News
Reports of cyberattacks continue to plague the news, from attacks on airport computer systems, to increased phishing scams around the holidays, to new ransomware groups entering the landscape at greater attack volumes. The increase of attacks, both in volume and severity, means your company needs the utmost protection – a single program or system simply won’t cut it anymore.
A layered approach to your cybersecurity can help you stop threats before they can become attacks.
Reason 1: Identify, Exploit, and Predict Security Weaknesses and Their Impact
By layering different cybersecurity products, you are getting a robust program while taking an offensive cybersecurity approach, rather than a reactive approach. By putting defenses and security operations to the test with a full attack simulation, you see the whole picture at one time. You’ll see where vulnerabilities lie, prioritize remediation, undercover potential post-attack scenarios and costs, test your employees to see who is susceptible to falling victim to a threat, and more. Then, you can fix areas of weakness before threat actors can find them and potentially cost your company hundreds of thousands of dollars.
Reason 2: Allows You to Focus on Real Threats
With the information from your simulations and tests in hand, you can use the Common Vulnerabilities and Exposures database to discern which vulnerabilities pose a real threat and should be remediated first so damage from exploitation is minimized. If you’re not sure how to address the vulnerability, that’s ok! That’s what the database is for – you can coordinate efforts with IT and cybersecurity professionals to ensure vulnerabilities are addressed properly.
Cut through the clutter and allocate resources efficiently and effectively. This is immensely important for companies with a small or limited IT team – don’t waste time nd money on low-risk threats when your resources could be better utilized on high-risk gaps.
Reason 3: Streamline and Centralize Your Vendors and Processes
The last thing you need to be doing is managing multiple vendors and processes. Why have one program for network scanning, one for penetration testing, and one for threat emulation when you could have them all together?
Consolidate your vendors by finding one who offers multiple solutions under their umbrella so you get a layered, offensive cybersecurity solution and seamlessly transition between products and features to get a full view of what’s going on in your network. Consolidation also allows you to reduce console fatigue by having everything in one place with solutions that are integrated and operating properly, helps ensure regulatory compliance and creates reports for security auditors.
Look for a vendor who will act as an extension of your team, with a dedicated account representative who empowers you and listens to you. You want a partner who continually innovates, introducing new features, benefits, updates and products as part of their commitment to delivering the best in cybersecurity protection.
Your Answer to a Layered, Offensive Cybersecurity Solution
At Digital Defense, we offer our Frontline VM, Core Impact, and Cobalt Strike products in one bundle. With the “Elite Bundle”, networks are scanned, vulnerabilities are prioritized, areas of potential exploitation are identified, and defense and security operations are tested with a full-attack simulation so you can stay one step ahead of threat actors.
Don’t risk your network becoming inaccessible due to an attacker’s overtake. Don’t risk your company’s trustworthiness and reputation being reduced thanks to an attacker spoofing your domain or brand name. Contact us to learn more or get started with your layered approach to offensive cybersecurity.
Source: Fortra
Financial institutions sit on a goldmine of sensitive data: corporate financial data, customer data, credit card data, and more. Digital innovations, complex IT processes, accelerated cloud adoption, remote workforces, and a growing reliance on third-party vendors contribute to a challenging risk landscape in banking and financial services. This has resulted in widened attack surfaces and vulnerable networks that are prone to security breaches.
In fact, a 2022 Sophos survey of 444 IT professionals working in the financial services sector revealed that 55% of organizations were hit by ransomware in 2021 – a 62% increase over the previous year.
And it’s not just ransomware. The overall IT environment in financial services has become even more challenging: 55% of organizations reported an increase in attack volume over the last year, 64% reported an increase in attack complexity, and 55% reported an increase in the impact of attacks.
A lot is at stake if the network security or data held by banking and financial services organizations is compromised. Oftentimes, an entire country’s economy can be impacted when a large bank or financial system is involved. Therefore, it becomes critical that access to financial resources is heavily guarded and access privileges are provided to users only as needed to carry out their roles and responsibilities.
A typical enterprise cybersecurity model relies on perimeter-based security. Once authenticated, a user can move laterally and access a broad range of resources within the network, regardless of their role and need for access. This can become a serious vulnerability if the user account is compromised: attackers get free access to financial data repositories and system apps. However, continual authentication and assessment of user identity, device health, and access policies can ensure more effective protection against security breaches in financial institutions.
ZTNA – or zero trust network access – is a game-changer for the financial services sector. It secures remote and hybrid workers, sensitive financial data, and networks and applications by constantly verifying user identity, device health, and access policies before granting access to network resources.
ZTNA eliminates vulnerable VPN clients, integrates device health, and allows granular access to resources defined by policies to give remote workers secure and seamless access to specific applications and data. Remote and external users and their devices are no longer implicitly trusted: they and their devices must earn trust constantly.
ZTNA policy can prevent a compromised device from connecting to applications and data, effectively preventing lateral movement and attacks like ransomware from getting a foothold on banking and financial services networks.
With Sophos ZTNA, you get the added benefit of a single-agent, single-console, single-vendor solution for both ZTNA and your next-gen endpoint protection. Sophos ZTNA uniquely integrates with Sophos Intercept X to constantly share status and health information with each other to automatically isolate compromised systems and prevent threats from moving or stealing data.
Sophos ZTNA removes implicit trust in your financial institution’s applications, users, and devices and allows segmented access to your systems and resources to just those who need it. Learn more at Sophos.com/ZTNA.
Source: Sophos
Datto, a Kaseya company, and a leading global provider of security and cloud-based software solutions purpose-built for managed service providers (MSPs), today released its 2023 State of Ransomware report, which surveyed nearly 3,000 IT professionals in small to medium-sized businesses across eight countries (the United States, Canada, the United Kingdom, Germany, the Netherlands, Australia, New Zealand, and Singapore). The report shows that SMBs are aware of increasing cyber threats and allocating resources and investing in areas such as network and cloud security.
Key takeaways from this year’s survey include:
- About a fifth of IT budget is dedicated to security and many are seeing increases in budgets. 47% of SMBs plan to invest in network security in the next year.
- Over 50% of SMBs have implemented AV and email/spam protection, with network and cloud security as the top areas planned for investment in the next year.
- 37% of respondents run IT security vulnerability assessments three or more times a year, with 62% running them at least twice a year.
- 69% of SMBs currently have cyber insurance and 34% of those without cyber insurance are highly likely to get it in the next year.
- 42% of SMBs with cyber insurance think it’s extremely likely that a ransomware attack will happen in the next year, while only 16% of SMBs without cyber insurance think the same.
“We’re seeing many businesses take more steps to protect themselves against threat actors,” said Chris McKie, VP of Product Marketing for Security and Networking Solutions. “Whether they’re investing in new security products or utilizing multiple security frameworks, most SMBs realize the very real threat that ransomware poses for their business, and they’re doing what they can to keep themselves safe.”
Only 3 in 10 of SMBs have a best-in-class recovery plan in place, with 52% of them claiming they have a standard recovery plan in place. MSPs can help their clients improve their disaster recovery plan by building out their security and backup offerings or requiring clients to have cyber insurance. Cyber insurance can offset the risks of potential breaches, something which became increasingly more important when many SMBs accelerated their digital transformation efforts during the COVID-19 pandemic.
Additional insightful findings:
- Rather be phishing. Compared to ransomware, respondents think phishing is more likely to occur in the next year. Many think this is the better alternative, as they believe its impact is lower than the impact of ransomware.
- Getting insured. Organizations with cyber insurance are more actively engaged in their cybersecurity. They have more IT support, more cybersecurity frameworks (CSFs), and more security solutions. They’re also more likely to have experienced a cyber security incident in the past.
- The right frame of mind. CIS framework is the most used cybersecurity framework, with 34% of respondents utilizing it. This is followed by CMMC (30%), COBIT (27%), and NIST (22%).
For the past seven years, Datto has surveyed IT professionals worldwide to gain insight into industry trends so that knowledge can then be shared with the IT community to better understand and service customers.
Click here to download the full report 2023 State of Ransomware report.
