News
Delivering world-class security solutions is our top priority at Sophos. The true measure of our success is the satisfaction and feedback of the customers who rely on our products every day to protect their organizations. We are delighted that our user feedback led Sophos to be recognized as a Customers’ Choice vendor in the 2025 Gartner® Peer Insights™ Voice of the Customer Reports for Endpoint Protection Platforms and Extended Detection and Response. This makes Sophos the only vendor to be named a Customers’ Choice in both reports, highlighting the comprehensive, robust protection of the Sophos platform.
In the 2025 Voice of the Customer for Endpoint Protection Platforms, Sophos received a 4.8/5.0 rating based on 361 reviews, as of 31 Jan 2025. This marks the 4th consecutive time customers have recognized Sophos as a Customers’ Choice vendor in this market.
The 2025 Voice of the Customer for Extended Detection and Response is this category’s inaugural report. Sophos is the highest-rated vendor with a 4.8/5.0 rating and has the most reviews in the report (257 reviews, as of 31 Jan 2025). Additionally, Sophos has the highest rating in all four categories covering specific aspects of the experience with the vendor – customers rated Sophos a 4.9/5.0 in Product Capabilities, Sales Experience, and Deployment Experience, and a 4.8/5.0 in Support Experience (based on 257 reviews as of 31 Jan 2025).
Customer reviews
Here are some examples of what customers had to say about Sophos Endpoint and XDR:
Sophos Endpoint offers robust protection with advanced threat detection leveraging AI and deep learning to identify and block malware, ransomware and other attacks.
- IT SAP Consultant in the Manufacturing industry, $50M-250M
- Review link
[Sophos Endpoint] is very mature and offers great protection against light and heavy security attacks on our infrastructure.
- IT Specialist in the Healthcare and Biotech industry, $500-1B
- Review link
[Sophos Endpoint] merges technologies such as deep learning, AI, and endpoint detection & response to provide a holistic endpoint security software.
- IT Associate in the Education industry, <5000 employees
- Review link
Sophos XDR is a next-generation endpoint protection software that uses a combination of advanced techniques to defend against a wide variety of cyber threats.
- IT Manager in the Retail industry, $500M-1B
- Review link
Sophos XDR makes detecting and responding to threats easy. It is AI-equipped and is fast and accurate and we no longer have to worry about endpoint threats.
- Structural Engineer in the Construction industry, $250M-500M
- Review link
The [Sophos XDR] platform employs cutting-edge machine learning models to identify and block even zero-day threats and advanced persistent threats that traditional signature-based systems might miss.
- IT Associate in the Retail industry, $50M-250M
- Review link
From fast detection to investigating threats and offering amazing threat response, Sophos XDR has it all. Its reliability has kept cyber threats at bay.
- IT Manager in the IT Services industry, $250M-500M
- Review link
Sophos XDR is an excellent product. This is not just an analytical tool that is helping us with enhancing our detection and response capabilities as a team but also helping us with day-to-day IT operations.
- Customer Service & Support Associate in the IT Services industry, $250M-500M
- Review link
Πηγή: Sophos
One of the most fundamental — and often overlooked — processes of a strong security posture is vulnerability management (VM). VM is much more than just running a vulnerability scan; it’s at the core of all the layers that make up solid cybersecurity.
Whether your organization has a simple infrastructure or consists of thousands of globally distributed endpoints, VM is essential. With networks becoming increasingly complex and dynamic, it’s critical to assess and remediate vulnerabilities on a regular basis.
What Is Enterprise-Grade VM?
Basic vulnerability scanners may identify threats, but they often lack the intelligence to help you act on them. The best VM solutions regularly identify, evaluate, report, and prioritize vulnerabilities in network systems and software in dynamic environments.
No matter how simple or sophisticated your IT environment is, having a centralized view of vulnerabilities across your entire network is vital. An enterprise VM system will have the flexibility to handle on-premises, cloud, or hybrid assets, and provide not just data, but context as well, so your team can focus on what truly matters.
Enterprise-grade VM programs include:
- Scanning local systems as well as the entire global network
- Segmenting reports into different locations, specific IT teams, and departments
- Correlating vulnerability data on dynamic assets
- Seamlessly integrating with other enterprise IT and security tools
- Creating efficiencies by being simple to deploy, learn, and maintain
Why Risk-Based VM Is Necessary
All IT environments have vulnerabilities, but not all of them pose equal risk. When it comes to VM, you need a solution that not only tells you whether a security alert actually represents a threat or not, but also helps you understand the level of risk to your unique network.
A risk-based solution will help you use the three pillars of information security: confidentiality, integrity, and availability (the CIA Triad). Risk-based VM evaluates vulnerabilities using real-world threat intelligence and takes into account how exploitable a vulnerability is.
Pro Tip: Look for a solution that combines this intelligence with real-world threat activity and industry-standard severity scores to rank vulnerabilities.
Other Functionality to Consider
Understanding the need for an enterprise-grade, risk-based VM tool is the first step. But what should you look for when choosing the right platform?
Platform Interface
As IT departments face turnover and staff shortages, there’s no time to waste learning or trying to use a complicated, unintuitive tool. While scans can be automated, not all fixes can. Technicians still need to interact with your VM solution to address the vulnerabilities. That’s why a prebuilt, intuitive interface is important.
Historical Data
A good system will also deliver far more than just the current state of your network. For example, historical data isn’t available on many VM tools in the marketplace. Historical data shows which assets were vulnerable, for how long, and what was done to address them.
Automated and On-Demand Scanning
Best practice says VM scans should be run monthly at a minimum, or anytime there’s a change to the system. Sometimes it makes sense to automate. Other times, you need on-demand scanning to validate issues that have been addressed or demonstrate how long vulnerabilities were on the system, track KPIs, and more.
Accuracy and Asset Correlation
Scan results need to be accurate and actionable. Enterprise VM solutions can distill results, reducing false positives that could otherwise waste your team’s time. Enterprise VM systems ensure accurate asset tracking, even when IP addresses or configurations change. Look for built-in asset correlation that ensures consistent visibility.
Data Management
Your VM solution should let you query against all scanned assets, see which devices haven’t been scanned in a certain period, devices where fix attempts have been made, and more. While some systems require you to compile data from various reports and figure out how to create a spreadsheet or other report to pull all the data together, enterprise-grade VM will let you tag and label devices as well as reports so you can search and sort to deliver exactly the results you need.
API
VM systems that support API integration can become a seamless part of your broader security stack. VM data can help enrich SIEM, SOAR, NAC and more. Integration with ticketing would allow a manager to apply a filter to return vulnerabilities that meet certain criteria and auto-assign a certain tech to fix them then follow up with automated validation activities.
Source: Fortra
As language learning models (LLMs) continue to advance, so do the security threats and risks that accompany them. With the plethora of news and information out there regarding generative AI, Fortra has conducted in-depth threat analysis to cut through the noise and identify the most pressing AI threats to watch out for as 2025 rolls along. Although it’s imperative to remain vigilant in the face of the ever-evolving threat landscape and all the other possible risks it may expose us to, these are the threats that stand out as the most pressing for both defenders and users alike.
1. Prompt Injections
What is a prompt injection?
Prompt injections occur when an AI input command allows the user to manipulate the model’s behavior through bypassing the developer’s original instructions for that prompt. This threat is similar to input injections in traditional application security attacks. However, prompt injections are a consistent threat in generative AI because LLMs tend to process the input command as one single text and may not be able to separate or validate these inputs, unlike typical software inputs.
Why worry about prompt injections?
The threat of prompt injections can pose several risks to organizations, especially those who have integrated generative AI into their IT environments. There are a few risks:
- Data leakage. This is where a command can be injected to prompt the AI model to reveal sensitive information or to even leak sensitive data from a previous session that the current user may not be authorized to access.
- Trick the LLM into revealing API keys. Threat actors can then exploit to gain unauthorized access to cloud environments and other valuable digital assets, maliciously configure access controls such as turning off multi-factor authentication (MFA) to bypass IAM defenses and even carry out data breaches to compromise personally identifiable information (PII).
- Poisoning the language model to spread false information through commands that inject bogus data and even running malicious code that can increase exposure to malware infections.
2. Romance Scams and Deepfakes
What are romance scams?
Romance scams occur when a scammer develops an online romantic relationship with the victim to gain their trust and exploit them, often financially. Scammers typically hide under a false identity by setting up fake online profiles to lure in potential victims, especially through dating and social media sites, and ask for money from the victim upon gaining their trust.
Why worry about romance scams?
- GenAI. Romance scammers have begun weaving generative AI into their malicious tactics. For example, a common telltale sign of a romance scam is that the scammer relies on text messaging to communicate with the victim and avoids phone calls or meeting in person as their voice can reveal their true identity or location. However, AI-generated voices can now allow scammers to impersonate many different voices, including accents from various locations, ages, and genders.
- Deepfakes. Another example of how generative AI poses a threat in romance scams is using deepfakes to conduct video calls with the victim. As deepfakes continue to advance in quality, scammers can use this technique to make their fake online personas seem more realistic and further manipulate the victim as video calling can carry more emotional weight than regular text messaging.
3. Improved Spear Phishing
What is spear phishing?
Spear phishing, a form of phishing that is personalized towards its targeted victim, has gained a new lethal potency in targeting victims through the assistance of LLMs.
When Fortra’s 2025 Email Threat Intelligence Report revealed that a staggering 99% of email threats were social engineering attacks or contained phishing links, it is no surprise that attackers are amping up their email attacks by incorporating AI to strengthen their phishing attempts. Recent warnings and research about email AI attacks have revealed that AI crafted attacks are now beating traditional human attacks.
Why worry about spear phishing?
