, and support businesses within that ecosystem who need the flow of cash to pay staff. I appreciate not all projects can continue, but a blanket excuse of do nothing could halt the economic cycle. If we do that then nobody should be surprised when we come out of the end of the current crisis that their favoured contractors and suppliers are no longer trading. We owe it to ourselves, families and communities to do unto them which we would like them to do to us. Please keep safe and healthy.

Boldon James

Sophos is extremely pleased to announce the availability of XG Firewall on Amazon Web Services (AWS) public cloud infrastructure.

XG Firewall is now available in the AWS marketplace with two flexible licensing options:

• Pay-as-you-go (PAYG) license – ideal for short-term use
• Bring-your-own license (BYOL) – our conventional multi-year term licenses

AWS customers can take full advantage of the many innovations XG Firewall has to offer, like Synchronized Security with Intercept X for Server, the new Xstream Architecture with high-performance TLS 1.3 inspection, and the latest machine learning threat intelligence and sandboxing protection from ransomware and other advanced threats.

Crucially, it enables customers to manage a multi-cloud security strategy from a single cloud console in Sophos Central; including network security with XG Firewall; cloud workload protection with Intercept X for Server; and cloud security posture management with Cloud Optix.

XG Firewall brings full network security and control to AWS integrated into a single solution:

• Xstream Deep Packet Inspection (DPI)
• Intrusion Prevention System (IPS)
• Web filtering, protection and application control
• AV and AI machine-learning threat protection and sandboxing
• TLS inspection with native support for TLS 1.3
• A full-featured Web Application Firewall

In the coming months we will be extending XG Firewall’s integration into AWS with enhancements like auto-scaling, CloudFormation template support, CloudWatch integration and more.

With XG Firewall now available in AWS as well as Microsoft’s Azure public cloud platform, XG Firewall further extends its industry-leading deployment options with support for any combination of cloud, virtual, software, or XG Series hardware appliances. These options make XG Firewall able to fit any network, both now and in the future.

Learn More about XG Firewall protection for your cloud infrastructure.

Since we began writing last year about the consumer-hostile trend in mobile apps that we’re calling fleeceware, the number of apps we’ve discovered that engage in this practice have only increased. In the first two articles we wrote about fleeceware, we covered various Android apps in the official Play Store charging very high subscriptions for apps of questionable quality or utility.

In this latest round of research, we found more than 30 apps we consider fleeceware in Apple’s official App Store.

Many of these apps charge subscription rates like $30 per month or $9 per week after a 3- or 7-day trial period. If someone kept paying that subscription for a year, it would cost $360 or $468, respectively. For an app.

Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.

Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps. It’s debatable that the apps provide “ongoing value to the customer,” as required in Apple’s App Store Review Guidelines for app subscriptions, section 3.1.2(a).

When “free” isn’t really free

Many of the fleeceware apps we see are advertised within the App Store as “free” apps, which puts the apps at odds with  section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their “app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases.”

If you think one of these apps is free and install it, the app presents you with a “free trial” notification immediately upon launching the app for the first time. This notification prompts the user to provide payment card details. In some cases, most of the useful features of the app will only be usable if you sign up for the subscription. Some users may sign up to subscribe without reading the fine print, which includes the actual cost of the subscriptions.

Fleeceware in Top Grossing app charts

While the Apple App Store does not publish the number of downloads for any given app within the app’s listing in the store, the company does keep track of how much money apps make. Many of these fleeceware apps are listed among the top grossing apps, at the time of writing. It’s fair to say these apps are generating plenty of revenue for developers, of which Apple keeps a 30% cut during the first year.

Zodiac Master Plus, one of the apps on our list of fleeceware, is listed as the 11th highest revenue-generating app. Another app, named Lucky Life – Future Seer, is earning more revenue than even the extremely popular Britbox, one of the UK’s most popular subscription streaming TV services.

One third party source estimates App Store revenue, which includes all types of purchases, to be $13 billion dollars in 2018, just in the USA.

After one year, Apple gets 15% and the developer’s share increases to 85% of the subscription price.

