Sophos Firewall OS v19.5 is a free upgrade for all licensed Sophos Firewall customers.

Sophos MDR recorded an exceptional performance with results that validate our position as one of the top performing security services vendors in the market.

A few years ago we saw how a new wave and trend in ransomware attacks. In the attacks on the City of Pensacola and the New Jersey synagogue, not only had the data been encrypted, it had been exfiltrated and the attackers were demanding a ransom for not making it public.

The impact of these types of attacks goes beyond encryption and the need to recover backups, but puts companies at risk of suffering significant financial and reputational losses from lawsuits, litigation and non-compliance with regulations.

In the last years we saw how this trend has gone further and some organizations have even decided to pay attackers to avoid penalties or litigation.

Publication of company data by DDoSecrets activists

Some time ago, the activists known as “Distributed Denial of Secrets” DDoSecrets published on their website more than 1 terabyte of sensitive data that were exfiltrated in ransomware attacks and had been picked up from “dark web” sites. This data includes more than 750,000 emails and documents from different companies. Additionally, this group of transparency activists is privately offering massive amounts of business data to a select group of journalists and academic researchers. These data come from companies in different sectors such as financial, pharmaceutical, energy, manufacturing, retail, software, real estate.

According to DDoSecrets, if there is information, technical data, specifications, etc. of a company in any sector that can accelerate the progress of a certain industry or make people’s lives safer, they have a duty to make this information available to journalists and people in academia so that they know the dark way in which these companies typically operate.

1.2 GB of published data from the Scottish Environmental Protection Agency

The Scottish Environment Protection Agency (SEPA) had confirmed that, after refusing to pay a ransom, an organized group of hackers had published 1.2 GB of data extracted as a result of a ransomware attack. According to the agency at least 4,000 files have been stolen that included workers’ personal information purchasing information, documents on ongoing projects, and information related to the agency’s corporate plans.

Data published after exfiltrations in financial and wealth management companies

At the end of 2020 stolen data from different financial and wealth management companies published were found on sites operated by Sodinokibi and NetWalker ransomware gangs. The way of operating is the one that we have already commented, first the confidential data of these organizations are stolen to later request a ransom for not publishing this data. This data contained employee files, audits, financial documents, payroll data, customer files, etc. Even the Sodinokibi criminal gang auctioned this data on different forums on the Dark Web.

Attacks targeting executives to extract confidential information

Ransomware gangs are targeting the computers or devices of senior company executives to obtain sensitive information that they can later use to extort money from companies for hefty ransoms. According to ZDNet, discovered this tactic after talking to a company that had paid a multi-million dollar ransom to the Clop ransomware gang. After several calls, they discovered that this was not an isolated case.

This group focuses on extracting files and emails from executives that can be useful to threaten them and put the company’s management under pressure to obtain a ransom. Ransomware attacks usually go for the “crown jewels” or those data that have the most value for the company, so it is not surprising that sooner or later they focused their objectives on the group of company executives.

27% of organizations decide to pay the ransom

According to a survey conducted by security maker Crowdstrike, among all organizations attacked by ransomware 27% decide to pay the ransom, with the average being USD 1.1M. Many decide to make the payment to avoid fines for non-compliance with regulations, or to face litigation and millionaire lawsuits or simply to avoid further scandals that can seriously damage their reputation.

For example, the University Hospital of New Jersey paid 670K USD to the SunCrypt ransomware band to prevent the publication of 240 GB of stolen data including patient data. After 48,000 documents pertaining to the hospital were published, a representative of the hospital contacted the attackers via its payment portal on the dark web to negotiate the cessation of new publications of patient data.

To pay or not to pay the ransom

Of course, the FBI strongly advises against paying a ransom, partly because it does not guarantee that the criminal organization won’t have access again to your data or that it won’t be published. Furthermore, it incites attackers to increase their actions against other organizations and to continue profiting from extortion. In any case, the FBI understands that when companies are unable to continue with their functions, they will evaluate all options to protect their shareholders, employees and customers. On the other hand, the controversy arises as to whether paying a ransom may violate laws on financing terrorist activities, money laundering, etc.

Data encryption as a means to protect against a ransomware attack

Data encryption protects information wherever it moves. If the data has been encrypted, it will be inaccessible or useless to cybercriminals. The data may be re-encrypted by the malware, but if it is extracted, they cannot be published as is happening in recent attacks where data is extracted in clear and extorted with the potential publication of the same.

Organizations must not only consider a traditional encryption solution to protect themselves from these attacks, but also one that have control on access and identity so makes it possible to restrict access permissions (View, edit, print, etc.).

How SealPath can help prevent the effects of a ransmoware attack

With a data-centric security solution like SealPath:

• The data will remain protected when is at rest, in transit and in use.

• It is possible to limit access permissions, so that if a document is shared with a third party, they can open it and work with the document without having to unprotect it, thus the copies remain encrypted wherever they behave.

• It is possible to control the identity of the people who can access a certain file. In this way, if an identity has been compromised, it is possible to revoke access to the documents to it.

SealPath also offers a complete audit of accesses to protected information, so that users’ activity on sensitive documentation of the organization can be seen. If you want to know more, click below, and you will see the features of SealPath’s data protection solution.

Don’t wait to ask yourself whether or not the ransom is worth paying, put the means first to have your data safe and under control in any location and safe from possible ransomware attacks. Contact our team here and we will help you as soon as possible.

Source: SealPath

IT-SA EXPO&CONGRESS IS EUROPE’S LARGEST TRADE FAIR FOR IT SECURITY…

…and one of the most important dialogue platforms for IT security solutions.

The trade fair covers the entire range of products and services in the field of cybersecurity: hardware, software, training and consulting services as well as Security as a Service. Important topics at it-sa are cloud and mobile security, data and network security, the protection of critical infrastructures, and industrial Security.

