IT asset discovery is a process to find and document assets that are connected to the network. Asset discovery tools provide an automated solution for an accurate inventory of all the hardware and software on the network or environment.

Automate and Manage Your Network Assets with Datto RMM Asset Discovery Tools

As a managed service provider (MSP) you know that managing a client’s networks can be a complicated process. It’s essential to be able to monitor, support, and secure anything that is connected to a network to minimize any security risks.

However, it’s no longer enough just to know what’s on the network. As an MSP, you need to understand the relationships between the devices and services that keep your customers up and running.

Datto RMM’s built-in asset discovery and management tool offers real-time visibility of every asset connected to a network. The tool is able to locate every asset including those not already under your management in Datto RMM.

Datto RMM provides:

• Insightful discovery.
  Instantly view all discovered devices on the network, where they are located, and their current status.

• Faster troubleshooting.
  View essential network information at a glance, with open alerts represented on devices and the impact they have on each other. Technicians can quickly navigate to any device, gather critical information, and set up a remote connection with a single click.

• Mitigation of potential issues.
  Technicians don’t just see the endpoints in isolation. Datto RMM’s Network Topology maps illustrate the relationships between all devices on the network, allowing you to gauge the impact of a change before it’s made.

Datto RMM helps MSPs manage the complexity, costs, and risks associated with supporting your client endpoints. Whether managing a single endpoint or hundreds of thousands of endpoints, Datto RMM helps MSPs keep their supported estate secured, patched, stable, and functioning.

Request a Demo of Datto RMM Today.

Benefits of using asset discovery tools?

The use of spreadsheets to track devices and software in a complex network is no longer an option. The use of automated IT Asset management provides the MSP with a solution to:

• Reduce costs: Prepare information remotely, automate and identify what is not being managed, simplify monitoring and managing for recurring processes, and assess future requirements.
• Mitigate risk: Quickly identify what’s not being managed and where potential risks lie
• Manage devices: Understand compliance status of managed devices, and uncover previously missed opportunities to manage new devices

How to get started with RMM Asset Discovery

Datto RMM will obtain the following information from devices on the network including routers, switches, and IoT devices:

• Operating system
• Manufacturer
• Hostname
• Device type
• IP addresses
• MAC addresses
• Used uplink port
• Relationships between the device and the networking infrastructure
• Whether the device is being managed by Datto RMM and open alerts

Datto RMM’s IT asset discovery tool empowers managed service providers’ ability to continuously discover and identify every device on the network – not just those managed with Datto RMM – generating a visual layout of the network to show how devices are connected to each other, and quickly identifying where issues are on the network.

Which systems does the Datto RMM Support?

Datto RMM supports systems running on:

• Windows:
  • Windows 7 SP1 with Windows Updates KB2999226 and KB2533623 installed
  • Windows Server 2008 R2 SP1 with Windows Updates KB2999226 and KB2533623 installed
  • Windows 8.1 with Windows Update KB2999226 installed
  • Windows Server 2012 R2 with Windows Update KB2999226 installed
  • Windows 10 with .NET Core 3.1
  • Windows Server 2016 with .NET Core 3.1
  • Windows Server 2019 with .NET Core 3.1
• Linux with .NET Core 3.1
• macOS with .NET Core 3.1

To learn more about Datto RMM, please visit www.datto.com/products/rmm.

Source: Datto

As a channel-first, channel-best company, the award validates our commitment to helping MSPs deliver superior cybersecurity outcomes for our customers amid constantly evolving threats.

SE Labs assesses security vendors based on a combination of continual public testing, private assessments, and feedback from corporate clients. The first-of-its-kind Best MSP Solution award recognizes the critical role MSPs play as the first line of defense for small- and medium-sized businesses (SMBs) against data breaches, ransomware and other debilitating cyberattacks.

“SE Labs Annual Security Awards 2024 acknowledge industry leaders for their best-in-class products and services. Following our conversations within the community and rigorous testing, we created shortlist of exceptional companies that support their partners. We are thrilled to award Sophos Best MSP Solution, for keeping their MSP and partner community armed with innovative security solutions and intelligence that protect their customers in the ever-evolving threat landscape,” said Simon Edwards, CEO at SE Labs. 

To better protect their businesses and customers, MSPs are prioritizing vendors that can help them understand how attackers operate while providing advanced security solutions that adapt as adversaries change their tactics, techniques, and procedures.

“MSPs need a vendor that understands their business model and practices. Since Sophos works exclusively with the channel, we know how to best partner with MSPs, from an operational standpoint to providing scalable, innovative security products and services that can defend their customers from inevitable cyberattacks,” said Simon Reed, chief research and scientific officer at Sophos.

Sophos defends more than 300,000 organizations worldwide against advanced attacks, with anti-ransomware, anti-exploitation, behavioral analysis, and other innovative technologies.

