Thread Info
  • State Not Answered
  • Replies 14 replies
  • Subscribers 14 subscribers
  • Views 1477 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall: v21.0 EAP1: Third Party Threat Feeds Discussions

LuCar Toni

Release Post:  Sophos Firewall v21 Early Access Announcement 

Whats New Link: https://assets.sophos.com/X24WTUEQ/at/7t8k46h9ttmxt6pn8g58k7wb/sophos-firewall-key-new-features-v21.pdf 

General V21.0 EAP1 Discussion Channel:  Sophos Firewall: v21.0 EAP1: Feedback and experiences (EAP Thread)  

Feel free to share your experience with 3rd Party Threat Feeds and discuss the reasoning, it worked / not worked of importing them. 

Active Threat Response with 3rd Party Threat Feeds: 

  • Active Threat Response has been extended with support for third-party threat feeds to enable easier integration with 3rd party SoC providers, MSPs, industry specific security consortium
  • Now, you can easily add additional vertical or custom threat feeds to the firewall which will monitor and respond in the same automatic way – blocking any activity associated with them – across all security engines and without requiring any additional firewall rules

Setup and monitor your third-party threat feeds under the Active Threat Response menu 

  • Synchronized Security’s automated response to active threats is also extended to third-party threat feeds. Firewall presents threat analysis after corelating threat attempts with managed endpoint.


Format
[bearbeitet von: LuCar Toni um 7:53 AM (GMT -7) am 30 Aug 2024]
Parents Reply Children
  • 0 in reply to apijnappels

    Are those people accessing services you offer or simply ACL blocks, which would be blocked anyway? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    They are both; looks like some just try to access (or maybe scan) for services like SSH, RDP or whatever, some are also coming to ports that are forwarded to internal servers. There are also a lot of high-range dst-ports that I do not recognize as belonging to certain services.

    I have the feeling that most would have been blocked anyway. However I like the idea of just blocking them at the front door before they could be allowed to look for vulnerabilities in services that are otherwise publicly available.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML