Τhe past year has shown organizations that uncertainty and a transformed reality are the new normal in business. While remote work was intended as a temporary response to the global pandemic, it is now considered a regular part of the business environment—fundamentally altering the way companies operate. This means organizations have had to respond in real-time to shift their cybersecurity strategies and keep up with an expanding IT infrastructure, the explosion of IoT devices, and a new wave of threats from more sophisticated attackers. In Part 1 of this two-part series, we will examine the top three cybersecurity trends of 2021 and examine their implications on organizational security.

#1: Shifting Organizational Behavior

While 2020 seemed like an anomaly at the time, the events of 2021 have shown us that drastic changes are still at work globally—from the continuing dominance of COVID-19 to the social justice movement sweeping through communities to the great resignation of the workforce to a large portion of workers still remote. During the last year, organizations have experienced ongoing shifts, including:

• Increased due diligence of partnerships and M&A activity
• More adoption of a Secure-by-Design approach from product development
• Increased adoption of cybersecurity mesh strategies
• Heightened demand for interoperability
• Continuance of the remote workforce model
• Movement toward greater sustainability based on pressure from customers and shareholders

These large forces make it clear that organizations, and particularly the cybersecurity community, must adopt a more proactive approach into making their business more secure and more flexible. Organizations have been required to adapt to this new normal to accommodate the constant drumbeat of accelerated changes. From a security standpoint, vulnerability management has become more important than ever. Organizations pivoted overnight from operating on premise into a fully remote scenario. In addition, businesses faced a potential slew of new attack vectors. And from a connectivity perspective, security professionals now were facing corporate systems working from unmonitored networks, with the perimeter now expanding into workers’ homes.

The Continued Importance of People, Process, and Technology

Interestingly, the new remote work model has provided both pros and cons to security. For example, home systems and computers may not have the same paths to lateral movement and attacking as in an office, so threat actors have had to adapt to this change. Conversely, from a social engineering perspective, organizations that previously relied exclusively on stopping attacks from a technology perspective have had to recognize the valuable contributions people and processes play in building a strong foundation for overall security. The last year has shown companies the importance of embracing and adopting a defensive posture that includes the combination of people, processes, and technology working together to protect the organization. Joe Vest, Senior Security Consultant for Cobalt Strike by HelpSystems, provides further insights on this.

#2: Cyberthreat Evolution

2021 also saw a transformation in the approach and type of cyberthreats. At the beginning of the pandemic, bad actors started targeting the healthcare industry, with medical facilities and hospitals falling victim to attacks. But during the last year, this expanded into critical infrastructure—like oil and gas—and moved into multi-stage, multi-pronged attacks that are more sophisticated than ever before across multiple verticals.

Companies are having to shift resources to cover potential attack vectors and, in terms of IoT, there is no way to know how secure those devices are that are accessing the network. This makes it incredibly important to ensure network traffic analysis tools are in place and protections are sufficient to minimize attacks.

From a ransomware perspective, the security industry as a whole has shown that it is not keeping pace with bad actors. Organizations—especially small-to-medium-sized businesses (SMBs)—are vulnerable because they often do not have the means to do detection and response. And once an incident happens, ransomware becomes more effective. Once an entity has been identified as willing to pay the ransom, the organization opens itself up to more targeted, multi-pronged attacks. It is clear that organizations cannot patch their way out of problems any more—instead it takes a multi-layered security approach to defend against ransomware. Watch Mieng Lim, Vice President, Product Management, Digital Defense by HelpSystems, discuss how paying a ransom can hurt more than it helps.

#3: Adapting Defensive Strategies

While cyberthreats have evolved over the last year, cybersecurity has also seen a number of shifts in defensive strategies. One strategy organizations have employed more frequently is combining penetration testing with vulnerability management. Whether attempting to take on internal pen testing or engaging with pen testing services from a third-party engagement, this defensive strategy taps into the strengths of both vulnerability management and pen testing to reveal and prioritize security weaknesses before a threat actor might.

However, this is only one aspect of threat-based testing. The rise of other combat strategy trends during 2021 included:

• Broader Deployment of Multi-Factor or Two-Factor Authentication
• Strengthening Identity Governance and Access Management Policies
• Enhancing Overall Application and Data Security

Organizations that adopted these multi-layer strategies were more effective in reducing their attack surfaces, and in the identification and discovery of potential threats. In other words, security teams that successfully leveraged adaptive security tools to monitor events, and then employed specific processes to determine if those activities were anomalous in their environment, were more successful in minimizing loss and preventing further damage across the business.

Learning from the Past, Moving Toward Greater Protection in the Future

If the continued events of 2021 have reinforced anything, it is that organizations should not be surprised by disruptions or caught off guard in protecting their networks and infrastructure from attack. The best safeguard within this turbulent environment is to put in place a multi-layered security approach that is both proactive to prevent potential attacks and responsive when attacks can—and likely will—occur.

