We are pleased to announce that Sophos Intercept X  has received ‘Top Product’ certification in AV-TEST’s October 2021 testing for Windows devices. This follows a perfect score for protection, usability and performance in the June 2021 testing for macOS devices and ‘Approved’ certification in the July 2021 test for Android devices.

These AV-TEST awards are among a number of recent highlights for Sophos Intercept X:

SE Labs

SE Labs named Intercept X as the ‘Best Enterprise Endpoint Solution’ in their 2021 Annual Report. This fantastic achievement follows Intercept X receiving Best Small Business Endpoint Solution for two years running in the SE Labs 2019-2020 Annual Reports.

Gartner®

Gartner recently published its first-ever Market Guide for Extended Detection and Response (XDR) which provides guidance for security and risk management leaders considering investments in XDR. Sophos is named among a shortlist of 12 Representative Vendors offering an XDR solution.

Earlier this year, Sophos was named a “Leader” in the 2021 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP) for the 12^th consecutive report. While other vendors come and go, Sophos continues to lead.

Sophos Intercept X endpoint protection is rated 4.8/5 on Gartner Peer Insights as of November 26, 2021, based on 577 verified reviews over the previous 12 months.

CRN

Sophos MTR won the award for ‘Best Managed Detection and Response’ at the CRN 2021 Tech Innovator Awards. With Sophos MTR, organizations benefit from 24/7/365 threat hunting, detection and response, delivered as a fully-managed service by our expert operators.

Try Sophos Intercept X today

Activate a free trial today and take Sophos Intercept X for a test drive. It combines industry-leading prevention capabilities that block ransomware, exploits and never seen before malware with powerful XDR for advanced threat hunting and IT operations.

Source: Sophos

Branch networks are present in several industries, but they often share common needs. Here are five present trends when it comes to branch networking.

Centralized and Remote Management

Despite the challenges brought, COVID-19 couldn’t stop all businesses from growing. It might even have made them stronger! Enterprises that know how to make use of a quality branch network system are the ones who thrive in these difficult times. With employees working from home and the business environment being uncertain, you should be able to manage all branches without a hitch from one location, be it the headquarters, a data center, or simply your home office.

Enhanced Security 

Moving everything from the data center to the cloud is, in no doubt, more efficient and convenient, but is it safe? Gartner introduced the concept of SASE (Secure Access Service Edge) in 2019. However, enterprises are still concerned about the cybersecurity of their branch networks in 2021. When cyberattacks only get more aggressive over time, it is time to review your current branch network infrastructure to make sure all your data and top business secrets are in good hands.

Ready for 5G

More and more enterprises will be using 5G technology as it becomes more prominent and it enables rapid development of new branches. When it comes to connectivity, speed is not everything though. Other than using 5G, you also need to ensure that the network you are using is reliable anytime anywhere.

Automation and AI Support

You may not need a robotic arm at your store to impress customers, but automating your services and using artificial intelligence will definitely add value to your business. By incorporating IoT-friendly devices into your network infrastructure, you will not only increase the efficiency and cut the cost of your branches in the long term, but also enhance the customer experience and upgrade your brand image.

MPLS Replacement

We all know about the benefits of implementing SD-WAN solutions and the importance of replacing the expensive MPLS (Multiprotocol Label Switching). While fancy new technologies might seem like the perfect solution for your branch networking, it is easy for us to omit the fact that the hard part is the integration. Thus, other than looking for cool and cutting-edge devices, you may also consider the flexibility and versatility of the new solution.

Source: Peplink

[vc_row][vc_column][vc_column_text]

[/vc_column_text][/vc_column][/vc_row]

For several years now, we’ve been hearing that MSPs will become obsolete, rendered unnecessary as businesses take advantage of more plug-and-play, cloud-based platforms, and tools. “Why use an MSP,” they say, “when in the very near future, I’ll just be able to buy all my services and monitoring in the cloud?”

But at Iconic IT, we’ve found just the opposite to be true. The more cloud-based tools we offer to small and medium-sized businesses, the more they seem to need our services. In a way, the move to the cloud has freed us, taking us away from wires and server rooms and into the boardroom. And Iconic has provided that leadership to our clients, in no small part because of our partnership with Datto.