Since 2009, it-sa Expo&Congress in Nuremberg has been the meeting place for decision-makers, experts and IT security officers from all sectors of the economy. Whether they represent industry, the service sector or public administration, the exhibitors at it-sa offer customized and individual solutions.

On the exhibitor side, it-sa addresses the entire IT security market, including physical IT security. The event thus offers trade visitors a showcase of the IT security industry from Germany and abroad that is unique in Europe. Outstanding innovations by young companies in the field of cyber security will be honored with the ATHENE Startup Award UP@it-sa.

The freely accessible lecture program and product-neutral contributions and discussion panels from the it-sa insights series provide trade fair visitors to it-sa with the latest expertise in the industry. In addition, the congress program Congress@it-sa, organized in cooperation with renowned associations and organizations, offers an intensive dialogue on current topics in IT security.

NSS’s Executive Director, George F. Kapaniris, visited Europe’s largest cyber security exhibition/conference and had meetings with partners and prominent executives from the cyber security field, including SOPHOS, BeyondTrust, Fortra (HelpSystems), Cherry Solutions and others.

NSS is an international Value Added Distributor of leading edge IT solutions, covering technology areas including information security, networking, unified communications, data storage, virtualization, and data centre infrastructure systems. Through high technology and deep knowledge of the marketplace, NSS executes the due diligence to select leading edge strategic partnerships with superior vendors and leading technologies that give our channel an opportunity to differentiate from the competition in a crowded market through first class proven solutions.

NSS offers its resellers a portfolio of products that integrate to each other ideally for creating innovative solutions. NSS together with the channel partners can develop opportunities and convert them to sales. NSS having developed a circle of trust with the vendors use trade-in options to encourage new business together with the channel. Last but not least, NSS is applying waste management practices in order to dispose of used equipment securely and responsibly, sometimes even helping in acquiring the new equipment offered. NSS Professional services include extensive presales, implementation, configuration and training. NSS has an impressive pool of skilled engineers and consultants to support the VARs.

HelpSystems announced today that it has become Fortra™ a name synchronous with security and defense. This evolution reflects the company’s enhanced commitment to helping customers simplify the complexity of cybersecurity in a business environment increasingly under siege. With a stronger line of defense from a single provider, organizations of all kinds can look to Fortra to increase security maturity while reducing the burdens to everyday productivity.

“The cybersecurity industry is always changing, and we’re evolving along with it,” said Kate Bolseth, CEO, Fortra. “This is a pivotal, exciting moment for us as we’re defining a new, bold path forward that will bring positive change to the industry and our customers. Everyone at Fortra is rallying behind this movement to tackle seemingly unmanageable security challenges and alleviate the constant worry many of our customers face. As Fortra, we want our customers to think of us as their cybersecurity ally, with them every step of the way.”

In recent years, Fortra has grown to more than 3,000 employees with offices in 18 countries and over 30,000 global customers. As part of this evolution, the company shifted its focus to cybersecurity and automation, building a best-in-class portfolio with key capabilities in data security, infrastructure protection, and managed security services. These acquisitions have included Alert Logic, Digital Guardian, Cobalt Strike, Tripwire, Digital Defense, Terranova Security, Agari, PhishLabs, Core Security, GoAnywhere, Titus, and other well-known software and services providers.

Such a rich collection of proven solutions has built the organization’s roster of industry experts and enabled innovative integrations to help customers solve challenges in new, streamlined ways. These integrations incorporate emerging threat intelligence for more effective protection against rapidly evolving cyberthreats. In fact, Fortra’s 350-person threat research and intelligence team stays abreast of emerging threats not only to guide customers in their defense efforts, but also to infuse its software and services with critical insights.

“We’re proud of our role as a trusted leader in the industry and will continue to give our customers the same people-first support and best-in-class solution portfolio they’ve come to expect, making cybersecurity stronger and simpler than ever before,” Bolseth said.

HelpSystems Is Now Fortra

The realm of cybersecurity and automation is always changing, and we’re evolving right alongside it. Say hello to Fortra, the new face of HelpSystems. We’re bringing you the same people-first support you’ve come to expect from HelpSystems, only now we’ve been Fortra-fied with the purpose of providing you with exceptional protection and peace of mind along every step of your journey.

Our team of expert problem solvers is ready to find answers to your organization’s toughest problems, and our best-in-class portfolio ensures that we’ll land on an integrated, scalable solution that’s right for you.

We’re tenacious in our pursuit of a stronger, simpler future for cybersecurity.

Who’s with us?

The Fortra Story

Learn more at Fortra.com

Hackers have a deep playbook for penetrating networks. Even when managed service providers (MSPs) provide their clients with a robust defense, malicious actors can still infiltrate systems to launch ransomware or other attacks.

Small and medium-sized businesses (SMBs) look to MSPs for help because they can’t protect themselves in the face of mounting threats. For example, a recent study showed that ransomware attacks have nearly doubled since 2020, just one of many attack vectors that can severely impact company operations.

While MSPs are increasingly well-versed in cybersecurity measures, they can become overwhelmed. Software tools such as antivirus (AV) and endpoint detection and response (EDR) help them to detect when security issues arise. However, many MSPs do not have the necessary capabilities to carry out threat hunting and incident response for digital forensics investigations and analyzing malware.

Highly trained cybersecurity professionals with the skills to provide advanced threat protection (ATP) are expensive to hire and in high demand. The vast majority of MSPs are not in the position to build up a massive ATP infrastructure and team, but they do have a quality option: managed detection and response (MDR).

Also known as a managed security operations center (SOC), or MDR, managed SOC provides the highest level of threat protection to MSPs and their clients. It combines technology solutions with expert human teams for advanced threat hunting, monitoring and incident response. Armed with MDR, MSPs can identify threats and quickly limit their impact without having to add costly additional staff.