Source: HelpSystems

We are pleased to announce exciting enhancements to the Investigations dashboard and integration of Microsoft 365 data into Sophos XDR.

Minimize time to investigate with the Investigations dashboard

Time is of the essence when investigating an incident. Understanding scope and impact is critical to forming a fast, effective response. The Investigations dashboard is designed to help busy teams work even more effectively.

Save time, see the bigger picture with aggregated detections

Multiple, separate threat detections in the same broader incident are automatically correlated and assigned to the same investigation. For example, detections that trigger the same threat classification rule within 24 hours will be added to a single investigation, eliminating the need for an analyst to add them manually. Detections affecting the same devices will also be automatically added to the same Investigation, saving the SOC team valuable time and helping them quickly understand the broader scope and impact of an incident.

Analysts can also manually add detections to an investigation or create an investigation, with a multi-select checkbox to minimize click time.

Respond faster thanks to automatic email notification

When a new investigation is created, relevant team members are automatically notified to respond as quickly as possible. The email includes a summary of the investigation with crucial information to get the analyst up to speed, such as investigation ID, detections risk score, number of impacted devices and a quick link to the investigation. When a new team member is assigned to an in-progress investigation, they will be automatically notified.

Work as a cohesive team using dynamic notes

The Investigation notes section enables teams to share progress and results quickly. Freeform text can be added making it easy for teams with multiple analysts to collaborate, share intelligence and respond faster to threats.

See the bigger picture –new Microsoft 365 data integration

Many organizations use the Microsoft 365 platform, making it a valuable piece of the cybersecurity puzzle. The new MS 365 connector in Sophos Central enables XDR users to include this rich data source in their threat investigations and IT operations security maintenance. For example, to identify users with suspiciously high numbers of failed login attempts.

Getting started

All Sophos XDR customers can access the Investigations dashboard from Sophos Central. Most of these powerful features are already available to Sophos XDR customers, with the last few arriving by February 7, 2022. To access MS 365 data, the connector needs to be enabled: log into Sophos Central -> Third-party integrations -> Microsoft 365 user activity logs.

If you’d like to try out Sophos XDR, you can either start an in-product trial (if you have a Sophos Central account) or take a trial of Intercept X, which includes XDR.

Source: Sophos

Security Information and Event Management (SIEM) solutions are often seen as a necessity only for large enterprises with massive environments to monitor for security threats. While this may have been true over a decade ago, in the early days of SIEM. Since then organizational IT infrastructures have become increasingly multifaceted, and the threat landscape continues to evolve. These days, small to medium sized businesses (SMBs) also struggle to manually manage the security of their IT environments. But how exactly can a SIEM benefit your SMB? Read on to find out.

1. SIEMs Efficiently Prioritize and Escalate Threats.

A breach can be devastating for any organization, and SMBs are no exception. In fact, 60% of small companies close within six months of a successful cyber-attack. Swift detection to prevent an attack or reduce dwell time is critical to limiting damage. SIEMs are well known for their ability to monitor and detect threats in real time. Once detected, a SIEM can determine its risk prioritization, escalating the event to ensure it quickly gets to the right person. Additionally, some SIEMs normalize data into readable language so security teams don’t have to waste time translating what an event means. They can also correlate events, providing additional context to aid in threat investigation and analysis.

2. SIEMs Reduce Alert Fatigue.

SMBs often have complex environments just like larger enterprises. Any modern organization now requires a sizeable portfolio to manage even basic day-to-day operations. This has become even more true with the increase of remote work. With every asset added to an infrastructure comes new potential threat vectors and more security event notifications. Even small organizations can end up with hundreds, if not thousands, of security events every day. With this many alerts coming through, it’s no surprise that dangerous security risks or suspicious behavior can pass by unnoticed.

Instead of manually sifting through these events, a SIEM allows you to filter alerts so you only get the notifications you want. SIEMs even allow you to tailor these filters for each data stream, since an event may indicate a threat on one device, it may be completely benign on another. This ensures that there aren’t just a reduced number of notifications, but also that these are alerts worth looking into.

3. SIEMs Centralize Security.

As mentioned above, SMBs may have limited personnel, so it’s critical to have tools that enable these smaller security teams to work smarter. Complex infrastructures don’t just produce hundreds of security events, they produce them in different places. Critical alerts may be missed simply because there are too many consoles to check. A SIEM can consolidate any number of data streams, providing a singular source of truth. Typically, a SIEM has a console that can be tailored to your needs, with dashboards or displays that provide details of your choosing. Some SIEM tools, like Event Manager, even allow for integration of unique or unusual data sources, like third party applications, to fully centralize your security monitoring.