Threat actors can leverage AI to target the victim’s LinkedIn account to identify their workplace information and carry out business email compromise (BEC) attacks against them or even target their social media and other public profiles to gather as much information as possible to craft highly advanced and personalized spear phishing attacks. This poses a particular challenge to both organizations and users as spear phishing attempts can be difficult to identify due to their personalized nature which adds an element of realism to the lure. Additionally, unlike traditional human threat actors or cybersecurity red teams, these AI generated attacks can be conducted at a large and unlimited scale which further exasperates this threat.
4. Bypassing Linguistic Barriers
What are linguistic barriers in cybersecurity?
LLMs have unlocked improved translation capabilities as AI-generated translations continue to produce more natural-sounding texts that better capture slang and human conversational cues. Attackers can harness this capability to expand the geographical horizon of their targets.
Why worry about smarter translations?
Scams and other social engineering attacks that have proven to be successful in one language can now be effectively translated into other languages to reach victims from new locations around the world.
Not only does this allow threat actors to expand their geographic outreach and bypass linguistic barriers, but this can also increase the success rate of attacks because the newly targeted regions are often less familiar with these scams and users may lack the awareness needed to identify the signs of these attacks.
For example, financial scams that tend to attract a lot of victims in North America, such as payroll diversions, can be translated into other languages to target other continents that were not victimized by these threat actors before.
Fortra’s monthly BEC Global Insights Report revealed that the average amount requested in wire transfer attacks was a staggering $81,091 in April 2025, putting them at the forefront of one of the most effective financial scams to target victims. Organizations can expect to see such effective and widespread scam tactics translated into different languages, especially in never seen before languages and regions, as attackers continue to identify new tricks to maximize the efficacy and reach of their lures.
5. Shadow AI
What is shadow AI?
Shadow development, the use of software development practices that has not been approved by an organization, has historically been one of the most prominent end user risks when it comes to employee non-compliance with IT policies. However, we can now add Shadow AI to the list of end user risks that IT and cybersecurity professionals worry about. Shadow AI refers to the unsanctioned or unauthorized use of AI tools and resources.
Why worry about shadow AI?
When almost 60% of employees have entered high-risk information into generative AI technologies, the threat of shadow AI is rampantly on the rise. This can expose organizations to the risk of data leakage because LLMs can be trained on user input, which can then be included in the output of newer AI model versions.
For example, an employee can accidentally leak sensitive personally identifiable information (PII) or an organization’s proprietary software code if it were unintentionally included as input in their AI prompts. This privacy breach can expose organizations to the risk of various damages such as regulatory fines, reputational damages, legal breaches of NDAs, and other consequences.
Conclusion
Artificial Intelligence, like any other innovative tool or technology, can be used to accomplish both the bad and the good depending on who is wielding it. Attackers will always find a way to exploit these tools. Although it can seem overwhelming to defend against such an easily scalable tool such as AI, Fortra can help you fight fire with fire by offering various machine learning-based solutions that keep pace with the threat landscape and integrate AI to fortify your threat detection capabilities.
Source: Fortra
Keeper’s Enterprise Password Manager is the only solution that uses Elliptic Curve Cryptography (ECC) in its encryption, making it the most secure password management solution available.
ECC is a public-key cryptography method based on the mathematics of elliptic curves. First proposed in 1985, it recently rose to prominence with modern cryptography as it provides a higher level of security compared to traditional encryption methods, such as RSA.
Considered by the InfoSec community to be the most secure level of encryption for information security, ECC provides many advantages including:
- Best-in-Class Security: The difficulty of solving elliptic curves provides an added level of protection against complex cyber attacks such as quantum computing.
- Efficiency: ECC uses smaller key sizes compared to other encryption algorithms, such as RSA. This makes it more efficient in terms of computation and storage requirements as it uses limited resources.
- Fast Computation: ECC is faster than other encryption algorithms, making it an ideal choice for applications that require fast encryption and decryption.
Keeper’s encryption model documentation compares the strength of 256-bit elliptic curves against vaults encrypted with password-derived keys.
No Master Password Needed
The deployment of Keeper through a Single Sign-On (SSO) identity provider eliminates the need for a master password. Instead, Keeper uses ECC to encrypt and decrypt data, allowing for a seamless login experience with SSO and passwordless technology.
A local ECC-256 (secp256r1) private key is used to decrypt the Data Key at the device level, which unwraps the individual folder keys and record keys for the latter to decrypt each of the stored record contents.
The Encrypted Data Key is then transmitted between the devices through a push system or key exchange service called Device Approval, which is managed by the admin to preserve zero knowledge.
Without a master password to prey on, the threat of brute force attacks against stored data is eliminated.
Keeper Complements SSO to Cover Any Security Gaps
SSO’s ease-of-use and ease-of-access have made it a preferred solution to remedy password-related issues, but it still presents serious security gaps as a single point of failure.
For instance, users automatically get locked out of multiple sites and apps versus only one if they forget their password. Should a user’s account get hacked, cybercriminals would be able to gain access to all associated sites and apps, compromising the entire layer of security SSO was tasked with providing in the first place.
Even with SSO, privileged access users still need one secure location to safely store non-SSO passwords, SSH keys, API keys, etc. that – just like SSO assets – require role-based access, configurable control of policies and sharing capabilities.
Keeper integrates with all major SSO solutions and is a perfect complement for the legacy applications and other use cases that SSO doesn’t cover. IT Admins and IT Security professionals love using Keeper for its:
- Rapid Deployment: No upfront equipment or installation costs. Easy Active Directory and SSO integration.
- Ultimate Cybersecurity Protection: Zero-knowledge architecture means there is nothing to hack.
- Pervasive Employee Adoption: Intuitive UI, automated password generation and autofill makes the transition a breeze.
- Mitigate Password-Related Support: No more forgotten or lost passwords.
Request a demo of Keeper Enterprise Password Manager today to see how an elliptic curve level encryption can protect your organization’s passwords, credentials and secrets with zero-trust and zero-knowledge security.
Source: Keeper Security
Businesses of all sizes are increasingly reliant on productivity tools like Microsoft 365 — and attackers are using this to their advantage.
Business email compromise and account takeover attacks are prevalent, with adversaries accessing M365 environments using techniques that may evade detection by technology alone.
Organizations need 24/7 visibility and a fully staffed security operations center (SOC) to effectively defend against such attacks — which is a major challenge for many resource-constrained businesses.
Sophos MDR provides the people, processes, and technology to detect, investigate, and effectively respond to threats targeting Microsoft 365.
Our turnkey integrations and proprietary detection rules identified and thwarted almost 5,000 attacks on our customers’ Microsoft 365 environments last quarter alone.
We continually innovate and enhance Sophos MDR to extend and fortify your defenses. And now, the service is getting even stronger with the introduction of new response capabilities.
New analyst response actions for Microsoft 365
The ability to respond quickly to a cyber incident is crucial — the faster the attack can be detected, contained, and neutralized, the less damage the attacker can inflict.
This includes minimizing financial losses, reputational damage, and disruptions to business operations. A swift response can help prevent further data breaches and limit the exposure of sensitive information.
When an attack is detected in your Microsoft 365 environment, Sophos MDR analysts can now execute a range of response actions on your behalf — rapidly containing the threat and freeing up your team to focus on your business.
Microsoft 365 response actions now available
Block/enable user sign-in
Sophos MDR analysts can lock down a user’s account to prevent an adversary from accessing Microsoft 365 services and Azure resources using stolen credentials. Following clean-up, access to the user’s account can be restored in seconds.
Terminate current user sessions
By immediately revoking all currently active sessions for a specific user, Sophos MDR analysts can quickly eject an attacker who has already gained access to an account and remove their ability to reuse any stolen session tokens.
Disable suspicious inbox rules
Attackers routinely set up inbox rules in Microsoft 365 for business email compromise attacks in order to move, obfuscate, or delete emails that could otherwise alert the user. Sophos MDR analysts can disable specific inbox rules to regain control.
Easy setup and flexible response modes
The Sophos MDR service is customizable to meet your needs, with different service tiers and threat response modes. We can execute full-scale incident response on your behalf or collaborate with you to manage security incidents with detailed threat notifications and guidance.
The new response capabilities for Microsoft 365 are included with all Sophos MDR service tiers at no additional cost and enabled through a simple setup wizard in the Sophos Central cloud management console.
Choice of threat response modes
Sophos MDR lets you control how our team will interact with you when a cyber incident requires a response. Simply select your preferred threat response mode based on your organization’s needs and desires:
- “Authorize” mode: Our experts perform threat response on your behalf without your active involvement — and notify you of the actions taken. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will immediately execute those actions when needed to provide the most efficient response.
- “Collaborate” mode: Our experts conduct investigations, but do not perform response actions without your prior consent or active involvement. Once the new Microsoft 365 response actions integration is enabled, Sophos MDR analysts will execute those actions on your behalf — once consent has been obtained. You can also choose to allow Sophos MDR to operate in “Authorize” mode if we are unable to reach you for consent.
The most robust MDR service for Microsoft environments
Sophos MDR services protect over 30,000 organizations worldwide – more than any other MDR service provider. In Gartner’s 2024 Voice of the Customer Report for Managed Detection and Response Services, Sophos once again had the highest number of reviews among all vendors and scored a 4.9/5.0 rating based on customer reviews.
Many of these businesses have also invested in Microsoft tools, leveraging Sophos MDR to defend against sophisticated attacks that technology alone can’t stop.
Get greater ROI from your Microsoft investment today with Sophos MDR:
Microsoft Certified experts
Extend your team with Microsoft Certified Security Operations Analysts specializing in detecting and responding to cyberattacks using custom Microsoft response playbooks.
Microsoft-specific threat detections
Sophos uses proprietary threat detection rules and world-class intelligence to identify and stop threats that could bypass Microsoft security solutions. We can accurately identify suspicious inbox rules, unauthorized user access patterns, and more.
NEW Analyst response actions for Microsoft 365
Sophos MDR analysts can now execute a range of additional response actions on your behalf, enabling rapid containment of threats with no action required by you. Disable user sign-in, terminate active user sessions, and more.
