Sophos Zero Trust Network Access is now available with gateway support for the Microsoft Hyper-V 2016 platform and above. This release also introduces troubleshooting and scalability enhancements with an increase in tunnel capacity from 1,000 to 10,000 clients per node, representing a ten-fold increase.

New to this release:

• Hyper-V support
• Troubleshooting via console diagnostics
• Capacity enhancements
• SaaS application access with Synchronized Security

Hyper-V 2016+ support

Hyper-V support expands the ZTNA gateway deployment options considerably by including Microsoft’s very popular hypervisor platform. Download the new ZTNA gateway image for Hyper-V from the ZTNA Gateways area in Sophos Central. Click “Download gateway V”’ at the top of the screen.

The virtual gateway is also accessible from the “Protect Devices” menu in Sophos Central.

Troubleshooting via console diagnostics

One of the most frequently requested enhancements, which comes with this release, is support for troubleshooting via console diagnostics on the ZTNA gateway.

Users can access the console and run pre-defined diagnostics tests to troubleshoot connectivity or other issues preventing a gateway from being managed via Sophos Central. A brief explanation will be displayed on the console itself. Check out the ZTNA troubleshooting guide for further information.

Node capacity and scaling enhancements

Client capacity has been significantly enhanced in this release. Sophos ZTNA gateways with a single VM node (using 2 cores and 4 GB of RAM) now support up to 10,000 clients, and the maximum cluster of 9 nodes supports up to 90,000 clients. This represents a ten-fold increase over the previous version.

Existing deployments should update their gateway firmware to take advantage of this enhanced capacity.

Zero trust access to SaaS applications

ZTNA takes advantage of the simplicity of SaaS-based IP access enforcement and provides a new method for controlling access to SaaS applications.

ZTNA routes SaaS application traffic via the ZTNA gateway and provides several security benefits.

• Visibility into SaaS access: visibility and reporting from application access to SaaS and private applications.
• Enforcement: control what users and access methods are allowed to SaaS apps with a zero-trust approach.
• Dynamic access with Synchronized Security: automatically isolate and gate access from infected endpoints to stop threats from spreading and impacting data in SaaS applications and private applications.

To take advantage of this feature, your SaaS applications must support IP access controls. Whether your users are working remotely or in the office, ZTNA ensures that only verified users and healthy devices can access your important SaaS applications. While this is not a replacement for a full-featured CASB solution, it does provide additional controls and security enhancements for your SaaS applications and data.

Find out more in the ZTNA user documentation.

New to Sophos ZTNA?

If you’re new to Sophos ZTNA and want to learn more, head over to Sophos.com/ZTNA to learn why ZTNA is the ideal remote-access solution to securely connect users to your networked applications.

• Download our latest whitepaper on the Top Six Advantages of ZTNA
• Watch a video on Remote Access VPN vs ZTNA
• Get the latest ZTNA datasheet

Source: Sophos

The retail sector is no exception when it comes to the growing ransomware challenge that other industries face today. Retail saw the second highest rate of ransomware attacks across sectors, with two in three organizations reporting data encryption following a ransomware attack.

We’ve just released the State of Ransomware in Retail 2022 report, which offers fresh insights into ransomware attack rates, costs and recovery, and ransom payouts by retail organizations over the last year.

The report is based on our annual study of the real-world ransomware experiences of IT professionals, of which 422 respondents belonged to the retail sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging attack environment, with retail https://vimeo.com/744259875reporting an above-average financial and operational impact of ransomware attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

• Retail reported a 75% increase in the rate of ransomware attacks over the last year: 77% of organizations were hit in 2021, up from 44% in 2020
• The increased attack rate is part of a cross-sector, global trend. The retail sector reported the second-highest rate of ransomware attacks across all sectors
• Retail experienced an above-average rate of data encryption at 68%; for comparison, the global average was 65%
• Only 28% of retail respondents said they were able to stop an attack before data could be encrypted – below the global average of 31%
• 49% of retail organizations paid the ransom to restore data – higher than the global average of 46%
• The amount of data restored by retail after paying the ransom dropped from 67% in 2020 to 62% in 2021. Following the same trend, the percentage of retail organizations that got ALL their encrypted data back went down from 9% in 2020 to 5% in 2021. For comparison, the global average in 2021 was 4%.
• The average ransom payment by retail was less than one-third of the cross-sector average: $226,044 in retail vs $812,360 across sectors
• The overall cost to remediate a ransomware attack for retail organizations dropped over the last year, down from US$1.97M in 2020 to US$1.27 in 2021. The cross-sector average was US$1.4M, for comparison.
• 88% of retail organizations reported having cyber insurance coverage against ransomware – the second highest rate across all sectors, compared with the cross-sector average of 83%
• Cyber insurance is driving retail organizations to improve cyber defenses – 97% in retail have upgraded their cyber defenses to secure coverage
• Retail reported a below-average rate of ransom payout by insurance providers at 35% compared to the cross-sector average of 40%

The increasing rate of ransomware attacks in retail demonstrates that adversaries have become considerably more capable of executing attacks at scale by successfully deploying the ransomware-as-a-service model.

Most retail organizations are choosing to reduce the financial risks associated with such attacks by taking cyber insurance. For them, it is reassuring to know that insurers pay some costs in almost all claims. However, the sector has one of the lowest ransom payout rates by cyber insurers.

