Sophos XG: How to configure Advanced threat protection function on firmware version 18

Overview

The threat landscape continues to evolve as bad actors engage in targeted and sophisticated tactics, techniques and procedures with common tools and proven attacks

SophosLabs observed several advanced trends, which we believe will play a significant role in new cyber-attacks: from the continued adoption of manual attack techniques by ransomware gangs, the steady increase in malicious deployment of cryptocurrency miners, to mobile platform and growing IoT exploits

SophosLabs’ threat research team and highly automated infrastructure utilizing next-generation tools, has developed high-accuracy, distinctive and often exclusive data sets that are now available commercially and can help improve detection and response capabilities

How to configure

  • Login to Sophos XG by Admin account
  • PROTECT -> Advanced threat -> Advanced threat protection
  • To turn on advanced threat protection -> Click the on/off switch
  • To specify an action when ATP detects a threat -> Select Log only to log the data packet or Log and drop to log and drop the packet
  • To specify known hosts that you want to ignored by ATP -> Click Add new item and select hosts
  • To add destination IP address or domain names that you want to skip from being scanned for threat by ATP -> Enter an address -> Click +
  • To edit log settings -> Click Change log settings
  • Edit components which you want

-> Click Apply

  • In tab Sandstorm settings, we will configure which files will be sent to Sophos Sandstorm to check file safety
  • If files safety, it will accept go into the network
  • If files unsafety, it will be block

-> Click Apply

Be the first to comment

Leave a Reply

Your email address will not be published.


*