NSS, an international value-added distributor of leading cutting-edge IT solutions, announced its partnership with Password Boss.

Password Boss is an award winning, complete end-to-end, multi-tenant password management solution for MSPs that securely stores their business’s and their clients’ passwords. The features of this amazing password management solution include multi-layered security, role-based access, secure password sharing, remote control tool integration, multi-devices access with mobile synchronization, centralized management portal and dashboard, built-in Dark Web scanning and monitoring and much more. This strategic distribution agreement brings Password Boss technology to MSPs in Southeast Europe by NSS.

Founded in 2014, Password Boss was designed and developed to meet the needs and ways that MSPs work and support their customers and it is built to complement all the tools and applications that MSPs use most.

“We are thrilled to add Password Boss to our product portfolio and distribute this amazing password management solution to our partners MSPs” said George F. Kapaniris, Executive Director, NSS. “We look forward to helping MSPs securely store their businesses’ and clients’ passwords. After all, Password Boss is a password management solution that was built by an MSP for MSPs”.

NSS will distribute Password Boss in the markets of Greece, Cyprus, Malta, and Bulgaria. NSS continues to expand its product portfolio to meet the increasing IT requirements and security needs of businesses and MSPs during this age of digital transformation.                

To find out more please visit: https://www.nss.gr/en/products/security/password-boss/

About NSS

NSS is an international Value Added Distributor of Affordable Cutting Edge IT solutions, covering technology areas that include information security, network optimization, communications, and infrastructure systems. NSS has strategic partnerships with superior vendors offering products & services with leading technologies that place the company ahead of the competition in today’s crowded market. NSS products can be acquired through a selected channel of resellers in Greece, Cyprus, Malta, the Balkan and Adriatic Countries.

We are pleased to announce that on May 19, 2021 we have released some exciting updates for all customers using Sophos EDR (Endpoint Detection and Response) with Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR.

What’s new?

Introducing the Sophos Data Lake

The Sophos Data Lake stores critical information from your EDR-enabled endpoints and servers, which means you get access to that data even if those devices are currently offline.

In addition to being able to get key data from devices even when they are not online (for example if knocked offline during an attack, or a misplaced laptop) the Sophos Data Lake also enables event correlation on a much broader scale. For instance, being able to quickly identify that a suspicious account is logged in across multiple devices.

Then when you have identified an area of interest you can query the device with Live Discover and get incredibly rich, live data and remotely access the device via Live Response to take appropriate action. It’s the best of both worlds.

You get 7 days of retention in the data lake as standard (30 days with Sophos XDR) which is in addition to the existing up to 90 days of data stored directly on devices.

Please note that you need to enable the Sophos Data Lake. In your Sophos Central console select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and turn on the ‘Upload to the Data Lake’ toggle. From the same window you can also select which devices send data to the Sophos Data Lake.

Τhe Sophos Data Lake is available now for Windows and Linux devices. Mac support will come later this year.

Scheduled queries

One of the top requested features, this release introduces scheduled queries so you can have critical information ready and waiting for you. Queries can be scheduled to run overnight so key data is ready for assessment the next day.

To set up a scheduled query you first need to choose a query by going to the ‘Threat Analysis Center’ and then ‘Live Discover’. When you have selected the query you want to run you will see a new option to schedule the query instead of running it immediately.

When the query has been successfully scheduled it will appear in your ‘Scheduled Queries’ list.

Enhanced usability

Work even faster with enhancements to workflows and pivoting. You’ll get to key information faster and be able to take actions and respond even more quickly.

Sophos XDR

We have also released Sophos XDR (Extended Detection and Response). Sophos XDR goes beyond endpoints and servers, pulling in rich Sophos Firewall and Sophos Email data with more XDR-enabled products coming soon.

Here are just a few Sophos XDR use cases:

To learn more about Sophos XDR please see this article.

Source: Sophos

[vc_row][vc_column width=”1/6″][/vc_column][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”2/3″][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_height=”fontheight-578034″ text_color=”color-210407″]

Watch the complete online event BEYOND PRODUCTIVITY

[/vc_custom_heading][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

A 90 minutes crash webinar where you will be presented with the Next Generation RMM, how to Unify People, Processes and Data in a Single Pane of Glass, and how to Protect Data and Keep your Business Running along with a complete end-to-end, multi-tenant password management solution for MSPs

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100922″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100828″ media_width_percent=”75″ alignment=”center” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Protect Data and Keep Business Running. Datto Unified Continuity covers all of your business continuity & disaster recovery needs. Protect servers, files, PCs, and SaaS applications. Datto works with MSPs to customize a solution tailored to you and your clients.

