Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 921 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Red HeartBeat and configuring in the XG as opposed to Sophos Central Endpoint

TimAlbertson

If we want to block endpoints with RED status, it seems that it's easier to achieve at the Endpoint policy -> Device Isolation INSTEAD OF editing XG firewall rules and setting them to block access if the source hearbeat (HB) is RED.

It works very well in Sophos Cloud Endpoint.

 

Is it going away in the XG or does that setting in the XG achieve a different end? I'm going post in XG community forum as well. But thought it would be ok to inquire in this forum.



This thread was automatically locked due to age.
Parents
  • 0

    Self Isolation is a Feature to block the Client on itself.

    It relies on a "Healthy" Client. This feature will work, if one service is down and the client tries to communicate. 

    If the client is compromised, you should not fully rely on this client and all of his functions, instead both approach are the best way (plus Lateral Movement Prevention). 

    RED Heartbeat could be caused by many different status updates (like service missing, or malware detected). 

     

     

Reply
  • 0

    Self Isolation is a Feature to block the Client on itself.

    It relies on a "Healthy" Client. This feature will work, if one service is down and the client tries to communicate. 

    If the client is compromised, you should not fully rely on this client and all of his functions, instead both approach are the best way (plus Lateral Movement Prevention). 

    RED Heartbeat could be caused by many different status updates (like service missing, or malware detected). 

     

     

Children
No Data