As another example, “deny” rules against Simple Mail Transport Protocol (SMTP) on workstations make it more difficult for cybercriminals to use a compromised endpoint as a SPAM bot to blast out more email phishing attacks with Trojan attachments.

By using a combination of outbound firewall rules, network segmentation, and a SIEM to capture log information and alert suspicious activity, the Trojan’s attempts to infect and communicate internally and externally will either be discovered or prevented.

For MSPs and IT providers, developing a standard segmented network architecture and egress firewall rule package for your customers is worth the time and effort. In many cases, the ability to segment the network and write egress firewall rules can be done with the existing infrastructure.  When combined with a SIEM to monitor and alert against an endpoint trying to break a firewall rule, the MSP or IT provider can quickly identify the culprit and respond accordingly.

Leave a Reply

Your email address will not be published. Required fields are marked *