Datto enables you to be prosperous and secure with products designed specifically for MSPs. Datto is more than just a technology provider. Datto empowers you to implement and sell solutions that help you grow.[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”100760″ media_width_percent=”60″ alignment=”center”][vc_column_text]

A complete end-to-end password management solution designed and developed by an MSP specifically for the needs and the ways that today’s MSPs work and support their customers.

The Password Boss password management solution brings industry leading password protection to MSPs for the first time. A perfect fit in your MSP service profile.[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column width=”1/6″][/vc_column][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”2/3″][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_height=”fontheight-578034″ text_color=”color-210407″]

Watch the complete online event BEYOND PRODUCTIVITY

[/vc_custom_heading][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

A 90 minutes crash webinar where you will be presented with the Next Generation RMM, how to Unify People, Processes and Data in a Single Pane of Glass, and how to Protect Data and Keep your Business Running along with a complete end-to-end, multi-tenant password management solution for MSPs

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100922″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-150912″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading text_color=”color-122459″]

One Datto: Drive Revenue With Integrated Solutions

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

One Datto illustrates how integrated solutions increase efficiency and build MRR. In this video, we show how a fully integrated platform of best-in-class Continuity, SaaS protection, networking, RMM, and PSA solutions combine to streamline a response to a ransomware attack. The integrated platform reduces the number of steps to complete tasks, enabling you to quickly and efficiently return clients to production, grow your MRR with value added managed services, improve the efficiency of your service delivery, and protect your clients from data loss.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100927″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in”][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Protect Data and Keep Business Running. Datto Unified Continuity covers all of your business continuity & disaster recovery needs. Protect servers, files, PCs, and SaaS applications. Datto works with MSPs to customize a solution tailored to you and your clients.

Datto enables you to be prosperous and secure with products designed specifically for MSPs. Datto is more than just a technology provider. Datto empowers you to implement and sell solutions that help you grow.[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”100760″ media_width_percent=”60″ alignment=”center”][vc_column_text]

A complete end-to-end password management solution designed and developed by an MSP specifically for the needs and the ways that today’s MSPs work and support their customers.

The Password Boss password management solution brings industry leading password protection to MSPs for the first time. A perfect fit in your MSP service profile.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100828″ media_width_percent=”75″ alignment=”center” media_link=”|||”][/vc_column][/vc_row]

Autotask PSA is designed to drive efficiency, accountability, and the intelligence of managed service providers (MSPs) by unifying people, processes, and data to provide a singular view across their IT managed services business. The latest enhancements to Autotask PSA improve usability and add Document Manager and Knowledgebase features that increase technician accountability.

Additionally, MSPs who have integrated their Autotask PSA with Datto RMM now have the ability to click into their Datto RMM system directly into remote takeover of managed devices that need additional support.

Document Manager and Knowledgebase Enhancements

The past two releases added Document Manager capabilities within Autotask PSA to improve efficiency by providing quick and easy access to standardized documentation so technicians spend less time searching for answers. SSL Certificate and Domain Tracking capabilities were enabled to provide a single location for MSPs to manage and track expiring assets to help ensure they never miss a renewal.

Additionally, the latest Autotask release increases accountability of Document Manager and Knowledgebase users with revision, rollback, and approval features. Quickly identify when updates were made, and quickly select and restore to the desired version. Those with proper credentials can approve documents and Knowledgebase articles prior to publishing.

Account Management Module Modernized

Autotask PSA’s Account Management module, which provides a real-time view of the health of each account and allows sales teams to manage their sales pipeline by creating and tracking opportunities, has been revamped to reflect our new user experience. The intuitive Company pages now feature a configurable and tab-based UI to help improve account manager and sales rep efficiency and will provide a more cohesive experience with the other Autotask PSA modules.

Project Task, Time, and Note Entry Usability Enhancements

In addition to the Account Management pages getting a major facelift, Project Task, Time, and Note Entry have been updated significantly to improve user experience and efficiency. The integrated Time Entry enables users to quickly and accurately enter or edit time with an intuitive timeline view. The new rich text editor for Note Entry improves context, and enhances understanding of problems by providing a convenient way to stylize text with bold, italicize, underline choices, bulletize and number lists, and embed images.

