News
With perimeter boundaries quickly blurring thanks to remote care and telehealth, the implicit trust placed in perimeter-centric security makes healthcare dangerously vulnerable.
The Sophos State of Ransomware in Healthcare 2022 report revealed a 94% increase in ransomware attacks on healthcare year over year, with 66% of healthcare organizations getting hit by ransomware in 2021.
Furthermore, 61% of these attacks resulted in data encryption, making healthcare data unavailable until the victims paid ransom or restored their systems. Such attacks can prove deadly as they disrupt patient care and safety.
So, healthcare today is as much about securing patient data as it is about providing effective patient care.
It’s a challenge for caregivers, remote healthcare workers, and outsourced staff who need access to such data to provide uninterrupted and remote patient care.
Not only do they need to contend with multiple industry regulations that regulate the use of protected health information (PHI), including the Health Insurance Portability and Accountability Act (HIPAA), but there’s also a labyrinth of access and authentication complexities as well.
The industry is moving to cloud-based apps and services while also witnessing a proliferation of IoMT devices, telehealth, remote patient monitoring, portable medical devices, augmented reality, and robotics – all of which use existing IT infrastructure and legacy security technologies, resulting in a broader attack surface.
Most attacks on healthcare organizations exploit the inherent trust and unrestricted access given to the users and devices that are protected by traditional perimeter-based security.
With perimeter boundaries quickly blurring thanks to remote care and telehealth, the implicit trust that organizations place in their perimeter-centric security makes them dangerously vulnerable.
ZTNA – or zero trust network access – makes healthcare IT more effortless and secure by verifying user identity, device health, and access policy before seamlessly granting access to network resources. It only connects users to very specific applications or systems, not the entire network.
ZTNA eliminates vulnerable VPN clients and can prevent compromised devices from connecting to applications and data, effectively preventing lateral movement and attacks like ransomware from getting a foothold on the network.
With Sophos ZTNA, you get the added benefit of a single-agent, single-console, single vendor solution for both ZTNA and your next-gen endpoint protection.
Sophos ZTNA uniquely integrates with Sophos Intercept X endpoint protection to constantly share status and health information and can automatically isolate compromised systems and prevent threats from moving or stealing data.
Sophos ZTNA removes implicit trust in your healthcare organization’s applications, users, and devices and provides segmented access to your systems and resources only to those who need it.
Learn more at Sophos.com/ZTNA.
Source: Sophos
[vc_row][vc_column width=”1/1″][vc_single_image media=”103038″ media_width_percent=”100″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20the%2021st%20and%2022nd%20of%20September%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-210407″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-377884″ text_size=”h1″ text_weight=”200″ text_color=”color-xsdn”]Sophos XGS Architect Training [/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]
Wednesday, September 21 & Thursday, September 22
(2 days crash Training / NSS Training Center – on premises)
A two-days crash training program which is designed and intended for experienced technical professionals who want to install, configure and support the XGS Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos.
Trainer: Micheal Eleftheroglou
Training room: NSS ATC training room 3rd floor
Requirement
- XGS Firewall _ Certified Engineer course and delta modules up to version 18.5
Recommended Knowledge
- Knowledge of networking to a CompTIA N+ level
- Knowledge of IT security to a CompTIA S+ level
- Experience configuring network security devices
- Be able to troubleshoot and resolve issues in Windows networked environments
- Experience configuring and administering Linux/UNIX systems
Content
- Module 1: Deployment
- Module 2: Base firewall
- Module 3: Network Protection
- Module 4: Synchronized security
- Module 5: Web server Protection
- Module 6: Site to site connections
- Module 7: Authentications
- Module 8: Web Protection
- Module 9: Wireless
- Module 10: Remote Access
- Module 11: High Availability
- Module 12: Pulic Cloud
Certification
+ exam: Sophos XGS Architect
Duration 2 days
Language: Greek & English
[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20the%2021st%20and%2022nd%20of%20September%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_single_image media=”103038″ media_width_percent=”100″ alignment=”center”][/vc_column][/vc_row]
Before trying to better understand what enterprise data security is, it’s best to know the meaning of data security in a broader sense. In essence, data security is everything that surrounds the protection of digital data from destructive forces or unwanted actions of unauthorized users, such as from a cyberattack or data breach. Data security should be a priority for just about any business or organization from mom-and-pop shops to mid-market companies; cyberattacks and data breaches do not discriminate.
The same can be said for large enterprises with several thousand employees, though, and oftentimes, the consequences of a security incident can be even more damaging due to the nature of the data those organizations handle. Enterprises like hospitals, financial institutions, and manufacturers create, transfer, and store particularly sensitive information that, in the eyes of cybercriminals, can be far more lucrative. In this way, because enterprises require specific solutions that can handle the sheer volume and sensitivity of the data they manage, enterprise data security is often considered a highly calculated and sophisticated form of data security.
Why Does Enterprise Data Security Matter?
What often separates a security incident experienced by an enterprise from a security incident experienced by a small- or mid-size organization is the scale of the impact. For example, if a small retail business is hit with a ransomware attack, there’s no doubt that the business would need to find a means of restoring operations, whether that means paying the ransom or finding another means of stopping the attack, but the attack wouldn’t necessarily have immediate, negative repercussions for the business’ customers. On the other side of that coin, however, if an enterprise like a hospital were to be hit with that same ransomware attack, highly sensitive information like health records, financial information, social security numbers, and more could be put at risk, but more importantly, the health of patients could be put in immediate jeopardy.
In short, enterprises and their daily operations are often considered essential to the point that any disruption, breach, or attack could cause immediate, severe complications for many. That reality, in combination with the sharp rise in hybrid work environments and remote collaboration, means data is less static than ever before, there are higher chances of an accidental data breach occurring, and more attack vectors are available for criminals to exploit. As a result, enterprise data security solutions should protect data throughout its entire life cycle and must be as comprehensive and far-reaching as possible to ideally prevent security incidents from ever occurring.
Common Pain Points in Enterprise Data Security
Choosing the Right Solutions
Choosing the right data security solution(s) can be a daunting task in and of itself, particularly for enterprises that are only just beginning to ramp up their security efforts. Are there any already-known weak points in your data’s life cycle, and could any of that data cause your enterprise harm if compromised? Does your enterprise already have other security solutions in place? These are all questions worth exploring before attempting to find more solutions to add to your security plan. Otherwise, you may find that your newly implemented solutions cause more headache than protection.
Data Visibility
Data visibility remains one of the most common pain points in enterprise data security, with a whopping 63% of respondents from our 2022 CISO Perspectives: Data Security Survey reporting that it is their organization’s biggest security challenge. Particularly for large enterprises, whose thousands of employees handle sensitive data daily, being able to locate where that data moves can be a tricky task without the proper solutions in place. If those enterprises don’t know where their sensitive data lies, adequately protecting it from getting into the wrong hands becomes far more difficult, if not nearly impossible. Data protection solutions like data classification, data loss prevention (DLP), and digital rights management (DRM) can help to identify sensitive data, track it wherever it goes, and even revoke access in real-time in case of a breach.
Ease of Use
For security solutions to be effective in practice, they should be easy for employees to implement in their workflows, work with your enterprise’s existing security framework, and integrate with one another if several solutions are being used together. Unfortunately, security solutions aren’t always easy to use , so it’s always best to explore all your options, take advantage of solutions that automate complicated processes when possible, and ensure that implementing a given solution won’t place significantly more work on your employees’ shoulders.
Threats Outpacing Security Initiatives
Circling back to our 2022 CISO Perspectives: Data Security Survey, 52% of respondents claim that cyber threats have become fiercer in the past year. Creating and implementing a data security strategy within a large enterprise can be a lengthy process, and because the threat landscape is ever-growing, “catching up” to those threats before an attack actually occurs can feel like an impossible task. Even so, rushing to create and implement a data security plan without taking time to weigh all your options could turn out to be just as dangerous. The time to begin taking data security seriously is now but doing so with time and care will ensure that your data security strategy is ultimately successful.
How to Tackle Enterprise Data Security
Generally speaking, depending on which security solutions are most compatible with your enterprise’s existing infrastructure, workflows, and data, the best solutions for your enterprise could look vastly different than those of your closest competitors. But even so, the most successful enterprise data security strategies still have some common ground.
