Reignite your firewall to block ransomware Wana Tun

Information Technology Press Releases Thursday October 5, 2017 16:38
Bangkok--5 Oct--Sophos
As cyberthreats continue to evolve rapidly, it is important for firewalls to be upgraded to protect against these threats.

Today, even in the most diligent organisations, there is usually a gap between the discovery of a vulnerability and the patching deployed, which can put the company at risk of a security lapse. This is why a next-generation firewall is essential to provide enterprises with a strong first line of defence against advanced threats.

In all next-generation firewalls, there is a critical security component known as Intrusion Prevention System (IPS), which performs deep packet inspection of network traffic to identify and block exploits before they reach a target host. In addition, a next-generation firewall also includes an essential security layer known as cloud-based sandboxing technology, which detects weaponised documents that lurk in common files like Microsoft Office documents and PDFs. It identifies suspicious files at the gateway and sends them to a safe sandboxing infrastructure in the cloud to detonate active content and monitor the behaviour over time.

Having said this, it is important to keep in mind that IPS and sandboxing are only effective against traffic that is moving across the firewall. Hence, there are some best practices to pursue in order to prevent the spread of worm-like attacks on the network.

Recommended best practices:
· Ensure you have the right protection, including a modern, high-performance next-generation firewall IPS engine and sandboxing solution

· Do thoroughly review the network and eliminate non-essential open ports accessible from outside, as open service ports are susceptible to attack, and a potential avenue for spreading worms. Therefore, where possible, it is recommended to use VPN to access resources on the internal network from outside

· Secure both ingress and egress traffic with appropriate IPS profile
· Apply sandboxing to web and email traffic to ensure all suspicious files coming through web downloads and email attachments are being analysed for malicious behaviour before they get into your network

· Minimise the risk of lateral movement within the network by segmenting local area networks (LANs) into smaller, isolated zones or virtual local area networks (VLANs) that are secured and connected together by the firewall. Also, apply suitable IPS policies to the rules governing the traffic across the LAN to prevent exploits, worms and bots from spreading between LAN segments.

· Automatically isolate infected systems. When an infection hits, it is vital that your security solution quickly identifies compromised systems and isolate them until they can be cleaned up, either automatically or through manual intervention.

As ransomware, botnets, and other advanced attacks are capable of spreading through the entire IT infrastructure, it is crucial for the firewall and the endpoint to communicate and share meaningful information about suspicious and confirmed bad behaviour.

Although this was not possible in the past, today, through the Sophos Synchronised Security approach, the endpoint and network can act as one integrated system to communicate information in real-time. This means enterprises can prevent, detect, investigate and remediate threats easily with minimal effort. In the past, this type of discovery and incident response would usually take weeks or months but is now reduced to seconds with synchronised security.

For organisations that do not have the luxury of extensive in-house security teams, the synchronised security approach can help bolster productivity while streamlining security operations and IT security management. As it delivers better protection and manageability, organisations of any size can also stay ahead of coordinated and sophisticated attacks.

Wana Tun is Global Solution Engineer, Sophos

Latest Press Release

IDG Capital, Matrix Partners, and Neo Global Capital Invest $20 Million USD into KuCoin to Bring Cryptocurrency to the Masses

IDG Capital, Matrix Partners and Neo Global Capital, industry leaders in technology and venture capital investments, jointly announced today a partnership with Singapore-based international cryptocurrency platform KuCoin, to bring cryptocurrency trading...

ATSI Pinpointing #Change Agent Vision to Accelerate Thai Software Development Thailand Software Fair 2018 will kick off on November 29, 2018 during 08:30 am.- 06:00 pm. at C-Asean, 10th floor of CW Tower.

The Association of Thai Software Industry (ATSI) has reaffirmed its roles, missions, and strategies in accelerating the Thai software industry, emphasizing mainly on digital transformation and technological innovation, being prompt to move forward with...

Roojai.com Eyes Growing Access to Digital Insurance after IFCs Investment

After a recent $7 million Series A investment from IFC, a member of the World Bank Group, Roojai.com sees the expansion of consumers' access to online car insurance products through its portal, a new insurance service especially created for drivers in...

7 ธ.ค. นี้เตรียมโดดร่ม PLAYERUNKNOWNS BATTLEGROUNDS บน PLAYSTATION 4 พรีออเดอร์วันนี้ รับเลยไอเทมพิเศษ!

PlayerUnknown's Battlegrounds (PUBG) เกมต้นฉบับ Battle Royale มาทันให้ทุกคนได้สนุกกันก่อนช่วงเทศกาลหยุดยาวปลายปีนี้พร้อมกับไอเทมพิเศษ ชุด Nathan Drakeจากเกมดัง the Uncharted series และ Ellie's backpackจาก The Last of Us...

ADATA Launches Ultimate SU630 3D QLC NAND SSD Great performance and value make this SSD a viable alternative to HDDs

ADATA Technology, a leading manufacturer of high-performance DRAM modules, and mobile accessories today launched the ADATA Ultimate SU630 2.5" SATA 6Gb/s SSD, which signals its expansion into 3D QLC NAND Flash storage. With next-generation QLC...

Related Topics