Organizations using Veeam Backup and Replication can now strengthen their defenses against ransomware with Sophos MDR and Sophos XDR. Read on to learn how Sophos’ new integration with Veeam delivers better visibility to detect and stop threats targeting backup data.

Backup and recovery are integral parts of a holistic cybersecurity strategy. Adversaries attempt to tamper with backup solutions to prevent recovery from ransomware attacks – early detection of this malicious activity is critical.

Sophos’ new integration with Veeam seamlessly exchanges security information when a threat emerges, extending visibility to help detect, investigate, and respond to active attacks.

This powerful new partnership provides peace of mind that backup data is always available and protected, enabling organizations to detect threats, investigate suspicious activity, and ultimately recover data quickly.

With Sophos and Veeam, organizations can ensure the integrity and availability of backups, reducing the risk of data loss due to malware, accidental deletion, internal security threats, and other data loss scenarios.

• The Sophos MDR service provides 24/7 security monitoring, filters out redundant alerts, and investigates threats to Veeam environments, like attempts to delete backup repositories, disable multi-factor authentication, delete encryption passwords, and more.
  
• Organizations using the Sophos XDR solution for in-house investigation and response can also integrate Veeam telemetry to identify potentially malicious activity, combined with threat detections from other sources in a single unified platform and console.

The strongest protection against ransomware attacks

The Sophos XDR solution and the Sophos MDR service include industry-leading CryptoGuard technology that universally detects and stops ransomware before it impacts customers’ systems, including new variants and local and remote encryption.

Sophos’ superior prevention, detection, and response capabilities, combined with immutable backups and versioning provided by Veeam, ensure backup data remains secure and recoverable.

Elevate your defenses with Sophos’ new Veeam integration

The new Veeam integration is now available as an add-on for Sophos MDR and Sophos XDR subscriptions via a new “Backup and Recovery” Integration Pack license.

To learn more and explore how Sophos MDR and Sophos XDR can help your organization better defend against active adversaries, including attacks that target your backup repositories, speak with a Sophos adviser or your Sophos partner.

Already a Sophos MDR or Sophos XDR customer? Activate the Veeam integration in your Sophos Central console today.

Source: Sophos

The IDC MarketScape study evaluates endpoint security vendors’ prevention, EDR, and MDR capabilities and business strategies.

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment.

This IDC MarketScape evaluates vendors based on how their endpoint prevention, EDR, and MDR capabilities meet the needs of organizations with 100 – 2,499 employees.

According to the IDC MarketScape evaluation, “Sophos should be a strong consideration for midsize businesses seeking to reduce their number of core security vendors without sacrificing security efficacy”. Read the excerpt

“With their professional and managed security services, expanded product set, and ability to integrate with existing security investments, it’s clear that Sophos understands the needs and challenges of a midsize business,” said Michael Suby, research vice president, Security & Trust, IDC. “Sophos’s comprehensive approach from prevention through recovery places Sophos on the shortlist of midsize businesses looking for an established and effective partner for security.”

Protection-first approach

We believe our continued focus on preventative security is a key contributor to Sophos’ position as a Leader in this evaluation. It provides a robust foundation for the Sophos XDR solution and the Sophos MDR service. Sophos delivers strong threat protection to significantly reduce the detection and response workload for IT admins and security analysts​.

The IDC MarketScape notes, “Sophos recently added several new capabilities: adaptive attack protection, critical attack warning, and data protection and recovery. Adaptive attack protection, introduced in early 2023, is a demonstration of Sophos’ means to disrupt hands-on-keyboard attackers while minimizing potential disruption to legitimate operations.”

The report also notes, “Sophos includes an expansive set of protection technologies (host-based firewall and IDS/IPS, device control, DLP, and encryption) as standard features in its endpoint security offering.”

Extensive and compatible security platform and ecosystem

The Sophos security platform combines an expansive portfolio of products and managed security services with compatibility with an extensive suite of third-party solutions. Organizations can detect and respond to threats using a single unified platform, leveraging the technology they need from Sophos or connecting their existing cybersecurity technologies.

“For the many midsize businesses and VARs serving midsized business that are struggling with SecOps staffing and maturity, Sophos offers the means to overcome this challenge without forcing a full vendor swap.”

We continue to expand and diversify strategic and technology partnerships to enable organizations to reduce cyber risk further. Recognizing this approach, the IDC MarketScape refers to our expanded partnerships with cyber insurance providers, helping midsize businesses address potential challenges in seeking insurance coverage.

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Midsize Businesses, read the excerpt here.

Additional Sophos customer and analyst validation

Sophos’ recognition as a Leader in this IDC MarketScape comes on the heels of multiple customer endorsements and third-party validations, including: ​

• Sophos named a Leader in the Gartner MQ for EPP for the 14th consecutive report​
• Sophos named a Leader for Endpoint Protection, EDR, XDR, Firewall, and MDR in G2’s Winter 2024 (December 2023) Reports​
• Sophos earning a 100% Total Protection score in SE Labs’ Q4 2023 Enterprise Endpoint Security and Small Business tests​
• Sophos named Gartner Customers’ Choice for EPP for the second consecutive year​
• Sophos named Gartner Customers’ Choice for MDR in Gartner’s first-ever report in the segment​

Source: Sophos

Your data that’s stored with an organization you trusted could become exposed due to a targeted cyber attack or data breach. If your data was part of a public data breach, you need to change any compromised passwords, monitor your accounts for suspicious activity, freeze your credit and notify any relevant parties of the data breach.

