Sophos Central Architect (CENTA)

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments.

It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal.

The course is expected to take 3 days (24 hours) to complete, of which approximately 9 hours will be spent on the practical exercises.


Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.


Prerequisites:    

Prior to attending this course, trainees should:

  • Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
  • Experience with Windows networking and the ability to troubleshoot issues
  • A good understanding of IT security
  • Experience using the Linux command line for common tasks
  • Experience configuring Active Directory Group Policies


Objectives:

On completion of this course, trainees will be able to:

  • Plan and deploy complex installations of Sophos Central
  • Explain the core configuration concepts of Sophos Central and demonstrate how to configure and implement them
  • Perform manual clean up of threats when required
  • Proactively investigate suspicious activities and hunt threats
  • Perform preliminary troubleshooting and basic support steps


Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.


Duration:                           

3 days


Course Modules 

Module 1: Sophos Central Overview (15 mins)

  • Getting started with SURF
  • Labs (5 mins)
    • Register and activate a Sophos Central


Module 2: Sophos Central User Management (25 mins)

  • Sophos Central role-based user access
  • Advanced directory synchronization in Sophos Central
  • Configuring federated authentication in Sophos Central
  • Labs (80 mins)
    • Install and configure Windows AD sync utility
    • Configure role-based access
    • Deploy Sophos protection to a Windows server
    • Deploy an Update Cache and a Message Relay 


Module 3: Sophos Central Agent Deployment (40 mins)

  • Sophos Central Agent deployment strategy 
  • Automating Sophos Central Agent deployment on Windows
  • Automating Sophos Central Agent deployment on macOS
  • Automating Sophos Central Agent deployment on Linux
  • Migrating from SEC to Sophos Central
  • Labs (60 mins)
    • Install Sophos server protection for Linux
    • Use AD group policy to deploy Sophos protection to multiple devices
    • Enable server lockdown (preparation for a later lab task)


Module 4: Sophos Central Updating and Communication (30 mins)

  • Advanced Sophos Central updating
  • Controlling Sophos Central updates
  • Considerations for using Sophos Central Update Caches and Message Relays
  • Advanced Sophos Central Update Cache and Message Relay deployment
  • Labs (15 mins)
    • Enable manually controlled updates
    • Create server groups 
    • Manage tamper protection


Module 5: Sophos Central Virtual Protection (25 mins)

  • Protecting Azure hosted virtual servers with Sophos Central
  • Protecting AWS hosted virtual servers with Sophos Central
  • Simulation tasks (30 mins)
    • Configure automated deployment on Azure hosted virtual servers 
    • Configure automated deployment on AWS hosted virtual servers


Module 6: Sophos Central Policies (80 mins)

  • Advanced Sophos Central control policies
  • Advanced Sophos Central data loss prevention
  • Advanced Sophos Central policies and exclusions 
  • Getting started with Sophos Central partner global policies 
  • Advanced Sophos Central server lockdown
  • Labs (90 mins)
    • Prepare for a later lab task
    • Configure and test threat protection policies
    • Configure and test web control 
    • Configure and test application control
    • Configure and test data control using CCLs
    • Configure and text exclusions
    • Manage server lockdown 
    • Test Linux server protection


Module 7: Sophos Central Remediation and Reports (30 mins)

  • Getting started with SIEM integration with Sophos Central
  • Advanced Sophos Central threat remediation
  • Getting started with Sophos Central forensic snapshots
  • Labs (95 mins)
    • Configure SIEM with Splunk
    • Release a file from SafeStore
    • Remediate a Linux server
    • Create a forensic snapshot and interrogate the database


Module 8: Sophos Central XDR (60 mins)

  • Sophos XDR Data Lake APIs
  • Sophos Central XDR Live Discover query pivoting
  • Writing queries for Sophos Central XDR Live Discover
  • Writing scenarios for Sophos Central XDR Live Discover queries
  • Using Sophos Central XDR for IT operations
  • Using Sophos Central XDR for threat hunting
  • Labs (40 mins)
    • Use Live Discover to locate unauthorized programs
    • Investigate a detection using Sophos Central XDR


Module 9: Course Review (10 mins)

  • How to find help from Sophos
  • Course review