Comprehensive support for Microsoft solutions
Included at no additional cost, our turnkey integrations support a broad range of Microsoft solutions. Data from Microsoft 365, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and more, is collected, analyzed, correlated, and prioritized.
To learn more about Sophos MDR and how it can strengthen your Microsoft defenses, visit our website or speak with a security expert.
Source: Sophos
As with every Sophos Firewall release, v21.5 includes several quality-of-life enhancements that make day-to-day management easier.
Watch this video for an overview of what’s new or read on for more details:
VPN enhancements
User interface and usability enhancements: Connection types have been renamed from “site-to-site” to “policy-based,” and tunnel interfaces have been renamed to “route-based” to make these more intuitive.
Improved IP lease pool validation: Across SSLVPN, IPsec, L2TP, and PPTP remote access VPN to eliminate potential IP conflicts.
Strict profile enforcement: On IPsec profiles that exclude default values to ensure a successful handshake, eliminating potential packet fragmentation and tunnels failing to establish properly.
Route-based VPN and SD-RED scalability: Route-based VPN capacity is doubled with support for up to 3,000 tunnels. Sophos Firewalls now support up to 1,000 site-to-site RED tunnels and up to 650 SD-RED devices.
Other management enhancements
DHCP prefix delegation relaxation: Now supports /48 to /64 prefixes, improving interoperability with ISPs.
Router advertisements (RA) and the DHCPv6 server: Now enabled by default.
Resizable table columns: A long-requested feature, many firewall status and configuration screens now support resizable column widths that are retained in browser memory for subsequent visits. Many screens such as SD-WAN, NAT, SSL, Hosts and services, and site-to-site VPN, all benefit from this new feature.
Extended free text search: SD-WAN routes now enable searching by route name, ID, objects, and object values like IP addresses, domains, or other criteria. Local ACL rules also now support searching by object name and value, including content-based search.
Default configuration: By popular demand, the default firewall rules and rule group previously created when setting up a new firewall have been removed, with only the default network rule and MTA rules provided during initial setup. The default firewall rule group and the default gateway probing for custom gateways are both set to “None” by default.
New font: The Sophos Firewall user interface now sports a new lighter, cleaner, sharper, font for added readability and improved performance.
Get the What’s New Guide
Check out the What’s New Guide for a full overview of all the new enhancements in v21.5.
Get started today
Start taking advantage of this great new capability in Sophos Firewall v21.5 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.
Πηγή: Sophos
When it comes to password managers, there are a few common misconceptions, such as them being too risky to trust, vendors being unable to handle outages, the risk of device-side attacks and them being considered a single point of failure. High-profile security incidents have brought into question the security of using password managers; however, cybersecurity experts, organizations and government agencies continue to recommend them as a best practice.
In this article, we’ll debunk four common misconceptions about using password managers and share best practices to help you get the most security out of your password management solution.
Misconception 1: Password managers are too risky to trust
A common concern about password managers is that they are too risky to trust, particularly after the LastPass data breach. While it’s understandable to have these concerns, it’s important to remember that not all password managers are the same. In fact, password managers still provide far stronger security than traditional methods, like writing passwords down or reusing the same password across multiple accounts.
Debunked
The misconception that password managers are too risky to trust is based on isolated security incidents. When choosing a password manager, it’s important to thoroughly research its security and reputation to ensure you’re selecting the most secure solution to protect your data.
The best password managers are zero-knowledge, meaning no one but the user has access to their stored data – not even the vendor. Additionally, choosing a zero-trust solution will prioritize security by assuming no user or device is trustworthy. This means continuous verification is needed before granting access to your stored passwords. For example, Keeper has a feature called device-level approval. With device-level approval, each new device attempting to access your Keeper Vault must be explicitly approved before gaining access. If you or someone else attempts to access your vault on a new device, that device must be approved by either the account owner, an existing trusted device or an administrator (in enterprise environments). Features like Two-Factor Authentication (2FA) and biometric authentication further protect your vault from being compromised.
Misconception 2: Password manager vendors can’t handle outages
The misconception that password manager vendors can’t handle outages likely stems from a recent 12-hour outage experienced by LastPass. This raised concerns about service availability and the idea that if a cloud-based password manager goes down, users might be locked out of their accounts. While it’s true that many password managers are cloud-based, the best ones have built-in features to handle outages and ensure that users can still access their passwords.
Debunked
Reputable password manager vendors offer offline access mode, which enables users to access their vaults on any device during an outage or when they do not have internet access. Offline access works by creating an encrypted copy of your vault on your local device. Your vault data is stored in an encrypted format, so the only way to access your local backup is by providing your master password or using biometric authentication. While offline access provides a solid fallback, choosing a vendor with high service reliability is also important to minimize the need for it in the first place. For example, Keeper maintains 99.99% uptime, which can be verified on our status page.
Misconception 3: Password managers increase the risk of device-side attacks
There is a misconception that password managers increase the risk of device-side attacks because some, like LastPass, run device-side components, which increases the attack surface. However, it’s important to understand that not all password managers function this way.
Debunked
The best and most secure password managers are zero-knowledge and do not run device-side components that sync and store data locally, such as cached credentials. For example, Keeper prevents device-side attacks by using a zero-knowledge architecture, in which all data is encrypted locally on your device before being uploaded to the cloud. This ensures that even if a cybercriminal gains access to your device, they can’t access your stored data because it’s stored in an encrypted format. Keeper doesn’t store unencrypted data locally or sync cached credentials. By not relying on device-side components that could be exploited, Keeper significantly reduces the attack surface and keeps your data safe at all times.
Misconception 4: Password managers alone aren’t enough
Some critics argue that even when passwords are stored in password managers, it’s still not enough to keep your accounts protected. While it’s true that strong passwords can still be compromised, they remain important for account security. This is why it’s important to use strong, unique passwords for each of your accounts, enable Multi-Factor Authentication (MFA) and switch to passkeys when given the option.
Debunked
We agree that passwords alone aren’t enough to protect your accounts, but this doesn’t mean using a password manager is insufficient to keep your accounts protected. Password managers like Keeper support phishing-resistant MFA and passkeys to further reduce reliance on passwords alone. While transitioning to passwordless authentication is ideal, password managers like Keeper still play a critical role in securely storing and managing credentials. They help ensure that even if passwords are compromised, they are used in combination with additional layers of security like MFA. Additionally, with passkey support, users can eliminate the risks of traditional password-based attacks altogether while still benefiting from the convenience and security of password management solutions.
Best practices for using password managers
To get the most security out of your password manager, it’s important to follow these best practices:
- Choose a password manager with strong encryption and a proven track record: Before choosing a password manager, research the kind of security and encryption the vendor uses to protect consumer data. Additionally, check whether the vendor has a proven track record of reliability and has not been hacked.
- Use a strong, unique master password and enable 2FA: When using a password manager, you’ll need to create a master password to protect your vault. Make sure your master password is strong and unique, and enable 2FA on your vault for an extra layer of security.
- Enable MFA whenever possible for accounts: While password managers help you create strong, unique passwords, it’s still important to enable MFA to further protect your accounts and prevent them from being compromised.
The bottom line
It’s completely understandable to be concerned about the security of your data. That’s why it’s important to research and choose the most reliable and secure password management solution. At Keeper, we prioritize transparency regarding our security model and the measures we take to secure our users’ data.
Curious why Keeper is the best and most secure password manager on the market? Start a free trial today.
Source: Keeper Security
Sophos is delighted to announce the launch of Sophos MSP Elevate, a new business-accelerating program for managed service providers (MSPs). With the new program, Sophos enables MSPs to expand their business with high-value, differentiated cybersecurity offerings that elevate their customers’ cyber defenses and rewards growth with additional investment to fuel further success.
With the increasing complexity and sophistication of today’s cyberattacks, organizations are increasingly turning to MSPs for 24/7, human-led monitoring and management of their cybersecurity environments. This has made Managed Detection and Response (MDR) a major focus for MSPs with 81% currently offering a MDR service, according to the Sophos MSP Perspectives 2024 report. MSP Elevate helps MSPs to differentiate themselves as a high-value provider to customers by delivering unique business-enhancing benefits, including an exclusive high-value Sophos MDR service offering.
Managing multiple cybersecurity platforms is a major overhead for MSPs and consumes valuable billable hours. MSPs estimate that consolidating on a single platform would slash their day-to-day management time by 48%*. MSP Elevate includes Network-in-a-Box bundles that enable MSPs to manage the full network stack through the unified Sophos Central platform, freeing-up staff for business generation activities. Furthermore, the single biggest perceived risk to MSP’s businesses is the shortage of in-house cybersecurity expertise*. Sophos’ network solutions respond automatically to threats across the customer environment, enabling MSPs to elevate their customers’ defenses without adding workload.
As Chris Bell, senior vice president of global channel, alliances and corporate development, Sophos, says:
“MSP Elevate is the first of many business-driving MSP programs following the powerhouse union of Sophos and Secureworks. As a channel-first organization that defends more than 250,000 customers of MSPs, we are constantly looking for opportunities to reward our partners and invest in their success when they grow their business with us. MSP Elevate fuels long-term growth for our partners by providing MSPs with exclusive solution access, discounts, rebates and training to deliver the best possible value to customers.”
Sophos MSP Elevate program benefits include:
- Exclusive Access to the Sophos MDR Bundle for MSP: Includes access to Sophos MDR Complete premium service tier with 24/7 incident response, 1 year data retention, Sophos Network Detection and Response (NDR), and all Sophos integration packs, enabling defenders to leverage all available telemetry from across the customer environment to accelerate threat detection and response.
- Simplified Sales Process: Speeds up time to deployment and reduces MSP overhead. With the new MDR Bundle for MSP, partners can quickly and easily allocate a single SKU to the customer for all their current and future MDR needs.