Continue reading to learn more about data breaches, how to recover from a data breach and how to prevent future data breaches from happening.

What Is a Data Breach?

A data breach is when sensitive data of a user or organization is accessed, stolen and used by unauthorized users. Cybercriminals can access sensitive data when it is accidentally exposed due to human error or through vulnerabilities in data infrastructure. They can also steal sensitive data by targeting a user or organization with a cyber attack. Data breaches can lead to identity theft in which threat actors steal a victim’s Personally Identifiable Information (PII) and impersonate them to commit fraud.

Data breaches are often the result of data leaks, targeted cyber attacks or malicious insider threats.

• Data leaks: Sensitive data unintentionally exposed from within an organization. Data leaks are often the result of human error and can be the result of accidentally revealing sensitive information to the public, an internal user having unauthorized access to sensitive data or improperly storing sensitive data.
• Targeted cyber attacks: Attacks on computers, networks or systems by cybercriminals in an attempt to steal sensitive information. Cybercriminals exploit a user or organization’s security vulnerabilities such as software bugs or weak cybersecurity practices. They exploit these vulnerabilities to gain unauthorized access and steal sensitive data.
• Malicious insider threat: A cyber threat that happens within an organization. They occur when current or former employees, partners, contractors or vendors intentionally expose or steal sensitive data for malicious purposes.

How To Recover From a Data Breach

If you received a notification that your sensitive data has been exposed in a data breach, you need to act quickly to identify the impact of the data breach and mitigate the impact. The first step is to identify what information of yours was exposed in the data breach. Once you have identified the information that was exposed, you can take the necessary steps to contain the damage and mitigate the effects of the data breach. Here are the steps to recover from a data breach.

Change any compromised passwords

When you have determined what sensitive information was revealed in a data breach, you need to change any compromised passwords for the accounts associated with it. You should create new and unique passwords that are difficult to guess. To easily change compromised passwords, you should use a password manager.

A password manager is a tool that securely stores and manages your personal information, such as your passwords, in a digital encrypted vault. With a password manager, you have access to all of your passwords and can use it to help change them with the built-in password generator.

Monitor accounts for suspicious activity

After you have changed the compromised passwords, you need to monitor your accounts for any suspicious activity to determine if cybercriminals still have access. Look for any suspicious activity such as:

• Fraudulent charges
• Additional debt
• Unknown logged-in devices
• Changes in security settings
• Failed login attempts
• Unfamiliar messages
• Unauthorized applications for loans

Freeze your credit

Cybercriminals can use your sensitive information to apply for loans or open lines of credit under your name, which can hurt your credit and leave you with large amounts of debt. If your sensitive information was exposed in a data breach, you need to individually freeze your credit with each of the three credit bureaus – Experian, TransUnion and Equifax. If you fail to contact all three of the credit bureaus, then a cybercriminal can still apply for a loan under your name.

If you are afraid your leaked information could lead to identity theft, you should apply for a fraud alert. A fraud alert is a free notice that you can add to your credit report that requires you to verify your identity before you’re able to take out a loan under your name. It protects you from identity theft and helps to ensure that only you can take out loans or open lines of credit under your name. To place a fraud alert, you would need to contact one of the credit bureaus.

Notify any relevant parties

Depending on the sensitive information revealed in the data breach, you need to notify any relevant parties of the data breach. For example, if your credit card information is exposed, you should contact the bank to cancel the card and get a new one. Contact your social network if your online accounts were compromised as they can be used for phishing attacks. If your company’s data was exposed, contact your company to inform them, so they can take the proper steps to handle the security breach.

How To Prevent Future Data Breaches

Although you may have taken the right steps to recover from a data breach, cybercriminals may try to retarget you for future cyber attacks to steal your information. You need to take precautionary measures to prevent future data breaches. Here are the ways to prevent future data breaches.

Use strong and unique passwords

You need to use strong and unique passwords to protect your online accounts from cybercriminals. By using unique passwords for each of your accounts, you can prevent cybercriminals from executing credential stuffing attacks and compromising multiple accounts. Strong passwords make it difficult for cybercriminals to guess and crack your passwords.

Strong and unique passwords protect your accounts that hold sensitive information. You should create passwords that are at least 16 characters long. Each password should have a unique and random combination of uppercase and lowercase letters, numbers and special characters. You should avoid including personal information, sequential numbers or letters and commonly used dictionary words when creating passwords.

Enable MFA

Multi-Factor Authentication (MFA) is a security protocol that requires users to provide additional forms of authentication to gain access to their accounts. With MFA enabled, you need to provide your login credentials along with an additional form of identification to access your accounts. MFA provides an extra layer of security by ensuring only authorized users are allowed access to your accounts. Even if your login credentials were compromised, cybercriminals would not be able to access your accounts since they wouldn’t be able to provide the additional authentication.

Keep your software up to date

Cybercriminals will try to exploit security vulnerabilities of outdated software that allow them to bypass security measures and install malware. You should regularly update your software to patch any security flaws and add security features that better protect your device. Keeping your software up to date will help prevent cybercriminals from accessing your data.

Reduce your attack surface

An attack surface refers to all of the possible entry points where cybercriminals can access a system and steal data. A large attack surface makes it harder to manage the various points where a cybercriminal can attack you and gain unauthorized access to your sensitive information. Reducing your attack surface will limit the opportunities a cybercriminal has to attack you. You can reduce your attack surface by deleting inactive accounts, getting rid of unnecessary applications, strengthening login credentials and updating your software.

