Ukuqinisekisa ukusebenza kakuhle kwezixhobo zokhuseleko lolwazi, ukudityaniswa kwamacandelo ayo kudlala indima ebalulekileyo. Ikuvumela ukuba ungagubungeli ngaphandle kuphela, kodwa kunye nezoyikiso zangaphakathi. Xa uyila isiseko sothungelwano, isixhobo ngasinye sokhuseleko, ingaba yi-antivirus okanye i-firewall, ibalulekile ukuze ingasebenzi kuphela ngaphakathi kweklasi yabo (i-Endpoint security okanye i-NGFW), kodwa iphinde ibe nokukwazi ukusebenzisana omnye komnye ukulwa ngokuhlangeneyo kunye nezisongelo. .
Ingcamango ethile
Akumangalisi ukuba abaphuli-mthetho banamhlanje baye baba ngabarhwebi ngakumbi. Basebenzisa uluhlu lwetekhnoloji yenethiwekhi ukusasaza i-malware:
Ubuqhetseba be-imeyile bubangela ukuba i-malware iwele umda wenethiwekhi yakho isebenzisa uhlaselo olwaziwayo, nokuba luhlaselo losuku lwe-0 olulandelwa kukwanda kwamalungelo, okanye intshukumo esecaleni kwinethiwekhi. Ukuba nesixhobo esinye esosulelekileyo kunokuthetha ukuba inethiwekhi yakho ingasetyenziselwa ukunceda umhlaseli.
Kwezinye iimeko, xa kuyimfuneko ukuqinisekisa ukusebenzisana kwamacandelo okhuseleko lolwazi, xa uqhuba uphicotho lokhuseleko lolwazi lwemeko yangoku yenkqubo, akunakwenzeka ukuyichaza usebenzisa isethi enye yemilinganiselo edibeneyo. Kwiimeko ezininzi, ezininzi izisombululo zeteknoloji ezijolise ekubaleni uhlobo oluthile lwesongelo aziboneleli ngokudibanisa nezinye izisombululo zeteknoloji. Ngokomzekelo, iimveliso zokukhusela i-endpoint zisebenzisa utyikityo kunye nohlalutyo lokuziphatha ukugqiba ukuba ifayile inesifo okanye hayi. Ukumisa itrafikhi ekhohlakeleyo, iindonga zomlilo zisebenzisa obunye ubuchwephesha, obubandakanya ukuhluzwa kwewebhu, i-IPS, i-sandboxing, njl. Nangona kunjalo, kwimibutho emininzi la macandelo okhuseleko lolwazi awaqhagamshelwanga omnye komnye kwaye asebenza ngokwawo.
Iindlela ekuphunyezweni kweteknoloji ye-Heartbeat
Indlela entsha yokhuseleko lwe-cybersecurity ibandakanya ukukhuselwa kwinqanaba ngalinye, kunye nezisombululo ezisetyenziswa kwinqanaba ngalinye elixhunywe komnye nomnye kwaye likwazi ukutshintshiselana ngolwazi. Oku kukhokelela ekudalweni koKhuseleko lwe-Sunchronized (SynSec). I-SynSec imele inkqubo yokuqinisekisa ukhuseleko lolwazi njengenkqubo enye. Kule meko, icandelo ngalinye lokhuseleko lolwazi liqhagamshelwe komnye nomnye ngexesha langempela. Umzekelo, isisombululo iphunyezwe ngokwalo mgaqo.
Itekhnoloji yoKhuseleko lwe-Heartbeat yenza unxibelelwano phakathi kwamacandelo okhuseleko, ukwenza intsebenziswano yenkqubo kunye nokubeka iliso. IN Izisombululo zezi klasi zilandelayo ziyadityaniswa:
- - i-antivirus yesiginesha yakudala;
- -I-antivirus ekhethekileyo yeeseva;
- -I-antivirus yesizukulwana esitsha (ngaphandle kweesignesha kunye nobuchwepheshe bobukrelekrele bokwenziwa);
- β I-Firewall yesiZukulwana esilandelayo;
- - Ulawulo lwesixhobo esiphathwayo kunye nolawulo lofikelelo kwiposi yenkampani kunye neefayile;
- ;
- - iindawo zokufikelela zilawulwa zombini kwilifu kunye nasekhaya ngeSophos UTM / Sophos XG;
- - isisombululo seklasikhi sokucoca i-traffic web;
- - Ilifu / isisombululo se-spam / i-antivirus yendawo;
- - ukuphakamisa ulwazi lwabasebenzi, ukuqhuba uvavanyo lokuthumela i-phishing mailings;
- - uphicotho lweziseko zophuhliso zamafu.
