Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
News
Home›News›WatchGuard Threat Detection & Response

WatchGuard Threat Detection & Response

By admin
26/10/2017
2100
0
Share:
WatchGuard logo
The Threat Landscape for SMBs
News headlines are flooded with reports of cyber attacks against large enterprise organisations. But what you don’t see in the news are the small and midsize businesses (SMBs) and distributed enterprises that fall victim to these malware attacks each and every day. In fact, the U.S. Securities and Exchange Commission actually reports that SMBs are the principle targets of cyber crime. In 2014, over 60% of all targeted cyber attacks were againstSMBs and 75% of all spear-phishing attacks are directed against SMBs.
What makes these attacks more difficult for SMBs is the cost associated with them. Many of these businesses, roughly half of them in fact, actually go out of business within six months of a cyber attack. SMBs are expected to face the same threats as enterprises, but with smaller budgets and fewer resources. How can SMBs win the battle against cyber crime without breaking the bank?
The Shift from Signatures
Hackers seem to have security vendors figured out. Criminals create a new form of malware that gets past antivirus. This malware strain will infect a few companies before being detected, and security companies will then work quickly to create a signature to block future attacks. Once they’ve been blocked a few times, these criminals either ditch the malware altogether or run it through an obfuscator to change the signature. The process repeats between a new malware variant and a new signature again and again.
In recent years, we’ve seen the shift from focusing on signatures as the key way to defend against threats. Security vendors are getting smarter and looking to approach the malware battle by identifying and blocking behaviours that malware threats rely on to function. Not all variants behave exactly the same way, or follow the exact same steps, but there are some common behaviours that can be tracked to improve detection.
Understanding Malware Behaviours
Malware moves in some not-so-mysterious ways. While hackers are always evolving and changing their methods of attack, there are a few consistent behaviours that most malware tends to follow.
Here are a few of their favourite steps:
• Sneaks a destination hosting malware into a Microsoft macro to download and execute the malware
• Spawns and deletes itself in order to evade detection technologies
• Attempts to gain administrator privileges by dodging controls that exist to manage user access control and authorisation in the kernel of the operating system
• Modifies files or processes by injecting malicious components
• Deletes original system files and replaces them with malicious copies of the same file type and name
Signatures are great and necessary defence against known threats, but organisations need a way to stop the unknown or new malware variants as well. Tracking combinations of behaviours such as those above can enable the detection of new malware variants, regardless of any changes made to their signature.
Detection with TDR
WatchGuard’s newest security service, Threat Detection and Response, leverages multiple forms of detection through the WatchGuard HostSensor to find advanced malware threats.
Signatures – As mentioned before, signatures are a critical line of defence in the fight against malware. You always want to have an arsenal of collected known threats. WatchGuard Threat Detection and Response leverages enterprise-grade threat intelligence feeds to confirm if a suspicious event on the endpoint is in fact a known threat.
Heuristics – Rather than relying on signatures, TDR uses rules or algorithms to look for commands that could indicate malicious intent. This method of detection can quickly flag a threat without the need for it to execute. TDR leverages over 175 heuristics through the WatchGuard Host Sensor.
Behavioural Analysis – Since malware threats tend to follow certain behaviours, tracking these steps can provide robust detection for unseen malware variants. Our Host Ransomware Prevention module tracks behaviours traditionally associated with ransomware attacks to actually prevent these attacks before file encryption takes place.
Network Detection – The network is an important source of information of attacks and performance usage. Visibility into unusual or blocked traffic patterns, visits to malicious or risky websites, as well as detecting botnets and other threats is critical in protecting your organisation. TDR leverages WatchGuard’s industry-leading advanced network security solutions to collect and detect threats on the network.
The Power of Correlation
Collecting data from a variety sources is just smart security. But if those sources are operating completely separate of each other, it doesn’t provide a comprehensive view of your organisation. Correlation takes the mounds of information that these security solutions produces, connects the dots, and actually makes sense of it all. Decrease the time needed to detect and remediate threats by analysing data from multiple security sources so IT administrators can clearly see which threats are the most severe and need their immediate attention.
Getting the Full Picture with ThreatSync
Looking at security through the lens of correlation is really the only way to get a full picture of your organisation’s security. ThreatSync,WatchGuard’s cloud-based correlation and threat scoring engine, provides actionable insight into the threats attacking both the network and the endpoints.
ThreatSync collects, correlates and analyses even data from the WatchGuard Firebox, WatchGuard Host Sensor and threat intelligence feeds. Through our proprietary algorithms, ThreatSync assigns a comprehensive threat score, grouping similar threats into incidents that require a response.
ThreatSync not only provides visibility into event staking place on both the network and the end point, but by providing a comprehensive threat score and rank, security teams know which threats are the most critical and require immediate attention. Threat prioritisation enables organisations to decrease time to detection and remediation, as well as decrease the number of dedicated resources required to remove threats.
Automating Response with TDR
For SMBs with constrained and limited resources or distributed enterprises that lack technical staff at each branch location, it can be difficult to take action on each and every threat that needs attention. Automation can be key in quickly and effectively detecting and remediating threats. Automating response enables organisations to free up constrained resources to focus on other areas of security. It also improves time to remediation which can decrease infection dwell time and get the organisation back on track.
WatchGuard TDR enables users to easily set up policies to enable automation based on organisational needs. Through threat scoring and prioritisation provided by ThreatSync, users can set up policies to initiate remediation based on a threat score or range including kill process, quarantine file and delete registry key value. For example, organisations at low risk of attack may only choose to automate response for high ranking threats scored at 8 or above. However, should they find themselves at a higher risk of attack they could choose to automatically remediate threats scored at a 6 or above.
Previous Article

Why Sophos joined the Cyber Threat Alliance

Next Article

Fortinet A Premier Sponsor of AT&T’s Inaugural ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • SonicWall Equifax
    News

    SonicWall – Equifax Data Breach: What Can We Learn?

    09/10/2017
    By admin
  • FortinetNews

    Fortinet’s NP7 is Key to Secure the Hyperscalability Mandatory in 5G

    24/02/2020
    By admin
  • BarracudaNews

    Barracuda Web Application Firewall Named a Strong Performer by Independent Research Firm

    26/02/2020
    By admin
  • MerakiNews

    THE KEY FOR IOT

    12/12/2019
    By admin
  • SonicWall Logo
    News

    SonicWall Announces Spin Out from Dell Software Group – Focused on Solving Next Generation of Cybersecurity Threats Facing Companies

    01/11/2016
    By admin
  • News

    Speed And Connectivity: The Fundamental Elements In The Science Of Cybersecurity

    04/09/2019
    By admin

  • WatchGuard logo
    News

    WatchGuard Firebox Cloud on AWS

  • SonicWall Logo
    News

    SonicWall – Connecting and Protecting the Remote Islands of Corporate IT – BYOD and Mobility

  • Sophos Logo
    Software UpdatesSophos

    Sophos – Mac 2.2.4 September 19, 2019

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home