Sophos XG Administration Training. This course, which will be held from 13 to 14 October 2020, 09:30-17:30 via Webex due to Covid-19, is designed for technical professionals who will be administering Sophos XG Firewall and provides the skills necessary to manage common day-to- day tasks.

Objectives

On completion of this course, trainees will be able to:

• Recognize the main technical capabilities and how they protect against threats
• Complete common configuration tasks
• Configure the most commonly used features
• View and manage logs and reports
• Identify and use troubleshooting tools

Prerequisites

There are no prerequisites for this course; however, it is recommended you should:

• Be knowledge of networking to a CompTIA N+ level
• Be familiar with security best practices
• Experience configuring network security devices

Certification

To become a Sophos Certified Administrator, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content and contains 40 questions. The pass mark for the assessment is 80%, and is limited to 4 attempts.

Schedule

Training is expected to take two (2) days (24 hours ) to complete, of which approximately half will be spent on the practical exercises.

Content

The training contains 10 modules:

• Module 1 : XG Firewall Overview
• Module 2 : Getting Started with XG Firewall
• Module 3 : Network Protection
• Module 4 : Web Server Protection
• Module 5 : Site-to-Site Connections
• Module 6 : Authentication
• Module 7 : Web Protection and Application Control
• Module 8 : Email Protection
• Module 9 : Wireless Protection
• Module 10 : remote Access
• Module 11: Logging, Reporting and Troubleshooting

For many organizations, Macs are a regular fixture in their IT estates. Whether they comprise just a few devices or a significant proportion, Macs need the same levels of cybersecurity protection and visibility as their Windows cousins.

Which is why in addition to proven protection from the latest Mac threats, Endpoint Detection and Response (EDR) is now available for Mac users in addition to Windows and Linux.

Intercept X Advanced with EDR gives both IT admins and cybersecurity experts the power to answer critical IT operations and threat hunting questions, and then remotely take any necessary actions.

Upgrade your IT security operations

Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity.

With Sophos EDR, you can now do just that – quickly and easily. For example:

• Find devices with software vulnerabilities, unknown services running, or unauthorized browser extensions
• Identify devices that have unwanted software
• See if software has been deployed on devices, e.g. to make sure a rollout is complete
• Remotely access devices to dig deeper and take action, such as installing software, editing configuration files, and rebooting a device

Hunt and neutralize threats

Tracking down subtle, evasive threats requires a tool capable of detecting even the smallest indicators of compromise.

With this release, Sophos EDR is significantly enhancing its threat hunting capabilities. For example:

• Detect processes attempting to make a connection on non-standard ports
• Get granular detail on unexpected script executions
• Identify processes that have created files or modified configuration files
• Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs

Introducing Live Discover and Live Response

The features that make solving all the important examples above possible are Live Discover and Live Response.

Live Discover allows you to examine your data for almost any question you can think of by searching across Mac devices with SQL queries. You can choose from a selection of out-of-the-box queries, which can be fully customized to pull the exact information that you need, both when performing IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient.

Live Response is a command line interface that can remotely access devices in order to perform further investigation or take appropriate action. For example:

• Rebooting a device pending updates
• Terminating suspicious processes
• Browsing the file system
• Editing configuration files
• Running scripts and programs

And it’s all done remotely, so it’s ideal in working situations where you may not have physical access to a device that needs attention.

Try the new features

Existing Intercept X Advanced with EDR customers will automatically see their Mac devices appearing for selection in Live Discover and Live Response by September 16.

Intercept X and Intercept X for Server customers that would like to try out EDR functionality can head to the Sophos Central console, select ‘Free Trials’ in the left-hand menu and choose the ‘Intercept X Advanced with EDR’ or ‘Intercept X Advanced for Server with EDR’ trial.

If you’re new to Sophos Central, start a no-obligation free trial of Intercept X Advanced with EDR today. You’ll get world class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. Get started.

