Sophos Ideas

Do you have an idea for a Sophos product? Do you recognize a good idea when you see one? We want to hear from you!

Richard

My feedback

  1. 13 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Endpoint Protection » General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Richard commented  · 

    Great idea, though that is assuming all badness comes from outside the network. An insider threat, or an external attacker with a foothold inside the network could launch attacks internally to move laterally and infect/attack additional hosts. In that case, those malicious packets may not traverse through the perimeter XG firewall. If Endpoint IPS is disabled due to being behind an XG, there is a risk of false negatives.
    If Sophos could implement something whereby packets are marked as being checked by the XG IPS (some kind of flag perhaps?) that may help, but a bad guy with scapy could easily craft a packet with the marker set and bypass the endpoint IPS.

  2. 20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Endpoint Protection » General Endpoint  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  3. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Endpoint Protection » Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  4. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Endpoint Protection » Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  5. 11 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Under Review  ·  0 comments  ·  Endpoint Protection » Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  6. 20 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Endpoint Protection » Malware prevention  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  7. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection » Incident investigation  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  8. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Endpoint Protection » New idea  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  9. 6 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  3 comments  ·  Endpoint Protection » New idea  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  10. 2 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Richard supported this idea  · 
  11. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Endpoint Protection » APT/zero day detection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  12. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Richard shared this idea  · 
  13. 35 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Richard commented  · 

    With the recent multi-part Dridex campaigns that have been active recently, where an office file (either word doc or excel spreadsheet) or a PDF file arrives via email and this then tries to download the secondary malware payload, I believe this should be implemented. The 2nd stage .exe download can easily be defended against by blocking executables at the web filter, however the 1st stage malware is very difficult to block. It's not feasible to block all .doc or .xls files as this will hinder legitimate email use, however blocking all .doc or .xls files that contains macros will be more useful and will protect against this attack.

    Richard supported this idea  · 
  14. 3 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  SG UTM » Web Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard shared this idea  · 
  15. 34 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  SG UTM » Mail Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  16. 1 vote
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard shared this idea  · 
  17. 47 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  SG UTM » UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 
  18. 22 votes
    Sign in Sign in with Log in with your Sophos ID
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  SG UTM » UTM Endpoint Protection  ·  Flag idea as inappropriate…  ·  Admin →
    Richard supported this idea  · 

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.