Sophos products are managed in the cloud-native Sophos Central platform, which is part of the Sophos Adaptive Cybersecurity Ecosystem that collects, correlates, and enriches security data with additional context to enable automatic and synchronized responses to active threats.

Intercept X endpoint technology includes industry-first Adaptive Attack Protection, which automatically disrupts in-progress attacks and dynamically puts “shields up” to give defenders valuable additional time to respond to an intrusion. The Account Health Check capability also identifies security posture drift, misconfigurations, and provides the ability to remediate such issues with one click.

To help further partners’ and MSPs’ awareness of critical industry issues, Sophos provides real-time and historical threat intelligence from the Sophos X-Ops unit, a cross-functional team of more than 500 Sophos cybersecurity experts worldwide. Sophos X-Ops’ intelligence helps partners and MSPs confidently address customers’ questions and concerns about the latest ransomware, vulnerabilities, and attacks circulating in the news.

Source: Sophos

You should use a password manager in 2024 because a password manager protects your login credentials and keeps your online data safe. Password managers do more than just protect and store passwords; they also store your passkeys, generate new, strong passwords, and let you store and securely share important documents such as medical records, identification cards, credit cards and more.

Continue reading to learn why using a password manager is important in 2024 and the risks associated with not using one.

What is a password manager?

Password managers create, store and manage passwords, passkeys and other data. People who use password managers only need to remember a single password known as their master password to securely access the rest of their passwords. They can also opt to use their biometrics, like FaceID, to sign into their password manager vault seamlessly.

6 reasons why you should use a password manager

There are many reasons to use a password manager in 2024. Here are six of the top reasons.

1. Password-based attacks are the top attack vector in 2024

Last year, cybercriminals made over $1 billion in ransom payments.  Ransomware, malware and password-based attacks are on the rise in 2024. Stolen credentials are commonly used by cybercriminals to successfully execute data breaches, according to Verizon’s 2023 Data Breach Investigations Report. In fact, 74% of breaches involve the use of stolen credentials. Cybercriminals often purchase these stolen credentials on the dark web and use them to access personal and work accounts. Since many people often use the same password across multiple websites, applications and systems, if a single password is compromised, all your accounts that use the same password are also at risk of being compromised.

The best way to protect yourself and your organization from password-based attacks is by using a password manager. A password manager with dark web monitoring capabilities helps you ensure each of your passwords is strong and unique. It’ll also notify you in real time if any of your credentials are found on the dark web so you can take action immediately by changing your passwords.

2. Reduces password fatigue 

The average person has about 100 online accounts including, financial, social media, work and school accounts. That means people are expected to remember over 100 unique passwords. This often leads to people using the same password or a variation of the same password across multiple accounts, ultimately putting their accounts at higher risk of being compromised. Password managers generate strong and unique passwords for online accounts and store them securely in an encrypted digital vault. The only password users have to remember is a master password to access their login credentials and other sensitive data – significantly reducing password fatigue.

3. Helps you generate strong and unique passwords 

Password managers have a built-in password generator that can instantly create strong and unique passwords. By using a password manager’s autofill function, users can create passwords for their accounts without having to come up with them on their own. This ensures that each of their accounts is always secured with a strong password that can’t be easily compromised by a cybercriminal.

4. Protects you from phishing scams

Many phishing scam emails and text messages are created to lead unsuspecting victims to phishing websites designed to steal login credentials, credit card details and more. Some phishing websites can be difficult for the average person to spot. Password managers can easily spot phishing websites due to their autofill capabilities. A password manager with an autofill function will only autofill your credentials if the website’s URL matches the one you have stored in your password manager’s vault. If the password manager doesn’t autofill your credentials, this is an immediate red flag that the site you’re on is not legitimate and likely malicious.

5. Enables you to securely share passwords, passkeys and more

Insecurely sharing any sensitive information through email or text message can place your accounts and your identity at risk of being compromised. It’s important that when you’re choosing to share private documents or passwords, you do it in a way that is secure and allows you to manage access to them. Password managers like Keeper do just that. With Keeper Password Manager users can share stored data through vault-to-vault sharing or the One-Time Share feature.

Vault-to-vault sharing allows you to share access to a record with other people who use Keeper. Before sharing you can choose how much access you want the recipient to have, such as View Only, Can Edit, Can Share and Can Edit & Share. You can also revoke access to the record at any time. One-Time Share allows you to share records with anyone on a time-limited basis, even if they’re not a Keeper user themselves.

6. Works across multiple browsers and devices

There are three main types of password managers: password managers that come built into your devices like iCloud Keychain, browser password managers like the one that comes with Chrome and standalone password managers like Keeper. One of the biggest limitations of both iCloud Keychain and browser password managers is that they can’t be accessed from everywhere. For example, you can’t access your iCloud Keychain data from a Windows computer and you can’t access your Chrome data from another browser like Safari.

This limitation can cause frustration, especially when you want to sign in to one of your accounts from a different browser or device. Standalone password managers, on the other hand, allow you to access your stored data from anywhere, no matter what device or browser you’re using.