Create a Layered Security Plan
While individual security solutions can adequately keep your enterprise’s data secure during part of its life cycle, there is no silver bullet solution that will keep it protected at all times. The best way to ensure that your sensitive data is protected at creation, in transit, and at rest is to layer several solutions together for comprehensive, integrated coverage. Work not only to ensure that your data is properly labeled, wrapped in encryption, and has granular access controls attached to it, but also that your employees are trained to spot phishing emails, that your corporate network is properly segmented, and that all devices used by employees are updated and secured.
Find Solutions That Cause the Least Resistance
Data security solutions should work with your enterprise and its employees, not against them. If you find that your implemented solutions have slowed workflows or are creating more work for your employees, it may be time to consider other options. Start by taking advantage of solution integrations with automated processes, like how HelpSystems secure file transfer solutions can automatically apply digital rights management as soon as a file is securely transferred.
Find Solutions That Are Flexible and Scalable
Although your enterprise may already be well-established and employ thousands of people, changes can happen quickly, and your security solutions need to be able to adapt. While finding solutions that will meet your enterprise’s security needs now is paramount, finding solutions that are flexible and scalable enough to evolve with your organization in the future can save the time and effort that would otherwise be spent shopping for new solutions.
Source: HelpSystems
When a large-scale data loss recently occurred at a backup provider, it shined a new spotlight on data safety. Managed service providers (MSPs) that were directly affected, as well as those that weren’t, had to re-evaluate their approach to client data protection.
When you place top priority on dependable backup, you position yourself to maintain long-term customer trust. This safeguards your own reputation and MSP business in the process.
At Datto, reliability of data safety eclipses all other considerations in the design of our business continuity and disaster recovery (BCDR) solutions including SIRIS, ALTO and Datto Continuity for Microsoft Azure. This approach is also central to our backup and restore solutions Cloud Continuity for PCs and SaaS Protection +.
The resilience of a purpose-built cloud
The Datto Cloud, purpose-built for backup and recovery, is immutable cloud storage made for MSPs like you. This means it provides the highest level of data protection, minimizing downtime for both MSP business and your clients.
We currently operate the Datto Cloud with more than 1.5 Exabyte (1500 petabytes) of data stored. As that number continues to increase, Datto has no plans to move our data backup and recovery storage to a third-party cloud. In fact, with the exponential growth of our partner MSPs’ businesses, Datto has performed eight data center migrations since 2018 to keep pace, and we have never lost a single byte of customer data, HDD, or server in the process.
MSPs that choose the predictable Datto Cloud are safeguarding more than your clients’ data — your services, MSP practices and reputation all have maximum protection. There are revenue benefits too, as the scalable Datto Cloud allows MSPs to keep growing your business. Datto invests heavily into scaling the cloud, to exceed the requirements of the fastest-growing MSPs and eliminate those unwelcome “no space” surprises.
Redundant and reliable
What makes the Datto Cloud highly reliable? Industry-best multi-tier resiliency and redundancy are present on every level, from HDDs to servers to data centers. If any major component of the Datto Cloud malfunctions, the data remains safe so you can keep providing predictable services to your clients.
Best practices have been applied at each stage to strengthen the Datto Cloud. In the Americas and EU, all data is replicated geographically from one data center to another that is in a distant location. Our abundance of caution extends to the server racks, where everything is redundant including:
-
Power sources
-
Power distribution units (PDU)
-
Power supply units (PSU)
-
Network interface cards (NIC)
-
HDDs are in RAID configurations
-
and more
As a result, the Datto Cloud is well equipped to minimize outages and the risk of data loss. When you choose Datto you can be sure that you will fully recover client systems after any disaster, so you can win the trust of your customers and accelerate business growth.
Do not deduplicate in the cloud
There’s another key factor that contributes to data safety: the file storage techniques used once files or workloads are backed up to the data center. A cornerstone of Datto’s commitment to MSP success is minimizing risk, a mindset that informs our strategic technology decisions.
One example of this is our design of the Datto Cloud. To increase the resilience of backups and diminish the risk of data loss, we intentionally decided not to use deduplication in the cloud. Deduplication is a storage method used by backup providers to reduce their storage resource consumption and associated costs. Its tradeoff is an increased risk of sprawling data loss that can have a disastrous impact on MSPs and their customers.
Deduplication works by storing identical blocks of data just once and then leveraging metadata to point to the actual data block content. For example, imagine one 20 MB PDF is stored in five folders for five different salespeople — the result is 100 MB of disk space maintaining one 20 MB file. With deduplication, only one complete copy is stored, and others are simply references pointing to that one saved copy. Users still see their files in place, but only 1/5th of the necessary storage is being consumed. Sounds great? Not necessarily.
The downside of deduplication emerges if the metadata or the stored block become corrupted or lost. That’s when multiple backups, customers, and MSPs can be affected. In our example, if the stored data is corrupt, all five files would be gone forever. With lost or corrupt metadata, it would be even worse — it would be nearly impossible to know which backups or salespeople have lost the file. Without the metadata, it becomes extremely difficult to determine which backups, customers or MSPs are affected.
Datto eliminates this hazard by using Inverse Chain Technology instead of deduplication. This is an elegant solution for issues associated with traditional backup chains, as while it transfers and stores only the differences between backups, each backup is seen as full and independent of other backup points,whether they come from the same machine, different machines, different users, or different MSPs.
Not only is there no deduplication metadata involved in the Datto Cloud, our Inverse Chain Technology eliminates the need for rehydration (the reconstruction of previously deduplicated data) or incremental backup chain reconstruction, which can be a very slow process. As a result, MSPs can easily tune and adjust backup parameters, and instantly restore to any point in time. This strategic design decision is one more reason why Datto assures confidence in the safety of your backups, as well as your ability to recover your clients’ systems quickly after a disaster.
As you evaluate your options for backup, being certain about data safety must take top priority. With the purpose-built and secure Datto Cloud at the core, the reliability of Datto solutions provide protection built for the MSP.
Source: Datto
What are one-time passwords?
A one-time password (OTP) is the password used in a credential pair that is valid for only one login session or transaction. OTPs are used to minimize the risks of traditional, static password-based authentication by making passwords variable per operation. As an added layer of security, OTP implementations can also incorporate two-factor authentication (2FA) to help verify the identity of the individual using an additional trusted source.
What’s the benefit of a one-time password or secret?
When it comes to securing sensitive information, there are many tactics employed by cybersecurity professionals. But as we all know, information is meant to be shared. So, how do we enable that in a secure but usable manner? One effective tactic is to implement one-time passwords.
The most significant benefit of OTPs compared to unmanaged passwords is that they are not vulnerable to replay attacks. In other words, a threat actor who manages to capture an OTP used for a valid session cannot effectively reuse it since it the password is not validefor future sessions or operations. A one-time password will typically expire in minutes, or even seconds.
OTPs themselves are typically random and also not susceptible to pattern-based password attacks, nor dictionary attacks. This makes them ideal for some of the most secure and privileged activities needed within an organization.
How do one-time passwords work? An example using Password Safe.
BeyondTrust Password Safe is a privileged credential management solution designed to automatically onboard, manage, and rotate passwords, and audit their use across enterprises. The randomization of individual account passwords can be configured for extremely complex passwords that are not human-readable (assuming the resource supports the complexity and length). In addition, the BeyondTrust solution allows for only a single checkout instance of a password. Once a session is complete, the password is auto-rotated until the next session request is granted.
In essence, Password Safe allows for OTP for any privileged account session and can also be used with 2FA to provide a high confidence level of the user’s identity. “Change password after any release” is the simple feature that provides this functionality.
If you consider the benefits of OTPs and Password Safe, every customer can enhance their security posture by providing a unique password for every session and every single connection. This is a very simple security model, but incredibly effective in stopping a threat actor from compromising accounts within your environment using attacks that leverage static (or stale) passwords.
One-time passwords versus static passwords
We often work with customers who are not ready for a fully dynamic access workflow. But, at the core of this workflow, is still a centralized, audited, and access controlled solution that protects their critical credentials.
Storing static privileged credentials wrapped with modern encryption and approvals can elevate an enterprise’s security stance to meet many compliance regulations. This static storage model also facilitates a seamless phased approach to full privileged access management.