Live Discover and Live Response are available for Windows, Mac, and Linux devices.

Like many other companies, the MailStore team has spent several weeks working from home during the first half of the year, diligently developing our archiving solutions in the process. The team’s success is underlined by today’s release of MailStore Version 13, which we’d like to present to you now.

With several new features and numerous improvements, our new version will not only please admins but end users and business owners too. “We’ve divided these features into four main categories,” explains Björn Meyn, Product Manager at MailStore. “Firstly, we’ve improved our software’s interaction with the key cloud-based services Microsoft 365 and Google G Suite, ensuring much easier integration with these services. MailStore 13’s second focal point is supporting modern authentication through OAuth2 and OpenID Connect. Increased security and an improved user experience are our third and fourth main categories. Long-standing MailStore customers will know that we take both these topics very seriously and that they play a major role in absolutely every release.”

What Admins Can Expect From V13

MailStore 13 offers several new features and improvements that simplify the work of administrators. Here are some of the features that are particularly relevant for admins:

Improved Support of Cloud-Based Services and Modern Authentication

MailStore Server and the MailStore Service Provider Edition (SPE) now support OAuth2 and OpenID Connect, which significantly enhances MailStore’s integration in the cloud-based environments of Microsoft 365 and Google G Suite. This is good news for admins, as it not only enhances MailStore’s user friendliness in combination with these cloud-based services, but also increases security. Administrators benefit from standardized login policies by being able to use the same settings of their Microsoft 365 or Google G Suite clients for MailStore Server (including e.g. multi-factor authentication) without having to enable legacy authentication or the less secure application access. The new two-step login process emulates the login routines used in modern web applications, and MailStore no longer has to process the passwords of remote users during authentication.

In addition, the new dedicated Microsoft 365 archiving and export profiles make it easier for admins to configure profiles. Here too, the support of modern OAuth2 authentication not only improves security but also integration with Microsoft 365.

Network Share Management

MailStore Server admins now benefit from improved management of network share settings. These settings can now be managed more comfortably and securely via MailStore Server’s Service Configuration rather than via the startup script – e.g. when using a NAS.

Group Policies

Creating group policies for the MailStore Client and the MailStore Outlook Add-in is now easier than ever before: in the case of MailStore Server, the templates are now included in the installation, while in the SPE, they can be downloaded from the Client Access Server’s default page. In Version 13, these templates are available in all languages supported by MailStore.

Certificate Validation

A further improvement for MailStore Server and SPE administrators is the new certificate validation. This has been aligned with the validation process used in most of the important web browsers, enabling administrators to create and implement standardized security and certificate policies for all MailStore clients (MailStore Client, Outlook-Add-in and Web Access).

Encrypted Connections Only

In Version 13, the support of unencrypted connections to MailStore Server has been completely removed. So, administrators can rest assured that all MailStore Server installations permit only encrypted connections with the archive, which can be particularly useful for administrators managing several installations.

Let’s Encrypt™-Certificates

Administrators can now specify a port on which MailStore Server should listen out for the validation requirements of Let’s Encrypt™ TLS-Certificates, thus avoiding port collisions e.g. when MailStore Server is being run with other services on a computer or where only a limited number of IP addresses is available. This simplifies the use of Let’s Encrypt certificates.

MailStore Gateway

In Version 13, administrators can immediately see how many messages are in a MailStore Gateway mailbox. The new version also allows mailboxes still containing messages to be forcibly deleted. Furthermore, the Management Web Interface port can be modified if the standard port is being used by different applications, or the administrator wishes to turn it into a standard HTTPS Port 443.

How End Users Stand to Benefit From the New Version

MailStore 13 also offers several new and improved features aimed at simplifying archive handling for the end user. These include:

Modern Authentication

MailStore Server and SPE users can now login to MailStore using their customary Microsoft 365 or Google G Suite login details. So, rather than having to remember separate passwords for MailStore, all they need to do is use their Microsoft 365 or Google G Suite login data. This way they can also benefit from the additional security features of these cloud-based services when accessing their archive, such as multi-factor authentication.

