Overview
- In this article, we will install features Synchronized Security to detect and block encrypted virus.
Scenario
- We will simulate running ransomeware WannaCry on PC1 installed Sophos Endpoint Protection.
- When Sophos Endpoint Protection detect WannaCry, it will block PC 1 and not access internet ultil it prevent WannaCry by Security Heartbeat features.
- While PC 1 infected the virus, PC 2 still accessed the network normally.
Configuring
- Firstly, we need to install Sophos Endpoint Protection on PC 1 and PC 2.
- To install it, we can see the instruction here : Install Sophos Endpoint Protection.
On XG Firewall
- Login on Sophos XG Firewall Console.
- Click Protect > Synchronized Security on the left hand.
- On Register Security Heartbeat enter your Email Address and Password Sophos Central and then click Register
- In Security Heart and Synchronized Application Control click ON.
- Click Protect > Firewall > Add Firewall Rule > User/Network Rule.
- Name the policy Default_Network_Policy.
- This rule allow PC access internet.
- The remaining parameters are as follows.
- In Synchronized Security in the image above, this is the feature of Security Heartbeat, this feature will monitor the status of the computer by 3 color green , yellow , red.
- In this rule we choose Green, it mean that allow computer with green states to be allowed to access internet.
- To see monitor the status of the computer click Control Center > Security Heartbeat.
On PC 1
- We download Ransomeware WannaCry and run it.
- Sophos Endpoint Protected will dectect and prevent WannaCry.
- Now, the state of PC1 will change from Green to Yellow and PC 1 not access internet.
- We just can access internet until Sophos Endpoint prevent virus and the state of PC 1 is green or connected.
Leave a Reply