Effectively securing your company’s network requires a plan that implements best practices along with technologies that deliver quick insight. The cyber security landscape is moving in a centralized direction due to industry consolidation. This is a huge benefit for security administrators as vendors are now integrating features and modules into a full stack that can be centrally managed. Organizations can now leverage a single vendor to deliver every aspect of their cyber security practice and easily manage it with a unified system. How simple is that?
This Blog will focus on Sophos, a leading cyber security vendor that has helped enterprise clients secure their networks across the globe. Although Sophos started out as a traditional Anti-Virus company, they have continued to add to their portfolio to become a full solution security vendor by acquiring and integrating companies that had complimentary features. Some of the specific modules that you can leverage from Sophos include:
- Endpoint Protection
- Next Generation Firewall (and Wireless Access Points)
- Artificial Intelligence
- Exploit & Malware Prevention
- Mobile Device Management (MDM)
- Endpoint Detection and Response (EDR), and Managed Threat Response (MTR)
- Email Security
- Employee Training
- Cloud Inventory & Discovery
Endpoint Security is a more sophisticated name for Anti-Virus. It is recommended that a security agent be installed on all endpoints (Workstations and Servers), so that threats can be identified and remediated quickly. It may block and/or sandbox specific threats or simply alerts admins so they can act accordingly.
Next Generation Firewall
A Next Generation Firewall is a 3rd generation security appliance that sits at the edge of your network, enforcing policies on all Internet Protocol traffic. These advanced firewalls have more capable features that help admins manage every layer of the network and deliver granular reporting on usage. These systems integrate cloud enabled threat intelligence and have valuable features like intrusion prevention. Features for sophisticated users could also include signature-based intrusion detection.
Next Gen Firewalls also have the ability to offer features that are sometimes associated with SDWAN (Software Defined Networking). These features include load balancing between primary and redundant Internet Connections, configure private Layer-2 connections between sites and clouds, while applying policy across the entire network.
Artificial Intelligence (AI)
AI is a term that universally describes ultra-fast data processing that helps software make educated decisions. AI is particularly valuable to threat analysis and helps to identify threats by querying a large database of known threats. Machine Learning is also applied so that intelligent assumptions can be made protect against new, zero-day threats.
Exploits are sophisticated attacks that live in Memory as opposed to files. Due to their nature, traditional Endpoint/AV solutions will not be able to detect exploits like Ransomware. New technologies that leverage AI are being applied to traditional endpoint protection to enhance the ability to detect and mitigate against exploits by detecting suspicious behavior.
Mobile Device Management (MDM)
MDM is software that is installed on mobile devices so that corporate admins can enforce policy on mobile applications that access company networks and data. This is becoming even more important with remote workers and the use of various mobile devices all connecting back through Cloud Apps. An MDM also has the ability to delete data that may be cached on a mobile device in the event of an employee termination.
Endpoint Detection and Response (EDR), and Managed Threat Response (MTR)
EDR is a cyber security technology that applies real-time monitoring by streaming data through a centralized feed enabling admins to analyze changes and inconsistencies in real time. Think of it as AV ‘on steroids,’ delivering significantly more data so that remedies can be applied faster and more intelligently. EDR is functionally similar to a SIEM, but they each have different use cases.
MTR is a human management system that is layered over EDR, commonly referred to as a Security Operations Center (SOC). A SOC is a secure facility that staffs trained security engineers 24x7x365 to analyze data that is streamlined from the company endpoints. Putting a human eye on the data stream helps identify anything that software may miss, adding and extra layer of protection.
Adding intelligence to an Email system helps mitigate issues that target employees with malicious messaging. This is a simple add-on function that helps with SPAM Filtering, Identifying Phishing Scams, and enables the sending of encrypted emails. When this is tied back to the same AI and management system, the feature becomes stronger and more effective.
Sometimes there are people within an organization that are simply not tech savvy. Organizations with persistent issues generated by naive employees or who may have defined compliance concerns, should implement a series of awareness exercises. The most common excercise would be to send out a mock phishing campaign to test for awareness. Online training modules can be enforced for employees that fail the test.
Cloud Inventory and Discovery
This technology is designed to give visibility into complex public Cloud infrastructure, which maps assets and scans for security issues. This feature provides a single view of your security posture across multiple platforms including Kubernetes, AWS, Azure and GCP. The benefit being it can help identify exposed security and compliance gaps.
Now that we’ve identified the many modules and features of a cyber security system, it is important to recognize how they are all seamlessly managed. If a team of security admins leveraged multiple vendors, they would have to access multiple management portals, with little integration or communication between them. When using a single vendor to facilitate as many needs as possible, everything is streamlined and intelligent. A unified system makes processes smother and administration easier for everyone
Sophos Central is the Cloud-powered management portal that runs all of Sophos’ security products. The value here is that all features are integrated together and accessed through a central management window. This makes management efficient and easy to navigate for trained experts. From here, admins can define alerts for all use cases and features that span across various software and hardware within the network All systems operate with a centralized heartbeat that shares intelligence between endpoints and your Firewalls to deliver the most coordinated protection available. With this protection, the management team can easily achieve the following:
- Accelerate the discovery of threats
- Active identification of compromised systems
- Automated incident response
- Instant visibility into endpoint security status
An administrator that works within an environment that is unified helps them address a majority of their Cyber Security requirements. This is a benefit that is enjoyed by the security office and the organization as it is protected very well. A central management platform intelligently connecting all these features is relatively new and not widely embraced yet – especially in smaller businesses.
How Mindcentric can help with Security
Mindcentric is an IT Management and Security partner that works with businesses that have complex needs such as critical uptime, compliance, and security. We have worked with large organizations for over 20 years delivering cutting edge solutions to bolster our management practice. Our goal is to work with businesses to identify how we can complement their operation. With Sophos, we can potentially deliver a complete overhaul with a single vendor and/or mix and match solutions to compliment specific requirements and/or legacy investments.
Mindcentric has sales and network operations in San Diego, CA with employees remotely operating across the united states. Our team maintains a Gold Partnership with Sophos that includes certifications, experience, and product implementations.