This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (3 days Training) Tuesday 16 March 2021 – Thursday 18 March 2021

Requirement 

• XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 16 March 2021

 9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs    
  

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewall can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 17 March 2021 

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 18 March  2021

 9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch 

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

The Linux Foundation and the Laboratory for Innovation Science at Harvard recently released a Report on the 2020 Free/Open-Source Software Contributor Survey. One of the primary conclusions of this report was the fact that free/open-source software developers often have a very negative approach to security. They spend very little time resolving security issues (an average of 2.27% of their total time spent) and they express no willingness to spend more.

Some of the quotes from the survey were simply disturbing. For example, “I find the enterprise of security a soul-withering chore and a subject best left for the lawyers and process freaks. I am an application developer.” Another example: “I find security an insufferably boring procedural hindrance.”

While the report contains the authors’ strategic recommendations, here are our thoughts about what this situation means for application security and what you can do about it.

How Far and How Wide?

The original report focuses only on free/open-source software (FOSS) but we believe it is important to consider whether this is only a FOSS problem or a problem with all developers.

Based on the survey, most FOSS developers (74.87%) are employed full-time and more than half (51.65%) are specifically paid to develop FOSS. This means that FOSS is often developed by the same people that develop commercial software. We do not believe that the developers change attitude depending on whether the software they work with is free or commercial. Therefore, we believe that this bad attitude towards security extends to all developers.

We also believe that the underlying cause of this attitude is the fact that developers are either taught badly or not taught at all. Most online resources that teach programming completely skip the issue of secure coding practices. Books about programming languages rarely even mention secure coding. Schools also often treat security as an optional subject instead of a core course that should be a prerequisite to all other programming classes.

Therefore, we conclude that the results of this survey may be assumed to apply to all software developers. While in the case of commercial software some security measures may be added by the presence of dedicated security teams, “the root is still rotten”.

Secure Development? Not Likely!

While 86.3% of the respondents of the survey received formal development training, only 39.8% stated that they have formal training in developing secure software. This means that half the developers were taught badly.

Another shock comes from the response to the following question: “When developing software, what are your main sources for security best practices?”. It turns out that only 10.73% learned such best practices from formal classes and courses and 15.51% from corporate training. Nearly half the developers use online articles/blogs (46.54%) and forums (50.66%) as their primary source of information on best practices, which again shows the horrid state of education and the lack of resources about secure coding. And while we at Acunetix pride ourselves on filling the gap and being the teachers (thanks to our articles that explain how vulnerabilities work and how to avoid them), we would much rather have developers learn first from sources that are more reliable than a search engine.

Last but not least, survey results prove that free/open-source software is usually released with no security testing at all. While 36.63% use a SAST tool to scan FOSS source code, only 15.87% use a DAST to test applications. This situation is probably better in the case of commercial software because security teams usually introduce SAST/DAST into the SDLC.

Why the Bad Attitude?

If your application developers have a bad attitude towards security, it is not only due to their education. It may also be because of your business organization, which causes them to feel that they’re not involved in security at all.

Developers don’t feel responsible for security primarily due to the existence of dedicated security teams. If security personnel work in separate organizational units, the developers think that security is not their problem and expect the security researchers to take care of it instead.

Developers also don’t feel responsible because in a traditional organization they rarely are expected to fix their own security-related mistakes. A typical developer writes a piece of code, gets a code review from another developer (probably just as clueless about security), and then forgets about it. Later, a security researcher finds a vulnerability and creates a ticket to fix it. This ticket is assigned to the first available developer – usually not the one who originally introduced the vulnerability.

Such an organization promotes the lack of responsibility for security and fuels negative feelings between developers and security teams. They may view one another as “the ones that cause problems” – and this is what you must aim to change first.

Automation as a Solution

Automating the process of finding and reporting security vulnerabilities as early as possible solves this problem. First of all, errors are reported by a piece of software, not a human – therefore there is no other person to blame. Secondly, the error is reported immediately, usually after the first build attempt, and the build fails, so the developer must fix their own mistake right away. And thirdly, every time the developer is forced to fix their own error, they learn a little more about how to write secure code and how important it is.

The only problem that remains is finding software that can be trusted with this task. Unfortunately, limited capabilities of SAST/DAST software have been the cause of many failures in the past and this is why many developers do not want to use a SAST or a DAST tool.

SAST tools point to potential problems but they report quite a few false positives – the developer spends a lot of time researching something that turns out not to be a vulnerability at all. In the end, developers stop trusting the tool and start hating it. On the other hand, DAST tools report fewer false positives but often don’t provide enough information for the developer to be sure where the vulnerability is and what it can lead to.

Acunetix helps solve such problems. The advantage is that, in the case of the most serious vulnerabilities, Acunetix provides proof of the vulnerability. For example, the developer may receive a report that their code exposed sensitive files from the server – including the content of these sensitive files as evidence.

Conclusions

The most worrying conclusion from this article is that most free/open-source software is inherently insecure and if you want to feel safe using it, you need to do regular security testing yourself.

Another worrying conclusion is that people who should be your first line of defense in IT security are not educated about security and have a bad attitude toward it. This is not something that is going to be easy or quick to change.

