Category: New

What is EDR? Automated endpoint detection & real-time response to threats

To continue our recent theme of decoding abbreviations, EDR means Endpoint Detection & Response, and that means that the age of AI is upgrading networks. This automated, real-time endpoint solution ensures that end users can work securely no matter where in the world they’re located in relation to a firewall.

With EDR, your network defenses constantly scan for the kinds of elusive malware, ransomware, and zero day threats that signature-based detection platforms miss. And in the event a security incident occurs, advanced Endpoint Detection & Response platforms such as Sophos Intercept X Advanced with EDR or FortiEDR stop attacks even if the endpoint is compromised. Guided response lets administrators easily walk through the steps of an attack to see its root cause and isolate infected machines.

EDR’s machine learning systems deter, detect, disarm, dissect, deescalate, and do away with any cyber threats you can throw its way.

Why EDR works for small businesses

Survey after survey several years running have revealed two facts: a majority of small businesses find it difficult to hire qualified IT talent–especially talent focused on network security–and their budgets often struggle to accommodate the talent they do find. Automated endpoint detection and response monitored by 24-hour machine learning intelligence adds just the kind of cybersecurity expertise that SMBs need without a higher employee headcount.

Just like modern grocery stores have self-checkout lines and autoworkers now benefit from the assistance of robotics, automation enables small businesses to do more with less to get the job done. Farm out malware expertise and incident response to the bots!

Sophos Intercept X Advanced with EDR

Intercept X Advanced has been a longstanding go-to for network admins looking to add advanced protection to their networks in a comprehensive, integrated system. Sophos Intercept X Advanced now also consolidates that industry-leading protection and EDR into a single solution. Intercept X’s advanced malware prevention significantly eases the workload on the EDR component, allowing you to utilize more of the speed and performance you pay your Internet Service Provider for.

  • Minimize staffing by automating IT tasks usually done by skilled experts
  • Prioritize potential threats & automatically detect security incidents
  • Provide visibility into attack scope, root cause, impact, & network health
  • Hunt for indicators of compromise that may leave your network vulnerable

 

Fortinet FortiEDR

FortiEDR will be made available to order on May 4th and is already boasting some big benefits and features. An EDR solution purpose-built to detect potential threats, FortiEDR stops breaches in real time, and mitigate the damage of ransomware even on machines that have already been compromised. FortiEDR also extends security to IOT devices with the ability to protect everything from PCs to servers to point-of-sale systems and more.

  • Creates very small network footprint thanks to native cloud infrastructure
  • Enjoy automated EPP with orchestrated response across platforms
  • Stop file-based malware with Fortinet’s kernel-level Next Gen AV engine
  • Eliminate dwell time & reduce post-breach expenses

 

SonicWall Capture Client

Automated endpoint detection and response is integrated into SonicWall’s Capture Client, bringing together EDR, advanced threat protection, and integrated network security. With unique ransomware rollback capabilities and intuitive attack visualizations, Capture Client offers a comprehensive endpoint protection and EDR environment for any SonicWall network.

SonicWallEDR

  • Next-generation SentinelOne malware protection engine
  • Advanced threat protection with sandbox integration
  • Behavior-based scanning powered by machine learning
  • Unique attack rollback capabilities using Volume Shadow Copy Service
  • Install & manage trusted TLS certificates to leverage DPI-SSL

 

What Is a VPN?

VPN: A Closer Look

VPN. If you hadn’t heard these three letters together before March 2020, you’ve surely heard them now. With businesses and their employees the world over exposed to work from home scenarios – many for the first time – any conversation about secure remote access involves the term. So what is a VPN? The very basic definition is – it’s a virtual private network. But that phrase is just begging for further explanation. So gather ‘round – virtually of course – as we unpack VPNs and why they’re so important for telework.

Virtual

The virtual part of VPN means just that – it requires no physical connection. Instead, a virtual tunneling protocol establishes the connection. Gophers would be jealous of the number of these tunnels out there, but of course, they don’t damage any golf courses or yards. The tunneling is achieved by a process known as encapsulation. Basically, while your remote user’s data still does have to travel through the public internet to get to the other side (i.e. your network), the virtual tunnel covers it. That means, it’s private.