Autotask LiveMobile App Improvements

The Autotask LiveMobile App, which enables remote workers to access the Autotask PSA system even when they are away from their desks, has been enhanced, as well. Beyond just updating the look and feel, the latest updates to the native iOS and Android apps bring the full PSA ticket experience onto a mobile device for improved tech efficiency.

Looking for a PSA platform that helps grow your business by unifying Document Management, Service Desk, CRM, Procurement, Billing, and Reporting behind a single pane of glass? Learn more about Autotask PSA today.

Source: Datto

RMM stands for “remote monitoring and management.” Remote monitoring and management tools are a foundational technology for managed service providers (MSPs). Managing client endpoints and devices is a key tenant in a managed services business, and these tools give MSPs the ability to do so remotely.

What are the benefits of RMM tools?

RMM solutions are used by IT professionals to remotely monitor system status and manage processes without the requirement to physically be on site. With the right RMM tool, MSPs can do more with less–simplifying operations for the MSP while providing efficient service for the client.

Drive Efficiency and Automation into Service Delivery

By centralizing the management of client endpoints, MSPs can reduce costs and increase service delivery efficiency. From installing software to patch management remote monitoring and management software is designed to drive efficiency, scalability, usability, and affordability.

Scale the Business

For maximum uptime, consider a 100% cloud platform with no hardware to maintain. With a cloud-based RMM solution, MSPs can scale their endpoints with ease, whereas an on-premises solution may require upgrades and manual maintenance to grow with your business.

Build Value and Trust with Clients

With a robust remote monitoring and management solution, MSPs can remotely and proactively monitor and support clients with one-click access to endpoints, mitigating risk and anticipating issues before they occur. MSPs can also use their RMM tool to provide clients with valuable insights and reporting.

Unify With Your Operations Engine

MSPs live and breathe in a professional services automation (PSA) tool to deliver service to clients, manage tickets, and organize business operations. To run an efficient and effective managed services business, PSA and RMM tools are essential. So, it only makes sense that integrating them will save MSPs time from not having to switch from platform to platform to complete a task.

Datto RMM: Built for MSPs

Datto RMM is the platform of choice for thousands of MSPs around the world looking to reduce the operational overhead of delivering managed services.

• Comprehensive auditing: Get complete visibility of every device and pinpoint areas for action.
• Real-time monitoring: Implement system-wide monitoring with intelligent alerting, auto-response, and auto-resolution.
• Flexible reporting: Prove your value and help your customers make decisions with a wide array of reports.
• Built-in patch management: Automatically maintain every device with flexible, native OS and application patch update policies.
• Remote control and takeover: Provide instant support with one-click access to any of your managed devices.

What Makes Datto RMM Different

• Rapid pace of innovation: The Datto RMM product team pushes updates to once a month to improve user experience.
• Onboarding and ongoing optimization: Our implementation team is full of pros that specialize in helping MSPs adopt Datto RMM by providing ongoing support that’s unique to their business needs and use cases.
• One price, simple, and affordable: An affordable flat fee per device gives MSPs full visibility, management, and monitoring of every device under contract.
• Performance and security: Datto is 100% cloud-based and built to scale.
• Datto RMM integrations and open ecosystem: Native integrations with Autotask PSA, Datto Networking, and Unified Continuity solutions drive operational efficiency and greater profits for our MSP partners. We’re also committed to an open ecosystem for other MSP tools and technologies.

How to choose the right solution for your MSP business?

Take a look at our eBook, RMM Made MSPeasy, where we’re diving into what you should consider when selecting a solution. Plus, you’ll find advice from industry-leading MSPs on using RMM to increase operational efficiency and drive revenue.

Whether you are just getting started with managed services or are currently evaluating new software, this eBook is for you.

Source: Datto

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fdispatches-from-anywhere-securing-the-next-wave-of-work%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Read more here…[/vc_button][/vc_column][/vc_row]

When we set out to build our extended detection and response (XDR) solution, we focused on a key mantra: if you want the best XDR, you need the best data.

Sophos XDR is driven by data. It delivers the most comprehensive and precise data across multiple dimensions for the most accurate threat detection, investigation, and response. This is achieved thanks to the scope of data, range of sources, and data quality.

Scope of data

Sophos XDR blends 90 days of rich, on-device endpoint and server data with 30 days of cross-product telemetry in our data lake. This provides the broadest and most in-depth, contextualized insights for both live and offline devices.

Why do you need both on-device data and data stored in a data lake? The two types of data complement each other, which is key to stopping stealthy, high-stakes attacks.