Removal of Mobile Web Access

Customers who previously used Mobile Web Access for MailStore Server and the SPE are now able to use our modern and secure responsive Web Access. The legacy Mobile Web Access is no longer available in Version 13.

Client-Based Improvements

MailStore Server and SPE users benefit from a number of improvements when it comes to accessing and using the archive. The loading time of the responsive Web Access, in particular, has been significantly reduced. Various other minor improvements as well as comprehensive updating of all web components have been carried out for an even smoother search experience, particularly on mobile devices. The responsive display on mobile devices has also been improved significantly and features, among other things, a larger reading area. Meanwhile, the new “jump to folder” function allows you to switch directly to a desired folder by clicking on the folder path in the message view, which makes it even easier to find emails belonging to the same project or public folder. Time information is also displayed alongside the date in the MailStore Client’s message list.

Encrypted Connections Only

In Version 13, unencrypted connections to MailStore Server are no longer supported. This means that end users receive fewer warning messages when using a modern web browser to access the archive, while being able to rely on secure connections with MailStore Server. It’s also easier for end users to verify the security of a connection via their browser (e.g. via the lock symbol in Chrome’s address bar). This is particularly useful when using non-trusted connections, such as public wireless networks at airports.

Certificate Validation

In both MailStore Server and the SPE, this has been aligned with the certificate validation routine of the most important web browsers, enabling end users to identify breaches of security policies across all clients (MailStore Client, Outlook Add-in and Web Access).

Why Business Owners Can Look Forward to V13

It goes without saying that management also stands to benefit when email handling is simplified for administrators and end users. However, there are three more arguments in favor of MailStore 13 that are particularly relevant for business owners:

Improved Support of Cloud-Based Services and Modern Authentication

Business owners can trust in their investment in MailStore in the long-term, as a key part of our philosophy is to permanently support current industry standards and technologies – and that goes for important cloud-based services such as Microsoft 365 and Google G Suite.

Encrypted Connections and Standardized Certificate Validation

Business owners can also rest assured that MailStore will continually upgrade the security concept of its software in line with industry standards and security recommendations. That said, we always keep in mind the requirements and the IT infrastructure of small and medium-sized businesses. Our motto is “Security by Default”. This makes MailStore a reliable long-term choice when it comes to email archiving solutions.

GDPR-Certified

Just like the previous version, MailStore Server 13 has been rigorously audited by an independent data protection expert under General Data Protection Regulation (GDPR) rules. This certification verifies that MailStore Server – when used appropriately – meets the personal data processing requirements set out in the GDPR. Thanks to these regular and independent software audits, business owners can rest assured that MailStore Server can help them meet their obligations under the GDPR, for example by defining sophisticated retention policies. The official certificate on the audit results can be requested by our interested customers and partners via sales@mailstore.com. Registered MailStore partners can also download the certificate from our Partner Portal.

For managed service providers who offer their customers email archiving as a service using the MailStore Service Provider Edition, the following applies: MailStore SPE version 13 was also audited and certified according to the same criteria as MailStore Server in accordance with the EU’s GDPR. Registered MailStore partners can download the certificate from our Partner Portal or request it by e-mail from partners@mailstore.com.

And What About MailStore Home Users?

While the focus of Version 13 undeniably lies with our commercial products MailStore Server and the MailStore SPE, home users of our free archiving solution MailStore Home are not left empty-handed. In Version 13, MailStore Home also includes the practical “jump to folder” function, which allows emails from the same folder to be easily located by clicking on the folder path. End users can also be more creative with their passwords, which can now include spaces at the beginning and end. Other minor improvements and fixes result in an improved user experience for end users with MailStore Home.

