The concept of least privilege roughly states that all users, applications, and processes should only be granted access to the minimum data and resources they need to perform their job, and for the least time necessary. In many cases, this equates to standard user access.

However, many basic OS, management, application, and software functions (e.g. configuration utilities) for Unix and Linux platforms require more than just standard privileged access. Traditionally, this required end users to possess elevated privileges in the form of root or administrative usernames and passwords. To overcome this inherent security and compliance risk, organizations must remove the need to distribute and maintain root and administrative credentials. That’s where third-party commercial Unix/Linux privilege management solutions come in. Enterprise-class solutions offer multiple benefits over native Unix/Linux capabilities and open-source tools like sudo.

Remote access VPN has long served us well, but the recent increase in remote working has cast a spotlight on the limitations of this aging technology.

Datto, the leading global provider of security and cloud-based software solutions purpose-built for Managed Service Providers (MSPs), launched two continuity solutions, including its next generation SIRIS 5 product featuring up to 4X the performance and Cloud Continuity for PCs, improved for today’s dynamic, hybrid workforce. Both all-in-one backup and recovery solutions empower MSPs with best-in-class continuity for their small and medium business (SMB) clients. In the event of a physical loss, ransomware, hardware failure, or other disasters, Datto provides multiple recovery and restore options whether onsite or remote.

Last year in Q4, over 80% of ransomware attacks targeted SMBs, with an average business interruption of 20 days following successful attacks, which can be crippling for a smaller organization.¹ To survive attacks, SMBs must have access to business continuity solutions that can quickly restore their data and operations to prevent significant downtime and business interruptions. Business Continuity and Disaster Recovery (BCDR) is an established backbone of any ransomware recovery strategy.

Datto’s all-in-one complete BCDR solution with immutable backups and the secure Datto Cloud makes SIRIS 5 one of the best last lines of defense against cyberattacks, restoring business operations for SMBs within minutes. With SIRIS 5, partners can expect:

• Performance: Up to 4X more performance and an upgraded RAM and CPU that provides faster disaster recovery performance than ever before
• Reliability: Industry-standard server hardware, redundant power supplies, reliable enterprise SAS HDDs, HDD RAID, and advanced diagnostics for improved reliability
• Simplicity: Streamlined appliance options consolidate the best features to optimize performance, plus create an easier selection and upgrade process for partners

The SIRIS 5 appliance will run on purpose-built certified hardware powered by Dell. Dell’s world-class server hardware provides the industry-standard in reliability, serviceability, global reach, and supply chain resilience. Each SIRIS 5 device will undergo stepped-up comprehensive quality testing at a Datto facility and is backed by Datto’s 5-year warranty. Coupled with Datto’s renowned 24/7/365 support, Datto partners will have access to the most robust and reliable business continuity solution Datto has ever offered.

“An MSP’s best defense against evolving ransomware threats is a high-performing and reliable BCDR solution一and SIRIS 5 is Datto’s most powerful and flexible solution yet,” said Bob Petrocelli, Chief Technology Officer at Datto. “With its cloud-first architecture and integrated security, the SIRIS platform was created for MSPs, delivering an essential all-in-one solution for backup and recovery. We’re proud to release our flagship SIRIS 5 product which will deliver next-level reliability and performance when it matters most.”

“The number one concern for our clients is what a cyberattack would mean for their business. We need strong backup and recovery solutions in place if all else fails to ensure they’re up and running with minimal disruption,” said Razwan Ahmad, CEO of N.O.C. Systems LLC, a Datto MSP partner located in Connecticut. “With SIRIS 5 we know we’re covered. Datto’s world-class technology and support enables us to protect our clients’ data and livelihoods with the strongest solution.”

SIRIS 5 is allready available across the globe.

Source: Datto

As breaches continue to rise, cybersecurity and development professionals are feeling the pressure to maintain their organizations’ security postures.

Invicti Security™ today released research in its State of the DevSecOps Professional: At Work and off the Clock report unveiling how developers and security professionals are overworked and understaffed, yet prideful of their roles within their organizations.

Conducted in partnership with Wakefield Research, the report is based on a survey of 500 cybersecurity professionals and software developers with at least a Director title within their organization. Surveyed individuals came from U.S. companies with 2,000 or more employees.

