Sophos

$760,000

$760,000 is the average cost of cleaning up a ransomware attack when you add in all the remediation and lost revenue.

Credential theft

33% of organizations suffering a cloud security incident had their cloud account credentials stolen

4 in 10

4 in 10 IT managers that say prioritizing improved efficiency is on their to-do list for the year.

48%

48% of IT managers that say they plan to incorporate human-led threat hunts within the next year to identify attacker activity that may not be detected by security tools.

51%

51% of IT managers that admit they were hit by ransomware last year and the cybercriminals succeeded in encrypting their data 73% of the time.

62%

62% of cyberattacks affect SMBs

65%

65% of IT managers say they use an MSP, either exclusively or in tandem with in-house resources.

Cloud security breaches

66% of organizations using public cloud have been breached due to a security misconfiguration

Cloud security incidents

70% of organizations using public cloud suffered a security incident in the last 12 months.

71%

71% of IT managers who are using the public cloud that admit they had a security incident in the last year. The need for information, advice and protection for cloud environment has never been greater.

75%

75% of malware is unique to a single organization

How long are deal registrations valid for?

90 days

Cloud security confidence

96% of organizations are concerned about their current level of cloud security

What is Rapid Response

A lightning fast service that investigates active threats in an organization which is in the throes of an active attack

Apart from a comprehensive IT solution, which of the following is a key component to defend yourself against attacks?

A strong IT team

Predictive Prevention

AI everywhere Anti-ransomware Anti-exploit

Prioritized Risk

AI-prioritized threat hunting Guided recommendations and response

Where was Sophos founded?

Abingdon (Oxford), UK

Optimized Profitability

Accelerate your business and be responsive to the needs of today's cybersecurity buyer: -Powerful platform for cross-sell and upsell -Lucrative margin-retention opportunities with deal registration discounts for new and growing business -MSP revenue multiplier

Engineer

Aimed at technical individuals the Engineer courses enable students to learn how to demo our core products, including Central Endpoint and Server and XG Firewall. The courses include simulations which allow students to interact with the products in a safe environment and get further exposure to their functionality.

Central Management

All security products managed from same console Reduced time on security management, alert/log review, incident response RMM/PSA integration APIs for customers, partners, vendors

Enterprise detection

Anomalies in behavior, applications, network traffic Enterprise threat hunting Prioritized alerts and actions Live discover and response

Anti-exploit

Anti-exploit programs provide an additional layer of security by blocking the techniques attackers use. Anti-exploit technology stops threats before they become an issue by recognizing and blocking common malware delivery techniques, thus protecting endpoints from unknown threats and zero-day vulnerabilities.

The Engineer Certification is a prerequisite to which other technical certification?

Architect Technician

Advanced Adversary Mitigations

As attackers have increasingly focused on techniques beyond malware in order to move around systems and networks as a legitimate user, Intercept X detects and prevents attackers from gaining a presence and remaining undetected on a victims' networks. Intercept X uses a range of techniques to do this including credential theft prevention, code cave utilization detection and APC protection.

$761,106

Average remediation cost

13 hours

Average time that the most significant threat was in the organization's environment before it was detected

What are the advantages of Sophos EDR vs. the competion?

Award winning solution, built on the strongest protection, single agent and console (all of the above)

Which of the below are Core Products?

Central Device Encryption Central Intercept X Advanced XG Firewall

Match the accreditation with the Architect certifications required to achieve it

Central Endpoint and Server Accreditation - 2 x Central Endpoint & Server Architects

Which of the following Intercept X features prevents attackers from gaining access and remaining undetected on a network?

Code cave utilization Credential Theft prevention APC protection

Which of the below are benefits of Intercept X?

Combines a series of technologies to protect against a range of threats Employs deep learning to enable Sophos to detect unknown malware

84%

Companies with cybersecurity insurance

64%

Companies with cybersecurity insurance that covers ransomware

For brand new Sophos customers, what is the first step which they must do as part of the on boarding process?