- Discounted Network-in-a-Box Hardware Bundle: Access to Sophos’ advanced network security solutions, including Sophos Firewall, Sophos Switch and Sophos Wireless Access Points at a significant discount. These products work together to automate threat response and are managed through Sophos Central.
- Growth-Based Rebates: As part of our commitment to grow with and invest in our partners, the program will recognize and reward MSPs that increase their Sophos MSP monthly billings.
- Architect-Level Training Courses: Equip MSPs to increase their in-house services delivery capabilities with trainings on Sophos Endpoint and Sophos Firewall.
- Invite-Only Access to Sophos Summits: Gain exclusive access to hands-on training and enablement, Ask the Experts sessions, attend exclusive Sophos events and meet with Sophos executive leadership to influence the Sophos roadmap and MSP strategy.
- Future benefits – Introduction of new program benefits to increase MSP’s profitability, customer defenses and overall value as a service provider.
MSP Elevate enables MSPs to quickly deploy a comprehensive MDR service that eliminates blind spots by leveraging all available telemetry from across the customers’ environment. This enhanced visibility accelerates threat detection and response while delivering improved return for customers on their existing technology investments. Furthermore, the service adapts seamlessly as the technology environment evolves over time, future-proofing customers’ defenses and providing both commercial and cybersecurity peace of mind.
MSP Elevate is a non-exclusive commitment to sell Sophos’ best-in-class cybersecurity solutions available on the Sophos Central platform, including Sophos MDR, Sophos Endpoint powered by Intercept X, and Sophos Firewall. To access the program benefits, MSPs need to commit to a minimum monthly spend for a 12-month period. As a pre-requisite to joining MSP Elevate, partners need to be part of the MSP Flex program, which enables MSPs to offer Sophos solutions on a monthly billing basis.
Feedback on the program from Sophos MSPs has been tremendous, with Craig Faiers, sales director, Arc, commenting:
“Joining MSP Elevate is a no-brainer. This new program adds further rocket fuel to the MSP growth trajectory we’ve enjoyed with Sophos over the last 17 years. Not all MDR offerings are the same, and I’m excited to be able to offer a superior service based around value and quality of outcomes that will elevate my customers’ defenses and differentiate my business in this increasingly crowded market.”
With 80% of MSPs offering MDR through a specialist vendor for delivery*, partners can choose to have Sophos fully deliver the MDR service or to use Sophos to augment in-house teams, including for the provision of out-of-hours coverage. This is particularly important considering 88% of ransomware attacks start outside of standard business hours, according to Sophos’ Active Adversary report.
Sophos MDR is the service most trusted by MSPs to secure their clients and currently defends more than 18,000 MSP-managed customer environments against advanced threats, including ransomware. This unmatched breadth of customer coverage delivers unparalleled insights into attacks on MSP-managed environments that are continually leveraged to update customers’ defenses in real-time, optimizing their protection from ever-evolving attacks.
To learn more about MSP Elevate, visit www.sophos.com/elevate. Sophos partners can sign up for the MSP Elevate Program on the Sophos Partner Portal at https://lp.sophos.com/msp-elevate.
Source: Sophos
Keeper Password Manager was rated as a leading enterprise, mid-market and small business password manager for Spring 2025 by users on G2, the world’s largest and most trusted software marketplace. Within the Spring 2025 report cycle, Keeper earned a G2 Milestone Badge, surpassing 1,000 reviews from a variety of customers, including Small Business, Mid-Market and Enterprise end users and admins alike. Keeper Security was also named a leader in password management globally, with distinctions in the Americas, Canada, Europe, Middle East and Africa (EMEA) regions, and named grid leader, high performer and momentum leader across nine cybersecurity categories, earning a total of 59 badges.
Keeper has been recognized as a leader in multiple cybersecurity categories on G2, including Password Managers, Passwordless Authentication, Single Sign-On (SSO), Dark Web Monitoring, Secrets Management Tools, Encryption, Multi-Factor Authentication (MFA) and Data Security software. These distinctions are based on positive reviews from verified users, highlighting Keeper’s excellence compared to similar solutions.
The recognition is based on the responses of real users for each of the related questions featured in the G2 review form. Within the Password Managers category, 96% of users rated Keeper 4 or 5 stars, achieving an average rating of 4.6 out of 5. 91% of users believe it is headed in the right direction, and users said they would be likely to recommend Keeper Password Manager at a rate of 92%. Keeper’s intuitive user interface also received increased ratings, with 95% of users stating the solution meets requirements, along with a 92% satisfaction rating in regards to ease of use.
Password manager capabilities
To qualify as a solution in the Password Managers Software category, Keeper met the following capabilities with industry-leading features:
- Store and save passwords for websites — The Keeper Vault provides users with a secure repository to store passwords, passkeys, logins and other personal information with full end-to-end encryption.
- Automate the filling of password forms and logins — KeeperFill® autofills your login credentials so you don’t have to toggle back and forth between tabs or apps to retrieve passwords.
- Provide tools for securely sharing credentials — Keeper enables secure, vault-to-vault sharing, as well as one-time sharing with anybody (including non-Keeper users), allowing teams and organizations to securely collaborate on shared accounts. Keeper also offers enhanced password security features such as Time-Limited Access and Self-Destructing Records.
- Integrate with browsers or function atop applications — Keeper can be accessed via a browser extension on every major browser, a desktop app that enables autofilling credentials into native apps and on iOS and Android devices.
- Allow users to create, change or randomize passwords — Keeper makes it simple for users to identify and change weak passwords, create new strong passwords and generate unique passwords for accounts. Keeper also supports passkey and passphrase across all devices.
Strengthening cybersecurity beyond password management
In addition to earning leadership distinctions in the Password Managers and Multi-Factor Authentication (MFA) categories, Keeper was also named a Momentum Leader in the Encryption category, a Leader in Data Security, a High-Performer and Leader in Single Sign-On, as well as a Leader in Secrets Management Tools.
Keeper received the highest User Satisfaction score among products in Secrets Management Tools. 97% of users believe it is headed in the right direction, and users said they would be likely to recommend Keeper Secrets Manager at a rate of 93%. Keeper is also included in the Data Security, Web Security, Passwordless Authentication, Dark Web Monitoring, Multi-Factor Authentication (MFA) and Biometric Authentication categories on G2.
Secrets manager capabilities
To qualify as a solution in the Secrets Management Tools category, Keeper met the following capabilities with industry-leading features:
- Centrally manage keys and other secrets — Keeper Secrets Manager is a fully managed cloud-based, zero-knowledge platform for securing infrastructure secrets such as API keys, database passwords, access keys, certificates and any type of confidential data.
- Securely store secrets with encryption and tokenization — With Keeper’s zero-knowledge encryption, secrets can only be decrypted on the designated devices that you manage.
- Automate pushing secrets to applications and infrastructure — Keeper Secrets Manager seamlessly integrates with all popular CI/CD systems and SDKs for all major programming languages and supports any type of machine to protect your infrastructure.
- Create audit trail of secrets use and lifecycle — Keeper provides granular event reporting and alert capabilities with SIEM integration.
Why users prefer Keeper
Reviewers on G2 noted that Keeper meets their security requirements and indicated they are extremely satisfied with Keeper’s intuitive user interface. Product deployment, training, administration and end-user experience also stood out as compelling features.
Keeper leverages best-in-class security with a zero-trust and zero-knowledge security architecture to safeguard your information and mitigate the risk of a data breach. Keeper has the longest-standing SOC 2 attestation in the industry; is ISO 27001, 27017 and 27018 certified; GDPR compliant; CCPA compliant; HIPAA compliant; and FedRAMP and StateRAMP Authorized. Furthermore, Keeper recently achieved FIPS 140-3 validation for its cryptographic module, reinforcing its dedication to exceeding federal security standards for protecting sensitive government data. Keeper makes the adoption of cybersecurity best practices easy for administrators and end users alike.
Keeper’s support team is available globally 24×7. On-demand resources, including the Keeper101 tutorial videos, the Documentation Portal and regular Training Webinars, guide new administrators and end users through product onboarding and utilization.
Reviewers favored the ease of doing business with Keeper and the strong return on investment. Keeper earned the “Best Relationship” for Mid-Market badge in the Multi-Factor Authentication (MFA) category. In use by millions of end users and thousands of organizations around the globe, Keeper Password Manager supports all major platforms, devices and applications, seamlessly protecting any type of organization and in any industry, regardless of company size or technical expertise.
What customers are saying about Keeper
When asked, ‘What do you like best about Keeper Password Manager?’ an enterprise user stated:
«The user interface is very simple and user friendly which has helped drive user adoption. New features rolled out to the platform with no need for additional licensing. The recent addition of supporting MFA codes within the vault has been a huge benefit to us».
When asked, ‘What problems is Keeper Password Manager solving and how is that benefiting you?’ the enterprise user stated:
“Eliminating unsanctioned storage of company secrets, providing an audit trail on password utilization. Features such as Security Audit reports, helping the security team easily identify weak passwords, password reuse and password hygiene reports to better educate users. Secure file storage allowing the storage of certificates and keys within the vault.”
Learn more about what actual users have to say about Keeper, or leave your own review of Keeper Password Manager visiting this link!
Source: Keeper Security
Sophos Firewall v21.5 adds a top requested feature: Entra ID single sign-on (SSO) integration with Sophos Connect and the VPN portal.
SSO for Remote Access VPN
Adding single sign-on integration with Sophos Connect and the firewall VPN portal makes remote access VPN easier for end-users, enabling them to use their corporate network credentials with the Sophos Connect client and the firewall VPN portal when working remotely.
It provides cloud-native integration over the industry standard OAuth 2.0 and OpenID Connect protocols for a seamless experience. It fully supports Entra ID MFA to protect against identity theft and brute force hacks.
Demo Video
Watch this quick demo video for a look at how it works:
Helpful Documentation
Check out the online documentation for full details.
Get Started Today
Start taking advantage of this great new capability in Sophos Firewall v21.5 by participating in the Early Access Program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.