The survey reveals that the Great Resignation and impending cyberattacks have created added stress on their jobs:

• DevSecOps professionals spend more than 4 hours each workday addressing security issues that never should have happened in the first place, with 41% of cybersecurity professionals spending 5+ hours addressing security issues compared to 32% of their developer counterparts.
• After the last vulnerability is discovered, 81% of professionals are likely to already feel anxious about the next. 
• It’s affecting personal lives too. Half of cybersecurity and development pros (50%) have had to log in over the weekend or on their own time, and 1 in 3 blew off a date or night out with friends. In fact, 41% of developers blew off a night out compared to 34% of their cybersecurity counterparts.

Despite this, the majority of professionals are proud of their careers, and they see their overall work making a positive impact. The findings show:

• Because of their work, 65% of cybersecurity and development professionals believe they’ve saved their companies $1M+ this year by preventing breaches.
• 94% agree that digital transformation and the move to a remote work model in recent years have made their role more valuable and rewarding. 
• They believe they’ve chosen an attractive career path. Eighty-eight percent said they would be proud to put “cybersecurity expert” in an online dating profile.
• Working relationships are improving between security and development. 49% of respondents say they are “besties” with their counterparts, while 28% say they are “frenemies.” That’s up 14% from the Fall Edition of the Invicti AppSec Indicator.

“Moving to the cloud and the pressure to secure everything without slowing down business priorities has made cybersecurity and development professionals the unsung heroes of their organization,” said Sonali Shah, Chief Product Officer at Invicti. “But with strapped teams, organizations are struggling to retain talent. That’s why it’s critical to prioritize technology that protects the organization while also enabling collaboration, automating manual tasks, and in turn, promoting overall well-being.”

Source: Invicti

Customers have spoken, naming Sophos a Gartner® Peer Insights™ Customers’ Choice for Network Firewalls.

Across 359 verified customer reviews, customers overwhelmingly recommend Sophos, with an average rating of 4.7/5 across 359 as of February 28, 2022. Overall, Sophos is the highest rated among all named vendors with at least 150 reviews.

CLICK HERE TO DOWNLOAD THE REPORT

In addition, Sophos is the only Network Firewall Customers’ Choice vendor for public Sector, Government, and Education customers, and is also named a Customers’ Choice for Midsize Enterprise, Manufacturing, Services, Asia/Pacific, and EMEA. 

Based solely on independent customer reviews that have been rigorously evaluated by Gartner, we believe this nomination is a testament to the unparalleled protection, superior visibility, easier management, and excellent value that Sophos Firewall delivers every day to customers around the globe. 

Unique double recognition

Sophos is the only vendor to be named Customers’ Choice for BOTH the 2021 Voice of the Customer: Endpoint Protection Platforms and the 2022 Voice of the Customer: Network Firewalls. 

Via our Adaptive Cybersecurity Ecosystem, customers benefit from some of the most powerful endpoint, workload, network, cloud, and email security solutions available. And it’s all managed through a unified cloud-based platform and underpinned by the collective threat intelligence of our security operations, Sophos Labs, and Sophos AI experts. 

Hear from over 500 Sophos Firewall customers

Gartner Peer Insights shares the independent voice of verified enterprise customers. Recent feedback includes: 

These are just a few of over 500 Sophos network firewall customer reviews available on the Gartner Peer Insights site. I would like to take this opportunity to thank our customers who have shared their feedback; we truly appreciate your time and your trust. 

Sophos Firewall optimizes your network protection

Sophos Firewall delivers powerful protection and performance for even the most demanding network environments with benefits you just can’t get with any other firewall:

Expose hidden risks – Sophos Firewall does a far better job of exposing hidden risks than other solutions through a visual dashboard, rich on-box and cloud reporting, and unique risk insights. 

Block unknown threats – Sophos Firewall makes blocking unknown threats faster, easier, and more effective than other firewalls with advanced high-performance TLS inspection and a full suite of advanced protection capabilities that are very easy to set up and manage. 

Automatically respond to incidents – Sophos Firewall with Synchronized Security automatically responds to incidents on the network thanks to Sophos Security Heartbeat, which shares real-time intelligence between your Sophos Endpoint protection and your Sophos Firewall. 

