“Sophos stopped everything in our tests,” says SE Labs.

It’s that time of year when people in many parts of the world are look forward to spending time with family, friends, and taking a bit of a break.  However, it’s also when bad actors, and adversaries switch into high gear, looking to take advantage of the fact that many networks are less utilized and less scrutinized over the holiday period. Ransomware attacks, to give just one example, typically increase at this time of year.

With that in mind, here are some quick and easy best practices to better protect your network while you take some well-deserved time out.

1. Shut down unneeded systems

This is especially important for any systems that offer RDP access as it is often used by adversaries as an entry point or tool to move laterally within a network. The same advice applies to IoT devices.  If they aren’t needed, shut them down for the holidays. If you really need to have some systems with RDP access enabled, double-check and then triple-check the security.

If you haven’t already, consider ZTNA to secure access to your RDP systems and other applications.  In fact, the holidays maybe the ideal time to start a Sophos ZTNA free trial for you and your team. At the very least, make sure any RDP solutions are protected with multi-factor authentication to prevent brute-forced or stolen credentials from being a point of compromise.

2. Update firewall and network infrastructure firmware

If you have a Sophos Firewall, we recently released v19.5 which includes a number of security enhancements, performance improvements, and new features such as:

• Xstream FastPath TLS encrypted traffic inspection
• SD-WAN load balancing
• VPN performance improvements
• High Availability enhancements
• New Azure AD integration for secure login
• And much more!

Regardless of your preferred vendor, make sure your firewall and other network infrastructure such as VPN concentrators, switches, and other devices are all running the latest release as they often contain important fixes for known vulnerabilities.

3. Call on Sophos Rapid Response if you experience an attack

If you experience an emergency incident over the holidays (or anytime), you can engage our fixed fee Sophos Rapid Response service. Our team of expert incident responders will help you triage, contain, and eliminate active threats, and remove all traces of the attackers from your network. Whether it is an infection, compromise, or unauthorized access attempting to circumvent your security controls, we have seen and stopped it all. Sophos Rapid Response is available 24/7/365, including over the holiday period.

Download the network security best practices whitepaper

For our full list of network security best practices to protect your network from ransomware, download our new whitepaper. In the meantime, I wish you a happy – and secure – holiday season!

Source: Sophos

We are excited to share that Sophos has been named the best managed detection and response (MDR), endpoint, network, and anti-malware security provider for U.S. government organizations by American Security Today.

Sophos is a platinum winner in the 2022 ‘ASTORS’ Homeland Security Awards, which honor market leading solutions used by government agencies and entities, as well as businesses of all sizes across the United States.

The cybersecurity of our nation is at a critical inflection point amidst an escalation of ever-changing, complex cyberattacks, as evidenced in the Sophos 2023 Threat Report. Sophos is committed to helping federal agencies advance their cybersecurity defenses with both innovative solutions and human-led threat detection and response, and these latest recognitions are validation that Sophos is arming frontline teams in the U.S. with industry-best protection.

As explained by Tammy Waitt, editorial director at American Security Today, “‘ASTORS’ nominations are evaluated on their technical innovation, interoperability, specific impact within the category, overall impact to the industry, relatability to other industry technologies, and application feasibility outside of the industry. Winners are selected by our American Security Today expert panel of judges, and the ‘ASTORS’ Homeland Security Awards are presented at the Platinum, Gold, Silver, and Bronze levels.”

Sophos reigns as providing the Best Cyber Managed Threat Response with Sophos MDR, an industry-leading service used by more than 13,000 organizations for 24/7 threat hunting, detection and response. Our recently expanded service now integrates telemetry from third-party security technologies, providing unprecedented visibility and detection across diverse operating environments.

Sophos further leads as the Best Endpoint Threat Solution and Best Anti-Malware Solution with Sophos Intercept X with XDR, and the Best Network Security Solution with Sophos Firewall. These offerings are part of the Sophos Adaptive Cybersecurity Ecosystem where they share real-time threat intelligence with Sophos’ broad portfolio of solutions and services for faster and more contextual response to attacks. Sophos’ security solutions are further powered by predictive, real-time and deeply researched threat intelligence from Sophos X-Ops, and are easily managed in the cloud-native Sophos Central platform or by Sophos MDR.

A list of winners is available online.

Source: Sophos

[vc_row][vc_column][vc_column_text]

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-150912″][vc_custom_heading text_font=”font-762333″ text_weight=”200″ text_color=”color-210407″ subheading=”Fill in your details or call 211 8000 330″]Get maximum security now!

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][contact-form-7 id=”101883″][/vc_column][/vc_row]

This quarter too, we’re happy to present a new version of our email archiving software: Version 22.4 of MailStore Server, the MailStore Service Provider Edition (SPE), and MailStore Home is available right now.