Private

So the tunnel itself offers privacy to a degree, but to achieve the full security benefits of a VPN, it must be encrypted. The public internet can see that a tunnel exists, but encryption – either via SSL (secure sockets layer) or IPSec (internet protocol security) prevents anyone from seeing what’s inside. The user and the network the user connects to are the only ones who can decrypt it, with passwords (multifactor authentication recommended) and certificates.

Getting back to the types, while both SSL and IPSec provide the encryption needed to keep that virtual tunnel private, there are a couple key differences. SSL VPN allows secure remote access through a web browser – without requiring specialized client software – making it simple to deploy. Unlike SSL, IPSec VPN functions at the network layer, and it does typically require a separate hardware or software solution. We compared SonicWall’s VPN service offerings (one SSL and one IPSec) in a recent post, and in a handy chart that could offer some assistance as to which is best for your scenario.

Oh and one more note on privacy, when a user connects via VPN, it also obscures the device’s IP address. That means someone trying to track its location will only get the IP address of the network the user is connected to – a feature many non-business users find handy.

Network

So in our quest to answer the question “what is a VPN?” we’ve explored the virtual and private aspects, now let’s examine the network component. Network in this case means a user’s remote device is connected to your organization’s network. Depending on the connection type, they may have access to all of it, or just specified apps, services, and files. Either way, the VPN connection allows users access to what they need to get work done – all while protected by your existing network security. A VPN in essence extends your network’s reach to wherever your employees need to access it. And in the age of the teleworker, this secure remote access is a must.

Is your VPN connection a little slow?

Check out our video for some tips on how to speed up your VPN connection:

For more talk about all things network security, take a listen to our Ping Podcast, available wherever you listen. And for all your cybersecurity research needs in one place, visit our Knowledge Hub.

Network Security from Home – Ping Podcast – Episode 17

Episode 17: Network Security from Home

On Episode 17 of Ping: A Firewalls.com Podcast, Kevin and Andrew welcome back returning guest Daniel Kremers from SonicWall to discuss network security for the home office and for remote workers in general. He talks about when a home office firewall makes sense and how it can help. He also offers other work from home security tips about passwords, cloud applications, and VPN to name a few.

Learn about one of those home office firewall options, the SOHO 250 including a special trade up promo on now.

And browse the blog for even more guidance on security in the time of remote work. We even talked about it on our last episode as well.

In our cyber headlines segment, we talk Zoom’s cybersecurity concerns, the virtual/real NFL Draft (including a break for a special social distancing mock draft), and the surprising ubiquity of COBOL.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Remember to subscribe or follow where you can to get the latest episodes as soon as they’re released, and rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!

Comparing Cisco Meraki MX64 & Cisco Meraki MX67

Comparing the Cisco Meraki MX64 & Cisco Meraki MX67 Firewalls

The Cisco Meraki MX64 and Cisco Meraki MX67 firewalls are both geared towards small businesses looking for affordable, efficient security. Part of the Meraki MX Firewall series, these models share a lot in common at first glance. But that may make it tricky for SMBs and network administrators to decipher which of these next generation firewalls is best suited to their unique network demands.

Both SD-WAN-ready appliances are ideal for SMBs seeking an all-in-one UTM solution backed by a globally recognized brand they can trust. But which one works for you? Compare the Cisco Meraki MX64 and Cisco Meraki MX67 below with side-by-side tech spec comparisons, feature spotlights, and more.  

Cisco Meraki MX64 Tech Spec Snapshot

Cisco Meraki MX64 Firewall.

Ideal For: Entry-level firewall for small businesses

What Sets It Apart: Highly-efficient UTM & SD-WAN solution at a low price point

Max Recommended Users: 50

Max VPN Throughput: 100 Mbps

Advanced Security Throughput: 200 Mbps


 

Cisco Meraki MX67 Spec Snapshot

Cisco Meraki MX64 Firewall.

Ideal For: Remote locations & areas requiring high availability

What Sets It Apart: Built-in modems simplify cellular uplink backups for remote locations 

Max Recommended Users: 50

Max VPN Throughput: 450 Mbps

Advanced Security Throughput: 300 Mbps


 

What comes with a Cisco Meraki MX64 & MX67 firewall?