Speak with your Sophos representative to discuss how Sophos Firewall can help you achieve your network security goals. 

Sophos Firewall is even better with SFOS v19

Sophos Firewall continues to get stronger with our latest release, which delivers Xstream SD-WAN, high-performance VPN, and powerful new search capabilities to help optimize your network protection and performance even further.  If you’re already using Sophos Firewall, be sure to check out the latest release information and upgrade today!

Source: Sophos

Sophos recently released the State of Ransomware 2022, its annual study of the real-world ransomware experiences of IT professionals working at the frontline around the globe.

The study has revealed an ever more challenging attack environment together with the growing financial and operational burden ransomware places on its victims. It also shines new light on the relationship between ransomware and cyber insurance, and the role insurance is playing in driving changes to cyber defenses.

This year, 5,600 IT professional from 31 countries participated in the research, with 965 sharing details of ransom payments made.

Key findings include:

• Ransom attacks are more frequent – 66% of organizations surveyed were hit with ransomware in 2021, up from 37% in 2020
• Ransom payments are higher – In 2021, 11% of organizations said they paid ransoms of $1 million or more, up from 4% in 2020, while the percentage of organizations paying less than $10,000 dropped to 21% from 34% in 2020. Overall, the average ransom paid by organizations that had data encrypted in their most significant ransomware attack, increased nearly fivefold to reach $812,360
• More victims are paying the ransom – In 2021, 46% of organizations that had data encrypted in a ransomware attack paid the ransom. Twenty-six percent of organizations that were able to restore encrypted data using backups in 2021 also paid the ransom
• The impact of a ransomware attack can be immense – The average cost to recover from the most recent ransomware attack in 2021 was $1.4 million. It took on average one month to recover from the damage and disruption. 90% of organizations said the attack had impacted their ability to operate, and 86% of private sector victims said they had lost business and/or revenue because of the attack
• Many organizations rely on cyber insurance to help them recover from a ransomware attack – 83% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack
• Cyber insurance almost always pays out – In 98% of incidents where the victim had cyber insurance that covered ransomware, the insurer paid some or all the costs incurred (with 40% overall covering the ransom payment)
• 94% of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection

“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” said Chester Wisniewski, principal research scientist at Sophos.

“In recent years, it has become increasingly easy for cybercriminals to deploy ransomware, with almost everything available as-a-service. Second, many cyber insurance providers have covered a wide range of ransomware recovery costs, including the ransom, likely contributing to ever higher ransom demands. However, the results indicate that cyber insurance is getting tougher and in the future ransomware victims may become less willing or less able to pay sky high ransoms. Sadly, this is unlikely to reduce the overall risk of a ransomware attack. Ransomware attacks are not as resource intensive as some other, more hand-crafted cyberattacks, so any return is a return worth grabbing and cybercriminals will continue to go after the low hanging fruit.”

To learn more, read the State of Ransomware 2022.

About the study

Sophos commissioned research agency Vanson Bourne to conduct an independent, vendor-agnostic survey of 5,600 IT professionals in mid-sized organizations (100-5,000 employees) across 31 countries. The survey was conducted during January and February 2022, and respondents were asked to respond based on their experiences over the previous year. Respondents were from Australia, Austria, Belgium, Brazil, Canada, chile, Colombia, Czech Republic, France, Germany, Hungary, India, Israel, Italy, Japan, Malaysia, Mexico, Netherlands, Nigeria, Philippines, Poland, Saudi Arabia, Singapore, South Africa, Spain, Sweden, Switzerland, Turkey, UAE, UK, and US.

Source: Sophos

Backing up servers, workstations, and other devices is a best practice and business imperative, but backups alone are no guarantee of business continuity and data protection. While creating a backup, be it a disk images or copies of files, is the start of a disaster recovery plan, it is no guarantee that a company can recover if the backup is damaged. However, an even greater concern could be the theft of an organization’s confidential data if a backup itself is stolen or otherwise compromised by an attacker.

Today’s cyber criminals are far more devious and effective than those of generations past. In the early 2000s, a cyberattack often consisted of damage to data or the theft of files. Today, attackers can steal data without the victims even knowing the theft occurred.

