æ
å ±ã»ãã¥ãªã㣠ããŒã«ã®é«ãå¹çã確ä¿ããã«ã¯ããã®ã³ã³ããŒãã³ãã®æ¥ç¶ãéèŠãªåœ¹å²ãæãããŸãã å€éšã ãã§ãªãå
éšã®è
åšã«ã察å¿ã§ããŸãã ãããã¯ãŒã¯ ã€ã³ãã©ã¹ãã©ã¯ãã£ãèšèšããå ŽåããŠã€ã«ã¹å¯Ÿçã§ãããã¡ã€ã¢ãŠã©ãŒã«ã§ãããåã»ãã¥ãªã㣠ããŒã«ããã®ã¯ã©ã¹ (ãšã³ããã€ã³ã ã»ãã¥ãªãã£ãŸã㯠NGFW) å
ã§æ©èœããã ãã§ãªããçžäºã«äœçšããŠå
±åããŠè
åšãšæŠãæ©èœãæãããããšãéèŠã§ãã ã
ããã€ãã®èª¬
ä»æ¥ã®ãµã€ããŒç¯çœªè
ãããèµ·æ¥å®¶ç²Ÿç¥ã匷ããŠããããšã¯é©ãã¹ãããšã§ã¯ãããŸããã 圌ãã¯ãã«ãŠã§ã¢ãæ¡æ£ããããã«ããŸããŸãªãããã¯ãŒã¯ ãã¯ãããžãŒã䜿çšããŸãã
é»åã¡ãŒã« ãã£ãã·ã³ã°ã§ã¯ãæ¢ç¥ã®æ»æ (ãŒããã€æ»æãšãã®åŸã®ç¹æš©ææ ŒããŸãã¯ãããã¯ãŒã¯å
ã§ã®æšªæ¹åã®ç§»å) ã䜿çšããŠããã«ãŠã§ã¢ããããã¯ãŒã¯ã®ãããå€ãè¶
ããŸãã ææããããã€ã¹ã XNUMX å°ãããšããããšã¯ããããã¯ãŒã¯ãæ»æè
ã®å©çã®ããã«äœ¿çšãããå¯èœæ§ãããããšãæå³ããŸãã
å Žåã«ãã£ãŠã¯ãã·ã¹ãã ã®çŸåšã®ç¶æ ã«ã€ããŠæ å ±ã»ãã¥ãªãã£ç£æ»ãå®æœããéã«ãæ å ±ã»ãã¥ãªã㣠ã³ã³ããŒãã³ãã®çžäºäœçšã確ä¿ããå¿ èŠãããå Žåãçžäºã«é¢é£ããåäžã®å¯Ÿçã»ããã䜿çšããŠç¶æ ã説æããããšãã§ããªãããšããããŸãã ã»ãšãã©ã®å Žåãç¹å®ã®çš®é¡ã®è åšã«å¯Ÿæããããšã«çŠç¹ãåœãŠãå€ãã®ãã¯ãããžãŒ ãœãªã¥ãŒã·ã§ã³ã¯ãä»ã®ãã¯ãããžãŒ ãœãªã¥ãŒã·ã§ã³ãšã®çµ±åãæäŸããŸããã ããšãã°ããšã³ããã€ã³ãä¿è·è£œåã¯ãã·ã°ããã£åæãšåäœåæã䜿çšããŠããã¡ã€ã«ãææããŠãããã©ãããå€æããŸãã æªæã®ãããã©ãã£ãã¯ãé»æ¢ããããã«ããã¡ã€ã¢ãŠã©ãŒã«ã¯ Web ãã£ã«ã¿ãªã³ã°ãIPSããµã³ãããã¯ã¹ãªã©ã®ä»ã®ãã¯ãããžãŒã䜿çšããŸãã ãã ããã»ãšãã©ã®çµç¹ã§ã¯ããããã®æ å ±ã»ãã¥ãªã㣠ã³ã³ããŒãã³ãã¯çžäºã«æ¥ç¶ãããŠããããåç¬ã§åäœããŸãã
Heartbeat ãã¯ãããžãŒã®å°å ¥åå
ãµã€ããŒã»ãã¥ãªãã£ãžã®æ°ããã¢ãããŒãã«ã¯ãããããã¬ãã«ã§ã®ä¿è·ãå«ãŸããŠãããåã¬ãã«ã§äœ¿çšããããœãªã¥ãŒã·ã§ã³ã¯çžäºã«æ¥ç¶ãããæ
å ±ã亀æã§ããŸãã ããã«ãããSunchronized Security (SynSec) ãäœæãããŸãã SynSec ã¯ãæ