There’s an abundance of cloud backup and monitoring systems out there, but we’ve found that Datto products have allowed us to do more and provide better for our clients. To put it simply, Datto tools have allowed us to be more:

1. Strategic

Cloud-based tools have taken away a lot of the grunt work, installations, and comms bottlenecks we used to know. And with Datto, we have visibility into our client’s entire network. And because it’s in the cloud, we don’t have to worry about our own hardware to maintain. We can manage all our client’s endpoints, and come back to them with focused, clear security advice. We can focus on the true issues because Datto filters out the noise. And when we make big cybersecurity saves, our clients can relax knowing we have their back.

That’s no small thing. When they know their basic security needs are covered, they have space to talk about their future needs. We can ask them questions like: how can we help you solve the issues you’ll be facing soon? And how can we build your tech infrastructure now, so you’ll have the right foundation to build on?

This kind of discussion led us to land a small bank system in the Denver area as a customer. We were able to consolidate all their backups and monitoring into one unified system—while helping them meet all their data regulatory requirements. They got better service, at a better price, and reduced their business headaches considerably.

2. Responsive

What will happen to my business if there’s a disaster? A power outage? Flooding? A massive ransomware attack? How quickly can you get my business up and running again?

This is the central question clients ask us, and we’d better have the right answer. We feel comfortable selling our Datto backup systems because we use them ourselves. And we’ve seen first-hand how well it works. Just last winter, for instance, we had a power outage at our headquarters in Rochester, New York that lasted for two days. When we had that snowstorm, our servers went down too. But we were able to run everything on Datto’s servers, and it worked just like our own on-site server rooms were operating. Our employees never knew the difference, and neither did our customers, who are relying on us to be able to keep their networks going.

3. Affordable

This may raise some eyebrows, but we’ve found the investment is worth it. Why? Because Datto was one of the first to market with their backup and monitoring technologies, and their systems are the most mature. Their systems work seamlessly with ours. The labor costs that save us are enormous, because it works every time, with very few hiccups.

Datto’s products also scale well, based on the size of our clients and their user base. As more providers like Datto provide this kind of price package, the more we can drive enterprise-grade security and backup to even the smallest of clients.

4. Ahead of the security curve

Cybersecurity has been topic number one for MSPs for a while now, as ransomware and hacking attempts have risen to near unimaginable levels. But it’s our job to imagine just how bad it can get, and keep encouraging our clients to invest.

Datto products help us get there because they’ve created a true partnership with MSPs. When monitoring tickets get to us, we know they’re actionable and worth our time. We never have to worry about whether our backups are going to work. We know they will.

Luckily, market forces seem to be pushing even smaller clients to invest in sophisticated cybersecurity tools. It doesn’t hurt that the Biden White House has taken on the cybersecurity of businesses as a national security issue. They will be issuing guidelines that will likely help us sell through complex security products like RMM.

With the right partnerships, the future looks bright

We firmly believe that MSPs will only continue to rise, as we combine our “friendly local IT guys” with the monitoring power and backup capacity of companies like Datto. Small businesses have always been the country’s great innovation engine. And as their tech partners, it’s up to MSPs like us to see that they keep pace. We’re looking forward to everything the future can bring us, and we hope you are, too.

Source: Datto

Whether you have no archiving or are simply using what’s built into Microsoft Exchange Server (on-premises), your archiving choice may be hurting the organization more than it’s helping.

The archiving of email from within Microsoft Exchange Server is a multi-faceted thing; many see the archive as a backup (which it can sort of act as one, but that’s not its’ purpose) for older email, while others see it as a means to offload unnecessary email to lower the storage load on Microsoft Exchange over time.

The reality is the archive is much more. The archive serves as a historical record of all email correspondence. It has a role in lawsuits, proving adherence to regulations, aiding in locating prior correspondence, or just helping a user find a forgotten email address of someone they previously communicated with.

The archive has the potential to become involved in many parts of operations, so it’s important to be sure the archiving methodology you have today is the correct one. But you may think whatever is in place now is just fine, but there are three reasons why you should consider your email archiving options.

Reason 1 – You May Not Be Meeting the Business Needs

Many times, IT folks start with the technology first and work their way back to business requirements. With email archiving having financial, legal, and technical implications, it’s imperative that you first understand what the business needs from archiving… and then go find the best way to implement it. For example, legal may want the email sent and received by specific roles within the organization to be held for, say, seven years, while finance wants to keep storage costs down and minimize any retention whatsoever, all while HR needs emails between two specific individuals held for 2 years in case of a lawsuit.

See? Everyone has their own needs – and it is possible to meet everyone’s requirement; you just need to start with the business needs and then determine first if your current archiving method meets those needs and if not, what solution will.