Availability

Version 13 of MailStore Server and the MailStore SPE is now available to download from the company website at zero cost for all existing customers with valid Update & Support Service. Customers whose Update and Support Service has expired can renew via a paid upgrade and also update to the new version.

Interested companies might also want to download the version as part of a free 30-day trial.

Service providers interested in the MailStore SPE can register free of charge here to obtain all the relevant information including access to a free trial version.

MailStore Home can be downloaded from the Products page of our website.

For Gustavo Cornejo Lizama, Network Manager for a large public sector organization in Santiago, Chile, moving to a Sophos cybersecurity system has halved his team’s workload.

A team of twenty IT professionals supports the organization’s one thousand employees, however only three ‑ a security expert and two admins ‑ focus on cybersecurity.

To protect against malware and other threats, they use a Sophos cybersecurity system: a Sophos XG Firewall along with Sophos next-gen endpoint and server protection.

Everything is managed through the cloud-based Sophos Central administrative console.

Gustavo shared the impact the Sophos system had on their day-to-day cybersecurity operations.

Life before Sophos: entire work days spent monitoring cybersecurity

With their previous cybersecurity products, Gustavo and team faced a huge amount of daily administration and were slowed down by network issues.

In fact, they used to spend a full eight hours a day between them monitoring for security issues. This took up a significant proportion of their overall capacity, limiting the team’s ability to work on other tasks.

Life after Sophos: 50% reduction in admin time plus improved bandwidth

Since switching to the Sophos system, Gustavo and team have been able to reduce the time spent monitoring for security issues from eight hours to four hours a day.

Management is now simpler and easier, as they can control everything through the Sophos Central console. At the same time, they also experience far fewer network issues.

One feature which has been particularly beneficial is the ability to identify and control all applications on the network, which we call Synchronized App Control.

Sophos endpoint protection and XG Firewall constantly share information in real time, enabling the firewall to identify all apps, including those that would prefer to remain hidden.

Armed with this insight, Gustavo has been able to block social media and streaming, resulting in improved user productivity and bandwidth.

Favorite feature

A favorite feature of Gustavo and team is the ability to manage firewall, server, and endpoint security through a single cloud-based platform, giving them one-stop shopping for security management. Everything they need is at their fingertips with a single login.

Whether managing bandwidth, controlling apps, or dealing with general security issues, everything is handled through a unified console, cutting the time spent on these weighty tasks in half.

See it in action

Watch this demo video to see just how easy day-to-day security management is with a Sophos system.

To try the system for yourself, the easiest way is to start a free trial of one of our products.

And for anything else, or to discuss your own challenges, the Sophos team is here to help.

The COVID-19 era has ushered in a global organisational transition to remote working policies and highlighted the need to bolster protection against cyber-attacks and inadvertent data misuse at the hands of employees.

Top cybersecurity leaders outline key areas to facilitate successful remote workforce environments in this latest article by HelpNetSecurity, including HelpSystems CEO Kate Bolseth, who discusses the value of data classification in protecting vulnerable corporate assets.

“One thing must be clear” Kate Bolseth writes: “your entire management team needs to assist in establishing the right infrastructure in order to facilitate a successful remote workforce environment.

Before looking at any solutions, answer the following questions:

• How are my employees accessing data?
• How are they working?
• How can we minimize the risk of data breaches or inadvertent exposure of sensitive data?
• How do we discern what data is sensitive and needs to be protected?

The answers will inform organizational planning and facilitate employee engagement while removing potential security roadblocks that might thwart workforce productivity. These guidelines must be as fluid as the extraordinary circumstances we are facing without creating unforeseen exposure to risk.

When examining solutions, any option worth considering must be able to identify and classify sensitive personal data and critical corporate information assets. The deployment of enterprise-grade security is essential to protecting the virtual workforce from security breaches via personal computers as well as at-home Wi-Fi networks and routers.

Ultimately, it’s the flow of email that remains the biggest vulnerability for most organizations, so make sure your solution examines emails and files at the point of creation to identify personal data and apply proper protection while providing the link to broader data classification”.