One-time passwords versus dynamic secrets
A modern iteration of a one-time password is a one-time account, aka dynamic secrets. While fundamentally solving for the same core security principles of least privilege and zero standing privileges (ZSP), the mechanics can be a bit more complex, requiring the right tooling to solve for at the enterprise level. Now, instead of just regenerating a password, a full account with account permissions needs to be considered.
Implementing OTPs – Best practices depend on use cases
There are countless use cases and methods for one-time passwords as an authtentication security control around sensitive data. It is important to understand the desired outcome for ease of access and security. The right PAM tool should help enable the balance between the two.
For more information on how BeyondTrust can help manage your privileged accounts, contact us for a demo.
Source: BeyondTrust
It’s not news that cybercrime is a constant battle—large enterprises and small businesses everywhere are susceptible to a myriad of advanced email threats and socially engineered attacks, such as executive or brand impersonation. According to IC3’s Internet Crime Report, over $44 million in losses in 2021 were a direct result of malicious phishing and advanced email scams.
Despite billions having been invested into perimeter and endpoint security since the onset of the pandemic and the birth of remote or hybrid work environments, phishing and business email compromise (BEC) scams have become primary attack vectors into organizations, often giving threat actors the toehold they need to wreak havoc on companies and their customers. Additionally, there are infinite savvy social engineering ploys that easily evade most of the email defenses in use today.
How Do Phishing Schemes Happen?
Interestingly, these incredibly complex scams can be deployed with fairly simple methods. Threat actors have become highly skilled at impersonating brands or domains or spoofing individual emails to steal account holder credentials. How does this occur? Unfortunately, both employees and customers are often too trusting of emails that make it to their inboxes. These scams often impersonate people of authority and target employees who have access to financial information and present a time-sensitive scenario, such as needing an “urgent wire transfer” to pay an invoice for a supposed vendor. The bank account for that vendor is, of course, one controlled by the cybercriminals. With this method, BEC actors trick unsuspecting employees out of millions of dollars each year.
To compound the problem, bad actors have evolved their strategies and discovered that targeting anyone along the org chart—even interns—can result in a breach when they ask for (or offer) something as simple as a free iTunes gift card. These same threat actors realized that they could compromise employee inboxes, providing an avenue to sift through emails to identify additional opportunities for fraud. In tandem, threat actors can set up and send multiple phish from the central attack infrastructure—whether they are fake sending domains or IPs.
Prevention & Mitigation through Customer Phishing Protection
Being able to detect a phishing scheme early in its lifecycle is the first step in reducing risk. This is why HelpSystems provides a comprehensive customer phishing protection offering from Agari and PhishLabs: to prevent, detect, and disrupt phishing attacks. As phishing campaigns and infrastructure multiply, many organizations find themselves in need of more proactive and robust protection that can deliver the email authentication, risk protection, threat intelligence, and mitigation capabilities necessary to successfully fend off attacks.
Agari analyzes two trillion emails per year claiming to be from domains across the world’s largest cloud email providers. By combining Agari’s tools with third-party sender knowledge, your organization’s legitimate email can be authenticated, and unauthorized messages blocked from reaching customers. This is accomplished through Agari Brand Protection, which stops phishing by automating the process of DMARC email authentication and enforcement to protect customers from cyberattacks.
How? During a phishing scam, DMARC failures identify a threat or suspicious message once it launches and the intel included in that specific failure report is automatically fed by Agari to PhishLabs without the need for intervention from a SOC team member. And once a threat is identified, mitigation is immediately pursued without requiring any client intervention, reducing the amount of time needed to address threats and shut them down.
This direct integration between Agari and PhishLabs expedites the phishing detection process exponentially. It can also disrupt more phish by taking down the campaign attack-sending infrastructure. In some instances, Agari reports will provide additional intelligence on the sending infrastructure, and PhishLabs will pick this up and identify the infrastructure details, gather malicious evidence, and then pursue takedown. And once the central infrastructure is down, it substantially disrupts a threat actor’s ability to stage additional phishing campaigns.
Detection through Digital Risk Protection
PhishLabs’ Digital Risk Protection automatically integrates the intelligence collected from Agari Brand Protection into an extensive collection apparatus that consumes a broad range of sources, including:
- Spam feeds
- Domain registrations
- SSL transparency logs
- Passive DNS monitoring
- Active DNS queries
- DMARC failure reports
PhishLabs continuously mines this intelligence to proactively detect phishing campaigns early in the attack cycle. By integrating Agari’s collected intelligence, PhishLabs can identify threats and take immediate action to disrupt them using automated kill switches and preferred escalation integrations. PhishLabs also uses Agari’s artificial intelligence capabilities to pursue the mitigation of underlying campaign infrastructure to further disrupt phishing attempts, leading to the deterrence of future attacks.
By combining best-of-breed services, HelpSystems’ Customer Phishing Protection bundle from Agari and PhishLabs significantly reduces the complexities associated with stopping phishing campaigns and helps enterprises achieve end-to-end phishing protection through a trusted partnership and seamless integration.
For a personalized demo of HelpSystems’ Customer Phishing Protection bundle, click here.
Source: HelpSystems
Once upon a time, it was often necessary to define the term “ransomware” as it was frequently met with questioning looks and the need for clarification. Nowadays, you can hardly go a day without hearing about some sort of attack. What has made ransomware such a pervasive threat, and how can organizations learn to better protect themselves? In this blog, we’ll discuss why so many are worried about ransomware and how Core Impact’s latest ransomware simulation feature makes this pen testing tool more effective than ever at reducing your risk.
The Concern Over Ransomware
According to the 2022 Penetration Testing Report, ransomware is one of the top concerns for cybersecurity professionals. Unfortunately, the ever-constant anxiety over ransomware is well justified. A report by PhishLabs shows there is a consistently rapid increase in ransomware, with a growth rate of well over 100% year over year. The cost of ransomware attacks is also on the rise and has even put some organizations out of business. The average ransom demand alone was $220,298 in 2021. The recovery cost is much steeper, and averages at $1.8 million.
Ransomware has perhaps become so prevalent due to ease of use. Not only can you purchase ransomware kits off the dark web, you can also hire the work out, using Ransomware-as-a-Service (RAAS) providers. Additionally, the most popular ransomware vectors are built into every organization and impossible to close—according to the 2021 Malware Report, 70% of ransomware breaches had entered the surveyed organizations using phishing emails.
However, despite these challenges, organizations are not helpless against ransomware threats. Just like so many things in life, the key to improving your defenses comes down to regular practice.
Ransomware Simulation with Core Impact
Users of Core Impact can now efficiently simulate a ransomware attack using an automated Rapid Pen Test (RPT). Given ransomware’s close association with phishing campaigns, the simulator can easily be paired with a phishing campaign RPT for deployment. From there, security teams are then able to mimic the behavior of multiple ransomware families, encrypting user-specified files using a fully reversible symmetric key. They can also exfiltrate files to establish which mission critical data is most at risk after the initial breach is complete.
Additionally, if enabled, the ransomware simulator offers an automatic rollback after a set amount of time, leaving the environment as it was before the attack. If files remain encrypted, this gives defensive utilities a chance for detection and subsequent triggering of corrective actions.
Finally, Core Impact’s ransomware simulator enables the definitive move of most ransomware strains: the ransom note. Security teams can create and leave an explanatory README file once the exercise has been completed. This file will inform a user that they have experienced a ransomware scenario and can prompt them to contact the security team or provide other next steps, such as further training on ransomware and how it can get into your system.
You can see Core Impact’s ransomware simulation in action in the overview video below:
Source: Core Security
Congratulations! You’ve just completed a penetration test. So what now?
A pen test shouldn’t represent the pinnacle of your security efforts. Rather, the test validates what your organization is doing right and highlights areas for improvement.
Even if the test showed that it was possible to gain administrative access and move laterally through your network, this doesn’t mean you have “failed.” Rather, the purpose of a pen test is to find vulnerabilities so your organization can fix them before they are exploited and to advance the security of the network.
Take these four steps to maximize the effectiveness of pen testing:
- Review and discuss the results
- Develop a remediation plan
- Validate implementation
- Focus on continuous improvement
Review and Discuss the Results
The retrospective process after a pen test varies depending on several factors: the company’s needs, who completed the pen test, and the quality of the report.
A report should include these elements:
Summary of successful scenarios: An executive summary will list the steps that were performed, which ones were successful from an attacker point of view, and which ones failed.
