Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 704 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Security Heartbeat, Client isolated, Lateral movement in one subnet

Dr Brezner

Hello Community,


I am looking for a technical description of Security Heartbeat, more precisely: How far is the client isolated in the subnet?

If I have an environment with only one subnet where clients and servers reside (all with Sophos Central AV), with XG Firewall: Can the XG isolate a client and prevent communication to another client/server on the same subnet?

No, the XG only prevents communication to the WAN or other Subnets. The client can still reach all other clients/servers on the same subnet. To prevent this the client must isolate itself and "Lateral Movement" (Central: Reject Networkconnections) must be active. Do I see this correctly?

The smartest solution would be a network segmentation where the XG controls the communication, security heartbeat dependent, between the networks.

Thanks for a few thoughts

Best

Matthias



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    "Lateral Movement Protection extends Security Heartbeat auto-isolation feature by also informing all healthy endpoints to further isolate a compromised device at the endpoint. This has the added benefit of working on the same network segment also known as a broadcast domain or subnet where endpoint computers are typically connected together through a switch. Lateral Movement Protection can dramatically reduce the exposure to threats spreading within the network."

    Please check out the following document for more info: FAQ on Synchronized Security features in SFOS version 17.5.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    "Lateral Movement Protection extends Security Heartbeat auto-isolation feature by also informing all healthy endpoints to further isolate a compromised device at the endpoint. This has the added benefit of working on the same network segment also known as a broadcast domain or subnet where endpoint computers are typically connected together through a switch. Lateral Movement Protection can dramatically reduce the exposure to threats spreading within the network."

    Please check out the following document for more info: FAQ on Synchronized Security features in SFOS version 17.5.

    Thanks,

Children
No Data
Cookie Information Banner