Source: Datto
We are excited to share that Sophos Intercept X Advanced with XDR has been named the top-ranked and sole leader in the Omdia Universe report for comprehensive extended detection and response (XDR) solutions.
The global research company ranked Sophos the highest in nearly all capabilities categories – excelling above competitive offerings with industry-best threat response, deployment, management, pricing, and licensing – with Sophos Intercept X Advanced with XDR delivering “a dominant showing in Threat Response and Resolution, an area in which other solutions were underwhelming.”
According to Omdia’s analysis in the report, Sophos should appear on organizations’ shortlist if they are in search of:
- An enterprise-grade solution with intuitive usability across the board
- Superior threat remediation with automated response actions for common scenarios
- Straightforward pricing and licensing, plus support from Sophos and its partners
Eric Parizo, Managing Principal Analyst, Omdia, commented “Omdia believes that the best Comprehensive XDR solutions deliver a fundamentally different approach to threat detection, investigation and response (TDIR) – one that’s faster, easier, more automated, and ultimately more effective. With this criteria in mind, it should be no surprise that Sophos Intercept X Advanced with XDR is the overall top ranked solution in the 2022-23 Comprehensive XDR Omdia Universe.”
Read the full report here.
Faster, more accurate detection and response
Sophos Intercept X with XDR combines powerful protection capabilities, including anti-ransomware technology, deep learning artificial intelligence, exploit prevention, and active adversary mitigations to stop attacks, with our best-in-class XDR tool for faster, more accurate detection and response.
Reduce time to detect and investigate
Sophos XDR lets you instantly get the information that matters via an extensive library of pre-written, customizable templates covering many different threat hunting and IT operations scenarios – or write your own. You have access to live device data, up to 90 days of on-disk data, 30 days of data stored in the Sophos Data Lake cloud repository, and an automatically generated list of suspicious items so you know exactly where to start.
Accelerate response
With AI-prioritized risk scores for each detection that leverage threat intelligence from Sophos X-Ops, Sophos XDR make it easy to identify the issues that need immediate attention. Detections include crucial information such as time and description of detection, process name, and hash, and you can easily enrich data by looking up a hash on VirusTotal, the reputation of an IP address on SANS, or by creating your own enrichments with any web service.
Armed with the information you need, Sophos XDR enables you respond quickly, even if the impacted device isn’t physically present. You can remotely access devices to perform further investigation, install and uninstall software, or remediate any additional issues via the cloud-based Sophos Central platform.
Coming soon: vendor agnostic telemetry integration
We recently added the ability to integrate vendor agnostic telemetry from third-party security technologies into Sophos Managed Detection and Response (MDR), providing unprecedented visibility and detection across diverse operating environments. The same vendor agnostic telemetry integrations will be available in Sophos XDR in 2023, further enhancing detection and response and enabling customers to increase return on their existing security investments.
Get started with Sophos XDR
To take Sophos XDR for a test drive, simply activate a free trial today. Organizations already using the Sophos Central platform can switch on Sophos XDR in just a couple of clicks directly from the Free Trials section of their management console. If you’re new to Sophos, start a free trial of Sophos Intercept X with XDR to explore both our protection and XDR capabilities.
24/7 managed detection and response using Sophos XDR
Sophos XDR underpins Sophos MDR, the world’s most popular MDR solution. If you’re looking for all the benefit of XDR combined with a 24/7 human-led threat detection, investigation, and response service delivered over 500 expert analysts, take a look at Sophos MDR. To learn more and discuss the best option for your organization, speak with our security advisers today.
Source: Sophos
In 2022, geopolitical unrest and an expanding online attack surface contributed to the emergence of several themes across the cyber landscape. Infrastructures associated with opposing ideologies were highly targeted, with government agencies, supply chains, and IOT devices falling victim to high-profile campaigns. Cybercriminals launched increasingly advanced attacks on vulnerable entities, with DDoS, ransomware, and hacking for a cause all consistently making headlines. And governments around the world began responding with laws and regulations to combat the escalating threats associated with cyberattacks on organizations big and small.
Looking ahead to 2023, Fortra’s security experts anticipate new cyber challenges will emerge, and in return, organizations and authorities will work together to better strengthen their security posture and response to threats. Below is a look at what our cybersecurity experts predict for 2023.
Hacktivism and Geopolitics
The conflict in Ukraine and impending recession are two examples of factors that drove an uptick in emotionally-driven cybercrime and recruitment in 2022. Experts believe that scams associated with current events, such as political instability and war, will continue to trigger emotional responses from bad actors, with government agencies and businesses as prime targets.
The economic downturn will cause negative impacts to the cybercommunity, as history dictates an increase in cybercrime during recessions. Security teams should be on the lookout for scams masquerading as government assistance programs and job recruitment as attackers look to take advantage of job seekers or those otherwise dealing with difficult circumstances. The consequences of online attacks during the recession could be exacerbated if cybersecurity operations experience cuts in an effort to curb costs.
These spending shifts may make it easier for threat actors to recruit insiders as a point of access to company networks. This method of compromising systems will increase as actors opt to pay disgruntled employees for credentials rather than penetrate a network on their own. Additionally, as data is shared more broadly across applications, the implications around who can access that data will become more and more a question of security at organizational and geopolitical levels.
Expanded operational information sharing between private and public entities will become more commonplace as security teams acknowledge the need for broader visibility into situations across the globe and how they may affect their organizations. Attack responses will mature as a result.
Expanded Attack Targets
In 2023, the attack surface will continue to expand for both public and private companies, and daily probings will represent the norm as criminals use tools to scan the internet for vulnerabilities in operational systems and IoT devices. Implementing only one layer of security controls to combat compromise will fail to be sufficient.
Security teams should expect to see phishing emails increase in volume and variety in 2023. Ransomware and malware will remain a consistent threat, and response-based campaigns that fail to flag indicator-based security controls such as BEC and spear phishing will increasingly make it into user inboxes. These attacks prove difficult to detect as they lack links and attachments, instead relying on correspondence-based calls-to-action to make it into user inboxes.
Identity deception will become a significant threat in the new year. Attackers are targeting businesses on external channels such as social media, SMS, and search engines, with criminals leaning heavily on impersonation as a tactic. Threat actors will also embrace Artificial Intelligence to enhance campaigns and determine targets. On a positive note, these unconventional attack methods will encourage the formation of cyber allies across entities to share critical information and tools that will aid in the detection of attacks.
Multi-factor authentication (MFA) will also be the target of increased exploits. Attackers will work to compromise integrity through techniques like verification-grabbing malware and SIM swapping. Organizations should consider implementing passwordless authentication to complement MFA.
Improved Attack Responses
In 2023, attack responses will be improved upon through better controls and progress toward zero trust. Organizations will move past basic controls implemented during the COVID-driven rush to digital transformation and invest time in securing data assets that need the most protection.
Sharing avenues will continue to open between organizations, and knowledge and controls over who has access to data will be prioritized through MFA, monitoring, zero trust, and encryption.
Ongoing training that is engaging and relevant will be critical to helping users identify attacks based on real world incidents and that comply with an organization’s policies.
Threat actors will continue to go after the lowest hanging fruit and target vulnerable entities within the supply chain, investing in mid-sized organizations less equipped from a security standpoint, including credit unions, insurance, and healthcare organizations. As a result, evaluations and audits of supply chains will increase. There will also be a magnifying glass on the vendor base and what is being done with the data provided to them. The expectations placed on vendors will only grow, as they will be expected to solve for multiple use cases.
Laws and Regulations
In 2023, we can expect more cross-government and cross-nation collaborations as cybersecurity is seen as a priority. At a non-federal level, the first round of grants for the $1 billion in FEMA and CISA BIL funding will be available for state, local, and territorial governments to help understand and mitigate infrastructure risks.
More laws and guidance are expected from a federal level, spanning topics from data privacy to ransomware payments, as CISA and the DOD engage in long-term strategic planning. The FTC just announced a new rule addressing the impersonation of government and businesses, which will help with the reporting and removal of offending websites, domains, advertisements, and more in the new year. In Europe, lawmakers will continue to iron out kinks in the General Data Protection Regulation (GDPR) to support smooth data transfer out of the EU.
