At Sophos, your security is our top priority. We have invested in making Sophos Firewall the most secure firewall on the market – and we continuously work to make it the most difficult target for hackers.

To enhance your security posture, we strongly encourage you to regularly review and implement these best practices across all your network infrastructure, whether from Sophos or any other vendor.

Read on for full instructions or download the Sophos Firewall hardening best practices.

Keep firmware up to date

Every Sophos Firewall OS update includes important security enhancements – including our latest release, Sophos Firewall v21.

Ensure you keep your firmware up to date under Backup & Firmware > Firmware. Check at least once a month for firmware updates in Sophos Central or the on-box console. You can easily schedule updates in Sophos Central to be applied during a period of minimal disruption.

Online guides:

• Firmware

Limit device service access

It’s critically important that you disable non-essential services on the WAN interface. In particular, HTTPS and SSH admin services.

To manage your firewall remotely, Sophos Central offers a much more secure solution than enabling WAN admin access. Alternatively, use ZTNA for remote management of your network devices.

Check your local services access control under Administration > Device Access and ensure no items are checked for the WAN Zone unless absolutely necessary:

Online guides:

• Access Control
• Sophos Central Management

Use strong passwords, multi-factor authentication, and role-based access

Enable multi-factor authentication or one-time password (OTP) and enforce strong passwords, which will protect your firewall from unauthorized access – either from stolen credentials or brute force hacking attempts.

Ensure your sign-in security settings are set to block repeated unsuccessful attempts and enforce strong passwords and CAPTCHA. Also use role-based access controls to limit exposure.

Online guides:

• Multi-factor Authentication (MFA).
• Admin and Sign-in Security Settings
• Device Role-Based Access

Minimize access to internal systems

Any device exposed to the WAN via a NAT rule is a potential risk. Ideally, no device should be exposed to the internet via NAT or inbound connections, including IoT devices.

Audit and review all your NAT and firewall rules regularly to ensure there are no WAN to LAN or remote access enabled. Use ZTNA (or even VPN) for remote administration and access to internal systems – DO NOT expose these systems, especially Remote Desktop access to the Internet.

For IoT devices, shut down any devices that do not offer a cloud proxy service and require direct access via NAT – these devices are ideal targets for attackers.

Online guides:

• NAT Rules

Enable appropriate protection

Protect your network from exploits by applying TLS and IPS inspection to incoming untrusted traffic via relevant firewall rules. Tune your TLS and IPS inspection and take advantage of trusted application FastPath offloading to get the best protection and performance for your particular environment. Ensure you don’t have any broad firewall rules that allow ANY to ANY connections.

Also protect your network from both DoS and DDoS attacks by setting and enabling protection under Intrusion Prevention > DoS & spoof protection. Enable spoof prevention and apply flags for all DoS attack types.

Block traffic from regions you don’t do business with by setting up a firewall rule to block traffic originating from unwanted countries or regions.

Ensure Sophos X-Ops threat feeds are enabled to log and drop under Active Threat Protection.

Online guides:

• IPS and DoS
• Offloading Applications
• Country Blocking
• Sophos X-Ops Threat Feeds

Enable alerts and notifications

Sophos Firewall can be configured to alert administrators of system-generated events. Administrators should review the list of events and check that system and security events are monitored to ensure that issues and events can be acted upon promptly.

Notifications are sent via either an email and/or to SNMP traps. To configure Notifications, navigate to Configure > System services and select the Notifications list tab.

Online guides:

• Notifications

More info

Be sure to check out how Sophos Firewall is Secure By Design and consult the extensive online documentation and how-to videos to make the most of your Sophos Firewall.

Source: Sophos

After a very successful early access program with hundreds of participants, we are extremely pleased to announce the availability of Sophos Firewall OS v21.

Sophos Firewall v21 bolsters protection and performance, scalability and resiliency, and streamlines management with several quality-of-life enhancements.  It’s a free upgrade for all Sophos Firewall customers and makes upgrading to our new 2^nd Gen XGS Series Desktop models easy.

Watch the brief video below for an overview of what’s new, download the What’s New Guide, or read on for the full details.

