Kuchengetedzeka kwakawiriraniswa muSophos Central

Kuve nechokwadi chekushanda kwepamusoro kwezvishandiso zvekuchengetedza ruzivo, kubatanidzwa kwezvikamu zvayo kunoita basa rinokosha. Inokubvumira kuvhara kwete kunze chete, asiwo kutyisidzira kwemukati. Paunenge uchigadzira network network, chishandiso chega chega chekuchengetedza, chingave antivirus kana firewall, chakakosha kuitira kuti vashande kwete mukati mekirasi yavo chete (Endpoint chengetedzo kana NGFW), asi zvakare vane kugona kupindirana kune mumwe nemumwe kurwisa pamwe chete kutyisidzira. .

Chimwe chezvinyorwa

Hazvishamisi kuti matsotsi emazuva ano ave kuita zvemabhizimusi. Ivo vanoshandisa huwandu hwetiweki tekinoroji kuparadzira malware:

Email phishing inokonzeresa iyo malware kuti iyambuke chikumbaridzo chetiweki yako ichishandisa inozivikanwa kurwiswa, kungave zero-zuva kurwiswa kunoteverwa neropafadzo kuwedzera, kana lateral kufamba kuburikidza netiweki. Kuve nechinhu chimwe chine hutachiona zvinogona kureva kuti network yako inogona kushandiswa kubatsira munhu anokurwisa.

Mune zvimwe zviitiko, kana zvichidikanwa kuve nechokwadi chekudyidzana kwezvikamu zvekuchengetedza ruzivo, paunenge uchiita ongororo yekuchengetedzwa kweruzivo yemamiriro ekunze ehurongwa, hazvigoneke kuitsanangura uchishandisa seti imwe chete yezviyero zvakabatana. Muzviitiko zvakawanda, mhinduro dzakawanda dzetekinoroji dzinotarisa kuverengera imwe mhando yekutyisidzira hazvipi kubatanidzwa nedzimwe tekinoroji mhinduro. Semuenzaniso, endpoint kuchengetedza zvigadzirwa zvinoshandisa siginecha uye maitiro ekuongorora kuona kuti faira rine hutachiona here kana kuti kwete. Kumisa traffic yakaipa, firewall inoshandisa mamwe matekinoroji, ayo anosanganisira webhu kusefa, IPS, sandboxing, nezvimwe. Nekudaro, mumasangano mazhinji izvi zvikamu zvekuchengetedza ruzivo hazvina kubatana kune mumwe nemumwe uye zvinoshanda zvakazvimiririra.

Maitiro ekuitwa kweTekinoroji yeMoyo

Iyo nzira nyowani yecybersecurity inosanganisira kuchengetedza padanho rega rega, nemhinduro dzinoshandiswa padanho rega rega rakabatana kune mumwe nemumwe uye kukwanisa kupanana ruzivo. Izvi zvinotungamira mukusikwa kweSunchronized Security (SynSec). SynSec inomiririra maitiro ekuona kuchengetedzwa kweruzivo senge system imwe chete. Muchiitiko ichi, chikamu chega chega chekuchengetedza ruzivo chakabatana kune mumwe nemumwe munguva chaiyo. Somuenzaniso, mhinduro Sophos Central rinoitwa maererano nemusimboti uyu.

Security Heartbeat tekinoroji inogonesa kutaurirana pakati pezvinhu zvekuchengetedza, ichigonesa kubatana kwehurongwa uye kutarisa. IN Sophos Central mhinduro dzemakirasi anotevera dzakabatanidzwa:

• Endpoint Protection - classic siginecha antivirus;
• Kudzivirirwa kweSevha - yakasarudzika antivirus yemaseva;
• Intercept-X - antivirus yechizvarwa chitsva (isina masiginecha uye nehunyanzvi hwekunyepedzera tekinoroji);
• Sophos XG Firewall - Inotevera-Generation Firewall;
• Mobility Management (EMM) - nharembozha manejimendi uye yekuwana kutonga kune yemakambani tsamba nemafaira;
• Dziviriro yedata (Encryption);
• Yakachengeteka WiFi - nzvimbo dzekuwana dzakagadziriswa kubva mugore uye munharaunda kuburikidza neSophos UTM / Sophos XG;
• Kuchengetedzwa kwewebhu - yakasarudzika mhinduro yekusefa webhu traffic;
• Email Chengetedzo - gore / yemunharaunda anti-spam / antivirus mhinduro;
• Phish Threat - kusimudzira ruzivo rwevashandi, kuita bvunzo dze phishing mailings;
• Cloud Optix - kuongororwa kwezvivakwa zvegore.

Zviri nyore kuona kuti Sophos Central inotsigira huwandu hwakasiyana-siyana hwekuchengetedza ruzivo mhinduro. PaSophos Central, iyo SynSec pfungwa yakavakirwa pamisimboti mitatu yakakosha: kuona, kuongorora uye kupindura. Kuti tivatsanangure zvakadzama, tichagara pane chimwe nechimwe chazvo.