According to Gartner, three quarters of the world’s population will be under privacy regulations in 2023. From a business perspective, increased presence in the digital space will likely lead to more violations as organizations struggle to navigate compliance and privacy regulations.
Cyber Insurance
Cyber insurance will become a priority for businesses in 2023, as a growing number of customers expect organizations to be policyholders. That being said, market correction due to increased premiums and justification of spend will likely take place, with organizations requiring more from providers.
The increased likelihood of a cyber attack on businesses in 2023 will also contribute to complicated pre-audits and renewal processes, as well as more disputes and reduced payouts. Insurers will continue to implement a growing number of controls on the companies before providing coverage, to make sure customers comply with standards set.
The tactics, techniques, and procedures of cybercriminals will become more differentiated in 2023, as attackers lean toward the end goal of either profit or outcome of a specific cause. These elements will require security teams to continuously examine world events through a broad lens and prepare for how activity might affect their company. As these threats persist, organizations should prioritize cyber security initiatives that will promote better standards and increased awareness of threats. Security teams should also establish more proactive means of securing systems through early detection of vulnerabilities, visibility across relevant channels, and broad controls.
Source: Fortra
More organizations trust Sophos for managed detection and response (MDR) than any other vendor, and we’re also the highest user-rated MDR solution.
G2, a leading customer review site for cybersecurity solutions, has named Sophos the top overall MDR solution in their Winter 2023 Report, rating us above 10 other leading vendors.
Specifically, Sophos MDR is the #1 rated solution in the following categories:
- Overall MDR Grid
- Mid-Market Grid
- Momentum Index
- Usability Index
- Implementation Index
Hear what a few Sophos MDR customers have to say about our service:
- “We get an extended team that not only monitors the security logs but also proactively does threat hunting and helps us protect our network against vulnerabilities.”
- “In general, the cyber-security suite performs well against continuous threats to our organization and offers us a centralized overview of this data in a highly efficient manner.”
- “Sophos MDR takes over the first level of threat hunting and response responsibility so our team can focus on our work”
Good cyber defense isn’t just about technology. The skills gap in cybersecurity continues to grow at an alarming rate, and many organizations are simply unable to stay ahead of well-organized, innovative, and increasingly industrialized adversaries.
With Sophos MDR, customers benefit from a 24/7 fully managed security operations service delivered by experts who specialize in detecting and responding to cyberattacks that technology alone can’t stop. Sophos is the first and only endpoint security provider to integrate both native and vendor-agnostic telemetry from third-party tools, accelerating threat detection, investigation, and response and enabling customers to increase return on their existing security investments.
In addition to our G2 recognition, we’ve been honored recently with further industry recognition for our innovation and delivery of superior cybersecurity outcomes. Sophos MDR successfully reported malicious activity across all 10 MITRE ATT&CK® steps in the inaugural MITRE Engenuity ATT&CK® Evaluation for security service providers. Plus, Sophos MDR was recognized as providing the Best Cyber Managed Threat Response for U.S. government organizations by American Security. To be recognized both by customers and analysts is tremendous validation of the superior cybersecurity outcomes we deliver to our customers around the globe.
We owe a huge thank you to our customers for their trust and commitment in selecting Sophos as their cybersecurity services partner. We don’t take this praise lightly and will continue to innovate relentlessly to adapt to any new threats the New Year brings.
Get started today
Sophos MDR is taking the market by storm. More than 13,000 organizations already rely on Sophos for 24/7 threat detection, investigation, and response, making it the world’s most trusted MDR service. Visit our website to learn more about both our service and third-party integrations and arrange a call with a Sophos security advisor.
Source: Sophos
While the shift from paper copies to digital storage has enabled organizations to increase efficiency in countless ways, bad actors have also launched countless attacks to steal private information. In order to protect this valuable data, many industries now have cybersecurity regulations. HIPAA has been expanded for healthcare and NERC applies to the utilities and energy sector, and higher education institutions must adhere to HEOA, to name a few. With so many new or expanded regulations—from SOX to the GDPR to the CMMC, cybersecurity teams have the added task of maintaining compliance, often with no new headcount to help with additional work.
For instance, many of these regulations either imply or specifically require pen testing as a way to evaluate an organization’s security posture and adherence. Requirement 11.3 of the Payment Card Industry Data Security Standard (PCI DSS), for example, states that a comprehensive pen testing program must be implemented.
It’s no surprise that, according to the 2020 Pen Testing Report, 67% of the cybersecurity professionals surveyed reported that compliance was the primary reason that they performed pen tests. Why is pen testing a key component of compliance initiatives, and what is the best strategy for meeting this requirement?
Why is Pen Testing So Crucial for Compliance?
By exploiting an organization’s infrastructure, pen testing can demonstrate exactly how an attacker could gain access to sensitive data. As attack strategies grow and evolve, periodic mandated testing makes certain that organizations can stay one step ahead by uncovering and fixing security weaknesses before they can be exploited. Additionally, for auditors, these tests can also verify that other mandated security measures are in place or working properly.
Meeting Basic Compliance Needs with Pen Testing Tools
Many falsely assume that in order to meet compliance needs, third-party testing is required. However, this typically is not the case. In fact, PCI DSS, which has some of the most explicit requirements for pen testing, doesn’t state that a third-party test is necessary.
Some organizations find that many aspects of compliance testing are straightforward and even repetitive. A pen testing tool like Core Impact provides an easy to follow and established automated framework that can support these types of tests as it doesn’t require extensive pen testing experience.
For example, one of the external tests listed in PCI DSS Requirement 11.3 are web application layer pen tests, which are needed to identify weaknesses like SQL injection or cross-site scripting (XSS). Core Impact’s automated One-Step WebApps Vulnerability Test identifies these weaknesses, as well as others like broken authentication, broken access control, and security misconfigurations. Additionally, Core Impact’s intuitive wizards and automation capabilities help testers gather information, execute attacks, escalate privileges, and more.
Some organizations find third-party services ideal for determining compliance needs and obtaining strategic support with initial tests. They then use pen testing tools to maintain compliance. For example, PCI DSS states that any vulnerabilities identified during testing must be fixed, and that a follow-up test is required to verify that they have been resolved. A third-party may conduct the initial testing, and then a security team member could deploy an automated test to validate these remediation efforts.
Finding the Right Third Party for Complex Testing
By using an automated tool for basic compliance tests, a third-party service can be utilized for more complex needs. For instance, PCI DSS and most other regulations require testing to take place after a major change to the operation environment. This may involve a test with multiple attack chains or other sophisticated tests to ensure that such changes didn’t cause new security weaknesses.
However, this requires an organization to be more discerning of the third-party they choose. Many firms focus on running simple tests with a wide scope—all of which can be handled by a security team using a tool like Core Impact. It’s important to find a service with experts that tailor their tests for your needs and goals so you can get the most value out of a third-party service.
The Future of Pen Testing and Compliance
As time goes on, it is likely that more regulations will be put into place—the GDPR, CCPA, and the CMMC have all been enacted in the last three years. With so many requirements to meet, it’s easy to start to see compliance as boxes to be checked. But by using your resources wisely—streamlining the routine with automation, and using expert services for more unique, complex issues—you can use compliance initiatives as an opportunity to advance your security posture to the next level.
See what Core Impact can do
Assess and testisecurity vulnerabilities throughout your organization with the most comprehensive penetration testing software.
GET A DEMO
GET THE GUIDE
Facebook. Twitter. Instagram. LinkedIn. YouTube. Pinterest. Mastodon. The list goes on. Whether you love or loathe social media, these platforms have become integral to how we communicate as individuals and businesses. Cybercriminals have also taken note, embracing these communication channels wholeheartedly to reach vast audiences quickly, anonymously, and cheaply, successfully defrauding targets of all stripes.