å ±ã»ãã¥ãªãã£ã確ä¿ããããã»ã¹ãåäžã®ã·ã¹ãã ãšããŠè¡šããŸãã ãã®å Žåãåæ
å ±ã»ãã¥ãªãã£ã³ã³ããŒãã³ãã¯ãªã¢ã«ã¿ã€ã ã§çžäºã«æ¥ç¶ãããŸãã ããšãã°ã解決ç
Security Heartbeat ãã¯ãããžãŒã«ãããã»ãã¥ãªã㣠ã³ã³ããŒãã³ãéã®éä¿¡ãå¯èœã«ãªããã·ã¹ãã ã®é£æºãšç£èŠãå¯èœã«ãªããŸãã ã§
ãšã³ããã€ã³ãä¿è· â ã¯ã©ã·ã㯠ã·ã°ãã㣠ã¢ã³ããŠã€ã«ã¹;ãµãŒããŒã®ä¿è· â ãµãŒããŒåãã«ç¹åãããŠã€ã«ã¹å¯Ÿç;ã€ã³ã¿ãŒã»ãã-X â æ°äžä»£ã®ãŠã€ã«ã¹å¯Ÿç (ã·ã°ããã£ãªãã人工ç¥èœãã¯ãããžãŒã䜿çš);ãœãã©ã¹XGãã¡ã€ã¢ãŠã©ãŒã« â 次äžä»£ãã¡ã€ã¢ãŠã©ãŒã«ãã¢ããªãã£ç®¡ç (EMM) - ã¢ãã€ã«ããã€ã¹ã®ç®¡çãšäŒæ¥ã¡ãŒã«ããã³ãã¡ã€ã«ãžã®ã¢ã¯ã»ã¹å¶åŸ¡ãããŒã¿ä¿è· (æå·å) ;å®å šãªWi-Fi â ã¢ã¯ã»ã¹ ãã€ã³ãã¯ã¯ã©ãŠããš Sophos UTM / Sophos XG çµç±ã®ããŒã«ã«ã®äž¡æ¹ã§ç®¡çãããŸããWebã»ãã¥ãªã㣠â Web ãã©ãã£ãã¯ããã£ã«ã¿ãªã³ã°ããããã®å€å žçãªãœãªã¥ãŒã·ã§ã³ãé»åã¡ãŒã«ã®ã»ãã¥ãªã㣠â ã¯ã©ãŠã/ããŒã«ã«ã®ã¹ãã /ãŠã€ã«ã¹å¯Ÿçãœãªã¥ãŒã·ã§ã³ããã£ãã·ã³ã°ã®è åš - åŸæ¥å¡ã®æèãé«ãããã£ãã·ã³ã°ã¡ãŒã«ã®ãã¹ããå®æœãããã¯ã©ãŠããªããã£ã¯ã¹ â ã¯ã©ãŠã ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ç£æ»ã
Sophos Central ãããªãåºç¯å²ã®æ
å ±ã»ãã¥ãªã㣠ãœãªã¥ãŒã·ã§ã³ããµããŒãããŠããããšãç°¡åã«ããããŸãã Sophos Central ã§ã¯ãSynSec ã®æŠå¿µã¯ãæ€åºãåæã察å¿ãšãã XNUMX ã€ã®éèŠãªååã«åºã¥ããŠããŸãã ãããã詳ãã説æããããã«ãããããã«ã€ããŠèª¬æããŸãã
SynSec ã®æŠå¿µ
æ€åº (æªç¥ã®è
åšã®æ€åº)
Sophos Central ã«ãã£ãŠç®¡çããããœãã©ã¹è£œåã¯ã次ã®ãããªãªã¹ã¯ãæªç¥ã®è
åšãç¹å®ããããã«çžäºã«æ
å ±ãèªåçã«å
±æããŸãã
- é«ãªã¹ã¯ã®ã¢ããªã±ãŒã·ã§ã³ãšæªæã®ãããã©ãã£ãã¯ãç¹å®ããæ©èœãåãããããã¯ãŒã¯ ãã©ãã£ãã¯åæã
- ãªã³ã©ã€ã³è¡åã®çžé¢åæãéããŠé«ãªã¹ã¯ã®ãŠãŒã¶ãŒãæ€åºããŸãã
åæ (å³æãã€çŽèŠ³ç)
ãªã¢ã«ã¿ã€ã ã®ã€ã³ã·ãã³ãåæã«ãããã·ã¹ãã å
