Hello all, hope you are well.
One of our customers has asked to explicitly block traffic to and from 30 IP Addresses that relate to the malware BlackEnergy3. I am hoping that the built in ATP and IDS features of there Sophos UTM already protects the customer with what is downloaded in the regular pattern downloads. I think to create 30 IP network definitions and then to create a DENY rule with them in is a little bit messy and high maintenance.
I would appreciate other peoples views on this method of protection.
I would also like to know if there is a way I can find out what vulnerabilities the Sophos UTM protects against and what pattern number it was included from. Is there some sort of database that can be queries.
Thanks in advance.
Dave
This thread was automatically locked due to age.