Advertisements drive more people to fleeceware

If you find yourself wondering why users would even consider installing apps such as these, it’s probably thanks to advertising. These apps are advertised through various popular platforms, including in YouTube videos or on social media platforms like Instagram, TikTok, and even in ads that appear within other apps.

When users visit the app’s page in the App Store app, they’ll find a high number of five-star reviews. While we have no evidence that these are manipulated or artificially inflated reviews, that is another criteria by which the App Store may take action against developers. These advertisements offer a high return on investment, given the high subscription charges.

But not all the reviews are upbeat about these products. Here are a few examples of negative user reviews that illustrate how ads attract users to the apps.

Negative reviews and vulnerable users

These apps also have lots of negative, one-star reviews from users complaining about the challenge of canceling subscriptions and getting refunds, with many iPhone and iPad owners wondering aloud why apps that exhibit this type of behavior exist on Apple’s official App Store.

In one instance, one user posted a complaint about being charged £148 (about US$170) over a 5 month period, when his child accidentally subscribed to one of these apps, and he didn’t notice the subscription charges right away.

The negative reviews for some of these products are devastating.

Both iOS and Android face a fleeceware problem

Fleeceware is a problem on both the Android and iOS mobile platforms. The list below is representative of the fleeceware apps we’ve seen at the time of this writing. App publishers also have the ability to introduce new fleeceware apps by releasing new apps with the same subscription policies, or by converting a previously free app into fleeceware by changing the app’s profile in the App Store, though Apple developer policies prohibit this behavior.

Users should remain vigilant and carefully scrutinize the terms for purchasing or “subscribing” to apps promoted through in-app advertisements. If $30 a week seems like a lot to spend on astrology, a barcode reader, or an app that will show you what you’ll look like when you’re 80 years old, find another app.

How to cancel your subscriptions

If you have one of these fleeceware apps and want to change or cancel your subscription, please follow the instructions below

iOS

This is how you can do it on Iphone as described in Apple support page here.

Android

Instructions for cancelling Android app subscriptions from Google’s Play Store support page:

On your Android phone or tablet, open the Play Store.

1. Check if you’re signed in to the correct Google Account.
2. Tap the hamburger menu icon  Subscriptions.
3. Select the subscription you want to cancel.
4. Tap Cancel subscription.
5. Follow the instructions.

Hackers are busy exploiting coronavirus in their attacks. In recent weeks SophosLabs has seen a surge of COVID- and Corona-related domains registered – while some will be legitimate, it’s a fair bet that the majority are destined for criminal purposes.

Common attack techniques

Phishing attacks using COVID-19 as a lure are the most visible and immediate cybersecurity risk right now. Common tactics include:

Coronavirus news

Beware of emails, SMS, and WhatsApp messages from unknown sources with information on coronavirus. Often hackers impersonate legitimate organizations and people to make their messages more believable.

Home delivery scams

With many people waiting on home delivery of essential items, hackers are impersonating delivery services. Their goal: to trick you into clicking malicious links or con you into paying extra ‘delivery’ fees.

We’re also seeing coronavirus used in other ways, including:

Extortion attempts

Criminals threaten to infect people with coronavirus unless you pay them. Often these threats include a small piece of personal information to make it more believable.

Malicious apps

Purporting to give you useful information on coronavirus, these apps enable the crooks to access all the information on the device – and even hold you to ransom.

Malicious documents

These documents claim to contain coronavirus-related information. Upon opening them you’re asked to ‘enable editing’ and ‘enable content.’ Doing so installs malicious software onto your computer.

Practical steps to minimize risk

In the current situation, many people are lowering their guard to phishing attacks and scams. We’re more anxious, more eager for information, and therefore less likely to question something that could be suspect.

With that in mind, here are three practical steps you can take to minimize the risk from coronavirus-related attacks.

Enable Multi-Factor Authentication (MFA)

MFA is a great form of defense against attacks that use a fake login page to trick people into entering their credentials.

