Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure Sophos for Securing IoT devices?

Deepak Verma

Hi,

As Sophos does not have the option to configure policies based on device type so How will configure my IoT devices security? I have many devices which are connected to office LAN network but I don't want to give internet permission to some special type of devices. I am not willing to configure a policy per IP based or configure separate Subnet for those devices.  How can I configure the policy in Sophos so Sophos will automatically identify device type and block the access as same as Fortigate?

 

Regards,

Deepak Kumar

 

 

 



This thread was automatically locked due to age.
  • 0

    Deepak,

    Fortinet is using ForeScout's CounterACT for IoT security through FortiGate.  CounterACT finds and identifies devices on a network/cloud, so policies can be created for them in FortiGate.  According to Fortinet, "ForeScout CounterACT identifies devices based on their IP addresses, including network infrastructure, BYOD systems, non-traditional IoT devices (handhelds, sensors and machines), and rogue endpoints (unauthorized switches, routers, and wireless access points)- no management agents or previous device awareness is required."  A few security companies like Fortinet use CounterACT in Firewall and VPN to see devices and control which devices can connect to the network.  Fortinet also uses CounterACT in its Meru Secure Wi-Fi to assist.

    Sophos and most other security companies use CounterACT in End Point Protection.  Like in Fortinet, devices one your network and policies are created to control their interactions across the network.  If a device is identified as rogue, infected, or acting maliciously, the bad devices are blocked from communicating with your network, and all your good devices are told to stop talking to the bad devices.    Active and passive malware is stopped, any files encrypted by ransomware are unencrypted or rolled back to the most recent unencrypted copy, and any malicious communication or files that left your network is tracked and reported to you.   In most cases, the attack is stopped and any damage is undone.

    End Point Protection and Intercept X coordinate with Sophos XG Firewall, Secure Wi-Fi, and other Sophos Central products to handle issues with IoT and other devices.  Sophos EPP uses CounterAct.  Intercept X also includes End Point Protection with CounterACT.  Intercept X uses Artificial Intelligence and Machine Learning in addition to CounterACT.  Both Intercept X and EPP coordinate with with XG Firewall through Synchronized Services in Sophos Central to automatically identify and mitigate issues as they happen or as they are discovered across all network devices.  You can also track, research, and manage issues and devices manually from anywhere in the world using Intercept X through Sophos Central.

    1. If you're not using Intercept X or End Point Protection, you can purchase them.  When you purchase Intercept X, EPP comes with it.  You can also purchase End Point Protection without Intercept X.

    2. In addition to Intercept X and EPP, you can also purchase Sophos Secure Wi-Fi.  Secure Wi-Fi integrates with your XG Firewall and coordinates with Intercept X and End Point Protection through Sophos Central.  This helps ensure that wireless IOT devices are seen and addressed.  Other vendor Wi-Fi will work on your network too (I use Ruckus).  You can use EPP and Intercept X and Sophos Central through the third-party Wi-Fi, but you can't control the third-party Wi-Fi from Sophos security.

    3. Another option is Sophos Home.  Sophos Home is End Point Protection that includes many of the features of Intercept X.  Sophos Home is independent with it's own cloud controller.  Sophos home doesn't coordinate with XG Firewall, Sophos Central, or other Sophos products.  Sophos Home won't control IoT devices, but end points with Sophos Home will be protected from IoT devices. Sophos is a cheap alternative if you just want to protect computers from IoT, rogue devices, zombie devices, and other issues.

     

    If you don't like any of these ideas, you can: 

    A. You can configure per MAC address policies.  The problem is that you must account for each device having more than one MAC address depending on how that device connects to your network; i.e.: wired LAN, Wi-Fi, etc.

    B. You can create multiple LAN and VLAN interfaces. Set Firewall Rules based on Zones and the Interfaces in them.  Use DHCP Relay, so you don't have to configure subnets.  You're limited to the amount of simultaneous leases you already have in DHCP, and you must alway ensure that devices are connected to the correct LAN/VLAN.

     

    Regardless of which of these options you choose, you may not be able to see or manage devices that are connected to your network through another device; such as one or more devices tethered to a computer or a wired hotspot.

    • 0 in reply to David Birdsall

      Hi,

      Thanks for useful Ideas. As no one wants manual work in today life, I am also not. As you mentioned the first Idea, which is looking good but many types of devices are connected today network and it's almost impossible to install a security client on these devices, or in many cases, even push bulk security updates to their firmware. These devices are vulnerable to attacks and can be weaponized to deliver the DDoS attack etc.

      Now, these devices are challenges for me and my team.  For an example, My company permitted Ipad to connect with the office network but not allowed to iPhone or iPad which are coming with SIM option means only allowed purely wifi devices no mixed devices.

      How Can I control this type of devices? Do you have any Idea?

       

      Now, I am coming to your Idea with Mac address policies but we are more than 2500 employees in my company and it is not possible for IT team to collect devices MAC address and high chance for mistakes.  If I will advise my team to collect MAC address of all employees devices then It will be nearby 10000 MAC address count (3 Device Per Employee). Now the biggest tension is Windows 10 because it can generate random mac address and we are suggesting to employees to use this feature in the public open network.

      I hope you got my points and will advise on the same.

      Regards,

      Deepak Kumar

      Sophos Architect | NSE 4 | CCNP | CISE