What is MDR? A cybersecurity necessity

The role of managed SOC, or MDR, solutions has evolved significantly in an MSP’s practice. For an increasingly large proportion of SMB clients, MDR has gone from a nice-to-have to a necessity.

This shift is reflected in the core tenets of the NIST cybersecurity framework, a set of interconnected steps for managing risk to critical infrastructure. They are:

• Identify
• Protect
• Detect
• Respond
• Recover

Most organizations today – MSPs, small businesses, IT departments – spend 85% of their budget on “protect”, leaving only a small portion to spend on the other four phases. However, there is a growing awareness that a change in cybersecurity investment is now needed. The leading research firm Gartner recently observed:

“IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. Organizations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents.”

Adding MDR and managed SOC are how MSPs address this reality. For example, protection measures such as AV and firewall may detect malicious files, but additional security must now go far beyond that.

That’s because hackers are increasingly using techniques to infiltrate networks that do not appear malicious on the surface, allowing them to evade defenses. Once a hacker has entered an SMB’s network with this technique, they can dwell unseen in the system, gathering critical information before they strike.

For instance, bad actors know that they can use a normal tool like the Windows PowerShell command-line interface (CLI) for abnormal activities. Working from PowerShell, a hacker can then pull the Mimikatz open-source application to watch for and harvest authentication credentials as packets move through the system. AV software won’t register something like that as a malicious act, but it’s certainly a suspicious one, especially if the commands are originating from a hostile nation.

MDR helps MSPs to spot bad behaviors that get past AV and other traditional protective measures. With a solution like Datto Managed SOC in place, MSPs are alerted of these hidden compromises so they can find, contain and neutralize such an attack before it becomes a major problem.

Better economics

From a security standpoint, MDR makes sense, especially as ransomware gangs and other bad actors become increasingly sophisticated.

Outsourcing MDR to a managed SOC is also the right budgetary choice for an MSP – and often the only feasible option. That’s because building a SOC from the ground up in-house is prohibitively expensive. Without even accounting for the technology infrastructure, the staffing costs can be staggering. In order to run 24/7 a SOC needs at least three expert security analysts, but it reasonably requires several more than that.

However, skilled MDR professionals are in high demand now and are commanding equally high salaries. That leads to a Catch-22 for MSPs who are considering homegrown MDR services: Do you invest heavily in setting up your in-house SOC first and then try and get the clients? Or do you sell clients on it and then try to build up the staff and services to keep your promises? It’s an expensive risk on the one hand, a reputational risk on the other.

The more sensible path for MSPs is to white label their MDR by outsourcing a managed SOC service. That’s how MSPs are responding to this growing need in the market, in a way that they couldn’t do otherwise.

The role of remediation

With MDR in place via a managed SOC, MSPs can go on the offensive by detecting and containing security threats before they spread. This threat hunting is key to cybersecurity remediation, which is the process of identifying and fixing IT security problems. Remediation also involves resolving any issues that might have arisen after a breach.

Threat hunting is a more mature security activity requiring deep experience in forensics and incident response – initiatives that most MSPs lack the people, training and tools to undertake. The operations of more and more SMBs are transitioning to digital infrastructure, however, meaning that anyone can become a target. That’s because any kind of customer information today has value, so it can be stolen and resold on the dark web.

When an MSP offers MDR, cybersecurity becomes proactive. Managed SOC experts are trained to root out bad actors that have infiltrated SMB endpoints and networks and contain those threats. As discussed above, that goes beyond negating the likes of malware, ransomware, distributed denial of service (DDOS) attacks, and phishing: MDR professionals recognize seemingly normal activities that can devastate a business if left unchecked.

Managed SOC is MDR: How to find the right provider

The right MDR ensures that MSPs can instantly extend their team to include world-class personnel who are experts in 24×7 threat monitoring.

MSPs should look for a managed SOC that protects clients across their entire infrastructure including endpoints, networks and the cloud. Efficient log monitoring, threat intelligence and hunting, breach detection, intrusion monitoring, advanced malware prevention, and PSA ticketing should all be included. These features are essential for comprehensive protection and effective remediation that won’t tax MSP personnel.

Improve your security offerings and experience the confidence that comes with continuous protection against attackers. Schedule a demo of Datto Managed SOC.

Source: Datto

Sophos received the highest possible rating in the Product Vision, Execution Roadmap, Supporting Products and Services, Efficacy, Threat Intelligence, Zero Trust environments, and IP Sec and VPN criteri.

Source: Sophos

We’ve expanded our Managed Detection and Response service (originally called Sophos MTR) and given it a new name: Sophos MDR. Recognizing their commitment to Sophos, Sophos MTR customers will be upgraded–at no additional charge–to Sophos MDR Complete, our top-tier of service, later this year.  Customers will enjoy the same great level of service, plus a host of new capabilities including extended data retention and a new monthly threat landscape webcast.

Delivering the No. 1 customer request: compatibility with non-Sophos tools

With Sophos MDR Complete, analysts can detect and respond to threats across the cybersecurity ecosystem by leveraging security data from both Sophos and non-Sophos security tools. Customers can take advantage of:

• Free integrations with Sophos next-gen technologies, including our endpoint, firewall, cloud, and email protection solutions as well as the new Sophos Network Detection and Response (NDR) solution.
• Compatibility to run alongside 3^rd party endpoint protection solutions
• Free integration with the Microsoft portfolio through Graph Security
• 3^rd party integrations, available for purchase with add-on licenses for virtually any other security tool that generates threat detection data, including Palo Alto Networks, Fortinet, Check Point, Rapid7, Amazon Web Services (AWS), Google, Okta, Darktrace, and many others

The more we can see, the more we can detect and the faster we can respond. With each additional data source, our analysts gain deeper visibility as they begin to see around corners and into the actions taking place beyond the endpoint. By automatically correlating data from Sophos and non-Sophos tools, we can see higher fidelity detections and reduce manual investigation times.  And customers get more out of the tools they already have.

