Chitetezo cholumikizidwa ku Sophos Central

Kuonetsetsa kuti zida zachitetezo chazidziwitso zikuyenda bwino, kulumikizana kwa zigawo zake kumakhala ndi gawo lofunikira. Zimakupatsani mwayi wophimba osati zakunja zokha, komanso zoopseza zamkati. Popanga ma network, chida chilichonse chachitetezo, kukhala antivayirasi kapena firewall, ndikofunikira kuti zisagwire ntchito mkati mwa kalasi yawo (Endpoint security kapena NGFW), komanso kukhala ndi kuthekera kolumikizana wina ndi mnzake kuti athane ndi ziwopsezo limodzi. .

Chiphunzitso china

N’zosadabwitsa kuti masiku ano ophwanya malamulo a pa Intaneti ayamba kuchita zamalonda. Amagwiritsa ntchito matekinoloje osiyanasiyana pa intaneti kufalitsa pulogalamu yaumbanda:

Kubera maimelo kumapangitsa kuti pulogalamu yaumbanda idutse malire a netiweki yanu pogwiritsa ntchito zida zomwe zimadziwika, mwina kuukira kwatsiku-ziro komwe kumatsatiridwa ndi kukwera kwamwayi, kapena kuyenda motsatana ndi netiweki. Kukhala ndi chipangizo chimodzi chomwe chili ndi kachilombo kungatanthauze kuti netiweki yanu itha kugwiritsidwa ntchito pothandiza woukira.

Nthawi zina, pakafunika kuwonetsetsa kuyanjana kwa zigawo zachitetezo cha chidziwitso, pochita kafukufuku wachitetezo chazidziwitso za momwe dongosololi lilili, sizingatheke kufotokozera pogwiritsa ntchito njira imodzi yomwe imalumikizidwa. Nthawi zambiri, mayankho ambiri aukadaulo omwe amayang'ana polimbana ndi chiwopsezo chamtundu wina samapereka kuyanjana ndi njira zina zamakono. Mwachitsanzo, zinthu zoteteza pomaliza zimagwiritsa ntchito siginecha ndi kusanthula kwamakhalidwe kuti zitsimikizire ngati fayilo ili ndi kachilombo kapena ayi. Kuti muyimitse magalimoto oyipa, ma firewall amagwiritsa ntchito matekinoloje ena, omwe amaphatikiza kusefa pa intaneti, IPS, sandboxing, ndi zina zambiri. Komabe, m'mabungwe ambiri zigawo zachitetezo chazidziwitsozi sizilumikizana ndipo zimagwira ntchito paokha.

Zomwe zikuchitika pakukhazikitsa ukadaulo wa Heartbeat

Njira yatsopano yachitetezo cha cybersecurity imaphatikizapo chitetezo pamlingo uliwonse, ndi mayankho omwe amagwiritsidwa ntchito pamlingo uliwonse wolumikizidwa wina ndi mnzake ndikutha kusinthanitsa zidziwitso. Izi zimabweretsa kupanga Sunchronized Security (SynSec). SynSec imayimira njira yowonetsetsa chitetezo chazidziwitso ngati dongosolo limodzi. Pankhaniyi, gawo lililonse lachitetezo chazidziwitso limalumikizidwa wina ndi mnzake munthawi yeniyeni. Mwachitsanzo, yankho Sophos chapakati kukhazikitsidwa molingana ndi mfundo iyi.