The new version of our MailStore Service Provider Edition supports multi-factor authentication. We’ve also improved how the software in all three products manages the available resources. It goes without saying that Version 22.4 of MailStore Server and the MailStore Service Provider Edition will also be GDPR-certified.

New Features for the MailStore SPE, MailStore Server and MailStore Home

Find out more about the improvements you can expect in Version 22.4 of the MailStore Service Provider Edition, MailStore Server and MailStore Home.

Support of Multi-Factor Authentication for the MailStore Service Provider Edition

Once again, we’ve enhanced the security of our MailStore Service Provider Edition. Access to the management console by administrators can now be secured via multi-factor authentication. After entering a username and password, administrators are now prompted to input an access code from an authenticator app of their choice in order to be able to access the management console.

If the administrator then wishes to use the management API, a separate API password must be generated. The API password is generated in the management console and is required by every system administrator for whom multi-factor authentication has been activated. This allows the API to be used without the need to enter a second factor, e.g. for automation purposes.

Improved Resource Management for the MailStore SPE, MailStore Server, and MailStore Home

Once again, we’ve improved resource management in all three software solutions. Specifically, this means that we’ve optimized how the available memory is used when running our software.

Updated Certification: Meeting Data Privacy Requirements

As usual, the latest version of our software, Version 22.4 of MailStore Server and the MailStore SPE, has been certified by an independent data privacy expert.

The certification takes into account all relevant aspects of the European General Data Protection Regulation (GDPR) and affirms that, when used appropriately, both MailStore Server and the MailStore SPE meet all the requirements governing the processing of personal data set out in the GDPR.

You can request a copy of the official GDPR audit certificate from sales@mailstore.com.

Registered MailStore partners can download the certificates from our Partner Portal or request it by email from partners@mailstore.com.

Availability

You can download the new version of MailStore Server and the MailStore Service Provider Edition free of charge from our website.

If your MailStore Server Update & Support Service has expired, please contact us to purchase an upgrade that will allow you to use the latest version of MailStore Server. Read here to find out about other good reasons for having an active Update & Support Service agreement in place.

Interested companies can also download MailStore Server Version 22.4 as part of a free, 30-day trial. If you are an MSP and are interested in offering email archiving as a service based on the MailStore SPE, please contact our sales team at partners@mailstore.com. Alternatively, you can sign up as an authorized MailStore Partner with us right now for free.

Source: MailStore

[vc_row][vc_column width=”1/1″][vc_single_image media=”103531″ media_width_percent=”100″ css_animation=”zoom-out” animation_speed=”1000″ animation_delay=”400″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DBOOKmySEAT%3A%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%20on%20the%209th%20%26%2010th%20of%20January%202023||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-762333″ text_size=”h1″ text_weight=”200″ text_color=”color-xsdn”]Sophos Firewall Administration for End-users Training
[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

In January 2023: Monday 9 & Tuesday 10

(2 days crash Training / NSS Training Center – remote / on premises)

A two-days crash training program which is designed for technical professionals who will be administering Sophos Firewall and provides the skills necessary to manage common day-to- day tasks.

Trainer: Micheal Eleftheroglou

Training room: NSS ATC training room 3^rd floor

Objectives

On completion of this course, trainees will be able to:

• Explain how Sophos Firewall help to protect against security threats
• Configure firewall rules, policies, and user authentication
• Demonstrate threat protection and commonly used features
• Perform the initial setup of an Sophos Firewall and configure the required network settings
• Identify and use troubleshooting tools, reporting and management tasks

Prerequisites

There are no prerequisites for this course; however, it is recommended you should:

• Be knowledge of networking
• Be familiar with security best practices
• Experience configuring network security devices

Certification

To become a Sophos Certified Administrator, trainees must take and pass an online assessment.

The assessment tests the knowledge of both the presented and practical content.

The pass mark for the assessment is 80% and is limited to 4 attempts.

Content

• • • Module 1: Firewall Overview
    • Module 2: Getting started with Firewall
    • Module 3: Network Protection
    • Module 4: Webserver Protection
    • Module 5: Site-to-site Connections
    • Module 6: Authentications
    • Module 7: Web Protection and Application control
    • Module 8: Application Control
    • Module 9: Email Protection
    • Module 10: Wireless Protection
    • Module 11: Remote Access
    • Module 12: Logging, Reporting and Central Management

Certification + Exam:

SOPHOS FIREWALL ADMINISTRATOR

Duration 2 Days Remote + Labs

Athens Cyberpark training room 3rd floor (Aggistis 1 & Paggaiou)
Language: Greek & English[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-210407″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading text_font=”font-762333″ text_weight=”200″ text_color=”color-xsdn”]Agenda[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]DAY 1