Stay educated about cyber attacks

Cybercriminals are always finding new ways to attack users and steal their sensitive data. You need to stay educated about new cyber attacks to recognize and avoid them. Take precautionary measures to prevent cyber attacks from successfully impacting you or your organization.

Keeper® Helps Prevent Future Data Breaches

The best way to implement cybersecurity best practices and prevent future data breaches is by using a password manager. With a password manager, you can store and protect your personal information such as your login credentials, Social Security number, passport, IDs and other sensitive data. It will help you strengthen your accounts with access to sensitive data and help you change any compromised passwords if you suffer a data breach.

Keeper Password Manager uses zero-trust and zero-knowledge encryption to protect your personal information. This ensures that only you have access to your digital vault. Sign up for a free trial to protect your sensitive information from data breaches.

Source: Keeper

A password breach is when a cybercriminal has your password and is able to use it to get into your account. Password breaches can occur due to social engineering and insider threats, but most often, weak password habits are the culprit.

Keep reading to learn more about how passwords get breached, what can happen if your passwords are breached and how to prevent password breaches from happening.

How Do Passwords Get Breached?

Passwords are the keys meant to safeguard your online accounts and the data they contain.  They should never be accessed by someone who is unauthorized to do so. Cybercriminals take advantage of individuals who reuse passwords, use weak passwords, click on phishing scams and insecurely store their passwords in order to launch their attacks.

Reusing passwords

One way passwords get breached is through password reuse. Password reuse is extremely common. In fact, 52% of people use the same password for multiple accounts because it’s easier for them to remember one password or several versions of the same password, instead of strong and unique passwords for each separate account. However, this poses a serious risk, because if a cybercriminal gets hold of that one password, they are able to access all of the accounts that you use it for. If a company that you have an account with were to be breached and your password is exposed, cybercriminals can then launch credential stuffing attacks to see if they can access multiple accounts with the same password.

Using weak passwords

Passwords also get breached because they are weak. Any password that is easy to guess or uses a small number of characters that password-cracking software can easily crack is likely to be compromised by cybercriminals. Weak passwords are those that are too short, repeat letters or numbers and use personal information like the year you were born. Avoiding weak passwords, and creating strong and unique passwords for each account, is simple with the help of an online password generator that will create them for you.

Phishing scams

Phishing scams are emails, text messages or phone calls from cybercriminals portraying themselves to be someone they’re not, like a company or family member, to get you to reveal sensitive information. A cybercriminal uses phishing scams to solicit information they can use to compromise your online accounts.

For example, a cybercriminal might send you a phishing email saying to immediately change your password because your account has been compromised. The email may even urge you to click on a link, but clicking that link could take you to a spoofed website that looks legitimate. If you enter your credentials into the spoofed website, you’re essentially handing them over to the cybercriminal.

Insecurely storing passwords

Anytime you store your passwords insecurely, like in a spreadsheet or the notes feature on your phone, you’re placing your accounts at risk of becoming compromised. Storing login credentials in an unencrypted format means cybercriminals can easily gain access to your accounts and any data stored within them.

Insecure password-sharing methods

Password sharing is meant to give others secure access to your account with your approval. However, insecure password-sharing methods like sharing through text messages and email can be easily intercepted by cybercriminals. Furthermore, if a bad actor has physical access to your device, they can see the password in plain text.

It’s important that when you choose to share your passwords, you do so with full end-to-end encryption to prevent your password from being breached. A secure password manager can facilitate this type of secure credential sharing.

What Happens if My Passwords Get Breached?

If any of your passwords get breached, it can lead to a variety of privacy and financial issues that can have serious impacts on your day-to-day life. Data stolen by a cybercriminal can be used to access other accounts, especially if you reuse passwords or variations of them. Password breaches can also lead to cybercriminals blackmailing you or stealing your identity.

Suppose a cybercriminal were to breach your email password and you did not have multi-factor authentication enabled on the account, they may be able to reset the passwords of your other accounts that use the same email address.

How To Know if Your Password Is Breached

The best way to know if your password has been breached is with a dark web monitoring tool. Keeper Security offers a free dark web scan that allows you to check if your data has been stolen and published on the dark web. The dark web is a hidden part of the internet that allows transactions and information to be shared and sold anonymously. It is notoriously used for unlawful purchases, including the selling and purchasing of stolen personal information.

How To Prevent Your Passwords From Being Breached

You can prevent your password from being breached by using a password manager, enabling Multi-Factor Authentication (MFA) and avoiding public WiFi.

Use a password manager

The best way to prevent your passwords from getting breached is by using a password manager. A password manager is a tool that helps you generate, manage and securely store your passwords. Password managers help you ensure that your passwords are always following password best practices and are never being reused across your accounts.

One way passwords get breached is by using personal information when creating a password. For example, using a pet name or the street you live on in your password makes it easy for cybercriminals to guess and gain access to your account. Of course, remembering passwords that have no significance to you can be hard, but that’s where using a password manager helps. With a password manager, the only password you’ll have to remember is your master password.

Enable MFA

Another essential step in increasing your overall online security is to enable multi-factor authentication whenever possible. MFA requires you to use one or more additional methods of authentication to log in to your accounts. Having MFA enabled keeps your confidential information safeguarded from unauthorized access. Even if your passwords were to become breached, a cybercriminal would still be unable to access your account if MFA was enabled, because they wouldn’t be able to authenticate who they are.