4. SIEMs Assist with Compliance Efforts.

SMBs are not exempt from security regulations like PCI-DSS, SOC, CMMC, and GDPR. SIEMs have various features that can help an organization stay compliant with regulations. For example, PCI DSS requires keeping logs of any changes, additions, or deletions to a root account, all of which a SIEM can flag. Additionally, SIEMs have detailed audit trails and can generate reports that can provide proof of compliance to assessors.

Choosing the Right SIEM for Your SMB

Since many SIEMs are geared towards large enterprises, they may not always be suited for SMBs, who may be working with more limited budgets. However, there are a variety of mid-range SIEM solutions on the market that are easy to use and provide better value than some of the heavy-weight options without the over-complexity.

One option to consider is Event Manager. Event Manager is a simplified SIEM solution that’s easier to manage than an enterprise-level option, but still has the capabilities and features needed to seamlessly scale alongside a company, including centralized monitoring, swift incident response, and both built-in and tailored integrations. Additionally, Event Manager comes with a team of cybersecurity experts who can help with deployment and regular tuning. Finally, Event Manager’s pricing model ensures that SMBs can grow without unexpected jumps in cost. While many SIEM solutions license by the amount of data processed, which can be unpredictable and costly, Event Manager uses predictable device-based pricing.

No matter the solution you choose, a SIEM can help any SMB gain visibility into their environment, providing insights on critical access and reducing the risk of security breaches.

Source: HelpSystems

[vc_row][vc_column width=”1/1″][vc_single_image media=”101812″ media_width_percent=”100″ alignment=”center”][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20March%208%20to%2010%2C%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_empty_space empty_h=”2″][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Sophos XG Architect Training

Τρίτη 8 Μαρτίου 2022 – Πέμπτη 10 Μαρτίου 2022

(3 ημέρες εκπαίδευσης)

Αυτό το τριήμερο πρόγραμμα εκπαίδευσης σχεδιάστηκε και προορίζεται για έμπειρους τεχνικούς που θέλουν να εγκαθιστούν, αναπτύσσουν, διαμορφώνουν και να υποστηρίζουν το XG Firewall σε παραγωγικά περιβάλλοντα και είναι το αποτέλεσμα βαθιάς μελέτης πάνω στο τείχος προστασίας επόμενης γενιάς της Sophos. Το πρόγραμμα αποτελείται από παρουσιάσεις και πρακτικές ασκήσεις εργαστηρίων για την ενίσχυση του διδακτικού περιεχομένου. Λόγω της φύσης της παράδοσης και της ποικίλης εμπειρίας των εκπαιδευομένων, ενθαρρύνεται η ανοικτή συζήτηση κατά τη διάρκεια της εκπαίδευσης/ κατάρτισης.

Προαπαιτούμενα

XG Firewall _ Certified Engineer course and delta modules up to version 18.5

Συνιστώμενες γνώσεις

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Περιεχόμενο της εκπαίδευσης

• Module 1: Deployment
• Module 2: Base Firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Public Cloud

Certification

+ exam: Sophos XG Architect

Διάρκεια: 3 ημέρες

Πρόγραμμα

Εκπαιδευτής: Μιχάλης Ελευθέρογλου

Training room :NSS ATC training room 3^rd floor (available also by webex)

Ημέρα 1η, Τρίτη 8 Μαρτίου 2022

 9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs    
  

10:45-11:00 Διάλειμμα

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewall can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Γεύμα

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Διάλειμμα

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Ημέρα 2η, Τετάρτη 9 Μαρτίου 2022

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Διάλειμμα

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Διάλειμμα και γεύμα

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Ημέρα 3η, Πέμπτη 10 Μαρτίου 2022

 9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Διάλειμμα

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Διάλειμμα και γεύμα

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Εξετάσεις)[/vc_column_text][vc_single_image media=”101812″ media_width_percent=”100″ alignment=”center”][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20March%208%20to%2010%2C%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row]

[vc_row][vc_column width=”1/1″][vc_single_image media=”101812″ media_width_percent=”100″ alignment=”center”][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20March%208%20to%2010%2C%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-lxmt” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-377884″ text_size=”h1″ text_weight=”900″ text_color=”color-210407″]

Sophos XGS Architect Training 

[/vc_custom_heading][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ shape_dividers=””][vc_column width=”1/1″][vc_button button_color=”color-161549″ size=”btn-xl” radius=”btn-round” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ border_width=”0″ link=”|||rel:nofollow”]April 1st 2022 is an important date for you as a Sophos partner.[/vc_button][vc_column_text]

On this day, a new compliance period for your partner level classification will start.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Tuesday 8 March 2022 – Thursday 10 March 2022
(3 days Training / hybrid & online)

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XGS Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Requirement 

• XGS Firewall _ Certified Engineer course and delta modules up to version 18.5

Recommended Knowledge

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XGS Architect

Duration 3 days

Language: English

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-lxmt” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-377884″ text_size=”h1″ text_weight=”900″ text_color=”color-210407″]

