Sophos introduces lateral movement protection to XG Firewall to stop advancing cyber attacks
Sophos, a global leader in network and endpoint security, recently announced that its next-generation Sophos XG Firewall now includes lateral movement protection to prevent targeted, manual cyber attacks or exploits from infiltrating further into a compromised network.
The Sophoslabs 2019 Threat Report discusses a rise in targeted ransomware. With the Samsam ransomware campaign estimated to have earned more than US$6.5 million, it is not surprising that criminals are attracted to this method.
In these attacks, cybercriminals target weak entry points and bruteforce Remote Desktop Protocol (RDP) passwords. Once in, they move laterally, working one step at a time to steal domain admin credentials, manipulate internal controls, disable back-ups and more. By the time most IT managers notice what’s happening, the damage is done.
“Many organisations are set up to protect against automatic bots, but not interactive, human-driven attacks. If active adversaries get into a system they can ‘think laterally’ to troubleshoot roadblocks, evade detection and move around. It’s hard to stop them unless the right security measures are in place,” said Sophos Senior Vice President and Products General Manager Dan Schiappa.
“Most lateral movements happen on the endpoint, which is why synchronising security is important. Attackers will attempt to advance using non-malware techniques, such as exploits, Mimikatz and privilege escalation. The network needs to know to respond and automatically shut down or isolate infected machines before anyone or anything spreads further,” Schiappa stated.
Similar cybercat-burglar-like attacks, such as Bitpaymer, Dharma and Ryuk, use a similar lateral movement playbook to hand deliver ransomware. These attacks are very different from Ransomware-as-aservice (Raas) tool-kits sold on the dark web. Sophos expects manual control attacks to continue into 2019.
“Stopping lateral movements from active adversaries or worm-type exploits - by sharing intelligence between the firewall and endpoints and automatically isolating infected systems is critical for every organisation today,” added Schiappa. “Unfortunately, many business environments could have blind spots on their network switches or LAN segments, and these can become secret launch pads for attacks. The new features in Sophos XG Firewall prevents threats from spreading, even where the firewall doesn’t have direct control over traffic.”
The Sophos XG Firewall automatically interacts with Sophos’ endpoint products, including its new Intercept X Advanced with Endpoint Detection and Response (EDR), to deliver this new layer of protection.
These essential security anchors connect via the Security Heartbeat in Sophos’ Synchronised Security technology. This creates an intelligent solution that can proactively predict and protect against threats, detect and prevent further infection by automatically isolating machines, and remediate the infection. Security Heartbeat technology enables the automatic isolation of highrisk endpoints from other endpoints on the same broadcast domain or network segment.
“Our ingenious and aggressive cyber-criminal adversaries are vigilant in developing new threats, leveraging exploits or manually attacking organisations themselves; the breaching of a weak point in a network followed by lateral movement and credential elevation is an increasing common playbook of the day,” said IDC Security Products Research Vice President Frank Dickson.
“By connecting network and endpoint intelligence through Security Heartbeat, Sophos has implemented an innovative and significant feature to identify and mitigate lateral movement-centric cyberattacks within seconds, automating the prevention of a threat spreading by isolating the endpoint. Essentially, Intercept X is strengthened with Sophos XG Firewall network-based enforcement to create a more integrated and synergist approach to cyber defense for businesses, easing the administration burden for cyber security professionals.”
“A few years ago, when everyone was talking about the need for bestin-breed point products to create a layered approach, Sophos was pioneering synchronised security and revolutionised the cybersecurity market with its security heartbeat solution. In today’s world of constant and changing cyber-threats, having endpoint and network products communicating with each other and sharing intelligence is more important than ever,” said Pine Cove Consulting Vice President Brandon Vancleeve, a Sophos Partner in Bozeman, Montana.
The new lateral movement protection is a huge enhancement to what was already impressive in Sophos’ Synchronised Security. Now, the XG Firewalls and endpoint protection will be able to isolate machines within their own subnet. This is an important development that will only improve our customers’ security posture, allowing them instant visibility into threats beyond the network. Most of our customers have multiple LAN segments, so the new detection adds to what we consider the best protection available on the market.