The stats aren’t pretty: According to the August 2022 Quarterly Threat Trends & Intelligence Report from Fortra’s PhishLabs and Agari, attacks per target increased 102% from Q2 2021 to Q2 2022. No industry is immune, but those in financial services continue to suffer the most extensive abuse with more than 68% of the attacks in Q2 2022 alone.
Social Media Platforms Are Hotbeds for Fraud
Threat actors range from amateur script kiddies flexing their skills to state-sponsored cybercrime outfits that constantly test and evolve their latest scams, optimizing techniques to achieve bigger cash-outs and evade takedown. Scammers excel at using social media to defraud victims with crafty and aggressive campaigns that can be difficult to spot, much less counteract and prosecute.
Social media and email account creation is simple and anonymous, and most people innately trust posts they believe to be coming from household names and institutions. Security leaders in all sectors are wise to educate themselves and their organization’s employees on how to detect these threats and what to do if they’re a victim of attack.
Common Social Media Threats
Companies that fall prey to scammers risk financial and data loss, reputational harm, erosion of employee and customer trust, and general business disruption. Below are three threat types to be aware of:
Impersonation
Threat actors work hard to spoof company brands and their employees. Executives in particular are popular targets as organizations increasingly encourage their leaders to establish a regular presence on platforms such as LinkedIn and Twitter. Scammers can easily access high-quality logos, imagery, and messaging online to emulate well-known companies and industry execs in a way that looks legitimate and encourages interaction.
Counterfeit Campaigns
With this type of brand abuse, threat actors create believable posts designed to lure victims to sham websites they control. Counterfeit campaign ads may entice shoppers to purchase discounted goods that will never arrive or get people to enter login credentials that criminals then capture on the back end. Oftentimes, when the social media platform or other authority investigates reported abuse, they find the ads have been modified to look generic.
Steganography
Photos and images are critical to the success of many social media campaigns and posts. Unfortunately, many can be harmful when clicked as they’re actually crawling with malicious code. Steganography is the practice of embedding messages, images, or files inside other messages, images, or files, and it’s prevalent on social media. Photos can be altered, deep faked, or configured to deliver malware onto the computer of someone who clicks the post.
How to Spot and React to Social Media Scams
It can be difficult to recognize social media scams, and even harder to take down threat actors. This means security awareness training and related prevention tactics are key to your defense strategy.
1. Build Relationships With Popular Platforms
Establish relationships with the social media providers you leverage so you have a direct point of contact. This will greatly improve your chances of removing malicious content should you find it. Part of this effort is also making sure you have evidence of fraud to submit. Make sure you capture all relevant examples, as the social media platform will require solid proof in the form of links, screengrabs, and more.
2. Implement Employee Security Awareness Training
Knowledge truly is power when it comes to recognizing potentially dangerous social media attacks as employees are your first line of defense. It’s important to train team members to have a healthy level of suspicion and encourage them to tap into their intuition when something doesn’t seem quite right or look legitimate online.
As threats are constantly changing, look to solutions that keep up with the latest scams and give employees hands-on practice with identifying threats. Security awareness training from Fortra’s Terranova Security delivers inclusive interactive content that focuses on building a security mindset among employees so they know how to handle social media, phishing, and other everyday risks.
3. Protect Against Harmful Images
Part of your employee education program should include the potential dangers of images generated both inside and outside the organization. Incorporating document sanitization capabilities with Fortra’s Clearswift Secure Email Gateway(SEG) and Clearswift Secure Web Gateway (SWG) will enable you to cleanse images and reduce the risk of steganography in a way that doesn’t disrupt productivity.
Go in-depth on the social media threat landscape with this digital risk protection playbook, which gives tips on how to identify and mitigate the top risks to your organization.
Get the guide.
Source: Fortra
“Sophos stopped everything in our tests,” says SE Labs.
We’re delighted to share that Sophos Endpoint ranked as industry best in SE Labs’ protection tests in the fourth quarter of 2022, earning AAA ratings across the board.
In both the Enterprise and SMB categories, we achieved…
- 100% rating for Protection Accuracy
- 100% rating for Legitimate Accuracy
- 100% rating for Total Accuracy
Here are the links to the latest reports: Endpoint Security: Enterprise | Endpoint Security: Small Business
These results are a testament to the market-leading protection technologies in Sophos Endpoint that deliver superior cybersecurity outcomes for over 250,000 organizations around the world.
Commenting on the results, Simon Edwards, CEO of SE Labs, said:
“With its 100% accuracy, Sophos validated that its endpoint security works. Sophos stopped everything in our tests.”
SE Labs is one of the few security testers in the industry that simulates modern-day attack tools and the tactics, techniques, and procedures (TTPs) that cybercriminals and penetration testers are currently using in the real world.
These include malware, targeted threats, and later-stage defense capabilities like behavioral, memory, and anti-malware scan interface (AMSI) detections and protections against “impact on objectives” behavior, such as ransomware file encryption. Sophos consistently defeated all attacks with 100% accuracy.
Following the results, Simon Reed, Senior Vice President of SophosLabs, said:
“These SE Labs’ AAA awards solidify our leadership position as an endpoint provider and showcase our ability to stop complex attacks that use a variety of techniques, tools, and objectives.”
The need to simulate modern-day attacks
Reputable third-party testing is an important tool to help organizations make informed decisions about their technology stacks and security investments. However, as attacks increase in volume and complexity, meaningful results can only be achieved when the tests reflect the real-world realities organizations face today.
As Edwards explains:
“It is essential for organizations to be able to rely on credible, full attack chain tests that duplicate real-world scenarios. It is not only about throwing a wider range of attacks at the products, but each step of the attack must be realistic, too. You can’t just make up what you think attackers are doing and hope you’re right. This is why SE Labs tracks cybercriminal behaviors and builds tests based on how attackers try to compromise victims.”
Sophos Endpoint: world-leading protection against advanced threats
With decades of cyberthreat intelligence, Sophos designs endpoint protection for real-time defense against modern-day advanced attacks. With a focus on preventing attacks as early as possible, Sophos’ cybersecurity strategy is to deliver multiple layers of protection to defend the entire attack chain against the many different threat vectors that attackers use to escalate and carry out attacks.
These technologies lead to superior cybersecurity outcomes for our customers, as proven by third-party testing from world-class firms like SE Labs.
Test drive Sophos Endpoint for yourself
Sophos Endpoint secures more than a quarter of a million organizations worldwide from active adversaries, ransomware, phishing, malware, and more. Speak to our security advisers to discuss how we can help you, and take a test drive today.
Source: Sophos
Gartner forecast a $600 billion global market in 2022 for technology that powers hyperautomation. Without a doubt, hyperautomation has quickly moved from an industry buzzword to the way companies of all sizes approach automation.
Surveys from the technology research and consulting firm show that a majority of CEOs and two-thirds of boards of directors are demanding operational excellence and growth that hyperautomation strategies can help bring. Gartner estimates that 56% of companies have four-plus simultaneous hyperautomation initiatives, while leading companies have more than 10 concurrent projects running.
Like any emerging technology term, hyperautomation can have widely divergent meanings, depending on who’s using, buying, or selling hyperautomation products and services. This article will wade into the concept of hyperautomation, how it compares to other automation tools, and how it can transform business processes.
What is Hyperautomation?
One definition of hyperautomation is the disciplined use of automation tools to automate anything and everything that can possibly be automated. By automating manual, time-consuming, and complex processes, hyperautomation increases employee efficiency and productivity. Companies also benefit through the ability to scale and flex as automation needs grow and evolve.
Another definition combines robotic process automation with other automation tools to increase the range and sophistication of projects. For example, adding workload automation, intelligent document processing, processing mining, or other automation tools to RPA would equal hyperautomation.
Finally, hyperautomation can also mean a continual integration of automation in a discover/automate cycle or loop that repeats as a company works through its processes.
Hyperautomation vs RPA: How Do They Differ?
Consider RPA the foundation to automation, streamlining manual processes by performing rules-based, repetitive tasks quicker and more efficiently than humans can. RPA bots can communicate with other business applications much like a human, pulling or pushing structured data to other systems and applications as appropriate to help with automated report generation, web browser automation, and much more. RPA tools are used throughout organizations to boost productivity, reduce errors, create efficiencies, and more.
