Download the presentation here: HATech Academy – Sophos Intercept X
Watch the training video here:
Do you want to check out Sophos Intercept X for Server or Sophos Intercept X for Endpoint to experience next-gen security for yourself? Follow the labs below to signup for a free trial and get hands-on with cutting edge security!
Lab 1 – Setup Your Free Trial
- Start by clicking this link for your Intercept X Free Trial or clicking the free trial button at hatech.io/sophos.
- Enter your Name and Email then click Next
- Enter Job Role, Phone Number, and Company then click Submit
- Check your inbox for the Activation Email and click Create Password
- Choose a Password, click both checkmark boxes, then click Activate Account
That’s it. Your free trial is ready and Sophos products are already enabled for you to try!
Lab 2 – Setup Your Instances
The easiest way to test Intercept X for both Endpoint and Server is to setup two virtual machines in your Microsoft Azure Account.
Create a Resource Group
- Login to your Azure Account
- Click on the Resource Groups menu
- Click ‘+’ add to create a new Resource Group
- Provide a name for the Resource Group like “Sophos”
- For this lab choose West US for the Region
- Click OK
Create a Linux Server
- Select the Virtual Machines menu
- Click ‘+’ to create a new Virtual Machine Instance
- Choose Ubuntu Server 16.04 as the instance OS
- Click Create
- Give it a name like “sophos-server”
- Provide a Username
- Choose Password instead of SSH Key and enter a password
- Select the Resource Group that you created above
- Click OK
- Choose B1MS as the instance size
- Click OK
- Click SSH under Basic Network Security Group
- Click OK to exit the Optional settings
- Check the Summary and click Create
Create a Windows Client
- Select the Virtual Machines menu
- Click ‘+’ to create a new Virtual Machine Instance
- Choose Windows Client and Windows 10 Pro Version 1709 as the instance OS
- Click Create
- Give it a name like ‘sophos-client’
- Provide a Username
- Choose Password instead of SSH Key and enter a password
- Select the Resource Group that you created above
- Click OK
- Choose B1MS as the instance size (make sure to turn off after demo)
- Click Select
- Select RDP under Basic Network Security Group
- Click OK to exit the Optional settings
- Check the Summary and click Create
Lab 3 – Install the Intercept X Agent
Linux Server Agent Install
- Copy your Linux Server’s IP address from Azure
- SSH into your Linux Server
- Go to Server Protection > Protect Devices in Sophos Central
- Right click to copy the link to your Linux install script
- Download the install script on your Linux Server
- wget https://api-cloudstation-us-east-2.prod.hydra.sophos.com/api/download//SophosInstall.sh
- Run the Sophos Install Script
- sudo bash SophosInstall.sh
Windows Server Agent Install
- Copy your Windows Client’s IP address from Azure
- RDP into your Windows Client
- Go to Server Protection > Protect Devices in Sophos Central
- Right click to copy the link to your Windows install script
- Download the install script on your Windows machine
- Open the link in your browser:
- Run the Sophos Installer
- Run SophosSetup.exe
- Click to Restart after installation
- Click Finish to restart your Windows Client
Lab 4 – Configure Web Policy
Modify the Base Web Policy
- Go to Endpoint Protection > Policies in Sophos Central
- Select the Base Policy under Web Control
- Open the Settings tab
- For Acceptable Web Usage, choose Let Me Specify
- For Excessive Bandwidth, choose Let Me Specify
- For Peer to Peer, choose Block
- Click Save to update the Base Policy
Test the Modified Web Policy
- RDP into your Windows Client
- Open Microsoft Edge
- Navigate to thepiratebay.org
Additionally, you can navigate to following URL to test various Web Policy rules since the links are already categorized for testing by Sopohos:
Lab 5 – Configure Application Policy
Modify the Base Application Policy
- Go to Endpoint Protection > Policies in Sophos Central
- Select the Base Policy under Application Control
- Open the Settings tab
- In the Controlled Applications box, click Add/Edit List
- Under Archive Tool, check the box for 7-Zip and click Save to List
- Toggle Detect Controlled Application When Users Access Them to On/Green
- Select Block the Detected Application
- Under Desktop Messaging, enter a notification message
- Click Save to update the Base Application Policy
Test the Modified Web Policy
- RDP into your Windows Client
- Open Microsoft Edge
- Navigate to 7-zip.org
- Click Download for the x64 Bit version of 7zip
- Run the Installer
- Click Install at the prompt and then Close
- Open the Start Menu and start 7-Zip File Manager
- Watch for your Sophos prompt at the bottom right
Lab 6 – Run a Malware Test
To see the full breadth of what Intercept X can do, let’s give something that identifies as malicious code running on your machine.
- RDP into your Windows Client
- Download the Highscores+[bening].zip tool located here:
- Open the zip file and copy the HighScore executable to the Desktop
- Run HighScore.exe
- Watch for the Sophos prompt when malicious software is detected
Let’s check out the full Root Cause Analysis of the breach.
- Go to Endpoint Protection > Root Cause Analysis in Sophos Central
- Click on the event link for ML/PE-A
- Click the Artifacts tab to see which files where affected
- Click the Visualize tab to see the data flow triggered by the event