It is getting harder for organizations, especially in the retail sector, to secure coverage. This has driven almost all retail organizations to make changes to their cyber defenses to improve their cyber insurance positions.

Read the full report: The State of Ransomware in Retail 2022

Source: Sophos

Kaseya, the leading global provider of unified IT management and security software for managed service providers (MSPs) and mid-market enterprises (MMEs), opened DattoCon in person following a three-year pandemic-induced hiatus.

The conference attracted over 2.700 from 29 countries and was held September 11-13th at the Walter E. Washington Convention Center in Washington, D.C. Kaseya CEO Fred Voccola joined by leaders from Datto, articulated the strategic direction of Datto and unveiled a host of innovations, including the latest additions to the security portfolio available for Datto Partners to offer to their customers.

“We are super excited about this year’s DattoCon and sharing with our partners, how much stronger we are as a result of Kaseya and Datto coming together,” said Voccola. “We’re also happy to have everyone back together for the first in person DattoCon since the pandemic – this will be a tremendous opportunity for networking, learning and some fun!”

Fred Voccola shared the vision behind combining Datto and Kaseya and highlighted exciting new developments, including new product innovations and enhanced pricing options for Datto partners during his CEO keynote address. A big message during Monday’s start of DattoCon 2022 was helping MSPs make the most of the massive market opportunity with SMBs by reducing their pain points.

Kaseya is going to make Datto more affordable and help MSPs and address challenges like “vendor fatigue.” That’s according to Fred Voccola, Kaseya’s CEO. He addressed MSPs during the start of this week’s DattoCon 2022 in Washington, D.C. More than 2,700 attendees are at the conference.

Voccola said Datto‘s Autotask is the best professional services platform (PSA), and its remote monitoring and management (RMM) “rocks.” He also said MSPs will see an average 15% reduction in the cost of Datto solutions. “Is Kaseya going to force a change in commercial terms?” Voccola said. “Absolutely not, we’re not changing any terms of existing licensing deals. We will continue the existing business models and offer enhanced savings for longer-term commitments.” MSPs are suffering from vendor fatigue in that the average MSP is working with 17 vendors, he said. That’s “too much overhead and a pain in the butt.” Kaseya and Datto coming together can potentially reduce that from 17 to one, “greatly reducing complexity in managing vendors,” Voccola said. “We address this with workflow integrations,” he said. “Because we own the platform and control the road map, we’re able to deliver hundreds of deep integrations, adding about 25 per month, on top of lightweight integrations we have.”

It’s now been 10 weeks since Kaseya completed its $6.2 billion acquisition of Datto. The deal has generated controversy from MSPs concerned Datto will change for the worse as a result. Voccola (pictured on stage above) said Datto plus Kaseya is “100% focused” on partner-centricity. “Our company exists to serve the MSP community,” he said. “This company only succeeds when you succeed. We recognize everything we do is built around that fact.”

With the Datto acquisition, the combined company is making a $14 billion investment in the MSP community.

Voccola said Kaseya and Datto coming together is “transformational” for the industry. “But us as a company, we’re going to make mistakes, but we’re going to do more things right than wrong,” he said. “And our strategy is invest a ton of resources in … what we believe is needed to make MSPs successful.”

Kaseya didn’t buy Datto to create value by cutting costs and maximizing earnings, Voccola said. “Our investment thesis is one of growth, and growth requires investment,” he said. Kaseya already has added 65 people in R&D and plans to add an additional 100 in the months ahead, Voccola said. Also, January 1 of this year, there were 826 bodies in software development. Today, there’s 891. By the end of the year, we are hoping to have a little over 1,000 people, he said.

“We are giving the ammunition, the resources to the people who design really awesome products so they can do more,” he said. “This isn’t something that’s going to backtrack if the global economy slows down.” Kaseya has worked to commercially integrate new products from the Datto acquisition. And Kaseya will integrate all of Datto by January, Voccola said. “There are already six workflow integrations completed, and we’ll be adding 30 in the coming weeks, all done within IT Complete,” he said.

Datto’s global partner program is expanding, offering more partners the ability to participate in the MSP growth-oriented program. This includes doubling market development funds (MDF) and tripling global partner program personnel. Attendees also got a preview of multiple innovations the company is planning, including Datto Managed SOC, powered by RocketCyber; Datto EDR; and Datto Secure Edge, a SASE offering. These solutions allow users to securely connect from anywhere and access sensitive data in the cloud, the company said. 

Source: Datto, Channel Futures, Channel Futures and CRN

Did you know that human mistakes are to blame for 95% of all cybersecurity breaches?

Cyberattacks can affect any firm, regardless of size. To launch these attacks and access an organization’s computer systems, hackers are employing increasingly complex methods. Depending on your location, you may be required to follow specific cybersecurity regulations to demonstrate that your essential assets are protected.

If you don’t, you could face high fines and legal difficulties if your data is exposed as a result of a system breach. As a result, there’s a lot of pressure to comply with these stringent cybersecurity laws and regulations.

Read on to find out more.

What does cybersecurity regulatory compliance mean?

Cybersecurity regulatory compliance entails adhering to several measures to safeguard data confidentiality, integrity, and accessibility.

Cybersecurity standards vary depending on the industry and sector, but they often require the use of a variety of organizational processes and technology to protect data.