But to achieve hyperautomation, you’ll need more than just RPA in your toolkit. Those tools can include workload automation, artificial intelligence, secure file transfer, and many more. While RPA has countless uses throughout organizations, the addition of complementary tools can greatly extend the range of possible automation projects. Combining RPA with other products allows companies to automate even more processes and take on more complex projects.
Intelligent Automation vs Hyperautomation
While intelligent automation is a component of hyperautomation, not all hyperautomation configurations include intelligent tools. Intelligent automation allows you to tackle more sophisticated automation scenarios where judgment and decision-making are needed. An example of this is intelligent document processing, which leverages machine learning and artificial intelligence to capture and transform unstructured data, making it more useable across your organization. RPA can then use that data to populate forms, make calculations, interact with other systems, and perform other automation tasks.
In contrast, combining RPA with workload automation, for example, can be considered hyperautomation but does not have an intelligent aspect. Intelligent automation includes tools used in hyperautomation, while hyperautomation is a concept that uses multiple tools to automate as many processes as possible.
The Fortra Approach to Hyperautomation
Many automation vendors create a closed ecosystem, forcing customers to often use less-than-ideal tools that can add limitations and expense to automation efforts. Despite claims to the contrary, no single tool can provide a comprehensive, end-to-end hyperautomation experience.
Buyers have many options for automating work which gives them the ability to take a best-of-breed approach to hyperautomation—looking for the best tool, no matter the vendor. At Fortra, we make it easier for users to achieve hyperautomation with a portfolio of automation products that integrate seamlessly with other systems and applications to fit a multi-vendor tech stack.
You get the benefits of working with one vendor for many products, while maintaining the ability to use the best-of-breed approach if you find a better fit or already have an existing solution in place. Fortra’s automation solutions include Automate for robotic process automation, Automate Intelligent Capture for intelligent document processing, JAMS for workload automation, GoAnywhere for secure file transfer, and Webdocs Forms Management for secure forms.
No automation solution can handle every task and every scenario. That’s why companies should look beyond a one-size-fits-all approach and examine flexible, scalable solutions that let companies automate in a way that best suits their unique needs and meets digital transformation goals.
Explore the Value of Holistic, End-to-End Automation
Automation solutions from Fortra can help your business gain efficiencies and scale the number and complexity of automation products. Learn more about our holistic approach to enterprise IT automation.
Source: Fortra
It’s that time of year when people in many parts of the world are look forward to spending time with family, friends, and taking a bit of a break. However, it’s also when bad actors, and adversaries switch into high gear, looking to take advantage of the fact that many networks are less utilized and less scrutinized over the holiday period. Ransomware attacks, to give just one example, typically increase at this time of year.
With that in mind, here are some quick and easy best practices to better protect your network while you take some well-deserved time out.
1. Shut down unneeded systems
This is especially important for any systems that offer RDP access as it is often used by adversaries as an entry point or tool to move laterally within a network. The same advice applies to IoT devices. If they aren’t needed, shut them down for the holidays. If you really need to have some systems with RDP access enabled, double-check and then triple-check the security.
If you haven’t already, consider ZTNA to secure access to your RDP systems and other applications. In fact, the holidays maybe the ideal time to start a Sophos ZTNA free trial for you and your team. At the very least, make sure any RDP solutions are protected with multi-factor authentication to prevent brute-forced or stolen credentials from being a point of compromise.
2. Update firewall and network infrastructure firmware
If you have a Sophos Firewall, we recently released v19.5 which includes a number of security enhancements, performance improvements, and new features such as:
- Xstream FastPath TLS encrypted traffic inspection
- SD-WAN load balancing
- VPN performance improvements
- High Availability enhancements
- New Azure AD integration for secure login
- And much more!
Regardless of your preferred vendor, make sure your firewall and other network infrastructure such as VPN concentrators, switches, and other devices are all running the latest release as they often contain important fixes for known vulnerabilities.
3. Call on Sophos Rapid Response if you experience an attack
If you experience an emergency incident over the holidays (or anytime), you can engage our fixed fee Sophos Rapid Response service. Our team of expert incident responders will help you triage, contain, and eliminate active threats, and remove all traces of the attackers from your network. Whether it is an infection, compromise, or unauthorized access attempting to circumvent your security controls, we have seen and stopped it all. Sophos Rapid Response is available 24/7/365, including over the holiday period.
Download the network security best practices whitepaper
For our full list of network security best practices to protect your network from ransomware, download our new whitepaper. In the meantime, I wish you a happy – and secure – holiday season!
Source: Sophos
We are excited to share that Sophos has been named the best managed detection and response (MDR), endpoint, network, and anti-malware security provider for U.S. government organizations by American Security Today.
Sophos is a platinum winner in the 2022 ‘ASTORS’ Homeland Security Awards, which honor market leading solutions used by government agencies and entities, as well as businesses of all sizes across the United States.
The cybersecurity of our nation is at a critical inflection point amidst an escalation of ever-changing, complex cyberattacks, as evidenced in the Sophos 2023 Threat Report. Sophos is committed to helping federal agencies advance their cybersecurity defenses with both innovative solutions and human-led threat detection and response, and these latest recognitions are validation that Sophos is arming frontline teams in the U.S. with industry-best protection.
As explained by Tammy Waitt, editorial director at American Security Today, “‘ASTORS’ nominations are evaluated on their technical innovation, interoperability, specific impact within the category, overall impact to the industry, relatability to other industry technologies, and application feasibility outside of the industry. Winners are selected by our American Security Today expert panel of judges, and the ‘ASTORS’ Homeland Security Awards are presented at the Platinum, Gold, Silver, and Bronze levels.”
Sophos reigns as providing the Best Cyber Managed Threat Response with Sophos MDR, an industry-leading service used by more than 13,000 organizations for 24/7 threat hunting, detection and response. Our recently expanded service now integrates telemetry from third-party security technologies, providing unprecedented visibility and detection across diverse operating environments.
Sophos further leads as the Best Endpoint Threat Solution and Best Anti-Malware Solution with Sophos Intercept X with XDR, and the Best Network Security Solution with Sophos Firewall. These offerings are part of the Sophos Adaptive Cybersecurity Ecosystem where they share real-time threat intelligence with Sophos’ broad portfolio of solutions and services for faster and more contextual response to attacks. Sophos’ security solutions are further powered by predictive, real-time and deeply researched threat intelligence from Sophos X-Ops, and are easily managed in the cloud-native Sophos Central platform or by Sophos MDR.
A list of winners is available online.
Source: Sophos
[vc_row][vc_column][vc_column_text]
Whether you’ve been naughty or nice, someone will try and stuff a scam down your chimney either way. The FBI is warning of several likely ways to be parted from your funds or logins, and we’re going to give some additional context along with tips to avoid these digital lumps of coal.
Social media shopping scams
The FBI says:
Consumers should beware of posts on social media sites that appear to offer vouchers or gift cards. Some may appear as holiday promotions or contests. Others may appear to be from known friends who have shared the link. Often, these scams lead consumers to participate in an online survey that is designed to steal personal information.
We say:
Social media scams largely lean into cryptocurrency giveaways and other similar get rich quick schemes. You may see the occasional gift card thrown into the mix, but these tend to be related to survey scams. Having said that, we covered 3 popular forms of gift card scam in the run up to Black Friday:
-
Fake gift cards for sale at a discount. If it’s too good to be true, it probably is. Search out the official card distributor and check if they actually do have a sale on, and then purchase directly.
-
Gift card generators. Tools which claim to create genuine codes have been around for years, and they’re all fake. At best you’ll see one of the previously mentioned surveys. At worst, you could run into malware.
-
Services you encounter online which claim to perform a task in return for gift cards should be avoided. You’ll send them a code, and never hear from them again.