Create a Sophos Central account

What are the top problems which version 10 is solving?

Critical application performance protection from ransomware and threats lack of visibility into encrypted traffic

Cryptojacking

Crypto mining + hijacking Cumulative electricity costs Reduced computing power Reputational and regulatory issues

Cryptoguard

CryptoGuard is a signature-less system that analyzes software in real time and shuts down processes attempting to encrypt documents maliciously. The system stores copies of potentially exposed files in a separate location for safekeeping while assessing executables, and automatically reverts documents impacted by a ransomware attack to their pre-encrypted state. It is a great protector against ransomware.

What is the biggest concern for people using cloud services?

Data security

Cloud data security

Data security is the biggest concern facing organizations who use cloud services

What does the Advanced tier of MTR provide that Standard does not?

Deeper threat hunting Several more ways for organizations to communicate directly with the MTR team

EDR

EDR (endpoint detection and response) is an add on to Intercept X that allows for the detection and investigation of suspicious activity with AI-driven analysis. It allows customers to add expertise rather than headcount by replicating the skills of hard-to-find analysts. You can learn more about EDR in the EDR module.

Endpoint Detection and Response

Endpoint detection and response (EDR) is a specific type of security focusing on endpoint devices. It is often described as the use of a central data repository to observe and analyze endpoint vulnerabilities and work toward stronger endpoint threat response.

Trusted Partnership

Expand your security expertise with best-in-class support, helping you engage and win: -Dedicated pre- and post-sales technical teams -Competitive intelligence, product and threat training -Channel sales and marketing resources to ensure success

Exploit Prevention

Exploit prevention stops the techniques used in file-less, malware-less and exploit-based attacks. While there are millions of pieces of malware and thousands of software vulnerabilities waiting to be exploited, there are only a handful of exploit techniques attackers rely on as part of the attack chain, by taking away the tools hackers love to use Intercept X stops zero-day attacks before they can get started.

True or False: Sophos EDR can be licensed as a stand-alone product.

False

True or False: Sophos only provides products to protect businesses.

False

True or false: Attackers can use limitless numbers of exploit techniques as part of the attack chain making stopping zero-day attacks almost impossible.

False

True or false: Up-to-date anti-virus protection is enough to stop cybersecurity threats

False

What are the key benefits of Sophos EDR?

For IT operator and threat hunting, managed as a stand-alone product, add expertise, not headcount, built on the strongest protection

Cybersecurity Evolved

Give your customers the best protection against modern threats with next-gen cybersecurity. -Broadest set of award-winning products -Integrated together in a synchronized-security system -Powered by AI and managed in the cloud

51%

Hit by ransomware last year

Which of the following questions would help uncover management pain?

How many vendors are they using for IT security? What is taking the most of their time with IT security?

What does the new SSL inspection feature do?

Increases processing speeds by up to 2x previous XG versions Allows for simple and flexible policies Supports TLS 1.3

Anti-ransomware

Intercept X provides advanced protection technologies that disrupt the whole attack chain. For example deep learning predictively prevents attacks, and CryptoGuard rolls back unauthorized encryption of file in seconds.

Deep Learning Technology

Intercept X transforms from a reactive to a predictive approach to protect against both known and never-seen-before threats. While many products claim to use machine learning, deep learning consistently outperforms other machine learning models for malware detection.

Which of the following was found to be the most common threat vector?

It varies by country

What is changing in the new program?

MSP Multiplier Deal Registration Incumbency

Which of the products listed below is a fully managed service providing expertise in threat hunting, detection, and response?

MTR

MTR

MTR (Managed Threat Response) is another add-on to Intercept X which provides 24/7 threat hunting, detection and response capabilities delivered by an expert team as a fully-managed service. MTR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts and targeted actions to eliminate threats. You can learn more about MTR in the MTR module.

Machine Learning

Machine learning is a a subset of AI (Artificial Intelligence) involved in the creation of algorithms which can modify itself without human intervention. Deep learning is the evolution of Machine Learning where there are numerous layers of algorithms, each providing a different interpretation to the data it feeds on. This network of algorithms, called neural networks, allows for data to be processed more accurately and quicker than through Machine Learning alone.

