Tsaro mai aiki tare a cikin Sophos Central

Don tabbatar da ingancin kayan aikin tsaro na bayanai, haɗin abubuwan da ke tattare da shi yana taka muhimmiyar rawa. Yana ba ku damar rufe ba kawai na waje ba, har ma da barazanar ciki. Lokacin zayyana kayan aikin cibiyar sadarwa, kowane kayan aikin tsaro, zama riga-kafi ko Tacewar zaɓi, yana da mahimmanci don su yi aiki ba kawai a cikin ajin su ba (Endpoint Security ko NGFW), amma kuma suna da ikon yin hulɗa tare da juna don yaƙi da barazanar tare. .

A bit of ka'idar

Ba abin mamaki ba ne cewa masu aikata laifukan yanar gizo a yau sun zama masu cin kasuwa. Suna amfani da kewayon fasahar hanyar sadarwa don yada malware:

Sirrin saƙon imel yana haifar da malware don ƙetare iyakar hanyar sadarwar ku ta amfani da sanannun hare-hare, ko dai hare-hare na kwanaki ba tare da haɓaka gata ba, ko motsi ta gefe ta hanyar sadarwar. Samun na'urar guda ɗaya da ta kamu da cutar na iya nufin za a iya amfani da hanyar sadarwar ku don amfanin maharin.

A wasu lokuta, idan ya zama dole don tabbatar da hulɗar abubuwan tsaro na bayanai, yayin gudanar da binciken tsaro na bayanai game da halin da tsarin ke ciki, ba zai yiwu a siffanta shi ta hanyar amfani da matakai guda ɗaya waɗanda ke da alaƙa. A mafi yawan lokuta, yawancin hanyoyin fasahar fasaha waɗanda ke mayar da hankali kan magance takamaiman nau'in barazanar ba su samar da haɗin kai tare da wasu hanyoyin fasahar fasaha. Misali, samfuran kariya na ƙarshe suna amfani da sa hannu da bincike na ɗabi'a don tantance ko fayil ya kamu da cutar ko a'a. Don dakatar da zirga-zirgar ɓarna, tacewar wuta na amfani da wasu fasahohi, waɗanda suka haɗa da tacewa yanar gizo, IPS, sandboxing, da sauransu. Koyaya, a yawancin ƙungiyoyi waɗannan abubuwan tsaro na bayanan ba su da alaƙa da juna kuma suna aiki a keɓe.

Hanyoyin aiwatar da fasahar bugun zuciya

Sabuwar hanyar tsaro ta yanar gizo ta ƙunshi kariya a kowane mataki, tare da hanyoyin da ake amfani da su a kowane matakin da aka haɗa da juna kuma suna iya musayar bayanai. Wannan yana haifar da ƙirƙirar Tsaron Sunchronized (SynSec). SynSec yana wakiltar tsarin tabbatar da tsaro na bayanai azaman tsari guda ɗaya. A wannan yanayin, kowane ɓangaren tsaro na bayanai yana haɗuwa da juna a ainihin lokacin. Misali, mafita Sophos na tsakiya aiwatar da wannan ka'ida.

Tsaro Fasahar bugun zuciya tana ba da damar sadarwa tsakanin abubuwan tsaro, ba da damar haɗin gwiwar tsarin da saka idanu. IN Sophos na tsakiya an haɗa hanyoyin magance waɗannan azuzuwan:

• Karewar Kare - riga-kafi sa hannu na gargajiya;
• Kariyar uwar garke - riga-kafi na musamman don sabobin;
• Intercept-X - sabbin riga-kafi na zamani (ba tare da sa hannu ba kuma tare da fasahar fasaha na wucin gadi);
• Sophos XG Firewall - Firewall na gaba-gaba;
• Gudanar da Motsi (EMM) - sarrafa na'urar hannu da ikon samun dama ga wasikun kamfani da fayiloli;
• Kariyar Bayanai (Rufewa);
• Amintaccen Wi-Fi - wuraren samun damar sarrafawa duka daga gajimare da cikin gida ta hanyar Sophos UTM / Sophos XG;
• Tsaro na Yanar gizo - ingantaccen bayani don tace zirga-zirgar yanar gizo;
• Tsaron Imel - girgije / na gida anti-spam / maganin rigakafi;
• Barazana - haɓaka wayar da kan ma'aikata, gudanar da saƙon saƙo na gwaji;
• Cloud Optix - duba kayan aikin girgije.

Yana da sauƙi a ga cewa Sophos Central yana goyan bayan ɗimbin mafita na tsaro na bayanai. A Sophos Central, tunanin SynSec ya dogara ne akan mahimman ka'idoji guda uku: ganowa, bincike da amsawa. Don bayyana su daki-daki, za mu dakata akan kowannen su.