Long-term strategic resolutions are needed to solve these major problems and simply implementing an automated solution cannot be perceived as a magic wand. However, if you introduce a reliable automated testing solution such as Acunetix into your DevSecOps SDLC at the earliest stage possible, you will ensure that your software is safe and you will teach your own developers that they need to take responsibility for the security of their code.

Source: Acunetix

This course is designed for technical professionals who will be supporting Sophos Central and provides an overview of how to troubleshoot the product.

Sophos Central Technician Training (2 days Training) – Tuesday 2 March 2021– Wednesday 3 March 2021 

The course is expected to take 1 ½ days (10 hours) to complete, of which approximately half will be spent on the practical exercises. 

On completion of this course, trainees will be able to:

• Understand the support tools required to investigate common issues
• Identify common issues when reported
• Perform appropriate troubleshooting steps

Prerequisites 

Prior to taking this course you should:

• Have completed and passed the Sophos Central Certified Engineer course
• This course uses Windows tools and utilities as part of the troubleshooting process. Students should be comfortable working with following:
• Windows Administrator command prompt
• Control Panel settings
• File and folder permissions
• Windows Services (services.msc)
• Registry Editor (regedit.exe)
• Windows Firewall with Advanced Security
• Active Directory Users and Computers
• Active Directory Group Policies.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Introduction to Troubleshooting Sophos Central
• Module 2: Client Installation
• Module 3: Active Directory Synchronization
• Module 4: Updating
• Module 5: Policies
• Module 6: Infection and Detection
• Module 7: Threat Response

Certification

+ exam: Sophos Central Technician

Duration 1 1/2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1 Tuesday 2 March 2021 

9:30-10:35 Module 1: Introduction to Troubleshooting Sophos Central

• Troubleshooting process
• Alerts and logins in Sophos Central
• Sophos Tools
• Windows Tools
• Client Log Files
• Labs (40 mins)
• Lab Preparation
• Install Server Protection
• Install and Configure AD Sync
• Deploy an Update Cache and Message Relay
  

10:35-12:40 Module 2: Client Installation

Installation Overview

• Active Directory Group Policy Deployment Failure
• Download Failure
• Competitor Removal Tool
• Package Installation Failure
• Labs (75 mins)
• Troubleshoot CRT Issues
• Uninstall a Deleted Endpoint
• Customize the Competitor Removal Tool
• Troubleshoot Deployment using a Startup Script
• Troubleshoot Failure to Download the Installer
• Troubleshoot Package Installation Failure
  

12:40-13:20 Lunch

13:20-14:30  Module 3: Active Directory Synchronization

• Active Directory Synchronization Overview
• Windows Password Changed
• Central Password Changed
• Unable to Connect
• Users No Longer Being Synced
• erifying Filters
• Labs (45 mins)
• Troubleshoot Synchronization Failure
• Troubleshoot Connection Errors for Synchronization
• Troubleshoot Groups Not Synchronizing
• Troubleshoot a Missing UserIPsec VPN Could Not Be Established (Scenario 2)

14:30-15:45  Module 4: Updating

Updating (30 mins)

• Updating Overview
• Techniques for Troubleshooting
• Disk Space and Permissions Problems
• Name Resolution
• Sophos Central
• Sophos Certified Technician
• Client Firewall
• Network Firewall
• Labs (45 mins)
• Investigate the Current Configuration
• Simulate Failure of the Update Cache Server
• Modify Proxy Settings
• Modify Firewall Settings

15:45-16:00 Break  

16:00-17:05  Module 5:Policies

• Policies Overview
• Management Communication
• Message Relays
• Troubleshooting Connectivity
• Client Deleted from Central
• Labs (45 mins)
• Establish the Current Configuration for Management Communication
• Configure Web Control policies and Global Settings
• Configure Server Groups and Policies

Day 2  Wednesday 3 March 2021 

9:30-10:45 Module 6: Infection and Detection

• Cleanup
• Quarantine
• False positives
• Labs (30 mins)
• Release a File from SafeStore
• View File Information in EndPoint Self Help
• Use the Source of Infection Tool

10:45-12:00 Module 7 Threat Response

• Endpoint Detection and Response
• How to read a threat case
• Search for threats
• Detection scenarios
• How to find help from Sophos.
• Labs (30 mins)
• Generate and Analyze Threat Cases
• Create and View a Forensic Snapshot

This course is designed for technical professionals who will be supporting Sophos XG Firewall and provides an overview of how to troubleshoot the product.

Sophos XG Technician Training (2 days Training) – Tuesday 23 February 2021– Wednesday 24 February 2021

The course is expected to take 2 days (16 hours) to complete, of which approximately 4 hours will be spent on the practical exercises.