There are so many benefits to expanding your detection and response ecosystem to include your existing security solutions. For example:

• Firewall and network telemetry can identify rogue assets and unprotected devices, as well as insider threats and novel attacks
• Email alerts can pinpoint initial entry into the network and attempts to steal account names and passwords
• Identity data can point to unauthorized network entry and attempts to move through higher levels of permissions
• Cloud alerts can indicate unauthorized network access, efforts to steal account names and passwords, and access to proprietary data

Plus much more!

To learn more about our third-party integrations and discuss extending your security defences with full-environment threat detection and response, reach out to your Sophos account team or Sophos partner.

Extended data storage and monthly webcast

For all Sophos MDR service tiers, including Sophos MDR Complete, we are increasing standard data storage to 90 days at no additional cost. With the median dwell time for intrusions not involving ransomware coming in at 34 days*, this extended data storage will better enable analysts to determine the root cause of incidents and, in turn, better advise on how to harden defenses to prevent further attacks. Customers who require a longer data retention period, for example to meet compliance or regulatory requirements, can take advantage of an add-on license for a full year of data storage.

It can be challenging to keep up with the fast pace of security threats. We are excited to introduce an exclusive monthly webcast for MDR Complete customers, the Sophos MDR ThreatCast, where we’ll share observations on recent threat activity across our 12,000+ customer base. Attendees will get to know the team of threat analysts and researchers working behind the scenes to protect their organizations and deepen their understanding of the threat landscape.

Scale incident response

Like Sophos MTR Advanced, with MDR Complete, once suspicious activity is detected, the MDR operations team contains and eradicates the threat. Their systematic approach enables them to identify the root cause and then use these insights to elevate protection across the entire customer base.

We’ll take care of the upgrade for you

All Sophos MTR customers will be automatically upgraded to Sophos MDR Complete later this year. We’ll take care of everything for you – no need to do anything.

Not yet using Sophos MDR?

Sophos MDR meets you where you are. Our expert analysts detect and respond in minutes to threats across your entire environment, 24/7/365, whether you need full-scale incident response or assistance making more accurate decisions. To learn more, visit www.sophos.com/mdr or speak with an adviser today.

Source: Sophos

Sophos, a global leader in next-generation cybersecurity, today announced that BlackByte, one of the newer, “heavy-hitter” ransomware gangs, has added a sophisticated “Bring Your Own Driver” technique to bypass more than 1,000 drivers used by industry Endpoint Detection and Response (EDR) products. Sophos details the attack tactics, techniques and procedures (TTPs) in the report, “Remove all the Callbacks – BlackByte Ransomware Disables EDR via RTCore64.sys Abuse.”

BlackByte, featured in a Secret Service and FBI special advisory earlier this year as a threat to critical infrastructure, reemerged in May from a brief hiatus with a new leak site and new extortion tactics. Now, it appears that the group has added new attack methods, as well. Specifically, they’ve been abusing a vulnerability in RTCorec6.sys, a graphics utility driver for Windows systems. This particular vulnerability allows them to communicate directly with the targeted system’s kernel, commanding it to disable callback routines used by EDR providers, as well as the ETW (Event Tracing for Windows) Microsoft-Windows-Threat-Intelligence-Provider. EDR vendors frequently use this feature to monitor the use of commonly maliciously abused API calls; if this feature is disabled, the EDR vendors that rely on this feature are also rendered ineffective.

“If you think of computers as a fortress, for many EDR providers, ETW is the guard at the front gate. If the guard goes down, then that leaves the rest of the system extremely vulnerable. And, because ETW is used by so many different providers, BlackByte’s pool of potential targets for deploying this EDR bypass is enormous,” commented Christopher Budd, senior manager, threat research, Sophos.

BlackByte is not the only ransomware gang taking advantage of the “Bring Your Own Driver” to bypass security products. AvosLocker abused a vulnerability in a different driver to disable antivirus solutions in May.

“Anecdotally, from what we’re seeing in the field, it does appear that EDR bypass is becoming a more popular technique for ransomware threat groups. This is not surprising. Threat actors often leverage tools and techniques developed by the ‘offensive security’ industry to launch attacks faster and with minimal effort. In fact, it appears that BlackByte pulled at least part of its EDR bypass implementation from the open-source tool EDRSandblast,” said Budd. “With criminals adopting work done by the offensive security industry, it’s critical for defenders to monitor new evasion and exploitation techniques and implement mitigations before these techniques become widely available on the cybercrime scene.”

To learn more about BlackByte’s latest TTPs and how to keep systems safe, download the full report from Sophos.com.

Source: Sophos

This quarter too, we’re happy to present a new version of our software for email archiving. Version 22.3 of MailStore Server and the MailStore Service Provider Edition (SPE) is available right now. The new version officially supports Microsoft Outlook 2021. Once again, we’ve made some tweaks in terms of the security of our software. And, as ever, we’ve done our utmost to improve the overall user experience. It goes without saying that Version 22.3 of MailStore Server and the MailStore Service Provider Edition will also be GDPR-certified.

New Features for MailStore Server and the MailStore Service Provider Edition

Find out more about the improvements you can expect in Version 22.3 of MailStore Server and the MailStore SPE.