List of information gathered: A comprehensive report will include any information that could be a security weakness, including hosts, applications, identities, email addresses, credentials, and misconfigurations.
List and description of vulnerabilities: Also look for a prioritized list of the found vulnerabilities with the common vulnerabilities and exposures (CVE) score and exploit potential. Ranking vulnerabilities by potential severity will help with the development of a remediation roadmap. By pairing with a vulnerability management solution, you can refine prioritization even further with additional analysis and relevant risk context.
Detailed description of procedures: A description and audit trail of all performed activities and their results will allow your security staff to retest for specific vulnerabilities after a patch has been applied or remediation performed.
Additionally, it’s critical that the C-suite knows what IT is doing to protect network infrastructure. An executive report outlining the high-level findings and remediation steps provides useful education and can help make the business case for necessary resources to move forward.
Develop a Remediation Plan
Although it may seem counterintuitive, resist the urge to start making changes immediately. Developing a remediation plan is an essential first step, as it allows you time to prioritize planned fixes and research any mitigation strategies you may not fully understand. Many pen test reports include a rating on how severe the finding is based on potential impact and likelihood of exploitation, which will help you establish priorities.
Every finding should have a plan with a priority and, if possible, be assigned to someone to remediate — with a due date. Those plans should be loaded into your security ticketing system so that you can track progress and completion of each task.
You want to avoid having the same critical vulnerabilities on multiple tests. If you aren’t keeping up with pen test findings and remediating them as soon as practical, you’re compromising your company’s cybersecurity posture.
Validate the Implementation
Once the findings from the pen test have been remediated, it’s time to validate that the changes actually solved the issue. You can rerun the scenario that uncovered the vulnerability to ensure the fix is sufficient. Additionally, performing regular penetration tests can provide updated information on your security posture, particularly after changes have been made to your infrastructure. If you are using a vulnerability management solution that provides risk-based scoring, you can rerun your scans to assess whether your scores have improved.
Before running subsequent pen tests, however, it’s helpful to review the scope and findings of previous pen tests. The scope of each pen test can vary widely, with some looking more broadly at the IT infrastructure and others focusing on particular problem areas. By taking into account whether additional or different tests should be completed, you can ensure that you’re getting the most valuable insights possible.
Focus on Continuous Improvement
Cybersecurity is a journey — not a destination. Your next pen test will likely uncover new vulnerabilities that require different types of remediation. If your pen testers return no findings, you should question the competence the efficacy of the test.
You also must recognize that some vulnerabilities will require larger-scale changes. If a vulnerability requires multi-factor authentication (MFA), for example, that’s a large project that will require capital spend and time to implement. Likewise, if your company is prone to phishing attacks, it will take time to implement a phishing solution to reduce your business risk.
While a passing grade on a pen test may help prove compliance to external auditors, pen tests provide even more value as agnostic assessments of your organization’s security posture.
A security team’s work is never done, so the focus should be on continuous improvement as you prepare for the next penetration test.
Source: Core Security by HelpSystems
Protect all your servers, from on-prem to multi-cloud, Windows to Linux, all fully integrated within Sophos Central.
As customers transition server workloads from on-prem to cloud hosts, containers, or serverless environments, they need their environments to be tough, hard to compromise, and quick to recover.
To achieve that, they need a single integrated security platform that unifies their cloud security and provides visibility of their complete estate.
With the shared security model (AWS, Azure), customers are responsible for securing their instances, applications, and data.
Sophos helps customers achieve this by providing a unified cloud security platform based on four key pillars:
- Secure access – Protect credentials and securely access services
- Protect workloads – Detect, query, and secure hybrid cloud workloads
- Secure the network – Cloud network security and automated threat response
- Integrate with DevOps – Enable customers to embed security into development processes
Introducing Sophos Cloud Native Security
Sophos Cloud Native Security addresses the requirements of protecting workloads, providing comprehensive security coverage across environments, workloads, and identities. It gives customers comprehensive, centralized visibility, prioritized detections, and faster incident response time.
The Sophos Cloud Native Security bundle is a single SKU that includes Sophos Intercept X Advanced for Server with XDR and Sophos Cloud Optix Advanced to provide:
- Visibility, governance, entitlements management, and compliance across single and multi-cloud environments, including Amazon Web Services, Microsoft Azure, and Google Cloud Platform, as well as traditional on-prem monitoring.
- Protection and detection for infrastructure and data today and as it evolves in the future, with flexible host and container workload security for Windows and Linux
- Increased agility and collaboration across the organization, with cloud environment security posture alerts integrated with popular SIEM, collaboration, workflow, and DevOps tools.
A customer’s security team can manage Cloud Native Security, or they can have it managed by the Sophos Managed Threat Response service to fast-track their cyber resilience in order to best meet the security incidents of today.
Cloud Native Security and the new Cloud Native Firewall solution, which will be in preview (EAP) soon, are integrated with the Sophos XDR platform. The Cloud Native Firewall will support IPS, WAF rules, micro-segmentation, and Admission Control and be deployable from native Kubernetes, AWS EKS, and Azure AKS.
Cloud Native Security is available today. Learn more at Sophos.com/Cloud.
Source: Sophos
Trust is a dangerous word in IT, especially when that trust is granted without much consideration: when it’s implied, or when it’s never questioned.
Creating a sealed-off perimeter where everything and everyone within the network is fully trusted has proven to be a flawed design. Yet, that’s how many networks are still implemented today.
Anyone with access to the network, either physically or via VPN, has broad access to everything on that network regardless of who they are, or what state their device is in.
There’s got to be a better way, right? Well, there is. It’s called zero trust… or trust nothing, verify everything… continuously.
With zero trust, nothing is implicitly trusted. Trust has to be earned – constantly. Zero trust is a very simple and elegant way of micro-segmenting the network so that only users who prove their identity and have compliant devices can access only very specific resources – and NOT the whole network. This has tremendous benefits for security.
Watch this short 3-minute video to learn more about why zero trust is so important:
Sophos ZTNA
Sophos ZTNA utilizes the principles of zero trust to provide workers with secure access to the networked applications, data, and systems they need to do their jobs… no matter where they’re located.
It’s just a better way of providing network access for remote workers, with greatly enhanced security, easier management, and a much more transparent end-user experience compared to old-school VPN.
And it’s the only ZTNA solution that’s tightly integrated with next-gen endpoint protection for a single-agent, single-console, single-vendor solution for all your remote workers’ protection and connectivity needs.
Check it out at Sophos.com/ZTNA
Source: Sophos
Sophos ZTNA has received Frost & Sullivan’s prestigious Global New Product Innovation Award in the zero trust network access industry. Frost & Sullivan applies a rigorous analytical process to evaluate multiple vendors for each award category before determining the final award recipient.
We are very honored that Sophos ZTNA was awarded this distinction based on alignment with needs, value, and customer experience.
Frost & Sullivan praised our focus on listening to market needs, keeping what is often considered an intimidating new technology simple to understand and easy to adopt. They also praised us for addressing the top complaints about existing solutions on the market.
They noted that we are uniquely positioned to provide a compelling integrated ZTNA and next-gen endpoint solution, something other vendors are unable to offer.
They acknowledged the significant benefits this type of integrated solution enables, such as Synchronized Security to share device health, a single agent deployment, and a single management console, along with a very elegant and simple licensing scheme.
Frost & Sullivan concluded that Sophos ZTNA matches customer needs for simplification in every aspect, ranging from design to purchase and service experience by integrating our ZTNA solution into our broader ecosystem of cybersecurity products, all managed from a single cloud console – Sophos Central.
“Sophos has designed an innovative ZTNA solution… With its strong overall performance, Sophos earns Frost & Sullivan’s 2022 Global New Product Innovation Award in the zero trust network access industry”
Download the full Frost & Sullivan Award Report and check Sophos.com/ZTNA for more information.
Source: Sophos
Sophos Firewall OS v19 MR1 brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever.
Sophos Firewall OS v19 was released just a few months ago, and has already been adopted by a huge number of partners and customers.
They’ve upgraded to take advantage of the many Xstream SD-WAN and VPN enhancements. This latest update, v19 MR1, brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever.
VPN and SD-WAN enhancements
- SSLVPN remote access – static IP lease support to enable mapping of remote users with static IP addresses to improve user traceability, monitoring and visibility. This also includes static IP leases with an external Radius server.