Avoid using public WiFi

Avoiding public WiFi can also help prevent your passwords from being breached. When using public WiFi, your data is vulnerable to being intercepted through a Man-in-the-Middle (MITM) attack. A MITM attack is when data being sent between two individuals is intercepted by a cybercriminal. Avoiding public WiFi will mitigate the risk of a MITM attack happening to you.

Stay Safe From Password Breaches

Remember to always use strong, unique passwords that are not easily guessable. To ensure you’re always using strong passwords, use a password manager like Keeper Password Manager. As the world’s most trusted password manager, Keeper can keep your passwords protected from breaches. The user-friendly interface ensures it’s as simple to use and seamless across all of your devices. Start a free 30-day trial today.

Source: Keeper

Protect your Google Workspace productivity tools with Sophos.

Organizations with distributed workforces are increasingly reliant on cloud-based productivity platforms like Microsoft 365 and Google Workspace for email, file sharing, and collaboration. Read on to learn how Sophos’ new integration with Google Workspace can help defend against advanced attacks against your business-critical productivity tools.

Detect and respond to threats targeting your Google Workspace environments

Google Workspace (formerly known as G Suite) includes some built-in security controls, but investigating, validating, and responding to threats can be challenging for under-resourced security teams.

Security teams need granular visibility across their entire IT environment to defend against active adversaries. The Sophos Extended Detection and Response (XDR) solution and the Sophos Managed Detection and Response (MDR) service leverage a connected tech approach that correlates data from a broad ecosystem of products and technologies, providing full visibility across your applications, tools and security components.

Sophos has launched a new integration that extends this ecosystem by collecting security data and telemetry from the Google Workspace productivity suite, giving Sophos MDR analysts and Sophos XDR users better visibility to detect and stop threats.

The Sophos MDR service provides 24/7 security monitoring, filters out redundant alerts, and investigates threats to your Google Workspace environment, like unauthorized Google Account access and malicious Gmail activity.

Organizations using the Sophos XDR for in-house investigation and response can also integrate Google Workspace telemetry to identify potentially malicious activity including suspicious logins, activity associated with suspended user accounts, and anomalous changes to administrator settings – combined with threat detections from other sources in a single unified view.

Available to Sophos MDR and Sophos XDR customers at no additional charge

Sophos includes a range of turnkey integrations with both Sophos and third-party technologies in Sophos MDR and Sophos XDR subscriptions. Integrations with productivity tools including Microsoft 365, and now Google Workspace, are available to all new and existing Sophos MDR and Sophos XDR customers at no additional charge.

Elevate your defenses with the new Google Workspace integration

To learn more and explore how Sophos MDR and Sophos XDR can help your organization better defend against active adversaries, including attacks that target your productivity tools, speak with a Sophos adviser or your Sophos partner.

Already a Sophos MDR or Sophos XDR customer? Activate the Google Workspace integration in your Sophos Central console today.

Source: Sophos

Microsoft Outlook users have various options at their disposal for archiving emails. The quickest of these is the archive button as it is built into Outlook’s menu bar and can be accessed without having to call the administrator.

Have you ever used the archive button? Have you ever clicked on it by mistake when trying to delete an email? Or have you made a conscious decision to use it? Some do find it useful, but we reckon it can lead you astray. Because you don’t need to be an expert in email archiving to know that the archive button doesn’t come close to meeting the requirements expected of a professional archiving product when it comes to processing emails.

Archiving Emails with the Outlook Archive Button – How It Works

So, what does the archive button do? Essentially, it lets you move an email from your inbox to an archive folder. But since this folder is also in Outlook, all you’re actually doing is changing the storage location for your emails. So, while Microsoft may call this option “archiving”, it doesn’t satisfy the criteria a professional email archiving solution should. By definition, an archive is the final storage place of documents at the end of a chain of prior usages; as such, it must be capable of retaining this material permanently, e.g. via special safeguards. Today, the EU GDPR and other such legal requirements mean that email archiving has become quite a complex matter in everyday corporate practice. At the same time, an archive’s job is to ensure that all its records – in this case, emails – remain available at all times.

The Downside of Using the Outlook Archive Button

If you want to archive your emails professionally or are obliged to do so for legal reasons, using the archive button does entail certain risks.

The archive button is not suitable for

• guarding against data loss, as it does not safeguard emails from manipulation or deletion;
• potentially reducing the volume of data in a mailbox, as the archive folder is located within the Outlook mailbox;
• ensuring that email data remain permanently available, as emails will no longer be accessible if Outlook fails.

The archive button is only suitable for keeping an inbox visually lean. When you use the archive button, you are moving old emails out of your field of vision into an archive folder. You can use Outlook’s search function to find old emails, including those that you have moved to the archive folder.

What Other Mail Archiving Options Does Microsoft Offer?

The primary objective of any professional email archiving solution is to ensure that email data remain retrievable and, thus, permanently available over time. To do this, the archiving solution stores copies of all emails in a central archive, thus guaranteeing the availability and security of data over many years.

So, although Microsoft does provide various applications in its Outlook, Exchange Server and Microsoft 365 products in connection with email “archiving”, they either do not – or only partially – fulfill the objectives of a professional email archiving solution.

• Archiving PST Files / AutoArchive (Outlook)
  Users can move emails to PST files and store them locally on their own computer or in the cloud.

• Archive Mailbox without Exchange Online Archiving
  The archive mailbox is a separate mailbox with its own storage to which emails can be moved. This archive mailbox must be set up by an administrator.

