What is Rapid Response
A lightning fast service that investigates active threats in an organization which is in the throes of an active attack
For
... [Show More] brand new Sophos customers, what is the first step which they must do as part of the on boarding process?
Create a Sophos Central account
True or false: MTR is a human-led service.
True
What does the Advanced tier of MTR provide that Standard does not?
Deeper threat hunting
Several more ways for organizations to communicate directly with the MTR team
What are the primary objectives of a cyber security system?
Protect
Detect
Respond
What is changing in the new program?
MSP Multiplier
Deal Registration
Incumbency
Which of the below are Core Products?
Central Device Encryption
Central Intercept X Advanced
XG Firewall
Deal registration is available for:
New business
Existing customer upgrading
True or False: A non-incumbent partner can submit a deal registration for an upgrade
True
How long are deal registrations valid for?
90 days
What type of renewals are eligible for incumbency discounts?
Renewals of the same Core Product to the same customer
True or False: platinum partners require at least one Certified Technician certification
True
The Engineer Certification is a prerequisite to which other technical certification?
Architect
Technician
Match the accreditation with the Architect certifications required to achieve it
Synchronized Security Accreditation - 1 x Central Endpoint & Server Architect AND 1 x XG Firewall Architect
Match the accreditation with the Architect certifications required to achieve it
Central Endpoint and Server Accreditation - 2 x Central Endpoint & Server Architects
Match the accreditation with the Architect certifications required to achieve it
XG Firewall Accreditation - 2 x XG Firewall Architect
Which of the below certifications is required for all accreditations?
Sales Consultant
What are the key benefits of Sophos EDR?
For IT operator and threat hunting, managed as a stand-alone product, add expertise, not headcount, built on the strongest protection
What are the advantages of Sophos EDR vs. the competion?
Award winning solution, built on the strongest protection, single agent and console (all of the above)
True or False: Sophos EDR can be licensed as a stand-alone product.
False
Which of the following questions would help uncover management pain?
How many vendors are they using for IT security?
What is taking the most of their time with IT security?
What are the top problems which version 10 is solving?
Critical application performance
protection from ransomware and threats
lack of visibility into encrypted traffic
What does the new SSL inspection feature do?
Increases processing speeds by up to 2x previous XG versions
Allows for simple and flexible policies
Supports TLS 1.3
True or False: The majority of malware is unique to a single organization
True
Which of the below are benefits of Intercept X?
Combines a series of technologies to protect against a range of threats
Employs deep learning to enable Sophos to detect unknown malware
True or False: Intercept X has the ability to be more predictive in the protection it provides rather than providing reactive protection
True
Which of the following Intercept X features prevents attackers from gaining access and remaining undetected on a network?
Code cave utilization
Credential Theft prevention
APC protection
True or false: Attackers can use limitless numbers of exploit techniques as part of the attack chain making stopping zero-day attacks almost impossible.
False
True or false: Up-to-date anti-virus protection is enough to stop cybersecurity threats
False
What is the biggest concern for people using cloud services?
Data security
Apart from a comprehensive IT solution, which of the following is a key component to defend yourself against attacks?
A strong IT team
Where was Sophos founded?
Abingdon (Oxford), UK
Unmatched Efficiency
enables you to optimize IT resources and security; delivered through central management, shared intelligence, and prioritized risk
Unmatched Protection
fewer security incidents to respond to; delivered through predictive prevention, enterprise detection, and automated response
True or False: Sophos Central is a single management console that allows customers to manage all their Sophos products from one place.
True
True or False: Sophos XG Firewall provides cloud sandboxing.
True
Which of the products listed below is a fully managed service providing expertise in threat hunting, detection, and response?
MTR
True or False: Sophos only provides products to protect businesses.
False
Which of the following are tasks that you can do in the Sophos Partner Portal?
Register a deal
Access Marketing Tools and Resources
Manage leads
Access Training and Certification
Which of the following are Sophos Certifications?
Sales Consultant
Engineer
Architect
Technician
51%
51% of IT managers that admit they were hit by ransomware last year and the cybercriminals succeeded in encrypting their data 73% of the time.
$760,000
$760,000 is the average cost of cleaning up a ransomware attack when you add in all the remediation and lost revenue.
48%
48% of IT managers that say they plan to incorporate human-led threat hunts within the next year to identify attacker activity that may not be detected by security tools.
71%
71% of IT managers who are using the public cloud that admit they had a security incident in the last year. The need for information, advice and protection for cloud environment has never been greater.