Raise awareness of these scams amongst your employees

A simple, but effective, step is to always looks at the actual email address used to send the email, not just the display name. (If you’re on a mobile device click on the display name to reveal the real email address.)

Sophos Phish Threat, our phishing simulation and training tool, is available to everyone for free for 30 days, and now includes a coronavirus phishing template to help train your teams.

Make sure your endpoint and email protection are well-configured

When properly set-up, good protection can catch a phishing attack in multiple ways. You can try our endpoint and email protection for free at any time.

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (Tuesday 28 April 2020– Thursday 30 April 2020)

(3 days Training)

Requirement

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

1. Knowledge of networking to a CompTIA N+ level
2. Knowledge of IT security to a CompTIA S+ level
3. Experience configuring network security devices
4. Be able to troubleshoot and resolve issues in Windows networked environments
5. Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days 

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 28 April  2020

9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewal can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 29 April  2020

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 30 April  2020

9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

The increase in remote working is driving greater use of mobile devices for business purposes. In this article we explore how Sophos Mobile can help you keep your devices and data secure, and how to balance privacy, security and productivity.

Setting up remote employees

Not everyone has the option to use a corporate-owned device and you may need to enable people to start using personal devices for work. Sophos Mobile lets you to secure any combination of personal and corporate-owned devices with minimal effort.

Users can easily set up their personal macOS, Windows 10, or mobile devices via the flexible self-service portal; they can enroll their device, reset passwords, and get help, all without any involvement from IT.

Balancing privacy and security

In Bring Your Own Device (BYOD) scenarios, you need to protect and control business email and data without intruding on your users’ privacy. The container-only management capabilities in Sophos Mobile let you control corporate content in the Sophos Secure Email and Sophos Secure Workspace apps without requiring management of the mobile device itself. This way, your users’ personal information remains private, while company resources are protected.

Protecting against mobile threats

10% of threats are discovered on mobile devices according to our recent survey of 3,100 IT Managers. Sophos Mobile includes Intercept X for Mobile which leverages our Intercept X deep learning engine to protect your users, their devices and corporate data from known and never-before-seen mobile threats. Intercept X for Mobile also gives your users easy-to-use security tools right at their fingertips, such as the Authenticator, Password Safe, Secure QR Code Scanner and Privacy Advisor.

Set up is as simple as downloading the app from the relevant app store and then enrolling your device via the Corporate management tool.

Your users can also use Intercept X for Mobile for free to protect their personal devices – they can simply download and start using today.

Read our help guide for more information on using Intercept X for Mobile.

Keeping employees safe on the web

Intercept X for Mobile also helps you keep your users safe on the web, stopping risky file types being downloaded, and blocking access to inappropriate websites to maintain productivity and compliance. Read our step-by-step guidelines for creating a Web Filtering policy.

Monitoring and control

Compliance policies in Sophos Mobile help ensure mobile devices are used appropriately – both from a security and business policy perspective. For example, you can:

• Ensure that only reputable apps are downloaded from the relevant app stores
• Block the sideloading of a potentially dangerous app
• Restrict access to business resources
• Allow, forbid or enforce certain features of a device
• Define actions that are executed when a compliance rule is violated

You can create separate compliance policies and assign them to different device groups, allowing you to apply appropriate levels of security and access for your users and devices. See the full list of available compliance rules.

For more information and general configuration steps for both Sophos Mobile and Intercept X for Mobile, take a look at the comprehensive help guide.

Sophos

The widespread nature and severity of coronavirus (COVID-19) continues to raise challenges on a variety of fronts. For many organizations, one of those is the need to enable employees to work from home until it’s safe to return to the office.

Solutions for remote working exist, but they can be costly and complex to implement. And, they may not offer the level of security you need.

If you’re looking for a solution that solves each of these issues, Sophos can help. You can take advantage of our free 90-day XG Virtual Firewall Free Trial to get your employees securely connected from home.

XG Virtual Firewall is available on your favorite virtual platforms including VMware, Hyper-V, Citrix XenApp, and KVM. It provides a bevy of connectivity and security features and it’s easy to set up. Simply visit the free trial page, fill out the form, and you’re off.