The CIS, the NIST Cybersecurity Framework, and ISO 27001 are just a few security frameworks and sources of controls.

Major government cybersecurity regulations

For smooth operations, your business needs to be compliant with the law. Some major government and banking cybersecurity compliance regulations include:

HIPAA

HIPAA is an acronym for the Health Insurance Portability and Accountability Act. Approved in 1996, this legislation contains restrictions to ensure the privacy, integrity, and accessibility of Personal Health Information (PHI).

HIPAA involves healthcare cybersecurity regulations that apply to healthcare providers, health plans, and others who manage PHI. If you’re not sure if HIPAA applies to you, we recommend speaking with an attorney with regulatory compliance experience.

GDPR

The General Data Protection Regulation (GDPR) is a set of data privacy policies that the European Union introduced in 2018 to coordinate data privacy laws across Europe.

All EU member states, the European Economic Area (EEA), and personal data transfers beyond the EU and EEA are covered by the GDPR. This means that GDPR obligations apply to any firm that collects data or targets individuals in the EU, regardless of its location.

The GDPR’s principal goal is to give individuals more control over their data while simultaneously unifying EU legislation to make the regulatory environment easier for transnational businesses. The GDPR specifies guidelines for personal data protection, data minimization, and security.

FERPA

The Family Educational Rights and Privacy Act, or FERPA, is a federal statute that protects the confidentiality of student educational data. All institutions that receive financing from the US Department of Education are subject to this law.

FERPA provides parents, students over the age of 18, and students attending colleges, universities, or trade schools with specific rights and safeguards regarding their educational records.

CCPA

The California Consumer Privacy Act (CCPA) is a state statute enacted to strengthen the privacy rights and consumer protections of California residents. Taking effect in 2020, this was the first law in the United States to provide comprehensive data privacy laws, similar to the GDPR in the European Union.

The CCPA applies to any California-based corporation that generates at least $25 million in annual revenue, makes more than 50% of its revenue from user data collection, or collects data on more than 50,000 users. This includes any corporation that collects or sells personal information from California users, regardless of the location.

Although these four above are some of the most well-known regulations there are lots more out there so it’s always important to check your local regulations with a legal professional.

4 tips for cybersecurity regulatory compliance

Cybersecurity compliance is a core part of any business. To keep up with relevant cybersecurity rules and regulations so you can be compliant, here are some basic steps.

1. Identify what requirements may apply

To start working toward cybersecurity regulatory compliance, you must first determine which regulations or laws you must follow. To begin with, data breach notification regulations exist in every state in the United States, requiring you to tell customers if their personal information is compromised.

For example, regardless of which state your firm is in, if your business deals with the financial information of a New York resident, you would be subject to the NYDFS Cybersecurity Regulation’s set of standards.

Furthermore, the California Consumer Privacy Act and the New York Department of Financial Services Cybersecurity Regulation impose restrictions that may apply to your firm based in any state if you deal with data covered by these laws.

2. Implement policies, procedures, and process controls

It’s not only about technology when it comes to cybersecurity regulatory compliance. It’s also critical to have risk-mitigation policies and processes in place for both compliance and safety.

There is no technical precaution in the world that can prohibit a committed employee from downloading malware onto company systems or visiting unsafe websites.

3. Conduct risk and vulnerability assessments

Almost every significant cybersecurity compliance obligation necessitates a thorough risk and vulnerability analysis. These are crucial in determining the most serious security issues in your organization, as well as the controls you already have in place.

When doing vulnerability assessments, it’s also important to think about your risk of ransomware attacks.

4. Review and test

Examine any applicable government cybersecurity rules that must be followed, and make sure to test your controls regularly. It’s easy to lose track of cybersecurity laws and regulations as firms grow and develop, but regular testing can help you stay on track.

It’s a good idea to keep an eye on compliance as new standards emerge and existing ones change, and to test both technological and process controls regularly. If you are unsure whether you are meeting a compliance requirement, we recommend consulting with a cybersecurity compliance attorney.

How Datto can help

The sort of data you manage, your industry, your regulatory body, and the geographic boundaries in which you operate all influence your regulatory responsibilities.

However, you should speak with a compliance consultant or an attorney to determine the specific cybersecurity regulations that apply to your company.

Contact us if you or your business requires assistance in dealing with cybersecurity compliance obligations. We will be pleased to address any questions you may have about our services.

Source: Datto

With perimeter boundaries quickly blurring thanks to remote care and telehealth, the implicit trust placed in perimeter-centric security makes healthcare dangerously vulnerable.

The Sophos State of Ransomware in Healthcare 2022 report revealed a 94% increase in ransomware attacks on healthcare year over year, with 66% of healthcare organizations getting hit by ransomware in 2021.

Furthermore, 61% of these attacks resulted in data encryption, making healthcare data unavailable until the victims paid ransom or restored their systems. Such attacks can prove deadly as they disrupt patient care and safety.

So, healthcare today is as much about securing patient data as it is about providing effective patient care.

It’s a challenge for caregivers, remote healthcare workers, and outsourced staff who need access to such data to provide uninterrupted and remote patient care.

Not only do they need to contend with multiple industry regulations that regulate the use of protected health information (PHI), including the Health Insurance Portability and Accountability Act (HIPAA), but there’s also a labyrinth of access and authentication complexities as well.