On-device data provides a live view of what’s happening right now on your endpoints and servers, plus an incredibly detailed historical record of activities for the last 90 days – far more detailed than a data lake would typically retain.

All key information and events are logged. This includes process information down to the thread level (starting, stopping, parent, child), changes to the registry, programs running, system events, and much, much more.

The data lake provides its own set of advantages, such as the ability to detect incidents by correlating information across your estate.

Crucially, it also allows users to query both online and offline devices – even those which may have been taken offline during an attack. However, data stored in a cloud repository is always historical and does not provide a real-time view.

The two data types work together. The data lake provides the 10,000-foot view and helps correlate events across your estate from both live and offline devices. From there, you can pivot to live running systems and access the industry’s richest on-device data set to see exactly what’s happening right now, or what happened in the last 90 days.

Blending on-device data with the information stored in the data lake ensures you get the broadest scope of data so you don’t miss a thing.

Data sources

Sophos XDR is the first and only XDR solution that synchronizes native endpoint, server, firewall, and email security – with mobile and cloud integrations coming soon.

This broad set of data sources goes well beyond endpoint and server visibility alone. Instead, you get the full picture when detecting and investigating incidents.

For example, you could use firewall data to identify suspicious traffic coming from an unmanaged endpoint or investigate a suspected phishing attack to see if there has been further traffic to a malicious domain.

All the data sources are integrated out of the box when you have Sophos XDR-enabled components. There’s no need to create your own custom infrastructure.

Quality of data

When conducting threat detection and response, having a lot of data is only part of the equation.

Because huge volumes of data can be overwhelming, you instead need high-quality data.

Sophos XDR has more high-quality data, which means we deliver stronger signals and less noise for better detection. This is because Sophos XDR is built on top of Intercept X, the world’s best endpoint protection.

Intercept X filters out a lot of the noise that ends up causing alert fatigue for analysts, allowing them to help focus on what’s truly important.

To further improve data quality, Sophos XDR provides additional context to put the data into perspective. This includes additional intelligence from SophosLabs and the Sophos AI team.

Source: Sophos

We are pleased to announce some exciting product updates, including the launch of Sophos XDR (Extended Detection and Response) and significant enhancements to Sophos EDR (Endpoint Detection and Response).

Introducing Sophos XDR

Sophos XDR goes beyond endpoints and servers, pulling in rich Sophos Firewall, Sophos Email, and other data sources.

This means you get even more detailed insight when performing threat hunting or IT operations tasks: both a broad, big picture view of your organization’s cybersecurity environment along with the ability to deep dive into areas of interest for granular detail. It’s the best of both worlds.

Here are just a few Sophos XDR use cases:

New to Extended Detection and Response (XDR)? We’ve put together a beginner’s guide to get you up to speed. Download your copy.

Offline Access with the Sophos Data Lake

A key component of both XDR and EDR, the Sophos Data Lake stores critical data from XDR- and EDR-enabled devices, including access to that data even when devices are offline.

For example, you can look back for unusual activity on a device that has been destroyed or taken without authorization. It’s an important part of cybersecurity visibility, giving your organization the ability to see the entire environment and quickly drill down to granular areas of interest.

Data retention periods are 7 days for EDR and 30 days for XDR. That’s in addition to the up-to-90 days of on-disk data stored on devices.

Sophos EDR keeps getting better

This release brings some of the most-requested features to Sophos EDR, making it even easier to ask and answer business-critical IT operations and threat hunting questions.

• Scheduled queries Have critical information waiting for you. You can schedule queries to run overnight so key data is ready for assessment. You’ll have the information you need to quickly perform threat hunting and IT operations tasks.
• Enhanced usability Work even faster with enhancements to workflows and pivoting. You’ll get to key information faster and be able to take actions and respond even more quickly.

To learn more about Sophos XDR and EDR please head over to Sophos.com/XDR and Sophos.com/EDR today.

Source: Sophos

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Frethinking-remote-access-security-can-zero-trust-replace-vpns%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Learn more on this on BeyondTrust’s blog[/vc_button][/vc_column][/vc_row]

We are thrilled to announce that for the 12^th consecutive report, Sophos has been named a “Leader” in the Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).

We are confident our placement is due to the combination of advanced protection, and broad endpoint detection and response (EDR) threat hunting and IT operations capabilities found in Intercept X.