Reason 2 – Not all Archiving is the Same

There is no magic “archive this mailbox” checkbox and suddenly all the right emails are archived. The closest thing to this is Journaling within Exchange, where a copy of every email is stored. While comprehensive in scope, it may be overkill from both a storage and search perspective, making even this option less than viable. In addition to the “what” is archived, there’s also concerns around who can access the archive, is the data a read-only archive, is it secure, will it be available if Exchange is down, and more.

It’s important to list out the important criteria and expectations your organization have for an archiving solution, and to determine how each of your archiving choices meet the need.

Reason 3 – You May Be Missing the Compliance Mark

We’ve left compliance for last, as the growing list of compliance regulations continually makes archiving that much more complex. Where one regulation mandates keeping specific email content for 5 years, another wants to keep a completely separate set of emails for 7 years. Sure, that Journaling option previously mentioned can do the trick if you keep everything for the longest duration required, but that method comes with a hefty storage and productivity price tag. It’s important to implement email archiving in a way that meets the specific needs of each regulation; with the newer laws spelling out hefty fines, the organization has to get the archiving right.

Ready to Consider Your Options?

An email archive is a critical part of your messaging environment and not just a copy of old emails. Upon realizing its importance, you recognize the need to truly look into whether native options meet the need or not. Your next steps are to determine what business factors will influence your archiving needs and evaluate your archiving options – whether they rest within Exchange itself or are third-party.

Source: MailStore

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_column_text]

[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fprivilege-escalation-attack-defense-explained%2F%3Futm_source%3DNSS-NewsBlog%26utm_medium%3DArticle%26utm_id%3DNSS||target:%20_blank|”]Privilege Escalation Attack and Defense Explained[/vc_button][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fresources%2Fwhitepapers%2Fmicrosoft-vulnerability-report%2F%3Futm_source%3DNSS-NewsBlog%26utm_medium%3DArticle%26utm_id%3DNSS||target:%20_blank|”]Microsoft Vulnerabilities Report 2021[/vc_button][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fresources%2Fwhitepapers%2Fzero-trust-approach-to-windows-mac-endpoint-security%2F%3Futm_source%3DNSS-NewsBlog%26utm_medium%3DArticle%26utm_id%3DNSS||target:%20_blank|”]A Zero Trust Approach to Windows & Mac Endpoint Security[/vc_button][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fpassword-management%2F%3Futm_source%3DNSS-NewsBlog%26utm_medium%3DArticle%26utm_id%3DNSS||target:%20_blank|”]A Complete Password Management Solution[/vc_button][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fsecure-remote-access%2F%3Futm_source%3DNSS-NewsBlog%26utm_medium%3DArticle%26utm_id%3DNSS||target:%20_blank|”]Secure Remote Access Solutions[/vc_button][vc_empty_space empty_h=”2″][vc_column_text]

[/vc_column_text][/vc_column][/vc_row]

Sophos is thrilled to be awarded Security Vendor of the Year in the European IT & Software Excellence Awards 2021. Now in their 12^th year, the awards have been designed to recognise and reward excellence in European software development, IT and Telecoms solutions. Carl Friedmann, Editor at IT Europa, commented:

In what was one of the most crowded award categories, Sophos impressed the judges with the depth and breadth of its offering including a strong managed threat detection and response solution well suited to the needs of the channel.

The awards are voted for by a panel of judges including IT Europa’s editor, Carl Friedmann, and Jessica Figueras, vice chair of the UK Cyber Security Council. Jessica works with start-ups and scale-ups on growth strategy and advises UK Government on technology and policy issues relating to online harms and security.

Jason Ellis, vice president EMEA channel at Sophos shared his delight on this prestigious award win:

Sophos is honoured to win the coveted Security Vendor of the Year 2021 at the European IT and Software Excellence Awards. The extraordinarily high levels of complex ransomware and other cybercrimes has accelerated the need for effective, comprehensive cybersecurity for businesses of all sizes, and this award recognises our dedication to provide the best and most complete set of cybersecurity solutions in the market.

The win follows a year of exceptional innovation. Sophos is leading the industry through integration of AI into its products and services. One of the biggest product evolutions this year is the new Sophos Adaptive Cybersecurity Ecosystem (ACE), an open security architecture that optimises threat prevention, detection and response. Sophos ACE leverages automation and analytics, as well as the collective input of Sophos products, partners, customers, developers, and other security industry vendors, to create protection that continuously improves – a virtuous cycle that is constantly learning and advancing.