Source: Sophos
Sophos Firewall v21 offers an innovative industry first: Network Detection and Response (NDR) integrated with your firewall.
What is NDR?
Network Detection and Response (NDR) is a category of network security products designed to detect abnormal traffic behavior to help identify active adversaries operating on the network.
Skilled attackers are very effective at evading detection, but they ultimately need to move across or communicate out of the network to carry out an attack. NDR typically sits within the network, utilizing sensors that monitor and analyze network traffic to identify this kind of suspicious activity.
NDR products have been around for many years, and Sophos NDR has been part of our MDR/XDR portfolio of products since early 2023. However, with SFOS v21.5, we are integrating NDR with Sophos Firewall – an industry first – at no extra charge for Sophos Firewall customers with Xstream Protection.
Integrating NDR with a Next-Gen Firewall may seem like an obvious choice, but the challenge is doing it in a way that doesn’t impact the performance of the firewall since NDR traffic analysis requires significant processing power. As a result, we’ve taken the novel approach of deploying an NDR solution in the Sophos Cloud to offload the heavy lifting from the firewall.
Sophos NDR Essentials
Sophos Firewall v21.5 introduces our new NDR Essentials cloud-delivered Network Detection and Response platform. It utilizes the latest AI detections to help identify active adversaries and shares that information using the Sophos Firewall threat feeds API as part of Active Threat Response to keep you informed of any detections and their relative risks.
Watch this quick demo video for a look at how it works or read on for full details:
How it works
Sophos Firewall captures meta data from TLS-encrypted traffic and DNS queries and sends that information to NDR Essentials in the Sophos Cloud.
There, the data is analyzed using multiple AI engines. It can detect malicious encrypted payloads without performing TLS decryption as well as new and unusual domains generated through algorithms that are often a key indicator of compromise.
The meta data extraction is performed by a new lightweight engine implemented on the Xstream FastPath and, as a result, one caveat with this new capability is that it is only available on XGS Series hardware firewalls. Virtual, software, and cloud firewalls may get this NDR integration capability in the future, but not in v21.5.

NDR Essentials detections are scored on a range from 1 (low risk) to 10 (highest risk). You decide which risk score sets the threshold for an alert based on your particular environment. The recommended default is high-risk (9-10).
All detections that are scored greater than or equal to 6 are logged but only those meeting or exceeding your threshold trigger notifications and are shown as alerts on the new Control Center dashboard widget.
Detections scored less than 6 may be false positives and are not logged as a result. No NDR Essentials detections are blocked at this time, but this maybe an option in the future. All detections are fully accessible via the Active Threat Response report available both on-box and via Sophos Central Firewall Reporting.
How does NDR Essentials compare to Sophos NDR?
To put it simply, Sophos NDR Essentials is a “lite” version of Sophos NDR.
Sophos NDR is designed to sit deep inside the network so it can effectively monitor and detect suspicious activity and traffic flows heading both north-south (or inside-outside) as well as east-west flows that are traversing the LAN internally.
As you know, a firewall is designed to sit at the network gateway and inspect north-south traffic. Thus, NDR Essentials doesn’t have the same visibility at the network gateway as a full NDR solution sitting inside the network.
Our full Sophos NDR solution has five different AI detection engines. In this initial version of NDR Essentials, we’ve implemented the two engines that have the most relevance and impact at gateway traffic inspection: the Encrypted Payload Analysis engine, and the Domain Generation Algorithm engine. At this point, with its added engines, Sophos NDR provides deeper coverage and greater detection capabilities than NDR Essentials.
In summary, NDR Essentials provides an excellent additional layer of active threat detection to Sophos Firewall, and it does so at no extra charge and no performance impact. However, it is not a replacement for a full Sophos NDR implementation for any of our customers taking advantage of our XDR platform or MDR service.
If you want further detection insights and threat hunting capabilities, you are strongly encouraged to check out Sophos Extended Detection and Response (XDR) with the full implementation of Sophos NDR and the new NDR Investigation Console.
You may also wish to consider our full 24/7 Managed Detection and Response service. All of these products and services work better together with your Sophos Firewalls.
Get started today
Start taking advantage of this great new capability in Sophos Firewall v21.5 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.
Source: Sophos
We’re pleased to announce that the early access program (EAP) is now underway for the latest Sophos Firewall release. This update brings exciting industry-first enhancements and top-requested features, including…
Sophos NDR Essentials integration
Sophos Firewall customers with Xstream Protection now get Sophos NDR Essentials in the cloud, for no extra charge, significantly bolstering network protection:
Sophos NDR Essentials can detect active adversaries using encryption without using TLS decryption thanks to AI Convolutional Neural Network (CNN) analysis. Sophos NDR Essentials can also detect advanced domain generation algorithms that try to evade normal DNS and web filtering.
Sophos NDR Essentials delivers a new layer of protection, and since it’s cloud-hosted by Sophos, it doesn’t impact your firewall performance at all – further strengthening our industry leading performance and protection. Review the What’s New Guide for full details.
Entra ID (Azure AD) single sign-on for remote access VPN
One of your top requested features makes remote access VPN easier for end users, enabling them to use their corporate network credentials with the Sophos Connect client and the firewall VPN portal:
- Entra ID (Azure AD) single-sign on integration with Sophos Connect and the VPN portal is now included in SFOS v21.5
- It provides cloud-native integration over the industry standard OAuth 2.0 and OpenID Connect protocols for a seamless experience
- Supported with Sophos Connect client 2.4 (and later) on Microsoft Windows
Other VPN and scalability enhancements
- User interface and usability enhancements: Connection types have been renamed from “site-to-site” to “policy-based,” and tunnel interfaces have been renamed to “route-based” to make these more intuitive
- Improved IP lease pool validation: Across SSLVPN, IPsec, L2TP, and PPTP remote access VPN to eliminate potential IP conflicts
- Strict profile enforcement: On IPsec profiles that exclude default values to ensure a successful handshake, eliminating potential packet fragmentation and tunnels failing to establish properly
- Route-based VPN scalability: Route-based VPN capacity is doubled with support for up to 3,000 tunnels
- SD-RED scalability: Sophos Firewalls now support up to 1,000 site-to-site RED tunnels and up to 650 SD-RED devices.
Sophos DNS Protection
Last year, we launched our DNS Protection service and made it free for all Xstream Protection-licensed firewall customers. With this release, Sophos DNS Protection gets further integration with Sophos Firewall:
- New control center widget to indicate service status
- New troubleshooting insights via logging and notifications
- New guided tutorial on how to set up Sophos DNS Protection easily
Streamlined management and quality-of-life enhancements
As with every Sophos Firewall release, this version includes several quality-of-life enhancements that make day-to-day management easier:
- Resizable table columns: A long-requested feature, many firewall status and configuration screens now support resizable column widths that are retained in browser memory for subsequent visits. Many screens such as SD-WAN, NAT, SSL, Hosts and services, and site-to-site VPN, all benefit from this new feature.
- Extended free text search: SD-WAN routes now enable searching by route name, ID, objects, and object values like IP addresses, domains, or other criteria. Local ACL rules also now support searching by object name and value, including content-based search.
- Default configuration: By popular demand, the default firewall rules and rule group previously created when setting up a new firewall have been removed with only the default network rule and MTA rules provided during initial setup. The default firewall rule group and the default gateway probing for custom gateways are both set to “None” by default.
- New font: The Sophos Firewall user interface now sports a new lighter, cleaner, sharper font for added readability and improved performance
Other enhancements
- Virtual, software, cloud licensing: In case you missed it, all Sophos Firewall virtual, software, and cloud licenses (BYOL) no longer have RAM limits. Licenses are now strictly limited by core count and have no RAM restrictions.
- Larger file size limit in WAF: Supports a configurable request (upload) file size limit for Web Application Firewall (WAF), which can now scan files up to 1 GB
- Secure by design: We are continually improving the security of Sophos Firewall, and in this release are adding real-time telemetry gathering to flag any unexpected changes to core OS files using secure hash validation. This will enable our monitoring teams to proactively identify potential security incidents early before they can become a real problem.
- DHCP prefix delegation relaxation: Now supports /48 to /64 prefixes, improving interoperability with ISPs. Router advertisements (RA) and the DHCPv6 server are also now enabled by default.
- Path MTU discovery: This will resolve TLS decryption errors due to the latest ML-KEM (Kyber) key exchange support in browsers. The Sophos Firewall deep packet inspection engine will now automatically detect and adjust the MTU for each flow, ensuring optimal performance based on specific network conditions.
- NAT64 (IPv6 to IPv4 traffic): NAT64 is supported for IPv6 to IPv4 traffic in explicit proxy mode. In this mode, IPv6-only clients can access IPv4 websites. The firewall also supports IPv4 upstream proxy for IPv6-only clients.
Get the full details
Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v21.5.
Get started today
You can download the upgrade package or installer for v21.5 from the Sophos Firewall v21.5 EAP Registration Page. Simply submit your details and the download links will be emailed to you straight away.
All support during the EAP will be through our forums on the Sophos Firewall Community.
Please provide feedback using the option at the top of every screen in your Sophos Firewall as shown below or via the Community Forums.
Source: Sophos
According to the 2024 Verizon Data Breach Investigations Report, 75% of cyber attacks involve exploiting compromised privileged credentials, making privileged access one of the most sought-after attack vectors. Additionally, 60% of organizations cite insider threats as the primary cause of data breaches (2023 Cybersecurity Insiders – Insider Threat Report), highlighting the critical need to secure privileged accounts against both external and internal threats.
However, a vast majority of organizations – both big and small – don’t have the platforms and processes in place to secure the privileged accounts of every user, on every device, from every location. That’s where a modern Privileged Access Management (PAM) solution comes into play.