In addition to a proven track record of stopping ransomware attacks and advanced threats, recent enhancements to EDR capabilities in Intercept X mean that organizations can use powerful SQL queries to answer critical IT operations and threat hunting questions. Pre-written queries with full customization and the ability to craft queries from scratch are included to support all use cases.

We continue to invest in both our protection and EDR capabilities, with multiple releases deployed over the past year. We recently announced Sophos XDR, which extends EDR visibility beyond endpoints and servers.

Read the full report

Intercept X Third Party Test Results

SE Labs

• AAA Rated for Enterprise – 100% total accuracy rating (Jan-Mar 2021)
• AAA Rated for SMB – 100% total accuracy rating (Jan-Mar 2021)

MRG Effitas

• 100% for protection with 0 false positives (360 Degree Assessment and Certification, Q4 2020)

PC Magazine

• Rated “Editor’s Choice”

SC Media

• 5/5 rating

CRN 2020 Tech Innovators Awards

• Winner, Best Endpoint Security Solution

Gartner Peer Insights

• Intercept X Advanced with EDR has an average 12-month rating of 4.8 (out of 5.0) on Gartner Peer Insights
• Sophos MTR has an average 12-month rating of 4.8 (out of 5.0) on Gartner Peer Insights

Source: Sophos

With the latest update to Acunetix, we introduced a new feature called the target knowledge base. Every time you scan a target, Acunetix gathers and stores information about it. This information includes paths that make up the site structure, the location of forms and their inputs, parameters used by the web application, any APIs that are used, and the detected vulnerabilities.

Getting Better with Time

The idea behind the target knowledge base is to be able to reuse as much of this information as possible in subsequent scans to empower the Acunetix crawler. You can think of the crawler as an adventurer who is entering a maze and needs to check all available paths to reliably find his way out of the maze. In the same way that the adventurer would be much more efficient at completing his task if he had an updated map of the maze, the crawler becomes more thorough at building the site structure when it can use the target knowledge base.

With the target knowledge base, the scanner does not need to start every scan from zero. Instead, it gets a head start by using the list of URLs from the knowledge base. This is similar to supplying the scanner with an import file, which contains a list of URLs to populate the site structure before the crawler starts to work.

Leave No Spot Behind

While testing the target, Acunetix probes it by submitting various payload data values, formatted in a way that is designed to identify vulnerabilities. The way that the web application responds to the requests made by Acunetix may affect the thoroughness of each scan. Some scans may expose certain URLs while other scans may not, depending on circumstances.

With the target knowledge base, each subsequent scan goes beyond what the crawler discovers during that scan – it uses paths and locations accumulated during previous scans of the same target. This ensures that you can scan URLs that you cannot reach predictably or consistently using the regular crawl function.

In addition, many targets evolve over time as the developers add new features, change existing features, and remove functions. This means that, for example, a function that has been removed may no longer be reachable through any link or web page inside the target, but may still linger on the web server as an orphaned URL. Thanks to the target knowledge base, Acunetix can scan even these orphaned functions.

Reliable Vulnerability Verification and Self-Healing

Acunetix also stores information about all vulnerabilities identified during previous scans of the target and uses this information in subsequent scans of that target. This means that when you want to re-check whether the vulnerabilities are still there, the crawler does not need to identify them again because the scanner is aware of their possible existence.

Another nice feature is that the target knowledge base is self-healing. If you change a part of the site structure and some URLs no longer exist, the crawler will first attempt to reach all the previously stored URLs, and then remove the obsolete ones from the knowledge base. This means that even if you redesign the web application and you know that the previous site structure is no longer valid because of this redesign, a subsequent scan will automatically clean up and correct knowledge base data.

Target Knowledge Base Configuration

If for any reason you wish to temporarily run one or more scans without using the target knowledge base, you can change the settings for the target and disable the use of the knowledge base for any new scans that you launch. Then, you can enable it again to scan the regular version of the target.

You can also permanently delete the contents of the knowledge base and start accumulating new data for the target. To do this, simply expand the Advanced section of the Target Settings page and click the Delete knowledge base button in the Knowledge Base panel.

Source: Acunetix

Intercept X ranked #1 with a 100% total accuracy rating for enterprise, SMB, and consumer protection in three recent SE Labs tests.

Sophos is proud to announce that Sophos Intercept X achieved a 100% Total Accuracy Rating for enterprise, small business, and consumer protection in the SE Labs endpoint protection test report (Jan – Mar 2021).  Whether you are protecting your employees at work or their families at home, you can take comfort knowing you are backed by the world’s best endpoint protection.