What are the risks of not using a password manager?

Here are a few of the risks associated with not using a password manager.

Password reuse

Many people tend to use the same password or variations of the same password for multiple accounts. This is typically because people can’t remember unique passwords for every single account. This is a major risk because if just one reused password is compromised, it places every account that uses the same password at risk of also becoming compromised.

Weak password creation

Creating passwords that are considered strong is difficult to do on your own. Strong passwords have to be at least 16 characters and contain uppercase and lowercase letters, numbers and symbols. However, these strong passwords are difficult for people to remember, so most people choose to create passwords that are weak but easy to remember.

Using weak passwords for accounts is dangerous because it increases the likelihood of an unauthorized user being able to guess or crack that password successfully.

Multiple password resets

When people forget their password, their first option is to reset it. While resetting your password once won’t hurt you, resetting your password multiple times can. The more times you need to reset your passwords, the more likely you are to use weak passwords or begin reusing passwords. This is especially true if you don’t use a password manager to help you create and store them.

Insecure password sharing

Password sharing isn’t uncommon. People share their login credentials with friends and family for streaming accounts like Spotify, Hulu and Prime Video. When sharing passwords, a lot of people choose to share them using insecure methods like text messages and emails. These sharing methods are dangerous because they’re not encrypted, which means anyone can intercept them. Additionally, by sharing your passwords insecurely you have no visibility into who you’ve shared your password with. This makes it extremely difficult to properly manage your accounts and who has access to them.

Keep your most important data secure with a password manager

Password managers are amazing tools to invest in to keep your online data safe from cyber threats and criminals. Aside from protecting your information, they also make your online experience a whole lot easier with their autofill capabilities.

To see how a password manager can help you secure your data and streamline your online experience, start a free 30-day trial of Keeper Password Manager today.

Source: Keeper

Sophos Managed Risk combines vulnerability management technology from Tenable with Sophos’ threat expertise as a fully managed service.

Exploited unpatched vulnerabilities are the leading root cause of successful attacks, as reported in Sophos’ 2024 Ransomware Report.

The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.

Given this pressing need, we are excited to introduce Sophos Managed Risk, powered by Tenable. This new service enables organizations to find and eliminate blind spots and stay ahead of potential attacks by clearly understanding and prioritizing the highest risk exposures, with expert guidance from Sophos’ dedicated team.

Sophos Managed Risk delivers:

• Attack surface visibility
  The modern attack surface continues to grow beyond the borders of traditional IT, and most organizations now have internet-facing assets they don’t realize they own, providing easy targets for threat actors. Sophos Managed Risk discovers the organization’s internet-facing assets and analyzes their external attack surface.
• Continuous monitoring
  In-house IT and security teams may lack the deep knowledge and experience of the exploitation landscape needed to fully understand the security posture of their organization’s attack surface. Sophos Managed Risk provides expert guidance and helps set remediation priorities.
• Risk-based vulnerability prioritization
  New vulnerabilities are discovered faster than most organizations can fix them. Understanding which ones are relevant and in which order to patch them is a significant challenge. Sophos Managed Risk identifies and prioritizes exposures using extensive vulnerability coverage and risk-based prioritization technology from Tenable.
• Proactive notification of high-risk exposures
  Attackers look for weaknesses in the environment long before organizations know they’re there. Identifying high-risk exposures quickly is crucial. Sophos Managed Risk provides proactive notification when new critical vulnerabilities are discovered that affect the organization’s assets.

“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”

The Sophos-Tenable Alliance

Sophos Managed Risk combines industry-leading technology from Tenable with threat expertise from Sophos, delivered as a proactive attack surface management service. This unique partnership brings together two highly respected cybersecurity market leaders to deliver superior security outcomes for customers and partners.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Collaborates with the world’s most trusted MDR service

Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The dedicated Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions.

For example, when Sophos discovers a new high-risk zero-day vulnerability that could leave an organization exposed, Sophos Managed Risk scans their assets for the possibility of an exploit and proactively notifies the customer. Organizations can connect with the Sophos Managed Risk team and conveniently manage vulnerability escalation cases alongside MDR investigations in one unified Sophos console.

Available soon

With Sophos Managed Risk experts providing insights into attack surface vulnerabilities, organizations of all sizes can reduce cyber risk, accelerate their patching programs, and improve insurability. The new service will be available at the end of April 2024.

To learn more about Sophos Managed Risk and how it can support you, visit our website or speak with a security expert today.

Source: Sophos

Insights into the financial and operational implications of having backups compromised in a ransomware attack.

There are two main ways to recover encrypted data in a ransomware attack: restoring from backups and paying the ransom. Compromising an organization’s backups enables adversaries to restrict their victim’s ability to recover encrypted data and dial-up the pressure to pay the ransom.

This analysis explores the impact of backup compromise on the business and operational outcomes of a ransomware attack. It also shines light on the frequency of successful backup compromise across a range of industries.