09:30 – 10:30       Module 1: Firewall Overview

10:30 – 10:45       Break

10:45 – 12:30       Module 2: Getting started with Firewall

12:30 – 13:00       Labs (getting familiar)

13:00 – 13:30       Lunch

13:30 – 14:30       Module 3: Network Protection

14:30 – 15:30       Module 4: Webserver Protection

15:30 – 15:45       Break

15:45 – 17:05       Module 5: Site to Site Connection

DAY 2

09:00 – 10:20       Module 6: Authentications

10:20 – 11:20       Module 7: Web Protection and Application Control

11:20 – 11:30       Break

11:30 – 12:00       Module 8: Application Control

12:00 – 12:50       Module 9: Email Protection

12:50 – 13:30       Lunch

13:30 – 14:15       Module 10: Wireless Protection

14:15 – 15:05       Module 11: Remote Access

15:05 – 15:20       Break

15:20 – 16:20       Module 12: Logging, Reporting and Central Management

16:20                     Labs discussion[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DBOOKmySEAT%3A%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20Sophos%20Firewall%20Administration%20for%20End-users%20Training%20on%20the%209th%20%26%2010th%20of%20January%202023||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_single_image media=”103531″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-out” animation_speed=”1000″ animation_delay=”400″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]

Datto, the leading global provider of security and cloud-based software solutions purpose-built for managed service providers (MSPs), has just introduced Datto EDR. Developed to provide highly effective endpoint detection and response capabilities, Datto EDR is tailored for today’s MSPs and small to midsize businesses (SMBs) in an affordable, easy to use, manage and deploy package.

Having the right cybersecurity tools in place is more important than ever. Year-over-year ransomware attacks increased by 92.7% and the average cost of an attack on a small business was $8,000 per hour from the time of attack to the time of remediation. Most endpoint detection and response tools require skilled and trained security analysts, who are in high demand and short supply, but Datto EDR uses MITRE ATT&CK framework to provide helpful clarity to teams, reducing the security expertise needed to effectively respond.

“Standard security tools aren’t enough anymore,” said Chris McKie, VP of Product Marketing for Security and Networking Solutions. “Threat actors have found ways to circumvent traditional security measures, making EDR tools more important than ever for catching suspicious activity and keeping businesses safe from increasingly sophisticated cyberattacks.”

Nearly all EDR products are designed and built for enterprise, which means they’re often costly and highly complex, requiring a team of highly trained security experts to effectively manage it. Without this trained staff, many organizations have been left without effective EDR tools.

Datto EDR has been specially built to help MSPs who want to improve their security posture and expand their security offerings to their SMB customers. This highly effective tool provides additional layers of endpoint security by detecting suspicious behaviors that sophisticated threat actors leverage to bypass when using traditional antivirus. Each alert in the dashboard comes with a response function, which will help teams through the remediation process with detailed mitigation recommendations for the most common threats, allowing MSPs to become more self-sufficient.

Datto EDR is an effective threat detection solution with readily available and knowledgeable technical support. Its efficient and actionable alerts can be quickly interpreted to decide on the appropriate next steps with quick deployment options that don’t interfere with day-to-day business operations. Further, continuous monitoring of process, memory, and behavior across all endpoints limits the time it takes to detect intrusions.

Part of Kaseya’s IT Complete Platform, Datto EDR expands the security suite to provide the maximum coverage across multiple vectors. Datto EDR is integrated with Datto RMM and Kaseya One to address the challenges of do-it-all, multifunctional IT professionals. It offers one vendor with everything you need, woven together to save you time, smart enough to help you get more done, and at an affordable price point.

For more information or to request a demo of Datto EDR, visit https://www.datto.com/request/datto-edr/.

Source: Datto

User Account Control (UAC) is a security feature in the Windows Operating System designed to mitigate the impact of malware. All users have triggered a UAC prompt at some point. Tasks that may trigger a UAC prompt include trying to install an application or change a setting that requires administrator privileges. A UAC prompt is the pop up that appears and requests the user to confirm they indeed want the install or other change to happen.

Discover the seven network security measures that can help mitigate the risk of a ransomware attack.

66% of organizations were hit by ransomware last year* demonstrating that adversaries have become considerably more capable at executing attacks at scale than ever before. 

Modern attacks leverage legitimate IT tools such as Remote Desktop Protocol (RDP) to gain access to networks, making initial detection notoriously difficult. The root of the problem is that there’s too much implicit trust in the use of these tools which has repeatedly proven unwise.  

Implementing robust network security measures is a sure-fire way to mitigate this risk. In our new whitepaper, Best Practices for Securing Your Network from Ransomware, and in this article, we share practical network security tips to help elevate your ransomware protection. 