On completion of this course, trainees will be able to:

• Apply the troubleshooting process to issues
• Use the tools available on the XG Firewall to gather information and investigate issues
• Locate and read log files on the XG Firewall
• Identify and resolve common issues

Prerequisites

Prior to taking this training, you should:

• Have completed and passed the XG Firewall Certified Engineer course and any subsequent delta modules up to version 18.0
• We recommend students have the following knowledge and experience:
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience configuring network security devices
• Experience configuring and administering Linux/UNIX systems

If you are uncertain whether you meet the necessary prerequisites to take this course, please email us at globaltraining@sophos.com and we will be happy to help.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment that simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Getting Started with Troubleshooting XG Firewall
• Module 2: Troubleshooting Network Protection
• Module 3: Troubleshooting Network Protection II
• Module 4: Troubleshooting Authentication
• Module 5: Troubleshooting Web Protection and Application Control
• Module 6: Troubleshooting Synchronized Security
• Module 7: Troubleshooting Web Server Protection
• Module 8: Troubleshooting Wireless Protection
• Module 9: Troubleshooting Email Protection
• Module 10: Troubleshooting Reporting and How to Get Help

Certification

+ exam: Sophos XG Technician

Duration 2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1, Tuesday 23 February 2021

9:30-11:25 Module 1: Getting Started with Troubleshooting XG Firewall

• Apply the troubleshooting process to issues
• Resolve common device access issues
• Identify the cause of XG Firewall going into failsafe mode
• Troubleshoot and resolve common high availability issues
• Troubleshoot routing issues
• Labs   
  

11:25-11:40 break 

11:40-13:40 Module 2: Troubleshooting Network Protection

• Troubleshoot and resolve common configuration issues with firewall rules and NAT rules
• Manage TLS decryption errors
• Determine whether traffic is flowing through the FastPath
• Troubleshooting problems with IPS settings
• Manage ATP alerts
• Labs (40 mins)
• Cannot Access Server in New York from London (Scenario 2)
• DNAT Not Working (Scenario 1)
• DNAT Not Working (Scenario 2)
• Remote Desktop Not Working

13:40-14:15 Lunch

14:15-16:00  Module 3: Troubleshooting Network Protection II

• Troubleshoot and resolve common connection issues for IPsec site-to-site VPNs
• Identify and resolve common SSL VPN issues
• Locate the logs for Sophos Connect and modify the configuration file
• Troubleshoot and resolve common issues for Remote Ethernet Devices (RED)
• Labs (30 mins)
• IPsec VPN Could Not Be Established (Scenario 1)
• IPsec VPN Could Not Be Established (Scenario 2)
• SSL VPN Could Not Be Established

16:00-16:15 Break  

16:15-17:45  Module 4: Troubleshooting Authentication

• Troubleshoot issues with the captive portal
• Identify and resolve authentication issues
• Work through the authentication flow to troubleshoot and resolve issues
• Resolve issues with tokens being out of sync
• Labs (20 mins)
• User Cannot Authenticate
• User Not Authenticated with STAS

Day 2,  Wednesday 24 February 2021

9:30-11:00 Module 5: Troubleshooting Web Protection and Application Control

• Explain the differences between DPI web scanning and the web proxy, and troubleshoot basic web policy issues
• Enable debug logging for DPI web scanning
• Troubleshoot web proxy performance issues
• Troubleshoot web categorization
• Troubleshoot application control policy issues
• Labs (20 mins)
• Site Incorrectly Blocked for User
• Application Not Working for User

11:00-11:15 Break

11:15-12:45 Module 6 Troubleshooting Synchronized Security

Identify and resolve issues registering XG Firewall with Sophos Central

• Troubleshooting and resolve issues with Security Heartbeat
• Resolve problems with Synchronized User Identity
• Investigate and resolve problems related to lateral movement protection
• Labs (20 mins)
• Cannot Register XG Firewall with Sophos Central
• Endpoint Cannot Establish a Heartbeat with XG Firewall Configure VPN network NATing

12:45-13:30 Break and Lunch

 13:30- 14:40 Module 7: Troubleshooting Web Server Protection

• Perform basic web server protection configuration
• Troubleshoot and resolve static URL hardening errors
• Troubleshoot and resolve static form hardening errors
• Troubleshoot and resolve threat filter rule errors
• Identify whether web server authentication issues are caused by the XG Firewall or the web server
• Labs (10 mins)
• Error Using Webmail Server

14:40-15:35 Module 8: Troubleshooting Wireless Protection

• Troubleshoot the access point deployment process
• Resolve common wireless network issues Resolve common wireless network issues
• Identify common causes of performance issues and the configuration that can help resolve them
• List the ports used by wireless protection and how to connect to the access point to gather additional informationLabs (Authenticate users over a site to site VPN)

15:35-15:50 Break 

15:50-17:20  Module 9 : Troubleshooting Email Protection

• Identify and resolve basic mail flow problems
• Troubleshoot virus emails that are not detected
• Troubleshoot false positive and false negative spam detections
• Identify the cause of, and resolve, missing quarantine digest issues
• Labs (30 mins)
• Cannot Receive Email
• Cannot Send Email
• Virus Email Delivered

17:20-18:00 Module 10: Troubleshooting Reporting and How to Get Help

• Troubleshoot issues with report generation
• Find help when you are unable to resolve issues yourself

Source: Datto

As 2020 comes to a close, we look back on another year of increased attacks on managed service providers (MSPs), their small and medium business (SMB) clients, and the ecosystem of tools used within the community. In the face of these events, the MSP community showed the desire to tackle the underlying challenges with increased engagement, new peer forums, and attention in hardening their services. As we look forward to what 2021 might bring, now is a great time to develop or update your plan for managing cyber risk.