4 in 10
4 in 10 IT managers that say prioritizing improved efficiency is on their to-do list for the year.
65%
65% of IT managers say they use an MSP, either exclusively or in tandem with in-house resources.
Predictive Prevention
AI everywhere
Anti-ransomware
Anti-exploit
Enterprise detection
Anomalies in behavior, applications, network traffic
Enterprise threat hunting
Prioritized alerts and actions
Live discover and response
Automated response
Synchronized security
Automated incident response, network access, threat removal
Breach prevention by blocking lateral movement
Central Management
All security products managed from same console
Reduced time on security management, alert/log review, incident response
RMM/PSA integration
APIs for customers, partners, vendors
Shared Intelligence
Predictive and adaptive intelligence across user, apps, devices, data
Real-time analysis and response
Integrate and interpret threat feeds
Prioritized Risk
AI-prioritized threat hunting
Guided recommendations and response
Sophos Core Products
Sophos Central
XG Firewall
Intercept X
Endpoint Detection Response (EDR)
Managed Threat Response (MTR)
Cloud Optics
Sophos Home
Sophos OEM
Sophos Partner Program
Optimized Profitability
Trusted Partnership
Cybersecurity Evolved
Optimized Profitability
Accelerate your business and be responsive to the needs of today's cybersecurity buyer:
-Powerful platform for cross-sell and upsell
-Lucrative margin-retention opportunities with deal registration discounts for new and growing business
-MSP revenue multiplier
Trusted Partnership
Expand your security expertise with best-in-class support, helping you engage and win:
-Dedicated pre- and post-sales technical teams
-Competitive intelligence, product and threat training
-Channel sales and marketing resources to ensure success
Cybersecurity Evolved
Give your customers the best protection against modern threats with next-gen cybersecurity.
-Broadest set of award-winning products
-Integrated together in a synchronized-security system
-Powered by AI and managed in the cloud
Sophos Sales Consultant
covers how to sell our core set of products, XG Firewall, Intercept X, EDR and MTR along with a deeper dive into our Partner Program.
Engineer
Aimed at technical individuals the Engineer courses enable students to learn how to demo our core products, including Central Endpoint and Server and XG Firewall.
The courses include simulations which allow students to interact with the products in a safe environment and get further exposure to their functionality.
Architect
allows students to get a deeper understanding of the products and how to deploy them at customer sites
include lab work which allow students to get their hands on the product and navigate around guided work to reinforce the knowledge of the product theory.
Technician
allow students to learn how to provide first-level support to their customers.
Which of the following was found to be the most common threat vector?
It varies by country
Which of the following was found to be the most common threat type?
Phishing
Cloud security breaches
66% of organizations using public cloud have been breached due to a security misconfiguration
Cloud security confidence
96% of organizations are concerned about their current level of cloud security
Cloud security incidents
70% of organizations using public cloud suffered a security incident in the last 12 months.
Cloud data security
Data security is the biggest concern facing organizations who use cloud services
Credential theft
33% of organizations suffering a cloud security incident had their cloud account credentials stolen
Phishing
fake electronic messages to gain sensitive information: username, password, birthday, social security, driving license; aims to steal personal or company data, sell the data illegally, use the data to commit crime
Exploits
vulnerability - bug that causes software to behave in a way that causes reduced security
abuse vulnerabilities
implant malware, get foothold in network, investigate data to steal
Ransomware
scrambled data + decryption key + $$
malware, phishing emails,
51%
Hit by ransomware last year
24%
Success rate of criminals in encrypting their victim's data
26%
Victims who paid the ransom and got the data back
$761,106
Average remediation cost
84%
Companies with cybersecurity insurance
64%
Companies with cybersecurity insurance that covers ransomware
Cryptojacking
Crypto mining + hijacking
Cumulative electricity costs
Reduced computing power
Reputational and regulatory issues
13 hours
Average time that the most significant threat was in the organization's environment before it was detected
20%
organizations who don't know how the most significant attack to hit them got into their organization
17%
organizations who don't know how long the threat was in their environment before it was found
80%
organizations who wish they had a stronger team in place to detect, investigate, and respond to security incidents
79%
organizations who agree that recruiting people with the right cyber security skills is a challenge
75%
75% of malware is unique to a single organization
62%
62% of cyberattacks affect SMBs
Traditional
combination of signatures and heuristics
Types of Threats
Portable Executables (malware)
Potentially Unwanted Applications (PAU)
Active Adversary Techniques
Ransomware
Exploits and File-less Attacks
Cryptoguard
CryptoGuard is a signature-less system that analyzes software in real time and shuts down processes attempting to encrypt documents maliciously. The system stores copies of potentially exposed files in a separate location for safekeeping while assessing executables, and automatically reverts documents impacted by a ransomware attack to their pre-encrypted state. It is a great protector against ransomware.