• Archive Mailbox with Exchange Online Archiving
  With Exchange Online Archiving (EOA), users can move their emails to a separate archive mailbox to which administrators can apply their own archiving and retention policies.

Why You Should Use an Independent Email Archiving Solution

At first glance, it may seem beneficial to have email archiving functions and the email client on the same platform. Generally, however, the email archiving options available in Microsoft do not satisfy the requirements of a professional email archive.

PST files or the archive button offer no real protection against data loss when it comes to storing emails in a safe and secure environment. Likewise, the separate archive mailbox possible in M365 (when not using Exchange Online Archiving) does not fully meet the criteria of a professional email archiving solution. Only the archive mailbox that comes with Exchange Online Archiving (EOA) has the functions and features required for professional email archiving, such as retention policies, legal holds and eDiscovery options. But since Exchange Online Archiving is included only in the more expensive Business Premium and Enterprise M365 plans, this is not normally an option for small or medium-sized companies due to their financial constraints.

A professional, independent email archiving solution, on the other hand, offers a wide range of functions at a reasonable price and is, therefore, more suitable for SMEs.

Below are some of the key benefits of an independent email archiving solution.

Independence from Microsoft

Without an external email archive, users will not be able to access their emails if the Microsoft 365 service fails. Using an external email archive will ensure that a vendor lock-in is avoided and that the company’s emails remain accessible even if M365 fails.

Self-Service for the End User

Users not only have a fast and efficient archive search function at their disposal – they can also restore archived mails quickly and simply without having to call on the services of a system administrator.

Protection Against Data Loss and Manipulation

Emails, once in the archive, cannot be deleted or modified by the user. Only an administrator can define how long emails should be retained within the system. Journaling ensures seamless archiving.

Compliance with Privacy Laws

When used appropriately, certified email archiving solutions ensure that emails are processed in line with the pertinent data privacy laws. Especially since the EU’s DSGVO came into force, data privacy has become a key focus of public attention.

Reasonable Total Cost of Ownership (TCO)

An independent email archiving solution offers a wide range of functions at a reasonable price. Small and medium-sized enterprises (SMEs), in particular, can benefit from this and do not have to resort to expensive enterprise solutions.

Takeaways – The Outlook Archive Button Cannot Archive Emails Professionally

The archive button delivers much less than its name suggests. In certain circumstances, it could save time by eliminating the need to manage numerous subfolders in an inbox; but it cannot satisfy the criteria expected of a professional email archiving solution. Our two free white papers explain in detail which email archiving options are available in Microsoft 365 and Microsoft Exchange Server, and which are the most suitable for your needs.

Source: MailStore

We are delighted to announce that Sophos has been named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP), marking our 14th consecutive recognition as a Leader in this category.

A Leader for the fourteenth consecutive time

This year’s report provides readers with a comprehensive evaluation of the industry’s most prevalent endpoint prevention, endpoint detection and response (EDR), extended detection and response (XDR), and managed detection and response (MDR) offerings.​

Sophos has been recognized in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) since its inaugural publication in 2007, and we believe our continued focus on a protection-first approach is a key factor contributing to our continued position as a Leader in this evaluation. While the threat landscape has evolved, Sophos has continued to keep organizations of all sizes ahead of even the most advanced attacks, with customers benefiting from recent industry-first innovations such as Adaptive Attack Protection, which dynamically enables heightened protection in response to the detection of an active adversary on endpoint devices.

Accelerating detection and response with extended third-party compatibility

We have significantly enhanced our XDR and MDR offerings in 2023, including additional integrations with an extensive range of third-party security tools, including identity, network, firewall, email, cloud, productivity, and endpoint security solutions.

Third-party integrations for Sophos XDR and MDR provide greater visibility of threats across all key attack surfaces and enable organizations to get a higher ROI from their existing technology investments. Security detections from Sophos and non-Sophos products are created, ingested, filtered, correlated, and prioritized – providing more value from third-party tools​ than solutions that only use telemetry to enrich existing endpoint detections.

Sophos has also extended MDR service coverage across the full suite of Microsoft security solutions. Over 500 Sophos security experts deliver 24/7 monitoring, investigation, and human-led response for organizations that have invested in the Microsoft security suite.

Gartner® Peer Insights™ Customers’ Choice

Our Gartner Magic Quadrant for EPP recognition follows Sophos being named a Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms for the second consecutive year and Customers’ Choice for MDR in the first-ever report in this segment​. Sophos was also one of only ten vendors recognized in the 2023 Gartner Market Guide for XDR. We believe these Gartner recognitions are a testament to the quality of the protection and service we provide to Sophos customers.

To find out why Sophos was named a Leader in the Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fourteenth consecutive time, read the full report at https://www.sophos.com/en-us/report/magic-quadrant-endpoint-protection-platforms.

Source: Sophos

We’d like to present a new version of our email archiving software today: Version 23.4 of MailStore Server, the MailStore Service Provider Edition (SPE), and MailStore Home is now available. Read this blog article to get all the details on the new features and availability of our email archiving solutions.