Ukadaulo wa Security Heartbeat umathandizira kulumikizana pakati pazigawo zachitetezo, kupangitsa mgwirizano wamakina ndi kuyang'anira. MU Sophos chapakati mayankho a makalasi otsatirawa akuphatikizidwa:

• Kuteteza Kumapeto - antivayirasi wanthawi zonse siginecha;
• Chitetezo cha Seva - antivayirasi yapadera yama seva;
• Kudutsa-X - antivayirasi yam'badwo watsopano (wopanda siginecha komanso ukadaulo wanzeru zopangira);
• Sophos XG Firewall - Chowotcha Chowotcha Chotsatira;
• Mobility Management (EMM) - kasamalidwe ka zida zam'manja ndikuwongolera maimelo ndi mafayilo amakampani;
• Chitetezo cha Data (Kubisa);
• WiFi yotetezeka - malo ofikira omwe amayendetsedwa kuchokera pamtambo komanso kwanuko kudzera pa Sophos UTM / Sophos XG;
• Security Web - njira yachikale yosefera kuchuluka kwa intaneti;
• Email Security - mtambo / anti-spam / antivayirasi yankho;
• Phish Threat - kudziwitsa anthu ogwira ntchito, kutumiza maimelo achinyengo;
• Cloud Optix - Kuwunika kwazinthu zamtambo.

Ndizosavuta kuwona kuti Sophos Central imathandizira njira zingapo zotetezera zidziwitso. Ku Sophos Central, lingaliro la SynSec lakhazikitsidwa pa mfundo zitatu zofunika: kuzindikira, kusanthula ndi kuyankha. Kuti tifotokoze mwatsatanetsatane, tikhala pa aliyense wa iwo.

Malingaliro a SynSec

KUDZIWA (kuzindikira ziwopsezo zosadziwika)
Zogulitsa za Sophos, zoyendetsedwa ndi Sophos Central, zimagawana zidziwitso wina ndi mzake kuti zizindikire zoopsa ndi ziwopsezo zosadziwika, zomwe zimaphatikizapo:

• kusanthula kwa magalimoto pamaneti ndi kuthekera kozindikira mapulogalamu omwe ali pachiwopsezo chachikulu komanso magalimoto oyipa;
• kuzindikira kwa ogwiritsa ntchito omwe ali pachiwopsezo chachikulu kudzera pakuwunika kolumikizana kwazomwe akuchita pa intaneti.

KUSANGALALA (nthawi yomweyo komanso mwachilengedwe)
Kusanthula zochitika zenizeni zenizeni kumapereka kumvetsetsa komwe kulipo mudongosolo.

• Imawonetsa zochitika zonse zomwe zidapangitsa kuti izi zichitike, kuphatikiza mafayilo onse, makiyi olembetsa, ma URL, ndi zina zambiri.

KUYANKHA (kuyankha kwachindunji)
Kukhazikitsa ndondomeko zachitetezo kumakupatsani mwayi woyankha nokha ku matenda ndi zochitika mumasekondi pang'ono. Izi zikutsimikiziridwa:

• kudzipatula pompopompo kwa zida zomwe zili ndi kachilombo ndikuyimitsa kuukira munthawi yeniyeni (ngakhale mkati mwa netiweki imodzi/malo owulutsa);
• kuletsa mwayi wopeza chuma chamakampani pazida zomwe sizitsatira malamulo;
• yambitsani sikani ya chipangizo patali pakapezeka sipamu yotuluka.

Tawona mfundo zazikulu zachitetezo zomwe Sophos Central idakhazikitsidwa. Tsopano tiyeni tipitirire kukufotokozera momwe ukadaulo wa SynSec umadziwonetsera pochita.

Kuchokera ku chiphunzitso chochita

Choyamba, tiyeni tifotokoze momwe zida zimagwirizanirana pogwiritsa ntchito mfundo ya SynSec pogwiritsa ntchito ukadaulo wa Heartbeat. Gawo loyamba ndikulembetsa Sophos XG ndi Sophos Central. Panthawiyi, amalandira satifiketi yodzizindikiritsa, adilesi ya IP ndi doko lomwe zida zomaliza zidzalumikizana naye pogwiritsa ntchito ukadaulo wa Heartbeat, komanso mndandanda wa ma ID a zida zomaliza zomwe zimayendetsedwa kudzera ku Sophos Central ndi ziphaso zamakasitomala awo.