Phantom cloud accounts

With so much data today stored in the cloud, sophisticated attackers now can redirect backups or traditional data storage from the victim’s own cloud-based accounts to those of the attackers. Essentially, today we have organizations saving their data to their attackers’ web accounts, even though it would appear to the victim that their data was housed safely in their own cloud environment.

For organizations that are saving their backups to the cloud, their security professionals need to ensure periodically that they are indeed saving the backups to their own accounts, not a redirected account. Using compromised systems administrator credentials and by by-passing second-factor authentication in a manner similar to that of Russian state actors described in the Sophos Naked Security article CISO warning: “Russian actions bypassed 2FA” – what happened and how to avoid it, cyber criminals can highjack one or more accounts on a cloud server and access corporate files, including backups.

Protect your backups

Backups that are not encrypted could be compromised, allowing attackers with the ability to both read the data in the backup and/or inject malware into the backup so that if the organization’s servers are later compromised, the backup would re-infect the servers when the backup is restored.

Having encrypted backups is not only a best practice for cybersecurity but one of the 12 keystone security controls the cyber insurance firm Marsh McLennan Agency lists as a top five security control required to qualify for obtaining cyber insurance. Encrypted backups rank right up at the top of the list of essential controls along with multifactor authentication, endpoint detection and response, privileged access management, and email filtering and web security.

Backup products that monitor for anomalies in access and data patterns can be used to identify potential malware on the system, including ransomware attacks. Integrating the server backups with existing security information and event management (SIEM) software or security orchestration, automation and response (SOAR) applications could help the IT security team identify system aberrations that could alert the team to a potential system compromise.

Plan for an attack

Creating a backup strategy that anticipates an attack can provide the organization backing up their data with an edge. Let us assume that the servers being backed up are running a version of Windows, be it for workstations (Windows 10 or 11, for example) or a Windows Server version. If the organization is primarily a Windows-centric enterprise, then an appropriate backup system would be running Linux and storing the resultant backup on a Linux system not connected to the corporate network.

While this approach is not foolproof, it will eliminate a sizeable percentage of attacks designed for Windows-based networks.

Selecting the right off-site storage environment can have a significant impact on the restore rime required for a backup. If you choose to have a hot site as a backup — a site that exactly mirrors the existing network so if the primary network fails, there is a duplicate ready to take its place — consider putting some distance between the two sites.

After a major hurricane hit Florida in the early 2000s, one company was forced offline for several weeks because its hot site was located just a few miles away. Flooding not only damaged the company’s primary data center but also the backup. Similar occurrences were reported after the felling of the two World Trade Center towers. A major data center was located below one of the towers. Companies in the towers that used the data center as their hot backup not only lost everything in their offices, but also all their backups when the data center was buried under tons of debris.

A better option is to select a location perhaps a hundred or more miles away. While there will be lag time between writing data to a local disk and writing that same data to the hot backup, the physical separation eliminates any potential carry-over effect from a disaster, natural such as flooding from a hurricane or fire damage from a massive forest fire. Rarely does a natural disaster impact facilities a hundred or more miles apart, although that could happen if the facilities are long natural disaster lines, such as common paths for hurricanes on the east coast.

Protecting backups from being compromised, intercepted, or damaged is an essential task of an organization’s cybersecurity team. With World Backup Day right around the corner, security teams should re-double their efforts to ensure every backup is safe, secure, encrypted and stored in multiple locations, including at least one location far from the source servers.

Source: Sophos

Source: Sophos

When searching for security solutions for your organization, it may be easy to assume your solutions need to be unique to your data, your employees, and your industry; and you wouldn’t be wrong in your assessment. Choosing the right security solutions that are financially sustainable, integrate with your current solution(s), and streamline rather than obstruct workflows can mean opting for vastly different ones compared to your closest competitors. What nearly every modern organization has in common today, though, is that they create and share more data than they ever have before.

Organizations’ desire to make collaboration and the transfer of data in general as seamless and efficient as possible has only increased in recent years, and the rapid transition to remote work due to the COVID-19 pandemic has only intensified that desire. But just because collaboration is becoming easier and more automated does not necessarily mean your data is becoming more secure. While data classification solutions can help identify and give context to your data and secure managed file transfer solutions can encrypt that data and streamline transfer processes, organizations often find their data and its protection are out of their control once it leaves their network or the bounds of their MFT tool.