Ma'anar SynSec

GANO (gano barazanar da ba a sani ba)
Kayayyakin Sophos, wanda Sophos Central ke gudanarwa, suna raba bayanai ta atomatik tare da juna don gano haɗari da barazanar da ba a sani ba, waɗanda suka haɗa da:

• nazarin zirga-zirgar hanyar sadarwa tare da ikon gano manyan aikace-aikacen haɗari da zirga-zirgar ɓarna;
• gano manyan masu amfani da haɗari ta hanyar nazarin alaƙar ayyukansu na kan layi.

ANALYSIS (nan take da ilhama)
Binciken abin da ya faru na ainihi yana ba da fahimtar halin da ake ciki yanzu a cikin tsarin.

• Yana nuna cikakken jerin abubuwan da suka haifar da lamarin, gami da duk fayiloli, maɓallan rajista, URLs, da sauransu.

AMSA (amsar faruwa ta atomatik)
Ƙirƙirar manufofin tsaro yana ba ku damar amsawa ta atomatik ga cututtuka da abubuwan da suka faru a cikin daƙiƙa guda. An tabbatar da hakan:

• keɓewar na'urorin da suka kamu da cutar nan take da dakatar da harin a ainihin lokacin (har ma a cikin yanki ɗaya / yanki na watsa shirye-shirye);
• ƙuntata damar samun albarkatun cibiyar sadarwar kamfani don na'urorin da ba su bi ka'idoji ba;
• kaddamar da sikanin na'ura daga nesa lokacin da aka gano spam mai fita.

Mun kalli babban ka'idodin tsaro wanda Sophos Central ya dogara akan su. Yanzu bari mu matsa zuwa bayanin yadda fasahar SynSec ke bayyana kanta a aikace.

Daga ka'idar aiki

Da farko, bari mu bayyana yadda na'urori ke hulɗa ta amfani da ka'idar SynSec ta amfani da fasahar Heartbeat. Mataki na farko shine yin rijistar Sophos XG tare da Sophos Central. A wannan mataki, yana karɓar takaddun shaida don gano kansa, adireshin IP da tashar jiragen ruwa ta hanyar da na'urorin ƙarshe za su yi hulɗa da shi ta hanyar amfani da fasahar Heartbeat, da kuma jerin sunayen na'urori na ƙarshe da aka sarrafa ta hanyar Sophos Central da takaddun shaida na abokin ciniki.

Ba da daɗewa ba bayan rajistar Sophos XG ta faru, Sophos Central za ta aika bayanai zuwa wuraren ƙarshe don fara hulɗar bugun zuciya:

• jerin hukumomin takaddun shaida da aka yi amfani da su don ba da takaddun shaida na Sophos XG;
• jerin ID na na'ura waɗanda aka yi rajista tare da Sophos XG;
• Adireshin IP da tashar jiragen ruwa don hulɗa ta amfani da fasahar Heartbeat.

Ana adana wannan bayanin akan kwamfutar ta hanya mai zuwa: %ProgramData%SophosHearbeatConfigHeartbeat.xml kuma ana sabuntawa akai-akai.

Sadarwa ta amfani da fasahar bugun zuciya ana aiwatar da ita ta ƙarshen aika saƙonni zuwa adireshin IP na sihiri 52.5.76.173:8347 da baya. A yayin binciken, an bayyana cewa ana aika fakiti tare da tsawon daƙiƙa 15, kamar yadda mai siyarwa ya faɗi. Yana da mahimmanci a lura cewa ana sarrafa saƙonnin Heartbeat kai tsaye ta hanyar Wutar Wuta ta XG - tana satar fakiti kuma tana lura da matsayin ƙarshen ƙarshen. Idan kun yi kama fakiti akan mai watsa shiri, zirga-zirgar zai bayyana yana sadarwa tare da adireshin IP na waje, kodayake a zahiri ƙarshen yana sadarwa kai tsaye tare da Tacewar zaɓi na XG.

A ce wani mugun aiki ko ta yaya ya shiga kwamfutarka. Sophos Endpoint ya gano wannan harin ko kuma mu daina karɓar bugun zuciya daga wannan tsarin. Na'urar da ta kamu da cutar tana aika bayanai ta atomatik game da kamuwa da tsarin, yana haifar da jerin ayyuka ta atomatik. XG Firewall yana keɓe kwamfutarka nan take, yana hana harin yaɗuwa da mu'amala da sabar C&C.

Sophos Endpoint yana cire malware ta atomatik. Da zarar an cire shi, ƙarshen na'urar yana aiki tare da Sophos Central, sannan XG Firewall yana dawo da damar shiga hanyar sadarwa. Tushen Tushen Bincike (RCA ko EDR - Gano Ganowa da Amsa) yana ba ku damar samun cikakken fahimtar abin da ya faru.

Tsammanin cewa ana samun dama ga albarkatun kamfanoni ta hanyar na'urorin hannu da kwamfutar hannu, shin zai yiwu a samar da SynSec?