Posakhalitsa kulembetsa kwa Sophos XG kunachitika, Sophos Central itumiza zidziwitso kumapeto kuti ayambitse kuyanjana kwa Mtima:

• mndandanda wa maulamuliro a satifiketi omwe amagwiritsidwa ntchito popereka ziphaso za Sophos XG;
• mndandanda wa ma ID a chipangizo omwe adalembetsedwa ndi Sophos XG;
• Adilesi ya IP ndi doko lolumikizana pogwiritsa ntchito ukadaulo wa Heartbeat.

Izi zimasungidwa pakompyuta motsatira njira iyi: %ProgramData%SophosHearbeatConfigHeartbeat.xml ndipo imasinthidwa pafupipafupi.

Kulankhulana pogwiritsa ntchito ukadaulo wa Heartbeat kumachitika pomaliza kutumiza mauthenga ku adilesi ya IP yamatsenga 52.5.76.173:8347 ndi kumbuyo. Pakuwunika, zidawululidwa kuti mapaketi amatumizidwa ndi nthawi ya masekondi a 15, monga adanenera wogulitsa. Ndizofunikira kudziwa kuti mauthenga a Heartbeat amasinthidwa mwachindunji ndi XG Firewall - imagwira mapaketi ndikuyang'anira momwe mapeto ake alili. Ngati mupanga paketi yojambula pa wolandirayo, magalimoto adzawoneka akulankhulana ndi adilesi yakunja ya IP, ngakhale kuti pamapeto pake amalumikizana mwachindunji ndi XG firewall.

Tiyerekeze kuti pulogalamu yoyipa yalowa pakompyuta yanu. Sophos Endpoint amazindikira izi kapena timasiya kulandira Heartbeat kuchokera kudongosolo lino. Chipangizo chomwe chili ndi kachilomboka chimatumiza uthenga wokhudza makinawo omwe ali ndi kachilombo, zomwe zimachititsa kuti anthu azingokhalira kuchitapo kanthu. XG Firewall imalekanitsa kompyuta yanu nthawi yomweyo, kuletsa kuukira kufalikira ndikulumikizana ndi maseva a C&C.

Sophos Endpoint imachotsa pulogalamu yaumbanda yokha. Ikachotsedwa, chipangizo chomaliza chimalumikizana ndi Sophos Central, ndiye XG Firewall imabwezeretsa mwayi wopezeka pa netiweki. Root Cause Analysis (RCA kapena EDR - Endpoint Detection and Response) imakulolani kuti mumvetse mwatsatanetsatane zomwe zinachitika.

Pongoganiza kuti zothandizira zamakampani zimafikiridwa kudzera pazida zam'manja ndi mapiritsi, kodi ndizotheka kupereka SynSec?

Sophos Central imapereka chithandizo pankhaniyi Sophos Mobile и Sophos Wireless. Tinene kuti wogwiritsa ntchito amayesa kuphwanya mfundo zachitetezo pa foni yam'manja yotetezedwa ndi Sophos Mobile. Sophos Mobile imazindikira kuphwanya malamulo achitetezo ndikutumiza zidziwitso kudongosolo lonselo, zomwe zimayambitsa kuyankha kokonzekeratu pazochitikazo. Ngati Sophos Mobile ili ndi ndondomeko ya "kukana kulumikizidwa kwa netiweki" yokhazikitsidwa, Sophos Wireless iletsa mwayi wopezeka pa netiweki pachidachi. Chidziwitso chidzawonekera mu Sophos Central dashboard pansi pa Sophos Wireless tabu yosonyeza kuti chipangizocho chili ndi kachilombo. Wogwiritsa ntchito akamayesa kulowa pa netiweki, chinsalu cha splash chidzawonekera pa zenera lowadziwitsa kuti intaneti ili ndi malire.