Agenda

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Trainer: Micheal Eleftheroglou

Training room: NSS ATC training room 3^rd floor (available also by webex)

Day 1 Tuesday, March 8th, 2022

 9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XGS Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs    
  

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XGS firewall can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XGS Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday, March 9th, 2022

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XGS firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XGS firewall)
• Labs (Create a RED tunnel between two XGS Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday, March 10th, 2022

 9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch 

15:05-16-15 Public Cloud and Labs

• Deploy XGS firewall in complex network enviroments
• Explain how XGS firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XGS firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XGS Firewall on Azure (simulation)

16:15  (Exams)[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XGS%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XGS%20Architect%20Training%20on%20March%208%20to%2010%2C%202022||target:%20_blank|” icon=”fa fa-hand-o-right”]Book Your Training Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_single_image media=”101812″ media_width_percent=”100″ alignment=”center”][/vc_column][/vc_row]

We created our blog series Tech Tips to familiarize all interested parties, customers, and partners with product features and user scenarios related to MailStore Server. The accompanying video format provides step-by-step instructions. In this Tech Tips Mini-Series, we would like to give you useful tips on how to archive your emails from Microsoft 365¹ as a new MailStore Server customer.

Why You Should Use MailStore Server With Microsoft 365

Even though emails can be archived natively in Microsoft 365, there are many reasons to use an external email archiving solution such as MailStore Server in combination with Microsoft 365. The reasons for this have been summarized for you in a free white paper from market research institute Osterman Research. Many companies believe, for example, that it is no longer necessary to protect and preserve their own business critical data after migrating to the (public) cloud because they assume that the cloud provider is responsible for backing up their data. However, this belief is completely misguided.

Microsoft 365 customers are responsible for the protection and storage of their data, which includes archiving and regularly backing up business data. As a public cloud service provider, Microsoft is merely responsible for the availability of their service and protecting it from outages. That is why companies that use such a public cloud service should take measures to protect themselves from the risk of data loss. MailStore Server not only provides protection and makes your emails in Microsoft 365 centrally and independently available, but also, among other things, provides a fast self-service that allows end users to search for and restore emails and file attachments using the email archive. You can find even more reasons for using MailStore Server in combination with Microsoft 365 on our blog.

Modern Authentication as a Standard at MailStore

More and more companies are switching to Microsoft 365. This trend is picking up faster with support for Microsoft Windows SBS 2011 having ended and with Microsoft Exchange Server 2010 soon to follow suit. Since Microsoft has announced the end of basic authentication, modern authentication based on OAuth2 will become a must for many companies soon.

MailStore Server supports modern authentication and with that, provides not only an optimal integration into the cloud environment of Microsoft 365, but also the necessary security. For example, as a Microsoft 365 user, you simply use your usual log-in procedure for your Microsoft 365 tenant in order to log in to MailStore Server, which includes, for example, multi-factor authentication.

In this Tech Tip, we would like to explain how to archive your emails from Microsoft 365 as a new MailStore Server customer, thus providing you with long-term protection against data loss, and making the data available and retrievable at all times. Here are two videos that show you how to connect MailStore Server with your Microsoft 365 tenant using modern authentication, synchronize users (part 1), and customizing archiving profiles (part 2).

Part 1: Preparation of Your Microsoft 365 Tenant and User Synchronization

In this video, we describe the initial configuration and connection of MailStore Server to Microsoft 365. At the same time, we show you how to connect MailStore Server to your Microsoft 365 tenant, in order to synchronize user information from Microsoft 365. We address, among other things, how to register MailStore Server as an app in Azure AD and assign the necessary permissions. Finally, we show you how to perform the user synchronization.

You can find all the detailed steps in our MailStore Server Help and step-by-step instructions in our Tech Tip video:

Part 2: Customizing the Archiving Profile in MailStore Server

In the second video, we would like to show you how to completely archive your Microsoft 365 mailboxes. Please make sure that you have already carried out all the steps from the previous Tech Tip video (part 1). Then you can proceed with selecting the archiving profile. We explain how to archive existing as well as future emails with MailStore Server via “journal archiving” (also known as journaling). We recommend our free MailStore Gateway add-on program as an external journal mailbox. We also explain how to define deletion rules, for example.

You can find all the detailed steps in our MailStore Server Help. In the following video, you will receive practical step-by-step instructions on customizing archiving profiles:

Source: MailStore

In a world in which the data threat landscape is becoming bigger, stronger, and more malicious, protecting your organization’s sensitive information from a breach is becoming all the more critical every day. Taking the proper steps to ensure that your data security strategy fits your industry and specific organizational needs is of the utmost importance to find solutions that will keep you the most secure with the least amount of headache.

Why is Finding the “Right” Solutions Important?