Deal registration is available for:

New business Existing customer upgrading

Sophos Partner Program

Optimized Profitability Trusted Partnership Cybersecurity Evolved

Which of the following was found to be the most common threat type?

Phishing

Types of Threats

Portable Executables (malware) Potentially Unwanted Applications (PAU) Active Adversary Techniques Ransomware Exploits and File-less Attacks

Shared Intelligence

Predictive and adaptive intelligence across user, apps, devices, data Real-time analysis and response Integrate and interpret threat feeds

What are the primary objectives of a cyber security system?

Protect Detect Respond

Which of the following are tasks that you can do in the Sophos Partner Portal?

Register a deal Access Marketing Tools and Resources Manage leads Access Training and Certification

What type of renewals are eligible for incumbency discounts?

Renewals of the same Core Product to the same customer

Which of the below certifications is required for all accreditations?

Sales Consultant

Which of the following are Sophos Certifications?

Sales Consultant Engineer Architect Technician

Sophos Core Products

Sophos Central XG Firewall Intercept X Endpoint Detection Response (EDR) Managed Threat Response (MTR) Cloud Optics Sophos Home Sophos OEM

24%

Success rate of criminals in encrypting their victim's data

Match the accreditation with the Architect certifications required to achieve it

Synchronized Security Accreditation - 1 x Central Endpoint & Server Architect AND 1 x XG Firewall Architect

Automated response

Synchronized security Automated incident response, network access, threat removal Breach prevention by blocking lateral movement

True or False: A non-incumbent partner can submit a deal registration for an upgrade

True

True or False: Intercept X has the ability to be more predictive in the protection it provides rather than providing reactive protection

True

True or False: Sophos Central is a single management console that allows customers to manage all their Sophos products from one place.

True

True or False: Sophos XG Firewall provides cloud sandboxing.

True

True or False: The majority of malware is unique to a single organization

True

True or False: platinum partners require at least one Certified Technician certification

True

True or false: MTR is a human-led service.

True

26%

Victims who paid the ransom and got the data back

Match the accreditation with the Architect certifications required to achieve it

XG Firewall Accreditation - 2 x XG Firewall Architect

Technician

allow students to learn how to provide first-level support to their customers.

Architect

allows students to get a deeper understanding of the products and how to deploy them at customer sites include lab work which allow students to get their hands on the product and navigate around guided work to reinforce the knowledge of the product theory.

Traditional

combination of signatures and heuristics

Sophos Sales Consultant

covers how to sell our core set of products, XG Firewall, Intercept X, EDR and MTR along with a deeper dive into our Partner Program.

Unmatched Efficiency

enables you to optimize IT resources and security; delivered through central management, shared intelligence, and prioritized risk

Phishing

fake electronic messages to gain sensitive information: username, password, birthday, social security, driving license; aims to steal personal or company data, sell the data illegally, use the data to commit crime

Unmatched Protection

fewer security incidents to respond to; delivered through predictive prevention, enterprise detection, and automated response

79%

organizations who agree that recruiting people with the right cyber security skills is a challenge

17%

organizations who don't know how long the threat was in their environment before it was found

20%

organizations who don't know how the most significant attack to hit them got into their organization

80%

organizations who wish they had a stronger team in place to detect, investigate, and respond to security incidents

Server Lockdown

prevents unauthorized programs running on servers and receive notifications if attempts are made to tamper with critical files

Simple deployment for mixed estates

rapid deployment across cloud, on-premises, and virtual servers, even in multi-cloud and mixed server environments

Ransomware

scrambled data + decryption key + $$ malware, phishing emails,

Centralized management

see and manage all servers from one console whether they are in the cloud, on-premise or virtual

Exploits

vulnerability - bug that causes software to behave in a way that causes reduced security abuse vulnerabilities implant malware, get foothold in network, investigate data to steal