ã®çŸåšã®ç¶æ³ãç¬æã«ææ¡ã§ããŸãã
- ãã¹ãŠã®ãã¡ã€ã«ãã¬ãžã¹ã㪠ããŒãURL ãªã©ãã€ã³ã·ãã³ãã®åå ãšãªã£ãäžé£ã®ã€ãã³ãå šäœã衚瀺ããŸãã
å¿ç (èªåã€ã³ã·ãã³ã察å¿)
ã»ãã¥ãªã㣠ããªã·ãŒãèšå®ãããšãææãã€ã³ã·ãã³ãã«æ°ç§ã§èªåçã«å¯Ÿå¿ã§ããŸãã ããã¯ä¿èšŒãããŠããŸã:
- ææããããã€ã¹ãå³åº§ã«éé¢ããïŒåããããã¯ãŒã¯/ãããŒããã£ã¹ã ãã¡ã€ã³å ã§ãã£ãŠãïŒãªã¢ã«ã¿ã€ã ã§æ»æãé»æ¢ããŸãã
- ããªã·ãŒã«æºæ ããŠããªãããã€ã¹ã®äŒæ¥ãããã¯ãŒã¯ ãªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ãå¶éããã
- éä¿¡ã¹ãã ãæ€åºããããšãã«ããã€ã¹ ã¹ãã£ã³ããªã¢ãŒãã§éå§ããŸãã
Sophos Central ã®åºç€ãšãªãäž»èŠãªã»ãã¥ãªãã£ååã«ã€ããŠèŠãŠããŸããã ããã§ã¯ãSynSec ãã¯ãããžãŒãå®éã«ã©ã®ããã«æ©èœãããã«ã€ããŠã®èª¬æã«ç§»ããŸãããã
çè«ããå®è·µãž
ãŸããHeartbeat ãã¯ãããžãŒã䜿çšãã SynSec åçã䜿çšããŠããã€ã¹ãã©ã®ããã«å¯Ÿè©±ãããã説æããŸãããã æåã®ã¹ãããã¯ãSophos XG ã Sophos Central ã«ç»é²ããããšã§ãã ãã®æ®µéã§ã圌ã¯èªå·±èå¥çšã®èšŒææžããšã³ãããã€ã¹ãããŒãããŒããã¯ãããžãŒã䜿çšããŠéä¿¡ããéã«çµç±ãã IP ã¢ãã¬ã¹ãšããŒããããã« Sophos Central ãéããŠç®¡çããããšã³ãããã€ã¹ã® ID ã®ãªã¹ããšãã®ã¯ã©ã€ã¢ã³ã蚌ææžãåãåããŸãã
Sophos XG ã®ç»é²ãè¡ããããšããã«ãSophos Central ã¯ããŒãããŒã ã€ã³ã¿ã©ã¯ã·ã§ã³ãéå§ããããã®æ å ±ããšã³ããã€ã³ãã«éä¿¡ããŸãã
- Sophos XG 蚌ææžã®çºè¡ã«äœ¿çšãããèªèšŒå±ã®ãªã¹ãã
- Sophos XG ã«ç»é²ãããŠããããã€ã¹ ID ã®ãªã¹ãã
- Heartbeat ãã¯ãããžãŒã䜿çšãã察話çšã® IP ã¢ãã¬ã¹ãšããŒãã
ãã®æ å ±ã¯ãã³ã³ãã¥ãŒã¿ã®ãã¹ %ProgramData%SophosHearbeatConfigHeartbeat.xml ã«ä¿åãããå®æçã«æŽæ°ãããŸãã