This is where the concept of secure data sharing comes into the equation for many of these organizations. Like with other types of security solutions, however, data tracking can serve different purposes depending on the types of data your organization handles and the situation in which the data tracking is employed. Organizations can help to solve these three commonly faced security challenges by tracking their data.

Secure Data Sharing Gives Organizations Better Visibility Over Employee Activity

One of the most fundamental components of secure data sharing is data tracking, and a common issue organizations frequently face when they don’t track their data is a general lack of visibility. Data tracking allows organizations to keep their sensitive data protected by knowing where it’s located, how it’s being handled, who can access it, and who those people are sharing it with.

Without proper data visibility, it can become quite difficult to monitor how well (or how poorly) your organization’s employees are following the company’s corporate data security policies, thus making those policies more difficult to consistently enforce. If one or several of your employees are actively practicing bad security hygiene, without data tracking, your organization’s security team may fail to identify those bad practices until a data breach occurs. In this way, data tracking can be seen as a preventative measure with its objective being to prevent a breach before one ever occurs.

Secure Data Sharing Allows Better Data Policy Oversight Across Organizations

While it’s one thing to ensure proper visibility over your own employees, ensuring the same level of visibility once sensitive data leaves your organization is a challenge of its own. Oftentimes, IT and security executives will find that they’re able to maintain healthy data security practices within the bounds of their organization, but when their data leaves the organization, proper control over its access and handling is lost.

Organizations are sharing more information than ever before and, as time goes on, it’s safe to assume more organizations will aim to establish more collaborative data ecosystems. According to TechRadar, such organizations that choose to embrace these ecosystems have the potential to save up to 9% of their annual revenue over the next several years. More collaborative environments make organizations more productive, create savings, and add revenue.

With more data sharing, however, comes more security risk. Thankfully, some of that risk can be alleviated by practicing secure data sharing. While corporate data security policy compliance can sometimes be encouraged, monitored, and enforced within your organization with methods besides data tracking like continued education and training, once the data leaves the organization, it becomes far more difficult to know whether or not it is being handled according to your corporate standards. No matter who may hold your data in their hands, employing solutions that make use of secure data sharing practices like data tracking, access privilege control, multi-factor authentication, and end-to-end encryption will give you and your organization more power over your data anywhere and anytime.

Secure Data Sharing Can Prevent a Breach Before One Ever Occurs

Even after employing a solution that tracks your organization’s data to ensure your employees and partners are handling it with care, accidents can still happen. The reality of collaboration is that, beginning the moment your sensitive data leaves the organization, it becomes more susceptible to a breach.

While data tracking on its own may not be enough to stop a breach from happening, organizations can take advantage of it to better understand where, why, and how a breach occurred. Gaining such information can be instrumental in preventing more breaches from occurring in the future, particularly if the original breach was caused by human error.

Gaining information from a breach can help you to know where your data security strategy may have gone wrong, but the goal of expanding on data tracking by  implementing more comprehensive data sharing solutions should be to prevent a costly data breach before one ever occurs. At HelpSystems, we firmly believe our secure data sharing solutions can do just that.

[vc_row][vc_column][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_weight=”300″ text_color=”color-210407″]Datto. What Is SaaS Protection (Software as a Service)? (Part 2)[/vc_custom_heading][vc_column_text]

Why the SaaS business model is a good fit for managed service providers

Leveraging SaaS services for your clients is a great way to scale your service offerings. Software as a Service solutions are normally delivered by a license subscription model which fits perfectly with the MSP service model. The overall objective is to be able to quote your clients on a per user/per month basis.

SaaS tools present different risks to your clients’ data than traditional software. As a result, you can enhance your service offering further with rsecurity add-ons.

How to ensure SaaS security with a multi-layered security approach

As an MSP you can deliver security as a service as an add-on for SaaS products to ensure that your users are protected.

Shared data responsibility & SaaS backup

Most SaaS providers design their SaaS infrastructure with built-in redundancy and other high availability measures to ensure that they won’t lose your cloud data.

However, if you have deleted data or fallen victim to a cyberattack, the responsibility to restore that data may fall on your shoulders. Microsoft calls this the Shared Responsibility Model. As an MSP your credibility is on the line to be sure that you’re protecting your clients’ data no matter who is responsible for a data loss. In your clients’ eyes you are solely responsible for protecting their data.