The industry is moving to cloud-based apps and services while also witnessing a proliferation of IoMT devices, telehealth, remote patient monitoring, portable medical devices, augmented reality, and robotics – all of which use existing IT infrastructure and legacy security technologies, resulting in a broader attack surface.

Most attacks on healthcare organizations exploit the inherent trust and unrestricted access given to the users and devices that are protected by traditional perimeter-based security.

With perimeter boundaries quickly blurring thanks to remote care and telehealth, the implicit trust that organizations place in their perimeter-centric security makes them dangerously vulnerable.

ZTNA – or zero trust network access – makes healthcare IT more effortless and secure by verifying user identity, device health, and access policy before seamlessly granting access to network resources. It only connects users to very specific applications or systems, not the entire network.

ZTNA eliminates vulnerable VPN clients and can prevent compromised devices from connecting to applications and data, effectively preventing lateral movement and attacks like ransomware from getting a foothold on the network.

With Sophos ZTNA, you get the added benefit of a single-agent, single-console, single vendor solution for both ZTNA and your next-gen endpoint protection.

Sophos ZTNA uniquely integrates with Sophos Intercept X endpoint protection to constantly share status and health information and can automatically isolate compromised systems and prevent threats from moving or stealing data.

Sophos ZTNA removes implicit trust in your healthcare organization’s applications, users, and devices and provides segmented access to your systems and resources only to those who need it.

Learn more at Sophos.com/ZTNA.

Source: Sophos

[vc_row][vc_column width=”1/1″][vc_single_image media=”103038″ media_width_percent=”100″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20the%2021st%20and%2022nd%20of%20September%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-210407″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-377884″ text_size=”h1″ text_weight=”200″ text_color=”color-xsdn”]Sophos XGS Architect Training [/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Wednesday, September 21 & Thursday, September 22
(2 days crash Training / NSS Training Center – on premises)

A two-days crash training program which is designed and intended for experienced technical professionals who want to install, configure and support the XGS Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos.

Trainer: Micheal Eleftheroglou

Training room: NSS ATC training room 3^rd floor

Requirement 

• XGS Firewall _ Certified Engineer course and delta modules up to version 18.5

Recommended Knowledge

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XGS Architect

Duration 2 days

Language: Greek & English

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20the%2021st%20and%2022nd%20of%20September%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_single_image media=”103038″ media_width_percent=”100″ alignment=”center”][/vc_column][/vc_row]

Before trying to better understand what enterprise data security is, it’s best to know the meaning of data security in a broader sense. In essence, data security is everything that surrounds the protection of digital data from destructive forces or unwanted actions of unauthorized users, such as from a cyberattack or data breach. Data security should be a priority for just about any business or organization from mom-and-pop shops to mid-market companies; cyberattacks and data breaches do not discriminate.

The same can be said for large enterprises with several thousand employees, though, and oftentimes, the consequences of a security incident can be even more damaging due to the nature of the data those organizations handle. Enterprises like hospitals, financial institutions, and manufacturers create, transfer, and store particularly sensitive information that, in the eyes of cybercriminals, can be far more lucrative. In this way, because enterprises require specific solutions that can handle the sheer volume and sensitivity of the data they manage, enterprise data security is often considered a highly calculated and sophisticated form of data security.

When a large-scale data loss recently occurred at a backup provider, it shined a new spotlight on data safety. Managed service providers (MSPs) that were directly affected, as well as those that weren’t, had to re-evaluate their approach to client data protection.

When you place top priority on dependable backup, you position yourself to maintain long-term customer trust. This safeguards your own reputation and MSP business in the process.

At Datto, reliability of data safety eclipses all other considerations in the design of our business continuity and disaster recovery (BCDR) solutions including SIRIS, ALTO and Datto Continuity for Microsoft Azure. This approach is also central to our backup and restore solutions Cloud Continuity for PCs and SaaS Protection +.

The resilience of a purpose-built cloud

The Datto Cloud, purpose-built for backup and recovery, is immutable cloud storage made for MSPs like you. This means it provides the highest level of data protection, minimizing downtime for both MSP business and your clients.

We currently operate the Datto Cloud with more than 1.5 Exabyte (1500 petabytes) of data stored. As that number continues to increase, Datto has no plans to move our data backup and recovery storage to a third-party cloud. In fact, with the exponential growth of our partner MSPs’ businesses, Datto has performed eight data center migrations since 2018 to keep pace, and we have never lost a single byte of customer data, HDD, or server in the process.

MSPs that choose the predictable Datto Cloud are safeguarding more than your clients’ data — your services, MSP practices and reputation all have maximum protection. There are revenue benefits too, as the scalable Datto Cloud allows MSPs to keep growing your business. Datto invests heavily into scaling the cloud, to exceed the requirements of the fastest-growing MSPs and eliminate those unwelcome “no space” surprises.

Redundant and reliable

What makes the Datto Cloud highly reliable? Industry-best multi-tier resiliency and redundancy are present on every level, from HDDs to servers to data centers. If any major component of the Datto Cloud malfunctions, the data remains safe so you can keep providing predictable services to your clients.

