Tag: cyber threats

Sophos Threat Cases make malware cleanup easy

What are Sophos Threat Cases?

Sophos Threat Cases make Intercept X Advanced with EDR truly stand out from the crowd as an end user protection platform. Granting admins the ability to investigate and clear up malware attacks with just a few clicks, Threat Cases provide a birds’ eye view allowing you to visualize incidents occurring on your network. After getting an idea of what the incident looks like, you can then drill down into individual events and files to investigate details at a granular level. Guided response, root cause analysis, and attack visualization make Threat Cases a one-of-a-kind experience for network administrators.

See where attacks originated, how and where they spread, and identify which files, processes, applications, and devices were affected by the breach. Threat Cases are available for both XG firewalls and for servers, offering extensive visibility and control both on-premise and in the cloud.

Quickly identify, diagnose, & mediate

    • Isolate affected devices
    • Search for similar threats
    • Clean up after a breach
    • Block threats with automated guided response

For example, if malicious behavior is detected in an Office 365 file such as a Word document or Excel spreadsheet, Sophos Threat Cases will indicate that the file was written to the computer by Outlook.exe and tip off administrators that the threat was the result of a malicious email. Admins may then use this information to identify and close security gaps to prevent future exploitation of this attack vector.

Threat cases are only generated for malicious behavior detections and do not include detection of Potential Unwanted Applications and other false positives.

Types of infections seen by Sophos Threat Cases:

    • Malware detection
    • Web threats
    • Malicious behavior
    • Malicious traffic
    • Exploits

Where to find Sophos Threat Cases

If you want to take advantage of the features offered by Sophos Threat Cases such as root cause analysis, registry key and process filters, infection path visualization, and guided response, you’ll need an Intercept X Advanced license to get started. Once logged into your Sophos Central Admin dashboard, Sophos Threat Cases can be found by clicking the “Endpoint Protection” or “Server Protection” menu linked in the “My Products” section.

Sophos Threat Cases is found in the Sophos Central admin dashboard

The Anatomy of a Threat Case

What does a threat case event look like and why is it so helpful for network administrators? Every Threat Case begins with a simplified events chain, giving an easy-to-follow visualization of the basic details of your incident.

Simplified Attack Chain makes it easy to visualize a breach

After the simplified attack chain, each Sophos Threat Case serves up a more robust attack summary that details basic information like detection name, root cause, potentially affected data, infected user, device names, and attack timeframe.

The summary section is followed up by a Suggested Next Steps function which generates automated remediation advice on what to do next. Advice is dependent on the type of attack and other details specific to the incident. Examples of some advice from Sophos Threat Cases include isolating computers, setting priorities, and setting the status of a case record.

Last but definitely not least, the Analyze section is home to most of the detailed information admins will love from Sophos Threat Cases. Here you can find graphics of the attack “beacons” that Sophos detected and the root cause that Threat Cases identified. The beacon and root cause are then linked by interconnecting lines that make up the attack chain.

Sophos Threat Cases Analysis Section

Admins can click on any individual event in this attack chain graphic, allowing them to view additional detailed information in a right-hand pop-up menu.

Sophos Threat Cases detail overviw

Try Sophos Intercept X and Sophos XG Firewall

Ready to get your hands on Threat Cases but still not sure about Sophos security? Try a 30-day trial of Intercept X or a 30-day trial of Sophos XG Firewall for free before you buy. You can also get your next Sophos XG Firewall appliance at no cost when you purchase a qualifying 3-year security license with our Sophos Evolved Firewall Promo.

Preparing for the Tempest: SonicWall’s 2020 Cyber Threat Report

The Past is Prologue

As Shakespeare once wrote, “the past is prologue.” When it comes to cybersecurity, knowing the recent past – and trends in the threat landscape – is vital to protecting your network against the latest and greatest hazards. And so the past – as in 2019 – is prologue in the 2020 SonicWall Cyber Threat Report. The report is prepared by SonicWall’s Capture Labs threat research team. It provides an in depth look at the cyber threats of 2019 to help businesses, governments, and organizations of all sizes better prepare to stop the threats of 2020. Let’s take a look at some of the highlights of the Cyber Threat Report.

SonicWall 2020 Cyber Threat Report

Ransomware Shifts Strategy

The good news: Ransomware attacks were down in 2019 – 6% in fact – from the all-time high recorded in 2018. There were a grand total of 187.9 million last year. The less good news? Well, you probably saw it in the news. There was an increase in targeted attacks, hitting government networks, power grids, and even schools & hospitals. Attackers more and more are focusing on quality over quantity, looking for targets that are most likely to pay rather than blanketing all corners of the connected world.