When it comes to protecting your organization’s sensitive data, there is never a one-size-fits-all solution. Your cybersecurity strategy could look vastly different from your competitor’s when considering the size of your organization, your industry, customers, the types of data you create and share, and much more. Finding the solutions that are tailored to the needs of your organization will ensure that your organization, its employees, and its customers all remain safe from cybercrime.

With that in mind, though, finding the best data security solutions for your organization in and of itself can be quite the undertaking. If your company has existing cybersecurity infrastructure in place, finding another vendor with separate, yet still compatible solutions can be a challenge. Furthermore, finding a new vendor and replacing your current infrastructure entirely can be even more of a hassle.

Unfortunately, this does not take away the fact that having cybersecurity measures in place is steadily becoming more and more necessary. Cybersecurity Ventures’ latest prediction is that ransomware damages alone will have cost $20 billion in 2021. Meanwhile, phishing attacks have been on a steep incline as a direct result of the COVID-19 pandemic, and they do not appear to be stopping any time soon. By 2025, global cybercrime damages are expected to top $10.5 trillion annually.

What this likely means for you is finding a vendor that can provide you with data security solutions right away and grow with you for the foreseeable future is of critical importance. HelpSystems’ ever-growing, modular suite of data security solutions can be tailored to provide you with the necessary protections you need for your sensitive information now and adapt as your organization changes and grows. But where do you start?

5 Questions to Help You Choose the Right Solutions

HelpSystems has a large and still-growing suite of data security solutions that seamlessly integrate with one another and provide the world-class protection that your organization needs. That being said, even for IT and cybersecurity professionals, knowing how to choose the right solutions, let alone clearly defining your organization’s data security challenges, can be quite convoluted. We recommend asking yourself the following five questions to help make that process easier.

1. Are there any known weak points in your data’s life cycle?

If you are already aware of the most vulnerable points in your data’s life cycle, then you’re already a step ahead. Knowing if your data is most at-risk for compromise at the moment it’s created, when it’s in transit, or when it’s resting at its final destination is critical when choosing the most relevant solutions for your organization.

2. What security measures and solutions does your organization already have in place?

Ultimately, HelpSystems wants your data security solutions to be seamless and compatible with one another rather than cause friction. If you already have existing cybersecurity infrastructure in place, we’ll work to find the solutions that will complement those existing measures. If you’re shopping for several solutions at once, you can rest easy knowing that our data security solutions integrate flawlessly and are meant to work with each other now and in the future. If you find yourself needing more solutions later on, we can always discuss your future requirements and work with you to evaluate potential solutions to add on.

3. What sensitive data could cause your organization harm if compromised?

Once again, when it comes to protecting data, there is never a one-size-fits-all solution. Not all data security solutions will support all file types, and sometimes a solution will be better suited for data at rest rather than data in motion (and vice versa). Knowing what types of data your organization frequently uses is key in knowing what solutions will make the most sense for you.

Similarly, understanding which of those files and data are most sensitive is just as important. What data could cause the most damage to your organization if it were to be shared with the wrong people or be exposed to attackers? Will the loss of that sensitive data lose your organization’s competitive advantage, harm your employees and/or customers, or lead to financial damages?

4. Are you confident that your organization’s sensitive data is being handled properly?

Looking internally, are you confident that your organization’s employees are following the proper procedures with your sensitive data? Employee negligence is considered one of the biggest cybersecurity risks to U.S. businesses, and Shred-it found in their most recent Data Protection Report (DPR) that as much as 22% of data breaches are caused by employee error, and another 40% come from “trusted” insiders or external business partners. Understanding how much visibility you have over your employees and their actions is fundamental in deciding which data security solutions you may need.

5. Is your organization subject to regulatory compliance? 

Last, but not least, is knowing whether or not your organization is subject to compliance regulations. Regardless of whether you need to comply with PCI DSS, GDPR, CUI, or other requirements, you must find a data security vendor whose solutions address the requirements of those regulations, and if need be, help you to navigate the complexities of those regulations as well.

Source: HelpSystems

Contact BeyondTrust today to learn how to recalibrate your security with our privileged access management (PAM) solutions to address today’s threats and so you may confidently embrace your digital transformation opportunities.

Source: BeyondTrust

Sophos Extended Detection and Response (XDR) now goes even further in the public cloud, adding Microsoft Azure (Azure) and Google Cloud Platform (GCP) activity logs alongside Amazon Web Services (AWS) – helping security teams see the bigger picture across public cloud environments.

Integrating data from the Sophos cloud security posture management solution, Cloud Optix, Sophos XDR enables you to detect, assess, and harden cloud workloads and user access against security misconfigurations and vulnerabilities.

New Cloud Optix data sources in Sophos XDR now allow you to easily investigate AWS, Azure, and GCP cloud environment API, CLI, and management console activities. Using fully customizable and pre-written SQL queries, you can uncover initial access attempts on the environment via compromised roles, as well as newly created user roles and resources indicating persistence within the environment, and privilege escalation and exfiltration tactics shown by attackers.