Support for Microsoft Outlook 2021

Our email archiving solutions have a reputation for supporting the latest mail servers and clients. Following this tradition, MailStore 22.3 now officially supports Microsoft Outlook 2021, which means you can use your MailStore Outlook Add-in with Microsoft’s latest email client. This gives you maximum flexibility and autonomy when it comes to choosing an email client. Email archiving is a long-term solution that aims to safely retain your emails and attachments over many years. So, it’s important for us to know that your long-term investment in MailStore is protected and that our software will remain compatible with all your systems in the future.

More Security

Long-time MailStore customers and partners know that every new version of our product comes with added security. And it’s no different this time. The new version prevents brute-force attacks during the login routine. Failed login attempts, i.e. using incorrect credentials, causes the login process to slow down: fraudsters are unable to deploy brute-force methods and your email archive remains protected.

Even Better Usability

In addition, MailStore 22.3 enhances the experience for MSPs using the MailStore SPE. Admins are now able to modify the automatic execution of profiles on the server via the API. MSPs can adapt and save on system resources. We’ve also improved the login routine of the MailStore Outlook Add-in.

Updated Certification: Meeting Data Privacy Requirements

As usual, the latest version of our software, Version 22.3 of MailStore Server and the MailStore SPE, will be certified by an independent data privacy expert.

The certification will take into account all relevant aspects of the European General Data Protection Regulation (GDPR) and will affirm that, when used appropriately, both MailStore Server and the MailStore SPE meet all the requirements governing the processing of personal data set out in the GDPR.

You can request a copy of the official GDPR audit certificate from sales@mailstore.com shortly. Registered MailStore partners can download the certificates from our Partner Portal or request it by email from partners@mailstore.com soon.

Availability

You can download the new version of MailStore Server and the MailStore Service Provider Edition free of charge from our website.

If your MailStore Server Update & Support Service has expired, please contact us to purchase an upgrade that will allow you to use the latest version of MailStore Server. Read here to find out about other good reasons for having an active Update & Support Service agreement in place.

Interested companies can also download MailStore Server Version 22.3 as part of a free, 30-day trial. If you are an MSP and are interested in offering email archiving as a service based on the MailStore SPE, please contact our sales team at partners@mailstore.com. Alternatively, you can sign up as an authorized MailStore Partner with us right now for free.

Source: MailStore

The reality is that technology solutions alone cannot prevent every cyberattack. Stopping the most advanced attacks requires human-led threat hunting, investigation, and response. Which is where MDR, or managed detection and response, services come in.

MDR is a fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent.

While threat hunting can be performed in house using EDR (endpoint detection and response) and XDR (extended detection and response) tools, there are extensive benefits to using an MDR service either alongside your in-house team or as a fully outsourced service.

How to work with MDR services

All types of organizations across all sectors use MDR services, from small companies with limited IT resources to large enterprises with an in-house SOC group. There are three main MDR response models:

• MDR team completely manages threat response on behalf of the customer
• MDR team works with the in-house team, co-managing threat response
• MDR team alerts the in-house team and provides remediation guidance

At Sophos we support all three approaches, adapting to individual customer requirements as needed.

Reason #1: Elevate your cyber defenses

One of the major advantages of using an MDR provider over in-house only security operations programs is elevated protection against ransomware and other advanced cyber threats.

An MDR vendor will experience a far greater volume and variety of attacks than any individual organization, giving them a level of expertise that is almost impossible to replicate in house. MDR service providers also have much greater fluency in using threat hunting tools, enabling them to respond more quickly and accurately.

Working as part of a large team also enables analysts to share their knowledge and insights, further accelerating response and developing ‘community immunity’ i.e. where learnings from one organization are applied to others with a similar profile.

Reason #2: Free-up IT capacity

Anecdotally, the biggest benefit reported by IT teams on adopting Sophos MDR is that it frees them up to support business-focused initiatives.

Threat hunting is time-consuming, and unpredictable work that often prevents IT teams from focusing on more strategic projects. Organizations using Sophos MDR report considerable IT efficiency gains from using our service, which in turn enables them to better support their organization’s goals.

Reason #3: Get 24/7 peace of mind

With malicious actors located around the globe, an attack can come at any time. By providing 24/7 coverage, MDR services provide considerable reassurance and peace of mind.

For IT teams this means — literally — being able to sleep better at night. They can relax knowing that the buck stops with the MDR provider. For senior leaders and customers, 24/7 expert coverage and a high level of cyber readiness at all times provides powerful reassurance that their data and the organization itself are well protected.

Reason #4: Add expertise, not headcount

Threat hunting is a highly complex operation. Individuals in this space need to possess a specific and niche set of skills, which makes recruiting threat hunting expertise an uphill task for many organizations. MDR services provide the expertise for you. At Sophos, we have hundreds of expert analysts that provide continuous MDR services to customers across the globe.

Reason #5: Improve your cybersecurity ROI

Maintaining a 24/7 threat hunting team is expensive, requiring at least five or six full-time staff. MDR services provide a cost-effective way to secure your organization and stretch your cybersecurity budget further. Plus, by elevating your protection, MDR services also greatly reduce the risk of experiencing a costly data breach and avoid the financial pain of dealing with a major incident.

If you use an MDR vendor that also offers endpoint – and other – cybersecurity offerings you can enjoy considerable TCO advantages from consolidating with a single provider as well as streamlining your vendor management efforts. Furthermore, by choosing a vendor that enables you to leverage your existing investments you can increase the ROI on existing spend.

Learn more

To learn more about the top benefits reported by organizations that use MDR services, download our whitepaper here.

Sophos MDR is the world’s most trusted MDR service, securing over 11,000 organizations against the most advanced threats, including ransomware. With the highest rating on Gartner Peer Insights and the Top Vendor recognition in the 2022 G2 Grid® for MDR services serving the midmarket³, with Sophos MDR your cyber defenses are in good hands.

For more information and to discuss how it can help you, speak with one of our advisors or visit www.sophos.com/mdr today.