The growing need for modern privileged access management
Organizations that fail to implement a robust PAM solution face significant financial and operational risks. The 2024 IBM Cost of a Data Breach Report found that the average cost of a breach rose to $4.88 million. However, 80% of organizations that have adopted a PAM solution report a significant reduction in cyber attack success related to credential theft and misuse.
With the increasing complexity of IT environments, including hybrid cloud infrastructures, passkey adoption, DevOps pipelines and remote workforces, legacy PAM solutions often fail to provide seamless security and usability. Today’s modern infrastructure needs to be accessible at all times, from anywhere in the world, while still maintaining Just-In-Time (JIT) access, zero trust and least privilege.
Introducing KeeperPAM: A groundbreaking approach to privileged access management
Keeper Security is pleased to announce the next generation of its privileged access management platform, KeeperPAM, a patented cloud-native, zero-knowledge platform. KeeperPAM enables seamless infrastructure access through a secure vault. Simply log in with Multi-Factor Authentication (MFA) for one-click, passwordless access to servers, databases, web apps and SaaS platforms.
Unlike legacy PAM solutions, KeeperPAM is zero-knowledge and zero-trust, meaning Keeper never has access to your network, infrastructure or secrets. With a lightweight, containerized gateway, Keeper eliminates agents and on-premises complexity while providing full auditing, session logging and flexible access through User Interface (UI), Command-Line Interface (CLI) or isolated web browsing.
Keeper’s engineers are the original creators of Apache Guacamole and experts in browser-based remote session protocols covering SSH, RDP, VNC, HTTPS, MySQL, PostgreSQL, SQL Server and more.
What makes KeeperPAM groundbreaking?
- Cloud-native, not cloud-adapted – Unlike legacy PAM providers that have adapted on-premises products to the cloud, KeeperPAM was built from the ground up to be cloud-native, scalable and easy to deploy across any environment.
- Multi-protocol access – Instant passwordless sessions to remote servers, databases and web-based applications – without exposing credentials or requiring firewall changes.
- Zero-trust and zero-knowledge security – With end-to-end zero-knowledge encryption, only you can decrypt your data and remote sessions, ensuring absolute privacy and security.
- Agentless, seamless deployment – Unlike legacy PAM solutions that require complex network configurations, Virtual Private Networks (VPNs) or on-prem appliances, KeeperPAM simplifies access by using a lightweight Keeper Gateway service, which eliminates network vulnerabilities and significantly reduces IT overhead.
- All-in-one platform – KeeperPAM integrates enterprise password management, secrets management, privileged session management, remote browser isolation and zero-trust network access into a single, unified solution. You can choose whether users have only an enterprise password manager license or a full PAM license.
With KeeperPAM, businesses no longer need various cybersecurity platforms cobbled together that leave them exposed. Everything is managed from a single pane of glass.
Core benefits and capabilities of KeeperPAM
KeeperPAM offers all of the functionality organizations need to prevent breaches, ensure compliance and enable easy and secure access to resources.
Some of the core capabilities include:
- Password Management – Protect and manage passwords, passkeys and confidential files in a zero-knowledge vault.
- Secrets Management – Protect API keys, CI/CD pipelines and developer tools, while eliminating secrets sprawl, by removing hard-coded credentials from source code.
- Session Management – Provide passwordless remote access to any resource using a web browser.
- Database Management – Control access to databases, either on-prem or cloud, using interactive UI sessions, CLI sessions or tunneling with your favorite front-end tools.
- Remote Browser Isolation – Lock down internal web-based apps, cloud apps and admin panels, while preventing data exfiltration and controlling browsing sessions, with auditing, session recording and password autofill.
- Admin Console – Manage and deploy Keeper to users, integrate with identity providers, monitor activity and establish role-based enforcement policies.
- Control Plane – Orchestrate and monitor the various components and activities related to privileged access, session management, policies and workflow.
How is KeeperPAM deployed?
KeeperPAM uses a zero-trust gateway service to access each environment. No firewall updates or ingress changes are needed, thereby enabling seamless, secure access without complexity.
There are three simple steps to deploy KeeperPAM, which will take under an hour to complete:
- Deploy the vault with your SSO and provision through SCIM, SAML or AD
- Set policy
- Install a Keeper Gateway in the target environments
Deploying KeeperPAM is fast, flexible and designed to scale with your organization’s needs. Whether you’re a small business or a global enterprise, Keeper’s innovative cloud-native architecture ensures rapid implementation with minimal IT overhead. Professional services are never required, unlike legacy PAM platforms.
The future of PAM is here
As cyber threats continue to escalate and regulatory requirements become more stringent, businesses need a modern PAM solution that is secure, scalable and simple to deploy. KeeperPAM redefines privileged access security by eliminating outdated architectures, reducing complexity and delivering an all-in-one, zero-trust security platform.
By combining enterprise password management, secrets management, connection management, zero-trust network access and remote browser isolation into a single, easy-to-use interface, KeeperPAM empowers businesses of all sizes to proactively prevent breaches, streamline compliance and simplify security.
Ready to take control of privileged access and eliminate standing privilege? Request a KeeperPAM demo today.
Source: Keeper Security
Sophos, a global leader of innovative security solutions for defeating cyberattacks, today released the 2025 Sophos Active Adversary Report, which details attacker behavior and techniques from over 400 Managed Detection and Response (MDR) and Incident Response (IR) cases in 2024. The report found that the primary way attackers gained initial access to networks (56% of all cases across MDR and IR) was by exploiting external remote services, which includes edge devices such as firewalls and VPNs, by leveraging valid accounts.
The combination of external remote services and valid accounts aligns with the top root causes of attacks. For the second year in row, compromised credentials were the number one root cause of attacks (41% of cases). This was followed by exploited vulnerabilities (21.79%) and brute force attacks (21.07%).
Understanding The Speed of Attacks
When analyzing MDR and IR investigations, the Sophos X-Ops team looked specifically at ransomware, data exfiltration, and data extortion cases to identify how fast attackers progressed through the stages of an attack within an organization. In those three types of cases, the median time between the start of an attack and exfiltration was only 72.98 hours (3.04 days). Furthermore, there was only a median of 2.7 hours from exfiltration to attack detection.
“Passive security is no longer enough. While prevention is essential, rapid response is critical. Organizations must actively monitor networks and act swiftly against observed telemetry. Coordinated attacks by motivated adversaries require a coordinated defense. For many organizations, that means combining business-specific knowledge with expert-led detection and response. Our report confirms that organizations with proactive monitoring detect attacks faster and experience better outcomes,” said John Shier, field CISO.
Other Key Findings from the 2025 Sophos Active Adversary Report:
- Attackers Can Take Control of a System in Just 11 Hours: The median time between attackers’ initial action and their first (often successful) attempt to breach Active Directory (AD) – arguably one of the most important assets in any Windows network – was just 11 hours. If successful, attackers can more easily take control of the organization.
- Top Ransomware Groups in Sophos Cases: Akira was the most frequently encountered ransomware group in 2024, followed by Fog and LockBit (despite a multi-government takedown of LockBit earlier in the year).
- Dwell Time is Down to Just 2 Days: Overall, dwell time – the time from the start of an attack to when it is detected – decreased from 4 days to just 2 in 2024, largely due to the addition of MDR cases to the dataset.
- Dwell Time in IR Cases: Dwell time remained stable at 4 days for ransomware attacks and 11.5 days for non-ransomware cases.
- Dwell Time in MDR Cases: In MDR investigations, dwell time was only 3 days for ransomware cases and just 1 day for non-ransomware cases, suggesting MDR teams are able to more quickly detect and respond to attacks.
- Ransomware Groups Work Overnight: In 2024, 83% of ransomware binaries were dropped outside of the targets’ local business hours.
- Remote Desktop Protocol Continues to Dominate: RDP was involved in 84% of MDR/IR cases, making it the most frequently abused Microsoft tool.
To shore up their defenses, Sophos recommends that companies do the following:
- Close exposed RDP ports
- Use phishing-resistant multifactor authentication (MFA) wherever possible
- Patch vulnerable systems in a timely manner, with a particular focus on internet-facing devices and services
- Deploy EDR or MDR and ensure it is proactively monitored 24/7
- Establish a comprehensive incident response plan and test it regularly through simulations or tabletop exercises
Read the full It Takes Two: The 2025 Sophos Active Adversary Report on Sophos.com.
Source: Sophos
Customers have spoken, and the results are in. G2, a major technology user review platform, has just released its Spring 2025 Reports, where users rated Sophos as the #1 overall Firewall, MDR, and EDR solution.
Recognizing the power of our platform, Sophos is – once again – the only vendor named a Leader across the G2 Overall Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software, and Managed Detection and Response (MDR). Based on user feedback, Sophos was also ranked the #1 solution in 53 individual reports spanning the Antivirus, EDR, Endpoint Protection Suites, XDR, Firewall, and MDR markets.
Managed Detection and Response
In addition to the #1 overall ranking among MDR solutions, Sophos MDR is also rated the top solution in four additional report segments for the category, including the Enterprise and Mid-Market Grids, and earning the Best Results and Best Usability distinctions among Enterprise customers.
We continue to extend Sophos MDR to support the more than 29,000 organizations that use our service. Recent updates include enhanced ability to fortify Microsoft defenses with new Sophos-proprietary detections for Office 365, an expanded ecosystem of turnkey integrations with third-party cybersecurity and IT tools includes a new Backup and Recovery integration category, and new AI-powered workflows to streamline the operational processes and drive better security outcomes for our customers.
Endpoint Detection and Response/Extended Detection and Response
Sophos EDR/XDR was named a Leader across nine different segments in the Spring 2025 Reports, including the Overall, Enterprise, Mid-Market, and Small Business Grids. The Sophos XDR platform was rated #1 for Best Usability and Best Relationship across all four segments (Overall, Enterprise, Mid-Market, and Small Business), reinforcing why it is the overall top-rated XDR solution.