New Features in MailStore Version 23.4

MailStore V23.4 has many new features that administrators and users of our email archiving solutions MailStore Server, MailStore SPE and MailStore Home can look forward to. These are the new features in detail:

Archiving of NDRs From an Alternate Journaling Mailbox

This feature facilitates data recovery for customers of MailStore Server and the MailStore Service Provider Edition using Microsoft 365 / Exchange Online in cases where a MailStore Gateway was unavailable and NDRs (Non-Delivery Reports) were sent to a fail-over mailbox (or an alternate journaling mailbox). In cases like these, MailStore was unable to extract the journal report from the NDR until now. By adding another archiving profile, journal reports embedded in NDRs can now be automatically imported to your MailStore archives. This avoids cumbersome resending and thus enhances the usability and overall reliability of your archiving solution. We recommend setting up two separate MailStore Gateways, one for the journaling mailbox and the second one as an alternate mailbox to benefit from this enhancement.

Deleting Flagged Emails

With this new MailStore version it is now possible to remotely delete an email in your email server mailbox, even when a user had flagged it in their mailbox, e.g. in Outlook. In previous versions, MailStore has generally never removed any flagged emails from the email server unless they were marked as “completed”. The logic behind this policy is that flagged emails may require follow-up work by a user. However, practice shows that MailStore admins still want to remove such emails for a variety of reasons. This option is now available in MailStore Server, the MailStore Service Provider Edition and MailStore Home for all M365 and Exchange archiving profiles as well as all IMAP-+ based archiving profiles (generic IMAP; Gmail, Google Workspace, MDaemon, Icewarp, Kerio).

Enhanced Archiving Profiles

This enhancement gives admins more flexibility when defining archiving profiles. While you might typically want to archive all emails or emails older than a certain date, there are cases where you will need to archive just those emails that were created after a certain date. For instance, this is useful if you have 15+ years of email history, but only want to archive emails created over the last 10 years. The new filter option within the archiving profiles is also useful if you want to migrate archives. This feature is now available in MailStore Server, the MailStore Service Provider Edition and MailStore Home.

API Improvements

We have made enhancements to the APIs of MailStore Server and the MailStore Service Provider Edition that help administrators to better monitor a MailStore installation (GetWorkerResultReport) and upgrade all archives stores (UpgradeStores). In addition, MailStore Server administrators can now use the API to replace server certificates (SetServiceCertificate).

Other Improvements

With Simple Authentication and Security Layer (SASL) for IMAP multi-mailbox archiving, you can now select various user id formats. Improved auto-discovery for Microsoft 365 facilitates the archiving of public folders. In addition, there are several security updates and bugfixes.

Finally, we want to advise you that Windows Server 2012 and 2012 R2 have reached end of support at Microsoft and thus cannot be supported by MailStore either. We recommend an upgrade if you are still using such EOL servers. Additionally, support for Exchange Server 2003 has finally been removed.

Updated Certification: Meeting Data Privacy Requirements

As usual, the latest version of our software, Version 23.4 of MailStore Server and the MailStore SPE, has been certified by an independent data privacy expert.

The certification takes into account all relevant aspects of the European General Data Protection Regulation (GDPR) and affirms that, when used appropriately, both MailStore Server and the MailStore SPE meet all the requirements governing the processing of personal data set out in the GDPR.

You can request a copy of the official GDPR audit certificate from sales@mailstore.com.

Registered MailStore partners can download the certificates from our Partner Portal or request it by email from partners@mailstore.com.

Availability

You can download the new version of MailStore Server, the MailStore Service Provider Edition, MailStore Home and MailStore Gateway free of charge from our website.

If your MailStore Server Update & Support Service has expired, please contact us to purchase an upgrade that will allow you to use the latest version of MailStore Server. Read here to find out about other good reasons for having an active Update & Support Service in place.

Interested companies can also download MailStore Server Version 23.4 as part of a free, 30-day trial. If you are an MSP and are interested in offering email archiving as a service based on the MailStore SPE, please contact our sales team at partners@mailstore.com. Alternatively, you can sign up as an authorized MailStore Partner with us right now for free.

Source: MailStore

G2 just released their Winter 2024 Reports, and Sophos is the only cybersecurity provider named a Leader across the G2 Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software ,and Managed Detection and Response (MDR). This latest recognition makes Sophos the only vendor named a Leader in these five key cybersecurity categories through all G2’s 2023 Seasonal Reports. Additionally, G2 users also rated Sophos the #1 overall MDR and Firewall solutions once again.

Independent Sophos Customer Validation

G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer review platform. In G2’s Winter 2024 Reports, Sophos was named an Overall Leader in five categories, as well as a Leader in 14 individual market segment Grids:

• Endpoint Protection Suites: Overall, Mid-Market, and Small Business Grids
• EDR: Overall and Mid-Market Grids
• XDR: Overall and Mid-Market Grids
• Firewall: Overall, Enterprise, Mid-Market, and Small Business Grids
• MDR: Overall, Enterprise, and Mid-Market Grids

We are honored that our customers have recognized our services and products, and we thank them for putting their trust in us.

Delivering Defense in Depth for Today’s Businesses

As adversaries have become more sophisticated and elusive, defenders should implement a defense-in-depth strategy that includes protection, detection, and response at every point along the attack chain to cover their entire environment. This layered approach should be inclusive of endpoint, network, email, and cloud security, as well as threat hunting and remediation services by security experts.

The fact that IT and security professionals recognize Sophos as the Leader across these key categories is validation that Sophos delivers the best and most comprehensive set of products and services required for modern day cybersecurity.

Uniquely, all Sophos customers are protected by Sophos X-Ops, a joint task force that brings together deep expertise across the attack environment from frontline threat hunters and incident responders to deep malware and AI specialists. Together they provide unparalleled insights into how threats are built, delivered, and operate in real time. Armed with this deep understanding, Sophos is able to build innovative, powerful, and effective defenses against even the most advanced threats.