Best practices have been applied at each stage to strengthen the Datto Cloud. In the Americas and EU, all data is replicated geographically from one data center to another that is in a distant location. Our abundance of caution extends to the server racks, where everything is redundant including:

• Power sources

• Power distribution units (PDU)

• Power supply units (PSU)

• Network interface cards (NIC)

• HDDs are in RAID configurations

• and more

As a result, the Datto Cloud is well equipped to minimize outages and the risk of data loss. When you choose Datto you can be sure that you will fully recover client systems after any disaster, so you can win the trust of your customers and accelerate business growth.

Do not deduplicate in the cloud

There’s another key factor that contributes to data safety: the file storage techniques used once files or workloads are backed up to the data center. A cornerstone of Datto’s commitment to MSP success is minimizing risk, a mindset that informs our strategic technology decisions.

One example of this is our design of the Datto Cloud. To increase the resilience of backups and diminish the risk of data loss, we intentionally decided not to use deduplication in the cloud. Deduplication is a storage method used by backup providers to reduce their storage resource consumption and associated costs. Its tradeoff is an increased risk of sprawling data loss that can have a disastrous impact on MSPs and their customers.

Deduplication works by storing identical blocks of data just once and then leveraging metadata to point to the actual data block content. For example, imagine one 20 MB PDF is stored in five folders for five different salespeople — the result is 100 MB of disk space maintaining one 20 MB file. With deduplication, only one complete copy is stored, and others are simply references pointing to that one saved copy. Users still see their files in place, but only 1/5th of the necessary storage is being consumed. Sounds great? Not necessarily.

The downside of deduplication emerges if the metadata or the stored block become corrupted or lost. That’s when multiple backups, customers, and MSPs can be affected. In our example, if the stored data is corrupt, all five files would be gone forever. With lost or corrupt metadata, it would be even worse — it would be nearly impossible to know which backups or salespeople have lost the file. Without the metadata, it becomes extremely difficult to determine which backups, customers or MSPs are affected.

Datto eliminates this hazard by using Inverse Chain Technology instead of deduplication. This is an elegant solution for issues associated with traditional backup chains, as while it transfers and stores only the differences between backups, each backup is seen as full and independent of other backup points,whether they come from the same machine, different machines, different users, or different MSPs.

Not only is there no deduplication metadata involved in the Datto Cloud, our Inverse Chain Technology eliminates the need for rehydration (the reconstruction of previously deduplicated data) or incremental backup chain reconstruction, which can be a very slow process. As a result, MSPs can easily tune and adjust backup parameters, and instantly restore to any point in time. This strategic design decision is one more reason why Datto assures confidence in the safety of your backups, as well as your ability to recover your clients’ systems quickly after a disaster.

As you evaluate your options for backup, being certain about data safety must take top priority. With the purpose-built and secure Datto Cloud at the core, the reliability of Datto solutions provide protection built for the MSP.

Source: Datto

Source: BeyondTrust

Source: Core Security

Congratulations! You’ve just completed a penetration test. So what now?

A pen test shouldn’t represent the pinnacle of your security efforts. Rather, the test validates what your organization is doing right and highlights areas for improvement.

Even if the test showed that it was possible to gain administrative access and move laterally through your network, this doesn’t mean you have “failed.” Rather, the purpose of a pen test is to find vulnerabilities so your organization can fix them before they are exploited and to advance the security of the network.

Take these four steps to maximize the effectiveness of pen testing:

1. Review and discuss the results
2. Develop a remediation plan
3. Validate implementation
4. Focus on continuous improvement​

Review and Discuss the Results 

The retrospective process after a pen test varies depending on several factors: the company’s needs, who completed the pen test, and the quality of the report.

A report should include these elements:

Summary of successful scenarios: An executive summary will list the steps that were performed, which ones were successful from an attacker point of view, and which ones failed.

List of information gathered​: A comprehensive report will include any information that could be a security weakness, including hosts, applications, identities, email addresses, credentials, and misconfigurations.

List and description of vulnerabilities: ​Also look for a prioritized list of the found vulnerabilities with the common vulnerabilities and exposures (CVE) score and exploit potential. Ranking vulnerabilities by potential severity will help with the development of a remediation roadmap. By pairing with a vulnerability management solution, you can refine prioritization even further with additional analysis and relevant risk context.

Detailed description of procedures​: A description and audit trail of all performed activities and their results will allow your security staff to retest for specific vulnerabilities after a patch has been applied or remediation performed.

Additionally, it’s critical that the C-suite knows what IT is doing to protect network infrastructure. An executive report outlining the high-level findings and remediation steps provides useful education and can help make the business case for necessary resources to move forward.

Develop a Remediation Plan 

Although it may seem counterintuitive, resist the urge to start making changes immediately. Developing a remediation plan is an essential first step, as it allows you time to prioritize planned fixes and research any mitigation strategies you may not fully understand. Many pen test reports include a rating on how severe the finding is based on potential impact and likelihood of exploitation, which will help you establish priorities.

Every finding should have a plan with a priority and, if possible, be assigned to someone to remediate —  with a due date. Those plans should be loaded into your security ticketing system so that you can track progress and completion of each task.

You want to avoid having the same critical vulnerabilities on multiple tests. If you aren’t keeping up with pen test findings and remediating them as soon as practical, you’re compromising your company’s cybersecurity posture.

Validate the Implementation 

Once the findings from the pen test have been remediated, it’s time to validate that the changes actually solved the issue. You can rerun the scenario that uncovered the vulnerability to ensure the fix is sufficient. Additionally, performing regular penetration tests can provide updated information on your security posture, particularly after changes have been made to your infrastructure. If you are using a vulnerability management solution that provides risk-based scoring, you can rerun your scans to assess whether your scores have improved.

