Ransomware continues to plague organizations, with over half of companies surveyed across 26 countries revealing that they were hit by ransomware in the last year.
Modern firewalls are highly effective at defending against ransomware attacks, but they need to be given the chance to do their job.
Our guide, Firewall Best Practices to Block Ransomware, explores how ransomware attacks work, how they can be stopped at the gateway and best practices for configuring your firewall to optimize your protection.
Eight firewall best practices to block ransomware
To maximize the effectiveness of your anti-ransomware defenses, we recommend you:
- Start with the best protection, including a modern high-performance next-gen firewall with IPS, TLS inspection, zero-day sandboxing, and machine learning ransomware protection.
- Lockdown RDP and other services with your firewall. Your firewall should be able to restrict access to VPN users and only allow sanctioned IP addresses.
- Reduce the surface area of attack as much as possible by thoroughly reviewing and revisiting all port-forwarding rules to eliminate any non-essential open ports. Where possible, use VPN to access resources on the internal network from outside rather than port-forwarding.
- Be sure to properly secure any open ports by applying suitable IPS protection to the rules governing that traffic.
- Enable TLS inspection with support for the latest TLS 1.3 standards on web traffic to ensure threats are not entering your network through encrypted traffic flows.
- Minimize the risk of lateral movement within the network by segmenting LANs into smaller, isolated zones or VLANs that are secured and connected together by the firewall. Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.
- Automatically isolate infected systems. When an infection hits, it’s important that your IT security solution be able to quickly identify compromised systems and automatically isolate them until they can be cleaned up (such as with Sophos Synchronized Security).
- Use strong passwords and multi-factor authentication for your remote management and file-sharing tools so that they’re not easily compromised by brute-force hacking tools.
These best practices and more are covered in greater detail our new Firewall Best Practices to Block Ransomware whitepaper.