Work from home scams
The FBI says:
Consumers should beware of sites and posts offering work they can do from home. These opportunities rely on convenience as a selling point but may have fraudulent intentions. Consumers should carefully research the job posting and individuals or company offering employment
We say:
Work from home scams are big business over the holiday season, especially with people potentially looking for a little extra cash in the run up to the new year. These scams became incredibly popular with the advent of the COVID-19 pandemic, often tying into cryptocurrency.
Other scams of this nature will make use of cryptocurrency ATMs and QR codes. They’ll set up fake job hunt websites for you to upload your resume to, or post bogus ads on real sites. If you take part in an interview via WhatsApp or Telegram, that may be a red flag. If they send you money to buy work equipment, and then ask you to send the rest of the money to another bank account, that’s a whole box of red flags. You may well be walking into a short lived career as a money mule. It’s simply not with the risk.
Charity scams
The FBI says:
Fraudulent charity scams, in which perpetrators set up false charities and profit from individuals who believe they are making donations to legitimate charitable organizations. Charity fraud rises during the holiday season, when individuals seek to make end-of-year tax deductible gifts or are reminded of those less fortunate and wish to contribute to a good cause. Seasonal charity scams can pose greater difficulties in monitoring because of their widespread reach, limited duration and, when done over the Internet, minimal oversight.
We say:
One of the biggest drivers of fake charity sites is still the invasion of Ukraine. Fake donation sites are easy to set up, and copying genuine content from the real thing is also straightforward.
These sites will often tug at the heart strings, claiming to help children stranded in Ukraine with (what else?) cryptocurrency. Occasionally these scams lurk in the replies of Twitter threads, often imitating the person who originally posted.
In the UK you can search the charity register. I’m not aware of a similar service in the US, but you’re likely going to find a link to the charity you’re looking for on the Forbes top 100 list.
Smartphone app scams
The FBI says:
Some mobile apps, often disguised as games and offered for free, are designed to steal personal information. Before downloading an app from an unknown source, consumers should research the company selling it or giving it away and look online for third-party reviews of the product.
We say:
Bogus apps are something you can expect to run into all year round, but this is still good advice for the most part. I say “most part”, because the above suggests that only apps from an unknown source could be an issue. Whether you’re using an official app store or downloading apps from third party sources, there could be something lurking in that app. Dubious apps can work their way onto your device via a low tally of installation permission requests and then set about getting up to mischief, and that’s from an official store.
Even if the app you installed is legitimate it can be abandoned by the developers and cause problems of its own, potentially leaving you open to exploits. What you need to do:
-
Stick to official stores. Yes, they do also fall victim to malware apps posing as the real thing. You’re still better off doing this than allowing unknown installs to your device and grabbing files from who knows where.
-
Check the number of installs, how long the file has been available, developer information, and the reviews. Use information from outside the official store to see if anyone is complaining about it in security circles. Check if the app is still supported. If the app is brand new, you may wish to wait a while before installing.
-
When your Android phone begins to show signs of infection, it’s time to follow our list of security tips and run a scan.
Don’t let the scammers spoil your fun
We hope a combination of the FBI’s warnings and our additional hints and tips will keep you safe over the coming weeks. Unfortunately scammers don’t tend to take time off over Christmas, so it’s essential to keep your guard up. As for that lump of coal: return to sender.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Source: Malwarebytes
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-150912″][vc_custom_heading text_font=”font-762333″ text_weight=”200″ text_color=”color-210407″ subheading=”Fill in your details or call 211 8000 330″]Get maximum security now!
[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][contact-form-7 id=”101883″][/vc_column][/vc_row]
This quarter too, we’re happy to present a new version of our email archiving software: Version 22.4 of MailStore Server, the MailStore Service Provider Edition (SPE), and MailStore Home is available right now.
The new version of our MailStore Service Provider Edition supports multi-factor authentication. We’ve also improved how the software in all three products manages the available resources. It goes without saying that Version 22.4 of MailStore Server and the MailStore Service Provider Edition will also be GDPR-certified.
New Features for the MailStore SPE, MailStore Server and MailStore Home
Find out more about the improvements you can expect in Version 22.4 of the MailStore Service Provider Edition, MailStore Server and MailStore Home.
Support of Multi-Factor Authentication for the MailStore Service Provider Edition
Once again, we’ve enhanced the security of our MailStore Service Provider Edition. Access to the management console by administrators can now be secured via multi-factor authentication. After entering a username and password, administrators are now prompted to input an access code from an authenticator app of their choice in order to be able to access the management console.
If the administrator then wishes to use the management API, a separate API password must be generated. The API password is generated in the management console and is required by every system administrator for whom multi-factor authentication has been activated. This allows the API to be used without the need to enter a second factor, e.g. for automation purposes.
Improved Resource Management for the MailStore SPE, MailStore Server, and MailStore Home
Once again, we’ve improved resource management in all three software solutions. Specifically, this means that we’ve optimized how the available memory is used when running our software.
Updated Certification: Meeting Data Privacy Requirements
As usual, the latest version of our software, Version 22.4 of MailStore Server and the MailStore SPE, has been certified by an independent data privacy expert.
The certification takes into account all relevant aspects of the European General Data Protection Regulation (GDPR) and affirms that, when used appropriately, both MailStore Server and the MailStore SPE meet all the requirements governing the processing of personal data set out in the GDPR.
You can request a copy of the official GDPR audit certificate from sales@mailstore.com.
Registered MailStore partners can download the certificates from our Partner Portal or request it by email from partners@mailstore.com.
Availability
You can download the new version of MailStore Server and the MailStore Service Provider Edition free of charge from our website.
If your MailStore Server Update & Support Service has expired, please contact us to purchase an upgrade that will allow you to use the latest version of MailStore Server. Read here to find out about other good reasons for having an active Update & Support Service agreement in place.
Interested companies can also download MailStore Server Version 22.4 as part of a free, 30-day trial. If you are an MSP and are interested in offering email archiving as a service based on the MailStore SPE, please contact our sales team at partners@mailstore.com. Alternatively, you can sign up as an authorized MailStore Partner with us right now for free.
Source: MailStore
[vc_row][vc_column width=”1/1″][vc_single_image media=”103531″ media_width_percent=”100″ css_animation=”zoom-out” animation_speed=”1000″ animation_delay=”400″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DBOOKmySEAT%3A%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%20on%20the%209th%20%26%2010th%20of%20January%202023||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-762333″ text_size=”h1″ text_weight=”200″ text_color=”color-xsdn”]Sophos Firewall Administration for End-users Training
[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]
In January 2023: Monday 9 & Tuesday 10
(2 days crash Training / NSS Training Center – remote / on premises)
A two-days crash training program which is designed for technical professionals who will be administering Sophos Firewall and provides the skills necessary to manage common day-to- day tasks.
Trainer: Micheal Eleftheroglou
Training room: NSS ATC training room 3rd floor
Objectives
On completion of this course, trainees will be able to:
- Explain how Sophos Firewall help to protect against security threats
- Configure firewall rules, policies, and user authentication
- Demonstrate threat protection and commonly used features
- Perform the initial setup of an Sophos Firewall and configure the required network settings
- Identify and use troubleshooting tools, reporting and management tasks
Prerequisites
There are no prerequisites for this course; however, it is recommended you should:
- Be knowledge of networking
- Be familiar with security best practices
- Experience configuring network security devices
Certification
To become a Sophos Certified Administrator, trainees must take and pass an online assessment.
The assessment tests the knowledge of both the presented and practical content.
The pass mark for the assessment is 80% and is limited to 4 attempts.