Ready to level up your security with Cisco Meraki? Tag on an Enterprise or Advanced Security license to unlock advanced security features, bolstering your network’s defenses against encrypted malware, ransomware, & zero day threats. These licenses come in 1-, 3-, 5-, 7-, or even 10-year terms and include 24×7 support from Cisco Meraki specialists, as well as the following security features:

Included with a Cisco Meraki Enterprise License

  • Stateful Layer 7 firewall
  • Site-to-site VPN
  • Client VPN
  • Dynamic host configuration protocol
  • Branch routing
  • Intelligent path control
  • App visibility & control

Included with a Cisco Meraki Advanced Security License

  • All of the features listed above, plus
  • URL content filtering
  • Google SafeSearch enforcement
  • Youtube EDU enforcement
  • Intrusion prevention
  • Advanced malware protection (AMP) with Threat Grid support
  • Geo-IP firewall rules


 

More firewall review videos

Still shopping for the right firewall for your business network? Check out our firewall review videos to compare your options. You can learn more about:

Sophos SD-RED 20 & 60: Synchronized SD-WAN

Just in the nick of time for our strange days of full-capacity remote work, Sophos releases a new heir to the secure remote access throne with a replacement for their mainstay Sophos RED appliances. The new Sophos SD-RED 20 and Sophos SD-RED 60 bring together secure, encrypted SD-WAN capabilities and the Sophos Synchronized Security flagships XG Firewall and Intercept X. These unique and simple remote work solutions extend network connectivity to remote branches, distributed offices, outposts, home offices, and any other remote workers, no matter where they’re located. Whether you need stable remote access at a mountaintop observatory or in your new sealab, Sophos SD-RED appliances have you covered with stable, secure access and real-time visibility.

Other new features include SFP ports, Power-over-Ethernet capabilities for the SD-RED 60, huge improvements in throughput, and more interfaces than previous Sophos RED devices. The Sophos SD-RED appliances work seamlessly with Sophos wireless access points and the SD-RED 60 could even support two Sophos access points with Power-over-Ethernet alone!

SD-WAN gets a heartbeat

When an SD-RED appliance is centrally managed through the XG Firewall platform (free trial?), admins can extend Synchronized SD-WAN to multiple branch locations. Synchronized SD-WAN means that not only are you replacing expensive and unstable MPLS connections with super intelligent SD-WAN capabilities, you’re also protecting traffic that traverses those SD-WAN connections with the same Synchronized Security & Sophos Security Heartbeat features that employees would enjoy on the home network.

So easy a home user can do it

Due to COVID-19, many small businesses now have employees working from home that may have no prior experience with remote work before the big change. SD-RED appliances ease the pressure of extending your secure network to remote workers with a truly plug-and-play, zero-touch deployment. No technical skill is required for remote workers or branch locations to install an SD-RED 20 or SD-RED 60. Just type the device ID into your Sophos firewall appliance and ship your SD-RED appliance to its destination. Once the device is received and plugged in, the SD-RED will connect to the Internet, call back home to your primary firewall, and automatically establish a secure VPN tunnel with auto-provisioning.

Sophos RED vs Sophos SD-RED

So how do these new remote access devices stack up against their predecessors? Check out our handy comparison table or keep scrolling to see new throughput improvements, expanded interfaces, and more to compare the original RED to the new, improved SD-RED.

Sophos SD-RED 20

Sophos SD-RED 20

  • Maximum Throughput: 250 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 1 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos SD-RED 60

Sophos SD-RED 60

  • Maximum Throughput: 850 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 2 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: 2 PoE Ports (total power 30W)
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos RED 15

Sophos RED 15

  • Maximum Throughput: 90 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX
  • WAN Interfaces: 1 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 1 x USB 2.0

 

Sophos RED 50

Sophos RED 50

  • Maximum Throughput: 360 Mbps
  • LAN Interfaces:4 x 10/100/1000 Base-TX
  • WAN Interfaces: 2 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 2.0

Buy Sophos SD-RED

Ready to get your hands on Synchronized SD-WAN? These new SD-RED appliances are ready to ship now! With the Sophos RED 15 potentially looking at backorders in the wake of the remote work rush, the SD-RED 20 and 60 have landed just when they are needed most. Synchronize your SD-WAN and secure your remote workforce today!