Before running subsequent pen tests, however, it’s helpful to review the scope and findings of previous pen tests. The scope of each pen test can vary widely, with some looking more broadly at the IT infrastructure and others focusing on particular problem areas. By taking into account whether additional or different tests should be completed, you can ensure that you’re getting the most valuable insights possible.

Focus on Continuous Improvement​ 

Cybersecurity is a journey — not a destination. Your next pen test will likely uncover new vulnerabilities that require different types of remediation. If your pen testers return no findings, you should question the competence the efficacy of the test.

You also must recognize that some vulnerabilities will require larger-scale changes. If a vulnerability requires multi-factor authentication (MFA), for example, that’s a large project that will require capital spend and time to implement. Likewise, if your company is prone to phishing attacks, it will take time to implement a phishing solution to reduce your business risk.

While a passing grade on a pen test may help prove compliance to external auditors, pen tests provide even more value as agnostic assessments of your organization’s security posture.

A security team’s work is never done, so the focus should be on continuous improvement as you prepare for the next penetration test.

Source: Core Security by HelpSystems

Protect all your servers, from on-prem to multi-cloud, Windows to Linux, all fully integrated within Sophos Central.

Trust is a dangerous word in IT, especially when that trust is granted without much consideration: when it’s implied, or when it’s never questioned.

Creating a sealed-off perimeter where everything and everyone within the network is fully trusted has proven to be a flawed design. Yet, that’s how many networks are still implemented today.

Anyone with access to the network, either physically or via VPN, has broad access to everything on that network regardless of who they are, or what state their device is in.

There’s got to be a better way, right? Well, there is. It’s called zero trust… or trust nothing, verify everything… continuously.

With zero trust, nothing is implicitly trusted. Trust has to be earned – constantly. Zero trust is a very simple and elegant way of micro-segmenting the network so that only users who prove their identity and have compliant devices can access only very specific resources – and NOT the whole network. This has tremendous benefits for security.

Watch this short 3-minute video to learn more about why zero trust is so important:

Sophos ZTNA

Sophos ZTNA utilizes the principles of zero trust to provide workers with secure access to the networked applications, data, and systems they need to do their jobs… no matter where they’re located.

It’s just a better way of providing network access for remote workers, with greatly enhanced security, easier management, and a much more transparent end-user experience compared to old-school VPN.

And it’s the only ZTNA solution that’s tightly integrated with next-gen endpoint protection for a single-agent, single-console, single-vendor solution for all your remote workers’ protection and connectivity needs.

Check it out at Sophos.com/ZTNA

Source: Sophos

Sophos ZTNA has received Frost & Sullivan’s prestigious Global New Product Innovation Award in the zero trust network access industry. Frost & Sullivan applies a rigorous analytical process to evaluate multiple vendors for each award category before determining the final award recipient.

We are very honored that Sophos ZTNA was awarded this distinction based on alignment with needs, value, and customer experience.

Frost & Sullivan praised our focus on listening to market needs, keeping what is often considered an intimidating new technology simple to understand and easy to adopt. They also praised us for addressing the top complaints about existing solutions on the market.

They noted that we are uniquely positioned to provide a compelling integrated ZTNA and next-gen endpoint solution, something other vendors are unable to offer.

They acknowledged the significant benefits this type of integrated solution enables, such as Synchronized Security to share device health, a single agent deployment, and a single management console, along with a very elegant and simple licensing scheme.

Frost & Sullivan concluded that Sophos ZTNA matches customer needs for simplification in every aspect, ranging from design to purchase and service experience by integrating our ZTNA solution into our broader ecosystem of cybersecurity products, all managed from a single cloud console – Sophos Central.

“Sophos has designed an innovative ZTNA solution… With its strong overall performance, Sophos earns Frost & Sullivan’s 2022 Global New Product Innovation Award in the zero trust network access industry”

Download the full Frost & Sullivan Award Report and check Sophos.com/ZTNA for more information.

Source: Sophos

Sophos Firewall OS v19 MR1 brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever.

Can you believe it? Cobalt Strike is 10 years old! Think back to the summer of 2012. The Olympics were taking place in London. CERN announced the discovery of a new particle. The Mars Rover, Curiosity, successfully landed on the red planet. And despite the numerous eschatological claims of the world ending by December, Raphael Mudge diligently worked to create and debut a solution unique to the cybersecurity market.

Raphael designed Cobalt Strike as a big brother to Armitage, his original project that served as a graphical cyber-attack management tool for Metasploit. Cobalt Strike quickly took off as an advanced adversary emulation tool ideal for post-exploitation exercises by Red Teams.

Flash forward to 2022 and not only is the world still turning, Cobalt Strike continues to mature, having become a favorite tool of top cybersecurity experts. The Cobalt Strike team has also grown accordingly, with more members than ever working on research activities to further add features, enhance security, and fulfill customer requests. With version 4.7 nearly ready, we’re eager to show you what we’ve been working on.