Content
-
-
- Module 1: Firewall Overview
- Module 2: Getting started with Firewall
- Module 3: Network Protection
- Module 4: Webserver Protection
- Module 5: Site-to-site Connections
- Module 6: Authentications
- Module 7: Web Protection and Application control
- Module 8: Application Control
- Module 9: Email Protection
- Module 10: Wireless Protection
- Module 11: Remote Access
- Module 12: Logging, Reporting and Central Management
-
Certification + Exam:
SOPHOS FIREWALL ADMINISTRATOR
Duration 2 Days Remote + Labs
Athens Cyberpark training room 3rd floor (Aggistis 1 & Paggaiou)
Language: Greek & English[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-210407″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading text_font=”font-762333″ text_weight=”200″ text_color=”color-xsdn”]Agenda[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]DAY 1
09:30 – 10:30 Module 1: Firewall Overview
10:30 – 10:45 Break
10:45 – 12:30 Module 2: Getting started with Firewall
12:30 – 13:00 Labs (getting familiar)
13:00 – 13:30 Lunch
13:30 – 14:30 Module 3: Network Protection
14:30 – 15:30 Module 4: Webserver Protection
15:30 – 15:45 Break
15:45 – 17:05 Module 5: Site to Site Connection
DAY 2
09:00 – 10:20 Module 6: Authentications
10:20 – 11:20 Module 7: Web Protection and Application Control
11:20 – 11:30 Break
11:30 – 12:00 Module 8: Application Control
12:00 – 12:50 Module 9: Email Protection
12:50 – 13:30 Lunch
13:30 – 14:15 Module 10: Wireless Protection
14:15 – 15:05 Module 11: Remote Access
15:05 – 15:20 Break
15:20 – 16:20 Module 12: Logging, Reporting and Central Management
16:20 Labs discussion[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DBOOKmySEAT%3A%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%20on%20the%209th%20%26%2010th%20of%20January%202023||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_single_image media=”103531″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-out” animation_speed=”1000″ animation_delay=”400″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]
Datto, the leading global provider of security and cloud-based software solutions purpose-built for managed service providers (MSPs), has just introduced Datto EDR. Developed to provide highly effective endpoint detection and response capabilities, Datto EDR is tailored for today’s MSPs and small to midsize businesses (SMBs) in an affordable, easy to use, manage and deploy package.
Having the right cybersecurity tools in place is more important than ever. Year-over-year ransomware attacks increased by 92.7% and the average cost of an attack on a small business was $8,000 per hour from the time of attack to the time of remediation. Most endpoint detection and response tools require skilled and trained security analysts, who are in high demand and short supply, but Datto EDR uses MITRE ATT&CK framework to provide helpful clarity to teams, reducing the security expertise needed to effectively respond.
“Standard security tools aren’t enough anymore,” said Chris McKie, VP of Product Marketing for Security and Networking Solutions. “Threat actors have found ways to circumvent traditional security measures, making EDR tools more important than ever for catching suspicious activity and keeping businesses safe from increasingly sophisticated cyberattacks.”
Nearly all EDR products are designed and built for enterprise, which means they’re often costly and highly complex, requiring a team of highly trained security experts to effectively manage it. Without this trained staff, many organizations have been left without effective EDR tools.
Datto EDR has been specially built to help MSPs who want to improve their security posture and expand their security offerings to their SMB customers. This highly effective tool provides additional layers of endpoint security by detecting suspicious behaviors that sophisticated threat actors leverage to bypass when using traditional antivirus. Each alert in the dashboard comes with a response function, which will help teams through the remediation process with detailed mitigation recommendations for the most common threats, allowing MSPs to become more self-sufficient.
Datto EDR is an effective threat detection solution with readily available and knowledgeable technical support. Its efficient and actionable alerts can be quickly interpreted to decide on the appropriate next steps with quick deployment options that don’t interfere with day-to-day business operations. Further, continuous monitoring of process, memory, and behavior across all endpoints limits the time it takes to detect intrusions.
Part of Kaseya’s IT Complete Platform, Datto EDR expands the security suite to provide the maximum coverage across multiple vectors. Datto EDR is integrated with Datto RMM and Kaseya One to address the challenges of do-it-all, multifunctional IT professionals. It offers one vendor with everything you need, woven together to save you time, smart enough to help you get more done, and at an affordable price point.
For more information or to request a demo of Datto EDR, visit https://www.datto.com/request/datto-edr/.
Source: Datto
User Account Control (UAC) is a security feature in the Windows Operating System designed to mitigate the impact of malware. All users have triggered a UAC prompt at some point. Tasks that may trigger a UAC prompt include trying to install an application or change a setting that requires administrator privileges. A UAC prompt is the pop up that appears and requests the user to confirm they indeed want the install or other change to happen.
Windows Vista introduced the UAC prompt to improve on the security challenges experienced in Windows XP. The UAC prompt has not significantly changed since then, except for some visual improvements in Windows 10.
Why the Need for UAC?
When an application launches in Windows, it is assigned an access token. This token defines the privileges and access for the application. The principle behind Windows UAC is to give local administrators two tokens, one standard token and one admin token.
Initially, only a standard token is issued. However, when an application specifically requests an admin token, by default, it triggers a UAC prompt message to appear. If the user clicks “yes” on the UAC prompt to proceed with execution of their request, then an admin token is issued. The admin token then enables the application to run with a high level of privilege.
An admin token is like an ‘access all areas’ pass that allows the application to do almost anything on the system. So, when an application with an admin token is compromised, an attacker can inflict considerable damage.
Insertion of the UAC step helps minimize the number of applications running with admin tokens that an attacker can exploit. In addition, user account control reduces the risk of an attacker acquiring an admin token without triggering a message to the user for approval.
Since the majority of applications don’t need an admin token to function, users aren’t bombarded with pop ups. Thus, we seem to have an effective security feature in place. But wait, this isn’t the end of the story.
Before you scroll to the top of the article to check if I am contradicting myself, I said earlier that Windows User Account Control is a security feature not a boundary. In fact, Microsoft describes UAC as “a fundamental component of Microsoft’s overall security vision”. While many folks continue to portray UAC as a security boundary, technically, it isn’t.
Over the years, numerous security researchers and threat actors have successfully explored ways to run their tools without triggering UAC. When these tactics have been reported to Microsoft’s bug bounty program, the Microsoft response has been “UAC is not a security boundary”.
Microsoft doesn’t want their own applications triggering lots of pop-up UAC prompts. Thus, Microsoft created a mechanism so that applications they trust will avoid triggering the UAC prompt. The security downside to this is that trusted applications can then be exploited, or piggy-backed off, to bypass UAC.
Because UAC isn’t considered a security boundary, these bypasses are not viewed as bugs and are not patched. At the time of writing this blog, the UACME project (https://github.com/hfiref0x/UACME – note, some network filters will block this page) lists 76 different UAC bypass techniques. Many of these bypass techniques are actively used in malware to silently elevate privilege on a Windows endpoint. Far more bypasses exist in the wild—those 76 just represent the most popular ones.
Solving UAC challenges with Endpoint Privilege Management
UAC problems like the above seem to create a terrible situation, as end users need admin tokens to perform common activities, like install software, install printers, and change settings. If you remove local admin privileges, the end users are secure, albeit less productive. Moreover, users might spend all day raising help desk tickets. Alternatively, if you provision local admin privileges to them, then a threat actor may bypass the operating system’s UAC security mechanism and wield the admin privileges against you.
Fortunately, modern Endpoint Privilege Management tools like BeyondTrust’s Privilege Management for Windows effectively address this challenge, and more. The BeyondTrust solution allows you to immediately remove local admin privileges from all users, which substantially reduces your attack surface. Privilege Management for Windows intercepts UAC and elevation requests and seamlessly elevates just the applications your users need for their role, based on policy.
For known and trusted applications, you can use simple policy rules or out-of-the-box policy templates to seamlessly launch these applications without having to prompt the user. Then, for unknown applications or tasks, you can ask the user to justify why they need a specific application, perform reputational checks, verify the application publisher, or trigger step-up authentication via MFA to ensure both the application and user are who they say they are.
Privilege Management for Windows provides Quick Start templates that make it practical for organizations to tackle common least privilege policy use cases from Day 1, enabling rapid leaps in risk reduction. In addition, custom access tokens allow you to assign privileges at a granular level to ensure no user or application is over-privileged
Don’t fall into the pitfalls of either exposing your organization to the risk of over-privileged local admin users or hampering productivity by under-privileging users. Find the balance between security and productivity, follow security best practices, and, most importantly, build a secure foundation that prevents attackers from gaining privileged access to systems.
Endpoint Privilege Management | BeyondTrust
Learn more about BeyondTrust Endpoint Privilege Management.