Firewall
In addition to being named the #1 Overall Firewall solution, Sophos Firewall was also rated as the #1 firewall solution by Mid-Market and Enterprise users. All four user segments (Overall, Small Business, Mid-Market, and Enterprise) named Sophos Firewall a Leader in their respective G2 Grid Reports. For usability, Sophos Firewall is the top-rated solution in the Overall, Enterprise, and Mid-market segments in the Usability Index.
What Sophos customers are saying
“Sophos MDR: 360 degree MDR solution for endpoint security” said a user in the Enterprise segment
“Sophos MDR helps us sleep at night knowing our environment is monitored 24/7” said a user in the Mid-Market segment
“Sophos Firewall is a robust and user-friendly security solution that provides comprehensive protection through advanced threat detection, deep packet inspection, and synchronized security with other Sophos products” said a Head of IT in the Mid-Market segment
“Sophos Firewall automatically identifies and blocks active threats, prevents the lateral movement of attacks, and delivers immediate insights into compromised devices, users and application” said a user in the Small Business segment
“What stands out the most is how effortlessly Sophos Firewall streamlines security tasks, allowing users to focus on protecting their networks without getting bogged down in complex configurations” said a user in the Mid-Market segment
“We can rest easy knowing that Sophos Intercept X is continuously guarding our endpoints from ransomware assaults, which are the kind of thing that keep IT administrators up at night” said a SOC Analyst in the Mid-Market segment
For more information on our services and products, speak to your Sophos partner or representative and visit our website.
Source: Sophos
Discover key insights on why Autotask has been recognized as a leader in the G2 Grid® Report for Professional Services Automation (PSA) – Spring 2025.
Autotask PSA is a cloud-based platform that enables MSPs to run their business at peak profitability because it’s reliable, centralizes their operations, and enables quick data-driven decisions. Autotask provides real-time metrics that give full visibility into service delivery, customer satisfaction, sales pipeline, internal operations, resource utilization, profitability and more. As the central hub of an MSP’s business, it integrates with more than 170 industry-leading solutions. Autotask PSA has consistently delivered 99.99% uptime over the last 10 years.

Autotask earned its place on the G2 Leader Grid® Report for Professional Services Automation thanks to exceptional customer satisfaction and a strong market presence. With 86% of users giving Autotask 4 or 5 stars, 85% believing it is headed in the right direction and 83% saying they would recommend it, Autotask stands out as a reliable solution for streamlining service delivery and project management.

Backed by robust features and a proven ROI, Autotask continues to provide IT professionals with seamless workflows, visibility and control over their operations.
Download the report to discover how Autotask is leading the way:
- User satisfaction and overall performance.
- Feature comparisons.
- User adoption and ROI.
- Autotask, also recognized in the ITSM Tools and Service Desk categories, brings powerful automation and service management under one unified platform.
Join thousands of IT service providers around the world who rely on Autotask to power their businesses.
As cyber threats continue to evolve, addressing cybersecurity challenges is more urgent than ever. Traditional passwords, long considered foundational to digital security, are increasingly vulnerable to sophisticated attacks like phishing and credential stuffing. With cybercriminals becoming more adept, businesses need more secure and reliable authentication methods. Enter passkeys – an innovative step forward in authentication technology.
Recent research from Keeper Security reveals a major shift in the industry: 80% of organizations have either adopted or plan to implement passkeys. But the transition is not without hurdles.
Why passkeys are the future
While passwords have long been the foundation of online security, they come with significant flaws. For example, 32% of employees admit to reusing passwords across multiple accounts, making them easy targets for cybercriminals. Combined with the pervasive threats of phishing and brute force attacks, it’s clear that traditional passwords are no longer sufficient.
Passkeys address these vulnerabilities by leveraging public key cryptography. Unlike passwords, which can be stolen or exposed, passkeys don’t require users to transmit sensitive information. Instead, they use a cryptographic key pair: One key is stored securely on the user’s device, and the other is stored on the authentication server, ensuring that credentials remain secure, private and resistant to phishing attacks.
A phased approach to passkey adoption
Transitioning to passkeys is not a one-size-fits-all solution. Businesses need a structured plan that addresses legacy systems, cost considerations and user adoption challenges. Here is a phased approach to ensuring a smooth and secure transition.
1. Conduct a risk assessment
Identify high-risk systems and prioritize their migration to passkeys. Focus on accounts that store sensitive data or have a history of security breaches. Keeper’s dark web monitoring tool, BreachWatch, can help detect exposed credentials and guide where to start.
2. Upgrade infrastructure
Evaluate authentication tools for compatibility with passkey technology. Hybrid authentication systems, which support both traditional passwords and passkeys, provide a seamless way to transition. Keeper’s password manager supports this hybrid approach, helping organizations secure existing credentials while preparing for a future with passkeys. This dual support enables gradual adoption, ensuring compatibility with legacy systems and minimizing disruption. By integrating passkeys at a manageable pace, organizations can enhance security without sacrificing functionality or user experience.
3. Drive user adoption
Successful implementation depends on user adoption. To support this, organizations must provide clear guidance, comprehensive training materials and hands-on demonstrations that highlight the benefits of passkeys. Keeper’s user-friendly interface and seamless autofill technology simplify the transition, encouraging widespread adoption. Establishing clear policies on when and how to use each authentication method helps ensure users feel confident in their choices. Hybrid solutions not only reduce resistance but also build trust, making the shift to passkeys smoother and more effective across the organization.
4. Launch a pilot program
Introduce passkeys to a smaller group before expanding company-wide. Gather feedback, refine processes and address concerns to optimize the user experience. Keeper’s enterprise-grade security tools ensure seamless integration with existing Identity and Access Management (IAM) frameworks to facilitate user adoption.
5. Execute an organization-wide rollout
Expand passkey usage across all systems, prioritizing high-value accounts and critical users before gradually including other platforms and the broader organization. Ongoing monitoring is essential for maintaining long-term security and user satisfaction.
A vision for the future
Passkeys mark a paradigm shift in authentication. As businesses strengthen their cybersecurity posture, adopting passkeys will be a crucial step toward eliminating credential-based attacks and enhancing the user experience.
Keeper is here to help organizations navigate this transformation. With enterprise-grade security solutions, seamless integrations and expert guidance, businesses can embrace the future of authentication with confidence.
Secure your future today
The journey to passkey adoption begins now. Download Keeper Security’s latest insight report, Navigating a Hybrid Authentication Landscape, for a deeper dive into emerging trends, challenges and solutions.
Source: Keeper Security
Over the years the industry has tied itself in knots in its attempts at augmenting (or upgrading) the password, using all sorts of confusing terminology such as two-factor authentication (2FA), two-step authentication, multifactor authentication (MFA), and the more modern confusion of universal second factor (U2F), Fast IDentity Online 2 (FIDO2), WebAuthn, and passkeys.
Up until now, most of us were happy enough to get someone to adopt any of the above. Anything more than a password is an improvement, but we have now reached the point where we need to raise the minimum bar of acceptability. In this post I’ll look at the current state of bypassing “stronger” authentication methods – and, I believe, point out the best path forward.
Not two smart
Too many of the simplest “2FA” options are not true to what two-factor authentication is really meant to be. Ideally the two factors are two of the following three types: something you know (like a password or PIN), something you have (like a USB/Bluetooth token, SmartCard or public/private keypair), or something you are (like a fingerprint or faceprint). Unfortunately, most of the early solutions boil down to something you know and . . . something else you know.
Take the RSA token, SMS text message, or TOTP (time-based one-time passwords; e.g., Google Authenticator or Authy) styles of “2FA,” where in most cases you are presented with a 6-digit code that rotates every 30 seconds. While people have criticized SMS implementations of this due to the possibility of SIM swapping, the reality is they are all weak and susceptible to interception.
Here’s the problem. Imagine you are sent a well-crafted (perhaps AI-generated?) phishing email. For the scammer to succeed in compromising you at this stage, you must believe the email is legitimate, whether you are using multifactor authentication or not. This is where challenging someone for two different things they know (their password and a secret code that is dynamically generated) ends in tears: If you really think you are logging into your bank, email, or corporate account, you will happily disclose not just your password, but the secret code as well. This type of authentication is only in a single direction; the scammer is verifying your identity, but you have not verified the identity of the entity asking for the proof.
There are in fact freely available tools to automate this deception. One of the more popular is called evilginx2. Originally based on the popular web server nginx, it is now a standalone Go application that serves as an all-in-one tool to phish knowledge-based multifactor authentication and steal session cookies to bypass authentication. This has lowered the barrier for malfeasance to new depths.
How did we get here?
If we consider the history of credential compromise, it all began with sniffing unencrypted Wi-Fi or performing other network-based attacks before things were encrypted. Back in 2010 there was an infamous tool called FireSheep that was designed to allow attackers to visit a cafe and passively steal people’s logins due to the lack of encryption on the web.
In response to these attacks, and to Edward Snowden’s leaks in 2013, we moved to encrypting nearly everything online. That change secured us against what are referred to as machine-in-the-middle (MitM) attacks. We now have nearly ubiquitous use of HTTPS across the web and even in our smartphone apps, which stops any random passersby from capturing everything you might see or do online.
Criminals then moved on to credential theft, and to a large degree most of us have moved on to some variation of multifactor authentication, but again, usually merely the cheapest and easiest variation — something we know, plus an ephemeral something-else we know. This is an ineffective speed bump, and we must move on once again.
Industry consensus has, after many a committee meeting and standards body creation, settled on a widely agreed-upon standard known as the Web Authentication API, or WebAuthn. If you want to dive deeply into the confusion over the various bits and pieces, there is a Reddit thread for that, but I won’t go too deeply into those weeds here.
A walk through WebAuthn
WebAuthn/passkeys make multifactor authentication close to phish-proof. Nothing is perfect, of course, and recent research has discovered a limited-but-interesting MitM attack vector involving specialized hardware devices and a since-patched CVE, but from here forward we are referring to it as phishing-resistant multifactor authentication.