Secure connectivity for remote workers

A nice aspect of the virtual free trial is its multi-platform support. You can also select the hardware you want to install it on, which makes the process more convenient.

XG Virtual Firewall includes a base license that offers remote connectivity options for users, including both IPsec through Sophos Connect client, and SSL VPN. Both provide secure methods for connecting from home back to the corporate office and accessing resources such as email, applications, and documents.

Your free trial also includes a FullGuard security bundle that protects your firewall and connected devices from threats such as ransomware, breaches, phishing emails, and more.

You can even add additional services such as Sophos Intercept X to take advantage of our Synchronized Security feature, which shares telemetry data on the health status of each connected device in addition to isolating any endpoint that does become infected so the infection can’t spread laterally to other hosts.

Setting up your XG Virtual Firewall free trial

Keeping your organization running smoothly can be challenging during the best of times. As we switch to a “work from home” model until it’s safe to return to the office, having a solution that meets your remote connectivity and security needs can help make things easier. And, it doesn’t need to be difficult to get up and running quickly.

We’re here to make your XG Virtual Firewall Free Trial simple to deploy and configure so your remote employees can get connected and stay productive. Here are some resources to help you get started.

• Sign up for the XG Virtual Firewall Free Trial
• XG Firewall Virtual and Software Appliance Installation Guide
• XG Firewall: Useful links for configuring VPN remote access
• XG Firewall: How to configure Connect client on XG Firewall
• XG Firewall: How to configure SSL VPN remote access

If you have questions at any point during your free trial please visit our knowledgebase, review our how-to videos, documentation, or contact us.

After 90 days

Should you wish to continue using XG Firewall once the free 90-day trial ends, we can help you transition to a hardware, virtual or cloud instance of XG Firewall.  Speak to your Sophos representative to discuss your requirements.

Sophos Endpoint Protection is designed to secure everyone, whether they’re office-based or working elsewhere. With many customers enabling or exploring remote working for their employees, this article highlights key capabilities that help you keep your users and data secure while working from home.

Setting up remote workers

The Sophos Central management platform makes it easy to set up and protect employees who are working from home, even if they are a new user or are using a personal device.

To get started you can download the installer file for whichever components you wish to deploy. Alternatively you can use email deployment which is perfect for users who are not currently on the network or for users who need to perform the installation themselves.

If users are not already imported or synchronized via Active Directory synchronization, you need to import their email addresses into Sophos Central. Once complete, simply click the Send Installers to Users button that is highlighted in the image below.

A simple wizard will guide you through picking which components to deploy. The user will receive an email with instructions on what to do and a link to the installer for them to run themselves.

For more information on the various deployment methods for our endpoint protection agent, see Knowledge Base article 119265.

Keeping employees safe on the web

When a user is in an office, traditionally it’s your company firewall that enforces web filtering rules. However, unless they are using a VPN, when people work from home their laptop needs to pick up that role and enforce any web filtering rules defined by your organization.

At the same time, working from home can also lead to changes in behaviour as users adopt a ‘home use’ rather than ‘work’ mindset. This can lead them to use their company device for non-work purposes.

The Web Control capabilities in Sophos Endpoint Protection stops risky file types being downloaded and blocks access to inappropriate websites. Read our step-by-step guidelines for creating a Web Control policy.

Controlling which peripherals employees can plug into their devices

14% of cyberattacks entered the organization via USB sticks or external devices, according to our recent survey of 3,100 IT managers. With more people working from home, there is potential for people to plug new devices into their company laptop.

Peripheral Control in Sophos Endpoint Protection enables you to control what employees can and can’t plug into their corporate devices. Read our step-by-step guidelines for creating a Peripheral Control policy.

For more information on how to enable safe and secure remote working, visit our remote working page or speak with your Sophos representative.

As organizations look to keep their workforce connected and productive, the ability for employees to work from home or any another location has become critical. While coronavirus (COVID-19) is driving the current increase in remote working, long commute times, severe weather and the need for greater flexibility are just some of the other reasons companies are looking at alternatives to working in an office.

