Sophos XG Firewall – Malware Prevention

Sophos – Protecting you from Malware

Ransomware is the number one malware attack seen on the web today. This style of malware holds your files hostage and forces you to pay the hacker in a form of internet currency. This has allowed hackers to make over one billion dollars in 2016. Since they have had such financial success with this style of malware, several hackers continue to morph and change the code behind the malware. This makes the Ransomware able to bypass traditional security features and allow the attackers to collect their “payday” from you.

Sophos has decided that it was time to stop paying criminals and prevent them from using these tactics. To accomplish this Sophos released a multitude of products and features with one of them being the Sophos XG Firewall. Going back to the model that the XG Firewall is the fastest firewall that is still secure enough to prevent ransomware, it makes sense that there are built in features to do just that. To meet this goal the XG uses Advanced Threat Prevention, Web Content Filtering, and Intrusion Prevention Systems.

To understand the configurations for each category, you need to know that Sophos keeps a master list of sites, content, and geographic regions that are seen as either safe or potentially harmful. This list is then propagated to each XG and as threats are found throughout the world, this list can be updated so you are not caught off guard by “same day” attacks. This makes the settings for Advanced Threat Protection simple because you just need to turn it ‘ON’ inside the firewall to enjoy the benefits. With Web Content filtering it is a bit little trickier. Content Filtering from Sophos comes with a feature called dual Anti-Virus, which scans both inbound and outbound traffic. This feature, as well as the categories for Anonymizers, Command & Control, Phishing & Fraud, and Spam URLs keeps Ransomware from calling back home. If the Ransomware is not able to call back to where it originated, it will not download the full payload. Without the remaining code, the malware is stopped. Then the Ransomware files are more like a space filler than a virus. At this point, most local antiviruses will remove the original malware before the files become live. Content filtering covers the users’ internet browsing habits, but what about email and more importantly, cloud-based email. Because more companies are moving to cloud-based solutions for email, it has changed the way firewalls need to protect email and verify attachments.

As it is, most users leveraging a cloud-based email solution are able to click on an email even when it is spam. These users may think they have a normal run of the mill file attachment but in fact, they just activated the calling feature of a Ransomware file. The dual scanning feature from content filtering should prevent this traffic, but what if it doesn’t because it is tricked? Do you want to rely on only one method of protection when thousands or even millions of dollars of downtime is on the line? The additional IPS or Intrusion Prevention System has a separate category list that looks for all malware communication whether it was initiated by a user or an external source. Rather than just checking traffic when a download starts, IPS looks at the traffic after the first steps are taken and makes sure the download does not change into something harmful. Therefore, the user may be downloading a PDF or PowerPoint presentation and then it abruptly stops. The reason behind this is that the additional hidden code was picked up by the IPS and stopped before the malware could be completely downloaded.

In short, the XG Firewall protects your users from dangerous malware like Ransomware when they are browsing the internet, emailing, or even opening everyday files. For assistance acquiring or configuring a Sophos XG Firewall to protect your company, feel free to contact NetLink Solutions today or give us a call now at 918-893-9520.