This is why Datto developed SaaS Protection, so you can take full control of protecting data stored within Microsoft 365 and Google Workspace.

Learn more about how Datto SaaS protection is your first line of defense against cloud data loss.

Login controls/authentication

One of the major benefits of SaaS apps is that your data is available anywhere. However, this can also make your data vulnerable to social engineering attacks which attempt to gain your login credentials.

There are a few ways to mitigate this threat. One method is to train end users and your own employees about what to look for in social engineering attacks, such as phishing emails. Another is to activate 2FA, or Two Factor Authentication, login on all SaaS applications — more and more businesses are making this login authentication a requirement for access as attack vectors grow and risks to data increase.

Learn More about 2FA Here

Be cautious of SaaS integrations

On the surface, data integration and streamlining the flow of data across business applications seem like obvious steps. However, as you improve data flow you may also be easing access for hackers or increasing possible vulnerabilities from cyberattacks.

It’s essential to always test and verify every application that you integrate to ensure that you’re not increasing exposure to threats.

Advanced Threat Protection for SaaS platforms

Another great way to protect users is with an advanced threat protection (ATP) solution such as Datto SaaS Defense. ATP solutions are designed to stop attacks/malicious emails before users even have a chance to interact with them.

Protecting SaaS data with Datto SaaS Protection and SaaS Defense

With Datto SaaS Defense, MSPs can proactively defend against malware, business email compromise (BEC), and phishing attacks that target Microsoft Exchange, OneDrive, SharePoint, and Teams. With Datto SaaS Protection working alongside SaaS Defense, you are able to backup, protect and recover SaaS data whenever necessary.

Source: Datto[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_weight=”300″ text_color=”color-210407″]Datto. What Is SaaS Defense (Software as a Service)? (Part 1)[/vc_custom_heading][vc_column_text]SaaS stands for “Software as a Service” and is a cloud-based IT service. It is an on-demand software that can be accessed by the user via an internet connection. Saas is one of the most popular ways to provide business software to consumers thanks to its many benefits, including scalability, low cost, and ease-of-use.

As businesses have shifted from office-based to remote work, leveraging SaaS platforms has been key to keeping businesses running. However, with this increase in remote workers comes an increase in security risks due to the lack of secure infrastructure of a corporate office. To help managed service providers (MSPs) protect remote workers from potential cloud data loss, we have compiled this useful guide.

Read on for a deep dive into SaaS and how you can protect yourself from potential security threats.

SaaS vs traditional software

SaaS is a software distribution model where the software and its data are centrally hosted. This model offers benefits to customers by providing a more stable environment and making it easier for them to maintain their software.

Traditional software is typically installed on a customer’s own computers and managed by that customer. It provides more control over the environment, but it also means that the customer has to install updates, manage backups, and install new hardware if necessary.

Common examples of SaaS companies

There are thousands of SaaS software vendors to choose from, but the more popular ones include:

• Google Workspace
• Microsoft 365
• Salesforce
• Dropbox
• Slack
• Hubspot

These companies are leading examples within the SaaS industry and have come to define the framework of successful Software as a Service companies. However, it’s always worth investigating who has liability for what when it comes to choosing a SaaS Vendor. We put together a few top tips from Managed Service Providers on what to look for.

Types of SaaS solutions

• Accounting Software
• Billing and Invoicing Software
• Collaboration
• Customer Relationship Management (CRM) Software
• Email Marketing Software
• Enterprise Resource Planning (ERP) Software
• HR
• Marketing Automation
• Project Management Software
• And more

SaaS tools are primarily involved in key business functions and often contain sensitive data. As a result, they are also prime targets for cyber attacks and hackers.

Discover how to protect your business data with Datto SaaS Protection.

What to look for in a business SaaS solution

When it comes to looking for the right SaaS technology to protect your clients’ data it’s essential to make sure it fits your purpose. Here are five key elements to look out for:

1. Liability

Know who is liable for what SaaS providers ensure they won’t lose your customers’ cloud data with built-in redundancy and other high availability measures. However, they do not take responsibility for restoring data if your customers were to lose it. Microsoft calls this the Shared Responsibility Model for data protection.