Just how many of these targets were hit last year? It’s probably under-reported because victims can be hesitant to reveal a breach. But more than 140 state and local governments were successfully targeted for the year, and over 600 schools and hospitals – just through September. The Cyber Threat Report warns, however, that the average individual can still be a target, too. Researchers note that ransomware operators are more willing than ever to have a dialog and negotiate with their victims to get a payout. They’ll even use things like sextortion scams, a form of blackmail that suggests the attacker has compromising information or images that they’ll release unless the victim pays.

IoT Malware on the Rise

You down with I-o-T? Yeah, probably! While internet of things devices are hardly Naughty By Nature, they’re becoming more and more ubiquitous. As in, if you’re reading this, there’s virtually zero chance you don’t use some type of IoT device(s) in your everyday life. But with that popularity comes greater exposure. In 2019, the Cyber Threat Report indicates there were 34.3 million IoT malware attacks. Oh, and those attack numbers – much like the number of IoT devices – are trending up.

Security has not initially been a priority for most IoT device manufacturers. With no standards in place, devices commonly come with out-of-the-box vulnerabilities like weak or hard-coded passwords, unsecured interfaces, and a lack of secure update mechanisms. An otherwise secure network with vulnerable IoT devices may be leaving a backdoor wide open for hackers to access data.

Encrypted Threats Continue Growth

While transport layer security (TLS) and its predecessor, secure sockets layer (SSL) encryption standards are largely meant for good, bad actors are always looking to spoil the fun. Encryption when used for wholesome purposes ensures privacy and protects data. But hackers use this encryption against a network, sending malicious packers to obfuscate malware files. That can get them through a network’s standard defenses. The Cyber Threat Report shows our aforementioned bad actors sent 3.7 million malware attacks over TLS/SSL traffic in 2019, 27.3% more than the year prior. Why is this technique on the rise? Many firewall appliances don’t have the capability or power to detect, inspect, and stop attacks sent through encrypted traffic.

Defenses Are Improving, Too

Most of this Cyber Threat Report analysis is probably giving you anxiety, so let’s end on a positive note. The forces for good are continually improving their (which also means your) defenses against these hazards. Security advances include faster identification – and in turn faster mitigation – of zero-day threats. For instance, SonicWall is able to ID never-before-seen malware variants about 2 days before malware repository VirusTotal receives samples. Also noted are advancements made in deep memory inspection technology to combat side-channel attacks among others. In SonicWall’s case, that technology is a part of its Real-Time Deep Memory Inspection (RTDMI) engine. You can get a taste of it with a new SOHO 250 or TZ350 bundle. The report additionally spotlights growing momentum of perimeter-less security as traditional boundaries go by the wayside. This includes the introduction of the secure access service edge (SASE), which would combine software and service-based security solutions.

Want to Learn More?

Visit our Threat Dictionary to get updated on some of the latest cyber threats out there today. Shop for SonicWall security solutions like firewalls, web application firewalls, and cloud app security to name a few. And get your very own copy of the full 2020 Cyber Threat Report to dig into all the nitty gritty details yourself.

Intelligence in the Threat Landscape

Arm yourself

The modern threat landscape has many pitfalls. The best way to set yourself up to successfully negotiate this hazardous terrain is with the proper armor. What is the right armor? Knowledge. Personal knowledge of the types of threats that exist. Organizational knowledge of how to behave online. And the knowledge of dedicated threat intelligence experts that goes into the security solutions offered by top network security providers. Companies like SonicWall, Fortinet, and Sophos have teams of security analysts keeping tabs on the threat landscape 24/7/365. They incorporate this knowledge with artificial intelligence and machine learning to offer the most comprehensive protection possible against the latest threats.

In our latest video, we take a closer look at the threat landscape, what you can do to arm yourself, and what these companies are doing to fortify that armor. Watch below:

Thirsty for more?

If you finished that video yearning for even more threat intelligence, read through the Firewalls.com Threat Dictionary to get an A to Z guide through the current landscape.

To complete your multimedia quest for threat knowledge, we also offer an audio option. Listen to Episode 5 of Ping: A Firewalls.com Podcast in which we talk cyber threats with two experts in the field, SonicWall’s Daniel Kremers and Fortinet’s Douglas Santos.