However, we’d be remiss not to take a moment to pause and thank the Cobalt Strike user community for all you’ve done to contribute over the years to help this solution evolve. But how could we best show our appreciation? A glitter unicorn card talking about “celebrating the journey”? A flash mob dance to Hall & Oates’ “You Make My Dreams Come True”? Hire a plane to write “With users like you, we’ve Cobalt Struck gold!” It turns out that that it is very difficult to express gratitude in a non-cheesy way, but we’ve tried our best with the following video:

Source: HelpSystems

TLS is a popular Internet security protocol designed to establish secure communications that provides both privacy and data security. TLS was first developed by the Internet Engineering Task Force (IETF) with the first version being published in 1999.

TLS was created from another encryption protocol called Secure Sockets Layer, or SSL. Since both protocols are so closely related, you may hear others use SSL and TLS interchangeably to describe secure communications over the Internet.

Ports 587, 2525, and 465 are commonly used to establish secure connections, but which you use varies based on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.

What is STARTTLS?

STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.

How does TLS protect email communications?

TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. TLS utilizes asymmetric encryption to keep email communications private and untampered with while in transit. In other words, using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.

Emails that use SMTP risk having their messages compromised by man-in-the-middle attacks or wiretaps if they are operating without encryption. These attacks can silently copy your emails and read their contents or even change the contents of the message while it’s in transit. This not only compromises the integrity of the email, but can provide valuable information to attackers who are capable of launching even more sophisticated attacks against your domain, such as spear phishing or whaling campaigns.

Secure connections are established using a series of steps known as a “TLS handshake”. This handshake requires two parties in order to create a secure connection. When a message is sent using TLS, the handshake process gets into motion as follows:

1. During the first phase, the client and server will specify which version of TLS they will use for the session.
2. Then the client and server will pick which cipher suit they will use.
3. The identity of the server will then be authenticated using the server’s TLS certificate.
4. Finally, session keys will be generated and used to encrypt the email messages once the handshake is completed.

How to check if an email is using TLS

Today, close to 90% of emails both sent and received are encrypted. But how can you check for yourself?

Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.

If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail, this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender’s address.

This can be done in Microsoft Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.

Is TLS the only protection I need?

TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:

• Man-in-the-middle attacks
• Messages read or eavesdropped on by attackers while in transit
• Messages being forwarded to attackers

However, TLS cannot protect emails against:

• Phishing attempts using lookalike domains
• Malicious attachments that contain viruses
• Links inside of emails that redirect to phishing sites
• Emails that use social engineering to trick recipients into sharing sensitive information
• Servers sending spoof emails from domains that they do not control or defend

The Agari Advantage

Agari’s Email Security solutions utilize TLS and DMARC to ensure that emails are encrypted, as well as protected against phishing attacks from domain spoofing. Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t have to abuse a lack of encryption to succeed.

By combining TLS encryption, organizations can deploy a security strategy that stops email-based attacks at all levels. For email protection beyond TLS, watch Agari’s Phishing Defense simulated product tour to see it in action for yourself!

Source: HelpSystems

Organizations are rapidly switching to Sophos’ managed detection and response service to enjoy better cybersecurity outcome.

We are thrilled to share that Sophos Managed Threat Response (MTR), our 24/7 human-led threat hunting, detection, and response service, now supports over 10,000 organizations around the world.

As cyber threats grow in both volume and complexity, organizations of all sizes and industries are increasingly turning to Sophos to enhance their cyber defenses. Testament to the quality of service and threat protection we provide, in independent reviews on Gartner Peer Insights customers rate us 4.7/5 as of July 2022.

Along with our customer base, we’re also expanding our our MDR services to support customers on their security journeys. For example, following our recent acquisition of SOC.OS we plan to include additional telemetry and context from alerts and events across dozens of third-party endpoint, server, firewall, identity and access management (IAM), cloud workload, email, and mobile security products. This will enable security operations teams to quickly understand and respond to the most urgent alerts across their entire estate.

Your security. Our responsibility.

We recognize and value the trust that customers place in us when they choose Sophos MTR. From the frontline threat hunters and response specialists in the MTR team to the malware, AI and engineering experts working behind the scenes, we are all fully focused on improving your cybersecurity outcomes.

Of course, each organization is different. That’s why we offer flexible service options that enable you to choose the level of support that best meet your needs.

• Managed by Sophos. Full 24/7/365 threat hunting and neutralization delivered by Sophos security operations specialists
• Managed together. Our experts work alongside your experts, enhancing your security operations and extending your protection, including evening, weekend and vacation cover
• Managed by you. Sophos XDR enables and empowers your team to conduct your threat hunting in-house using the latest next-gen technologies and threat intel insights

Our experts use the same Sophos next-gen technology as your experts, making it easy to switch support levels when your requirements change.

Sophos MTR in action: Neutralizing Cuba ransomware

Let me share with you a recent example of how Sophos MTR identified and neutralized a ransomware attack on a manufacturing organization, preventing data exfiltration, data encryption, business interruption, lost revenue, and remediation costs.

