Skip to main content

Search

API & Integrations - Engage Sophos Integration Cloud Gateway

86657d d8eb80

This article contains information on integrating Mimecast's Human Risk Platform with Sophos, to enhance Human Risk scoring by analyzing malware-related behaviors.

Overview

The integration with Mimecast's Human Risk Platform and Sophos enhances the robustness of Human Risk scoring, by adding metrics for human interaction with malware on devices.
The integration reads endpoint protection events associated with cases from Sophos via the API. These are forwarded to the Human Risk Platform, which associates each case with a user, and updates the malware behavior score for that user.
This allows you to send your End Users training and other information, based on their malware associated behavior.

This integration is for Email Security Cloud Gateway (CG) only.

Considerations

  • This feature is only available to customers with Engage (including those with an Engage Trial), or the Human Risk Command Center.
  • Historical events will not be pulled from Sophos, only events from the point of integration onward. 

Prerequisites

  • Sophos subscription, including Endpoint Detection & Response.
  • Mimecast Engage subscription.
  • You must have one of the following roles:
    • Global Sys Admin.
    • Sys Admin - SD Full.
    • Super Administrator.
    • Full Administrator.
    • Basic Administrator.
    • Partner Administrator.
    • Custom Role with Integrations Marketplace (Read/Write permissions must be enabled.)

Configuring the Sophos Integration

The integration is configured Sophos Central, and then in the Mimecast Administration Console, in the Integrations Hub.

You can configure the Sophos integration with Human Risk, by using the following steps:

  1. Log in to Sophos Central.
  2. Navigate to My Products | General Settings | API Credentials Management.
  3. Click on Add Credential.
    • Enter a Credential name.
    • For Role, select Service Principal Firewall.
    • Click on Add.
    • Sophos Central generates a Client ID and Client Secret, which will be required at a later stage in the process.
  1. Log in to the Mimecast Administration Console.
  2. Navigate to Integrations | Integrations Hub.
      Integrations Hub Navigation CG-s.jpg  
  3. From the available Integrations, select Sophos, and click on Configure New.
    New Sophos Integration
  4. Complete the Details section:
    • Enter an Application Name.
    • Enter a Description.
    • Enter the Client ID and Client Secret noted in step 3.
      Create Sophos Integration
  1. Select Save to complete the integration process.

Frequently Asked Questions

Q: How long does it take to deploy the integration?
A: The integration can be fully deployed in just a couple of minutes. It may take up to 24 hours for malware-related scores to appear in the Human Risk Command Center.
Q: Is any historical data loaded from Sophos?
A: Historical events will not be pulled from Sophos, only events from the point of integration onward.
Q: Why do I not see many malware events affecting users’ risk score?
A:

A frequent concern users have with human risk is marking innocent users risky due to false positives in the security solutions we leverage for data. To mitigate this, only events associated with cases are counted against users.

See Also...

 

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk