CVE-2020-1472 Zerologon is about to go into the wild. Is XG able to detect those logon attacks with IPS?
Here you go: Details on the attack: https://nakedsecurity.sophos.com/2020/09/17/zerologon-hacking-windows-servers-with-a-bunch-of-zeros/
IPS Signatures with the matching attacks: https://docs.sophos.com…
This story is from August. Wondering why some news pages are covering this now?
Maybe reply to this story on news to cover the CVE for Netlogon, as this CVE is missing in the table below.
IPS Signatures with the matching attacks: https://docs.sophos.com/nsg/threatlabs/SFOS/IPSSummary.html
https://docs.sophos.com/nsg/threatlabs/SFOS/IPSReleaseNotes/9.17.45_s.pdf // https://docs.sophos.com/nsg/threatlabs/SFOS/IPSReleaseNotes/7.17.45_s.pdf
**Edit** Hopefully i did not break anything. FloSupport I accidentally flagged my post as spam.
Good work! Thanks. At least some mitigation at the subnet border.
Another layer would be: Central Endpoint does have a own set of IPS rules. Therefore the Endpoint can actually protect itself. In case you have a flat broadcast domain. See: https://community.sophos.com/intercept-x-endpoint/eap/b/blog/posts/notice-for-next-eap-update