The findings are based on a vendor-agnostic survey commissioned by Sophos of 2,974 IT/cybersecurity professionals whose organizations had been hit by ransomware in the last year. Conducted by independent research agency Vanson Bourne in early 2024, the study reflects respondents’ experiences over the previous 12 months.

Executive summary

The analysis makes clear that financial and operational implications of having backups compromised in a ransomware attack are immense. When attackers succeed in compromising backups, an organization is almost twice as likely to pay the ransom and incurs an overall recovery bill that is eight times higher than for those whose backups are not impacted.

Detecting and stopping malicious actors before your backups are compromised enables you to reduce considerably the impact of a ransomware attack on your organization. Investing in preventing backup compromise both elevates your ransomware resilience while also lowering the overall Total Cost of Ownership (TCO) of cybersecurity.

Download the report PDF

Learning 1: Ransomware actors almost always attempt to compromise your backups

94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. This rose to 99% in both state and local government, and the media, leisure and entertainment sector. The lowest rate of attempted compromise was reported by distribution and transport, however even here more than eight in ten (82%) organizations hit by ransomware said the attackers tried to access their backups.

Learning 2: Backup compromise success rate varies greatly by industry

Across all sectors, 57% of backup compromise attempts were successful, meaning that adversaries were able to impact the ransomware recovery operations of over half of their victims. Interestingly, the analysis revealed considerable variation in adversary success rate by sector:

• Attackers were most likely to successfully compromise their victims’ backups in the energy, oil/gas, and utilities (79% success rate) and education (71% success rate) sectors
• Conversely, IT, technology and telecoms (30% success rate) and retail (47% success rate) reported the lowest rates of successful backup compromise

There are several possible reasons behind the differing success rates. It may be that IT, telecoms and technology had stronger backup protection in place to start with so was better able to resist the attack. They may also be more effective at detecting and stopping attempted compromise before the attackers could succeed. Conversely, the energy, oil/gas and utilities sector may have experienced a higher percentage of very advanced attacks. Whatever the cause, the impact can be considerable.

Learning 3: Ransom demands and payments double when backups are compromised

Data encryption

Organizations whose backups were compromised were 63% more likely to have data encrypted than those that didn’t: 85% of organizations with compromised backups said that the attackers were able to encrypt their data compared with 52% of those whose backups were not impacted. The higher encryption rate may be indicative of weaker overall cyber resilience which leaves organizations less able to defend against all stages of the ransomware attack.

Ransom demand

Victims whose backups were compromised received ransom demands that were, on average, more than double that of those whose backups weren’t impacted, with the median ransom demands coming in at $2.3M (backups compromised) and $1M (backups not compromised) respectively. It is likely that adversaries feel that they are in a stronger position if they compromise backups and so are able to demand a higher payment.

Ransom payment rate

Organizations whose backups were compromised were almost twice as likely to pay the ransom to recover encrypted data than those whose backups were not impacted (67% vs. 36%).

Ransom payment amount

The median ransom payment by organizations whose backups were compromised was $2M, almost double that of those whose backups remained intact ($1.062M). They were also less able to negotiate down the ransom payment, with those whose backups were compromised paying, on average, 98% of the sum demanded. Those whose backups weren’t compromised were able to reduce the payment to 82% of the demand.

Learning 4: Ransomware recovery costs are 8X higher when backups are compromised

Not all ransomware attacks result in a ransom being paid. Even when they do, ransom payments are just part of the overall recovery costs when dealing with a ransomware attack. Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive.

The median overall ransomware recovery costs for organizations whose backups were compromised ($3M) came in eight times higher than that of organizations whose backups were not impacted ($375K). There are likely multiple reasons behind this difference, not least the additional work that is typically needed to restore from decrypted data rather than well-prepared backups. It may also be that weaker backup protection is indicative of less robust defenses and greater resulting rebuilding work needed.

Those whose backups were compromised also experienced considerably longer recovery time with just 26% fully recovered within a week compared with 46% of those whose backups were not impacted.

Recommendations

Backups are a key part of a holistic cyber risk reduction strategy. If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to:

• Take regular backups and store in multiple locations. Be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access.
• Practice recovering from backups. The more fluent you are in the restoration process, the quicker and easier it will be to recover from an attack.
• Secure your backups. Monitor for and respond to suspicious activity around your backups as it may be an indicator that adversaries are attempting to compromise them.

How Sophos can help

Sophos MDR: Over 500 experts monitoring and defending your organization

Sophos MDR is a 24/7 expert-led managed detection and response service that specializes in stopping advanced attacks that technology alone cannot prevent. It extends your IT/security team with over 500 specialists who monitor your environment, detecting, investigating, and responding to suspicious activities and alerts.

Sophos MDR analysts leverage telemetry from the security tools you already use – including your backup and recovery solution – to detect and neutralize attacks before damage is done. With an average threat response time of just 38 minutes, Sophos MDR works faster than your next threat.