1. Micro-segment your network

Micro-segmenting allows you to limit the lateral movement of threats. One way to achieve this is to create small zones or VLANs and connect them via managed switches and a firewall to apply anti-malware and IPS protection between segments. This lets you identify and block threats attempting to move laterally across your network. 

2. Replace remote-access VPN with a Zero Trust Network Access solution (ZTNA) 

ZTNA is the modern replacement for remote-access VPN. It eliminates the inherent trust and broad access that VPN provides, instead using the principles of Zero Trust: trust nothing, verify everything. To learn more about the benefits of ZTNA over VPN, read our article here. 

3. Implement the strongest possible protection

Always deploy the highest level of protection on your firewall, endpoints, servers, mobile devices, and remote access tools. In particular: 

• Ensure your firewall has TLS 1.3 inspection, next-gen IPS, and streaming DPI with machine learning and sandboxing for protection from the latest zero-day threats 
• Ensure your endpoints have modern next-gen protection capabilities to guard against credential theft, exploits, and ransomware 

4. Reduce the surface area of cyberattacks

We recommend that you review your firewall rules and eliminate any remote access or RDP system access through VPN, NAT, or port-forwarding, and ensure that any traffic flows are properly protected. Eliminating exposure from remote access goes a long way in reducing the number of in-roads for attackers to launch ransomware attacks. 

5. Keep your firmware and software patched and up-to-date 

This is important for both your network infrastructure (such as your firewall or remote-access software or clients) and your systems given that every update includes important security patches for previously discovered vulnerabilities.  

6. Use multi-factor authentication (MFA)

Ensure your network operates on a zero-trust model where every user and device has to continually earn trust by verifying their identity. Also, enforce a strong password policy and consider adopting authentication solutions like Windows Hello for Business.  

7. Instantly respond to cyberattacks

Use automation technologies and human expertise to accelerate cyber incident response and remediation. Ensure your network security infrastructure helps you automatically respond to active attacks so you can isolate a compromised host before it can cause serious damage.  

An increasingly popular way to achieve this is via a managed detection and response (MDR) service. MDR is a fully managed, 24/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent.  To learn more on the benefits of MDR, read our article here. 

Learn more

To explore these best practices in greater detail and to learn how Sophos network security solutions elevate your ransomware protection, download our whitepaper here. 

Sophos provides everything you need to fully secure your network from attacks, including firewalls, ZTNA, switches, wireless, remote-edge devices, messaging protection, MDR, next-gen endpoint protection, EDR and XDR. Plus, everything’s managed via a single cloud management console — Sophos Central — and works together to deliver Synchronized Security and cross-product threat detection and response. 

For more information and to discuss how Sophos can help you, speak with one of our advisors or visit www.sophos.com today. 

Πηγή: Sophos

We’re thrilled to announce that Sophos Firewall has been named the best network security solution for small and medium-sized businesses by CRN®, a brand of The Channel Company. The recognition marks Sophos’ seventh consecutive year as a winner in the CRN Tech Innovator awards, which honor the channel’s most innovative technologies.

“Sophos Firewall is an essential layer of protection against malicious traffic and threat actors targeting corporate and remote users who are traversing today’s hybrid business environment,” said Raja Patel, senior vice president of products at Sophos. “Sophos Firewall’s programable Xstream Flow Processors enable us to innovate and add new features and capabilities over time, without forcing a hardware upgrade. This provides our channel and customers with a future-proof scalable platform with tremendous value that continues to grow with every release.”

Sophos Firewall delivers unrivaled network visibility, protection and response for organizations of all sizes and across all sectors. It delivers the industry’s best zero-day threat protection, identifying and stopping advanced cyberthreats, and its innovative and unique Xstream architecture is engineered to deliver extreme levels of performance in accelerating important software-as-a-service (SaaS), software-defined wide area network (SD-WAN) and cloud application traffic.

As part of the Sophos Adaptive Cybersecurity Ecosystem, Sophos Firewall shares real-time threat intelligence with Sophos’ broad portfolio of solutions and services for faster and more contextual and synchronized protection, detection and response. It’s further powered by predictive, real-time and deeply researched threat intelligence from Sophos X-Ops, a cross-operational task force linking SophosLabs, Sophos SecOps and SophosAI, and is easily managed in the cloud-native Sophos Central platform or by Sophos Managed Detection and Response (MDR).

Don’t forget that the new Sophos Firewall v19.5 is in early access right now and will become generally available this month. This blog series covers all the new features.

“Our CRN Tech Innovator Awards recognize those technology vendors that are making the biggest impacts in digital transformation for solutions providers with unique, cutting-edge products and services,” said Blaine Raddon, CEO of The Channel Company. “It is my pleasure to congratulate each and every one of our 2022 CRN Tech Innovator Award winners. We’re delighted to recognize these best-in-class vendors that are driving transformation and innovation in the IT space.”