Intercept X’s unique combination of anti-ransomware technology, deep learning artificial intelligence, exploit prevention, and active adversary mitigations is built to stop the widest range of threats.

Additionally, Sophos Intercept X Advanced with EDR integrates powerful endpoint detection and response (EDR) with the industry’s top-rated endpoint protection. Built for both IT security operations and threat hunting, Intercept X detects and investigates suspicious activity with AI-driven analysis.

For those looking for help with threat detection and response Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service.

Sophos MTR fuses the protection technology of Intercept X with expert human analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. Unlike other services, the Sophos MTR team goes beyond simply notifying you of attacks or suspicious behaviors and takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats.

SE Labs is not alone in praising Intercept X. A list of other industry awards can be found here.

Try Intercept X and Sophos Home for free

Testing the powerful features in Intercept X couldn’t be more straightforward. Sign up today for a free 30-day trial of the award-winning protection and EDR functionality, or activate an instant online demo.

Looking for protection for your home devices?  Start a free trial of Sophos Home.

Source: Sophos

[vc_row][vc_column][vc_column_text]Ransomware surged in 2020 and shows no signs of relenting thus far in 2021. As an industry, we are failing to keep up with attackers, who are adept at quickly evolving to target vulnerabilities and gaps created by digital transformation, which has quickly accelerated over the last year.[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fransomware-is-increasing-evolving-how-do-we-keep-up%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Get more insights on our partner’s blog[/vc_button][/vc_column][/vc_row]

The State of Ransomware 2021 report provides fresh new insights into the frequency and impact of ransomware.

Based on findings from an independent survey of 5,400 IT managers in mid-sized organizations in 30 countries across the globe, it reveals that 37% of organizations experienced a ransomware attack in the last 12 months – down from 51% in 2020.

Furthermore, fewer organizations suffered data encryption as the result of a significant attack – down from 73% in 2020 to 54% in 2021. So far, so good.

However while the number of organizations being hit by ransomware has dropped since last year, the financial impact of an attack has more than doubled, increasing from US$761,106 in 2020 to US$1.85 million in 2021. This is likely due, in part, to the move by attackers to more advanced and complex targeted attacks that are harder to recover from.

Paying up doesn’t pay off

The number of organizations paying the ransom to get their data back increased over the last year, from 26% of organizations whose data was encrypted in 2020 to 32% in 2021.

However what adversaries fail to mention in their ransom notes is that your likelihood of getting all your data back after paying up is very slim: fewer than one in ten (8%) got back all their encrypted files.

In fact, on average, organizations that paid the ransom got back only 65% of their data, with 29% getting back no more than half their data. When it comes to ransomware, it doesn’t pay to pay.

The survey also revealed that extortion without encryption is on the rise. 7% of respondents that were hit by ransomware said that their data was not encrypted, but they were held to ransom anyway, possibly because the attackers had managed to steal their information. In 2020, this figure was just 3%.

Winners and losers

The report provides insight into how different countries and sectors have been affected by ransomware over the last year, including:

• India reported the most ransomware attacks with 68% of respondents saying that they were hit last year. Conversely Poland (13%) and Japan (15%) reported the lowest levels of attack.
• Geographical neighbors Austria and the Czech Republic are poles apart when it comes to ransomware recovery costs: Austrian respondents reported the highest recovery cost of all countries surveyed while Czech respondents reported the lowest.
• Retail and education (both 44%) were the sectors that reported the highest levels of attack.
• Local government is the sector most likely to have their data encrypted in a ransomware attack (69%).

Get the full survey findings

Read the State of Ransomware 2021 to get the full findings from the survey. It includes best practice advice from Sophos defenders to help you stay safe from ransomware.

Source: Sophos

Every year, Acunetix brings you an analysis of the most common web security vulnerabilities and network perimeter vulnerabilities. Our annual Web Application Vulnerability Report (now part of the Invicti AppSec Indicator) is based on real data taken from Acunetix Online. We randomly select websites and web applications scanned using our software, anonymize them, and perform statistical analysis. Here are our cybersecurity findings for this year.

The State of Web Application Security

The 2021 report is, unfortunately, quite pessimistic. The slow improvement trend from the previous few years has reversed. Several high and medium severity vulnerabilities are now more common in 2021 than in 2020, including some serious security risks that may lead to the loss of sensitive information.