Using Cloud Optix findings as indicators of compromise, we help you pivot by leveraging the Sophos XDR data lake to investigate workload vulnerabilities uncovered by Sophos Intercept X for Server workload protection agents running on those workloads. Examples include the detection of compute workload resources with ports exposed to the internet, such as RDP or SSH. In this scenario, Cloud Optix alerts you to these access vulnerabilities and Sophos XDR allows you to quickly pivot investigations to identify the number of authentication attempts on those instances, and any successful attempts made. You can then act confidently to remove access and prevent a breach, with Cloud Optix providing guided remediation instructions to reduce your mean time to resolve (MTTR) vulnerabilities.

This connected multi-cloud security from one central console helps teams see the bigger picture during investigations, making it easy to quickly identify risk and proactively prevent security incidents.

More Cloud Optix enhancements

This latest update to Sophos Cloud Optix also includes a range of additions to enhance your cloud security monitoring and compliance response:

AWS activity anomalies – New SophosAI models continuously analyze AWS CloudTrail user activity logs. This allows Cloud Optix to build a picture of individual user role activity to identify both accidental changes as well as malicious activity from compromised roles. It brings AWS CloudTrail events to life in a clear and detailed timeline view of user activities, identifying high risk anomalies such as actions performed outside of normal working hours as well as those never performed before.

With this update, you can dramatically shrink alert totals for security teams and help them focus on investigating high-risk patterns of behavior that could lead to security incidents in a fraction of the time that it took them before.

Multiple Jira integration instances – Now add multiple Jira integration instances to a Cloud Optix account. Each cloud environment will be linked to one Jira instance. This could be a separate Jira Instance per environment, or a common Jira instance shared with many environments.

Azure IAM visualization – Visualize the relationships between IAM roles, IAM users, and services in Azure to simplify the management of complex, interwoven IAM roles for multiple Azure subscriptions and Azure AD.

Custom policy alerts – Now create custom alerts based on Cloud Optix advanced search queries. Future security benchmark scans will then raise alerts in Cloud Optix when the criteria of the query is met.

These latest updates and a recap of all Cloud Optix enhancements are available here. To improve your cloud security posture and to try Cloud Optix free for 30 days, visit Sophos.com/Optix today.

Source: Sophos

What is the 3-2-1 Backup Rule?

The 3-2-1 backup rule states that you should have 3 copies of your data, 2 different backup formats, and 1 backup stored offsite. This rule was first established by U.S. photographer Peter Krogh in the early 2000’s and has gone on to stand the test of time and is still relevant today.

Backup Vs Business Continuity & Disaster Recovery (BCDR)

However as variations of this rule have developed and businesses try to ensure a more resilient data model, the rule has become just 1 part of an overall protection plan. Most businesses now create and deploy a BCDR or Business Continuity & Disaster Recovery Plan which not only ensures reliable backups of data but also focuses on time of recovery.

Why Use the 3-2-1 Backup Strategy?

The 3-2-1 rule still has value, especially for businesses who aren’t backing up at all. But today, the gold standard is evolving. As businesses develop, most will partner with an MSP or Managed Service Provider to ensure that their IT infrastructure runs smoothly.

One of the key parts of a managed service is to prepare for downtime or a disaster event. The idea of 3-2-1 backup rule is to protect against a single disaster such as a fire or flood in the office, in this situation you would be able to recover from your offsite backup.

However over the years where threats have become more aggressive and reliance on IT grows this rule is no longer enough.

Variations of the 3-2-1 Strategy

Over the years there have been multiple variations of the 3-2-1 rule such as 3-2-1-1-0 and 4-3-2 however these have their own range of issues including costs and time to manage the infrastructure that goes with these strategies.

3-2-1-1-0

3-2-1-1-0 is built on the same foundation as the 3-2-1 rule however it goes a step further by stipulating an additional “Air Gapped” or offline backup and adding a check process to ensure all backups have zero errors.

4-3-2

Suggests that for businesses being managed by MSPs or IT Service Providers you have 4 copies of your data, stored across three locations (Onsite as source, onsite with the MSP and one in the cloud), with two of these being offsite.

Drive efficiency with an automated BCDR Solution – Datto SIRIS

Datto is one of the pioneers of the All-in-one BCDR solution that removes a lot of manual setup, expensive cost and human error in handling different media types across multiple locations.

Datto SIRIS is a flexible BCDR solution that stores a copy of your data locally, and in our cloud that’s built on an immutable storage model, you also have the ability to replicate that data to a secondary datto cloud location for extra resilience.

With our end to end backup encryption, advanced backup verification and mandatory 2FA sign on to access backup data and recover (both locally and from the cloud) you can be confident that your backups are secure and ready for when you need them.