Understanding Threats

As a practitioner of risk management at Datto, I look at where we can best spend our time and what areas are the most important to address when it comes to cybersecurity. This is an important concept for MSPs to master in 2021 — it’s a continuous process, and requires adaptability as new threats emerge. While we care about knowing about the possible actors we may face, for example, cybercriminal organizations and loss scenarios such as ransomware within internal systems, it’s how these unfold that is one of the most important pieces to analyze. In this blog, we’ll focus on applying a process to a handful of techniques used by threat actors, surface mitigations, and provide a few tips on prioritization.

Let’s start with three key techniques threat actors have successfully utilized over the last few years as the starting point for our 2021 planning. In stepping through this process you can apply the same thinking to any number of techniques that you uniquely identify.

Phishing

Through the use of various sub-techniques such as malicious attachments and links, these are highly effective for actors in meeting their objectives. The weakness to understand here is the end user and being able to create a situation where they take an action that leads to credential or host compromise.

Stolen Credentials

Often in conjunction with phishing or compromising of a third party, the actor utilizes valid credentials to access websites and services, or to escalate privileges internally. The weakness here is identity and access management.

External Remote Services

MITRE’s ATT&CK framework states, “Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations.” There are two potential weaknesses we will focus on for this exercise, user accounts, and vulnerabilities within the exposed services.

Defining Risk Mitigations

Now that we have a better understanding of the techniques used by bad actors and the underlying weaknesses, the next step is to populate a list of mitigations to help reduce the likelihood of these techniques being successful. The list of examples is not exhaustive and in practice should focus on the top ways to reduce risk based on deficiencies in your environment.

Phishing

• Email Security Services – provides additional security capabilities on top of email services above what Exchange and Gmail provide as a part of their base service.
• Security Awareness Training – provided in many forms of content, and phishing simulations.
• Endpoint Controls – if a malicious attachment or link is successful, ensuring the device is patched, services and configuration hardened and has a quality AV/EDR/MDR solution adds layers of security (and resilience!).

Stolen Credentials

• Multi-factor Authentication – ensuring all systems that support it have it enabled, even if you are on network.
• Password Manager – a number of mature solutions exist with the goals of not reusing passwords and having a secure means of generating them for use.
• Notifications – a fairly novel use of the built-in mechanism, and free, alert the user of new logins and device registrations. It’s understood that this is how FireEye detected the most recent breach.

External Remote Services

• Multi-factor Authentication – ensuring all systems that support it have it enabled, worth repeating twice as it is still a major driver of successful attacks on External Remote Services.
• Baseline configurations – expose the bare minimum number of services required, ensure they are vulnerability free, and that they are designed for external connectivity. It’s 2021 and we still have a large number of attacks attributed to Microsoft’s Remote Desktop Protocol being made externally available without a gateway.
• Vulnerability scanning – Whether it is a new vulnerability or a tech mistakenly opening up a vulnerable web service, regular perimeter scans serve as a continuous monitoring source that helps reduce the window that vulnerabilities are exposed to the internet.

Prioritizing the Action Plan

Arguably the hardest part of this exercise is the prioritization of activities in an action plan and finding the time to work through them. As we mentioned in this case study from 2019, don’t tackle the entire list but do put some thought into the activities and their value. While traditional risk management practices take into account financial loss in prioritization, below are a few less structured ways of approaching this problem.

• Attack Frequency – How many times have the techniques on your list been successfully used against your tech stack and user base? The more times something has occurred in the past is a good signal of future likelihood.
• Costs – Is the suggested mitigation a new tool, or is it using what you already have in new ways? Endpoint patching and configuration hardening, and enabling multi-factor authentication are still areas of improvement for MSPs. Even creative use of notifications can lead to more resilient outcomes.
• Business advantage – Determining if the required investment would be a business advantage in marketing and quality of managed services is a useful dimension. (Note: this should almost always be the case, some will just be more visible than others).

As we look at the steps we laid out above, you should walk away with the foundations to build a process that can be used and reused to harden your IT infrastructure. It’s best to set a goal of quarterly assessments at a minimum that review your program’s cyber risk in the face of trending attacks and focus on any new techniques being used.

Business continuity and disaster recovery (BCDR) solutions should serve as a foundational component in every partner’s technology stack. It’s imperative that in 2021, the MSP community’s trend of building in security practices continues. It’s through continuously assessing and improving cyber resiliency that the BCDR solutions will become the last card played rather than the only card.

Source: Datto

In today’s global economy, businesses must be compliant with standards established by various countries so they can service customers around the world.

One such regulation you can’t afford to ignore is the GDPR (General Data Protection Regulation), which is the core of Europe’s digital privacy legislation.

The GDPR applies to any organization that operates within the EU or offers goods or services to customers based in the EU.

These companies need to ensure that personal data is gathered legally and under strict conditions, as well as protected from misuse and exploitation.

Violation of GDPR rules can result in hefty fines, currently set at up to €20 million ($23.3 million), or 4% of a company’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

To ensure that you’re adhering to GDPR guidelines, you need to protect your customers’ information. Here are six technologies that can help you stay compliant:

1. Managed File Transfer (MFT)

Managed file transfer (MFT) solutions use industry-standard network protocols and encryption methods to streamline the management of company data.

These solutions automate data transfer across the organization, network, systems, applications, partners, and cloud environments using a centralized interface.

To use an MFT solution, you’d first securely send a file through an MFT program or email plugin. The software then encrypts the file and delivers it to the intended recipients. Finally, the recipients will decrypt the files so they can read the content.

MFT applications help ensure the secure collection, movement, and usage of personally identifiable data by providing organizations with a holistic view of their data movement processes. Some key security-enhancing capabilities to look for include data encryption, access rights management, and full audit trails.

Related Reading: What is Managed File Transfer (MFT)?

2. Automated data protection processes

You can use these solutions to automate data protection processes and gain better visibility into the movement of sensitive information in and out of your organization. This helps eliminate inefficiencies, errors, and delays caused by manual procedures.

Many of these solutions also offer protection against data loss and data theft while providing enhanced visibility into data breaches.

To make automation work for your business, first define and standardize procedural and technological controls for protecting personal data.

Based on your business model and criteria, you can then select a solution that offers the right features, such as encryption, multi-factor authentication, and pseudonymization to implement the automation.

Related Reading: 5 Benefits of Automation

3. Privacy impact assessments

These technologies help organizations evaluate the potential impact that their business decisions will have on users’ data privacy. Companies can be clued into potential violations early on, so they can avoid issues down the road.

Such assessments are particularly useful in supporting new product launches, geographic expansions, and mergers and acquisition activities.

Organizations can identify high-risk data that’s being collected, assess gaps in their compliance efforts, remediate areas of concern, and create an audit trail to stay compliant.

4. Individual rights compliance

Since the GDPR grants individual users the rights over how businesses use their data, you need the tools that will enable customers to enact the right to access their data, restrict or object to the processing of their data, and data portability.

These solutions allow you to create custom individual rights request forms, provide notifications, and set automated reporting to meet individual rights requirements.

You can identify the storage locations of the data requested by users and fulfill requests within the required 30-day time frame without interfering existing business processes.

Related Reading: What You Need to Know to Prepare for GDPR Compliance

5. Data mapping

Staying GDPR compliant can be particularly challenging for organizations that don’t have an exacting data management practice.

This is because a large part of GDPR focuses on justifying the type and scope of data being collected and demonstrating compliance in a timely manner. Instead of being data processors, organizations need to act as data controllers.

Data mapping solutions help you understand what data your organization is collecting, where the information is being stored, and who has access to it.

With such knowledge, you can determine what additional obligations may apply to the data based on sensitivity, geography, or other factors.

6. Pseudonymization technologies

These technologies allow you to implement a data-masking tactic, which is referenced in the actual text of the regulation.

The technologies work by storing an individual’s information in many separate files and under many different names.

As a result, hackers can’t get their hands on customers’ full information by simply stealing one file or reassembling personally identifiable information from multiple sources.

7. Data classification

The first step to a strong data protection posture is data classification. It provides a firm foundation towards onward compliance, and integrating data classification with necessary data protection tools such as DLP, rights management, encryption and many more will elevate your data protection strategy.

The industry-leading Boldon James Classifier is key to GDPR compliance, as it is designed to reduce data loss incidents and improve DLP solution effectiveness. Visual labelling enhances your workforce’s awareness of the value of the data they are using, whilst metadata labels facilitate more effective application of data security, data management and retention policies.

Related reading: Classification By Design: The Foundation Of Effective Data Protection Compliance

Final thoughts

A data breach will not only cost you a hefty penalty but also tarnish your reputation, erode trust with customers, and impact your long-term profitability.

Investing in the right technologies for GDPR compliance will pay for itself by helping you implement the right measures in risk management and analytics, regulatory compliance, and auditing and reporting so you can stay secure and compliant.

Source: Boldon James

Managed service providers (MSPs) have #giftgoals too, so we’ve put together a “Holiday Wish List” for MSPs with gift ideas to help them maximize efficiencies, deliver great customer service, protect clients from cyber threats and work smarter, not harder, in 2021 and beyond.

1. Universal Two-Factor Authentication (2FA) would bring Joy to the World. With threat actors finding ways to bypass preventative measures, 2FA becomes more critical. To be as effective as possible, clients that deploy it on both workstations and server logins gain an extra layer of protection.
2. Let us grow, let us grow, let us grow! MSPs become part of a growing community of MSPs when they partner with Datto. Beyond just dependable technology, Datto provides access to the industry’s best resources, education, and marketing tools to grow and scale their business.
3. It’s beginning to look a lot like efficiency. Efficiency is the name of the game for any MSP. Gain access to valuable tools and insight with Autotask PSA and Datto RMM, optimizing service delivery, increasing productivity, and finding more time for billable tasks.
4. I’m dreaming of no downtime. Businesses have had a tough year, and what better way to improve in 2021 than ensuring they never have to be without their mission-critical systems and data? Give your clients peace of mind with a business continuity solution to get them back up in running in the event of downtime.
5. Silver and Gold. Building stronger, trusted relationships with clients is one of the best gifts to receive. MSPs can show clients they deliver exceptional value with quarterly business reviews and detailed performance reporting.
6. Clients who *believe* in the power of backup. MSPs know how important backup is when disaster strikes. The best way to protect servers, files, PCs, and SaaS applications all tailored to a client’s needs is with Datto Unified Continuity solutions.
7. It’s the most wonderful time of the year for SMBs to migrate to the cloud. Clients that migrate to the cloud see increased efficiencies, more productivity, and cost savings. Plus, bundle in Datto SaaS Protection to back it up, and you’ve just raised your margin on a recurring service.
8. All is calm, all is bright. SMBs who invest in data protection and take the security recommendations MSPs make bring their MSPs peace of mind. Datto can help MSPs educate clients about the importance of continuity solutions to strengthen security measures.
9. All I want for Christmas is a clear ticket queue. MSPs had a busy year with a near-complete shift to remote working. Give the gift of an empty ticket queue with an intuitive ticket user interface that enables immediate action and resolves issues quickly with Autotask PSA.
10. I’ll Be Home for Christmas. Wherever home is, the simple joys of celebrating with loved ones is on everyone’s wish list this year.

Source: Datto

We at Acunetix and Invicti are deeply concerned with the aftermath of the SolarWinds hack and offer our deepest commiserations to all the security personnel who are facing this situation just before Christmas, and to SolarWinds themselves who have been an unwilling agent to the compromise of more than 18,000 organizations.

At the same time, we would like to reassure our customers, partners, and prospects that we are not a customer of SolarWinds and are therefore not in any way affected by this hack. As always, we continue to take the utmost care to ensure that our on-premises and online software and our update download servers are not compromised in any way.

What Happened at SolarWinds?

If you’re not up to date on the news: The SolarWinds Orion network monitoring software, used by more than 18,000 organizations all over the world, was compromised several months ago. An update, downloadable from the SolarWinds update server, was poisoned with a malicious backdoor. This backdoor allowed unknown threat actors to spy on SolarWinds Orion customers and potentially control their systems remotely or escalate into their networks.

The original attack vector remains unknown but there are hints that might give us a clue of what originally happened. Since the first traces of backdoor being used date back to March 2020, it is very probable that SolarWinds was hacked at the beginning of 2020 or in late 2019. This is in line with certain Tweets that suggest that SolarWinds had an open repository on GitHub and used weak passwords. This would not be surprising at all. Openly accessible repositories and exposed databases account for some of the biggest hacks in recent years and common password vulnerabilities are often the underlying cause of major break-ins.

Another potential vector is that the SolarWinds Office 365 account was supposedly compromised, according to information that SolarWinds received from Microsoft. SolarWinds believes that data contained in emails might have allowed the attackers to gain access to other systems (which also suggests poor email culture – you should not use email to send sensitive data). This yet again suggests that it might have been a weak password policy that has been the underlying cause of the breach. Remember, it just takes one user with a weak password for a malicious hacker to enter.

Conclusions from the SolarWinds Hack

While the hack itself is most probably nothing out of the ordinary, what is very much out of the ordinary in this situation is the fact how long it has remained undiscovered. This is what suggests that while the vulnerability might have been trivial, the exploitation itself was not. The attackers, whoever they really are, took a great deal of care to remain undetected in all the infiltrated networks. This is why it is believed that it must have been a major intelligence operation.

This leads to the conclusion that even if you consider a vulnerability or an asset just a minor one, it may be used by the attacker to escalate deeper into your systems – for example, a simple SQL injection on a database that contains no personal data may lead to a complete system compromise. What’s even worse, the attacker may then use your compromised systems to perform an attack on others – an attack that may be even harder to detect, such as in the case of SolarWinds.

Another important conclusion from this hack is that if SolarWinds Orion was a cloud product, the hack would not be possible because there would be no downloadable updates. If the organizations had no internal networks (if they had all their applications in the cloud) and they never needed Orion in the first place, it would not happen either. This may be yet another nudge for organizations to move their assets to the cloud. However, they must not forget that the cloud also has its security concerns. And one of these security concerns is the fact that all cloud apps are web applications.

How Can Acunetix Help?

Since we deal with web application security, Acunetix cannot help organizations with securing their legacy applications and internal networks, such as those that have been infiltrated by the backdoor in SolarWinds Orion. However, Acunetix is an indispensable tool for when you move those applications to the cloud – we also check for exposed databases and weak passwords. To keep all your web assets secure, your best bet is to start with a web vulnerability scanner.

Sophos published its newest threat report. The report encapsulates the work of multiple teams within Sophos, including SophosLabs, Cloud Security, Data Science, and Rapid Response. The daily work of these and other groups in the company help protect Sophos’ customers from an ever-increasing variety and intensity of acts of malfeasance targeting their computer systems and data.

The past year presented the world with challenges that humans haven’t faced in more than a century. While the internet gave us the ability to cope with a global pandemic better than was possible in 1918, we faced new complications in 2020 from ransomware, cryptojackers, and digital theft targeting every conceivable platform – even security appliances.

In our threat report (which you can download here), we’ve attempted to bring a bit of order to the chaos of the past year. We’ve structured the report to discuss the four key domains in which we focused our protection efforts in 2020 and which will guide our planning into 2021:

• The increasingly dire threat of ransomware in all its new forms
• Conventional Windows malware, including tools criminals use to steal data and deliver malicious payloads
• Unconventional malware that targets platforms not traditionally thought of as part of an organization’s attack surface
• How the pandemic impacted attacker behavior as much as how we now work, play, shop, go to school, and socialize – and the challenges involved in protecting those functions.

This was the year that ransomware, for instance, decided that merely encrypting our data and holding it hostage wasn’t quite evil enough. Threat actors discovered that even organizations with the best backups still are willing to pay big money to prevent sensitive data being leaked to the world, turning ransomware attacks into a hybrid hostage-extortion crisis.

It was also a year when threat actors pushed the ransomware envelope in another way: Initial ransom demands skyrocketed into the millions of dollars per incident, though some criminals made it clear they were willing to bargain with their victims.

As office workers shifted into a work-from-home, lockdown mode, businesses had to devise new ways to provide their employees with secure access into internal computer systems, extending the enterprise perimeter to encapsulate thousands of homes. And as organizations rapidly deployed these remote-access features, attackers devised new ways to use them against us, targeting our VPNs and other internet-facing services and devices for special attention.

For instance, in incidents where we were called in to investigate, we discovered that Windows’s built-in RDP was not only targeted as an initial point of access, but once threat actors gained a foothold inside the perimeter, they began to take advantage of RDP to navigate laterally within an organization.

When the Sophos Rapid Response team investigates incidents, they attempt to determine the root cause of attacks. Beyond RDP, the Rapid Response team have also found that attackers increasingly make use of mundane, conventional, common malware to deliver ransomware and other more serious payloads. Any detection, no matter how banal, may be the precursor to a devastating attack.

Attackers also put effort into targeting attacks at technology not traditionally considered part of the attack surface: Networked IoT devices, firewalls, Linux servers, and Macs did not evade the attention of criminals who leveraged vulnerabilities to install cryptominers or other malicious code. And the attackers who did target Windows servers and workstations increasingly employ the tools created by the security industry to probe for or exploit weaknesses, using our analysis tools against us.

The pandemic factored into everything we did in information security this year, and it sharpened one point: In times of crisis, when systems all around us are under stress, protecting what still works is vitally important to maintaining our ability to survive and thrive. Under attack from all sides, the information security industry and many thousands of practitioners set aside competition and stepped up to work together, as a community, to push back against the darkness.

Source: Sophos

Sophos Home provides the industry’s best protection against ransomware, viruses, malware, exploits, and more. It’s the same enterprise-grade protection available in our business products, which protect millions of computers in the world’s most valuable organizations.

And the newly-launched Sophos Home mobile management app – available now for both iOS and Android – makes remotely monitoring and managing your loved one’s devices easier and more effective than ever before. You’ll enjoy being able to access your Sophos Home dashboard from your mobile device without having to use your computer.

Features include…

• Instant notifications and alerts of new threats
• Remote scanning of computers, regardless of location
• Easy management of device protection settings
• Built-in phone security features such as Face ID, fingerprint scanning, and passcodes
• Optional two-factor authentication for an extra layer of security
• Live chat with customer support to help you tackle more difficult challenges

The Sophos Home mobile management app is available to all Sophos Home Premium customers and anyone trying our free 30-day Sophos Home trial.

Ready to get started? You can download the Sophos Home Mobile Management app at the Apple App Store or Google Play Store.

Don’t already have a Sophos Home Premium account? Head to home.sophos.com to start a 30-day free trial.

Source: Sophos

December 2, Athens, Greece – NSS, an international value-added distributor of leading cutting-edge IT solutions, today announced its partnership with Datto, the leading global provider of cloud-based software and technology solutions purpose-built for delivery by managed service providers (MSPs). This strategic distribution agreement brings Datto’s enterprise-grade technology to small and medium enterprises in Southeast Europe.

Founded in 2007 in the U.S., Datto is a global leader in business continuity and disaster recovery, business management, and networking solutions. The presence of Datto’s technology in Southeast Europe will enable IT solution providers and resellers to continue to grow and address the IT needs of SMEs. With this agreement, Datto’s cloud-based software and technology solutions will be available to MSPs by NSS. Datto’s solutions are built to integrate with “best of breed” tools, software, and applications that MSPs use most.

“Datto is expanding in Europe and sees a great opportunity to bring our critical technology, tools, and expertise to businesses in Greece, Cyprus, Malta and Bulgaria,” said James Vyvyan, VP Sales EMEA, Datto. “We’ve chosen a trusted go-to-market partner in NSS, and look forward to working together to deliver IT solutions through MSPs in an increasingly complex IT environment.”

“As a leader in cloud-based software and technology solutions, we are thrilled to add Datto’s offering to our portfolio and distribute these critical solutions,” said George F. Kapaniris, Executive Director, NSS. “We look forward to helping MSPs protect their end customers and grow their businesses”.

NSS will distribute Datto’s solutions in the markets of Greece, Cyprus, Malta and Bulgaria. By offering Datto’s comprehensive and unique set of cloud-based solutions, NSS is expanding its portfolio to meet the increasing IT requirements and security needs of businesses during the age of digital transformation.                          

To find out more please visit: https://www.nss.gr/en/products/systems/datto/

About NSS 

NSS is an international Value Added Distributor of Affordable Cutting Edge IT solutions, covering technology areas that include information security, network optimization, communications and infrastructure systems. NSS has strategic partnerships with superior vendors offering products & services with leading technologies that place the company ahead of the competition in today’s crowded market. NSS products can be acquired through a selected channel of resellers in Greece, Cyprus, Malta, the Balkan and Adriatic Countries.

