Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 8994 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Minimum requirement for Sophos for preventing Ransomware ?

System Engineer

Hi All,

Can anyone here please confirm if this is all I need to prevent Ransomware with my current Sophos AV module ?

 

Any comments and suggestion would be greatly appreciated.

Thanks



This thread was automatically locked due to age.
  • 0

    no it won't. It will catch wannacry but won't catch any news variants until the signatures are updated.

    Sophos have released SEC 5.5.0 which allows exploit protection to be used which will stop this.

    Unfortunately, it's another license so it depends on how much you value your business vs the risk.

    We're in the process of buying exploit protection and sandstorm for 2 UTM's which we were looking at prior to the ransomware attack.

  • 0

    [intended to reply earlier]
    Hello S.E.

    [is this] all I need to prevent Ransomware
    your screenshot doesn't show the settings, please see the Ransomware: Prevention advice for the recommended ones (you could call them minimum requirements). This is not all I need to prevent though, there's no guarantee that this will detect each and every ransomware. 

    and hello Louis-M,
    it won't catch any new variants until the signatures are updated
    I beg to differ, at least the general statement as I understand it from the rest of your reply. Of course malware writers (try to) make sure that their software isn't detected, and the actual program might indeed not get caught - if it can make it to the computer. With the other components and features in the "classic" product there's a chance that one of the precursors is blocked. And even the "classic" Live Protection components make it harder for the malware writers to fully test their product against AV.
    Thus it's not that regarding ransomware one is defenceless, least of all completely defenceless, without Intercept X. 

    [just my 2 cents]
    Christian

  • 0 in reply to QC

    HI Christian,

    yes point taken and I adknowledge that you are better off with some than none and there is a good chance that it will catch it. The point I was referring to was when the wannacry outbreak occured, Sophos pushed out their signatures as quick as they could which probably would have let wannacry in on friday without detection but would have caught it on saturday.

    For some, that might be an acceptable risk but for others maybe not and of course the bottom line is whether you can afford it too. We got hit by ransomware last year (even though we had Sophos) but we managed to catch it in time and had backups. It came in via an encrypted email and was activated by the user.

    We've got the money so we're now investing in sandstorm and exploit protection which along with our policies and others, I'm hoping will negate the risk as much as we can.

Unfiltered HTML