Additional Sophos Customer and Analyst Validation

Alongside our G2 recognition, Sophos solutions are widely recognized by customers and the analyst community, including:

Sophos Endpoint

• Named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 13th consecutive time
• Named a 2023 Gartner® Customers’ Choice™ for Endpoint Protection Platforms with a 4.8/5 customer rating on Gartner Peer Insights

Sophos Extended Detection and Response (XDR)

• Recognized as the #1 overall leader in the Omdia Universe for Comprehensive Extended Detection and Response (XDR)
• Delivered exceptional results in the 2023 MITRE Engenuity ATT&CK Evaluations (Round 5: Turla).

Sophos Firewall

• Named a 2023 Gartner® Customers’ Choice™ for Network Firewalls with a 4.7/5 rating on Gartner Peer Insights
• Recognized as a Strong Performer on the Forrester Wave

Sophos Managed Detection and Response (MDR)

• Named a 2023 Gartner® Customers’ Choice™ for Managed Detection and Response Services with a 4.8/5 rating on Gartner Peer Insights
• Top performer in the 2022 MITRE Engenuity ATT&CK Evaluation for Managed Services

Select Customer Reviews

Sophos MDR is a must. My team is small, and it’s great knowing if we’re all busy putting out IT fires, MDR is ready to take action if my team is unable to respond immediately to suspicious activity. This is much better than relying on alerts that we need to investigate. Of course, we have alerts enabled, but setting the thresholds for the alerts is nearly impossible. The alerts are either not sensitive enough and we’ll miss something important, or the alerts are too sensitive and we receive too many to investigate. Sophos MDR didn’t just solve this problem; it completely removed it. More.

The 24/7 threat-hunting service from Sophos MDR stands out as a feature of utmost importance, providing around-the-clock vigilance and prompt reaction to emerging threats. Its true value lies in the managed remediation process – unlike other solutions that merely notify, Sophos steps in to effectively stop and rectify the issue and then informs us about the incident. This proactive and hands-on approach is what sets Sophos MDR apart and makes it a highly appreciated solution. More.

“…a real threat for hackers !!! [Intercept X] is easy to use and has a lot of the world’s best technologies. CryptoGuard feature is the essential feature. More.

[Intercept X] provides a comprehensive solution with AI and machine learning-based detections and prevention. More.

Overall, Sophos Firewall is a robust security solution that offers advanced threat protection, easy management, and granular control over your network traffic. Its features help you secure your network, improve network performance, and prevent cyberattacks, making it an ideal choice for businesses of all sizes. More

Sophos Security Portfolio

Sophos’ portfolio of managed security services and solutions – including Sophos MDR, Sophos Intercept X, Sophos XDR, and Sophos Firewall – are part of the Sophos Adaptive Cybersecurity Ecosystem where they share real-time threat intelligence for faster and more contextual and synchronized protection, detection and response. They’re powered by Sophos X-Ops threat intelligence, a cross-operational task force of more than 500 security experts within SophosLabs, Sophos SecOps and SophosAI.

Solutions are easily managed in the cloud-native Sophos Central platform, where users can oversee installations, respond to alerts and track licenses and upcoming renewal dates via a single, intuitive interface. Organizations can also leverage Sophos MDR as a comprehensive threat hunting and remediation service. Free trials are available at Sophos.com. Any organizations under active attack and needing urgent support, should contact the Sophos Incident Response team. For timely information about threat intelligence and attacker behaviors, follow Sophos X-Ops’ latest research.

Source: Sophos

Fortra’s Terranova Security’s chief information security officer explains the dangers associated with the advancement of AI and how businesses can better prepare against attacks.

The rise of artificial intelligence is being accompanied by a rise in consciousness of the risks to cybersecurity. 

“Hackers are utilising AI to develop more advanced attacks and evade detection from security tools,” says Theo Zafirakos, chief information security officer at Fortra’s Terranova Security. “Businesses need to be aware of the various ways that hackers may manipulate them, from malware designed to bypass detection to more sophisticated and targeted phishing attacks.”

For instance, scammers are now exploiting AI technology to impersonate people by creating voices that convincingly portray victims’ coworkers. This phishing technique can deceive employees into providing sensitive information.

AI can also be used to gather sensitive data. “Every industry is grappling with an enormous amount of data,” says Zafirakos. “Attackers are employing AI to analyse and collect data more quickly. Healthcare providers, manufacturers and financial services organisations handle large amounts of data to drive innovation and inform decision-making. Bad actors will target that sensitive data to either disrupt operations or gather further information.”

There are steps that organisations can take to protect themselves. One of the most important is cybersecurity awareness training, which can enhance an enterprise’s ability to identify and mitigate AI-related security threats.

“As with any other cybersecurity concern, knowledge and proper employee education are the best defence,” says Zafirakos. And AI can be put to good use here. “Chatbots can be employed to educate users on how to protect their devices and personal information. Similarly, machine learning on employee awareness levels can be utilised by team leaders to identify gaps in employee knowledge of security awareness.”

Furthermore, employees can learn to detect AI-enabled or AI-generated attacks and avoid falling victim. They can also learn about the acceptable use of AI tools for business operations in the process, such as enhancing productivity. For example, they can learn to fact-check emails through phishing awareness training and avoid opening unsolicited software that could be AI-generated malware.