Active Threat Response with third-party threat feeds

• Active Threat Response has been extended with support for third-party threat feeds to enable easier integration with third-party SoC providers, MSPs, and various vertical or regional focused threat intelligence sources
• Synchronized Security’s automated response to active threats is also extended to third-party threat feeds to isolate compromised devices and prevent lateral movement

Enhanced scalability

• High-availability (HA) deployments gain added resilience and more seamless transitions for reduced down time
• IPsec VPN gains improved manageability, configuration, and performance with up to a 3x improvement with the new 2^nd Gen XGS Desktop models
• Authentication and web enhancements also improve performance and scalability

Seamless upgrades

• Any-to-any backup and restore for added flexibility when upgrading to the latest XGS Series appliances
• Port mapping support to make it easy to upgrade to an appliance with a different port configuration
• True zero-touch deployment and configuration from Sophos Central

Streamlined management

• Multiple user-experience enhancements, including the overall look and feel, Control Center cards, as well as VPN and static route configuration optimization
• Let’s Encrypt certificate support across many areas of the firewall
• Expanded network object visibility to see where objects are being used

How to get v21

As with every firewall release, Sophos Firewall v21 is a free upgrade for licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible. This release not only contains great features and performance enhancements, but also important security fixes.

This firmware release will follow our standard update process.

Please note that Sophos Firewall firmware updates are now downloaded from Sophos Central. Get the full details here or follow the quick guide below to get the latest v21 firmware for your firewall:

1.Log in to your Sophos Central account and select “Licensing” from the drop-down menu under your account name in the top right of the Sophos Central console.

2.Select Firewall Licenses on the top left of this screen.

3.Expand the firewall device you’re interested in updating by clicking the “>” to show the licenses and firmware updates available for that device.

4.Click the firmware release you want to download (note there is currently an issue with downloads working in Safari, so please use a different browser such as Chrome).

5.You can also click “Other downloads” in the same box above to access initial installers and software platform firmware updates.

The new v21 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall v21 is a fully supported upgrade from any supported Sophos Firewall firmware version.

NOTE: Sophos Firewall v21 is NOT supported on XG Series devices, which are fast approaching end-of-life. Upgrading your XG Series firewall to XGS is easy – don’t delay, upgrade today!

Source: Sophos

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: European Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc # EUR151172124, September 2024).

The IDC MarketScape study evaluates the capabilities and business strategies of managed detection and response service vendors with a market presence in Europe, and positions Sophos in the Leaders Category.

This latest recognition follows Sophos being named an MDR Leader in the Worldwide version of this evaluation – IDC MarketScape: Worldwide Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US49006922, April 2024).

With decades of experience and knowledge as a security technology vendor, Sophos has considerable expertise when it comes to how cyberattacks impact and unfold across enterprise infrastructure. Since the launch of its MDR ambitions with a series of acquisitions in 2019, the vendor has also put considerable emphasis on building teams of highly experienced and skilled security analysts to deliver its human-led service. The company’s unmetered and unlimited incident response offering is a compelling component of this. Where organizations are seeking an MDR provider with deep security expertise and a human-led service that engages with them from the outset until an incident has been resolved, Sophos represents a compelling option.

– IDC MarketScape: European Managed Detection and Response 2024 Vendor Assessment

Read the excerpt

A European MDR market leader

Sophos has built one of the biggest global managed detection and response (MDR) businesses in the world, and we believe it protects more customers than any other MDR service. This latest IDC MarketScape report noted Sophos “has more than 23,000 MDR customers worldwide, making it one of the biggest players on the market in terms of customer base. In Europe, it counted more than 5,000 unique MDR customers at the end of 2023, with the majority being under-250-employee organizations.”

The IDC MarketScape evaluation also highlights Sophos’ geographic presence in supporting European data residency requirements:

Regarding data residency, Sophos processes telemetry in the region in which the customer account is provisioned. For Europe, Sophos is hosted in the UK & Ireland, and Germany AWS regions.

Sophos MDR has highly skilled threat analysts based in the UK, Ireland, and Germany, in addition to dedicated teams in North America, India, and Australia. This enables us to provide 24/7/365 coverage to our European customers.