Machine Learning
Machine learning is a a subset of AI (Artificial Intelligence) involved in the creation of algorithms which can modify itself without human intervention. Deep learning is the evolution of Machine Learning where there are numerous layers of algorithms, each providing a different interpretation to the data it feeds on. This network of algorithms, called neural networks, allows for data to be processed more accurately and quicker than through Machine Learning alone.
Anti-exploit
Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques, thus protecting endpoints from unknown threats and zero-day vulnerabilities.
Endpoint Detection and Response
Endpoint detection and response (EDR) is a specific type of security focusing on endpoint devices. It is often described as the use of a central data repository to observe and analyze endpoint vulnerabilities and work toward stronger endpoint threat response.
Anti-ransomware
Intercept X provides advanced protection technologies that disrupt the whole attack chain. For example deep learning predictively prevents attacks, and CryptoGuard rolls back unauthorized encryption of file in seconds.
Deep Learning Technology
Intercept X transforms from a reactive to a predictive approach to protect against both known and never-seen-before threats. While many products claim to use machine learning, deep learning consistently outperforms other machine learning models for malware detection.
Exploit Prevention
Exploit prevention stops the techniques used in file-less, malware-less and exploit-based attacks. While there are millions of pieces of malware and thousands of software vulnerabilities waiting to be exploited, there are only a handful of exploit techniques attackers rely on as part of the attack chain, by taking away the tools hackers love to use Intercept X stops zero-day attacks before they can get started.
Advanced Adversary Mitigations
As attackers have increasingly focused on techniques beyond malware in order to move around systems and networks as a legitimate user, Intercept X detects and prevents attackers from gaining a presence and remaining undetected on a victims' networks. Intercept X uses a range of techniques to do this including credential theft prevention, code cave utilization detection and APC protection.
EDR
EDR (endpoint detection and response) is an add on to Intercept X that allows for the detection and investigation of suspicious activity with AI-driven analysis. It allows customers to add expertise rather than headcount by replicating the skills of hard-to-find analysts. You can learn more about EDR in the EDR module.
MTR
MTR (Managed Threat Response) is another add-on to Intercept X which provides 24/7 threat hunting, detection and response capabilities delivered by an expert team as a fully-managed service. MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts and targeted actions to eliminate threats. You can learn more about MTR in the MTR module.
Server Lockdown
prevents unauthorized programs running on servers and receive notifications if attempts are made to tamper with critical files
Simple deployment for mixed estates
rapid deployment across cloud, on-premises, and virtual servers, even in multi-cloud and mixed server environments
Centralized management
see and manage all servers from one console whether they are in the cloud, on-premise or virtual
secure the cloud
detect suspicious access events, insecure hosts, containers, and serverless deployments. while monitoring configurations
Firewall Key tasks
Connect the network of internal resources and remote users
Protect the organizations' network from hacks and attacks
Enable network admins to manage their network
Networking pain
complex remote access
expensive connectivity
poor app performance
protection pain
lack visibility into risks
fail to stop unknown threats
infected systems cause outbreaks
management pain
complex to set up and use
too many products to juggle
need security expertise to use
flexible networking
saves money on connectivity
simplifies remote connections
optimizes app performance
best protection
exposes hidden risks
AI powered protection
security heartbeat isolation
easy management
Sophos central manages it all
streamlined user experience
built in threat expertise
deployment options
Hardware - Select from our extensive range of XG Series appliances.
Software - Deploy a software image on your Intel-compatible hardware.
Virtual - Deploy using your preferred virtual environment including VMware, Citrix, Microsoft Hyper-V, Zen and KVM.
Cloud - AWS and Azure public cloud and hybrid environments.
firewall support plans
Standard - Included with all devices, limited to 90 days
Enhanced - Recommended for all customers, it's included in all subscriptions
Enhanced Plus - Extra upgrade for VIP access and remote consulting hours. Can only be available as an upgrade from Enhanced Support
Visibility and Detection
Blind spots make it difficult to understand what is happening
Analysis and Investigation
Teams suffer from a lack of data or are overwhelmed by data
Incident Response
Need more talent and hours in the day to respond to incidents [Show Less]