Sophos: Sophos

We’ve just released the State of Ransomware in State and Local Government 2022 report, which offers fresh insights into ransomware attack rates, costs and recovery, and ransom payouts in state and local government organizations over the last year.

The report is based on our annual study of the real-world ransomware experiences of IT professionals, of which 199 respondents belonged to the state and local government sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging threat environment with state and local government reporting an above-average increase in the perceived volume of attacks and the impact of attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

• 58% of state and local government organizations were hit by ransomware in 2021, up from 34% in 2020 – an increase of 70% over the course of a year
• At the same time, the sector reported one of the lowest ransomware attack rates, at 58% compared to the cross-sector average of 66%
• State and local government reported one of the highest data encryption rates following ransomware attacks: 72% in state and local government vs 65% across sectors
• Only 20% said they were able to stop an attack before the data could be encrypted, considerably below the cross-sector average of 31%
• Just 63% of state and local government organizations whose data was encrypted used backups to restore data compared to the cross-sector average of 73%
• 32% of state and local government organizations paid the ransom to restore encrypted data – the lowest reported ransom payment rate across all sectors and considerably below the global average of 46%
• The average ransom payment by state and local government organizations was less than one-third of the cross-sector average: $213,801 in state and local government vs $812,360 across sectors
• On average, only 58% of encrypted data was recovered by state and local government, lower than the cross-sector average recovery rate of 61%
• State and local government organizations reported the lowest recovery cost of all sectors at $0.66M. This represents a drop of almost $1 million from the average cost of $1.64M reported by the sector the year prior. In comparison, the cross-sector average cost was US$1.4M.
• 80% of state and local government organizations reported having cyber insurance coverage against ransomware, lower than the cross-sector average of 83%
• Cyber insurance is driving state and local government organizations to improve cyber defenses: 96% have upgraded their cyber defenses to secure coverage
• State and local government organizations reported the lowest clean-up payout rate of 44%, considerably lower than the cross-sector average of 77%. The sector reported an above-average rate of ransom payout by insurance providers, with insurers paying out in almost half (49%) of incidents compared to the cross-sector average of 40%

The increasing rate of ransomware attacks in state and local government demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Most state and local government organizations are choosing to reduce the financial risk associated with such attacks by taking out cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims.

However, it is getting harder for organizations – especially in the state and local government sector – to secure coverage. This has driven almost all state and local government organizations to make changes to their cyber defenses to improve their cyber insurance positions.

Read the full report: The State of Ransomware in State and Local Government 2022

Sophos: Sophos

Sophos Zero Trust Network Access is now available with gateway support for the Microsoft Hyper-V 2016 platform and above. This release also introduces troubleshooting and scalability enhancements with an increase in tunnel capacity from 1,000 to 10,000 clients per node, representing a ten-fold increase.

New to this release:

• Hyper-V support
• Troubleshooting via console diagnostics
• Capacity enhancements
• SaaS application access with Synchronized Security

Hyper-V 2016+ support

Hyper-V support expands the ZTNA gateway deployment options considerably by including Microsoft’s very popular hypervisor platform. Download the new ZTNA gateway image for Hyper-V from the ZTNA Gateways area in Sophos Central. Click “Download gateway V”’ at the top of the screen.

The virtual gateway is also accessible from the “Protect Devices” menu in Sophos Central.

Troubleshooting via console diagnostics

One of the most frequently requested enhancements, which comes with this release, is support for troubleshooting via console diagnostics on the ZTNA gateway.

Users can access the console and run pre-defined diagnostics tests to troubleshoot connectivity or other issues preventing a gateway from being managed via Sophos Central. A brief explanation will be displayed on the console itself. Check out the ZTNA troubleshooting guide for further information.

Node capacity and scaling enhancements

Client capacity has been significantly enhanced in this release. Sophos ZTNA gateways with a single VM node (using 2 cores and 4 GB of RAM) now support up to 10,000 clients, and the maximum cluster of 9 nodes supports up to 90,000 clients. This represents a ten-fold increase over the previous version.

Existing deployments should update their gateway firmware to take advantage of this enhanced capacity.

Zero trust access to SaaS applications

ZTNA takes advantage of the simplicity of SaaS-based IP access enforcement and provides a new method for controlling access to SaaS applications.

ZTNA routes SaaS application traffic via the ZTNA gateway and provides several security benefits.

• Visibility into SaaS access: visibility and reporting from application access to SaaS and private applications.
• Enforcement: control what users and access methods are allowed to SaaS apps with a zero-trust approach.
• Dynamic access with Synchronized Security: automatically isolate and gate access from infected endpoints to stop threats from spreading and impacting data in SaaS applications and private applications.

To take advantage of this feature, your SaaS applications must support IP access controls. Whether your users are working remotely or in the office, ZTNA ensures that only verified users and healthy devices can access your important SaaS applications. While this is not a replacement for a full-featured CASB solution, it does provide additional controls and security enhancements for your SaaS applications and data.

Find out more in the ZTNA user documentation.

New to Sophos ZTNA?

If you’re new to Sophos ZTNA and want to learn more, head over to Sophos.com/ZTNA to learn why ZTNA is the ideal remote-access solution to securely connect users to your networked applications.

• Download our latest whitepaper on the Top Six Advantages of ZTNA
• Watch a video on Remote Access VPN vs ZTNA
• Get the latest ZTNA datasheet

Source: Sophos

The retail sector is no exception when it comes to the growing ransomware challenge that other industries face today. Retail saw the second highest rate of ransomware attacks across sectors, with two in three organizations reporting data encryption following a ransomware attack.

We’ve just released the State of Ransomware in Retail 2022 report, which offers fresh insights into ransomware attack rates, costs and recovery, and ransom payouts by retail organizations over the last year.