Kulula ukubona ukuba iSophos Central ixhasa uluhlu olubanzi lwezisombululo zokhuseleko lolwazi. Kwi-Sophos Central, ingcamango ye-SynSec isekelwe kwimigaqo emithathu ebalulekileyo: ukufumanisa, ukuhlalutya kunye nokuphendula. Ukuzichaza ngokweenkcukacha, siya kuhlala kuyo nganye yazo.
Iikhonsepthi ze-SyncSec
UKUFUMANA (ukubona izoyikiso ezingaziwayo)
Iimveliso zeSophos, ezilawulwa yiSophos Central, zabelana ngokuzenzekelayo ngolwazi kunye nomnye ukuchonga umngcipheko kunye nezoyikiso ezingaziwayo, ezibandakanya:
- uhlalutyo lwetrafikhi yenethiwekhi kunye nokukwazi ukuchonga izicelo ezinomngcipheko ophezulu kunye ne-traffic enobungozi;
- ukufunyanwa kwabasebenzisi abanomngcipheko ophezulu ngokuhlalutya kokulungelelaniswa kwezenzo zabo ze-intanethi.
UHLALUTYO (ngokukhawuleza kwaye ngokukhawuleza)
Uhlalutyo lweziganeko zexesha langempela lubonelela ngokukhawuleza ukuqonda imeko yangoku kwinkqubo.
- Ibonisa uluhlu olupheleleyo lweziganeko ezikhokelela kwisiganeko, kubandakanywa zonke iifayile, izitshixo zokubhalisa, ii-URL, njl.
IMPENDULO (impendulo yesiganeko esizenzekelayo)
Ukuseta imigaqo-nkqubo yokhuseleko ikuvumela ukuba uphendule ngokuzenzekelayo usulelo kunye neziganeko kwimizuzwana. Oku kuqinisekiswa:
- Ukwahlukaniswa kwangoko kwezixhobo ezosulelekileyo kunye nokumisa uhlaselo ngexesha langempela (kwanangaphakathi kwenethiwekhi efanayo / isizinda sosasazo);
- ukukhawulela ukufikelela kwimithombo yenethiwekhi yenkampani kwizixhobo ezingahambelani nemigaqo-nkqubo;
- ukude uqalise ukuskena isixhobo xa kufunyenwe ispem esiphumayo.
Siye sajonga imigaqo ephambili yokhuseleko apho iSophos Central isekelwe khona. Ngoku masiqhubele phambili kwinkcazo yendlela itekhnoloji yeSynSec ezibonisa ngayo isebenza.
Ukusuka ithiyori ukuziqhelanisa
Okokuqala, makhe sichaze ukuba izixhobo zisebenzisana njani zisebenzisa umgaqo weSynSec usebenzisa itekhnoloji yeHeartbeat. Inyathelo lokuqala kukubhalisa Sophos XG kunye Sophos Central. Ngeli nqanaba, ufumana isatifikethi sokuzazisa, idilesi ye-IP kunye nechweba apho izixhobo zokugqibela ziya kusebenzisana naye usebenzisa iteknoloji ye-Heartbeat, kunye noluhlu lwe-ID yezixhobo zokugqibela ezilawulwa ngeSophos Central kunye neziqinisekiso zabo zabathengi.