Source: BeyondTrust
Discover the seven network security measures that can help mitigate the risk of a ransomware attack.
66% of organizations were hit by ransomware last year* demonstrating that adversaries have become considerably more capable at executing attacks at scale than ever before.
Modern attacks leverage legitimate IT tools such as Remote Desktop Protocol (RDP) to gain access to networks, making initial detection notoriously difficult. The root of the problem is that there’s too much implicit trust in the use of these tools which has repeatedly proven unwise.
Implementing robust network security measures is a sure-fire way to mitigate this risk. In our new whitepaper, Best Practices for Securing Your Network from Ransomware, and in this article, we share practical network security tips to help elevate your ransomware protection.
1. Micro-segment your network
Micro-segmenting allows you to limit the lateral movement of threats. One way to achieve this is to create small zones or VLANs and connect them via managed switches and a firewall to apply anti-malware and IPS protection between segments. This lets you identify and block threats attempting to move laterally across your network.
2. Replace remote-access VPN with a Zero Trust Network Access solution (ZTNA)
ZTNA is the modern replacement for remote-access VPN. It eliminates the inherent trust and broad access that VPN provides, instead using the principles of Zero Trust: trust nothing, verify everything. To learn more about the benefits of ZTNA over VPN, read our article here.
3. Implement the strongest possible protection
Always deploy the highest level of protection on your firewall, endpoints, servers, mobile devices, and remote access tools. In particular:
- Ensure your firewall has TLS 1.3 inspection, next-gen IPS, and streaming DPI with machine learning and sandboxing for protection from the latest zero-day threats
- Ensure your endpoints have modern next-gen protection capabilities to guard against credential theft, exploits, and ransomware
4. Reduce the surface area of cyberattacks
We recommend that you review your firewall rules and eliminate any remote access or RDP system access through VPN, NAT, or port-forwarding, and ensure that any traffic flows are properly protected. Eliminating exposure from remote access goes a long way in reducing the number of in-roads for attackers to launch ransomware attacks.
5. Keep your firmware and software patched and up-to-date
This is important for both your network infrastructure (such as your firewall or remote-access software or clients) and your systems given that every update includes important security patches for previously discovered vulnerabilities.
6. Use multi-factor authentication (MFA)
Ensure your network operates on a zero-trust model where every user and device has to continually earn trust by verifying their identity. Also, enforce a strong password policy and consider adopting authentication solutions like Windows Hello for Business.
7. Instantly respond to cyberattacks
Use automation technologies and human expertise to accelerate cyber incident response and remediation. Ensure your network security infrastructure helps you automatically respond to active attacks so you can isolate a compromised host before it can cause serious damage.
An increasingly popular way to achieve this is via a managed detection and response (MDR) service. MDR is a fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent. To learn more on the benefits of MDR, read our article here.
Learn more
To explore these best practices in greater detail and to learn how Sophos network security solutions elevate your ransomware protection, download our whitepaper here.
Sophos provides everything you need to fully secure your network from attacks, including firewalls, ZTNA, switches, wireless, remote-edge devices, messaging protection, MDR, next-gen endpoint protection, EDR and XDR. Plus, everything’s managed via a single cloud management console — Sophos Central — and works together to deliver Synchronized Security and cross-product threat detection and response.
For more information and to discuss how Sophos can help you, speak with one of our advisors or visit www.sophos.com today.
Πηγή: Sophos
We’re thrilled to announce that Sophos Firewall has been named the best network security solution for small and medium-sized businesses by CRN®, a brand of The Channel Company. The recognition marks Sophos’ seventh consecutive year as a winner in the CRN Tech Innovator awards, which honor the channel’s most innovative technologies.
“Sophos Firewall is an essential layer of protection against malicious traffic and threat actors targeting corporate and remote users who are traversing today’s hybrid business environment,” said Raja Patel, senior vice president of products at Sophos. “Sophos Firewall’s programable Xstream Flow Processors enable us to innovate and add new features and capabilities over time, without forcing a hardware upgrade. This provides our channel and customers with a future-proof scalable platform with tremendous value that continues to grow with every release.”
Sophos Firewall delivers unrivaled network visibility, protection and response for organizations of all sizes and across all sectors. It delivers the industry’s best zero-day threat protection, identifying and stopping advanced cyberthreats, and its innovative and unique Xstream architecture is engineered to deliver extreme levels of performance in accelerating important software-as-a-service (SaaS), software-defined wide area network (SD-WAN) and cloud application traffic.
As part of the Sophos Adaptive Cybersecurity Ecosystem, Sophos Firewall shares real-time threat intelligence with Sophos’ broad portfolio of solutions and services for faster and more contextual and synchronized protection, detection and response. It’s further powered by predictive, real-time and deeply researched threat intelligence from Sophos X-Ops, a cross-operational task force linking SophosLabs, Sophos SecOps and SophosAI, and is easily managed in the cloud-native Sophos Central platform or by Sophos Managed Detection and Response (MDR).
Don’t forget that the new Sophos Firewall v19.5 is in early access right now and will become generally available this month. This blog series covers all the new features.
“Our CRN Tech Innovator Awards recognize those technology vendors that are making the biggest impacts in digital transformation for solutions providers with unique, cutting-edge products and services,” said Blaine Raddon, CEO of The Channel Company. “It is my pleasure to congratulate each and every one of our 2022 CRN Tech Innovator Award winners. We’re delighted to recognize these best-in-class vendors that are driving transformation and innovation in the IT space.”
A complete list of winners will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.
Source: Sophos
We’re delighted to share that Sophos endpoint security products ranked as industry best in SE Labs’ protection tests in the third quarter of 2022, achieving AAA ratings across the board.
Sophos earned a 100% rating for Protection Accuracy, Legitimate Accuracy, and Total Accuracy in the Enterprise and SMB categories in this latest round of testing.
Commenting on the results, Simon Edwards, CEO of SE Labs, said:
“Sophos Intercept X stopped all threats and allowed all legitimate applications. The AAA award is well deserved and shows that Sophos goes well beyond basic functionality. The solution can handle both common and customized threats, without blocking the software you need to run on your computer.”
Protection powered by world-leading threat intelligence
Our endpoint solutions include Sophos Intercept X and Sophos XDR (extended detection and response), which combine anti-ransomware technology, deep learning artificial intelligence, exploit prevention, and active adversary mitigations to stop attacks.
All our solutions are powered by threat intelligence from Sophos X-Ops, a cross-operational task force linking SophosLabs, Sophos SecOps, and SophosAI, bringing together deep expertise across the attack environment. Armed with this understanding, we can build powerful, effective defenses against even the most advanced threats.
Sophos endpoint solutions are easily managed in the cloud-native Sophos Central platform or by Sophos Managed Detection and Response, a 24/7 managed detection and response (MDR) service used by more than 12,600 organizations worldwide.
The importance of high-quality third-party testing
At Sophos, we place great value on high-quality, independent testing and participate in numerous tests throughout the year.
As Simon Reed, Senior Vice President of SophosLabs says, “Sophos believes in the informational and transparency value of regular participation in third-party testing.”
Of course, tests are most valuable when they challenge solutions in real-world scenarios. As Simon Edwards of SE Labs explains:
“How hard do you want your security testing to be? We could take a product, scan a real virus and record that it detected a threat. Great, but what does that tell us? It’s a very basic test that only verifies that the software actually is an anti-malware product. You can’t tell if it’s better than other anti-malware products, because it’s just one file being scanned and detected. You don’t even know if the product could protect against the threat, just that it detected it. So, we turned up the dial and threw a wider range of attacks at the products. Each solution was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test.”
At Sophos, we’re delighted with our exceptional performance in the latest SE Labs tests and – most importantly – that we provide our customers with world-leading endpoint protection that defends against even the most advanced adversaries.
Test drive Sophos for yourself
Sophos defends more than 500,000 organizations from active adversaries, ransomware, phishing, malware, and more. Speak to our security advisers to discuss how we can help you, and take a test drive of our solutions today.
Source: Sophos