In addition, Sophos launched the industry’s only extended detection and response (XDR) solution that synchronizes native endpoint, server, firewall, and email security in 2021.

Source: Sophos

The UK-based PC PRO Excellence Awards are held annually to celebrate the best manufacturers and the best products available.

Whilst the ‘Manufacturer of the Year’ awards are selected by PC PRO readers, the ‘Product of the Year’ awards are selected from the hundreds of products that have been reviewed by the PC PRO team, together with their sister brands, IT Pro and Expert Reviews. We’re told the voting in these categories can involve hot debates within the editorial team, and only the standout products are selected.

The Sophos XG 230 (Rev.2) earned the top spot in the prestigious ‘Business Hardware of the Year’ category, competing with over a hundred other business-focused products.

IT Pro reviewed the XG 230, including the initial setup with Sophos Firewall OS (SFOS), earlier this year, when it was awarded an Editor’s Choice 5-Star rating.

The review highlights the following features:

• Flexible connectivity – built-in and add-on via Flexi Port modules
• Power redundancy option and failover via built-in bypass ports
• Ease of setup using the installation wizard
• Visibility provided by the Control Centre
• Zone-based security policies
• Extensive Web filtering categorization options
• Threat detection using Sophos Sandstorm (now part of Zero-Day Protection)
• Integration in Sophos Central, both for management, and cross-product threat detection and mitigation via the Sophos Security Heartbeat™.

Dave Mitchell, who conducted the review, was a key advocate for the Sophos win, describing our product as follows:

Sophos’ XG 230 Rev.2 impressed us mightily as this no-compromises gateway appliance is a cinch to deploy and offers a remarkable range of security measures for the price. A huge firewall throughput means it can easily keep up with a heavy demand and total integration with the Sophos Central cloud service adds extra levels of versatility.

You can read Dave Mitchell’s full review on the IT Pro website.

This review was conducted prior to the release of our new XGS Series hardware range, which offer all of the above features and many more.

Source: Sophos

[vc_row][vc_column][vc_column_text]

November 1, Athens Greece – NSS, a well established international value-added distributor of leading cutting-edge IT solutions, announced its strategic partnership with HelpSystems, a US based Information Technology and Software Vendor, and a people-first software company focused on helping exceptional organizations build a better IT.

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-lxmt” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ shape_dividers=””][vc_column width=”1/1″][vc_column_text]Paolo Cappello, Managing Director of International Development responsible for leading growth in the LATAM, EMEA, and APAC markets stated that “At HelpSystems we’re on a journey to help organizations everywhere Build a Better IT™. Our security and automation software simplifies critical IT processes to give our customers peace of mind. We deliver solutions based on the fundamentals of good technology design: high quality, a top-notch user experience, and the ability to improve performance. In addition, with the recent acquisition of Digital Guardian, one of the DLP leader solution for large and mid-sized organizations, we keep investing hard to create the most powerful data security portfolio in the market to help customers improving further the ability to protect data across a wide set of channels, applications and operating systems. Together with NSS, we will be working in the areas of infrastructure and data protection, systems and network management, business intelligence, security and compliance, with a commitment to focus on offering solutions to improve everyday operations, save time, and cut costs, through reliable software, the expert services, and outstanding support, provided by the NSS team.”[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]“As pioneers in cutting edge services and technology solutions, we are very excited to welcome HelpSystems to our portfolio and distribute their cutting edge security and automation solutions,” continued George F. Kapaniris, Executive Director, NSS, emphasizing that “We look forward to assisting MSPs to protect their customers business-critical data with automated cybersecurity solutions that help them stay ahead of today’s ever-changing threats.”.

NSS will distribute HelpSystems’ solutions in the markets of SE Europe, including Greece, Cyprus, Malta and Bulgaria and the Adriatic. By offering a comprehensive and unique set of cloud-based solutions, NSS is expanding its portfolio to meet the increasing IT requirements and security needs of businesses during the age of digital transformation.

To find out more please visit: https://www.nss.gr/en/products/security/helpsystems/

About NSS

NSS is an international Value Added Distributor of Affordable Cutting Edge IT solutions, covering technology areas that include information security, network optimization, communications and infrastructure systems. NSS has strategic partnerships with superior vendors offering products & services with leading technologies that place the company ahead of the competition in today’s crowded market. NSS products can be acquired through a selected channel of resellers in Greece, Cyprus, Malta, the Balkan and Adriatic Countries.

