CVE-2020-1472 Zerologon is about to go into the wild. Is XG able to detect those logon attacks with IPS?
This thread was automatically locked due to age.
CVE-2020-1472 Zerologon is about to go into the wild. Is XG able to detect those logon attacks with IPS?
This story is from August. Wondering why some news pages are covering this now?
Maybe reply to this story on news to cover the CVE for Netlogon, as this CVE is missing in the table below.
__________________________________________________________________________________________________________________
This story is from August. Wondering why some news pages are covering this now?
Maybe reply to this story on news to cover the CVE for Netlogon, as this CVE is missing in the table below.
__________________________________________________________________________________________________________________
Here you go: Details on the attack: https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/
IPS Signatures with the matching attacks: https://docs.sophos.com/nsg/threatlabs/SFOS/IPSSummary.html
https://docs.sophos.com/nsg/threatlabs/SFOS/IPSReleaseNotes/9.17.45_s.pdf // https://docs.sophos.com/nsg/threatlabs/SFOS/IPSReleaseNotes/7.17.45_s.pdf
**Edit** Hopefully i did not break anything. FloSupport I accidentally flagged my post as spam.
__________________________________________________________________________________________________________________
Another layer would be: Central Endpoint does have a own set of IPS rules. Therefore the Endpoint can actually protect itself. In case you have a flat broadcast domain. See: https://community.sophos.com/intercept-x-endpoint/eap/b/blog/posts/notice-for-next-eap-update
__________________________________________________________________________________________________________________