Kungekudala emva kokubhaliswa kwe-Sophos XG, i-Sophos Central iya kuthumela ulwazi kwii-endpoints ukuqalisa ukusebenzisana kwe-Heartbeat:
- uluhlu lwamagunya eziqinisekiso ezisetyenziselwa ukukhupha izatifikethi zeSophos XG;
- uluhlu lwee-ID zesixhobo ezibhaliswe ne-Sophos XG;
- Idilesi ye-IP kunye nechweba lokusebenzisana usebenzisa iteknoloji ye-Heartbeat.
Olu lwazi lugcinwe kwikhompyutha ngale ndlela ilandelayo: %ProgramData%SophosHearbeatConfigHeartbeat.xml kwaye ihlaziywa rhoqo.
Unxibelelwano usebenzisa iteknoloji ye-Heartbeat iqhutyelwa yi-endpoint ukuthumela imiyalezo kwidilesi ye-IP yomlingo 52.5.76.173:8347 kunye nomva. Ngethuba lokuhlalutya, kwavezwa ukuba iipakethi zithunyelwa kunye nexesha le-15 imizuzwana, njengoko kuchazwe ngumthengisi. Kuyafaneleka ukuba uqaphele ukuba imiyalezo ye-Heartbeat icutshungulwa ngokuthe ngqo yi-XG Firewall - ibamba iipakethi kwaye ibeke iliso kwimeko yokuphela. Ukuba wenza ukuthathwa kwepakethi kwinginginya, itrafikhi iya kubonakala inxibelelana nedilesi ye-IP yangaphandle, nangona enyanisweni isiphelo sinxibelelana ngokuthe ngqo ne-XG firewall.
Masithi inkqubo enobungozi ngandlela ithile ingene kwikhompyuter yakho. I-Sophos Endpoint ibona olu hlaselo okanye siyayeka ukufumana i-Heartbeat kule nkqubo. Isixhobo esosulelekileyo sithumela ngokuzenzekelayo ulwazi malunga nesixokelelwano esosulelekileyo, sivuselela ikhonkco lezenzo ezizenzekelayo. I-XG Firewall yahlula ikhompyuter yakho ngoko nangoko, ithintela uhlaselo ekusasazekeni kunye nokusebenzisana neeseva zeC&C.
I-Sophos Endpoint isusa ngokuzenzekelayo i-malware. Nje ukuba isusiwe, isixhobo sokugqibela singqamanisa neSophos Central, emva koko i-XG Firewall ibuyisela ukufikelela kuthungelwano. I-Root Cause Analysis (i-RCA okanye i-EDR - i-Endpoint Detection and Response) ikuvumela ukuba ufumane ukuqonda okucacileyo okwenzekayo.
Ukucinga ukuba izixhobo zenkampani zifumaneka ngezixhobo eziphathwayo kunye neetafile, ngaba kunokwenzeka ukubonelela ngeSynSec?
I-Sophos Central ibonelela ngenkxaso kule meko ΠΈ . Masithi umsebenzisi uzama ukwaphula umgaqo-nkqubo wokhuseleko kwisixhobo esiphathwayo esikhuselweyo ngeSophos Mobile. I-Sophos Mobile ibona ukuphulwa komgaqo-nkqubo wokhuseleko kwaye ithumela izaziso kuyo yonke inkqubo, ibangela impendulo elungiselelwe kwangaphambili kweso siganeko. Ukuba iSophos Mobile inomgaqo-nkqubo "wokwala unxibelelwano" olumiselweyo, iSophos Wireless iya kuthintela ukufikelela kwinethiwekhi kwesi sixhobo. Isaziso siya kuvela kwideshibhodi yeSophos Central phantsi kweSophos Wireless ithebhu ebonisa ukuba isixhobo sosulelekile. Xa umsebenzisi ezama ukufikelela kuthungelwano, isikrini sokutshixa siya kuvela kwiscreen esibazisa ukuba ukufikelela kwi-Intanethi kulinganiselwe.
Isiphelo sineemo ezininzi ze-Heartbeat: obomvu, omthubi, kunye nohlaza.
Ubume obubomvu buyenzeka kwezi meko zilandelayo:
- I-malware esebenzayo ichongiwe;
- inzame yokuqalisa i-malware yabhaqwa;
- Kuchongiwe itrafikhi yenethiwekhi eyingozi;
- i-malware ayizange isuswe.
