We are pleased to announce some exciting product updates, including the launch of Sophos XDR (Extended Detection and Response) and significant enhancements to Sophos EDR (Endpoint Detection and Response).

Introducing Sophos XDR

Sophos XDR goes beyond endpoints and servers, pulling in rich Sophos Firewall, Sophos Email, and other data sources.

This means you get even more detailed insight when performing threat hunting or IT operations tasks: both a broad, big picture view of your organization’s cybersecurity environment along with the ability to deep dive into areas of interest for granular detail. It’s the best of both worlds.

Here are just a few Sophos XDR use cases:

New to Extended Detection and Response (XDR)? We’ve put together a beginner’s guide to get you up to speed. Download your copy.

Offline Access with the Sophos Data Lake

A key component of both XDR and EDR, the Sophos Data Lake stores critical data from XDR- and EDR-enabled devices, including access to that data even when devices are offline.

For example, you can look back for unusual activity on a device that has been destroyed or taken without authorization. It’s an important part of cybersecurity visibility, giving your organization the ability to see the entire environment and quickly drill down to granular areas of interest.

Data retention periods are 7 days for EDR and 30 days for XDR. That’s in addition to the up-to-90 days of on-disk data stored on devices.

Sophos EDR keeps getting better

This release brings some of the most-requested features to Sophos EDR, making it even easier to ask and answer business-critical IT operations and threat hunting questions.

• Scheduled queries Have critical information waiting for you. You can schedule queries to run overnight so key data is ready for assessment. You’ll have the information you need to quickly perform threat hunting and IT operations tasks.
• Enhanced usability Work even faster with enhancements to workflows and pivoting. You’ll get to key information faster and be able to take actions and respond even more quickly.

To learn more about Sophos XDR and EDR please head over to Sophos.com/XDR and Sophos.com/EDR today.

Source: Sophos

[vc_row][vc_column][vc_column_text]

[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Frethinking-remote-access-security-can-zero-trust-replace-vpns%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Learn more on this on BeyondTrust’s blog[/vc_button][/vc_column][/vc_row]

We are thrilled to announce that for the 12^th consecutive report, Sophos has been named a “Leader” in the Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).

We are confident our placement is due to the combination of advanced protection, and broad endpoint detection and response (EDR) threat hunting and IT operations capabilities found in Intercept X.

In addition to a proven track record of stopping ransomware attacks and advanced threats, recent enhancements to EDR capabilities in Intercept X mean that organizations can use powerful SQL queries to answer critical IT operations and threat hunting questions. Pre-written queries with full customization and the ability to craft queries from scratch are included to support all use cases.

We continue to invest in both our protection and EDR capabilities, with multiple releases deployed over the past year. We recently announced Sophos XDR, which extends EDR visibility beyond endpoints and servers.

Read the full report

Intercept X Third Party Test Results

SE Labs

• AAA Rated for Enterprise – 100% total accuracy rating (Jan-Mar 2021)
• AAA Rated for SMB – 100% total accuracy rating (Jan-Mar 2021)

MRG Effitas

• 100% for protection with 0 false positives (360 Degree Assessment and Certification, Q4 2020)

PC Magazine

• Rated “Editor’s Choice”

SC Media

• 5/5 rating

CRN 2020 Tech Innovators Awards

• Winner, Best Endpoint Security Solution

Gartner Peer Insights

• Intercept X Advanced with EDR has an average 12-month rating of 4.8 (out of 5.0) on Gartner Peer Insights
• Sophos MTR has an average 12-month rating of 4.8 (out of 5.0) on Gartner Peer Insights

Source: Sophos

With the latest update to Acunetix, we introduced a new feature called the target knowledge base. Every time you scan a target, Acunetix gathers and stores information about it. This information includes paths that make up the site structure, the location of forms and their inputs, parameters used by the web application, any APIs that are used, and the detected vulnerabilities.

Getting Better with Time

The idea behind the target knowledge base is to be able to reuse as much of this information as possible in subsequent scans to empower the Acunetix crawler. You can think of the crawler as an adventurer who is entering a maze and needs to check all available paths to reliably find his way out of the maze. In the same way that the adventurer would be much more efficient at completing his task if he had an updated map of the maze, the crawler becomes more thorough at building the site structure when it can use the target knowledge base.

With the target knowledge base, the scanner does not need to start every scan from zero. Instead, it gets a head start by using the list of URLs from the knowledge base. This is similar to supplying the scanner with an import file, which contains a list of URLs to populate the site structure before the crawler starts to work.

Leave No Spot Behind

While testing the target, Acunetix probes it by submitting various payload data values, formatted in a way that is designed to identify vulnerabilities. The way that the web application responds to the requests made by Acunetix may affect the thoroughness of each scan. Some scans may expose certain URLs while other scans may not, depending on circumstances.

With the target knowledge base, each subsequent scan goes beyond what the crawler discovers during that scan – it uses paths and locations accumulated during previous scans of the same target. This ensures that you can scan URLs that you cannot reach predictably or consistently using the regular crawl function.

In addition, many targets evolve over time as the developers add new features, change existing features, and remove functions. This means that, for example, a function that has been removed may no longer be reachable through any link or web page inside the target, but may still linger on the web server as an orphaned URL. Thanks to the target knowledge base, Acunetix can scan even these orphaned functions.

Reliable Vulnerability Verification and Self-Healing

Acunetix also stores information about all vulnerabilities identified during previous scans of the target and uses this information in subsequent scans of that target. This means that when you want to re-check whether the vulnerabilities are still there, the crawler does not need to identify them again because the scanner is aware of their possible existence.

Another nice feature is that the target knowledge base is self-healing. If you change a part of the site structure and some URLs no longer exist, the crawler will first attempt to reach all the previously stored URLs, and then remove the obsolete ones from the knowledge base. This means that even if you redesign the web application and you know that the previous site structure is no longer valid because of this redesign, a subsequent scan will automatically clean up and correct knowledge base data.

Target Knowledge Base Configuration

If for any reason you wish to temporarily run one or more scans without using the target knowledge base, you can change the settings for the target and disable the use of the knowledge base for any new scans that you launch. Then, you can enable it again to scan the regular version of the target.

You can also permanently delete the contents of the knowledge base and start accumulating new data for the target. To do this, simply expand the Advanced section of the Target Settings page and click the Delete knowledge base button in the Knowledge Base panel.

Source: Acunetix

Intercept X ranked #1 with a 100% total accuracy rating for enterprise, SMB, and consumer protection in three recent SE Labs tests.

Sophos is proud to announce that Sophos Intercept X achieved a 100% Total Accuracy Rating for enterprise, small business, and consumer protection in the SE Labs endpoint protection test report (Jan – Mar 2021).  Whether you are protecting your employees at work or their families at home, you can take comfort knowing you are backed by the world’s best endpoint protection.

Intercept X’s unique combination of anti-ransomware technology, deep learning artificial intelligence, exploit prevention, and active adversary mitigations is built to stop the widest range of threats.

Additionally, Sophos Intercept X Advanced with EDR integrates powerful endpoint detection and response (EDR) with the industry’s top-rated endpoint protection. Built for both IT security operations and threat hunting, Intercept X detects and investigates suspicious activity with AI-driven analysis.

For those looking for help with threat detection and response Sophos Managed Threat Response (MTR) provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service.

Sophos MTR fuses the protection technology of Intercept X with expert human analysis for improved threat hunting and detection, deeper investigation of alerts, and targeted actions to eliminate threats with speed and precision. Unlike other services, the Sophos MTR team goes beyond simply notifying you of attacks or suspicious behaviors and takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats.

SE Labs is not alone in praising Intercept X. A list of other industry awards can be found here.

Try Intercept X and Sophos Home for free

Testing the powerful features in Intercept X couldn’t be more straightforward. Sign up today for a free 30-day trial of the award-winning protection and EDR functionality, or activate an instant online demo.

Looking for protection for your home devices?  Start a free trial of Sophos Home.

Source: Sophos

[vc_row][vc_column][vc_column_text]Ransomware surged in 2020 and shows no signs of relenting thus far in 2021. As an industry, we are failing to keep up with attackers, who are adept at quickly evolving to target vulnerabilities and gaps created by digital transformation, which has quickly accelerated over the last year.[/vc_column_text][vc_button button_color=”color-210407″ size=”btn-lg” radius=”btn-round” border_width=”0″ link=”url:https%3A%2F%2Fwww.beyondtrust.com%2Fblog%2Fentry%2Fransomware-is-increasing-evolving-how-do-we-keep-up%3Futm_source%3DNSS-NewsBlog%26utm_id%3DNSS-Greece||target:%20_blank|”]Get more insights on our partner’s blog[/vc_button][/vc_column][/vc_row]

The State of Ransomware 2021 report provides fresh new insights into the frequency and impact of ransomware.

Based on findings from an independent survey of 5,400 IT managers in mid-sized organizations in 30 countries across the globe, it reveals that 37% of organizations experienced a ransomware attack in the last 12 months – down from 51% in 2020.

Furthermore, fewer organizations suffered data encryption as the result of a significant attack – down from 73% in 2020 to 54% in 2021. So far, so good.

However while the number of organizations being hit by ransomware has dropped since last year, the financial impact of an attack has more than doubled, increasing from US$761,106 in 2020 to US$1.85 million in 2021. This is likely due, in part, to the move by attackers to more advanced and complex targeted attacks that are harder to recover from.

Paying up doesn’t pay off

The number of organizations paying the ransom to get their data back increased over the last year, from 26% of organizations whose data was encrypted in 2020 to 32% in 2021.

However what adversaries fail to mention in their ransom notes is that your likelihood of getting all your data back after paying up is very slim: fewer than one in ten (8%) got back all their encrypted files.

In fact, on average, organizations that paid the ransom got back only 65% of their data, with 29% getting back no more than half their data. When it comes to ransomware, it doesn’t pay to pay.

The survey also revealed that extortion without encryption is on the rise. 7% of respondents that were hit by ransomware said that their data was not encrypted, but they were held to ransom anyway, possibly because the attackers had managed to steal their information. In 2020, this figure was just 3%.

Winners and losers

The report provides insight into how different countries and sectors have been affected by ransomware over the last year, including:

• India reported the most ransomware attacks with 68% of respondents saying that they were hit last year. Conversely Poland (13%) and Japan (15%) reported the lowest levels of attack.
• Geographical neighbors Austria and the Czech Republic are poles apart when it comes to ransomware recovery costs: Austrian respondents reported the highest recovery cost of all countries surveyed while Czech respondents reported the lowest.
• Retail and education (both 44%) were the sectors that reported the highest levels of attack.
• Local government is the sector most likely to have their data encrypted in a ransomware attack (69%).

Get the full survey findings

Read the State of Ransomware 2021 to get the full findings from the survey. It includes best practice advice from Sophos defenders to help you stay safe from ransomware.

Source: Sophos

Every year, Acunetix brings you an analysis of the most common web security vulnerabilities and network perimeter vulnerabilities. Our annual Web Application Vulnerability Report (now part of the Invicti AppSec Indicator) is based on real data taken from Acunetix Online. We randomly select websites and web applications scanned using our software, anonymize them, and perform statistical analysis. Here are our cybersecurity findings for this year.

The State of Web Application Security

The 2021 report is, unfortunately, quite pessimistic. The slow improvement trend from the previous few years has reversed. Several high and medium severity vulnerabilities are now more common in 2021 than in 2020, including some serious security risks that may lead to the loss of sensitive information.

We believe that this trend reversal is caused by the COVID-19 pandemic. The pandemic has caused most companies to embrace remote work and therefore many security leaders decided to focus on endpoint security, operating system security, and anti-malware efforts to combat the onset of phishing, malicious sites, and malicious code. Therefore, not enough resources were available to improve web security. Instead of investing in thorough processes, businesses went for quick and imperfect solutions, often based on misconfigured web application firewalls (WAF).

In our opinion, such decisions could have severe consequences in the future. As a result of the shift to remote, web application importance increased. To improve the efficiency of remote work, many businesses made their processes available through web browsers, using web applications and APIs. This made it possible for attackers to attempt to gain access to company data through web pages and, as a consequence, could lead to major data breaches.

In a recent study from Forrester Research, The State of Application Security 2021, web applications such as SQL injections, cross-site scripting, or remote file inclusion comprised the most frequently-cited method of attack. The study surveyed 480 global security decision-makers with network, data center, app security, or security ops responsibilities who experienced an external attack in 2020.

The Developer Crisis

With the shift to remote, web software development is also facing more problems, not just the lack of resources. Even before the age of remote work, developers often found it difficult to write secure code, made common functionality mistakes, skipped validation, trusted user input from untrusted sources, passed untrusted data directly to SQL queries, used insecure user session IDs and session management mechanisms, etc.

New remote work environments make it even more difficult for developers to maintain application code security due to communication challenges. If the security focus is shifted away from web application security solutions, developers also lack tools and schooling to improve their security-related skills. If they had access to professional web application security solutions, they would receive information not only about the existence of issues but also guides that would teach them how to avoid such errors in the future. Without such tools, developers are just going to create more and more vulnerabilities.

Vulnerabilities at a Glance

Our report focuses on common vulnerabilities and security misconfigurations – those that you also find in the Open Web Application Security Project – OWASP Top 10 list. We found fewer SQL Injection flaws and directory traversal (path traversal) issues but many other serious issues were more common or just as common as the year before. This includes remote code execution (code injection), cross-site scripting (XSS) issues, vulnerable JavaScript libraries, WordPress vulnerabilities, server-side request forgery (SSRF), host header injection attacks, and more.

The report also contains data on other known vulnerabilities and software security issues including buffer overflow, denial-of-service and DDoS vulnerabilities, issues related to access control and broken authentication such as weak passwords, web server misconfigurations, and more. In the case of all these issues, the trend is similar: you can see a slight increase in numbers.

Beware of the Consequences

In conclusion, the 2021 Web Application Vulnerability Report again emphasizes the importance of web vulnerability scanning, especially in the age of COVID-19 and remote work. Issues discovered by scanners such as Acunetix can have serious consequences and lead to server-side sensitive data exposure including user account compromise, credit card information theft, security breaches of back-end databases, as well as client-side attacks on victims’ browsers.

Read the full report.

Source: Acunetix

Sophos launched the first of the new XGS Series next-gen firewall appliances with Sophos Firewall OS version 18.5.

For network admins, this completely re-engineered hardware platform finally takes a common dilemma off the table: how to scale up protection for today’s highly diverse, distributed, and encrypted networks without throttling network performance.

Coupled with a highly attractive price, the new XGS Series is guaranteed to reshuffle the deck in the network firewall space.

Here are just three key highlights of this new release.

Dual processor architecture – powered by Xstream

Every XGS Series appliance has two hearts beating at its core: a high-performance multi-core x86 CPU, and an Xstream Flow processor to intelligently accelerate applications by offloading security-verified and trusted traffic to the FastPath.

This architecture allows us to retain the same flexibility to extend and scale protection as purely x86-based firewalls while also providing a performance boost that’s unhampered by the limitations of some legacy platform designs.

For example, with the programmable Xstream Flow processors, we can extend the offload capabilities in future software releases, providing additional performance improvements without changing the hardware.

Protection and performance

As much as we like to talk about speeds and feeds in the firewall space, the additional performance headroom in the XGS Series is there for a purpose: protection.

With about 90% of network traffic encrypted (source: Google Transparency Report) and almost 50% of malware using TLS to avoid detection (source: SophosLabs), organizations are leaving huge blind spots in their network visibility by not activating TLS inspection.

Just going by our own telemetry, about 90% of organizations don’t have TLS inspection activated on their firewalls. Even if we take into account that some of those may have separate solutions doing TLS inspection, it’s likely to be the minority rather than the majority. And aside from the security risk that poses, it’s pretty hard to create a policy for traffic that shows as “general” or “unknown”.

Before you all scream, “but TLS inspection breaks the internet,” Sophos Firewall includes native support for TLS 1.3 and provides a user interface which clearly shows if traffic has caused issues and how many users were affected. With just a couple of clicks, you can exclude problematic sites and applications without reverting to a less-than-adequate level of protection.

We’ve got the edge

The XGS Series includes multiple form factors that beat the all-important price per protected Mbps of many competitive models.

XGS Series appliances are equipped with high-speed interfaces to meet the diverse connectivity requirements of businesses large and small. In addition to the built-in copper, fiber, and a range of other ports on every model, add-on modules provide the flexibility to tailor your device connectivity to your unique environment – both today and in the future.

The XGS Series integrates further with edge infrastructure devices such as APX access points and our SD-RED Remote Ethernet Devices. With cloud-managed Zero-Trust Network Access and access layer network switches coming later this year, we’re bringing your network security to every edge.

Sophos Firewall OS v18.5

The new appliances come with the latest v18.5 software release, which not only provides support for the new hardware but also includes all the 18.x maintenance releases – many new capabilities and security improvements – since the v18 release.

For further information about Sophos Firewall and the XGS Series or to request a quote visit Sophos.com/Firewall or Sophos.com/Compare-XGS.

Source: Sophos

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Requirement

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

On completion of this course, trainees will be able to:

• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Duration: 3 days 

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 mins)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation

• Demonstrate how to create a forensic snapshot and interrogate the database

• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Agenda

Trainer: Michael Eleftheroglou

Day 1,  Tuesday,  May 11th,  2021

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

Day 2,  Wednesday, May 12th,  2021

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

Day 3, Thursday, May 13th, 2021

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

The latest release of Acunetix introduces web asset discovery – a mechanism that automatically lets you find websites and web applications that could potentially belong to your organization. This allows you to decide if these assets need to be covered by your web application security processes.

Why Do You Need Asset Discovery?

Very small and/or recently founded organizations usually know every single web asset that they create and own. However, the longer the organization exists and the larger it grows, the bigger the chance that some assets get left behind.

As part of our initial research, we found that most mid-sized organizations discovered web assets that needed to be secured. The most common causes of web assets “going missing” were:

• Lack of lifecycle management for web assets. For example, marketing assets that are no longer relevant are left online.
• Lack of global security processes. For example, in a larger organization, a department may be creating web assets using a tool such as WordPress with most of the organization not realizing that these assets exist.
• Internal tooling. For example, a team or department may be using a web application for their internal processes but this application may be unknown to all other departments and might be accessible from outside the organization.
• Personnel changes. For example, an ex-employee might have created a promotional site for a campaign and failed to hand it over when moving on from the company.
• Mergers and acquisitions. Organizations find it very difficult to merge metadata for all owned web assets for all organizational units.
• External contractors. You might have hired an external contractor to build a website or web application for you and they may have left a test version of that website or web application publicly accessible outside your organization.

Why Do All Assets Need Security?

Even an out-of-date, minor asset may pose a major threat to security. For example, a WordPress-based site created for a campaign that took place 2 years ago, which is still available publicly using a dedicated domain and not your business domain, may seem harmless but it’s not.

Let us assume that the abandoned WordPress site has a cross-site scripting (XSS) vulnerability. An attacker uses that vulnerability to create a major phishing campaign. The domain that you used in the campaign 2 years ago is, therefore, a tool for a major attack aimed at other businesses.

Another organization falls victim to the attack and orders a forensic investigation. The investigation reveals that a domain owned by your business was used in the phishing campaign. The organization that fell victim to the attack then sues you for damages as being an accessory to a crime.

The above scenario is exactly what happens if you leave unprotected assets laying around.

How Does Asset Discovery Work?

Publicly accessible web assets usually have some kind of information that can lead back to the potential owner. For example, if the web asset is available on a public domain, that domain may have registration information leading to the owner. If the web asset is available via a secure channel, the certificate may contain information leading to the owner.

Asset discovery in Acunetix continuously scans publicly available information and crawls the web to find any new assets that bear any relevance to your business. Then, at your convenience, you may look through the list of identified assets and decide whether any of them should be treated as targets for Acunetix. See how to use asset discovery in practice.

Asset discovery is already available for all Acunetix on-premises versions and will very soon be available in Acunetix Online.

To test it, request a demo of Acunetix Premium.

Source: Acunetix

Every maintenance release (MR) for XG Firewall v18 brings compelling new features, including a variety of performance, stability, and security enhancements. MR5 is no exception.

What’s new in v18 MR5

VPN enhancements

• A huge 50% increase in concurrent IPSec VPN tunnel capacity across the line
• Port 443 sharing between SSL VPN and the Web Application Firewall (WAF)
• IPSec provisioning file support for remote access via Sophos Connect v2.1

SD-WAN

• Integration with Azure Virtual WAN for a complete SD-WAN overlay network

Authentication

• Integration with Azure Active Directory (learn more)

Certificate management and security

• Form enhancements for creating certificate signing requests and certificates
• Enhanced security for private keys
• Upload/download support for PEM format certificates
• Enhanced workflows for certificate management

Synchronized Security

• Enhanced registration and de-registration in high-availability (HA) installations
• Missing Heartbeat enhancements to reduce notifications sent for intended/expected changes in endpoint status

Sophos Central Firewall Reporting

• New Cloud Application (CASB) report
• MSP Flex Pricing for MSP partners

View the full release notes on the Sophos Community Blog.

Other Recent Enhancements

If you’re not running the latest v18 firmware on your firewall, you’re missing out on a ton of new capabilities and dozens of resolved issues.

In addition to the above, these capabilities have been added in other v18 maintenance releases:

High-availability enhancements

• Improved FastPath support for active-passive pairs
• HA support in AWS using the AWS Transit Gateway
• Setup, reliability, and stability enhancements

VPN and Sophos Connect Remote Access Client

• A huge increase in SSL VPN connection capacity (up to 3-6x)
• Remote access IPSec policy provisioning with Sophos Connect v2.1
• Group support for Sophos Connect which enables imports from AD/LDAP/etc.
• New advanced options for IPSec remote access
• Sophos Connect downloads enabled from the user portal
• Enforcement of TLS 1.2 for SSL site-to-site and remote access VPN tunnels

Synchronized Security

• A new option for Synchronized App Control to automatically clean up discovered apps over a month old

Cloud platform support

• Support for new AWS instances (C5/M5 and T3)
• Support for cloud formation templates
• Virtual WAN zone support on custom gateways for post deployment single arm usage
• Nutanix and Nutanix Flow support

Sophos Central

• Group firewall management via the Partner Dashboard
• Firmware update scheduling
• Multi-firewall reporting across firewall groups
• Save, schedule, and export reports from Sophos Central

Security and authentication enhancements

• Stronger password hash algorithm (requires a password change)
• Auto web-filtering of Internet Watch Foundation (IWF) identified sites containing child sexual abuse
• Support for creating users with UPN format for RADIUS authentication

It’s easy and free

Of course, all these features are a free upgrade for Sophos customers and are as easy as clicking to upgrade your firmware in your firewall console or scheduling a firmware update through Sophos Central.

Upgrade to v18 today!

Now is the perfect time to upgrade. If you’re interested in learning more about what’s new in v18, check out these excellent articles that will help you make the most of the many new capabilities in v18:

• Xstream architecture, DPI engine, and TLS inspection
• Xstream TLS Inspection for a modern encrypted Internet
• FastPath Application Acceleration and SD-WAN Routing
• Zero-day threat and ransomware protection
• Network address translation (NAT)
• Route-based IPsec site-to-site VPN
• Switching to Sophos Central for Firewall Management

Source: Sophos

Depending on your organization’s needs, you may be running servers on-premises, consuming cloud-based applications, or hosting resources in private and public cloud environments on AWS, Azure, or GCP. More likely, you’re doing all of the above.

The cloud is rapidly becoming more and more central to most organizations’ day-to-day operations. In fact, 90% of enterprise services are in cloud computing environments. Because of this, cybercriminals are alert to opportunities provided by the cloud — so much so that 70% of companies using the public cloud suffered a cloud security incident in the last 12 months.

Securing the hybrid cloud

Organizations are increasingly adopting a hybrid cloud model with a mixture of services across SaaS, public, and private environments, while also maintaining legacy infrastructure on-premises until its ultimate migration.

When it comes to securing your resources — wherever they are located — you want to do two things:

1. Protect the actual data on on-premises servers and hybrid cloud workloads
2. Secure the networks where resources are held, whether they are in the cloud or the office

Protecting data and workloads

Sophos Intercept X for Server, protects data and workloads on your Windows and Linux (on-prem or in the cloud) servers, with the core focus to:

• Stop advanced malware, including ransomware, exploit-based attacks, and server-specific malware
• Protect virtual desktop environments to support critical remote working teams
• Lockdown your servers by controlling what can and can’t run and get notifications for any unauthorized change attempts
• Deploy and maintain everything from a single console, including mixed scenarios with cloud workloads and on-premises servers

We also have Sophos Intercept X for Servers with EDR (Endpoint Detection and Response) further extends your protection, helping you to:

• Expose evasive threats, search for issues, understand how attacks took place, and systematically respond to incidents
• Automatically detect cloud workloads as well as critical cloud services, including S3 buckets, databases, and serverless functions
• Detect insecure deployments with constant AI monitoring of your cloud environments for insecure configurations, network and user access anomalies

The other side to protecting your cloud workloads is visibility: seeing what’s running and securely configuring cloud provider services to prevent breaches.

For unrivalled visibility, turn to Sophos Cloud Optix, the Sophos Cloud Security Posture Management service. We use Cloud Optix ourselves to easily identify cloud resource vulnerabilities, ensure compliance, and respond to threats faster across the Amazon Web Services environments that host Sophos Central.

Cloud Optix can provide you with:

• Asset and network traffic visibility for AWS, Azure, and Google Cloud
• Risk-based prioritization of security issues with guided remediation
• Identification of over-privileged IAM roles before they’re exploited
• Optimization for AWS and Azure consumption costs on a single screen
• Visualization of Sophos firewalls and server workload protection agents

While notifications and warnings are helpful, it’s all too easy to get overwhelmed by alerts. And it can be tough to decide which ones should be dealt with first and foremost.

One of the main benefits of Cloud Optix for the Sophos team is that it pinpoints where to focus attention so that you can proactively secure any vulnerabilities before breaches occur.

Securing the network

With your data and workloads secure, the next consideration is securing the network.

Sophos Firewall provides powerful protection and performance, securing on-premises networks, private cloud, and public cloud AWS and Azure environments. It protects networks, applications, and ensures security of ingress and egress traffic.

With Sophos Firewall, you get: 

• An all-in-one solution: our preconfigured templates are purpose-built to secure environments from known and emerging threats, and maintain high web-application availability
• Extensive reporting, including full insight into user and network activity
• Cloud application visibility, shadow IT discovery, and automated threat response

Sophos Firewall enables you to harden your cloud workloads against hacking attempts like SQL injection and cross-site scripting. To make deployment easy and ensure that applications and users can always connect, everything is available in a single, preconfigured virtual-machine for maximum uptime.

Securing the anywhere organization

To learn more about how Sophos can help you enable users to work securely on any device from any location, read our solution briefSecuring the Anywhere Organization.

“Back when I was a contract firewall installer for Trusted Information Systems, we had a phrase for the way a lot of companies looked at connected networks: Mallomars.

If you’re not familiar, Mallomars are a cookie with a hard, crunchy outer layer of graham cracker and chocolate and soft gooey marshmallow inside. And “Mallomar” companies thought that if they installed a strong enough firewall — that hard, crunchy outer layer — they didn’t need to worry about security on the inside. What happened? Internal networks were not secured—like the gooey marshmallow in the center of a Mallomar.

Even back then, most network security experts recognized that, no matter how good a firewall may be, there’s more to network security than a single gateway. That’s why most security pros recommended a “defense-in-depth” approach. Rather than looking at the internal network as a wide-open trusted space, I worked with companies to determine where additional layers of segmentation and authentication made sense, turning networks from Mallomars into Jawbreakers that are hard all the way through.

Fast-forward to the early 2000s when the Jericho Forum and de-perimeterization started to break down traditional Mallomar (perimeter-based) thinking. The most recent evolutionary adaptation is Zero Trust, a term coined by John Kindervag while he was working at Forrester. Zero Trust pushes protection out to every resource and is particularly well-suited to a distributed workforce and cloud-first architectures. No more soft, trusted inside: every act and access are untrusted until verified.

The great news here is that if you’ve been practicing security for awhile and have a healthy appreciation for defense-in-depth (DiD), adopting a Zero Trust Architecture (ZTA) mindset should be pretty easy for you. Companies with segmentation, robust hardware and software asset management, privilege account/identity management, and a resource-aware protection strategy already have many of the foundational components for ZTA. And technical advancements like software-defined networking (SDN) and secrets management make DiD and ZTA much easier to implement and manage.

Late to the DiD and ZTA party? No worries. On the plus side, you have a green field to design your ZTA from scratch: you can build out a resource-centric ZTA program without legacy constraints to hold you back.

Whether you’re starting from scratch or updating a traditional perimeter (Mallomar) type company to ZTA, make sure you do these three things first:

1. Inventory – The old saying “you can’t manage what you don’t know” is more resonant than ever in ZTA because protecting your resources means you need to know what those resources are. As a baseline, ensure you’ve got a way to keep live updated asset inventories for all of your:

• Software
• Hardware
• Workflows
• Cloud servers
• Cloud workloads
• People (we humans are resources too!)

2. Write – OK, a lot of people hate writing policy, but they’re the foundation for what is and isn’t allowed in an organization’s environment. And if you need to go through any formal security assessments, policies are the first thing most assessors will request. Another benefit of having policies for your ZTA deployments is that they will help you think through what is and isn’t possible on paper and whiteboard before the most expensive phase of buying new technology or upgrading/reconfiguring existing ones.

3. Win Small – Now that your inventory is up-to-date and you know the policies, it’s time to pick one or two candidates for ZTA before doing a full roll out. There are multiple deployment options for ZTA, so pick one that is a best fit for your candidate. For example, some ZTA solutions require having an agent deployed on endpoints. In some BYOD environments, that may not be an option — but a cloud gateway policy enforcement point could be the perfect fit. Whatever you decide, the big win comes with a carefully deployed small candidate. Once your test candidates are up and running smoothly, take those lessons learned and organizational goodwill to expand the operationalization of your ZTA.

For a deeper exploration of how to make ZTA work for your organization, tune into my on-demand webinar: Zero Buzz – Zero Trust.”

Source: BeyondTrust

More than half of Microsoft vulnerabilities could be solved by removing admin rights, according to cyber security vendor BeyondTrust.

According to a new report by the vendor, 1,268 Microsoft vulnerabilities were discovered in 2020, a 48 per cent increase, year-on-year. In addition, the number of reported vulnerabilities has risen an astonishing 181 per cent in the last five years.

However, BeyondTrust has claimed that removing admin rights from endpoints would mitigate 56 per cent of all critical Microsoft vulnerabilities in 2020. Delving deeper, 87 per cent of critical vulnerabilities in Internet Explorer and Microsoft Edge would have been mitigated by removing admin rights, the report said.

Around 80 per cent of critical vulnerabilities in all Office products (Excel, Word, PowerPoint, Visio, Publisher, and others) would have been mitigated by removing admin rights, as would have 66 per cent of those affecting Windows Servers.

“The sheer fact that patching must always occur is a cyber security basic,” said Morey Haber, chief technology officer and chief information security officer at BeyondTrust.

“However, deflecting an attack with good cyber security policies like the removal of administrative rights ultimately makes the environment, and home workers, even more secure. And, most importantly, honouring least privilege can buy your organisation time to patch when critical vulnerabilities are published.”

The report comes as BeyondTrust expands its Asia Pacific and Japan footprint, opening an office in Singapore and hiring former BAE Systems executive Nick Turnbull as its regional senior vice president (SVP).

Source

Back in December, Datto introduced Ransomware Detection for Datto RMM. This native capability within Datto RMM enables managed service providers (MSPs) to enhance the security of their client endpoints by adding an extra layer of security and reducing the impact of crypto-ransomware. In just a few short months, more than 600 Datto RMM partners have signed up to protect more than 300,000 endpoints, detecting more than 30 instances of ransomware for their clients.

Aside from the ever-growing threat of ransomware, the technology behind Datto RMM’s technology is well established and proven, having already been in production on Datto Workplace for over a year.

In addition, prior to its release, Datto commissioned MRG Effitas, a world-leading, independent IT security efficacy testing and assurance company trusted by anti-malware vendors across the world, to evaluate RMM Ransomware Detection and compare it to leading AV tools offering similar capabilities.

Tests performed by MRG Effitas include In-the-Wild Real Ransomware tests, False Positive Tests, Ransomware Simulator Tests, and a Performance Test. After weeks of rigorous testing of Datto RMM’s native Ransomware Detection, MRG Effitas provided us with the following results:

• In-the-Wild Real Ransomware Test: 100% of live, in-the-wild ransomware samples from recent campaigns were detected by Datto RMM Ransomware Detection.
• False Positive Test: Allowed 100% of benign, mass modification processes, which resemble ransomware activity, tested against to run, and experienced no false blocks in the False Positive Test.
• Ransomware Simulator Test: Detected and blocked 100% of in-house samples containing valid attack methods used by ransomware implementing traditional encryption methods and common evasion techniques.
• Performance Test: Impacted performance of managed workstations minimally (bootup time, browser operations, etc), and had the lowest performance impact of the products tested against.

To learn more about how Datto RMM Ransomware Detection can help you protect client endpoints by adding another layer of security to traditional AV products to reduce the impact of crypto-ransomware, chat with a product specialist today.

Datto RMM Ransomware Detection Put to the Test

Source: Datto

[vc_row][vc_column][vc_column_text]Last year, an astounding 51% of organizations were hit by ransomware, with attackers succeeding in encrypting data in 73% of attacks*.

When you consider that a single full-scale attack can set the average business back by nearly $755,000 (USD)*, it’s clear that protecting all your devices and operating systems is not a ‘nice to have’ but a ‘must-have’.

Securing all the devices and platforms people use is also a key pillar in enabling secure remote working— desktops, laptops, mobile devices, Windows, macOS, Linux, Android, and iOS.

Protecting all your devices with Sophos

Sophos Intercept X gives you world-leading protection for your endpoints, servers and mobile devices. It uses multiple layers of technology to stop attackers at multiple points in the kill chain:

Anti-ransomware stops unauthorized encryption, rolling files back to their safe states.

Deep learning AI, developed by Sophos’ AI experts, blocks both known and never-before-seen malware with an incredibly low false-positive rate.

Anti-exploit technology stops exploits, active adversary techniques, and fileless and script-based attacks.

Foundational, signature-based technology stops known threats.

Whatever devices and platforms you use, Intercept X has got you covered:

• Intercept X endpoint secures desktops running Windows and macOS
• Intercept X for Server secures on-prem and cloud-based servers running Windows or Linux
• Intercept X also secures virtual desktops which are susceptible to the same threats as physical laptops.
• And Intercept X for Mobile secures mobile devices running Android, iOS and Chromebook.

Stop human-led attacks with human led-threat hunting

The most devastating cyber threats usually involve human-led attacks, often exploiting legitimate tools and processes such as PowerShell.

Hands-on live hacking enables attackers to bypass security products and protocols by modifying their tactics, techniques, and procedures (TTP) on the fly.

Stopping these human-led attacks requires human-led threat hunting.

Hunt down threats with Sophos EDR

Intercept X with EDR — Endpoint Detection and Response — give you the tools to carry out your own threat hunts from the same Sophos console you use to manage your endpoint and server protection.

It’s the first EDR designed for security analysts and IT administrators, so you can add expertise, not headcount.

Plus, in addition to enabling you to investigate suspicious signals and threats, Intercept X EDR also helps you improve your IT hygiene and identify configuration issues that leave you exposed.  Common use cases include:

• Identify signs of attempted breaches
• Investigate phishing attacks
• Fix issues with Chrome running slowly
• Manage software compliance and licensing usage

Enlist Sophos’ expert threat hunters

If you don’t have the time, capacity, or skills to do threat hunting yourself, the Sophos Managed Threat Response service is here to help.

Our team of experts provide 24/7 detection and response capabilities delivered as a fully-managed service. They proactively hunt for and validate potential threats — and stop incidences before they cause harm.

Securing devices without compromising privacy

When it comes to securing your workforce, there’s one final consideration: employee-owned devices, aka BYOD. As an IT team, you want to manage and secure both company-owned and personal devices without compromising users’ privacy.

Sophos Mobile is a unified endpoint management solution that integrates natively with Sophos Intercept X and supports management of Windows 10, macOS, iOS, and Android devices.

It lets you secure any combination of personal and corporate-owned devices with minimal effort and is ideal for BYOD scenarios.

Securing the anywhere organization

To learn more about how Sophos can help you enable users to work securely on any device from any location, read our solution brief Securing the Anywhere Organization.

*The State of Ransomware 2020, Sophos

Source: Sophos[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]Data is one of the valuable commodities shared by all organizations regardless of size, location, or the industry it operates in. Today, businesses hold more data than ever, with large volumes being generated, stored, sent, and received. There is more regulation to govern data, requiring organizations to protect it from unauthorized access. There are also more data breaches, resulting in large fines, and the loss of customers and reputation. It’s a challenging environment, especially in light of remote work being a permanent reality for many organizations whose employees need to securely collaborate from anywhere.

To Secure Data, Visibility is Key

In a recent HelpSystems study, CISOs agreed that data visibility is their biggest cybersecurity weakness. How can organizations possibly govern data effectively if they don’t know what data they have, where it lives, how it is shared, or who has access to it? Understanding this information significantly improves a company’s ability to manage and control its data and helps them select the right technology to ensure it remains protected and secure throughout its lifetime.

Traditionally, data security focused on controlling the infrastructure – and the networks and devices that operate within it – locking data down and tightly controlling who has access to it. While secure, this makes collaboration very difficult and leads to poor productivity.

Modern data security solutions focus on protecting the data itself. This means that organizations can take full advantage of cloud-based applications and operate effectively within hybrid IT environments, as the technology secures the data no matter where it resides or how it travels. The data security ecosystems work to automatically minimize both internal and external threats – be that an employee who accidentally shares sensitive data with the wrong person or a malicious actor looking to release malware when an employee opens an inconspicuous file.

The HelpSystems Data Security Solution

HelpSystems understands that the challenge of data security isn’t something an organization can solve overnight. Data security projects take time to implement, and a modular solution, one where the organization can implement a component, get it working and adding value, and move on to the next, offers the greatest level of flexibility. HelpSystems’ Data Security Suite offers multiple security solutions that can be used independently or together to benefit from economies of scale. Each solution adds a layer of security to the data, from the time it is created to when it reaches its destination, and beyond.

How it Works

Here’s an example of how the Data Security Suite works when the modular solutions are used together as one product suite (see below). Each solution has its own set of capabilities, here we are highlighting just some of the functionality available.

Data enters the organization and role-based permissions help ensure it is safe for internal viewing.

When this data is saved (in this example, as an XLS file), it is classified according to its sensitivity and value to the organization. Metadata labels allow the other data security solutions within the ecosystem to understand that the data is sensitive and requires further protection based on the organizational policy. Classified data may include customer or employee information, intellectual property, financial, or contractual information.

When the data needs to be securely transferred via email or the web, its content is inspected. Metadata provides the information needed to transfer the data compliantly.

The solution also checks to see if the person sending/receiving the data is authorized to do so, and if they are, encrypts it to ensure safety. If the data is not classified yet still contains sensitive information, such as credit card numbers or personally identifiable information (PII), the content can be automatically blocked or redacted.

Finally, data that is approved per the organizational policy to be shared internally or externally is securely transferred, regardless of file size.

The Solutions That Power Helpsystems Suite Include:

• Data classification
• Data loss prevention (DLP) and email security
• Managed file transfer (MFT)
• Encryption
• Secure file collaboration

Securing Valuable Healthcare Data

Here’s an example of where the HelpSystems Data Security solution has been implemented over time to help protect valuable healthcare data sent and received over email:

A healthcare provider needs to remain compliant with HIPAA and safeguard the medical data it shares between hospitals and insurance organizations.

Phase one saw the implementation of the DLP solution to automatically ensure that medical data is only shared with those authorized to receive it. The solution recognizes any sensitive data within emails and, depending on the recipient, can encrypt, block, or redact the content to ensure regulatory compliance. The valuable data held by healthcare providers makes them prospective targets for malicious actors looking to exfiltrate the data, so the solution also inspects and ensures that any hidden data or malicious malware is also automatically removed providing further protection against data breaches.

Phase two saw the implementation of data classification, allowing the healthcare provider to further enhance its compliance through the correct treatment of any classified data.

Protecting Highly Confidential Information

Where an organization needs to share highly confidential information on a regular basis, a managed file transfer (MFT) solution offers a secure and convenient way to transfer large files. The MFT solution can secure the sensitive data often shared by financial service organizations, law firms or legal departments within large enterprises, such as documents, contracts, and letters, and ensures the information remains encrypted while in transit.

If additional security is required to retain control after the data is sent or received, then further access control policies can be applied that stay with the data throughout its lifecycle. Secure file collaboration ensures that confidential data can be tracked, audited, and revoked at any time, no matter where or how it travels.

Ready to Start Your Data Security Journey?

If you’d like to see the tools within our Data Security Suite in action, watch our short six-minute demo video. The video shows how our solution can automatically redact sensitive PII data from emails and how it reads the metadata of classified information to apply the appropriate policy.

Source: Boldon James[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1616421039768{margin-bottom: 0px !important;border-bottom-width: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_separator sep_color=”color-210407″ type=”dashed”][/vc_column][/vc_row][vc_row][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1/1″][vc_custom_heading text_color=”color-210407″]

Contact us to find out more about our solutions

[/vc_custom_heading][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”1″ column_width_percent=”100″ shift_y=”0″ z_index=”0″][vc_column width=”2/3″][contact-form-7 id=”100335″][/vc_column][vc_column column_width_percent=”100″ gutter_size=”3″ back_color=”color-gyho” overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ css_animation=”zoom-in” width=”1/3″][vc_column_text]

Give us a call

+30 210-5914326

[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_column_text]

[/vc_column_text][/vc_column][/vc_row][vc_row unlock_row=”” row_height_percent=”0″ back_color=”color-150912″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ shape_dividers=””][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h3″ text_color=”color-xsdn”]For step-by-step instructions on how to determine if you impacted, read our guidance here.[/vc_custom_heading][vc_custom_heading heading_semantic=”h3″ text_color=”color-xsdn” separator=”over”]For help identifying and neutralizing potential adversarial activity in you environment, contact Sophos MTR.[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]

[/vc_column_text][/vc_column][/vc_row]