What action should be taken if Sophos detects unresolved connections?

When Sophos detects unresolved connections, it is imperative to block the connection and address the root cause. This action helps prevent any potential threats from escalating further, as unresolved connections can indicate ongoing suspicious activity or attempts to communicate with malicious servers. By blocking the connection, you create an immediate barrier that stops the threat in its tracks, allowing time for an investigation to determine what caused the unresolved connection.

Addressing the root cause is essential for ensuring that the problem does not recur in the future. This could involve analyzing logs, assessing the environment for vulnerabilities, and applying necessary patches or updates. Ignoring the connection or allowing it to continue could result in further compromise of the system or network, putting data and resources at risk.

Taking proactive measures like blocking the connection also aligns with best practices in cybersecurity, which emphasize containment and rectification to mitigate threats effectively.