[/vc_column_text][/vc_column][/vc_row]

Τα τελευταία χρόνια, η ασφάλεια των Windows έχει σταθερά βελτιωθεί από τη Microsoft, και το ransomware ήταν μία από τις βασικές απειλές που φρόντισε να αντιμετωπίσει μέσω ενσωματωμένων λειτουργιών όπως είναι οι User Account Control (UAC), Windows Defender Application Control και οι κανόνες Attack Surface Reduction (ASR).

Στο συγκεκριμένο άρθρο, εξετάζεται αν η προστασία από το ransomware που είναι ενσωματωμένη στα Windows 10 είναι αρκετή για να σας προστατεύσει.

Η κατάσταση με το ransomware σήμερα

Το ransomware ήταν μεγάλη υπόθεση το 2020. Εταιρείες και οργανισμοί πάσχισαν να οργανώσουν λύσεις απομακρυσμένης πρόσβασης καθώς όλο και περισσότεροι εργαζόμενοι χρειάστηκε να εργαστούν από το σπίτι εξαιτίας της πανδημίας του νέου κορωνοϊού. Οι συμμορίες κυβερνοεγκληματιών παράλληλα όπως προβλεπόταν εκμεταλλεύτηκαν τον πολλαπλασιασμό των απροστάτευτων τερματικών συσκευών και των απροετοίμαστων χρηστών.

Σύμφωνα με ποικίλες εκθέσεις και αναφορές, σε σχέση με το 2019 σημειώθηκε αύξηση 62-150% στις κυβερνοεπιθέσεις το 2020, με ορισμένες αναφορές μάλιστα να κάνουν λόγο για αύξηση στις επιθέσεις ransomware κατά 485%. Και καθώς τα πιο πρόσφατα δεδομένα που έχουμε θέτουν τη μέση πληρωμή λύτρων στα $312.000 σε ορισμένες περιπτώσεις, οι κυβερνοεγκληματικές οργανώσεις κατάφεραν να αποσπάσουν χρηματικά ποσά ύψους εκατομμυρίων δολαρίων. Κατά τη διάρκεια του 2020 επίσης, διαπιστώθηκε αύξηση και στις περιπτώσεις διπλού εκβιασμού, όπου οι κυβερνοεγκληματίες ή χάκερ όχι μόνο απαιτούσαν υπέρογκα ποσά σε λύτρα, αλλά απειλούσαν επίσης και να διαρρεύσουν ή να πουλήσουν εμπιστευτικά δεδομένα στην περίπτωση που δεν πληρώνονταν τα λύτρα.

Το 2021, οι επιθέσεις εξακολουθούν να αυξάνονται. Υπήρξε μάλιστα και μια απότομη άνοδος των επιθέσεων μηδενικής ημέρας, όπου οι χάκερ αξιοποιούν προηγουμένως άγνωστες ευπάθειες στο λογισμικό. Αυξανόμενο είναι επίσης και το ενδιαφέρον των επιτιθέμενων για τις φορητές συσκευές, την ώρα που βεβαίως εξακολουθούν να αξιοποιούν προς όφελος τους τις απροστάτευτες διαδρομές απομακρυσμένης πρόσβασης και τις ανενημέρωτες στον τομέα του λογισμικού τερματικές συσκευές.

Κατεβάστε την έκθεση Malware & Ransomware Threat 2021

3 Προστασίες ασφαλείας των Windows ενάντια στο Ransomware

Ας αξιολογήσουμε τώρα τρεις προστασίες που είναι ενσωματωμένες στα Windows 10 και τις οποίες μπορείτε να χρησιμοποιήσετε για να ενισχύσετε την άμυνα σας έναντι του ransomware και άλλων κακόβουλων προγραμμάτων.

1.Έλεγχος λογαριασμού χρήστη: Το UAC είναι μια συλλογή από λειτουργίες και χαρακτηριστικά των Windows που βοηθούν τους χρήστες να εκτελέσουν προγράμματα και εφαρμογές χωρίς να απαιτούνται δικαιώματα διαχειριστή στο λειτουργικό σύστημα. Οι Προστατευμένοι Λογαριασμοί Διαχειριστή επιτρέπουν στους χρήστες να «τρέχουν» εφαρμογές, προγράμματα ή λειτουργίες με τα τυπικά δικαιώματα χρήστη τις περισσότερες φορές ωστόσο όταν απαιτείται μπορούν να ανέλθουν σε δικαιώματα διαχειριστή.