SynSec concepts

KUONA (kuonekwa kwekutyisidzira kusingazivikanwe)
Zvigadzirwa zveSophos, zvinotungamirwa neSophos Central, zvinongogovana ruzivo kune mumwe nemumwe kuona njodzi uye kutyisidzira kusingazivikanwe, izvo zvinosanganisira:

• network yekuongorora traffic nekugona kuona yakanyanya-njodzi maapplication uye yakaipa traffic;
• kucherechedzwa kwevashandisi vane njodzi huru kuburikidza nekuongorora kuwirirana kwezviito zvavo zvepamhepo.

ANALYSIS (pakarepo uye intuitive)
Real-time chiitiko chekuongorora chinopa kunzwisisa nekukurumidza kwemamiriro ezvinhu aripo muhurongwa.

• Inoratidza iyo yakazara ketani yezviitiko zvakakonzera chiitiko, kusanganisira mafaera ese, makiyi ekunyoresa, ma URL, nezvimwe.

RESPONSE (otomatiki chiitiko mhinduro)
Kumisikidza mitemo yekuchengetedza inokubvumira kuti upindure otomatiki kune hutachiona uye zviitiko mune imwe nyaya yemasekonzi. Izvi zvinotsigirwa:

• nekukasira kuparadzaniswa kwemidziyo ine hutachiona uye kumisa kurwiswa munguva chaiyo (kunyangwe mukati meiyo imwechete network / nhepfenyuro domain);
• kurambidza kupinda kune kambani network zviwanikwa zvemidziyo isingaenderane nemitemo;
• vhura mudziyo scan uri kure kana spam inobuda yaonekwa.

Takatarisa misimboti huru yekuchengetedza iyo Sophos Central yakavakirwa. Zvino ngatienderere mberi kune tsananguro yekuti SynSec tekinoroji inozviratidza sei mukuita.

Kubva pane dzidziso yekuita

Kutanga, ngatitsanangure mashandisiro anoita zvishandiso uchishandisa iyo SynSec musimboti uchishandisa Heartbeat tekinoroji. Danho rekutanga nderekunyoresa Sophos XG neSophos Central. Panguva ino, anogashira chitupa chekuzvizivisa, IP kero uye chiteshi kuburikidza nemagumo ekupedzisira achabatana naye achishandisa Heartbeat tekinoroji, pamwe nerondedzero yezvitupa zvekupedzisira zvigadziriso zvinotarisirwa kuburikidza neSophos Central uye zvitupa zvevatengi vavo.

Nguva pfupi mushure mekunyoreswa kweSophos XG kwaitika, Sophos Central inotumira ruzivo kune yekupedzisira kuti itange kusangana kweMoyo Beat:

• rondedzero yezviremera zvezvitupa zvakashandiswa kuburitsa zvitupa zveSophos XG;
• runyorwa rwemaID ID akanyoreswa neSophos XG;
• IP kero uye chiteshi chekudyidzana uchishandisa Heartbeat tekinoroji.

Mashoko aya anochengetwa pakombuta nenzira inotevera: %ProgramData%SophosHearbeatConfigHeartbeat.xml uye inovandudzwa nguva nenguva.

Kukurukurirana uchishandisa tekinoroji yeHeartbeat inoitwa neyekupedzisira kutumira mameseji kumashiripiti IP kero 52.5.76.173:8347 uye kumashure. Munguva yekuongorora, zvakaratidzwa kuti mapaketi anotumirwa nenguva ye15 seconds, sezvakataurwa nemutengesi. Izvo zvakakosha kucherechedza kuti mameseji eMoyo anogadziriswa zvakananga neXG Firewall - inobata mapaketi uye inotarisisa mamiriro ekupedzisira. Kana iwe ukaita packet capture pane mugamuchiri, traffic ichaita senge iri kutaurirana neiyo yekunze IP kero, kunyangwe hazvo iyo yekupedzisira iri kutaurirana zvakananga neXG firewall.

Ngatitii purogiramu yakaipa neimwe nzira yapinda pakombuta yako. Sophos Endpoint inoona kurwiswa uku kana isu tinomira kugamuchira Heartbeat kubva kune ino system. Chishandiso chine hutachiona chinongotumira ruzivo nezve system iri kutapukirwa, zvichikonzera otomatiki ketani yezviito. XG Firewall inogadzika komputa yako ipapo, ichidzivirira kurwiswa kubva pakupararira nekudyidzana nemaseva eC&C.

Sophos Endpoint inobvisa otomatiki malware. Kana yangobviswa, mudziyo wekupedzisira unowirirana neSophos Central, ipapo XG Firewall inodzoreredza kupinda kunetiweki. Root Cause Analysis (RCA kana EDR - Endpoint Detection uye Response) inokubvumira kuti uwane kunzwisisa kwakadzama kwezvakaitika.

Tichifunga kuti zviwanikwa zvemakambani zvinowanikwa kuburikidza nenharembozha uye mahwendefa, zvinoita here kupa SynSec?