- IPsec VPN enhancements – includes adding default IPsec site-to-site IKEv2 policies for improved head office to branch office tunnels, eliminating manual fine tuning for re-key interval, dead peer detection (DPD) action, and key negotiation. Defaults were also updated to prevent flapping of UDP connections (VoIP, Skype, RDP, Zoom, etc.). Also disabled “vpn conn-remove-tunnel-up” and enabled “vpn conn-remove-on-failover” for new configuration (but does not impact existing deployments).
- SD-RED – now supports multiple DHCP servers for RED interfaces
- SD-WAN Profiles – The Rule-ID and index column are added on the SD-WAN profile management page for easier troubleshooting
Other enhancements
- Anti-malware engine – anti-malware engines and associated components were upgraded to full 64-bit operation to provide optimal performance and future support. Note that the secondary malware scan engine, Avira, will no longer provide detection updates for the 32-bit version after December 31, 2022. Anyone using Avira will need to upgrade to v19 MR1 or v18.5 MR5 (to be released soon) before the end of the year or switch to just using the Sophos engine.
- Synchronized Security – improved Sophos Central Firewall Management resilience in environments with thousands of endpoint certificates being used for Synchronized Security Heartbeat.
- Email – added an option to report a spam email as a false positive from the quarantine release screen
- Sophos Assistant – added an option to opt-out of the Sophos Assistant
- Additional fixes – over 50+ additional performance, stability, and security fixes and enhancements are also included
See the release notes for full details.
Important licensing change for future firmware updates
As covered in this recent community blog post, SFOS v19 MR1 introduces a support requirement for firmware upgrades which will come into effect for customers without a valid support subscription after they’ve used an initial free upgrade allocation.
To summarize:
- No change for customers with a valid support subscription (about 80% of customers)
- Future action will be required by the remaining 20% who do not have a support subscription, but also no immediate change
How to get it
This release will follow our regular Firewall firmware release process and timeline.
Source: Sophos
Can you believe it? Cobalt Strike is 10 years old! Think back to the summer of 2012. The Olympics were taking place in London. CERN announced the discovery of a new particle. The Mars Rover, Curiosity, successfully landed on the red planet. And despite the numerous eschatological claims of the world ending by December, Raphael Mudge diligently worked to create and debut a solution unique to the cybersecurity market.
Raphael designed Cobalt Strike as a big brother to Armitage, his original project that served as a graphical cyber-attack management tool for Metasploit. Cobalt Strike quickly took off as an advanced adversary emulation tool ideal for post-exploitation exercises by Red Teams.
Flash forward to 2022 and not only is the world still turning, Cobalt Strike continues to mature, having become a favorite tool of top cybersecurity experts. The Cobalt Strike team has also grown accordingly, with more members than ever working on research activities to further add features, enhance security, and fulfill customer requests. With version 4.7 nearly ready, we’re eager to show you what we’ve been working on.
However, we’d be remiss not to take a moment to pause and thank the Cobalt Strike user community for all you’ve done to contribute over the years to help this solution evolve. But how could we best show our appreciation? A glitter unicorn card talking about “celebrating the journey”? A flash mob dance to Hall & Oates’ “You Make My Dreams Come True”? Hire a plane to write “With users like you, we’ve Cobalt Struck gold!” It turns out that that it is very difficult to express gratitude in a non-cheesy way, but we’ve tried our best with the following video:
Source: HelpSystems
TLS is a popular Internet security protocol designed to establish secure communications that provides both privacy and data security. TLS was first developed by the Internet Engineering Task Force (IETF) with the first version being published in 1999.
TLS was created from another encryption protocol called Secure Sockets Layer, or SSL. Since both protocols are so closely related, you may hear others use SSL and TLS interchangeably to describe secure communications over the Internet.
Ports 587, 2525, and 465 are commonly used to establish secure connections, but which you use varies based on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.
What is STARTTLS?
STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.
How does TLS protect email communications?
TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. TLS utilizes asymmetric encryption to keep email communications private and untampered with while in transit. In other words, using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.
Emails that use SMTP risk having their messages compromised by man-in-the-middle attacks or wiretaps if they are operating without encryption. These attacks can silently copy your emails and read their contents or even change the contents of the message while it’s in transit. This not only compromises the integrity of the email, but can provide valuable information to attackers who are capable of launching even more sophisticated attacks against your domain, such as spear phishing or whaling campaigns.
Secure connections are established using a series of steps known as a “TLS handshake”. This handshake requires two parties in order to create a secure connection. When a message is sent using TLS, the handshake process gets into motion as follows:
- During the first phase, the client and server will specify which version of TLS they will use for the session.
- Then the client and server will pick which cipher suit they will use.
- The identity of the server will then be authenticated using the server’s TLS certificate.
- Finally, session keys will be generated and used to encrypt the email messages once the handshake is completed.
How to check if an email is using TLS
Today, close to 90% of emails both sent and received are encrypted. But how can you check for yourself?
Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.
If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail, this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender’s address.
This can be done in Microsoft Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.
Is TLS the only protection I need?
TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:
- Man-in-the-middle attacks
- Messages read or eavesdropped on by attackers while in transit
- Messages being forwarded to attackers
However, TLS cannot protect emails against:
- Phishing attempts using lookalike domains
- Malicious attachments that contain viruses
- Links inside of emails that redirect to phishing sites
- Emails that use social engineering to trick recipients into sharing sensitive information
- Servers sending spoof emails from domains that they do not control or defend
The Agari Advantage
Agari’s Email Security solutions utilize TLS and DMARC to ensure that emails are encrypted, as well as protected against phishing attacks from domain spoofing. Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t have to abuse a lack of encryption to succeed.
By combining TLS encryption, organizations can deploy a security strategy that stops email-based attacks at all levels. For email protection beyond TLS, watch Agari’s Phishing Defense simulated product tour to see it in action for yourself!
Source: HelpSystems
Organizations are rapidly switching to Sophos’ managed detection and response service to enjoy better cybersecurity outcome.
We are thrilled to share that Sophos Managed Threat Response (MTR), our 24/7 human-led threat hunting, detection, and response service, now supports over 10,000 organizations around the world.
As cyber threats grow in both volume and complexity, organizations of all sizes and industries are increasingly turning to Sophos to enhance their cyber defenses. Testament to the quality of service and threat protection we provide, in independent reviews on Gartner Peer Insights customers rate us 4.7/5 as of July 2022.
Along with our customer base, we’re also expanding our our MDR services to support customers on their security journeys. For example, following our recent acquisition of SOC.OS we plan to include additional telemetry and context from alerts and events across dozens of third-party endpoint, server, firewall, identity and access management (IAM), cloud workload, email, and mobile security products. This will enable security operations teams to quickly understand and respond to the most urgent alerts across their entire estate.
Your security. Our responsibility.
We recognize and value the trust that customers place in us when they choose Sophos MTR. From the frontline threat hunters and response specialists in the MTR team to the malware, AI and engineering experts working behind the scenes, we are all fully focused on improving your cybersecurity outcomes.
Of course, each organization is different. That’s why we offer flexible service options that enable you to choose the level of support that best meet your needs.
- Managed by Sophos. Full 24/7/365 threat hunting and neutralization delivered by Sophos security operations specialists
- Managed together. Our experts work alongside your experts, enhancing your security operations and extending your protection, including evening, weekend and vacation cover
- Managed by you. Sophos XDR enables and empowers your team to conduct your threat hunting in-house using the latest next-gen technologies and threat intel insights
Our experts use the same Sophos next-gen technology as your experts, making it easy to switch support levels when your requirements change.
Sophos MTR in action: Neutralizing Cuba ransomware
Let me share with you a recent example of how Sophos MTR identified and neutralized a ransomware attack on a manufacturing organization, preventing data exfiltration, data encryption, business interruption, lost revenue, and remediation costs.