A complete list of winners will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.

Source: Sophos

We’re delighted to share that Sophos endpoint security products ranked as industry best in SE Labs’ protection tests in the third quarter of 2022, achieving AAA ratings across the board.  

Sophos earned a 100% rating for Protection Accuracy, Legitimate Accuracy, and Total Accuracy in the Enterprise and SMB categories in this latest round of testing.

Commenting on the results, Simon Edwards, CEO of SE Labs, said: 

“Sophos Intercept X stopped all threats and allowed all legitimate applications. The AAA award is well deserved and shows that Sophos goes well beyond basic functionality. The solution can handle both common and customized threats, without blocking the software you need to run on your computer.” 

Protection powered by world-leading threat intelligence

Our endpoint solutions include Sophos Intercept X and Sophos XDR (extended detection and response), which combine anti-ransomware technology, deep learning artificial intelligence, exploit prevention, and active adversary mitigations to stop attacks.  

All our solutions are powered by threat intelligence from Sophos X-Ops, a cross-operational task force linking SophosLabs, Sophos SecOps, and SophosAI, bringing together deep expertise across the attack environment. Armed with this understanding, we can build powerful, effective defenses against even the most advanced threats. 

Sophos endpoint solutions are easily managed in the cloud-native Sophos Central platform or by Sophos Managed Detection and Response, a 24/7 managed detection and response (MDR) service used by more than 12,600 organizations worldwide. 

The importance of high-quality third-party testing

At Sophos, we place great value on high-quality, independent testing and participate in numerous tests throughout the year.

As Simon Reed, Senior Vice President of SophosLabs says, “Sophos believes in the informational and transparency value of regular participation in third-party testing.”

Of course, tests are most valuable when they challenge solutions in real-world scenarios. As Simon Edwards of SE Labs explains: 

“How hard do you want your security testing to be? We could take a product, scan a real virus and record that it detected a threat. Great, but what does that tell us? It’s a very basic test that only verifies that the software actually is an anti-malware product. You can’t tell if it’s better than other anti-malware products, because it’s just one file being scanned and detected. You don’t even know if the product could protect against the threat, just that it detected it. So, we turned up the dial and threw a wider range of attacks at the products. Each solution was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test.” 

At Sophos, we’re delighted with our exceptional performance in the latest SE Labs tests and – most importantly – that we provide our customers with world-leading endpoint protection that defends against even the most advanced adversaries.

Test drive Sophos for yourself

Sophos defends more than 500,000 organizations from active adversaries, ransomware, phishing, malware, and more. Speak to our security advisers to discuss how we can help you, and take a test drive of our solutions today. 

Source: Sophos

Sophos Firewall OS v19.5 is a free upgrade for all licensed Sophos Firewall customers.

Sophos MDR recorded an exceptional performance with results that validate our position as one of the top performing security services vendors in the market.

A few years ago we saw how a new wave and trend in ransomware attacks. In the attacks on the City of Pensacola and the New Jersey synagogue, not only had the data been encrypted, it had been exfiltrated and the attackers were demanding a ransom for not making it public.

The impact of these types of attacks goes beyond encryption and the need to recover backups, but puts companies at risk of suffering significant financial and reputational losses from lawsuits, litigation and non-compliance with regulations.

In the last years we saw how this trend has gone further and some organizations have even decided to pay attackers to avoid penalties or litigation.

Publication of company data by DDoSecrets activists

Some time ago, the activists known as “Distributed Denial of Secrets” DDoSecrets published on their website more than 1 terabyte of sensitive data that were exfiltrated in ransomware attacks and had been picked up from “dark web” sites. This data includes more than 750,000 emails and documents from different companies. Additionally, this group of transparency activists is privately offering massive amounts of business data to a select group of journalists and academic researchers. These data come from companies in different sectors such as financial, pharmaceutical, energy, manufacturing, retail, software, real estate.

According to DDoSecrets, if there is information, technical data, specifications, etc. of a company in any sector that can accelerate the progress of a certain industry or make people’s lives safer, they have a duty to make this information available to journalists and people in academia so that they know the dark way in which these companies typically operate.

1.2 GB of published data from the Scottish Environmental Protection Agency

The Scottish Environment Protection Agency (SEPA) had confirmed that, after refusing to pay a ransom, an organized group of hackers had published 1.2 GB of data extracted as a result of a ransomware attack. According to the agency at least 4,000 files have been stolen that included workers’ personal information purchasing information, documents on ongoing projects, and information related to the agency’s corporate plans.