Let’s walk through the process. I want to create an account on a popular social media site. Using my smartphone or computer with passkey support, I choose to create a new account with a passkey. The site prompts me for my desired username (usually my email address). My device sends the username to the site, and it responds back with my username, a challenge, and the site’s domain name. My device generates a unique cryptographic keypair, stores it safely alongside the site name and username, signs the challenge from the site, and attaches the associated public key for the site to now use as my identifier.
Next time I go to this site, I will no longer need or use a password, which by this definition is just a shared secret and could be stolen or replayed. Instead, as shown in Figure 1, I send the username that is matched to that site’s domain name. The site responds with a challenge. My device looks up the key for that domain name and uses it to sign the challenge, proving my identity.
For more information, vertx.io has a developer-centric dive into the mechanics of the process.
What could possibly go wrong?
With this combination of data points, the key can’t easily be stolen or reused, and I can’t be tricked into trying to sign into an imposter site with a lookalike domain name. (There is a small attack surface here as well: If you add a passkey for zuzax.com and I can create a subdomain under my control as an attacker, phish.zuzax.com, I can get you to sign a replayed challenge.)
Beyond my device, where the keys are stored determines their safety against theft and abuse. Using hardware U2F tokens, like a YubiKey or SmartCard, ensures the keys are locked to that device and cannot be extracted and physical theft is the only practical option. Some hardware tokens require a biometric, PIN, or passphrase to unlock as well. With the advent of passkeys, the secret keys can be synchronized across your OS vendor’s cloud (iCloud, Google Drive, OneDrive) or through your password manager (Bitwarden, 1password, etc.) making them more susceptible to theft if your account is compromised.
And, of course, it has to be implemented. The burden of implementation lies with the sites (where we have made reasonably quick progress on this in the past year) and, as ever, with enterprises that must enable and use it in their specific environments. This isn’t so different to our constant advice to security practitioners to treat MFA as basic hygiene (along with patching and disabling unnecessary RDP), but it still has to be budgeted for and done.
The last remaining weakness is the session cookie that gets set upon login, but that’s a topic for another article.
It goes both ways (and moves us forward)
As a user, I should be able to prove my identity to my device by using a PIN, fingerprint, or faceprint, and have the device do the work of authenticating both parties. That’s the most important part of this transaction — its bidirectionality.
We all know password theft is a problem, and we have really only extended their lifetimes by trying to augment them with other flavors of knowledge-based authentication. Information can be and will be stolen, intercepted, and replayed. If we truly want to have multifactor authentication, we must move beyond knowledge and demand stronger proof.
This is an opportunity to move beyond security being a source of friction for users; in fact, it actively improves security while diminishing the friction. Today’s passkey implementations can be finicky and awkward, but I am convinced those who embrace it will benefit the most and that in short order we will solve the user interface challenges. We don’t have a choice. It is the best solution available to us and the criminals won’t wait for us to argue the merits.
Source: Sophos
Sophos X-Ops’ research, presented at Virus Bulletin 2024, uses ‘multimodal’ AI to classify spam, phishing, and unsafe web content.
At the 2024 Virus Bulletin conference, Sophos Principal Data Scientist Younghoo Lee presented a paper on SophosAI’s research into ‘multimodal’ AI (a system that integrates diverse data types into a unified analytical framework). In his talk, Lee explored the team’s novel empirical research on applying multimodal AI to the detection of spam, phishing, and unsafe web content.
What is multimodal AI?
Multimodal AI represents a significant shift in artificial intelligence. Rather than traditional single-mode analysis, multimodal systems can process multiple data streams simultaneously, synthesizing data from multiple inputs.
In the context of cybersecurity – and particularly when it comes to classifying threats – this is a powerful capability. Rather than analyzing textual and visual content separately, a multimodal system can process both, and ‘understand’ the intricate relationships between them.
For example, in phishing detection, multimodal AI examines the linguistic patterns and writing style of the text alongside the visual fidelity of logos and branding elements, while also analyzing the semantic consistency between textual and visual components. This holistic approach means that the system can identify sophisticated attacks that might appear, to more traditional systems, to be legitimate. Moreover, multimodal AI can learn from, and adapt to, the correlations between different data types, developing a sense of how legitimate and malicious content differs across multiple dimensions.
Capabilities
In his research, Lee details some of the detection capabilities of multimodal AI systems:
Text analysis and natural language understanding
- Analysis of linguistic patterns, writing style, and contextual cues to identify manipulation attempts
- Detection of social engineering tactics such as manufactured urgency and unusual requests for sensitive information
- Maintenance of an evolving database of phishing pretexts and narratives
Visual intelligence and brand verification
- Comparison of logos, corporate styling, and visual layouts to legitimate templates
- Detection of subtle differences in brand colors, fonts, and layouts
- Examination of image metadata and digital signatures
Advanced URL and security analysis
- Identification of deceptive techniques like typosquatting and homograph attacks
- Analysis of relationships between displayed link text and actual destinations
- Detection of attempts to obscure malicious URLs with styling and formatting tricks
Case study: A fake Costco email
The below image is a genuine phishing attempt, designed to trick recipients into thinking that they have won a prize from Costco. The email looks official, complete with imitated Costco logo and branding.
Figure 1: A screenshot of a phishing email, purportedly from Costco
Multimodal AI can identify several suspicious aspects of this email, including:
- Phrases used to incite urgency and action
- The sender’s email domain not matching legitimate domains
- Inconsistencies with logos and images
As a result, the system assigns a high score to the email, flagging it as suspicious.
SophosAI also applied multimodal AI to NSFW (not safe for work) websites containing content relating to gambling, weapons, and more. As with the classification of phishing emails, detection leverages a number of capabilities, including the evaluation of keywords and phrases (agnostic of language), and analysis of imagery and graphics.
Experimental results
To test the efficacy of multimodal AI compared to traditional machine learning models such as Random Forest and XGBoost, SophosAI conducted a series of empirical experiments. The full results are available in Lee’s whitepaper and Virus Bulletin talk – but, briefly, traditional models performed well when detecting known threats, and struggled with new, unseen phishing emails. Their F1 scores (a measure that balances precision and recall to give an overall representation of accuracy between 0 and 1) were as low as 0.53 with unseen samples, reaching a high of 0.66. In contrast, multimodal AI (using GPT-4o) performed very well in detecting new phishing attempts, achieving F1 scores up to 0.97 even on unseen brands.
It was a similar story with NSFW content; traditional models achieved F1 scores of around 0.84-0.88, but models with multimodal AI embeddings achieved scores of up to 0.96.
Conclusion
The digital landscape is in a state of constant evolution, bringing with it an array of new threats – including the use of generative AI to deceive users. Phishing emails now meticulously, and routinely, mimic legitimate communications, while NSFW websites conceal harmful content behind deceptive visuals. While traditional cybersecurity methods remain important, they are increasingly inadequate on their own. Multimodal AI offers an innovative layer of defense that enhances our comprehension of content.
By effectively detecting sophisticated phishing emails and accurately classifying NSFW websites, multimodal AI not only protects users more effectively but also adapts to new threats. The experimental results Lee presents in his paper show significant improvements over traditional methods.
Going forward, incorporating multimodal AI into cybersecurity strategies is not just beneficial; it is crucial for ensuring the protection of our digital environment amid growing complexities and threats.
For further information, Lee’s full whitepaper is available here. A recording of his 2024 Virus Bulletin talk is available here (along with the slides).
Source: Sophos
The World’s Most Innovative Companies Award by Fast Company is the definitive source for recognizing organizations that transform industries and shape society. Today, we’re celebrating that Fast Company has named Silverfort a 2025 Most Innovative Company. We are honored to be listed in the security category alongside others who are pushing the boundaries of what’s possible to create a more secure world.
More than 1,000 enterprises trust Silverfort, and our gross customer retention rate remains high at 94%. We’ve raised more than $220M in funding from leading investors, and we’ve grown to over 450 team members worldwide, with revenue increasing by nearly 100% year over year for the last five years. The entire Silverfort team deserves this honor for working tirelessly to build a platform that delivers maximum security with minimal effort. Thank you to our employees, customers, and investors for all your hard work, loyalty, and unwavering support. And special thanks to our incredible Research, Engineering and Product teams for continuously delivering unmatched innovation that pushes the identity security market forward.
2024 was a big year for Silverfort. In the last six months alone, we acquired Rezonate, an impressive cloud identity security company, we released an incident response solution that flips the script on the traditional IR process, and our product team released an entirely new product—one that helps businesses go beyond managing privileged accounts to securing them (Privileged Access Security). We can proudly say our platform analyzes over 10B authentications daily, detects an average of 34K identity exposures and threats per customer, and is 17 times faster to deploy than traditional solutions.
Silverfort’s journey began with a mission to address a glaring—and growing—weakness we saw years ago in the security industry: identity. Determined to close this gap, the founding Silverfort team pioneered unique, patented Runtime Access Protection (RAP) architecture, which connects seamlessly to an organization’s existing identity stack. It provides unparalleled visibility into all identities and environments, leverages AI for adaptive authentication and threat detection, and even protects what used to be unprotectable, like non-human identities (NHIs), legacy systems, and command-line tools.
Over the last several years, we have worked continuously to build the identity security platform companies deserve. Unlike other solutions that solve one piece of the security puzzle or require overly complicated maintenance and deployments, Silverfort breaks down silos to eliminate security gaps and blind spots with one easy-to-deploy platform.
The result? Identity security without limits.
The Silverfort Identity Security Platform is the only solution that truly goes everywhere to deliver unparalleled protection, context, and visibility, without compromising on productivity. Today, over 1,000 organizations worldwide trust us to protect all identities, all resources, and all environments, all the time—and we look forward to seeing that number grow as we continue to take identity security where it has never gone before.
Thank you to Fast Company for the recognition, and congratulations to the team that got us here. This is identity security done right.
Source: Silverfort