We have setup a standalone EAS Peoxy for Ms ActiveSync to Exchange.
Next step would be to use the Sophos Mobile Secure E-mail cliënt to only allow known Sophos Secure E-mail Clients. But configuring Mobile MDM is not that straight forward.
Is the standalone EAS Proxy in itself a secure solution over direct Ms ActiveSync to Exchange? Or is it just an open pass tru also exposing the Exchange vulnerabilities?
Hi There, Thank you for reaching us allow us to have a quick check on this and get back to you. Also, Can you share with us the version of your Sophos Mobile?
We are using Central Sophos Mobile.
If you’ve got an operating system exposed to the Internet, discoverable via Shodan, it is exploitable within minutes. What is the impact of that? If it’s in a chemical, pharmaceutical, food factory, or refinery, that’s a problem not just for downtime but more importantly because it could cause a safety or environmental incident. If it’s a temperature gauge, that’s much less risk. Companies will have a risk register for everything else, including natural disasters. They should have one for OT cybersecurity risk too.
Hi, As per further checking the EAS Proxy will only allow those devices through where the ActiveSync ID of the email app is known and allowed.Though there is no guarantee that it is sufficient though to completely prevent the attack performed via Hafnium.