2. Comprehensive protection

Some SaaS backup solutions only protect email, files, and folders. However, there are solutions available today that offer more comprehensive coverage. When selecting a backup product, look for solutions that offer protection for things like contacts, shared drives, collaboration and chat tools, and calendars. SaaS protection solutions that offer this type of coverage are far more effective at maintaining business continuity than less robust offerings.

Learn more about comprehensive SaaS Protection

3. RPO/RTO

Recovery point objective (RPO) and recovery time objective (RTO) are also critical considerations. These metrics refer to the point in time you can restore to and how fast you can perform a restore, respectively. When it comes to backup these are largely dictated by the frequency of backups and what specifically is being protected.

Solutions that offer frequent backups address RPO since they enable you to restore to a recent point in time, minimizing data loss. As noted above, these make restores faster and easier by reducing the amount of manual effort to perform restores. Plus, they enable users to access data in the event of an outage.

4. Security/Compliance

Many MSPs serve clients in verticals with significant security and compliance requirements. So, choosing a SaaS protection solution that can address these needs is essential. Look for products that back up data in compliance with Service Organization Control (SOC 1/ SSAE 16 and SOC 2 Type II) reporting standards that can meet clients’ HIPAA and GDPR compliance needs.

Solutions that enable automated retention management to meet compliance standards can reduce the need for manual intervention. This streamlines management and ensures that client data is stored for the right length of time.

5. MSP business growth

No discussion of product evaluation for MSPs is complete without considering profitability. Look for products that have the features and functionality you need at a price point that allows you to build margins on your services. Consider products that offer pricing benefits for MSPs such as sales-based discounting and flexible “pay for what you use” licensing.

As noted above, products that increase efficiency can also grow margin and increase revenue, since they require less manual intervention. You may also want to bundle SaaS protection on top of SaaS services that you already deliver — this has proven effective for some MSPs. This isn’t necessarily part of the product evaluation process, but it’s worth noting when discussing business growth.

To get more top tips on what to look for in a business SaaS protection solution, download our ebook.

https://www.youtube.com/watch?v=ZR1PJiSbzCg[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]

There is a maxim in the business continuity market that says that a backup on its own is worthless, but restoring a backup successfully is priceless. Too many organizations have suffered from backups that either failed to restore—or restore correctly—or that were already compromised. Failed backups are of no value from a business continuity perspective. 

However, backups that restore correctly, are clean of all malware, and were encrypted so that the IT security teams knows that they were not compromised after the backup was created, are considered the best scenario for IT managers. 

According to Sophos’ The State of Ransomware 2021 report, 37% of respondents said they were hit by ransomware and on average. While 96% said they got back their data after paying the ransom, only 65% of the encrypted data that was affected was restored. These statistics underscore how essential it is to not only have secure backups, but also protected backups stored in more than one physical location that are directly connected to the network.   

Types of backups  

There are five types of backups: 

1. Full File-based backup: A full backup is the simplest form of backup, which contains all the folders and files that you selected to be backed up. This is called a file-based backup because it only backs up visible files, not hidden or system files that are often hidden. 
2. Incremental Backup: This backup only includes files that were not backed up the last time. When restoring backups made from incremental backups, you must restore each incremental backup in order that it was created, starting with the full backup. 
3. Differential Backup: Differential backups only include data that was added or changed since the most recent full backup. When restoring using this method, you need only restore the initial full backup and the most recent incremental backup. 
4. Image Backups: An image backup includes everything on the disk, including any hidden or system files. You can use incremental or differential images to supplement your full image backup.  
5. Copy Jobs: This includes individual files or folders copied from one location to another. 

 Recommendations on effective backup restores 

Since restoring the backup really is the ultimate goal, it is important to focus on what makes for successful backup-and-restore policies and procedures.  Here are some recommendations that you might find helpful. 

• Scan and validate: Scanning a drive for malware and other potential compromises prior to backing it up helps to reduce the possibility of restoring a problem should the drive in question become compromised. Once a backup is created, that backup immediately should be rescanned to validate the backup was successful and can be restored. This significantly reduces the future potential of having an invalid or corrupted backup. This should be done with master backups (full file backup or image backup) and any incremental or differential backups. 

