Sophos XG Firewall : Detects and prevents encrypted viruses by Synchronized Security.

Overview

  • In this article, we will install features Synchronized Security to detect and block encrypted virus.

Scenario

  • We will simulate running ransomeware WannaCry on PC1 installed Sophos Endpoint Protection.
  • When Sophos Endpoint Protection detect WannaCry, it will block PC 1 and not access internet ultil it prevent WannaCry by Security Heartbeat features.
  • While PC 1 infected the virus, PC 2 still accessed the network normally.

Configuring

On XG Firewall

  • Login on Sophos XG Firewall Console.
  • Click Protect > Synchronized Security on the left hand.
  • On Register Security Heartbeat enter your Email Address and Password Sophos Central and then click Register
  • In Security Heart and Synchronized Application Control click ON.
  • Click Protect > Firewall > Add Firewall Rule > User/Network Rule.
  • Name the policy Default_Network_Policy.
  • This rule allow PC access internet.
  • The remaining parameters are as follows.
  • In Synchronized Security in the image above, this is the feature of Security Heartbeat, this feature will monitor the status of the computer by 3 color green , yellow , red.
  • In this rule we choose Green, it mean that allow computer with green states to be allowed to access internet.
  • To see monitor the status of the computer click Control Center > Security Heartbeat.

On PC 1

  • We download Ransomeware WannaCry and run it.
  • Sophos Endpoint Protected will dectect and prevent WannaCry.
  • Now, the state of PC1 will change from Green to Yellow and PC 1 not access internet.
  • We just can access internet until Sophos Endpoint prevent virus and the state of PC 1 is green or connected.

Be the first to comment

Leave a Reply

Your email address will not be published.


*