“Detection and prevention technologies, such as intrusion protection systems and intrusion detection systems, and user-behaviour analysis can monitor and alert users to any suspicious activity on their networks or devices in real time,” explains Zafirakos. “AI can also be used to automate threat responses to swiftly mitigate damage and prevent its spread to other infrastructure components. This will significantly reduce the costs associated with data protection, awareness training and data-breach responses.”

As AI continues to evolve, organisations must take proactive measures to stay ahead of emerging threats and vulnerabilities.

“Understanding how AI can disrupt or improve an organisation is essential for successful operations,” says Zafirakos. “I urge business leaders to establish an internal acceptable use policy for AI tools so that employees can enhance their workloads, and to incorporate content related to AI risks and threats within their security awareness programmes so that everyone is equipped to protect against AI-related attacks.”

Source: Fortra and Technology Record

Generative artificial intelligence technologies such as OpenAI’s ChatGPT and DALL-E have created a great deal of disruption across much of our digital lives. Creating credible text, images and even audio, these AI tools can be used for both good and ill. That includes their application in the cybersecurity space.

While Sophos AI has been working on ways to integrate generative AI into cybersecurity tools—work that is now being integrated into how we defend customers’ networks—we’ve also seen adversaries experimenting with generative AI. As we’ve discussed in several recent posts, generative AI has been used by scammers as an assistant to overcome language barriers between scammers and their targets generating responses to text messages as an assistant to overcome language barriers between scammers and their targets, generating responses to text messages in conversations on WhatsApp and other platforms. We have also seen the use of generative AI to create fake “selfie” images sent in these conversations, and there has been some use reported of generative AI voice synthesis in phone scams.

When pulled together, these types of tools can be used by scammers and other cybercriminals at a larger scale. To be able to better defend against this weaponization of generative AI, the Sophos AI team conducted an experiment to see what was in the realm of the possible.

As we presented at DEF CON’s AI Village earlier this year (and at CAMLIS in October and BSides Sydney in November), our experiment delved into the potential misuse of advanced generative AI technologies to orchestrate large-scale scam campaigns. These campaigns fuse multiple types of generative AI, tricking unsuspecting victims into giving up sensitive information. And while we found that there was still a learning curve to be mastered by would-be scammers, the hurdles were not as high as one would hope.

Using Generative AI to Construct Scam Websites

In our increasingly digital society, scamming has been a constant problem. Traditionally, executing fraud with a fake web store required a high level of expertise, often involving sophisticated coding and an in-depth understanding of human psychology. However, the advent of Large Language Models (LLMs) has significantly lowered the barriers to entry.

LLMs can provide a wealth of knowledge with simple prompts, making it possible for anyone with minimal coding experience to write code. With the help of interactive prompt engineering, one can generate a simple scam website and fake images. However, integrating these individual components into a fully functional scam site is not a straightforward task.

Our first attempt involved leveraging large language models to produce scam content from scratch. The process included generating simple frontends, populating them with text content, and optimizing keywords for images. These elements were then integrated to create a functional, seemingly legitimate website. However, the integration of the individually generated pieces without human intervention remains a significant challenge.

To tackle these difficulties, we developed an approach that involved creating a scam template from a simple e-commerce template and customizing it using an LLM, GPT-4. We then scaled up the customization process using an orchestration AI tool, Auto-GPT.

We started with a simple e-commerce template and then customized the site for our fraud store. This involved creating sections for the store, owner, and products using prompting engineering. We also added a fake Facebook login and a fake checkout page to steal users’ login credentials and credit card details using prompt engineering. The outcome was a top-tier scam site that was considerably simpler to construct using this method compared to creating it entirely from scratch.

Scaling up scamming necessitates automation. ChatGPT, a chatbot style of AI interaction, has transformed how humans interact with AI technologies. Auto-GPT is an advanced development of this concept, designed to automate high-level objectives by delegating tasks to smaller, task-specific agents.

We employed Auto-GPT to orchestrate our scam campaign, implementing the following five agents responsible for various components. By delegating coding tasks to a LLM, image generation to a stable diffusion model, and audio generation to a WaveNet model, the end-to-end task can be fully automated by Auto-GPT.

• Data agent: generating data files for the store, owner, and products using GPT-4.
• Image agent: generating images using a stable diffusion model.
• Audio agent: generating owner audio files using Google’s WaveNet.
• UI agent: generating code using GPT-4.
• Advertisement agent: generating posts using GPT-4.

The following figure shows the goal for the Image agent and its generated commands and images. By setting straightforward high-level goals, Auto-GPT successfully generated the convincing images of store, owner, and products.

Taking AI scams to the next level

The fusion of AI technologies takes scamming to a new level. Our approach generates entire fraud campaigns that combine code, text, images, and audio to build hundreds of unique websites and their corresponding social media advertisements. The result is a potent mix of techniques that reinforce each other’s messages, making it harder for individuals to identify and avoid these scams.

Conclusion

The emergence of scams generated by AI may have profound consequences.  By lowering the barriers to entry for creating credible fraudulent websites and other content, a much larger number of potential actors could launch successful scam campaigns of larger scale and complexity.Moreover, the complexity of these scams makes them harder to detect. The automation and use of various generative AI techniques alter the balance between effort and sophistication, enabling the campaign to target users who are more technologically advanced.

While AI continues to bring about positive changes in our world, the rising trend of its misuse in the form of AI-generated scams cannot be ignored. At Sophos, we are fully aware of the new opportunities and risks presented by generative AI models. To counteract these threats, we are developing our security co-pilot AI model, which is designed to identify these new threats and automate our security operations.

Source: Sophos