Sophos XDR: Enabling IT teams to detect and respond to attacks

In-house teams can use Sophos XDR to get the visibility, insights, and tools they need to detect, investigate, and respond to multi-stage threats, across all key attack vectors, in the shortest time. With Sophos XDR you can leverage telemetry from your backup and recovery solution, as well as your wider security stack, to quickly see and respond to attacks.

Source: Sophos

Sophos’ market-leading Managed Detection and Response offering continues to go from strength to strength, with over 20,000 organizations worldwide now protected by the service.  

Industry analysts agree. We are delighted to announce that Sophos has been named a Leader by Frost & Sullivan in their 2024 Frost Radar™ report for Global Managed Detection and Response.

According to Frost & Sullivan, Sophos stands out as an MDR leader for:

Flexibility

Citing Sophos’ expansive integrations with both native and third-party technologies, the report also highlights the flexibility of our MDR response modes and subscription tiers.

Support for Microsoft Environments

The evaluation calls out Sophos’ ability to deliver MDR services for Microsoft environments as an advantage, with the expertise to investigate and respond to Microsoft security alerts across endpoint, cloud, and identity sources, among others.

Unlimited Incident Response

Frost & Sullivan highlights a powerful differentiator of Sophos MDR: “To go a step beyond the traditional functionalities and responsibilities of MDR platforms, Sophos delivers unmetered incident response services as part of its core offering”.

Rapid Growth

Acknowledging our success in the market, the report notes that Sophos is “growing faster than average in the already fast-growing MDR market”, thanks to our channel-best approach and thought leadership.

Download the full Frost & Sullivan Report

Continued Industry Recognition

Sophos MDR continues to garner high praise from experts across the industry. In addition to this Frost & Sullivan recognition, Sophos is proud to be:

• A Gartner Peer Insights Customers’ Choice for Managed Detection and Response
• Rated the Number 1 MDR solution by customers in the G2 Winter 2024 Grid Reports
• Named a Representative Vendor in the Gartner Market Guide for Managed Detection and Response Services

Check out our full range of independent accolades and endorsements on Sophos.com.

To learn more about Sophos MDR,  or speak to your Sophos representative or partner.

Source: Sophos

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024). This recognition comes on the heels of Sophos also being named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

The IDC MarketScape study evaluates modern endpoint security vendors’ prevention, EDR, and MDR capabilities and business strategies, with a specific focus on the requirements of small businesses.

According to the IDC MarketScape evaluation, “Sophos is a strong consideration for small businesses, particularly those with large business security requirements that have little to no in-house security expertise.”  Read the excerpt

“Every organization, regardless of size, suffers from resource constraints. The stakes in cybersecurity, with small businesses in particular, are massive, and many of these companies are struggling to keep up,” said Michael Suby, research vice president, Security & Trust, IDC. “Sophos, with an expansive set of protection technologies and proven MDR service offering, is a great option to help a small business improve its security posture in whatever way fits best – either with the tools to help its experts in-house or by leveraging the expertise of the dedicated MDR security team.”

Trusted Managed Detection and Response Service

Cybersecurity is becoming so complex that most small businesses cannot keep up and need every advantage. Sophos delivers superior cybersecurity outcomes by giving customers the advantages they urgently need. Our 24/7 Managed Detection and Response service enables organizations to reduce the risks and costs associated with security incidents and data breaches that could potentially be catastrophic to small businesses.

The IDC MarketScape report notes: “Sophos MDR, already in use by over 20,000 Sophos customers, is a time-tested MDR service combined with Sophos’ engagements with cyber insurance providers delivers the confidence small businesses need to attain their endpoint security objectives without being security experts.” 

Innovative Protection Capabilities

Sophos delivers strong preventative security that significantly reduces the workload resource-stretched small businesses​. We believe our continued ‘protection-first’ strategy is a key contributor to Sophos’ position as a Leader in this evaluation.

We are constantly innovating to stay ahead of the evolving and expanding attack landscape. The IDC MarketScape assessment references Sophos’ expansive set of protection technologies provided as standard features in our endpoint security offering, and calls out some of our most recent innovations:

“Even with the most diligent efforts to deflect attackers, there are no guarantees that all manner of attacks can be thwarted. Addressing this potential, Sophos recently added several new capabilities: adaptive attack protection, critical attack warning, and data protection and recovery.” 

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Small Businesses, read the excerpt here.

Source: Sophos

Organizations should implement the principle of least privilege to protect their sensitive data from unauthorized access. To implement the principle of least privilege, organizations need to define roles and permissions, invest in a Privileged Access Management (PAM) solution, enforce MFA, automatically rotate credentials for privileged accounts, segment networks and regularly audit network privileges.

Continue reading to learn more about the principle of least privilege, why it is important and how your organization can implement it.

What Is the Principle of Least Privilege and Why Is It Important?

