Clients who are under a fully managed Agreement benefit from a number of network security protections just by having our standard Endpoint Security and Firewall technologies deployed. In addition, we have numerous enhancements we can deploy to complement our standard security protections. See below for an exhaustive list of how Fluid Networks protects your computers, servers and networks when you sign up for a fully managed network environment with us.
PC and Server Endpoint Protection
Fluid Networks uses the Sophos Endpoint Security ecosystem for a holistic approach to desktop and server security. Our standard Endpoint software is Sophos Intercept X Advanced which includes the following protections on Windows, MAC and Server operating systems:
- Today’s ransomware attacks often combine multiple advanced techniques with real-time hacking. To minimize your risk of falling victim you need advanced protection that monitors and secures the whole attack chain. Sophos Intercept X gives you advanced protection technologies that disrupt the whole attack chain including deep learning that predictively prevents attacks and CryptoGuard which rolls back the unauthorized encryption of files in seconds.
- By integrating deep learning, an advanced form of machine learning, Intercept X is changing endpoint security from a reactive to a predictive approach to protect against both known and never-seen-before threats. While many products claim to use machine learning, not all machine learning is created equally. Deep learning has consistently outperformed other machine learning models for malware detection.
- Exploit prevention stops the techniques used in file-less, malware-less, and exploit-based attacks. While there are millions of pieces of malware in existence, and thousands of software vulnerabilities waiting to be exploited, there are only handful of exploit techniques attackers rely on as part of the attack chain – and by taking away the key tools hackers love to use, Intercept X stops zero-day attacks before they can get started.
- Intercept X utilizes a range of techniques, including credential theft prevention, code cave utilization detection, and APC protection that attackers use to gain a presence and remain undetected on victim networks. As attackers have increasingly focused on techniques beyond malware in order to move around systems and networks as a legitimate user, Intercept X detects and prevents this behavior in order to prevent attackers from completing their mission.
Additional Sophos services can be added to your endpoint and cloud protection for additional monthly cost in the following ways:
- Sophos Intercept X Advanced with XDR integrates powerful endpoint detection and response (EDR) with the industry’s top-rated endpoint protection. Built for both IT security operations and threat hunting, Intercept X detects and investigates suspicious activity with AI-driven analysis. Unlike other EDR tools, it adds expertise, not headcount by replicating the skills of hard-to-find analysts.
- Sophos Managed Detection and Response (MDR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Sophos MDR fuses machine learning technology and expert analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. Unlike other services, the Sophos MDR team goes beyond simply notifying you of attacks or suspicious behaviors, and takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats.
- This is like hiring your own Virtual Security Operations Center team.
- Sophos MDR can integrate with popular third party firewalls, security software, appliances and Cloud environments to pull in security logs and perform event correlation across all integrated platforms to proactively look for security events which might not be detected as an issue on their own or in a standard logging system.
- Increase efficiency by monitoring posture across AWS, Azure, GCP, Kubernetes, Infrastructure as Code, and Docker Hub environments in a single console.
- See it all: Asset inventories, network visualizations, cloud spend, and configuration risk.
- Automate compliance assessments and save weeks of effort with audit-ready reports.
- Reduce risk without losing DevOps speed with Infrastructure as Code and container image security.
- Prioritize resources with risk-assessed and color-coded alerts.
- Provide detailed alerts and guided remediation to help your teams build their cloud security skills.
- Get performance and uptime with lightweight Linux and Windows host protection via agent or API for Linux.
- Protect it all: Cloud, data center, host, container, Windows, and Linux.
- Identify sophisticated Linux security incidents at runtime without deploying a kernel module.
- Secure your Windows hosts and remote workers against ransomware, exploits, and never-before-seen threats.
- Manage applications, lock down configurations, and monitor changes to your critical Windows system files.
- Utilize XDR to streamline threat investigations and response and prioritize and connect events.
Documentation and Change Detection
Fluid networks strives to maintain dynamic documentation of most critical systems and services which automatically update as conditions and configurations change in your environment. This ensures that important information about your systems is not left out when changes occur in the environment. It also tracks the most impactful changes made over time so our technicians can go back after the fact to see when a change occurred which might be impacting system uptime, availability or security.