Sophos Central inopa rutsigiro kune iyi mamiriro Sophos Mobile и Sophos Wireless. Ngatitii mushandisi anoedza kutyora mutemo wekuchengetedza pane nharembozha yakachengetedzwa neSophos Mobile. Sophos Mobile inoona kutyorwa kwemutemo wekuchengetedza uye inotumira zviziviso kune yasara sisitimu, zvichikonzera mhinduro yakamisikidzwa kuchiitiko ichi. Kana Sophos Mobile ine "kuramba network yekubatanidza" mutemo wakagadziridzwa, Sophos Wireless inorambidza kupinda netiweki kwechinhu ichi. Chiziviso chichaonekwa muSophos Central dashboard pasi peSophos Wireless tebhu inoratidza kuti mudziyo une hutachiona. Kana mushandisi akayedza kuwana kunetiweki, splash skrini ichaonekwa pachiratidziro ichivazivisa kuti kuwanikwa kweInternet kunogumira.

Iyo yekupedzisira ine akati wandei Mamiriro eKurova kwemoyo: tsvuku, yero, uye yegirinhi.
Red chimiro chinoitika muzviitiko zvinotevera:

• inoshanda malware yakaonekwa;
• kuedza kuburitsa malware kwakaonekwa;
• yakaipa network traffic yaonekwa;
• iyo malware haina kubviswa.

Chimiro cheyero chinoreva kuti iyo yekupedzisira yaona isingashande malware kana yaona PUP (inogona kunge isingadiwe chirongwa). Mamiriro egirinhi anoratidza kuti hapana dambudziko riri pamusoro raonekwa.

Tatarisa mamwe emhando dzemhando dzekudyidzana kwemidziyo yakadzivirirwa neSophos Central, ngatiendererei kune tsananguro yeiyo graphical interface yemhinduro uye ongororo yezvirongwa zvikuru uye inotsigirwa mashandiro.

Graphical inowanikwa

Iyo control panel inoratidza zviziviso zvazvino. Pfupiso yezvikamu zvakasiyana-siyana zvekudzivirira inoratidzwawo nenzira yemifananidzo. Muchiitiko ichi, pfupiso data pamusoro pekuchengetedzwa kwemakomputa ega inoratidzwa. Iyi pani inopawo pfupiso ruzivo nezve kuyedza kushanyira zviwanikwa zvine njodzi uye zviwanikwa zvine zvisina kufanira zvemukati, uye email kuongororwa nhamba.

Sophos Central inotsigira kuratidzwa kwezviziviso nekuomarara, kudzivirira mushandisi kubva pakupotsa yakakosha chenjedzo yekuchengetedza. Kuwedzera kune pfupiso yakanyatsoratidzwa yemamiriro ekuchengetedza sisitimu, Sophos Central inotsigira kutema chiitiko uye kubatanidzwa neSIEM masisitimu. Kune makambani mazhinji, Sophos Central ipuratifomu yemukati meSOC uye yekupa masevhisi kune vatengi vavo - MSSP.

Chimwe chezvakakosha maficha irutsigiro rwekuvandudza cache kune endpoint vatengi. Izvi zvinokutendera kuti uchengetedze bandwidth pane ekunze traffic, sezvo mune iyi kesi zvigadziriso zvinodhawunirwa kamwe kune imwe yekupedzisira vatengi, uyezve mamwe mamagumo ekurodha zvigadziriso kubva mairi. Pamusoro pechinhu chakatsanangurwa, iyo yekupedzisira yakasarudzwa inogona kutumira mameseji ekuchengetedza mameseji uye mishumo yeruzivo kune Sophos gore. Iri basa richabatsira kana pane zvigadziriso zvekupedzisira zvisingawanikwi zvakananga kuInternet, asi zvinoda kuchengetedzwa. Sophos Central inopa sarudzo (tamper dziviriro) inorambidza kushandura kuchengetedzwa kwekombuta kana kudzima iyo yekupedzisira mumiriri.

Chimwe chezvikamu zve endpoint kuchengetedza chizvarwa chitsva antivirus (NGAV) - Kutora X. Uchishandisa yakadzika muchina kudzidza matekinoroji, iyo antivirus inokwanisa kuona yaimbozivikanwa kutyisidzira pasina kushandisa siginecha. Iko kurongeka kwekuona kwakafanana nemasaini analogues, asi kusiyana navo, inopa kuchengetedzwa kwekutanga, kudzivirira zero-zuva kurwiswa. Intercept X inokwanisa kushanda pamwe chete nemasaina antivirus kubva kune vamwe vatengesi.

Muchikamu chino, takataura muchidimbu nezveSynSec pfungwa, iyo inoshandiswa muSophos Central, pamwe chete nezvimwe zvekugona kwemhinduro iyi. Isu tichatsanangura kuti chimwe nechimwe chezvidziviriro zvakabatanidzwa muSophos Central zvinoshanda sei mune zvinotevera zvinyorwa. Iwe unogona kuwana demo vhezheni yemhinduro pano.

Source: www.habr.com