The report is based on our annual study of the real-world ransomware experiences of IT professionals, of which 422 respondents belonged to the retail sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging attack environment, with retail https://vimeo.com/744259875reporting an above-average financial and operational impact of ransomware attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

• Retail reported a 75% increase in the rate of ransomware attacks over the last year: 77% of organizations were hit in 2021, up from 44% in 2020
• The increased attack rate is part of a cross-sector, global trend. The retail sector reported the second-highest rate of ransomware attacks across all sectors
• Retail experienced an above-average rate of data encryption at 68%; for comparison, the global average was 65%
• Only 28% of retail respondents said they were able to stop an attack before data could be encrypted – below the global average of 31%
• 49% of retail organizations paid the ransom to restore data – higher than the global average of 46%
• The amount of data restored by retail after paying the ransom dropped from 67% in 2020 to 62% in 2021. Following the same trend, the percentage of retail organizations that got ALL their encrypted data back went down from 9% in 2020 to 5% in 2021. For comparison, the global average in 2021 was 4%.
• The average ransom payment by retail was less than one-third of the cross-sector average: $226,044 in retail vs $812,360 across sectors
• The overall cost to remediate a ransomware attack for retail organizations dropped over the last year, down from US$1.97M in 2020 to US$1.27 in 2021. The cross-sector average was US$1.4M, for comparison.
• 88% of retail organizations reported having cyber insurance coverage against ransomware – the second highest rate across all sectors, compared with the cross-sector average of 83%
• Cyber insurance is driving retail organizations to improve cyber defenses – 97% in retail have upgraded their cyber defenses to secure coverage
• Retail reported a below-average rate of ransom payout by insurance providers at 35% compared to the cross-sector average of 40%

The increasing rate of ransomware attacks in retail demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Most retail organizations are choosing to reduce the financial risks associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims. However, the sector has one of the lowest ransom payout rates by cyber insurers.

It is getting harder for organizations, especially in the retail sector, to secure coverage. This has driven almost all retail organizations to make changes to their cyber defenses to improve their cyber insurance positions.

Read the full report: The State of Ransomware in Retail 2022

Source: Sophos

Kaseya, the leading global provider of unified IT management and security software for managed service providers (MSPs) and mid-market enterprises (MMEs), opened DattoCon in person following a three-year pandemic-induced hiatus.

The conference attracted over 2.700 from 29 countries and was held September 11-13th at the Walter E. Washington Convention Center in Washington, D.C. Kaseya CEO Fred Voccola joined by leaders from Datto, articulated the strategic direction of Datto and unveiled a host of innovations, including the latest additions to the security portfolio available for Datto Partners to offer to their customers.

“We are super excited about this year’s DattoCon and sharing with our partners, how much stronger we are as a result of Kaseya and Datto coming together,” said Voccola. “We’re also happy to have everyone back together for the first in person DattoCon since the pandemic – this will be a tremendous opportunity for networking, learning and some fun!”

Fred Voccola shared the vision behind combining Datto and Kaseya and highlighted exciting new developments, including new product innovations and enhanced pricing options for Datto partners during his CEO keynote address. A big message during Monday’s start of DattoCon 2022 was helping MSPs make the most of the massive market opportunity with SMBs by reducing their pain points.

Kaseya is going to make Datto more affordable and help MSPs and address challenges like “vendor fatigue.” That’s according to Fred Voccola, Kaseya’s CEO. He addressed MSPs during the start of this week’s DattoCon 2022 in Washington, D.C. More than 2,700 attendees are at the conference.

Voccola said Datto‘s Autotask is the best professional services platform (PSA), and its remote monitoring and management (RMM) “rocks.” He also said MSPs will see an average 15% reduction in the cost of Datto solutions. “Is Kaseya going to force a change in commercial terms?” Voccola said. “Absolutely not, we’re not changing any terms of existing licensing deals. We will continue the existing business models and offer enhanced savings for longer-term commitments.” MSPs are suffering from vendor fatigue in that the average MSP is working with 17 vendors, he said. That’s “too much overhead and a pain in the butt.” Kaseya and Datto coming together can potentially reduce that from 17 to one, “greatly reducing complexity in managing vendors,” Voccola said. “We address this with workflow integrations,” he said. “Because we own the platform and control the road map, we’re able to deliver hundreds of deep integrations, adding about 25 per month, on top of lightweight integrations we have.”

It’s now been 10 weeks since Kaseya completed its $6.2 billion acquisition of Datto. The deal has generated controversy from MSPs concerned Datto will change for the worse as a result. Voccola (pictured on stage above) said Datto plus Kaseya is “100% focused” on partner-centricity. “Our company exists to serve the MSP community,” he said. “This company only succeeds when you succeed. We recognize everything we do is built around that fact.”

With the Datto acquisition, the combined company is making a $14 billion investment in the MSP community.

Voccola said Kaseya and Datto coming together is “transformational” for the industry. “But us as a company, we’re going to make mistakes, but we’re going to do more things right than wrong,” he said. “And our strategy is invest a ton of resources in … what we believe is needed to make MSPs successful.”

Kaseya didn’t buy Datto to create value by cutting costs and maximizing earnings, Voccola said. “Our investment thesis is one of growth, and growth requires investment,” he said. Kaseya already has added 65 people in R&D and plans to add an additional 100 in the months ahead, Voccola said. Also, January 1 of this year, there were 826 bodies in software development. Today, there’s 891. By the end of the year, we are hoping to have a little over 1,000 people, he said.

“We are giving the ammunition, the resources to the people who design really awesome products so they can do more,” he said. “This isn’t something that’s going to backtrack if the global economy slows down.” Kaseya has worked to commercially integrate new products from the Datto acquisition. And Kaseya will integrate all of Datto by January, Voccola said. “There are already six workflow integrations completed, and we’ll be adding 30 in the coming weeks, all done within IT Complete,” he said.