We believe that this trend reversal is caused by the COVID-19 pandemic. The pandemic has caused most companies to embrace remote work and therefore many security leaders decided to focus on endpoint security, operating system security, and anti-malware efforts to combat the onset of phishing, malicious sites, and malicious code. Therefore, not enough resources were available to improve web security. Instead of investing in thorough processes, businesses went for quick and imperfect solutions, often based on misconfigured web application firewalls (WAF).

In our opinion, such decisions could have severe consequences in the future. As a result of the shift to remote, web application importance increased. To improve the efficiency of remote work, many businesses made their processes available through web browsers, using web applications and APIs. This made it possible for attackers to attempt to gain access to company data through web pages and, as a consequence, could lead to major data breaches.

In a recent study from Forrester Research, The State of Application Security 2021, web applications such as SQL injections, cross-site scripting, or remote file inclusion comprised the most frequently-cited method of attack. The study surveyed 480 global security decision-makers with network, data center, app security, or security ops responsibilities who experienced an external attack in 2020.

The Developer Crisis

With the shift to remote, web software development is also facing more problems, not just the lack of resources. Even before the age of remote work, developers often found it difficult to write secure code, made common functionality mistakes, skipped validation, trusted user input from untrusted sources, passed untrusted data directly to SQL queries, used insecure user session IDs and session management mechanisms, etc.

New remote work environments make it even more difficult for developers to maintain application code security due to communication challenges. If the security focus is shifted away from web application security solutions, developers also lack tools and schooling to improve their security-related skills. If they had access to professional web application security solutions, they would receive information not only about the existence of issues but also guides that would teach them how to avoid such errors in the future. Without such tools, developers are just going to create more and more vulnerabilities.

Vulnerabilities at a Glance

Our report focuses on common vulnerabilities and security misconfigurations – those that you also find in the Open Web Application Security Project – OWASP Top 10 list. We found fewer SQL Injection flaws and directory traversal (path traversal) issues but many other serious issues were more common or just as common as the year before. This includes remote code execution (code injection), cross-site scripting (XSS) issues, vulnerable JavaScript libraries, WordPress vulnerabilities, server-side request forgery (SSRF), host header injection attacks, and more.

The report also contains data on other known vulnerabilities and software security issues including buffer overflow, denial-of-service and DDoS vulnerabilities, issues related to access control and broken authentication such as weak passwords, web server misconfigurations, and more. In the case of all these issues, the trend is similar: you can see a slight increase in numbers.

Beware of the Consequences

In conclusion, the 2021 Web Application Vulnerability Report again emphasizes the importance of web vulnerability scanning, especially in the age of COVID-19 and remote work. Issues discovered by scanners such as Acunetix can have serious consequences and lead to server-side sensitive data exposure including user account compromise, credit card information theft, security breaches of back-end databases, as well as client-side attacks on victims’ browsers.

Read the full report.

Source: Acunetix

Sophos launched the first of the new XGS Series next-gen firewall appliances with Sophos Firewall OS version 18.5.

For network admins, this completely re-engineered hardware platform finally takes a common dilemma off the table: how to scale up protection for today’s highly diverse, distributed, and encrypted networks without throttling network performance.

Coupled with a highly attractive price, the new XGS Series is guaranteed to reshuffle the deck in the network firewall space.

Here are just three key highlights of this new release.

Dual processor architecture – powered by Xstream

Every XGS Series appliance has two hearts beating at its core: a high-performance multi-core x86 CPU, and an Xstream Flow processor to intelligently accelerate applications by offloading security-verified and trusted traffic to the FastPath.

This architecture allows us to retain the same flexibility to extend and scale protection as purely x86-based firewalls while also providing a performance boost that’s unhampered by the limitations of some legacy platform designs.

For example, with the programmable Xstream Flow processors, we can extend the offload capabilities in future software releases, providing additional performance improvements without changing the hardware.

Protection and performance

As much as we like to talk about speeds and feeds in the firewall space, the additional performance headroom in the XGS Series is there for a purpose: protection.

With about 90% of network traffic encrypted (source: Google Transparency Report) and almost 50% of malware using TLS to avoid detection (source: SophosLabs), organizations are leaving huge blind spots in their network visibility by not activating TLS inspection.

Just going by our own telemetry, about 90% of organizations don’t have TLS inspection activated on their firewalls. Even if we take into account that some of those may have separate solutions doing TLS inspection, it’s likely to be the minority rather than the majority. And aside from the security risk that poses, it’s pretty hard to create a policy for traffic that shows as “general” or “unknown”.