Το UAC είναι ένας έλεγχος ασφαλείας και όχι όριο ασφαλείας. Ως εκ τούτου, μπορεί να παρακαμφθεί. Η Microsoft συνιστά στους χρήστες να συνδέονται στα Windows όποτε είναι δυνατόν με λογαριασμό τυπικού χρήστη. Οι Προστατευόμενοι Λογαριασμοί Διαχειριστή UAC έχουν σχεδιαστεί για χρήση σε καταναλωτικές συσκευές. Αν και έχουν συμβάλει σε σημαντική βελτίωση της ασφάλειας στα Windows, δεν προορίζονται να παρέχουν ασφάλεια σε εταιρικό ή επιχειρησιακό επίπεδο.

2.Windows Defender Application Control: Αξιοποιώντας μία τεχνολογία που ονομάζεται Continuous Integrity και που είναι δανεισμένη από το λειτουργικό σύστημα Windows Mobile, το Windows Defender Application Control (WDAC) αποτελεί την πιο πρόσφατη τεχνολογία ελέγχου εφαρμογών στα Windows. Έχει σχεδιαστεί για να επιτρέπει στους οργανισμούς να δημιουργούν καταλόγους επιτρεπόμενων εφαρμογών, scripts και άλλων στοιχείων κώδικα στα οποία επιτρέπεται η εκτέλεση. Οτιδήποτε άλλο, συμπεριλαμβανομένου και του ransomware, αποκλείεται.

Το WDAC μπορεί να διαμορφωθεί χρησιμοποιώντας τον Microsoft Endpoint Manager (MEM) ή χρησιμοποιώντας Group Policy. Η πολιτική ομάδας (δυνατότητα των Windows που περιέχει μια ποικιλία προηγμένων ρυθμίσεων, ειδικά για διαχειριστές δικτύου) δεν υποστηρίζει το format πολλαπλών πολιτικών WDAC. Τα αρχεία πολιτικής WDAC δημιουργούνται χρησιμοποιώντας cmdlets PowerShell. Τα cmdlets δημιουργούν ένα ή περισσότερα αρχεία πολιτικής, που περιέχουν λίστες επιτρεπόμενων εφαρμογών και άλλους κανόνες, τους οποίους μπορείτε να εφαρμόσετε σε πελάτες για να αποκλειστεί μη εγκεκριμένος κώδικας. Για υψηλότερο επίπεδο ασφάλειας, τα αρχεία πολιτικής WDAC θα πρέπει να υπογράφονται για να αποτρέψουν τη διαγραφή ή την αλλαγή των κανόνων ελέγχου εφαρμογών από τους διαχειριστές.

3.Κανόνες Μείωσης της Επιφάνειας Επίθεσης: Οι κανόνες Attack Surface Reduction (ASR) αποτελούν μέρος του Windows Defender Exploit Guard. Οι κανόνες μπορούν να χρησιμοποιηθούν για την απενεργοποίηση λειτουργιών που χρησιμοποιούνται συχνά από χάκερ για να αποκτήσουν τον έλεγχο των Windows και να εγκαταστήσουν κακόβουλο λογισμικό. Οι κανόνες ASR ωστόσο μπορούν και να απενεργοποιήσουν λειτουργικότητα που είναι απαραίτητη για τους χρήστες στον οργανισμό σας, και επομένως θα πρέπει πάντα να ρυθμίζονται σε πρώτη φάση σε λειτουργία αξιολόγησης/ ελέγχου, ώστε να μπορείτε να παρακολουθείτε αν μία διαμόρφωση «αποκλεισμού» μπορεί να επηρεάσει τους χρήστες σας.

Οι κανόνες ASR λειτουργούν στα Windows 10 Pro και σε εκδόσεις Enterprise, από την έκδοση 1709 και μετά. Οι κανόνες μπορούν να διαμορφωθούν χρησιμοποιώντας MEM, η οποία είναι και η προτιμώμενη μέθοδος ή χρησιμοποιώντας τα Intune, PowerShell και Group Policy.