Unlimited incident response is a significant differentiator

The IDC MarketScape notes that a key differentiator for any MDR service is its incident response capabilities, and we agree. The two MDR service tiers available from Sophos – MDR Complete and MDR Essentials – are designed to align with the customer maturity journey. Sophos MDR Complete includes a unique, unmetered, full-scale incident response offering that eliminates threats.

Customers subscribing to the entry-level Sophos MDR Essentials service tier also benefit from a flexible range of incident response options, as described in the IDC MarketScape report:

MDR Essentials customers get a Threat Response service, which commits to stopping and containing all active attacks. MDR Essentials customers may also choose to purchase an IR retainer for the extra coverage on top of the core service components they receive. This means that customers that start out with MDR Essentials but decide they want or need more have two options: add the IR retainer or upgrade to the full MDR Complete service (with all the additional components that brings).

Both service tiers include 24/7 expert-led investigation and response and threat hunting.

Extensive partnerships, alliances, and integrations

The IDC MarketScape calls out Sophos’ strategic partnership with Tenable for Sophos Managed Risk, our new vulnerability and attack surface management service, and our partnership with backup provider Veeam, citing the benefits of our substantial partner and customer overlap.

The report noted,

In April 2024, Sophos announced a strategic partnership with Tenable to launch Sophos Managed Risk, a vulnerability and attack surface management service. With a dedicated Sophos team leveraging Tenable’s exposure management technology the companies aim to drive collaborative operation between MDR and vulnerability management. With extensive reporting and prioritization around vulnerabilities, this should help sort signal from noise and address use cases such as risk mitigation through attack surface visibility, patch prioritization, and rapid identification of new risks through alerts around new critical vulnerabilities.

The IDC MarketScape report states that Sophos has “worked on numerous use cases around Microsoft telemetry, such as email compromise, as it aims to deliver concrete security benefits to its clients.”

Reinforcing our credentials in the small business segment where many organizations use Google productivity solutions rather than Microsoft, Sophos also includes an integration with Google Workspace with Sophos MDR and Sophos XDR offerings at no additional cost.

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for European Managed Detection and Response, read the excerpt here.

Source: Sophos

Sophos Firewall v21 brings exciting new enhancements to VPN, authentication, and routing functionality.

VPN enhancements

• Bulk activate and deactivate options are now available for connections (see screen shot below)
• Enhanced filtering on the VPN manage page now consolidates information across multiple pages
• Free text- and value-based search is now supported in VPN configurations for network, subnet, users for remote access and site-to-site VPNs
• An XFRM interfaces-specific view has been added on the Interfaces page for easy filtering of RBVPN interfaces

Site to site VPN enhancements

• FQDN-based remote gateways have been optimized to improve scalability for distributed deployments
• DHCP relays over XFRM interfaces are now supported for traffic to DHCP servers deployed behind a remote firewall (see illustration below)
• RBVPN deployments get an increase of up to 20x in XFRM interface up-time, significantly minimizing disruption during tunnel flap, HA failovers, or reboots

Authentication enhancements

• Google Workspace integration via LDAP clients and Google Chromebook SSO compatibility with LDAP server types enables SSO functionality for Google LDAP for Chromebook environments
• Performance for burst login handling is improved up to 4x for Radius SSO, STAS, and Synchronized User ID to enable the handling of thousands of simultaneous login requests even in multiple SSO environments (mix of STAS, Radius SSO, and Synchronized User ID)
• In addition, support has been added for a transparent AD SSO experience when HSTS is enforced, enabling Kerberos and NTLM handshakes over HTTP or HTTPS

Static and dynamic route management

• Users can clone static routes, turn them on or off, and add descriptions via the new Manage option for each static route in the table (see screen shot below)
• There’s now a blackhole route option and support for equal-cost multi-path (ECMP) for load balancing
• Dynamic routing gets a new option to redistribute BGP routes into OSPFv3
• Dynamic routing now experiences zero impact during HA failover scenarios

Watch this short demo video to see how it works and how to set it up:

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Source: Sophos

Sophos Firewall v21 brings several quality-of-life enhancements to streamline day-to-day management and improve the overall user experience.

