Sophos Enduser Protection Architect (ENDA)

This course provides an in-depth study of Sophos Enduser Protection, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. The course will be delivered in a classroom setting, and consists of presentations and practical lab exercises to reinforce the taught content. Printed copies of the supporting documents for the course will be provided to each trainee. Due to the nature of delivery, and the varying experiences of the trainees, open discussion is encouraged during the training.
 
Target audience: This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for indivudials wishing to obtain the Enduser Protection Certified Architect certification.
 
Prerequisites: Prior to attending this course, trainees should:
  • Complete the Sophos Certified Engineer Enduser Protection course and should have passed the Certified Engineer exam
  • Have a strong working knowledge of network configuration and troubleshooting before attending this course.
  • Have a good understanding of IT security.
 
Objectives:
On completion of this course, trainees will be able to:
  • Design a complex installation considering all variables
  • Undertake a multi-server installation appropriate for a customer environment
  • Understand the function of core components, and how they are configured
  • Gain understanding of how core components work, and how to troubleshoot
  • Trainees should complete the course being confident in the design, implementation and basic support of customer environments. 
 
Course content:
  • Module 1 : Enduser Protection deployment scenarios
    • Review of Enduser Protection features and components
    • Factors to consider when designing solutions
    • Single site deployments
    • Multi site deployments
    • Air-gapped network
    • Roaming users
    • Selecting the right solution for a customer?s requirements
       
  • Module 2 : Sophos Enterprise Console deployment
    • Factors to consider when designing SEC deployments
    • Management server requirements
    • Database design considerations
    • Remote console requirements
    • Firewall configuration
    • High availability
    • Selecting the right solution for a customer?s requirements
    • The installation process
    • Troubleshooting installation
       
  • Lab 1: Register for a trial
    • Obtain a username and password for a trial installation 
       
  • Lab 2: Deploy Sophos Enterprise Console
    • Configure Active Directory Organizational Units and users
    • Configure firewall rules using an Active Directory Group Policy
    • Install the Sophos Enterprise Console database role on a SQL Server
    • Redirect a folder to a different path
    • Perform an installation of the Management Server and Management Console
    • Perform an installation of the Management Console on a workstation
    • Use RDP to connect to the Management Console on another host
    • View setup logs
    • Backup the Management Server and master certificates
       
  • Module 3 : Deploying Enduser Protection
    • Determining the information required to plan endpoint deployment
    • Supported platforms
    • Deployment strategy
    • Removing other endpoint products
    • Setup.exe command line parameters
    • Protecting computers automatically
    • Deployment packager
    • Installation log files
    • Mac deployment
    • Linux deployment
    • Selecting the right solution for a customer?s requirements
       
  • Lab 3 ? Endpoint deployment
    • Use the Competitive Removal Tool (CRT)
    • Import and synchronize computers on the network using Active Directory
    • Deploy via Enterprise Console
    • Perform connection tests between SEC and enduser clients
    • Modify the Sophos Default Firewall and Patch Policies
    • Create and test a deployment package for Windows
    • Deploy Enduser Protection using Active Directory Group Policy
    • Deploy and manage Enduser Protection on a Linux client
    • View managed endpoints in Sophos Enterprise Console
       
  • Module 4 : Update Managers and Autoupdate
    • Factors to consider when designing an updating infrastructure
    • Introduction to AutoUpdate
    • SUM updating overview
    • Software subscriptions
    • HTTP Updating
    • Deploying multiple CIDs and Update Managers
    • Selecting the right solution for a customer?s requirements
    • Installing additional SUMs
    • AutoUpdate components
    • Troubleshooting SUM
    • Troubleshooting AutoUpdate
       
  • Lab 4 ? Update Managers
    • Configure a preview subscription for use by a test group
    • Install and configure an additional Update Manager
    • Configure IIS to support a Web CID
    • Create a subscription and updating policy for Linux endpoints 
       
  • Module 5 : Remote Management System
    • Factors to consider when designing an updating infrastructure
    • Management architecture
    • Remote Management System (RMS)
    • RMS component communication
    • RMS registration
    • RMS troubleshooting
    • Message relays
    • WCF-based management
    • Selecting the right solution for a customer?s requirements
       
  • LAB 5b ? Message Relays
    • Configure a message relay
    • Create and test a deployment package for a remote endpoint
    • Verify and troubleshoot remote management system configuration
       
  • Module 6 - Threat Protection
    • Anti-virus and HIPS review
    • Configuring exclusions
    • Live Protection overview
    • Sophos Extensible List (SXL)
    • Live protection architecture
    • Live protection DNS lookups
    • Web protection and control
    • Web protection HTTP lookups
    • Malicious Traffic Detection (MTD)
    • MTD components
    • Windows Filtering Platform (WFP)
    • Testing MTD
       
  • Lab 6 ? Test endpoint detection features
    • Test that each of the endpoint detection features are working
       
  • Module 7 : Advanced device and data control policies
    • Review of device control
    • Device control event viewer
    • Unique device instance IDs
    • Device exemptions
    • Review of data control
    • Content Control List (CCL)
    • Latest SophosLabs Content Control Lists
    • How to create a custom CCL
    • Data control exclusions
       
  • Lab 7 ? Configuring policies for data and device control
    • Configure a device control policy and add an exemption
    • Configure a data control policy with a rule based on a custom CCL
       
  • Module 8 : Advanced firewall configuration
    • Review of Sophos Client Firewall (SCF)
    • Firewall rule types
    • Rule processing order
    • Primary / secondary location configuration
    • Firewall on Windows 8
    • Client firewall logs and LogViewer
       
  • Lab 8 ? Configuring firewall policies
    • Use monitor mode to identify network activity and create appropriate firewall rules
    • Configure the firewall policy with a secondary location
       
  • Module 9 : Patch assessment
    • Patch assessment components and architecture
    • Patch assessment using a proxy
    • Patch assessment troubleshooting 
       
  • Lab 9 ? Configuring patch assessment
    • Configured a reverse proxy to cache patch data and proxy the assessment reporting
       
  • Module 10 : Auditing and reporting
    • Auditing configuration
    • Email alerting
    • Sophos Reporting Interface
    • Sophos Log Writer
    • Enhanced reporting with 3rd party tools
       
  • Lab 10 ? Auditing and reporting
    • Enable auditing and use the database view to review logged actions
    • Configure email alerting from endpoints for Anti-virus and HIPS
    • Install and configure the Sophos Reporting Interface
       
  • Module 11 : Server management and upgrades
    • Backup and restore data and configuration
    • PurgeDB
    • Database and server migration
    • Upgrading servers
    • The diagnose tool
       
  • Lab 11 ? Server management and upgrades
    • Backup and restore configuration and the database
    • Create a scheduled task to run PurgeDB
    • Perform a database migration 
 
Certification: To achieve the Sophos Certified Architect certification in Enduser Protection trainees must take and pass an online assessment. The assessment tests their knowledge of both the taught and practical content. The pass mark for the assessment is 80%, and it may be taken a maximum of three times.
 
Duration:  3 days