Για να έχετε στη διάθεση σας το σύνολο των δυνατοτήτων, συμπεριλαμβανομένης και της προηγμένης παρακολούθησης και ανάλυσης, θα χρειαστείτε μια άδεια Windows 10 Enterprise E5. Διαφορετικά, θα διαπιστώσετε ότι υπάρχουν περιορισμοί στην παρακολούθηση των ακόλουθων συμβάντων στο Αρχείο Καταγραφής Συμβάντων των Windows (Windows Event Log):

• Audit – Windows Event ID 1122 (έλεγχος)
• Block – Windows Event ID 1121 (αποκλεισμός)
• Settings changed – Windows Event ID 5007 (αλλαγές στις ρυθμίσεις)

Οι ενσωματωμένες προστασίες στα Windows είναι μία αρχή, αλλά δεν είναι αρκετές

Αν και τα χαρακτηριστικά Έλεγχος Λογαριασμού Χρήστη (User Account Control) και Έλεγχος Εφαρμογών (Application Control) όπως και οι κανόνες Μείωσης της Επιφάνειας Επίθεσης (ASR) παρέχουν ορισμένες βασικές βελτιώσεις στην προστασία εφόσον έχει γίνει σωστά η διαμόρφωση/ ρύθμιση τους, δεν επαρκούν για την προστασία των χρηστών και των συσκευών από το ransomware. Η πληρέστερη προστασία απέναντι στο ransomware και στο κακόβουλο λογισμικό απαιτεί από τους οργανισμούς να τηρούν τις βέλτιστες πρακτικές, όπως να επιβάλλουν την αρχή του ελάχιστου προνομίου και τη χρήση λογαριασμών τυπικού χρήστη (απλού χρήστη) αντί λογαριασμών διαχειριστή. Ιδανικά, οι συνδυασμένες προστασίες έναντι του ransomware θα μπορούν επίσης να ενορχηστρωθούν μέσα από μία μόλις «οθόνη» (κονσόλα διαχείρισης).

Η διαχείριση της ασφάλειας των Windows μπορεί να είναι περίπλοκη με τα ενσωματωμένα εργαλεία. Αν και οι ενσωματωμένοι έλεγχοι μπορούν να βοηθήσουν, παραμένει απαραίτητο το να διασφαλίσετε ότι οι χρήστες σας δεν συνδέονται σε τερματικές συσκευές με διαπιστευτήρια διαχειριστή τομέα και οι χρήστες δεν διαθέτουν δικαιώματα διαχειριστή στις συσκευές τους. Όταν ένας επιτιθέμενος αποκτήσει προνόμια διαχειριστή, οι περισσότεροι έλεγχοι ασφαλείας των Windows μπορούν να παραμεριστούν.

Για ολοκληρωμένη προστασία ενάντια στο ransomware αναζητήστε μία λύση Διαχείρισης Προνομίων Τερματικών Συσκευών (Endpoint Privilege Management) που περιλαμβάνει τόσο έλεγχο εφαρμογών όσο και δυνατότητες διαχείρισης προνομίου. Η διαχείριση της ασφάλειας επίσης από μία κεντρική κονσόλα, που παρέχει την πλήρη εικόνα της υποδομής σας, δίνει τη δυνατότητα στο τμήμα πληροφορικής σας να σταματήσει το ransomware προτού εισέλθει στο δίκτυο σας ενώ παράλληλα βοηθάει στο να περιορίσετε οποιαδήποτε παραβίαση αναχαιτίζοντας την πλευρική κίνηση (lateral movement).

Πηγή: BeyondTrust

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-150912″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fhow-well-do-windows-10-security-features-protect-against-ransomware||target:%20_blank|”]Find out what are the 3 Windows Security Protections against Ransomware[/vc_button][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fresources%2Fwhitepapers%2Fmalware-threat-report-2021||target:%20_blank|”]Download the 2021 Malware & Ransomware Threat Report[/vc_button][vc_empty_space empty_h=”3″][vc_column_text]Source: BeyondTrust[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column width=”1/1″][vc_single_image media=”101430″ media_width_percent=”100″ alignment=”center”][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XG%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XG%20Architect%20Training%20on%20November%2030th%2C%202021|||” icon=”fa fa-hand-o-right”]Book Your Certification Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-lxmt” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ shape_dividers=””][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_font=”font-377884″ text_size=”h1″ text_weight=”900″ text_color=”color-210407″]

Sophos XG Architect Training 

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Tuesday 30 November 2021 – Thursday 2 December 2021
(3 days Training)

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Requirement 

• XG Firewall _ Certified Engineer course and delta modules up to version 18.5

Recommended Knowledge

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 30 November 2021

 9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs    
  

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewall can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 1 December 2021 

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 2 December  2021

 9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch 

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][vc_empty_space empty_h=”2″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XG%20Architect%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XG%20Architect%20Training%20on%20November%2030th%2C%202021|||” icon=”fa fa-envelope3″]Book Your Certification Today![/vc_button][vc_button button_color=”color-283957″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-377884″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”|||” icon=”fa fa-volume-control-phone”]Call us now for more +30 211 8000 330[/vc_button][vc_empty_space][vc_single_image media=”101430″ media_width_percent=”100″ alignment=”center”][/vc_column][/vc_row]

Malware and ransomware infection rates are increasing, this year alone, malware increased by 358% overall, and ransomware increased by 435% as compared to 2019. To see their partners are fully secure, MSPs are looking towards user laptops and desktops. It is important that MSPs have visibility of user devices and often turn to an RMM solution, especially as the workforce becomes further separated from the corporate network.