- Our operators detected suspicious indicators in the environment of a 200-seat customer working in the manufacturing sector. They noticed tools associated with ransomware groups along with Cobalt Strike, an adversary simulation tool that is commonly abused by threat actors
- Sophos MTR instantly alerted the customer and started an investigation, sharing samples with SophosLabs for detailed analysis
- Within 30 minutes SophosLabs confirmed a threat actor had gained access to the customers’ environment, and the adversary’s tactics, techniques, and procedures (TTP) matched the early stages of a Cuba ransomware attack
- Our team rapidly neutralized and evicted the adversary, preventing both data exfiltration and data encryption, and saving the customer hundreds of thousands of dollars of remediation cost, not to mention business interruption and lost earnings
- We were also able to guide the customer on how to harden their defenses to reduce the likelihood of future incidents
Improving cybersecurity outcomes at London South Bank University
Sophos MTR has enabled London South Bank University in the UK to strengthen cybersecurity for their 20,000 students and 2,500 staff while also freeing up the IT team to deliver initiatives that have increased student satisfaction. Hear their story in their word:
Πως μπορεί να σας βοηθήσει η Sophos
H Sophos μπορεί να προστατεύσει και να ενδυναμώσει τον οργανισμό σας, όπως ακριβώς έκανε στην περίπτωση του London South Bank University και χιλιάδες άλλους οργανισμούς σε όλο τον κόσμο.
Μιλήστε με τους ειδικούς συμβούλους της εταιρείας για να μάθετε περισσότερα για την υπηρεσία Sophos MTR και να συζητήσετε μαζί τους για το πως μπορούν να σας βοηθήσουν να επιτύχετε καλύτερα αποτελέσματα όσον αφορά την κυβερνοασφάλεια.
Source: Sophos
How companies can layer security solutions to ensure their data is fully protected no matter where it resides, how it travels or is shared.
Data is Everywhere
Enterprise data security is all about protecting sensitive data and ensuring that protected information is not compromised. Data can be anywhere and everywhere, so securing it has gotten increasingly complex from inside and outside the organization. Further complicating data security is the shifting from centralized storage in a data center to distributed and portable datasets located on user devices, remote locations, connected endpoints, and multiple clouds. Data is no longer a static thing secured behind a firewall. Instead, data often move across numerous environments and different locations, devices, and geographies.
Modern data security must start at the business level. Effective data security is about visibility, classification, and automation. Visibility focuses on understanding which data is important to protect; classification is about creating scenarios, rules, and categories for safeguarding sensitive information. Automation helps enforce and ensure the controls, policies, and data handling rules are in place.
HelpSystems has several offerings that address the roadmap for effective data security and automation. At its core, enterprise data security has multiple pillars, including data classification, data loss prevention (DLP), email security, domain-based message authentication reporting & conformance (DMARC), and secure managed file transfer (MFT) solutions. Below is a short overview of how HelpSystems supports organizations with enterprise data management (we will go further in-depth in subsequent articles.)
Data Classification
From the moment data is created, it becomes a liability. This is especially true if the data has no context. How can an organization protect its valuable, sensitive data if they don’t know what data they have? Identifying and classifying different data types, such as personally identifiable information (PII), is the basis of any good security plan. Classifying data provides important clarity for users and downstream security tools.
HelpSystems has 35 years of data classification experience and offers tailored solutions depending on different customer requirements.
Enterprise DLP
One of the main challenges with DLP is understanding trafficked data throughout the enterprise. Many traditional methods for monitoring and managing inbound and outbound traffic fall short as anyone with access to sensitive data can download and share corporate information.
In 2021, HelpSystems acquired DLP provider Digital Guardian to augment their SaaS and managed service endpoint, network, and cloud DLP capabilities.
Email Security
When data travels in and out of a network by email, the policies and security controls in the email solution protect the organization from outbound data leakage and inbound threats. Data labelling ensures that sensitive data is handled correctly, data is protected against viruses and malware, and if messages contain unauthorized information, it is automatically removed.
The Clearswift Email Security solution works seamlessly with other HelpSystems data security tools to provide continuous protection as data moves via email.
Securing Enterprise Email with DMARC
Bad actors use obfuscation methods to send phishing emails, social engineering, spam, ransomware, and malware emails disguised as legitimate sources to trick unwitting victims. These attacks inflict significant damage to an enterprise’s reputation and brand and, in most cases, cause consequential financial loss.
HelpSystem’s DMARC solution, Agari, helps its customers to monitor, detect, and respond to all related email streams under their name to prevent the malicious ones from affecting their customers’ and employees’ inboxes.
Managed File Transfer & Rights Management
Organizations increasingly rely on exchanging sensitive data between their constituents, including customers, business partners, employees, and suppliers. These file transfers include reports, contracts, employee and customer information, and project information – any manipulation or loss of data results in compliance and overall security issues. The efficient movement of data between an organization and its third-party partners must be secure, auditable, and accountable for data privacy and integrity.
HelpSystems’ Secure Managed File Transfer solutions, GoAnywhere and Globalscape address the security, encryption, and data protection needed when transferring sensitive information across the enterprise and its trusted third parties. Adding Digital Rights Management (DRM) adds further encryption to ensure files remain protected after the file transfer.
Securing Data and Email Across the Enterprise
HelpSystems data protection, email security, and secure file transfer solutions are viable options for organizations of all sizes that require enhanced data and communications protection. The technologies cover the “full-circle of life” from monitoring traffic, sanitizing sensitive data, blocking malicious behavior, deleting uncompliant information, and encrypting the data when it’s in motion or at rest.
We believe a solid business strategy that focuses on “buy what you can, build what you have to, and integrate for competitive advantage” will assist HelpSystems in differentiating itself in a hyper-competitive data security marketplace.
Source: HelpSystems
Malware and ransomware infection rates are increasing year-over-year, with ransomware attacks doubling in 2021 according to the Verizon Data Breach Investigations Report and 50% to 75% of ransomware victims being small businesses. It is more important than ever for MSPs to take a multi-layer security strategy to protect their customers.
Multi-layer defense is about adding layers of security to the environment to ensure you are operating as securely as possible. A typical SMB security stack would look like this:
-
Email security and advanced threat protection
-
Endpoint security
-
Patch management
-
Ransomware detection
-
Network security – firewall
-
Multi-factor authentication
-
Web-content filtering
-
Standard user account permissions
-
Backup and recovery
A key step when MSPs want to ensure their partners are fully secure is to focus on securing endpoints — mainly desktops and laptops. In this blog post, we will cover the key components of securing endpoints in an effective manner.
Email security and advanced threat protection
Because email is still a key attack vector, it is important to have advanced threat protection (ATP) in addition to the basic email security provided by the email provider. Effective pre-delivery email security prevents malware from entering the environment in the first place.
Datto SaaS Defense is designed to stop attacks before they reach the end user, allowing MSPs to proactively defend against a variety of malware that targets not only the Microsoft Exchange inbox, but the collaboration tools inside Microsoft 365 such as Microsoft OneDrive, Microsoft SharePoint and Microsoft Teams.
Endpoint security
Antivirus (AV)
Antivirus software runs automatically in the background on the endpoints in your environment and scans your system for known malware based on established virus definitions. When your AV detects malware, it removes it from the endpoint to protect your organization. While in the past having an AV on each endpoint was enough, this is now considered as just the first step in endpoint security.
Datto RMM ensures antivirus is installed and up-to-date. It is vital for MSPs to have accurate information about the status of antivirus solutions on all endpoints. Datto RMM’s universal antivirus detection not only detects the presence of antivirus solutions on endpoints, but also reports the status of these solutions.
Endpoint detection and response (EDR)
EDR alerts you to suspicious activity that may indicate a malware attack. Real-time alerts aim to reduce the time-to-detection of threats, which can have a significant impact on the chances to recover from incidents such as ransomware. Once an EDR tool has alerted you to suspicious activity, a security analyst will typically analyze the information and choose next steps. More broadly, these tools collect and monitor data pertaining to potential cybersecurity threats to the network. Your team can analyze this data to determine the root cause of security issues and use it to support incident response and management strategies. Recently CISA designated EDR as a critical component for cybersecurity, yet many firms still do not have this capability.
Patch management
Patches are updates to operating systems, software applications and networking devices, built to fix security vulnerabilities. They are crucial to designing an effective cybersecurity strategy because they often close security gaps that could allow bad actors entry into endpoint devices and IT networks. Unpatched vulnerabilities are one of the leading causes of security breaches. To ensure timely deployment of patches MSPs typically use patch management tools that provide them with detailed insights into apps and devices that are potentially at risk.
By using automated patch management tools MSPs can patch multiple endpoint devices simultaneously, enabling them to maintain a consistent security posture across all managed endpoints. Policy-based patching automation also helps MSPs be more efficient by reducing cumbersome manual updates and enhances the service delivery experience by minimizing end-user interruptions. Datto RMM’s built-in patch management engine makes patch management effortless and scalable for MSPs via flexible policies and automation.