Heartbeat ãã¯ãããžãŒã䜿çšããéä¿¡ã¯ããšã³ããã€ã³ããããžã㯠IP ã¢ãã¬ã¹ 52.5.76.173:8347 ã«ã¡ãã»ãŒãžãéä¿¡ãããã®éã«ã¡ãã»ãŒãžãéä¿¡ããããšã«ãã£ãŠå®è¡ãããŸãã åæäžã«ããã³ããŒãè¿°ã¹ãããã«ããã±ãã㯠15 ç§ã®åšæã§éä¿¡ãããŠããããšãå€æããŸããã ããŒãããŒã ã¡ãã»ãŒãžã¯ XG Firewall ã«ãã£ãŠçŽæ¥åŠçãããããšã«æ³šæããŠãã ãããXG Firewall ã¯ãã±ãããã€ã³ã¿ãŒã»ãããããšã³ããã€ã³ãã®ã¹ããŒã¿ã¹ãç£èŠããŸãã ãã¹ãäžã§ãã±ãã ãã£ããã£ãå®è¡ãããšãå®éã«ã¯ãšã³ããã€ã³ãã XG ãã¡ã€ã¢ãŠã©ãŒã«ãšçŽæ¥éä¿¡ããŠããã«ããããããããã©ãã£ãã¯ã¯å€éš IP ã¢ãã¬ã¹ãšéä¿¡ããŠããããã«èŠããŸãã
æªæã®ããã¢ããªã±ãŒã·ã§ã³ãäœããã®æ¹æ³ã§ã³ã³ãã¥ãŒã¿ã«äŸµå ¥ãããšããŸãã Sophos Endpoint ããã®æ»æãæ€åºããªããšããã®ã·ã¹ãã ããã®ããŒãããŒãã®åä¿¡ãåæ¢ãããŸãã ææããããã€ã¹ã¯ãææããã·ã¹ãã ã«é¢ããæ å ±ãèªåçã«éä¿¡ããèªåçãªäžé£ã®ã¢ã¯ã·ã§ã³ãããªã¬ãŒããŸãã XG Firewall ã¯ã³ã³ãã¥ãŒã¿ãå³åº§ã«éé¢ããæ»æã®æ¡æ£ã C&C ãµãŒããŒãšã®ããåããé²ããŸãã
Sophos Endpoint ã¯ãã«ãŠã§ã¢ãèªåçã«åé€ããŸãã åé€ããããšããšã³ãããã€ã¹ã¯ Sophos Central ãšåæããXG Firewall ããããã¯ãŒã¯ãžã®ã¢ã¯ã»ã¹ã埩å ããŸãã æ ¹æ¬åå åæ (RCA ãŸã㯠EDR - ãšã³ããã€ã³ãã®æ€åºãšå¯Ÿå¿) ã«ãããäœãèµ·ãã£ãã®ãã詳现ã«ç解ã§ããŸãã
ã¢ãã€ã«ããã€ã¹ãã¿ãã¬ããçµç±ã§äŒæ¥ãªãœãŒã¹ã«ã¢ã¯ã»ã¹ããããšãæ³å®ããå ŽåãSynSecãæäŸããããšã¯å¯èœã§ãããã?
Sophos Central ã¯ãã®ã·ããªãªã®ãµããŒããæäŸããŸã
ãšã³ããã€ã³ãã«ã¯ãèµ€ãé»ãç·ãªã©ã®ããã€ãã®ããŒãããŒã ã¹ããŒã¿ã¹ããããŸãã
èµ€è²ã®ã¹ããŒã¿ã¹ã¯æ¬¡ã®å Žåã«çºçããŸãã
- ã¢ã¯ãã£ããªãã«ãŠã§ã¢ãæ€åºãããŸããã
- ãã«ãŠã§ã¢ãèµ·åããããšããè©Šã¿ãæ€åºãããŸããã
- æªæã®ãããããã¯ãŒã¯ãã©ãã£ãã¯ãæ€åºãããŸããã
- ãã«ãŠã§ã¢ã¯åé€ãããŸããã§ããã
é»è²ã®ã¹ããŒã¿ã¹ã¯ããšã³ããã€ã³ããéã¢ã¯ãã£ããªãã«ãŠã§ã¢ãæ€åºããããPUP (äžå¯©ãªããã°ã©ã ) ãæ€åºããããšãæå³ããŸãã ç·è²ã®ã¹ããŒã¿ã¹ã¯ãäžèšã®åé¡ãæ€åºãããŠããªãããšã瀺ããŸãã
ä¿è·ãããããã€ã¹ãš Sophos Central ã®å¯Ÿè©±ã«é¢ããããã€ãã®å€å žçãªã·ããªãªã確èªãããšããã§ããœãªã¥ãŒã·ã§ã³ã®ã°ã©ãã£ã«ã« ã€ã³ã¿ãŒãã§ãŒã¹ã®èª¬æãšãäž»ãªèšå®ãšãµããŒããããæ©èœã®ç¢ºèªã«ç§»ããŸãããã