User interface enhancements

• Significantly enhanced responsiveness
• Refreshed look and feel, integrating the latest Sophos style guidelines for consistency with Sophos Central and your other Sophos products
• Improved horizontal layout to better take advantage of widescreen displays
• New card views to further enhance visibility into important network events and data with the same flip and drill-down capabilities as before
• An all-new Active Threat Response card consolidates threat information from MDR, Sophos X-Ops, and third-party threat feeds into a single, easy-to-view section

Network object references

• New visibility into network object usage is now provided for interfaces, zones, gateways, and SD-WAN profiles. Simply click the new “usage” indicator on any of these screens for a quick view of the associated network objects. You can then drill down to view or edit the object details and settings in place.
• A new XML API is also provided to retrieve object reference (usage) counts, offering visibility into unused objects. See the video below for details and a demo.

Watch this short demo video to see the new quality of life enhancements in action:

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Get the What’s New Guide for a complete overview of all the new features in Sophos Firewall v21.

Source: Sophos

Sophos Firewall v21 adds third-party threat feed support for Active Threat Response.

Active Threat Response was first introduced in v20, implementing a new extensible threat feed framework in Sophos Firewall to automatically respond to active threats. Initial support was provided for dynamic threat intelligence feeds from Sophos X-Ops and Sophos MDR, enabling the firewall to automatically respond by blocking access to any threat published through this framework.

While this is all most customers will ever need, there are certain regions or vertical markets where specific custom threat feeds are encouraged or required. There has also been an interest by our partner community, SoC providers, and many customers for an extensible threat feed capability to support existing or new threat detection and response solutions and services.

To enable these use cases, Sophos Firewall v21 extends the threat feed framework to support third-party threat feeds. Now, you can easily add additional vertical or custom threat feeds to the firewall, which will monitor and respond in the same automatic way – blocking any activity associated with them – across all security engines (IPS, DNS, Web and AV) and without requiring any additional firewall rules.

Third-party threat feeds and Active Threat Response also trigger the same Synchronized Security response as any other red Security Heartbeat condition. Your Sophos Firewall will enforce any firewall rules that contain red Heartbeat conditions and the firewall will also coordinate Lateral Movement Protection with your Sophos Endpoints, which will inform all healthy managed endpoints that there is a compromised host on the LAN so they can block traffic from that device.

Check out the short video below a full demonstration on:

• How to set up third-party threat feeds
• How Active Threat Response and lateral movement protection work
• How to use the new dashboarding and reporting

For more information, consult the online documentation.

A variety of specialized and vertical threat feeds are supported, including those provided by security organizations, industry consortiums, and community-based or open-source threat intelligence sources. A good example is Greynoise, who is featuring the Sophos Firewall integration on their website.

Other great examples include:

• Cisco Talos
• Abuse.ch / URLhaus
• Hakk Solutions
• OSINT (Open-source Intelligence) / DigitalSide
• CINS Score
• CrowdSec
• EclicticIQ
• Feodo Tracker
• And more!

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the Early Access Program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Source: Sophos

We’re pleased to announce that the early access program (EAP) is now underway. The latest and greatest Sophos Firewall release brings exciting enhancements and top-requested features, including…

Added protection

• Active Threat Response has been extended with support for third-party threat feeds to enable easier integration with specialized and custom threat intelligence sources
• Synchronized Security’s automated response to active threats is also extended to third-party threat feeds

Enhanced scalability

• High-availability (HA) deployments gain added resilience and more seamless transitions for reduced down time
• IPsec VPN gains improved manageability, configuration, and performance
• Authentication and web enhancements

Seamless upgrades

• Any-to-any backup and restore for added flexibility when upgrading
• Port mapping support to make it easy to upgrade to an appliance with a different port configuration

Streamlined management

• Multiple user-experience enhancements, including the overall look and feel, Control Center cards, as well as VPN and static route configuration optimization
• Let’s Encrypt certificate support across many areas of the firewall
• Expanded network object visibility to see where objects are being used

And more!

Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v21.

Getting started today

You can download the upgrade package or installer for v21 from the Sophos Firewall v21 EAP Registration Page. Simply submit your contact info and the download links will be emailed to you straight away.

Sophos Firewall v21 EAP is a fully supported upgrade from all supported versions of v20, v19.5 and v19.0; including the latest v20 MR2.