The Principle of Least Privilege (PoLP) is a cybersecurity concept in which users are granted just enough network access to data and systems to do their jobs, and no more. Least privilege access applies to users, processes, applications, systems and IoT devices. It prevents users from accessing resources they do not need and limits what they can do with the resources they do have access to.

Least privilege access is important because it:

• Reduces attack surface: Attack surface refers to the possible entry points where cybercriminals can access a system and steal data. By limiting privileges, organizations can reduce the possible entry points for unauthorized access and easily prevent any potential threats.
• Minimizes insider threats: Insider threats are cyber threats originating from within an organization when current or former employees, partners, contractors or vendors heighten the risk of sensitive data and systems becoming compromised. By limiting access, organizations can minimize insider threats from compromising sensitive data, whether by accident or intentionally.
• Prevents lateral movement: Lateral movement is when cybercriminals move deeper within an organization’s network after gaining initial access by escalating their privileges. Least privilege access prevents threat actors from moving laterally throughout a network. The cybercriminal will be restricted to the systems and data of the compromised account.
• Adheres to regulatory compliance: Least privilege access helps organizations protect sensitive data and adhere to regulatory and industry compliance frameworks such as GDPR, HIPAA and SOX.

6 Ways Organizations Can Implement the Principle of Least Privilege

The principle of least privilege will help organizations improve their security and protect their sensitive information from unauthorized access. Here are six ways organizations can implement the principle of least privilege.

Define roles and permissions

The first step of implementing the PoLP is to define roles and permissions. Organizations need to determine the level of access to specific sensitive data and systems – who should be accessing these resources, why they are accessing them and how long they should have access to them. They then need to define what role each member of the organization has and what permissions each member has based on their role. They should use Role-Based Access Control (RBAC) to help define roles and permissions.

RBAC grants specific network permissions based on a user’s defined role. Users will have limited network access to specific data and systems based on their role within the organization and what they need to do their jobs. They should not have access to any resources outside of their assigned job duties. RBAC restricts what users can do with a system or file they have access to. For example, marketing employees need access to customer data but not developer environments, and IT administrators need access to developer environments but not financial records.

Invest in a PAM solution

To help manage and keep track of privileged accounts, organizations need to invest in a PAM solution. PAM refers to securing and managing accounts with access to highly sensitive systems and data. These privileged accounts can range from local administrator accounts to non-human service accounts to privileged user accounts. With a PAM solution, organizations can implement least privilege access since they have full visibility into their entire data infrastructure and how much access users have to sensitive data. They can determine who can access privileged accounts and how much access each user should have. PAM solutions help prevent privileged accounts from being misused by insider threats and compromised by threat actors.

Enforce MFA

Multi-Factor Authentication (MFA) is a security protocol that requires additional authentication. To access a privileged account protected by MFA, authorized users must provide the login credentials to the account and an extra form of verification. Organizations need to enforce MFA on all privileged accounts to add an extra layer of security and ensure that only authorized users can access them. Even if the login credentials to the privileged account were compromised, cybercriminals could not access the account because it’s protected by MFA and they cannot provide additional authentication.

Automatically rotate credentials for privileged accounts

Password rotation is a cybersecurity practice in which passwords are regularly changed on a predetermined schedule. Organizations should use automated password rotation to protect privileged accounts from unauthorized access. Since privileged accounts provide access to sensitive information, organizations need to regularly change their passwords for these accounts. This locks out users who do not need access to the accounts anymore and prevents cybercriminals from cracking the passwords. Using automated password rotation ensures that privileged accounts are protected with strong and unique passwords after every rotation.

Segment networks

Network segmentation divides and isolates parts of an organization’s network to control access to sensitive information. These segments are divided based on the type of sensitive information stored and the users who need access. Segmentation limits access to the entire network and only allows users to access resources within their respective segments. It helps prevent cybercriminals who have gained unauthorized access to an organization’s network from moving laterally across the network because the cybercriminal is limited to only the network segment they accessed. To provide better security to their network, organizations can create micro-segments which are isolated parts of the network within a segmented network.

Regularly audit network privileges

Organizations need to regularly audit network privileges to ensure the right users have the necessary access they need to do their jobs and remove any users who do not need access to specific resources anymore. Regularly auditing network privileges and access prevents privilege creep, which is when users have accumulated higher levels of access than they need. It helps prevent misuse by potential insider threats and unauthorized access by cybercriminals.

Use Keeper® To Implement the Principle of Least Privilege

The best way to implement the principle of least privilege is with a PAM solution. With a PAM solution, organizations can see who has access to their network and limit user access to sensitive data. They can secure privileged accounts by ensuring employees are protecting them with strong and unique passwords and MFA.

KeeperPAM™ is a privileged access management solution that helps simplify privilege management by combining Keeper Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM) into one, unified solution. With KeeperPAM, organizations can achieve complete visibility, security and control over every privileged user on every device.