Source: Datto

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-150912″ size=”btn-xl” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fwebinars%2Fpolp-in-a-multi-cloud-world||target:%20_blank|”]For a deeper dive on this topic: PoLP in a Multicloud World.[/vc_button][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]Source: BeyondTrust[/vc_column_text][/vc_column][/vc_row]

This is a highly anticipated product release, which couldn’t come at a better time.

If you’re already thinking of replacing a firewall, then it’s very likely that other pieces of network infrastructure are also under discussion. If you’re replacing your Wi-Fi, as soon as you have more than a couple of access points, you need something to power them or the search for available power sockets starts. Or maybe you need to separate IoT devices from other business devices on the network in one of your many remote offices. The answer is almost always a switch. And if everything comes from a single vendor, you can generally improve your network visibility, reduce your management overhead, and potentially also optimize the price.

While switches may not be the first products you think of when considering cybersecurity, access layer switches are generally the gatekeepers for device access to the rest of the network, and as if that weren’t enough, they’re the masters of segmentation. I’m sure we’ve all learned in our networking 101 best practices book, network segmentation is key when it comes to minimizing the exposure of a network in case of a breach, as it prevents lateral movement. Of course, many other solutions also have their role to play in that scenario, but you should never underestimate the role a switch can play.

And so, by popular demand, we’re now introducing switches.

The Sophos Switch Series

We will initially offer eight models, with two more expected towards mid-2022. Here’s a snapshot of the key specifications.

All switches can be managed in Sophos Central alongside your other Sophos products, however, the full feature set and configuration will only be available via the local web user interface from the first release. Management is also supported using the Command Line Interface (CLI) or Simple Networking Management Protocol (SNMP).

Sophos Central will be the key to some unique features in the future and yes, we do eventually plan to offer synchronized security, however, there is no final date for the introduction of that functionality that we can communicate at this time.

If you’re one of the many businesses struggling with ever-more devices to connect and power and are looking for a way to take back control of your network, Sophos Switch may just be the perfect solution. Our switches are ideal for small and medium-sized business, branch offices, retail, services, even remote and home offices will benefit from a more business-oriented setup, now that many of those have gone from being temporary to permanent.

While launching a hardware product in the current climate takes a bit of coordination, we will have first limited quantities available from December 16 and volumes will ramp up from January 2022 onwards. We plan to do the official market announcement for these products on January 11.

Further information is available on our website under sophos.com/switch.

Source: Sophos

Understandably, the terms data security and data privacy are frequently muddled together and sometimes used interchangeably. While they are naturally connected, they are also unique and separate concepts.

To help ensure the data your customers and employees entrust to your organization is both handled appropriately and secured throughout its lifecycle, review these concepts, along with their associated policies, procedures, and technologies, to help prevent malicious or unintentional misuse or loss of data.

What is Data Privacy?

Data privacy focuses on how personal data is collected, used, and shared – in other words, its governance. Regulations and laws addressing data privacy can vary by state and country in terms of how stringent they are and how they are enforced.

Worldwide, countries are coming to the realization that the strict guidelines designed to protect personal data privacy are in the best interest of both an organization and individuals. The European Union’s General Data Protection Regulation (GDPR) is the strictest regulation to date, with other countries modeling regulations after the privacy mandates of the GDPR. Some of note: the California Consumer Privacy Act (CCPA), Brazil’s Lei Geral de Protecao de Dados (LGPD) and Canada’s proposed Digital Charter Implementation Act, to name a few.

While these enacted and proposed regulations are a huge step in ensuring data privacy, without a solid data security foundation and technological solutions in place, data privacy simply cannot happen.

What is Data Security?

Data security, as opposed to data privacy, focuses on how data is protected from the many external and internal threats that exist. Data security policies and procedures can mitigate cyberthreats and inadvertent misuse; however, just putting these measures in place does not typically fully address data privacy concerns and regulations.

Data security encompasses the actual solutions an organization puts in place to protect digital data at all points – from endpoints to networks to the perimeter.

A comprehensive data security policy should form the blueprint for your data security measures and cover three key areas: people, processes, and technological solutions to help enforce any policies set to surround and protect sensitive and private data.

What’s the Difference Between Data Privacy and Data Security?

First, data privacy is NOT the same as data security. Data security is all the measures, policies, and technologies taken to protect data from external and internal threats. However, applying data security measures alone does not necessarily satisfy data privacy requirements. Data privacy still requires adherence to regulations surrounding how the data organizations secure is collected, shared, and used.

Data security protects data from malicious threats; data privacy addresses responsible governance or use of that data.

When developing data security policies, the focus of protection measures is on preventing unauthorized access to data. Tools such as encryption, user authentication, and tokenization can all amp up an organization’s security stance.

When tackling data privacy concerns, the focus is on data being procured, processed, stored and sent in compliance and with consent of the data subject. If an organization is gathering data, individuals need to know what type of data will be collected, why it is needed and who will share this data for transparency. In addition, the data subject needs to agree to these terms.