Ransomware detection
Datto RMM’s unique Ransomware Detection functionality monitors endpoints for ransomware infection using proprietary behavioral analysis of files and alerts you when a device is infected. Once ransomware is detected, Datto RMM can isolate the device and attempt to stop suspected ransomware processes to prevent the ransomware from spreading. It enables MSPs to monitor endpoints for ransomware at scale, take steps to prevent the spread of ransomware and reduce time to remediation.
Backup and recovery
Your clients may have different needs when it comes to their endpoint security strategy. However, one essential component should be endpoint backup. When other endpoint security measures fail, an updated backup of the device will ensure that you still have access to all necessary information no matter what happens.
In other words, security starts with recovery. It is crucial to backup endpoints in order to allow recovery in case of a cyber incident. Datto Cloud Continuity for PCs enhances endpoint security and acts as a last line of defense by protecting data in case of a hardware failure, accidental deletion, ransomware attack, or another disaster. Cloud Continuity ensures endpoints can be restored to their pre-disaster state quickly and easily.
By backing up your clients’ data to the cloud, you can ensure their important files are safe and accessible even if their computer is damaged or destroyed. In addition, cloud backup can help your clients comply with data loss prevention (DLP) regulations and keep their business running in the event of a systems outage. If you’re looking for a reliable and secure way to back up your clients’ data, consider adding cloud backup services to your multi-layered security strategy to enhance your existing endpoint monitoring services.
Download the Security Best Practices Checklist to start today with some simple actions to protect your customers from ransomware.
Source: Datto
Your professional services automation (PSA) solution is at the heart of your MSP practice. The Datto Autotask PSA team has been hard at work on the latest quarterly release, adding several new updates to make it even more secure, efficient and responsive to your needs.
Autotask PSA is a powerful, intuitive cloud-based PSA platform that provides a singular view of the entire business. By centralizing MSP business operations, Autotask PSA enables you to make data-driven decisions to improve service, productivity and profitability.
The 2022.1 Autotask PSA release is now available, with significant improvements to inventory, security and sales tax functionality. Here are the latest additions:
Inventory restructure
The ability to better track and manage your inventory reduces sales friction, enabling proactive management and optimization of inventory stock. Autotask PSA’s Inventory feature tracks the items that you have in stock to resell to your customers. The 2022.1 release provides enhanced tracking and reporting capabilities to better manage and evaluate your inventory.
Now you can:
-
Introduce stocked items for better tracking of your inventory products
-
Enable tracking of multiple vendor purchase orders
- Benefit from improved reporting and analytics capabilities
Client Portal two-factor authentication (2FA)
A security-first approach is fundamental to all Datto solutions. 2FA is an additional security layer that addresses the vulnerabilities of a standard password approach. With the newly added 2FA on Autotask PSA, you can:
-
Enable multi-factor authentication for client portal admins if you choose not to mandate from the MSP side
-
Easily view who has this feature configured
- Conveniently reset authentication if needed
TaxJar integration
Sales tax automation is a must for multi-jurisdiction regions (for US and Canada only) due to the time savings for MSPs (no calculations required) and compliance to regional tax laws. Autotask PSA is now integrated with TaxJar, a cloud-based sales tax compliance platform. Use TaxJar to:
-
Enable tax compliance for those dealing with multiple jurisdictions
-
Simplify tax calculations
-
Save valuable time
In addition, Autotask PSA has been updated with 20+ enhancements inspired by you, our MSP user community. We are constantly soliciting your feedback to make Autotask PSA even better, and we’ve acted on your insights with new improvements that include:
-
Expanded Microsoft Teams scheduling capabilities
-
Ability to import invoice preferences versus updating one by one
-
Refactored contract wizards
-
Ability to import additional data fields related to your tasks
Looking for a PSA platform to help grow your business by unifying Document Management, Service Desk, CRM, Procurement, Billing, and Reporting behind a single pane of glass? Learn more about Autotask PSA today.
Source: Datto
Ransomware attacks can be mitigated with some security measures and techniques, but in terms of publishing of sensitive data, only data encryption protection can help you. Find out in this article how to protect your sensitive data with encryption, steps for an effective encryption strategy and what to encrypt.
Taking back control of your data through Encryption
It is established that encryption is important to secure your data, but that is not the only solution. It is not only important for modern security but is also core to modern computing if you want to excel in an internet driven environment. In fact, it is more important that you have an effective information policy where big tech companies and third-party providers allow you to cloud compute, and store and share vast amounts of information online; it is only essential that you encrypt all that data before using these services if you manage sensitive data.
It is not only important to fully evaluate and prioritize which data needs to be enabled to be accessed and stored, it is also crucial that you fully encrypt all of the documents and communication files before putting them online. This way you can greatly reduce the vulnerability of your organization and/or company’s potential of a data breach by big cybersecurity thieves.
Who is at Risk?
Despite the incidences of frequent cyber attacks, data breaches and identity thefts, IDC reports that only 3% of those information leaks and data breaches was encrypted and protected. This means that 97% of that data was not encrypted and highly exposed, with only 3% unusable to the cyber thieves due to being encrypted and inaccessible despite being stolen.
One of the greatest responsible motivator of wide spread of ransomware is to make money or gain profit through ransom. As far today’s scenario is concerned, the objective of ransomware is damage, destruction, harming victim at any state and yield as much money as possible either by hooks or crooks.
Some people are more at danger than others:
- Corporate or Business Sector are most favorable target for ransomware initiators due to the presence of huge amount of confidential data regarding its consumer, sales, purchase, ledgers, journals, quotations, taxes etc. Loss of such documents can cause the whole business to shut down or bear major losses. Thus, corporate sectors opted to willfully pay ransom instead of suffering setback. The proceedings of World Congress on Engineering and Computer Sciences estimated that out of all victims, around 46% of corporations are targeted, out of these 88% were not using encryption.
- Public or Government Sector. This mostly comprises of educational institutions, power corporations, telecommunications, law enforcement wings, hospitals, banks, transportation and all those establishments that have direct impact on public. The risk of not being encrypted comes from hackers affecting such institutions, increases the probability of getting ransom because upkeep and maintenance of the offline digital copies of huge pile of data is difficult and denial to pay ransom will lead to setbacks in terms of minimum 3 to 6 months, i.e., another big deal of nearly a fresh start. Similarly, infecting government sector fulfil two major objectives of crooks, one to ensure the payment of ransom and if not, then steal the data regarding defense, citizens, budgets, policies etc. and sell it for money over dark net. Hence, encryption of all these data can not only save the organizations and public departments from paying huge amounts of ransom, but also prevent the theft of piles of data that could otherwise set back public or organizational affairs by upto 3 to 6 months or even more!
- Home Users or Individuals are softest targets of ransomware due to their least fluency with technical aspects of computers. Although a home user generally does not have huge amount of data compared to corporate sector and not related to public concerns but still have extreme significance to its holder that includes reports, projects, pictures, game files, emails, credit card information, online shopping behaviors, etc. Extortion and pressure of ransom payment further increased by eradication of any backup files and disabling of system restore just before commencement of encryption of files by ransomware.
Steps for an effective encryption or data protection management plan
It is important to formulate an encryption or protection plan by following through the three critical questions to allow yourself control over which data to encrypt and protect:
- Analyze which data needs to be encrypted: Since it’s your data and your company, it is important that you carefully analyze, evaluate, and prioritize which date needs to be encrypted the most. For instance, this could include personally identifiable information (PII) and any trade secrets that would be harmful if leaked.
- Having a document protection plan: Having encryption is the first step and having an encryption is the last and second most crucial step in your data protection. It is important that you decide what happens with your data while it is in transit and while at rest. These require different levels of protection and you can fully control what happens when. For instance, you can choose to destroy a file if it is shared beyond what you initially provided access for. But, for this to work, you need to have that type of encryption embedded in your file beforehand.
- Establish solid and easy-to-manage protection policies: It is a busy world and you may often get too caught up in day-to-day affairs of your company to bother with data breaches of previous documents. However, you can choose types of protection policies management plans to automatically keep up with your data while it is at rest and whenever, wherever it is accessed or shared online. This way you can assess your encryption performance regularly to get clear of any serious data breaches.