NOTE: Sophos Firewall v21 does NOT include support for XG and SG Series appliances. XG Series EOL is March 31, 2025.

All support during the EAP will be through our forums on the Sophos Firewall EAP Community.

Please provide feedback using the option at the top of every screen in your Sophos Firewall as shown below or via the Community Forums.

Source: Sophos

Sophos ZTNA provides secure access to networked applications, RDP systems, and web management consoles. It provides a much better alternative to remote access than VPN, offering better security, easier management, and complete transparency for end-users.

To see what ZTNA is all about, we’re offering three free one-year licenses to Sophos Firewall customers, enabling you to start taking advantage of the integrated ZTNA gateway built into every firewall as of v19.5 MR3 and later. Feel free to use them however you like – maybe start with your IT admin staff for remote management and go from there.

The only qualifications for this free offer are that you’re a term Sophos Firewall customer, managing one or more of your firewalls in Sophos Central, and are running v19.5 MR3 or v20 (or later) on your Firewall. This offer will be extended to MSP customers soon.

To take advantage of this offer, simply click the button on the banner in the Firewall Management screen in Sophos Central as outlined below.

If you’re new to Sophos ZTNA, you can learn more about how it can help secure your application access at Sophos.com/ZTNA.

Check out the Deployment Checklist for other considerations when deploying ZTNA.

You can also access the latest online documentation, and the troubleshooting guide has been updated in case you encounter any issues during configuration.

Source: Sophos

However skilled an adversary is at covering their tracks, they always need to cross the network. Sophos NDR sits deep within your network, monitoring network traffic using five real-time threat detection engines to identify signs of malicious or suspicious activity.

With Sophos NDR, you can see and stop attackers faster. Leveraging a combination of AI-powered machine learning, advanced analytics, and rule-based matching techniques, it identifies threats that often go undetected until it’s too late, including: 

• Threats on unprotected devices like point-of-sale systems, IoT and OT devices, and legacy operating systems 
• Rogue assets that adversaries exploit to launch attacks 
• Insider threats such as sensitive data uploads to an offsite location 
• Zero-day attacks, and more 

Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response. 

What’s new in v1.7

We continue to enhance Sophos NDR to further accelerate network threat detection and response. The rich graphical interface and forensic investigation tools in the new Investigation Console enable analysts to dive deeper into your network activity and pinpoint issues sooner. Use cases include:  

• Gain comprehensive visibility into all network activity over the past 30 days  
• Analyze application activity, flow risks, and communication on non-standard ports 
• Monitor network activity over time to identify suspicious patterns and behaviors 
• And much more 
  

For maximum flexibility, Sophos NDR deploys as a virtual appliance on VMware or Microsoft Hyper-V, in the cloud on AWS, or on a range of certified hardware appliances. The latest version includes a refreshed certified hardware portfolio, including a new entry-level model. 

To learn more about the latest enhancements, visit the Sophos NDR community forum  

Explore Sophos NDR today

Existing Sophos NDR customers benefit from all the latest enhancements automatically and at no additional charge. To get started, visit the community forum and download the Investigation Console image from Sophos Central. 

Sophos NDR is available with the self-managed Sophos XDR tool and our 24/7 fully-managed Sophos MDR service. All Sophos customers can now activate a 30-day free trial directly within their Sophos Central console. To learn more and explore your security operations needs, speak with your Sophos partner or account team. 

Source: Sophos

As we approach the October 2024 deadline for EU Member States to enact the NIS 2 Directive, organizations that do business in Europe must prepare for the significant changes it brings to cybersecurity compliance.

This article aims to shed light on the NIS 2 Directive, its necessity, key updates from the original NIS Directive, and how businesses can prepare for compliance. For an even deeper dive on the directive, download the Sophos NIS 2 Directive whitepaper.

What is the NIS 2 Directive?

The NIS 2 Directive is an evolution of the original Network and Information Systems (NIS) Directive, implemented to bolster the cybersecurity posture of EU member states. The initial NIS Directive, enacted in 2016, established guidelines for improving cybersecurity resilience across the EU. However, with the increasing sophistication and frequency of cyber-attacks, especially during and after the Covid-19 pandemic, there was a clear need for more stringent and comprehensive regulations.