Αθήνα, 2 Δεκεμβρίου 2020 – Η NSS, Διεθνής Διανομέας Προστιθέμενης Αξίας (Value-Added Distributor / VAD) λύσεων πληροφορικής υψηλής τεχνολογίας ανακοίνωσε τη συνεργασία της με την Datto, παγκόσμια ηγέτιδα στην παροχή cloud-based λογισμικού και εξειδικευμένων τεχνολογικών λύσεων που απευθύνονται σε MSPs (Managed Service Providers). Αυτή η στρατηγική συμφωνία διανομής φέρνει τις τεχνολογίες επιχειρησιακής κλάσης της Datto σε μικρές και μεσαίες επιχειρήσεις στη Νοτιοανατολική Ευρώπη.

Η Datto, που ιδρύθηκε το 2007 στις Η.Π.Α. αποτελεί παγκόσμιο ηγέτη στους τομείς της Διαχείρισης Επιχειρησιακών Διαδικασιών (Business Management), την Αποκατάσταση από Καταστροφή (Disaster Recovery), την Επιχειρησιακή Συνέχεια (Unified Continuity) και τις Λύσεις Δικτύωσης. Η παρουσία των τεχνολογιών της Datto στη Νοτιοανατολική Ευρώπη θα επιτρέψει στους παρόχους λύσεων πληροφορικής και στους μεταπωλητές να συνεχίσουν να αναπτύσσονται και να ανταποκρίνονται στις ανάγκες πληροφορικής των μικρομεσαίων επιχειρήσεων. Με αυτή τη συμφωνία, το cloud-based λογισμικό και οι τεχνολογικές λύσεις της Datto θα είναι διαθέσιμες στους MSPs από την NSS. Οι λύσεις της Datto σχεδιάστηκαν για να συνδυάζονται επίσης άψογα με τα πιο διαδεδομένα εργαλεία, το λογισμικό και τις εφαρμογές που χρησιμοποιούν  οι MSPs σήμερα στην αγορά.

«Η Datto επεκτείνεται στην Ευρώπη και έχουμε μπροστά μας μια μεγάλη ευκαιρία να φέρουμε την τα τεχνολογικά εργαλεία υψηλής απόδοσης και την τεχνογνωσία που διαθέτουμε σε επιχειρήσεις στην Ελλάδα, την Κύπρο, τη Μάλτα και τη Βουλγαρία» δήλωσε ο James Vyvyan, Αντιπρόεδρος Πωλήσεων EMEA της Datto. «Επιλέξαμε την NSS, έναν αξιόπιστο εταίρο για τη μετάβαση μας στην αγορά και ανυπομονούμε να συνεργαστούμε για την παροχή λύσεων πληροφορικής μέσω των MSPs στο ολοένα και πιο περίπλοκο περιβάλλον πληροφορικής σήμερα» συμπλήρωσε ο κ. James Vyvyan.

«Ως ηγέτης στο λογισμικό που βασίζεται στο cloud και τις τεχνολογικές λύσεις που έχουν δημιουργηθεί ειδικά για τους παρόχους διαχειριζόμενων υπηρεσιών (MSPs), είμαστε ενθουσιασμένοι οι εξαιρετικές λύσεις της Datto προστίθενται στο χαρτοφυλάκιο των προϊόντων που διανέμουμε», δήλωσε ο Γιώργος Καπανίρης, Εκτελεστικός διευθυντής της NSS. «Ανυπομονούμε να βοηθήσουμε τους MSPs να προστατεύσουν τους πελάτες τους και να αναπτύξουν τις επιχειρήσεις τους».

Η NSS θα διανέμει τις λύσεις της Datto στις αγορές της Ελλάδας, της Κύπρου, της Μάλτας και της Βουλγαρίας. Προσφέροντας το ολοκληρωμένο και μοναδικό σύνολο τεχνολογικών λύσεων που βασίζονται στο σύννεφο της Datto, η NSS επεκτείνει το χαρτοφυλάκιο της για να ανταποκριθεί στις ολοένα αυξανόμενες απαιτήσεις πληροφορικής και ασφάλειας των επιχειρήσεων στην εποχή του ψηφιακού μετασχηματισμού.

Μάθετε περισσότερα στην ιστοσελίδα της NSS: https://www.nss.gr/el/products/systems/datto/

Σχετικά με την NSS:

Η NSS είναι ένας διεθνής διανομέας λύσεων πληροφορικής υψηλής τεχνολογίας, που καλύπτει τεχνολογικούς τομείς όπως η ασφάλεια πληροφοριών, η βελτιστοποίηση των δικτυακών υποδομών, οι επικοινωνίες και τα συστήματα υποδομών. Η NSS έχει συνάψει στρατηγικές συνεργασίες με κορυφαίους προμηθευτές που προσφέρουν τεχνολογίες αιχμής και τοποθετούν την εταιρεία μπροστά από τον ανταγωνισμό στη σημερινή αγορά. Τα προϊόντα που προσφέρει η NSS είναι διαθέσιμα μέσω ενός επιλεγμένου καναλιού μεταπωλητών στην Ελλάδα, την Κύπρο, τη Μάλτα, στα Βαλκάνια και στις χώρες της Αδριατικής.