Sophos Central yana ba da tallafi ga wannan yanayin Sophos Mobile и Sophos Wireless. Bari mu ce mai amfani yayi ƙoƙarin keta manufofin tsaro akan na'urar hannu da aka kariyar da Sophos Mobile. Sophos Mobile ya gano cin zarafin manufofin tsaro kuma ya aika da sanarwa ga sauran tsarin, yana haifar da amsawar da aka riga aka tsara game da lamarin. Idan Sophos Mobile yana da tsarin “ƙananan hanyar sadarwa” da aka saita, Sophos Wireless zai hana hanyar sadarwa ta wannan na'urar. Sanarwa zai bayyana a cikin dashboard na tsakiyar Sophos a ƙarƙashin Sophos Wireless shafin yana nuna cewa na'urar ta kamu da cutar. Lokacin da mai amfani yayi ƙoƙarin shiga hanyar sadarwar, allon watsawa zai bayyana akan allon yana sanar dasu cewa damar Intanet ta iyakance.

Ƙarshen yana da matakan bugun zuciya da yawa: ja, rawaya, da kore.
Matsayin ja yana faruwa a lokuta masu zuwa:

• an gano malware mai aiki;
• an gano yunƙurin ƙaddamar da malware;
• an gano zirga-zirgar hanyar sadarwa mara kyau;
• ba a cire malware ba.

Matsayin rawaya yana nufin cewa ƙarshen ya gano malware mara aiki ko ya gano PUP (shirin da ba a so). Matsayin kore yana nuna cewa babu ɗayan matsalolin da ke sama da aka gano.

Bayan duban wasu al'amuran al'ada don hulɗar na'urori masu kariya tare da Sophos Central, bari mu ci gaba zuwa bayanin ma'anar zane-zane na bayani da kuma nazarin manyan saituna da ayyukan tallafi.

Zane-zane dubawa

Ƙungiyar sarrafawa tana nuna sabbin sanarwa. Hakanan ana nuna taƙaitaccen abubuwan kariya daban-daban a cikin sigar zane. A wannan yanayin, ana nuna taƙaitaccen bayanai kan kariyar kwamfutoci na sirri. Hakanan wannan rukunin yana ba da taƙaitaccen bayani game da ƙoƙarin ziyartar albarkatu masu haɗari da albarkatu tare da abubuwan da ba su dace ba, da ƙididdigar bincike ta imel.

Sophos Central yana goyan bayan nunin sanarwar ta tsanani, yana hana mai amfani rasa faɗakarwar tsaro mai mahimmanci. Baya ga taƙaitaccen taƙaitaccen bayani game da matsayin tsarin tsaro, Sophos Central yana goyan bayan shiga taron da haɗin kai tare da tsarin SIEM. Ga kamfanoni da yawa, Sophos Central dandamali ne na duka SOC na ciki da kuma ba da sabis ga abokan cinikin su - MSSP.

Ɗaya daga cikin mahimman fasalulluka shine goyan bayan cache na sabuntawa don abokan ciniki na ƙarshe. Wannan yana ba ku damar adana bandwidth akan zirga-zirgar waje, tunda a cikin wannan yanayin ana saukar da sabuntawa sau ɗaya zuwa ɗaya daga cikin abokan ciniki na ƙarshen, sannan sauran abubuwan ƙarshen zazzage sabuntawa daga gare ta. Baya ga fasalin da aka bayyana, zaɓin ƙarshen da aka zaɓa zai iya isar da saƙonnin manufofin tsaro da rahotannin bayanai zuwa ga girgijen Sophos. Wannan aikin zai yi amfani idan akwai na'urori masu ƙarewa waɗanda ba su da damar shiga Intanet kai tsaye, amma suna buƙatar kariya. Sophos Central yana ba da zaɓi (kariyar tamper) wanda ke hana canza saitunan tsaro na kwamfuta ko share wakili na ƙarshe.

Ofaya daga cikin abubuwan da ake buƙata na kariyar ƙarshen ƙarshen shine sabon ƙarni na riga-kafi (NGAV) - Tsare-tsare X. Yin amfani da fasahar koyon injin mai zurfi, riga-kafi na iya gano barazanar da ba a san su ba a baya ba tare da amfani da sa hannu ba. Daidaiton ganowa yana da kwatankwacin sa hannu na analogues, amma ba kamar su ba, yana ba da kariya mai ƙarfi, yana hana hare-haren kwanaki. Intercept X yana iya aiki a layi daya tare da sa hannu riga-kafi daga wasu dillalai.

A cikin wannan labarin, mun yi magana a taƙaice game da tunanin SynSec, wanda aka aiwatar a Sophos Central, da kuma wasu damar da za a iya magance wannan bayani. Za mu bayyana yadda kowane ɗayan abubuwan tsaro suka haɗa cikin ayyukan Sophos Central a cikin labarai masu zuwa. Kuna iya samun sigar demo na mafita a nan.

source: www.habr.com