Cyber threats have escalated to an industrial scale, with ransomware attacks becoming particularly prevalent. In June 2024, a hacking group known as Qilin, with ties to the Kremlin, carried out an attack on Synnovis, which is a pathology lab used by the UK’s National Health Service (NHS). The hackers demanded a £40 million ransom, and when the NHS refused to pay, hackers released the stolen data on the dark web.

Additionally, geopolitical tensions, such as the Russian invasion of Ukraine, have underscored the necessity for robust cybersecurity measures. The NIS 2 Directive aims to address these challenges by enhancing the security and resilience of essential and important entities across the EU.

Implications for non-EU Companies

While primarily aimed at EU Member States, non-EU companies operating within the EU or providing services to EU entities will also be impacted. Many national regulations are currently not as wide-ranging as the NIS 2 Directive; however, it would be prudent to expect further changes to local law as the plans for the EU legislation are developed further.

By proactively addressing the challenges outlined below, non-EU companies can better protect themselves and their customers from evolving cyber threats while avoiding severe penalties for non-compliance.

Key updates from NIS to NIS 2

The NIS 2 Directive introduces several critical updates and expansions from the original NIS Directive:

1. Broader Scope of Covered Entities:
   • Essential and Important Entities: NIS 2 categorizes entities into “essential” and “important” based on their sector and criticality. This expansion includes more sectors, such as wastewater, healthcare supply chains, postal and courier services, aerospace, public administration, and digital infrastructure.
   • Supply Chain and Service Providers: Organizations involved in the supply chain and those providing critical support services are now explicitly covered, emphasizing the importance of securing interconnected networks.
2. Enhanced Cybersecurity Standards:
   • Mandatory Measures: Article 21 of the directive outlines mandatory cybersecurity measures, including basic cyber hygiene, vulnerability management, supply chain security, encryption, asset management, access control, and zero trust security.
   • Incident Handling and Reporting: The directive mandates more rigorous incident reporting requirements, ensuring timely and consistent responses to cyber threats across the EU.
3. Increased Accountability and Penalties:
   • Senior Management Liability: Senior management can be held personally liable for non-compliance, underscoring the importance of executive involvement in cybersecurity governance.
   • Fines and Sanctions: Organizations can face significant fines, up to €10 million or 2% of global turnover, for failing to comply with the directive.

The following 18 sectors are covered by the NIS 2 Directive:

The following table illustrates the increase in sectors covered by the NIS 2 Directive as compared to the first NIS directive:

Impact on cybersecurity compliance

The NIS 2 Directive significantly impacts how organizations approach cybersecurity compliance. Businesses must adopt a proactive stance, integrating comprehensive risk management processes and ensuring adherence to the stringent standards set forth in the directive. The emphasis on mandatory measures and the potential for severe penalties necessitate a thorough review and enhancement of existing cybersecurity practices.

Organizations will need to allocate sufficient resources to meet these requirements. Estimates suggest that businesses already covered by the original NIS Directive may need to increase their cybersecurity budgets by up to 12%, while those newly covered could see budget increases of up to 22%, according to John Noble, former Director of the National Cyber Security Centre speaking on Sophos Spotlight: NIS2 Directive and Understanding Cybersecurity Compliance.

Preparing for NIS 2 compliance

To ensure compliance with the NIS 2 Directive, organizations should take the following steps:

1. Assess Applicability:
   • Determine whether your organization falls under the categories of essential or important entities. This involves evaluating your sector, the criticality of your services, and your operational footprint within the EU.
2. Understand Jurisdiction:
   • Identify which EU member states have jurisdiction over your operations for NIS  2 purposes. This is crucial for understanding specific national requirements and reporting obligations.
3. Implement Cybersecurity Risk Management:
   • Conduct a comprehensive risk analysis to identify potential cybersecurity threats and vulnerabilities.
   • Implement the mandatory measures outlined in Article 21, mapping them against an appropriate security framework such as ISO 27001 or the NIST Cybersecurity Framework.
4. Strengthen Supply Chain Security:
   • Focus on mitigating risks within your supply chain, particularly concerning software and service providers. This includes ensuring that third-party vendors comply with NIS 2 standards.
5. Develop an Incident Response Plan:
   • Formalize an incident response plan that includes clear protocols for reporting cyber incidents to relevant national authorities. Ensure that significant incidents are reported within the 24-hour timeframe specified by the directive.
6. Engage Senior Management:
   • Secure formal high-level management sign-off on your compliance strategy. Senior management involvement is critical for demonstrating a commitment to cybersecurity and ensuring that necessary resources are allocated.

