Sophos Central Endpoint and Server Protection Training Course In Lagos

Sophos Central Endpoint and Server Protection Course

This is a Sophos Certified Administrator course offered by SGL among the cybersecurity series. It’s designed for technical professionals who will be administering
SophosCentraland provides the skills necessary to manage common day-to-day
tasks.

SGL  is a well-known Information Technology and Business Management Training with partnerships with Sphos, EC-Council, PMI, Microsoft, CompTIA, and other well-known certification bodies.

We work with a wide range of private and public organizations to meet their full learning requirements. We'd like to keep working with your company to fulfil all of your training and certification needs.

Objectives

• Design an installation considering all variables.
• Undertake a multi-site installation appropriate for a customer environment.
• Explain thefunction of core components, how they work and how to configure them.
• Track the source of infections and clean up infected devices.
• Perform preliminary troubleshooting for common problems.
  
  

Prerequisites
There are no prerequisites for this course; however,it is recommended that trainees shouldhave:

• Experience with Windows networking and the ability to troubleshoot issues.
• A good understanding of IT security.
• Experience configuring Active Directory Group Policies.
• Experience creating and managingvirtual servers or desktops.

Module 1: Introduction to Sophos Central  

• Explanation of What Sophos Central is and supported browsers.
• Sophos Central Interfaces overview
• Enterprise Dashboard
• Self Service Portal
• Sophos Central Admin registration, activation, and sign-in.
• Overview of the toolbar and help sections in the Sophos Central Admin Dashboard.
• Global Settings overview explaining the key settings most used.

Module 2: User Management

• How to use MFA to secure Sophos Central.
• How to change the authentication type
• How to add users to Sophos Central
• API credential introduction
• Directory Service synchronization
• Recommendations for AD sync
• AD Sync Utility Tool information
• Azure AD Sync information
• User Management
• User Page and User Groups
• RBAC

Module 3: Planning Deployment  

• Environment considerations
• Common deployment scenarios + solutions
• Deployment strategy
• The use of pilot groups and outcomes
• Synchronized security overview and use cases.
• Updating overview explaining how Sophos updates
• Controlled updates overview
• Introduction to Update Cache including considerations for use.
• Introduction to Message Relays including considerations for use.

Module 4: Deployment Part 1  

• Deployment options for EP and SP (protect, email, and bulk).
• Migration from SEC
• Protection of virtual endpoints
• Protecting virtual servers using SVE
• Deployment options for virtual endpoints

 Module 4: Deployment Part 2  

• Installation process
• Available installers
• Installation options
• Windows, Mac OS, and Linux deployment examples
• Deployment of update cache and message relay
• Automated deployment options for Windows, Mac OS, and Linux
• Removal of third-party products
• Troubleshooting installations

Module 5: Management  

• Manage computers, servers, and groups, including removal of devices.
• Use Tamper Protection to further enhance protection against unauthorised changes.
• Manage Update Caches and Message Relays
• Troubleshooting Update Caches and Message Relays including removal.
• Introduction to policies including general recommendations.
• Policy settings and how to deploy policy changes and enabling new features.
• Global and policy exclusions including use cases and best practice for policies.
• Communication overview and troubleshooting.
•  Exporting data from Sophos Central including SIEM integration simulation

Module 6: Threat Protection

• Anatomy of attack walkthrough Identifying the products that are included in Sophos Central.
• Protection features of EP and IX outlined.
• Ransomware attack activity.
• Threat Protection policies.
• Explanation of the protection features provided by EP to control web sites, applications, and peripherals.
• SP features (Server Lockdown and File Integrity Monitoring)

Module 7: Data Management  

• Protect sensitive data using Data Loss Prevention and learn how to use custom Content Control Lists (CCLs)
• Identify the available encryption types and the system requirements to allow encryption.
• Email encryption overview and email DLP settings
• Manage Central Encryption for BitLocker and FileVault clients.
• Overview of how to export data from Sophos Central SIEM

Module 8: Managing Detections  

• Identify the types of threats and detections.
• Respond to alerts and events using reports and logs.
• How to remediate threats and manage quarantined items
• How to investigate potential false positives including submitting samples to Sophos
• How to manage quarantined items
• Clean up malware on a Linux server.
• Explain what EDR is, and what is included in Intercept X with EDR
• Use threat cases to investigate a detection.
• Search for indicators of compromise (IoC) across your network
• Use the self-isolation functionality and understand the requirements for lateral movement protection.
• Post analysis actions
• Live Response introduction and how to get started.
• How to get more information
• SDU introduction and demonstration

Module 9: Threat Hunting  

• Threat hunting overview and where to start with threat hunting.

Threat hunting using threat searches including how to generate file hashes and types of searching.

• Introduction to threat indicators.
• Live Discover introduction including data lake and pivoting.
• What actions to take following a threat hunt.
• How to review your environment including device, malware, protection, and policy health checks.