Isimo esiphuzi sithetha ukuba isiphelo sifumene i-malware engasebenziyo okanye ifumene iPUP (inkqubo enokuthi ingafunwa). Ubume obuluhlaza bubonisa ukuba akukho nanye kwezi ngxaki zingasentla zifunyenwe.
Emva kokujonga ezinye iimeko zakudala zokunxibelelana kwezixhobo ezikhuselweyo kunye neSophos Central, masiqhubele phambili kwinkcazo yegraphical interface yesisombululo kunye nokuphononongwa kwezicwangciso eziphambili kunye nokusebenza okuxhasiweyo.
Umzobo womzobo
Iphaneli yolawulo ibonisa izaziso zamva nje. Isishwankathelo samacandelo ahlukeneyo okukhusela nawo abonakaliswe ngendlela yemizobo. Kule meko, idatha yesishwankathelo ekukhuselweni kweekhompyutheni zomntu iboniswa. Eli phaneli likwabonelela ngolwazi olusisishwankathelo malunga nemizamo yokutyelela izixhobo ezinobungozi kunye nezixhobo ezinomxholo ongafanelekanga, kunye neenkcukacha zohlalutyo lwe-imeyile.
I-Sophos Central isekela ukubonakaliswa kwezaziso ngobunzima, ukuthintela umsebenzisi ukuba alahlekelwe izilumkiso ezibalulekileyo zokhuseleko. Ukongeza kwisishwankathelo esicacileyo sesimo senkqubo yokhuseleko, iSophos Central ixhasa ukugawulwa kwesiganeko kunye nokudibanisa kunye neenkqubo ze-SIEM. Kwiinkampani ezininzi, iSophos Central liqonga le-SOC yangaphakathi kunye nokubonelela ngeenkonzo kubathengi babo - i-MSSP.
Enye yezinto ezibalulekileyo yinkxaso ye-cache yohlaziyo lwabathengi be-endpoint. Oku kukuvumela ukuba ugcine i-bandwidth kwi-traffic yangaphandle, kuba kule meko uhlaziyo lukhutshelwa kanye kwelinye labathengi be-endpoint, kwaye ke ezinye ii-endpoints zikhuphele ukuhlaziywa kuyo. Ukongeza kwinqaku elichaziweyo, isiphelo esikhethiweyo sinokuthumela imiyalezo yomgaqo-nkqubo wokhuseleko kunye neengxelo zolwazi kwilifu leSophos. Lo msebenzi uya kuba luncedo ukuba kukho izixhobo zokugqibela ezingenakho ukufikelela ngokuthe ngqo kwi-Intanethi, kodwa zifuna ukukhuselwa. I-Sophos Central inikeza ukhetho (ukhuseleko lwe-tamper) oluvimbela ukutshintsha izicwangciso zokhuseleko zekhompyutheni okanye ukucima i-agent ye-endpoint.
Elinye lamacandelo okhuseleko lwesiphelo sisizukulwana esitsha sokulwa nentsholongwane (NGAV) - . Ukusebenzisa itekhnoloji yokufunda koomatshini obunzulu, i-antivirus iyakwazi ukuchonga izoyikiso ezazingaziwa ngaphambili ngaphandle kokusebenzisa utyikityo. Ukuchaneka kokufumanisa kuthelekiseka nee-analogue zesiginitsha, kodwa ngokungafaniyo nazo, zibonelela ngokhuseleko olusebenzayo, ukuthintela uhlaselo lweentsuku zero. I-Intercept X iyakwazi ukusebenza ngokunxuseneyo nokutyikitya ii-antivirus ezivela kwabanye abathengisi.
Kweli nqaku, sathetha ngokufutshane malunga ne-SynSec ingcamango, ephunyezwa kwi-Sophos Central, kunye nezinye zezakhono zesi sisombululo. Siza kuchaza indlela icandelo ngalinye lokhuseleko elidityaniswe kwimisebenzi yeSophos Central kumanqaku alandelayo. Unokufumana inguqulelo yedemo yesisombululo .
umthombo: www.habr.com