The NIS2 Directive represents a significant step forward in enhancing the cybersecurity resilience of organizations across Europe. By understanding the key updates and taking proactive measures to ensure compliance, businesses can better protect themselves against the growing threat of cyber-attacks.

As the October deadline approaches, it is imperative for senior management and IT security professionals to prioritize NIS 2 compliance, leveraging resources such as the Sophos whitepaper to guide their efforts.

Source: Sophos

The U.S. government recently announced that it is banning the sale of Kaspersky antivirus products due to national security concerns. If you’re in the U.S. and currently use Kaspersky products today, you have a tight deadline to switch to an alternative provider. After September 29, 2024, U.S. organizations will no longer receive updates or support from Kaspersky. Outside the U.S., many Kaspersky users are also re-evaluating their endpoint security provision.

Thankfully, wherever you are based, you can migrate to Sophos Endpoint in minutes.

Stronger endpoint security for small and midsize businesses

Sophos Endpoint is trusted by over 300,000 organizations worldwide, including thousands of small and midsize businesses. With Sophos Endpoint, you benefit from:

• Affordable threat protection | Enterprise-grade cybersecurity that’s cost-effective for businesses of any size.
• Quick and easy setup | Install and go with simple, one-time installation – including automatic removal of Kaspersky antivirus when you run the Sophos Endpoint installer.
• Simple management and reporting | A single cloud-based dashboard for security alerts, reporting, and management. Recommended security settings are enabled automatically when you install Sophos Endpoint; no complex configuration is required.

The ban on Kaspersky products in the U.S. provides an opportunity to uplevel your defenses. IT security teams around the globe are seeking replacement solutions that provide the best protection and usability, and less management burden. Moving to Sophos Endpoint enables you to leverage superior protection with additional capabilities and benefits that other solutions lack, including:

• Adaptive defenses | Industry-first dynamic defenses that automatically adapt in response to hands-on-keyboard attacks, reducing the attack surface and stopping sophisticated adversaries in their tracks. Watch this quick demo.
• Remote ransomware protection | Sophos provides the most robust zero-touch endpoint defense against remote ransomware. Alternative endpoint security solutions, including Microsoft, CrowdStrike, and SentinelOne, cannot protect against this increasingly pervasive threat.
• Automated account health check | Misconfigured policy settings can compromise your security posture. The Account Health Check identifies security posture drift and risky configurations, enabling administrators to remediate issues with one click.

Learn more about the advantages of Sophos compared to other cybersecurity solutions and watch the overview video to learn more.

Top-rated by customers, industry analysts, and independent testers

Don’t take our word for it! Customers have named Sophos a 2024 Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms for the third consecutive year. Sophos stands tall with an impressive customer rating of 4.8/5 (as of April 30, 2024) and the highest number of independent Gartner-verified reviews of any vendor.

Analyst firm IDC evaluates how endpoint security solutions meet customers’ needs and named Sophos a Leader in the 2024 IDC MarketScape for Modern Endpoint Security for Small and Midsized Businesses. According to the IDC MarketScape evaluation, “Sophos is a strong consideration for small businesses, particularly those with large business security requirements that have little to no in-house security expertise.”

See our wide range of third-party endorsements and evaluations.

Time to upgrade to a fully managed security service?

Cybersecurity is becoming so complex that many small and midsize businesses can’t keep up. Replacing Kaspersky antivirus products could be the ideal opportunity to consider taking advantage of a 24/7 managed security service.

Trusted by over 23,000 organizations worldwide, Sophos Managed Detection and Response (MDR) enables you to reduce the risks and costs associated with potentially catastrophic security incidents. Moreover, all Sophos MDR subscriptions include the Sophos Endpoint product within the standard price.

Learn more about Sophos Endpoint on the Sophos website.

Source: Sophos