Datto’s global partner program is expanding, offering more partners the ability to participate in the MSP growth-oriented program. This includes doubling market development funds (MDF) and tripling global partner program personnel. Attendees also got a preview of multiple innovations the company is planning, including Datto Managed SOC, powered by RocketCyber; Datto EDR; and Datto Secure Edge, a SASE offering. These solutions allow users to securely connect from anywhere and access sensitive data in the cloud, the company said. 

Source: Datto, Channel Futures, Channel Futures and CRN

Did you know that human mistakes are to blame for 95% of all cybersecurity breaches?

Cyberattacks can affect any firm, regardless of size. To launch these attacks and access an organization’s computer systems, hackers are employing increasingly complex methods. Depending on your location, you may be required to follow specific cybersecurity regulations to demonstrate that your essential assets are protected.

If you don’t, you could face high fines and legal difficulties if your data is exposed as a result of a system breach. As a result, there’s a lot of pressure to comply with these stringent cybersecurity laws and regulations.

Read on to find out more.

What does cybersecurity regulatory compliance mean?

Cybersecurity regulatory compliance entails adhering to several measures to safeguard data confidentiality, integrity, and accessibility.

Cybersecurity standards vary depending on the industry and sector, but they often require the use of a variety of organizational processes and technology to protect data.

The CIS, the NIST Cybersecurity Framework, and ISO 27001 are just a few security frameworks and sources of controls.

Major government cybersecurity regulations

For smooth operations, your business needs to be compliant with the law. Some major government and banking cybersecurity compliance regulations include:

HIPAA

HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Approved in 1996, this legislation contains restrictions to ensure the privacy, integrity, and accessibility of Personal Health Information (PHI).

HIPAA involves healthcare cybersecurity regulations that apply to healthcare providers, health plans, and others who manage PHI. If you’re not sure if HIPAA applies to you, we recommend speaking with an attorney with regulatory compliance experience.

GDPR

The General Data Protection Regulation (GDPR) is a set of data privacy policies that the European Union introduced in 2018 to coordinate data privacy laws across Europe.

All EU member states, the European Economic Area (EEA), and personal data transfers beyond the EU and EEA are covered by the GDPR. This means that GDPR obligations apply to any firm that collects data or targets individuals in the EU, regardless of its location.

The GDPR’s principal goal is to give individuals more control over their data while simultaneously unifying EU legislation to make the regulatory environment easier for transnational businesses. The GDPR specifies guidelines for personal data protection, data minimization, and security.

FERPA

The Family Educational Rights and Privacy Act, or FERPA, is a federal statute that protects the confidentiality of student educational data. All institutions that receive financing from the US Department of Education are subject to this law.

FERPA provides parents, students over the age of 18, and students attending colleges, universities, or trade schools with specific rights and safeguards regarding their educational records.

CCPA

The California Consumer Privacy Act (CCPA) is a state statute enacted to strengthen the privacy rights and consumer protections of California residents. Taking effect in 2020, this was the first law in the United States to provide comprehensive data privacy laws, similar to the GDPR in the European Union.

The CCPA applies to any California-based corporation that generates at least $25 million in annual revenue, makes more than 50% of its revenue from user data collection, or collects data on more than 50,000 users. This includes any corporation that collects or sells personal information from California users, regardless of the location.

Although these four above are some of the most well-known regulations there are lots more out there so it’s always important to check your local regulations with a legal professional.

4 tips for cybersecurity regulatory compliance

Cybersecurity compliance is a core part of any business. To keep up with relevant cybersecurity rules and regulations so you can be compliant, here are some basic steps.

1. Identify what requirements may apply

To start working toward cybersecurity regulatory compliance, you must first determine which regulations or laws you must follow. To begin with, data breach notification regulations exist in every state in the United States, requiring you to tell customers if their personal information is compromised.

For example, regardless of which state your firm is in, if your business deals with the financial information of a New York resident, you would be subject to the NYDFS Cybersecurity Regulation’s set of standards.

Furthermore, the California Consumer Privacy Act and the New York Department of Financial Services Cybersecurity Regulation impose restrictions that may apply to your firm based in any state if you deal with data covered by these laws.

2. Implement policies, procedures, and process controls

It’s not only about technology when it comes to cybersecurity regulatory compliance. It’s also critical to have risk-mitigation policies and processes in place for both compliance and safety.

There is no technical precaution in the world that can prohibit a committed employee from downloading malware onto company systems or visiting unsafe websites.

3. Conduct risk and vulnerability assessments

Almost every significant cybersecurity compliance obligation necessitates a thorough risk and vulnerability analysis. These are crucial in determining the most serious security issues in your organization, as well as the controls you already have in place.

When doing vulnerability assessments, it’s also important to think about your risk of ransomware attacks.

4. Review and test

Examine any applicable government cybersecurity rules that must be followed, and make sure to test your controls regularly. It’s easy to lose track of cybersecurity laws and regulations as firms grow and develop, but regular testing can help you stay on track.

It’s a good idea to keep an eye on compliance as new standards emerge and existing ones change, and to test both technological and process controls regularly. If you are unsure whether you are meeting a compliance requirement, we recommend consulting with a cybersecurity compliance attorney.

How Datto can help

The sort of data you manage, your industry, your regulatory body, and the geographic boundaries in which you operate all influence your regulatory responsibilities.

However, you should speak with a compliance consultant or an attorney to determine the specific cybersecurity regulations that apply to your company.

Contact us if you or your business requires assistance in dealing with cybersecurity compliance obligations. We will be pleased to address any questions you may have about our services.

Source: Datto