Mapeto ake ali ndi magawo angapo a Heartbeat: ofiira, achikasu, ndi obiriwira.
Red status imapezeka muzochitika zotsatirazi:

• yogwira pulogalamu yaumbanda wapezeka;
• kuyesa kuyambitsa pulogalamu yaumbanda kunapezeka;
• zapezeka mumsewu woyipa;
• pulogalamu yaumbanda sinachotsedwe.

Mkhalidwe wachikasu umatanthawuza kuti kumapeto kwake kwapeza pulogalamu yaumbanda yosagwira ntchito kapena yazindikira PUP (pulogalamu yomwe mwina siyikufuna). Mkhalidwe wobiriwira umasonyeza kuti palibe mavuto omwe ali pamwambawa omwe apezeka.

Titayang'ana zochitika zachikale za kuyanjana kwa zida zotetezedwa ndi Sophos Central, tiyeni tipitirire ku kufotokozera za mawonekedwe a yankho ndikuwunikanso zoikamo zazikulu ndi magwiridwe antchito.

Zojambulajambula

Gulu lowongolera likuwonetsa zidziwitso zaposachedwa. Chidule cha zigawo zosiyanasiyana zachitetezo chikuwonetsedwanso mu mawonekedwe azithunzi. Pankhaniyi, chidule cha data pachitetezo cha makompyuta amunthu chikuwonetsedwa. Gululi limaperekanso chidziwitso chachidule chokhudza kuyesa kukaona zinthu zoopsa ndi zinthu zomwe zili ndi zosayenera, komanso ziwerengero za kusanthula maimelo.

Sophos Central imathandizira kuwonetsa zidziwitso mwamphamvu, kulepheretsa wogwiritsa ntchito kusowa zidziwitso zachitetezo. Kuphatikiza pa chidule chowonetsedwa bwino chachitetezo, Sophos Central imathandizira kudula mitengo ndi kuphatikiza ndi machitidwe a SIEM. Kwa makampani ambiri, Sophos Central ndi nsanja ya SOC yamkati komanso yopereka chithandizo kwa makasitomala awo - MSSP.

Chimodzi mwazinthu zofunika ndikuthandizira posungira zosintha zamakasitomala omaliza. Izi zimakuthandizani kuti musunge bandwidth pamagalimoto akunja, chifukwa pakadali pano zosintha zimatsitsidwa kamodzi kwa makasitomala omaliza, ndiyeno kumapeto ena kutsitsa zosintha kuchokera pamenepo. Kuphatikiza pa zomwe zafotokozedwa, mapeto osankhidwa amatha kutumiza mauthenga a chitetezo ndi malipoti a chidziwitso ku mtambo wa Sophos. Ntchitoyi idzakhala yothandiza ngati pali zida zomaliza zomwe sizikhala ndi intaneti, koma zimafunikira chitetezo. Sophos Central imapereka njira (chitetezo chosokoneza) chomwe chimaletsa kusintha makonda achitetezo apakompyuta kapena kufufuta wothandizira.

Chimodzi mwazinthu zachitetezo cha endpoint ndi antivayirasi ya m'badwo watsopano (NGAV) - Chotsani X. Pogwiritsa ntchito matekinoloje ozama pamakina, antivayirasi amatha kuzindikira zowopsa zomwe sizikudziwika kale popanda kugwiritsa ntchito siginecha. Kuzindikira kolondola kumafanana ndi ma analogue a siginecha, koma mosiyana ndi iwo, kumapereka chitetezo chokhazikika, kupewa kuukira kwa masiku a ziro. Intercept X imatha kugwira ntchito limodzi ndi ma antivayirasi osayina kuchokera kwa ogulitsa ena.

M'nkhaniyi, takambirana mwachidule za lingaliro la SynSec, lomwe likugwiritsidwa ntchito ku Sophos Central, komanso mphamvu zina za yankho ili. Tifotokoza momwe gawo lililonse lachitetezo likuphatikizidwa mu Sophos Central limagwirira ntchito m'nkhani zotsatirazi. Mutha kupeza njira yowonetsera yankho apa.

Source: www.habr.com