Data published after exfiltrations in financial and wealth management companies

At the end of 2020 stolen data from different financial and wealth management companies published were found on sites operated by Sodinokibi and NetWalker ransomware gangs. The way of operating is the one that we have already commented, first the confidential data of these organizations are stolen to later request a ransom for not publishing this data. This data contained employee files, audits, financial documents, payroll data, customer files, etc. Even the Sodinokibi criminal gang auctioned this data on different forums on the Dark Web.

Attacks targeting executives to extract confidential information

Ransomware gangs are targeting the computers or devices of senior company executives to obtain sensitive information that they can later use to extort money from companies for hefty ransoms. According to ZDNet, discovered this tactic after talking to a company that had paid a multi-million dollar ransom to the Clop ransomware gang. After several calls, they discovered that this was not an isolated case.

This group focuses on extracting files and emails from executives that can be useful to threaten them and put the company’s management under pressure to obtain a ransom. Ransomware attacks usually go for the “crown jewels” or those data that have the most value for the company, so it is not surprising that sooner or later they focused their objectives on the group of company executives.

27% of organizations decide to pay the ransom

According to a survey conducted by security maker Crowdstrike, among all organizations attacked by ransomware 27% decide to pay the ransom, with the average being USD 1.1M. Many decide to make the payment to avoid fines for non-compliance with regulations, or to face litigation and millionaire lawsuits or simply to avoid further scandals that can seriously damage their reputation.

For example, the University Hospital of New Jersey paid 670K USD to the SunCrypt ransomware band to prevent the publication of 240 GB of stolen data including patient data. After 48,000 documents pertaining to the hospital were published, a representative of the hospital contacted the attackers via its payment portal on the dark web to negotiate the cessation of new publications of patient data.

To pay or not to pay the ransom

Of course, the FBI strongly advises against paying a ransom, partly because it does not guarantee that the criminal organization won’t have access again to your data or that it won’t be published. Furthermore, it incites attackers to increase their actions against other organizations and to continue profiting from extortion. In any case, the FBI understands that when companies are unable to continue with their functions, they will evaluate all options to protect their shareholders, employees and customers. On the other hand, the controversy arises as to whether paying a ransom may violate laws on financing terrorist activities, money laundering, etc.

Data encryption as a means to protect against a ransomware attack

Data encryption protects information wherever it moves. If the data has been encrypted, it will be inaccessible or useless to cybercriminals. The data may be re-encrypted by the malware, but if it is extracted, they cannot be published as is happening in recent attacks where data is extracted in clear and extorted with the potential publication of the same.

Organizations must not only consider a traditional encryption solution to protect themselves from these attacks, but also one that have control on access and identity so makes it possible to restrict access permissions (View, edit, print, etc.).

How SealPath can help prevent the effects of a ransmoware attack

With a data-centric security solution like SealPath:

• The data will remain protected when is at rest, in transit and in use.

• It is possible to limit access permissions, so that if a document is shared with a third party, they can open it and work with the document without having to unprotect it, thus the copies remain encrypted wherever they behave.

• It is possible to control the identity of the people who can access a certain file. In this way, if an identity has been compromised, it is possible to revoke access to the documents to it.

SealPath also offers a complete audit of accesses to protected information, so that users’ activity on sensitive documentation of the organization can be seen. If you want to know more, click below, and you will see the features of SealPath’s data protection solution.

Don’t wait to ask yourself whether or not the ransom is worth paying, put the means first to have your data safe and under control in any location and safe from possible ransomware attacks. Contact our team here and we will help you as soon as possible.

Source: SealPath

IT-SA EXPO&CONGRESS IS EUROPE’S LARGEST TRADE FAIR FOR IT SECURITY…

…and one of the most important dialogue platforms for IT security solutions.

The trade fair covers the entire range of products and services in the field of cybersecurity: hardware, software, training and consulting services as well as Security as a Service. Important topics at it-sa are cloud and mobile security, data and network security, the protection of critical infrastructures, and industrial Security.

Since 2009, it-sa Expo&Congress in Nuremberg has been the meeting place for decision-makers, experts and IT security officers from all sectors of the economy. Whether they represent industry, the service sector or public administration, the exhibitors at it-sa offer customized and individual solutions.

On the exhibitor side, it-sa addresses the entire IT security market, including physical IT security. The event thus offers trade visitors a showcase of the IT security industry from Germany and abroad that is unique in Europe. Outstanding innovations by young companies in the field of cyber security will be honored with the ATHENE Startup Award UP@it-sa.

The freely accessible lecture program and product-neutral contributions and discussion panels from the it-sa insights series provide trade fair visitors to it-sa with the latest expertise in the industry. In addition, the congress program Congress@it-sa, organized in cooperation with renowned associations and organizations, offers an intensive dialogue on current topics in IT security.