Source: Keeper

Some of the benefits of using passphrases are that they’re easy to remember, difficult for cybercriminals to crack and they’re considered to be more secure than traditional passwords because of poor password habits. Some of the disadvantages of using passphrases are that some websites and apps may have low character limits, it’s impossible to remember passphrases for every single one of your accounts and they’re still vulnerable to being exposed in public data breaches.

Continue reading to learn more about passphrases and when you should use them to secure your online accounts and apps.

What Is a Passphrase?

A passphrase is a type of password that is created using a random combination of uncommonly used words. Since passphrases are created using words, they are generally longer, easier to remember and are considered to be more secure than using traditional passwords. Traditional passwords are often weak and are reused across multiple accounts because it’s difficult for individuals to remember multiple strong passwords.

While passphrases are considered to be more secure, there are still rules users should take into account when creating strong passphrases. A strong passphrase should have the following characteristics.

The Benefits of Using a Passphrase

Here are three benefits to using passphrases over traditional passwords.

Easy to remember

Because passphrases are made up of different words, they’re typically easier for users to remember, especially when you compare them to traditional passwords. For a traditional password to be strong, it has to be made of a variety of characters and be at least 16 characters long. A long, complex password isn’t as easy to remember as a long passphrase that contains a mix of characters.

Difficult for cybercriminals to crack or guess

The longer a passphrase is, the longer it takes for cybercriminals to guess or crack it. This is due to its password entropy. Password entropy is a mathematical equation that is used to determine whether it would be easy or hard for a cybercriminal to crack a password. Password entropy takes into account the variation of character length used in the password. Because passphrases are longer due to multiple words, their password entropy is greater, meaning they’re more difficult for cybercriminals to crack.

More secure than traditional passwords 

As mentioned above, when creating traditional passwords, many people resort to using weak passwords because they want to be able to remember them for multiple accounts. This often leads to password reuse, which places multiple accounts at risk of being compromised if a cybercriminal cracks just a single password that’s being reused. Using passphrases as passwords removes this risk since they’re both strong and easy for users to remember.

The Disadvantages of Using a Passphrase

Here are three primary disadvantages to using passphrases.

Some websites and applications have low character limits

The longer a passphrase is, the more secure it’s considered to be. However, using passphrases may not be possible on some websites and applications that have low character limits. This means users should instead use traditional strong passwords on these websites and apps to ensure that the password they’re creating cannot be easily guessed or cracked by cybercriminals. We suggest using a password generator to help you create these strong passwords.

You can’t remember passphrases for every single account

While passphrases are easier to remember than long, complex passwords, you won’t be able to remember them for every single account. The average person has 100 accounts, ranging from bank accounts to social media accounts, so even if you choose to use passphrases to protect every single one of them, it’ll be impossible to remember 100 passphrases on your own.

Still vulnerable to data breaches

While passwords – like passphrases – are meant to secure your online accounts from unauthorized access, they’re still vulnerable to data breaches. This is especially true for users who fail to also enable Multi-Factor Authentication (MFA) on their accounts. MFA adds an extra layer of security to your online accounts by requiring that a user verify who they are before being able to access their account. The more MFA methods enabled on an account, the more secure that account will be.

When public data breaches occur, whether or not a user’s password is strong doesn’t matter – all that matters is how that organization protects user information, which includes their credentials. If a user’s credentials aren’t secured, then their password is vulnerable to being exposed in a data breach.

When To Use a Passphrase

Passphrases are great to use in any instance where you only need to create passwords for a small number of accounts. The more accounts you use a passphrase on, the more passphrases you’ll have to rely on yourself to remember. Many people choose to use passphrases when creating a master password for an account, such as a password manager.

Password managers are tools that aid users in creating, managing and securely storing their sensitive data, such as the logins to their online accounts, credit card details and sensitive files. Password managers remove the need for users to remember multiple passwords and instead, users only have to create and remember one master password. This password should be both strong and easy for the user to remember, so it’s the perfect instance to use a strong passphrase.

Passphrases Are Easy To Remember and Secure

Passphrases are a great way to create passwords that are both strong and easy to remember. However, even though you’ll be able to remember one or two passphrases easily, it’ll be impossible to remember a passphrase for every single one of your accounts. A password manager like Keeper® can help. Keeper helps users create, store and manage the logins for every one of their accounts. Keeper also stores Two-Factor Authentication (2FA) codes, to make securing accounts with MFA a lot easier.

Ready to see how Keeper Password Manager can help you secure your online accounts? Start a free 30-day trial today.

Source: Keeper

Organizations using Veeam Backup and Replication can now strengthen their defenses against ransomware with Sophos MDR and Sophos XDR. Read on to learn how Sophos’ new integration with Veeam delivers better visibility to detect and stop threats targeting backup data.

Backup and recovery are integral parts of a holistic cybersecurity strategy. Adversaries attempt to tamper with backup solutions to prevent recovery from ransomware attacks – early detection of this malicious activity is critical.