Multi-level defense is about adding layers of security to endpoints to ensure they are operating most securely. A typical security stack would look like this:

• Web filtering
• Email filtering
• Antivirus
• Software firewalls
• Operating System patching
• 3rd party software patching
• Ransomware detection
• Encrypted storage
• Standard user account permissions

Datto RMM can be used to monitor and enforce security policies, patch not only the Operating System but also 3rd party applications, ensure antivirus is installed, up to date, and actively scanning and add a second “pair of eyes” using the built-in Datto RMM Ransomware Detection to detect and stop ransomware infections.

MSP’s can use Datto RMM to automatically and silently deploy security tools like Antivirus or web filtering agents such as Cisco Umbrella to endpoints as they are added to sites in RMM to ensure there are no unprotected devices in the environment. Partners often use components to randomize local admin passwords, disable guest accounts and automatically review and limit how many accounts have local admin rights on devices

Dashboards in Datto RMM can be used to see a quick overall view of the security state of the managed devices and is the MSP’s window into the current security status of devices under management.

RMM’s are very good at alerting MSPs to issues, but the goal should not be just to alert but also to attempt the “first fix” so security issues can be automatically resolved quickly.

Datto RMM can run components in response to alerts. In its simplest form, this could be to run a full AV scan if the installed AV cannot automatically quarantine malware right through to automatically isolating machines from the local network if ransomware is detected.

Automated responses are where MSPs can start enforcing security policies, take care of security-related issues, and installing patches to operating systems and 3rd party applications.

The key is not to rely on a single point of defense. Antivirus installed on workstations should not be the only level of protection; it is part of a multi-level security stance.

Source: Datto

Take advantage of MailStore’s exclusive “15-for-the-price-of-12” anniversary Promotion and become part of the success story.

Exclusively for the 15th anniversary of the email archiving specialist MailStore, you will receive 3 months’ free support in addition to the selected term of your Update & Support Service when you purchase a new MailStore Server license.

Become one of over 80,000 MailStore customers across the globe. Reap the benefits already enjoyed by thousands of MailStore customers and pen your own success story.

15-for-the-price-of-12 Promotion – Terms & Conditions

• Orders must be placed using the promotion code “15 years MailStore”.
• This promotion is valid only when purchasing new MailStore Server licenses with 1, 2 or 3 years of Update & Support Service.
• All eligible orders under this promotion will qualify for 3 extra months of update and support service, i.e.,
• 15 months for the price of 12 months for a 1-year license, 27 months for the price of 24 months with a 2-year license, and 39 months for the price of 36 months with a 3-year license.
• This promotion is valid from 15 October 2021 to 15 November 2021.
• Only registered MailStore channel partners are eligible to participate in this promotion.
• These terms and conditions form a binding legal contract between MailStore Channel Partners and MailStore Software GmbH. By entering the discount code, you agree to be legally bound by the T&Cs.
• MailStore reserves the right to amend, modify, suspend, cancel, or terminate this promotion at any time with immediate effect, and to provide notice of such change via the same or similar means as were used to announce the promotion.
• This offer cannot be sold, transferred, or combined with any other offer or promotion, and is rendered void if altered or reproduced; it has no cash value.
• Each party is liable to the other party in accordance with the applicable statutory provisions in the case of wilful intent, deception and gross negligence, personal injury, or claims asserted under the German Product Liability Act.
• The liability of each party in the case of negligence or breach of a material contractual duty (core duty – “Kardinalpflicht”) is limited to the amount of the foreseeable damage typical under the agreement. A core duty within the meaning of this provision includes the main contractual performance obligations and obligations the fulfillment of which is essential for the due and proper implementation of the contract.

If any provision of these general terms or any specific terms are held to be illegal, invalid, void or otherwise unenforceable, it shall be severed from the remaining provisions which shall continue in full force and effect.

These terms and conditions are governed by the laws of Germany. The mutually agreed place of jurisdiction for all legal disputes is Düsseldorf, Germany.