We’re pleased to announce the addition of new reporting capabilities for Sophos Central Firewall Reporting (CFR). If you’re a customer of CFR Advanced, you’ll see new options to save, schedule, and export your favorite reports in Sophos Central, further extending your powerful custom reporting capabilities in the cloud.

What’s new and how to use it

• Save reports as templates – Central Firewall Reporting Advanced lets you save custom report templates. First, customize a report with the columns, filters, and chart type you want. Then save it in your template library for quick access whenever you need to run it.
• Schedule reports – Getting your favorite and custom reports is now even easier, as you can schedule them to be delivered your inbox or picked up in Sophos Central at your convenience. The scheduler allows you to set a frequency for your reports, including daily, weekly, and monthly options.
• Export your reports – Reports can now be exported in HTML, CSV, and (coming next month) PDF formats. As an additional bonus, the exported reports provide up to 100,000 records in a report, whereas the interactive reports in Central are limited to 10,000 records. Download your favorite report for offline viewing directly from Sophos Central or have it delivered to your inbox.

You have complete control over the scheduling frequency, report format, and delivery…

We will be covering Central Firewall Reporting in more detail in an upcoming article in our Making the Most of XG Firewall v18 series.

What you need

CFR Advanced is a new subscription license that offers additional firewall log data storage for historical reporting, and now adds these new features for saving, scheduling, and exporting reports.

CFR Advanced subscriptions are on a per-firewall basis, so each firewall you wish to report on in Sophos Central will require its own CFR Advanced license.

CFR Advanced licenses are purchased in 100GB storage quantities. You can use the storage estimation tool (at sophos.com/cfrsizing) to quickly determine the estimated storage required for your particular needs.

XG Firewall v18 is required to take advantage of Central Firewall Reporting. We encourage everyone to upgrade today to take advantage of all the great new performance, security, and feature enhancements.

Talk to your preferred Sophos partner today about adding CFR Advanced to your account so you can take full advantage of the rich customizable reporting options in Sophos Central.

New to Sophos Central Reporting?

If you’re new to Sophos Central Reporting, you can try it for free. Simply set up your firewalls for Sophos Central management and log into Sophos Central to give it a go.

You can learn more about what’s included with Sophos Central management and reporting on our website or download the PDF brochure. And if you’re new to Sophos XG Firewall, be sure to check out how you can add the best visibility, protection, and response to your network.

Security services bestow organizations with the security expertise they desperately need to combat ever-increasingly capable threat actors, as illustrated by the momentum in uptake of our Managed Threat Response service.

Remote Desktop Protocol (RDP), while a legitimate tool, is also a common ingress point for attackers looking to break into an organization. A recent Sophos survey found that in 9% of ransomware attacks, RDP was the method used to gain entry.

Fortunately, Intercept X Advanced with EDR makes it easy to identify devices that have open RDP connections and remotely shut them down, all from a single management console.

Sophos EDR includes Live Discover, which leverages a collection of pre-written, fully customizable SQL queries to answer IT operations and threat hunting questions.

To begin, we select which devices we want to check.

There are a variety of different categories to choose from depending on your needs. We have a couple of options for RDP. Identifying devices with running processes that have active RDP connections or finding devices that have RDP enabled.

In this case we want to do the latter, so we’re going to create a short query for the task. A quick search of the Live Discover query sharing forum gives us exactly what we need. A couple of clicks later and we have our query ready to run (we also had the option to select a pre-written query to identify devices with active RDP connections).

The query identifies a device that has RDP enabled. From the same console, we launch a Live Response remote terminal session to the device and use the command line interface to disable RDP.

It’s that easy to detect RDP and disable it across your entire endpoint and server estates. To learn more about Sophos EDR head over to Sophos.com or to try it for yourself, you can start a no-obligation 30-day trial.