All AISP Fully Managed accounts are also using our Dynamic Documentation and Change detection system which tracks information over time on:
- Sophos XG Firewall basic configurations and security policies.
- Sophos Central Endpoint Security status on PC’s, Mac’s and Servers
- Office 365 license usage, users, groups, etc.
- Unifi Network information
- Windows Active Directory configuration, administrator accounts, etc.
- Internet Domain Tracking
- Duo Account status
- Cloud Services accounts, status and licensing
- Secure password management
- Versioning on all assets
- Enterprise Grade Security
- Asset Tracking
- Knowledge Base and SOP management
- Access Control
- Workflows
- Integration with automated documentation systems
- Ability to extend features to client IT personnel
Network Security
Managed customers with a Sophos XG/XGS Firewall with Xtreme Protection deployed have the following protections enabled by default:
The Xstream Deep-Packet Inspection (DPI) engine provides high-performance traffic scanning for IPS, AV, Web Protection, and App Control in a single streaming engine.
- TLS 1.3 inspection
- Next-Gen Intrusion Prevention (IPS)
- Zero-day threat protection
- Proxy-based dual-engine AV scanning
- Perimeter defenses
- Country-based blocking policy (as needed)
Xstream TLS Inspection 1.3 with industry-leading performance, visibility, policy tools, and built-in intelligence removes an enormous blind spot in your protection.
- TLS 1.3 without downgrading
- Intelligent traffic selection
- Pre-packaged exception list
- Powerful policy engine
- Covers all ports/protocols
- Supports all modern cypher suites
- Unmatched visibility and error handing
Sophos' Web Protection engine is backed by SophosLabs and includes innovative technologies required to identify and block the latest web threats.
- Advanced Web Protection
- Pharming protection
- HTTPS scanning
- Potentially unwanted app control
- SophosLabs
Sophos Firewall delivers advanced threat protection to instantly identify bots and other advanced threats while defending your network from today’s sophisticated attacks.
- Security Heartbeat
- Multi-layered, call-home protection
- Intelligent firewall policies
- Traffic light style indicators
Complete visibility and control over all applications on your network with deep-packet scanning technology. Synchronized App Control that can identify all the applications that are currently going unidentified on your network.
- Visibility and control over thousands of applications
- CASB cloud app visibility
- Synchronized App Control
- User-based application policies
- Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications
Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping.
- Enterprise Secure Web Gateway (SWG) policy model
- Template-driven activity control with predefined workplace and compliance policies
- Education and SafeSearch features
- Comprehensive traffic enforcement
- Traffic shaping (QoS)
Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access.
- Next-generation Intrusion Protection Services
- Web Application Firewall (if enabled for access to internal web servers)
- Granular, user-based protection (if enabled with Synchronized Security)
Our revolutionary Security Heartbeat links your Sophos managed endpoint with your firewall to share health and other valuable information enabling an automated and coordinated response to isolate threats and prevent lateral movement.
User identity-based policies and unique user risk analysis give you the knowledge and power to regain control of your users before they become a serious threat to your network.
- User identity powers all firewall policies and reporting
- User Threat Quotient (UTQ) identifies the top risk users on your network
- Synchronized User ID
- Flexible authentication options including directory services
- Two-factor Authentication (2FA) one-time password support for Access to key system areas
The following protections are available to add at additional cost per month:
Sophos Firewall leverages Sophos' industry-leading machine learning technology, powered by SophosLabs Intelix, to instantly identify the latest ransomware and unknown threats before they get on your network
- SophosLabs data scientists
- Multiple machine learning models
- Static file analysis
- Dynamic file analysis
Sophos Zero-day dynamic file analysis uses next-gen cloud-sandbox technology powered by deep learning and the best technology from Intercept X to protect your organization against zero day threats like the latest ransomware and targeted attacks coming in through phishing, spam, or web downloads.
- Dynamic sandboxing analysis
- Deep learning static file analysis
Flexible, user-based monitoring and control of keyword content and downloadable content, including file types via FTP, HTTP, or HTTPS.
- Web keyword monitoring
- File download filtering templates
- Policy-based outbound email DLP
- Web caching
You are done. Great job!