• Multiple copies: It is a best practice to have multiple copies of each backup — one easily accessible and one off-site in the cloud. For highly sensitive data or mission-critical intellectual property, you might consider a physical copy stored in a vault. Multiple copies provide additional security should your primary backup site become damaged or compromised. If you store physical copies offsite, make sure each physical disk is clearly identified with a date of creation and description of what is on the disk. 

• Encrypted backups: A best practice is to encrypt all backups.  

• Write-protected backups: Some security professionals use an application that not only encrypts the data, but also locks the backup so it cannot be decrypted, mounted and then modified. While some IT security pros prefer to be able to rescan a backup periodically or install security patches into a backup, others prefer to keep backups pristine and apply patches only if the backup needs to be restored. 

• Test your backups: Even if you are not required to restore a backup due to a failure, it is a good practice to periodically restore a backup to a test machine. This practice enables the security team to test restoration policies and procedures periodically. Should software change or new staffers added, such tabletop exercises help ensure expertise of the staff.  

Best backup schedules 

One of the more popular backup strategies is called the Grandfather Father Son Backup. This consists of a “grandfather” backup that is done once a month, the “father” component being a full backup once a week, and the “son” backup being a daily incremental. There are variations of this approach with the father backup being a weekly differential backup. It also could include a variety of backups during the day, such as an hourly catch-up or a backup at any time after specific criteria is met, such as prior to a software installation or a reconfiguration of the network, or after a malware scan. 

As part of this backup strategy, the security staff might choose to do one backup at one time for a local site or cloud instance and a second time for the opposite local or cloud instance. The overhead will depend on various factors, including the backup software you select, whether you are backing up to the cloud or locally, the amount of data being backed up, and metrics that might be unique to your situation. 

 Learn more 

Sophos offers two products that help protect your backups. Sophos Workload Protection secures backups in the cloud and on the premises. Sophos Cloud Optix monitors Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) accounts for cloud storage services without backup schedules enabled and provides guided remediation. 

Source: Sophos

Many IT organizations use shared accounts for privileged users, administrators, services, or applications so that they can have the access they need to perform an activity. Account sharing often entails use of the same account credentials to authenticate multiple users. Without proper management controls in place, the practice of account sharing presents significant security and compliance risks from intentional, accidental, or indirect misuse of shared privileges.

Even for the savviest IT teams, the task of managing shared accounts introduces complexities and risks:

• Embedded and hardcoded passwords present opportunities for misuse by both insiders and external attackers on the network.
• Passwords for application-to-application and application-to-database access are often left out of management strategies.
• Static passwords can easily leave the organization, and manual password rotation tends to be unreliable.
• Auditing and reporting on privileged access is complex and time consuming, since it is difficult, or impossible, to attribute any of the session activities of a shared account back to a single identity.

The product team is pleased to announce the latest maintenance release update for SFOS with important customer and partner requested features, as well as important security, performance, and reliability fixes.

It is a critically important cybersecurity best-practise to keep your firewall updated with the latest firmware.

SFOS v18.5 MR3 Highlight:

DHCP Boot Option Configurations – This new feature addresses an important customer and partner request to enable additional DHCP boot options for clients on the network such as VoIP phones or other types of devices that have unique DHCP requirements.

Additional Updates:

• Support for kernel dump reporting to improve trouble shooting and root-cause-analysis in the event of an issue
• Email protection anti-spam engine updated to Sophos Anti-Spam Interface
• Several important security, performance and reliability enhancements including a fix for a recently disclosed OpenSSL DoS vulnerability

How to get it

As usual, this software update is no charge for all licensed Sophos Firewall devices and should be applied to all supported firewall devices as soon as possible.

It will be rolled out to all connected devices over the coming days. A notification will appear on your local device or Sophos Central management console when the update is available allowing you to schedule the update at your convenience. Otherwise, you can manually download the latest firmware from MySophos and update anytime.

Sophos Firewall OS v18.5 MR3 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5.

Are you Using Remote Access VPN on your Firewall?

If you’re using remote access VPN on your Sophos Firewall, you will want to know that we recently launched Sophos ZTNA which offers a much better solution for connecting remote workers. It offers better security in many ways (especially from Ransomware attacks), easier management, easier deployment, and a much more transparent end-user experience. Check it out.

Source: Sophos