Before you all scream, “but TLS inspection breaks the internet,” Sophos Firewall includes native support for TLS 1.3 and provides a user interface which clearly shows if traffic has caused issues and how many users were affected. With just a couple of clicks, you can exclude problematic sites and applications without reverting to a less-than-adequate level of protection.

We’ve got the edge

The XGS Series includes multiple form factors that beat the all-important price per protected Mbps of many competitive models.

XGS Series appliances are equipped with high-speed interfaces to meet the diverse connectivity requirements of businesses large and small. In addition to the built-in copper, fiber, and a range of other ports on every model, add-on modules provide the flexibility to tailor your device connectivity to your unique environment – both today and in the future.

The XGS Series integrates further with edge infrastructure devices such as APX access points and our SD-RED Remote Ethernet Devices. With cloud-managed Zero-Trust Network Access and access layer network switches coming later this year, we’re bringing your network security to every edge.

Sophos Firewall OS v18.5

The new appliances come with the latest v18.5 software release, which not only provides support for the new hardware but also includes all the 18.x maintenance releases – many new capabilities and security improvements – since the v18 release.

For further information about Sophos Firewall and the XGS Series or to request a quote visit Sophos.com/Firewall or Sophos.com/Compare-XGS.

Source: Sophos

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Requirement

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

On completion of this course, trainees will be able to:

• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Duration: 3 days 

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 mins)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation

• Demonstrate how to create a forensic snapshot and interrogate the database

• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Agenda

Trainer: Michael Eleftheroglou

Day 1,  Tuesday,  May 11th,  2021

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

Day 2,  Wednesday, May 12th,  2021

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

Day 3, Thursday, May 13th, 2021

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

The latest release of Acunetix introduces web asset discovery – a mechanism that automatically lets you find websites and web applications that could potentially belong to your organization. This allows you to decide if these assets need to be covered by your web application security processes.

Why Do You Need Asset Discovery?

Very small and/or recently founded organizations usually know every single web asset that they create and own. However, the longer the organization exists and the larger it grows, the bigger the chance that some assets get left behind.

As part of our initial research, we found that most mid-sized organizations discovered web assets that needed to be secured. The most common causes of web assets “going missing” were:

• Lack of lifecycle management for web assets. For example, marketing assets that are no longer relevant are left online.
• Lack of global security processes. For example, in a larger organization, a department may be creating web assets using a tool such as WordPress with most of the organization not realizing that these assets exist.
• Internal tooling. For example, a team or department may be using a web application for their internal processes but this application may be unknown to all other departments and might be accessible from outside the organization.
• Personnel changes. For example, an ex-employee might have created a promotional site for a campaign and failed to hand it over when moving on from the company.
• Mergers and acquisitions. Organizations find it very difficult to merge metadata for all owned web assets for all organizational units.
• External contractors. You might have hired an external contractor to build a website or web application for you and they may have left a test version of that website or web application publicly accessible outside your organization.

Why Do All Assets Need Security?

Even an out-of-date, minor asset may pose a major threat to security. For example, a WordPress-based site created for a campaign that took place 2 years ago, which is still available publicly using a dedicated domain and not your business domain, may seem harmless but it’s not.

Let us assume that the abandoned WordPress site has a cross-site scripting (XSS) vulnerability. An attacker uses that vulnerability to create a major phishing campaign. The domain that you used in the campaign 2 years ago is, therefore, a tool for a major attack aimed at other businesses.

Another organization falls victim to the attack and orders a forensic investigation. The investigation reveals that a domain owned by your business was used in the phishing campaign. The organization that fell victim to the attack then sues you for damages as being an accessory to a crime.

The above scenario is exactly what happens if you leave unprotected assets laying around.

How Does Asset Discovery Work?

Publicly accessible web assets usually have some kind of information that can lead back to the potential owner. For example, if the web asset is available on a public domain, that domain may have registration information leading to the owner. If the web asset is available via a secure channel, the certificate may contain information leading to the owner.

Asset discovery in Acunetix continuously scans publicly available information and crawls the web to find any new assets that bear any relevance to your business. Then, at your convenience, you may look through the list of identified assets and decide whether any of them should be treated as targets for Acunetix. See how to use asset discovery in practice.

Asset discovery is already available for all Acunetix on-premises versions and will very soon be available in Acunetix Online.

To test it, request a demo of Acunetix Premium.

Source: Acunetix