NSS’s Executive Director, George F. Kapaniris, visited Europe’s largest cyber security exhibition/conference and had meetings with partners and prominent executives from the cyber security field, including SOPHOS, BeyondTrust, Fortra (HelpSystems), Cherry Solutions and others.

NSS is an international Value Added Distributor of leading edge IT solutions, covering technology areas including information security, networking, unified communications, data storage, virtualization, and data centre infrastructure systems. Through high technology and deep knowledge of the marketplace, NSS executes the due diligence to select leading edge strategic partnerships with superior vendors and leading technologies that give our channel an opportunity to differentiate from the competition in a crowded market through first class proven solutions.

NSS offers its resellers a portfolio of products that integrate to each other ideally for creating innovative solutions. NSS together with the channel partners can develop opportunities and convert them to sales. NSS having developed a circle of trust with the vendors use trade-in options to encourage new business together with the channel. Last but not least, NSS is applying waste management practices in order to dispose of used equipment securely and responsibly, sometimes even helping in acquiring the new equipment offered. NSS Professional services include extensive presales, implementation, configuration and training. NSS has an impressive pool of skilled engineers and consultants to support the VARs.

HelpSystems announced today that it has become Fortra™ a name synchronous with security and defense. This evolution reflects the company’s enhanced commitment to helping customers simplify the complexity of cybersecurity in a business environment increasingly under siege. With a stronger line of defense from a single provider, organizations of all kinds can look to Fortra to increase security maturity while reducing the burdens to everyday productivity.

“The cybersecurity industry is always changing, and we’re evolving along with it,” said Kate Bolseth, CEO, Fortra. “This is a pivotal, exciting moment for us as we’re defining a new, bold path forward that will bring positive change to the industry and our customers. Everyone at Fortra is rallying behind this movement to tackle seemingly unmanageable security challenges and alleviate the constant worry many of our customers face. As Fortra, we want our customers to think of us as their cybersecurity ally, with them every step of the way.”

In recent years, Fortra has grown to more than 3,000 employees with offices in 18 countries and over 30,000 global customers. As part of this evolution, the company shifted its focus to cybersecurity and automation, building a best-in-class portfolio with key capabilities in data security, infrastructure protection, and managed security services. These acquisitions have included Alert Logic, Digital Guardian, Cobalt Strike, Tripwire, Digital Defense, Terranova Security, Agari, PhishLabs, Core Security, GoAnywhere, Titus, and other well-known software and services providers.

Such a rich collection of proven solutions has built the organization’s roster of industry experts and enabled innovative integrations to help customers solve challenges in new, streamlined ways. These integrations incorporate emerging threat intelligence for more effective protection against rapidly evolving cyberthreats. In fact, Fortra’s 350-person threat research and intelligence team stays abreast of emerging threats not only to guide customers in their defense efforts, but also to infuse its software and services with critical insights.

“We’re proud of our role as a trusted leader in the industry and will continue to give our customers the same people-first support and best-in-class solution portfolio they’ve come to expect, making cybersecurity stronger and simpler than ever before,” Bolseth said.

HelpSystems Is Now Fortra

The realm of cybersecurity and automation is always changing, and we’re evolving right alongside it. Say hello to Fortra, the new face of HelpSystems. We’re bringing you the same people-first support you’ve come to expect from HelpSystems, only now we’ve been Fortra-fied with the purpose of providing you with exceptional protection and peace of mind along every step of your journey.

Our team of expert problem solvers is ready to find answers to your organization’s toughest problems, and our best-in-class portfolio ensures that we’ll land on an integrated, scalable solution that’s right for you.

We’re tenacious in our pursuit of a stronger, simpler future for cybersecurity.

Who’s with us?

The Fortra Story

Learn more at Fortra.com

Hackers have a deep playbook for penetrating networks. Even when managed service providers (MSPs) provide their clients with a robust defense, malicious actors can still infiltrate systems to launch ransomware or other attacks.

Small and medium-sized businesses (SMBs) look to MSPs for help because they can’t protect themselves in the face of mounting threats. For example, a recent study showed that ransomware attacks have nearly doubled since 2020, just one of many attack vectors that can severely impact company operations.

While MSPs are increasingly well-versed in cybersecurity measures, they can become overwhelmed. Software tools such as antivirus (AV) and endpoint detection and response (EDR) help them to detect when security issues arise. However, many MSPs do not have the necessary capabilities to carry out threat hunting and incident response for digital forensics investigations and analyzing malware.

Highly trained cybersecurity professionals with the skills to provide advanced threat protection (ATP) are expensive to hire and in high demand. The vast majority of MSPs are not in the position to build up a massive ATP infrastructure and team, but they do have a quality option: managed detection and response (MDR).