Using data with respect to an individual’s privacy is the key to data privacy. Data security measures can help ensure that personal identification in collected data is protected.

Protect Data Privacy and Security with Layers of Security Solutions

Is there a singular solution to offer protection? No. However, establishing policies and procedures to address sensitive data protection, as well as layering security solutions, can provide outstanding protection to data throughout its lifecycle.

Layering solutions can address both privacy and security concerns. When choosing technology to support your organizational privacy and security policies, check to ensure that the solutions can easily integrate to address these three key tactics:

1. Identify and classify files that may contain sensitive data

2. Encrypt data to render sensitive data unreadable unless authorized

3. Detect and prevent leaks of sensitive information outside your organization

4. Secure and protect sensitive data that is shared inside and outside your organization

5. Manage rights to digital data to encrypt and control access to data no matter where it travels

HelpSystems offers a suite of data security solutions, including data loss protection, identification and classification, secure managed file transfer, and more.

Source: HelpSystems

Customers have spoken–naming Sophos an October 2021 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms (EPP). What’s more, Sophos is the highest rated and most reviewed vendor, and the only vendor to be named a Customers’ Choice in all four global deployment regions: North America, EMEA, Latin America, and Asia Pacific. Across 505 independent reviews, customers overwhelmingly recommend Sophos, with an average rating of 4.8 out of 5 as of 31st August 2021.

Based solely on independent customer reviews that have been rigorously evaluated by Gartner, we believe this nomination is testament to the unparalleled real-world protection, detection, and response that Sophos delivers every day to enterprise customers around the globe.

Double recognition is a double honor

This distinction follows hot on the heels of Sophos being named a Leader in the 2021 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) in May 2021. To be recognized by both our customers and Gartner analysts this year is a double honor in our view and we could not be more proud.

The voice of the customer

Gartner Peer Insights shares the independent voice of verified enterprise customers. Recent feedback on Sophos’s endpoint protection includes:

“Detection & protection that truly keeps up with the ever-growing threat landscape”
Manufacturing, $50M–$250M, North America

“The deep learning and artificial intelligence give an excellent detection response which has led to a significant decrease in ransomware attacks”
Retail, $10B–$30B, Asia Pacific

“Zero-day detections are excellent. We’re notified of threats by Sophos often before our SOC knows what may be going on”
Manufacturing, $500M – $1B, North America/Latin America/Asia Pacific

These are just three of over 750 Sophos endpoint protection customer reviews available on the Gartner Peer Insights site. I would like to take this opportunity to thank our customers who have shared their feedback; we truly appreciate your time and your trust.

Optimize prevention. Minimize time to detect and respond

Sophos Endpoint gives you world-leading prevention, detection and response capabilities designed for real-world environments. Whether you choose to manage your security yourself or have our team do it for you, you are backed by unparalleled human and technical expertise.

Optimize prevention

No one is more focused on preventing attacks than Sophos and over the past year independent 3rd party testing shows we stop, on average, 99.98% of all threats. We achieve this via a two-pronged strategy:

Reduce the attack surface, removing opportunities for attackers to penetrate your organization. This includes:

• Blocking potentially unwanted applications and malicious or suspect websites based on content or URL rating
• Controlling what applications and devices are allowed to run
• Locking down server configurations in a single click

Prevent attacks from running, using layered protection technologies to stop both the threats and the tactics attackers use:

• AI-based behavior prevention blocks the unknown based on techniques, behaviors, and anomalies
• Behavior-based anti-ransomware technology prevents attackers from encrypting your files
• Exploit prevention stops the techniques attackers use, protecting against attacks that leverage previously unknown vulnerabilities

By stopping attackers from gaining a foothold, Sophos reduces the signal-to-noise ratio, enabling defenders to focus on fewer, more accurate detections.

Minimize time to detect and respond

Our robust tools and human expertise quickly identify, defuse, and eject attackers before they can take control.

• We provide 24/7/365 threat hunting and neutralization delivered as a fully-managed service by Sophos experts
• Our team becomes your team, and our threat hunting expertise helps augment and extend your team
• The open Sophos XDR platform integrates with your existing security operations (and we’re proud to be named a Representative Vendor in the new Gartner Market Guide for XDR)

Ultimately this approach delivers superior security outcomes for our customers: better protection, reduced risk, and lower total cost of ownership (TCO).

Learn more

To dive deeper into these independent reviews of Sophos’ endpoint protection, I encourage you to:

• Review the October 2021 Gartner Peer Insights Customers’ Choice for endpoint protection platforms (EPP)
• Read the 750 verified customer reviews on Gartner Peer Insights site
• Check out the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms

If you’d like to discuss your endpoint security requirements and how Sophos can help, please reach out to your Sophos representative or speak with our in-house team who would be delighted to help.

Source: Sophos