Sophos XG Firewall and SD-RED devices provide businesses, schools, hospitals and other organizations with multiple solutions for secure remote connectivity. Employees can have access to applications, email and resources on the network from their own home, just as if they were onsite. And, you can keep them safe with features like web filtering which controls access to websites containing harmful and inappropriate content. Here’s how:

XG Firewall and Connect client

If you own an XG Firewall (hardware or virtual appliance), you have a perpetual Base license that includes both IPsec and SSL VPN connectivity. You can choose either or both to provide your remote workers with access to the corporate network.

Setting up IPsec-based remote access is managed through Sophos Connect client on XG Firewalls running v17.5 or newer firmware. Connect client is focused on ease of use and reliability to ensure an extremely positive user experience. Just select your desired network or office and click “Connect” to establish an encrypted VPN tunnel that secures the transmission of traffic (data, applications, etc.) between the firewall and remote device. On the client side, the remote device uses free Connect client software for either Windows or macOS to create the VPN connection.

SD-RED

An alternative solution for connectivity from home is Sophos SD-RED. These low-cost Remote Ethernet Devices create a secure Layer 2 VPN tunnel to a central XG Firewall. SD-RED makes a great remote access solution for connecting remote sites, as well as for individual employees who deal with particularly sensitive information, such as executives.

No technical expertise is needed to connect the device. Simply note the device ID in your XG Firewall and ship it to the employee. As soon as it’s plugged in and connected to the internet, the SD-RED appliance contacts your XG Firewall and establishes a secure dedicated VPN tunnel. You can connect to the device directly or wirelessly through a Sophos APX wireless access point.

IPsec or SSL VPN: Which remote access solution is right for me?

With both IPsec and SSL VPN options available to you in XG Firewall, how do you choose the one that’s right for you? Here are some points to consider when evaluating your environment:

IPsec VPN – Sophos Connect client

Strengths:

• Easy for administrators to bulk deploy and provision
• Intuitive to use
• Consistent performance
• Windows and macOS support

Challenges:

• IPsec occasionally blocked on hotel/public hotspot networks
• No automated user group provisioning
• Currently limited to 255 simultaneous connections

SSL VPN

Strengths:

• Provision access by user groups
• Works in more restricted environments

Challenges:

• Agent deployment geared to end user self-installation
• User action required to deploy VPN policies
• Windows-only support

Resources

Sophos has a series of tools to help you learn more about configuring IPsec and SSL VPN connections for secure remote access using your XG Firewall:

• XG Firewall: Useful links for configuring VPN remote access – Community article
• Using Sophos Connect VPN client – Community article
• XG Firewall: Sophos Connect client – Knowledge Base article
• Sophos Connect client – User Assistance article
• Sophos Connect VPN client – Video
• XG Firewall: How to deploy Sophos Connect via Group Policy Object (GPO) – Knowledge Base article
• XG Firewall: How to configure SSL VPN remote access – Knowledge Base article and video
• XG Firewall: Licensing guide – Knowledge Base article
• XG Firewall: Performance testing methodology – Knowledge Base article

Securing remote connections

With sensitive information travelling back and forth between the firewall and remote devices over the internet, ensuring the traffic is secured from threats is critical. If your XG Firewall has a TotalProtect Plus or FullGuard Plus license, traffic is scanned for ransomware, viruses, intrusions, and other threats in both directions, providing comprehensive protection.

Extend your protection with Synchronized Security

When your remote device has an active Sophos Intercept X license, it can share real-time threat, health and security information with XG Firewall via the Security Heartbeat ™. If a remote device becomes infected, XG Firewall isolates the device until it is cleaned, preventing the infection from moving laterally to other devices on the network.

Stay home, stay connected

Whatever reason your workforce is at home, you can help them stay connected with your XG Firewall. Check out the resources in this article, and for more information, speak with your local Sophos sales team. Stay tuned for enhancements to Connect client in an upcoming XG Firewall v18 maintenance release.

Sophos