• Our operators detected suspicious indicators in the environment of a 200-seat customer working in the manufacturing sector. They noticed tools associated with ransomware groups along with Cobalt Strike, an adversary simulation tool that is commonly abused by threat actors
• Sophos MTR instantly alerted the customer and started an investigation, sharing samples with SophosLabs for detailed analysis
• Within 30 minutes SophosLabs confirmed a threat actor had gained access to the customers’ environment, and the adversary’s tactics, techniques, and procedures (TTP) matched the early stages of a Cuba ransomware attack
• Our team rapidly neutralized and evicted the adversary, preventing both data exfiltration and data encryption, and saving the customer hundreds of thousands of dollars of remediation cost, not to mention business interruption and lost earnings
• We were also able to guide the customer on how to harden their defenses to reduce the likelihood of future incidents

Improving cybersecurity outcomes at London South Bank University

Sophos MTR has enabled London South Bank University in the UK to strengthen cybersecurity for their 20,000 students and 2,500 staff while also freeing up the IT team to deliver initiatives that have increased student satisfaction. Hear their story in their word:

Πως μπορεί να σας βοηθήσει η Sophos

H Sophos μπορεί να προστατεύσει και να ενδυναμώσει τον οργανισμό σας, όπως ακριβώς έκανε στην περίπτωση του London South Bank University και χιλιάδες άλλους οργανισμούς σε όλο τον κόσμο.

Μιλήστε με τους ειδικούς συμβούλους της εταιρείας για να μάθετε περισσότερα για την υπηρεσία Sophos MTR και να συζητήσετε μαζί τους για το πως μπορούν να σας βοηθήσουν να επιτύχετε καλύτερα αποτελέσματα όσον αφορά την κυβερνοασφάλεια.    

Source: Sophos

How companies can layer security solutions to ensure their data is fully protected no matter where it resides, how it travels or is shared.

Data is Everywhere

Enterprise data security is all about protecting sensitive data and ensuring that protected information is not compromised. Data can be anywhere and everywhere, so securing it has gotten increasingly complex from inside and outside the organization. Further complicating data security is the shifting from centralized storage in a data center to distributed and portable datasets located on user devices, remote locations, connected endpoints, and multiple clouds. Data is no longer a static thing secured behind a firewall. Instead, data often move across numerous environments and different locations, devices, and geographies.

Modern data security must start at the business level. Effective data security is about visibility, classification, and automation. Visibility focuses on understanding which data is important to protect; classification is about creating scenarios, rules, and categories for safeguarding sensitive information. Automation helps enforce and ensure the controls, policies, and data handling rules are in place.

HelpSystems has several offerings that address the roadmap for effective data security and automation. At its core, enterprise data security has multiple pillars, including data classification, data loss prevention (DLP), email security, domain-based message authentication reporting & conformance (DMARC), and secure managed file transfer (MFT) solutions. Below is a short overview of how HelpSystems supports organizations with enterprise data management (we will go further in-depth in subsequent articles.)

Data Classification 

From the moment data is created, it becomes a liability. This is especially true if the data has no context. How can an organization protect its valuable, sensitive data if they don’t know what data they have? Identifying and classifying different data types, such as personally identifiable information (PII), is the basis of any good security plan. Classifying data provides important clarity for users and downstream security tools.

HelpSystems has 35 years of data classification experience and offers tailored solutions depending on different customer requirements.

Enterprise DLP

One of the main challenges with DLP is understanding trafficked data throughout the enterprise. Many traditional methods for monitoring and managing inbound and outbound traffic fall short as anyone with access to sensitive data can download and share corporate information.

In 2021, HelpSystems acquired DLP provider Digital Guardian to augment their SaaS and managed service endpoint, network, and cloud DLP capabilities.

Email Security 

When data travels in and out of a network by email, the policies and security controls in the email solution protect the organization from outbound data leakage and inbound threats. Data labelling ensures that sensitive data is handled correctly, data is protected against viruses and malware, and if messages contain unauthorized information, it is automatically removed.

The Clearswift Email Security solution works seamlessly with other HelpSystems data security tools to provide continuous protection as data moves via email.

Securing Enterprise Email with DMARC

Bad actors use obfuscation methods to send phishing emails, social engineering, spam, ransomware, and malware emails disguised as legitimate sources to trick unwitting victims. These attacks inflict significant damage to an enterprise’s reputation and brand and, in most cases, cause consequential financial loss.
HelpSystem’s DMARC solution, Agari, helps its customers to monitor, detect, and respond to all related email streams under their name to prevent the malicious ones from affecting their customers’ and employees’ inboxes.

Managed File Transfer & Rights Management

Organizations increasingly rely on exchanging sensitive data between their constituents, including customers, business partners, employees, and suppliers. These file transfers include reports, contracts, employee and customer information, and project information – any manipulation or loss of data results in compliance and overall security issues. The efficient movement of data between an organization and its third-party partners must be secure, auditable, and accountable for data privacy and integrity.

HelpSystems’ Secure Managed File Transfer solutions, GoAnywhere and Globalscape address the security, encryption, and data protection needed when transferring sensitive information across the enterprise and its trusted third parties. Adding Digital Rights Management (DRM) adds further encryption to ensure files remain protected after the file transfer.

Securing Data and Email Across the Enterprise

HelpSystems data protection, email security, and secure file transfer solutions are viable options for organizations of all sizes that require enhanced data and communications protection. The technologies cover the “full-circle of life” from monitoring traffic, sanitizing sensitive data, blocking malicious behavior, deleting uncompliant information, and encrypting the data when it’s in motion or at rest.

We believe a solid business strategy that focuses on “buy what you can, build what you have to, and integrate for competitive advantage” will assist HelpSystems in differentiating itself in a hyper-competitive data security marketplace.

Source: HelpSystems