GUI
ã³ã³ãããŒã« ããã«ã«ã¯ææ°ã®éç¥ã衚瀺ãããŸãã ããŸããŸãªä¿è·ã³ã³ããŒãã³ãã®æŠèŠãå³ã®åœ¢åŒã§è¡šç€ºãããŸãã ãã®å Žåãããœã³ã³ã®ä¿è·ã«é¢ããæŠèŠããŒã¿ã衚瀺ãããŸãã ãã®ããã«ã«ã¯ãå±éºãªãªãœãŒã¹ãäžé©åãªã³ã³ãã³ããå«ããªãœãŒã¹ãžã®ã¢ã¯ã»ã¹ã®è©Šã¿ã«é¢ããæŠèŠæ å ±ãããã³é»åã¡ãŒã«åæçµ±èšã衚瀺ãããŸãã
Sophos Central ã¯é倧床å¥ã®éç¥ã®è¡šç€ºããµããŒãããŠããããŠãŒã¶ãŒãéèŠãªã»ãã¥ãªã㣠ã¢ã©ãŒããèŠéãããšãé²ããŸãã Sophos Central ã¯ãã»ãã¥ãªã㣠ã·ã¹ãã ã®ã¹ããŒã¿ã¹ã®ç°¡æœãªæŠèŠã®è¡šç€ºã«å ããŠãã€ãã³ãã®ãã°èšé²ãš SIEM ã·ã¹ãã ãšã®çµ±åããµããŒãããŠããŸãã å€ãã®äŒæ¥ã«ãšã£ãŠãSophos Central ã¯å
éš SOC ãšé¡§å®¢ã«ãµãŒãã¹ãæäŸãã MSSP ã®äž¡æ¹ã®ãã©ãããã©ãŒã ã§ãã
éèŠãªæ©èœã® XNUMX ã€ã¯ããšã³ããã€ã³ã ã¯ã©ã€ã¢ã³ãã®æŽæ°ãã£ãã·ã¥ã®ãµããŒãã§ãã ããã«ãããæŽæ°ããšã³ããã€ã³ã ã¯ã©ã€ã¢ã³ãã® XNUMX ã€ã«äžåºŠããŠã³ããŒãããããã®åŸãä»ã®ãšã³ããã€ã³ããããããæŽæ°ãããŠã³ããŒããããããå€éšãã©ãã£ãã¯ã®åž¯åå¹ ãç¯çŽã§ããŸãã 説æããæ©èœã«å ããŠãéžæãããšã³ããã€ã³ãã¯ã»ãã¥ãªã㣠ããªã·ãŒ ã¡ãã»ãŒãžãšæ å ±ã¬ããŒãããœãã©ã¹ ã¯ã©ãŠãã«äžç¶ã§ããŸãã ãã®æ©èœã¯ãã€ã³ã¿ãŒãããã«çŽæ¥ã¢ã¯ã»ã¹ã§ããªãããä¿è·ãå¿ èŠãªãšã³ãããã€ã¹ãããå Žåã«åœ¹ç«ã¡ãŸãã Sophos Central ã«ã¯ãã³ã³ãã¥ãŒã¿ã®ã»ãã¥ãªãã£èšå®ã®å€æŽããšã³ããã€ã³ã ãšãŒãžã§ã³ãã®åé€ãçŠæ¢ãããªãã·ã§ã³ (ã¿ã³ã㌠ãããã¯ã·ã§ã³) ãçšæãããŠããŸãã
ãšã³ããã€ã³ãä¿è·ã®ã³ã³ããŒãã³ãã® XNUMX ã€ã¯ãæ°äžä»£ãŠã€ã«ã¹å¯Ÿç (NGAV) ã§ãã
ãã®èšäºã§ã¯ãSophos Central ã«å®è£
ãããŠãã SynSec ã®æŠå¿µãšããã®ãœãªã¥ãŒã·ã§ã³ã®æ©èœã®äžéšã«ã€ããŠç°¡åã«èª¬æããŸããã 次ã®èšäºã§ã¯ãSophos Central ã«çµ±åãããåã»ãã¥ãªã㣠ã³ã³ããŒãã³ããã©ã®ããã«æ©èœãããã«ã€ããŠèª¬æããŸãã ãœãªã¥ãŒã·ã§ã³ã®ãã¢çãå
¥æã§ããŸã
åºæïŒ habr.com