If you want to learn more about a more detailed approach and deploy to protect your corporate data through a data-centric security approach, read this article.
Knowing what to Encrypt and How much to Encrypt?
Organizations or public sector departments and businesses must be told what information should be safeguarded when encrypting files or folders on file servers or cloud repositories. It’s also critical to use automation to make file protection easier, especially when encrypting folders or safeguarding data in information repositories. In order to avoid spill of privacy, disclosure of confidentiality and enhance a secure transmission of message between two parties the encryption tools are designed to provide safety and ensuring security goals during communication. Take for instance, the Zero Trust Security Model, which focuses on the ‘layer’ protection, on the premise that since every data is so mobile online, it is important to assume that no one or nothing can be trusted.
IRM (Information Rights Management); beyond encryption
IRM systems deal with the challenge on what happens with data once it is in transit or has left the perimeters. Also known as E-DRM (Enterprise Digital Rights Management) or EIP&C (Enterprise Information Protection & Control, it uses a highly sophisticated and effective form of cryptographic protection that applies to files that are travelling and provides protection wherever they transit. The IRM’s system approach is to apply a layered protection to the data that can be controlled even if it is no longer in the network, whether it is in a cloud, on a mobile device, etc.
If the data reaches someone it shouldn’t of whom you consider shouldn’t have access to it, you can revoke the access remotely. You can set expiry dates for documents. Give users more or fewer permissions in real time (Edit when before they could only Read, or restrict the permission to read-only if we don’t want them to edit or print). The ease with which this type of solution may be implemented means you can start using it right away and encrypt and regulate important data that your firm controls internally or with third parties.
One of the most critical aspects of this technology is its ability to be made simple to use so that non-technical people can manage protected data as if it were unprotected data. One part of encryption is allowing end users to be at ease in assessing and using, sharing, editing, transferring their own data without having technical difficulties and know-how of cryptography. It is done by making it compatible with the apps that users use on a daily basis, such as Office, Adobe, and AutoCAD, as well as the information repositories that companies often use, such as File Servers, One Drive, G-Suite, Microsoft Office 365 Cloud applications, SharePoint, Drop Box, and so on.
Hence, depending on the vulnerability of the data, the extent of damage the leakage or theft of which document can have on an organization, you can choose to apply different levels of protection. For instance, if you are sharing confidential information about a new tender with your business partner, you may allow it to be shared with only specific parties, departments with only view-only permissions – beyond which if accessed, the files could not be assessed and if tried to decrypt, would be of no use to potential competitors.
On the other hand, you might want to limit access to your company’s data that may harm your company, employees, customer base and business partners, if stolen. You can put a minimal protection but with certain levels of access permission. You can choose exactly what happens with which type of data, develop a ‘protection in use’ policy of the encryption and not just a protection in rest or transit. Also, although many organizations and public departments may have pinpoint documents labeled as ‘public’, ‘private’, ‘confidential’, ‘internal use only’, etc, it is more evident on paper than online. Being able to encrypt them according to the levels of classification on paper would be the real win for these organizations. IRM integrated with data classification tools allow you to automatically protect classified or labelled data with a specific IRM protection policy.
Takeaways of Protecting Your Documents Through a Data-Centric Security Approach
It is established that encryption involves a data-centric security management strategy to protect the collective interests of an individual or organization, employees, customers, partners and more. Some of the advantages of having a multi-layer encryption-based protection based in a data-centric security approach for your online data may include:
- Protection of sensitive documents without relying on user actions.
- Ensuring protection of data whether information is travelling outside network perimeter, being accessed by an outsider or while it is in transit, at rest and in use.
- Control what users can do with your documents (View only, copy & paste, edit, print, etc.).
- Monitor, allow or disallow access regardless of where your data is.
- Revoke access to sensitive information even if you provided access permission before.
- Protecting your intellectual property rights by having full control of your data, hence making it almost impossible to be stolen by competitors and imprinters.
SealPath allows you to develop an effective management system for all your sensitive data you want to protect with effective protection, monitoring, and automation systems. You can ensure efficient protection using an integrated IRM (or E-DRM) model to ensure protection of your data in use, at rest and in transit, without having to worry about theft or paying ransoms due to theft.
Source: Sealpath
Secure access service edge (SASE) is set to make cybersecurity simpler and more robust. At Sophos, we’re already well on the way.
Increasingly, secure access service edge (SASE) looks like the future of cybersecurity. As point solutions start to converge and share their data, applying security policies in a smart, unified way can save time, simplify workloads, and shore up configuration gaps.
Here at Sophos, this has been clear to us for some time. We’ve been working behind the scenes for a number of years to align our products around a common vision and approach.
As a result, our SASE capabilities will be seamless when they arrive. They’ll be unique from anything else you might see in the market, and you’ll be able to leverage them using the Sophos technologies you already know and love.
What is SASE?
According to Gartner, SASE combines network security functions with wide area networking (WAN) capabilities so organizations can deliver access dynamically, in a secure way.
It’s “a new package of technologies… with the ability to identify sensitive data or malware and the ability to decrypt content at line speed, with continuous monitoring of sessions for risk and trust levels.”
Because SASE integrates network functions like software defined wide area networking (SD-WAN) with both on-premises and cloud-based security into a single system, you can seamlessly implement policies across your entire estate. That saves you time and money on setup and management while delivering a consistent, secure experience.
Importantly, SASE is intelligent about how and where it applies your policies. It will assess whether your devices and applications need private access, or whether to enforce zero trust network access (ZTNA) in the cloud. This gives you the security you need, where and when you need it—increasing performance and reducing bandwidth costs and latency.
What SASE looks like today
Here’s the clever part. The functions that will become the core of Sophos’s SASE capability are largely already built into the tools you use today.
In Sophos Central, we have a central management point that acts as a unified data plane, ensuring consistency and compatibility, with shared building blocks. We don’t need to make our products work together; they’re already made that way.
And we use containerization to build our products, so extra features and upgrades, such as SASE capabilities, can be configured in an extra module and slotted in seamlessly, without downtime.
That may seem like a small thing. But when you are ready to move to SASE, it’ll make all the difference. You won’t need to learn another new technology; just connect the tools you know. And—as you’ve come to expect from Sophos—it’ll just work.
The Sophos difference
When you use Sophos SASE, you’ll feel the difference in three important ways:
Products built with convergence in mind
With Sophos, everything is designed within the same platform, from the same building blocks, delivering a unified, consistent experience across your whole security ecosystem.
We’re not trying to take a bunch of disconnected security solutions and bolt them together—so each part of the system works slightly differently, and every update risks a problem elsewhere.
Instead, every aspect will feel the same, making the experience easy, consistent, and intuitive everywhere—for your IT team and your users—which is the point of SASE in the first place.
Centralized data lake for effective threat response
Our SASE solution will draw on our existing expertise in storing and analyzing firewall log data in a centralized data lake. That’s a powerful resource for SecOps professionals—whether yours or ours.
New threats emerge every day, so by keeping your log data for 30 days, you can backtrack to see if any newly discovered forms of attack have affected your organization.
Again, this is already built into our tools. The number of Sophos Firewalls connected to our data lake has more than doubled in the last 12 months, while our Central Firewall Reporting gives almost limitless processing potential.
And because Sophos offers 24/7 threat hunting and remediation services, you know there’s always a team of full-time security experts just a call away, looking at exactly the same data you are.
Smooth, painless activation
We build our network protection solutions using containerized microservices—so they’re easy to adapt and upgrade. When we change one aspect or policy, it’s applied seamlessly across your whole ecosystem.
In the short term, that means you don’t need to replace your solutions to take advantage of SASE. And in the future, you can scale quickly in the cloud, and easily tune your system to match your organization’s evolving needs.
Whether you’re ready to make the move soon or need more time, you can be safe in the knowledge that our products are adaptable—and ready when you are.
Sophos is your partner for the future
Security solutions are converging, and fast. But, as with all new technology, it can take time to feel comfortable making the switch. So it’s good to know the Sophos solutions you use today don’t have a limited shelf life. They are future-proof and ready for SASE when you are.
Learn more about our SASE strategy and suite of products, available today and coming soon. If you’re eager to get going, watch for our upcoming early access programs, coming soon for new products like our Cloud Native Firewall, ZTNA-as-a-Service, and Cloud Web Gateway.
Source: Sophos