Also known as a managed security operations center (SOC), or MDR, managed SOC provides the highest level of threat protection to MSPs and their clients. It combines technology solutions with expert human teams for advanced threat hunting, monitoring and incident response. Armed with MDR, MSPs can identify threats and quickly limit their impact without having to add costly additional staff.

What is MDR? A cybersecurity necessity

The role of managed SOC, or MDR, solutions has evolved significantly in an MSP’s practice. For an increasingly large proportion of SMB clients, MDR has gone from a nice-to-have to a necessity.

This shift is reflected in the core tenets of the NIST cybersecurity framework, a set of interconnected steps for managing risk to critical infrastructure. They are:

• Identify
• Protect
• Detect
• Respond
• Recover

Most organizations today – MSPs, small businesses, IT departments – spend 85% of their budget on “protect”, leaving only a small portion to spend on the other four phases. However, there is a growing awareness that a change in cybersecurity investment is now needed. The leading research firm Gartner recently observed:

“IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. Organizations need to detect and respond to malicious behaviors and incidents, because even the best preventative controls will not prevent all incidents.”

Adding MDR and managed SOC are how MSPs address this reality. For example, protection measures such as AV and firewall may detect malicious files, but additional security must now go far beyond that.

That’s because hackers are increasingly using techniques to infiltrate networks that do not appear malicious on the surface, allowing them to evade defenses. Once a hacker has entered an SMB’s network with this technique, they can dwell unseen in the system, gathering critical information before they strike.

For instance, bad actors know that they can use a normal tool like the Windows PowerShell command-line interface (CLI) for abnormal activities. Working from PowerShell, a hacker can then pull the Mimikatz open-source application to watch for and harvest authentication credentials as packets move through the system. AV software won’t register something like that as a malicious act, but it’s certainly a suspicious one, especially if the commands are originating from a hostile nation.

MDR helps MSPs to spot bad behaviors that get past AV and other traditional protective measures. With a solution like Datto Managed SOC in place, MSPs are alerted of these hidden compromises so they can find, contain and neutralize such an attack before it becomes a major problem.

Better economics

From a security standpoint, MDR makes sense, especially as ransomware gangs and other bad actors become increasingly sophisticated.

Outsourcing MDR to a managed SOC is also the right budgetary choice for an MSP – and often the only feasible option. That’s because building a SOC from the ground up in-house is prohibitively expensive. Without even accounting for the technology infrastructure, the staffing costs can be staggering. In order to run 24/7 a SOC needs at least three expert security analysts, but it reasonably requires several more than that.

However, skilled MDR professionals are in high demand now and are commanding equally high salaries. That leads to a Catch-22 for MSPs who are considering homegrown MDR services: Do you invest heavily in setting up your in-house SOC first and then try and get the clients? Or do you sell clients on it and then try to build up the staff and services to keep your promises? It’s an expensive risk on the one hand, a reputational risk on the other.

The more sensible path for MSPs is to white label their MDR by outsourcing a managed SOC service. That’s how MSPs are responding to this growing need in the market, in a way that they couldn’t do otherwise.

The role of remediation

With MDR in place via a managed SOC, MSPs can go on the offensive by detecting and containing security threats before they spread. This threat hunting is key to cybersecurity remediation, which is the process of identifying and fixing IT security problems. Remediation also involves resolving any issues that might have arisen after a breach.

Threat hunting is a more mature security activity requiring deep experience in forensics and incident response – initiatives that most MSPs lack the people, training and tools to undertake. The operations of more and more SMBs are transitioning to digital infrastructure, however, meaning that anyone can become a target. That’s because any kind of customer information today has value, so it can be stolen and resold on the dark web.

When an MSP offers MDR, cybersecurity becomes proactive. Managed SOC experts are trained to root out bad actors that have infiltrated SMB endpoints and networks and contain those threats. As discussed above, that goes beyond negating the likes of malware, ransomware, distributed denial of service (DDOS) attacks, and phishing: MDR professionals recognize seemingly normal activities that can devastate a business if left unchecked.

Managed SOC is MDR: How to find the right provider

The right MDR ensures that MSPs can instantly extend their team to include world-class personnel who are experts in 24×7 threat monitoring.

MSPs should look for a managed SOC that protects clients across their entire infrastructure including endpoints, networks and the cloud. Efficient log monitoring, threat intelligence and hunting, breach detection, intrusion monitoring, advanced malware prevention, and PSA ticketing should all be included. These features are essential for comprehensive protection and effective remediation that won’t tax MSP personnel.

Improve your security offerings and experience the confidence that comes with continuous protection against attackers. Schedule a demo of Datto Managed SOC.

Source: Datto