Sophos’ new integration with Veeam seamlessly exchanges security information when a threat emerges, extending visibility to help detect, investigate, and respond to active attacks.

This powerful new partnership provides peace of mind that backup data is always available and protected, enabling organizations to detect threats, investigate suspicious activity, and ultimately recover data quickly.

With Sophos and Veeam, organizations can ensure the integrity and availability of backups, reducing the risk of data loss due to malware, accidental deletion, internal security threats, and other data loss scenarios.

• The Sophos MDR service provides 24/7 security monitoring, filters out redundant alerts, and investigates threats to Veeam environments, like attempts to delete backup repositories, disable multi-factor authentication, delete encryption passwords, and more.
  
• Organizations using the Sophos XDR solution for in-house investigation and response can also integrate Veeam telemetry to identify potentially malicious activity, combined with threat detections from other sources in a single unified platform and console.

The strongest protection against ransomware attacks

The Sophos XDR solution and the Sophos MDR service include industry-leading CryptoGuard technology that universally detects and stops ransomware before it impacts customers’ systems, including new variants and local and remote encryption.

Sophos’ superior prevention, detection, and response capabilities, combined with immutable backups and versioning provided by Veeam, ensure backup data remains secure and recoverable.

Elevate your defenses with Sophos’ new Veeam integration

The new Veeam integration is now available as an add-on for Sophos MDR and Sophos XDR subscriptions via a new “Backup and Recovery” Integration Pack license.

To learn more and explore how Sophos MDR and Sophos XDR can help your organization better defend against active adversaries, including attacks that target your backup repositories, speak with a Sophos adviser or your Sophos partner.

Already a Sophos MDR or Sophos XDR customer? Activate the Veeam integration in your Sophos Central console today.

Source: Sophos

The IDC MarketScape study evaluates endpoint security vendors’ prevention, EDR, and MDR capabilities and business strategies.

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment.

This IDC MarketScape evaluates vendors based on how their endpoint prevention, EDR, and MDR capabilities meet the needs of organizations with 100 – 2,499 employees.

According to the IDC MarketScape evaluation, “Sophos should be a strong consideration for midsize businesses seeking to reduce their number of core security vendors without sacrificing security efficacy”. Read the excerpt

“With their professional and managed security services, expanded product set, and ability to integrate with existing security investments, it’s clear that Sophos understands the needs and challenges of a midsize business,” said Michael Suby, research vice president, Security & Trust, IDC. “Sophos’s comprehensive approach from prevention through recovery places Sophos on the shortlist of midsize businesses looking for an established and effective partner for security.”

Protection-first approach

We believe our continued focus on preventative security is a key contributor to Sophos’ position as a Leader in this evaluation. It provides a robust foundation for the Sophos XDR solution and the Sophos MDR service. Sophos delivers strong threat protection to significantly reduce the detection and response workload for IT admins and security analysts​.

The IDC MarketScape notes, “Sophos recently added several new capabilities: adaptive attack protection, critical attack warning, and data protection and recovery. Adaptive attack protection, introduced in early 2023, is a demonstration of Sophos’ means to disrupt hands-on-keyboard attackers while minimizing potential disruption to legitimate operations.”

The report also notes, “Sophos includes an expansive set of protection technologies (host-based firewall and IDS/IPS, device control, DLP, and encryption) as standard features in its endpoint security offering.”

Extensive and compatible security platform and ecosystem

The Sophos security platform combines an expansive portfolio of products and managed security services with compatibility with an extensive suite of third-party solutions. Organizations can detect and respond to threats using a single unified platform, leveraging the technology they need from Sophos or connecting their existing cybersecurity technologies.

“For the many midsize businesses and VARs serving midsized business that are struggling with SecOps staffing and maturity, Sophos offers the means to overcome this challenge without forcing a full vendor swap.”

We continue to expand and diversify strategic and technology partnerships to enable organizations to reduce cyber risk further. Recognizing this approach, the IDC MarketScape refers to our expanded partnerships with cyber insurance providers, helping midsize businesses address potential challenges in seeking insurance coverage.

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Midsize Businesses, read the excerpt here.

Additional Sophos customer and analyst validation

Sophos’ recognition as a Leader in this IDC MarketScape comes on the heels of multiple customer endorsements and third-party validations, including: ​

• Sophos named a Leader in the Gartner MQ for EPP for the 14th consecutive report​
• Sophos named a Leader for Endpoint Protection, EDR, XDR, Firewall, and MDR in G2’s Winter 2024 (December 2023) Reports​
• Sophos earning a 100% Total Protection score in SE Labs’ Q4 2023 Enterprise Endpoint Security and Small Business tests​
• Sophos named Gartner Customers’ Choice for EPP for the second consecutive year​
• Sophos named Gartner Customers’ Choice for MDR in Gartner’s first-ever report in the segment​

Source: Sophos