We often get asked about the inner workings of Netsparker’s vulnerability scanning engine. People familiar with network and virus scanners also ask what vulnerability databases we use and how often we update them. In reality, it’s all a lot more interesting than ticking boxes on a list of known issues. Time to set the record straight about how a cutting-edge web vulnerability scanner works.

Two Sources of Vulnerability Information

When most people hear the word “scanner”, they think of software that looks for known risks. This is generally what virus scanners and network scanners do: check targets against a list of known issues, such as (respectively) malware signatures and CVE vulnerability reports. So when customers see how effective Netsparker is, their first question is often: “What vulnerability database do you use?” Well, the short answer is: “None, mostly.” The full answer is that Netsparker is an advanced heuristic scanner that also checks for known web application vulnerabilities – but let’s break this down a bit.

The Mundane Part: CVEs

The idea of relying on a vulnerability database comes from the systems and network security world, where a software or hardware bug is discovered, publicly disclosed, and added to a vulnerability database such as CVE. Network scanners, for example, work by finding such known issues in target systems. To fix the vulnerability, you simply patch or update the affected component.

Some CVEs also apply to web applications. These are bugs in widely-used products that need to be patched to avoid attacks. As one part of its scanning process, Netsparker checks for such issues based on the CVE registry and other vulnerability databases, so scans also cover vulnerabilities such as Heartbleed (CVE-2014-0160) or POODLE (CVE-2014-3566). In fact, the Netsparker security advisory program actively contributes to finding bugs in open-source packages by scanning them for vulnerabilities during engine testing. To learn how our security researchers do this, see our article on vulnerability disclosures.

Although an important part of overall security, checking for known issues is relatively easy and not terribly exciting. Things get interesting when you have to check for unknown issues – and this is when you find out how effective your web application security solution truly is.

The Really Clever Part: Heuristics

The vast majority of web application vulnerabilities are brand new issues that were introduced in new code in custom-built applications – so how are you supposed to know about them? This is the main difference between web application security testing and signature-based security checks: web vulnerability scanning is primarily about finding new vulnerabilities resulting from underlying weaknesses categorized in the CWE system. To find previously unknown issues, Netsparker uses a cutting-edge heuristic scanning engine that probes websites and applications for vulnerabilities just like a penetration tester would.

Netsparker uses a variety of advanced heuristic techniques to find all entry points in web applications and test them for vulnerabilities. This includes automatic URL rewriting to provide maximum scan coverage, automated fuzzing to generate unexpected inputs that may reveal a weakness, and proprietary Proof-Based Scanning™ technology to safely test weaknesses and provide proof that the vulnerability is real.

Because web vulnerability scanners don’t rely on signatures, their effectiveness is highly dependent on the quality and maturity of the underlying heuristic scanning engine. If the scanning engine is too eager to flag suspicious responses as signs of vulnerabilities, it will flood the user with false positives. If it is too cautious or simply not advanced enough, it will miss real vulnerabilities or even bypass whole pages, for example because it can’t deal with authentication. As an industry veteran and technology leader, Netsparker knows how to strike the right balance.

Get the Best of Both Worlds

The purpose of a web application security solution is to help the user improve security more efficiently than with manual testing alone. This goes way beyond vulnerability databases and even beyond scanning itself. To get measurable security improvements, you need a holistic view of web application security that pulls together accurate information from all relevant sources and applies it through effective automation.

Netsparker combines high-quality heuristic results from its industry-leading vulnerability scanning engine with information about known issues listed in vulnerability databases. All these vulnerability results are complemented by asset discovery and crawling information, warnings about outdated web technologies, detailed vulnerability descriptions complete with suggested remedies, best-practice recommendations, compliance reports, and more. This gives you a complete picture of what you need to fix in your web environment, so you can start getting real value from Netsparker in a matter of days.

ProLock ransomware emerged on the threat scene in March, a retooled and rebranded version of PwndLocker.

As SophosLabs reveals in its detailed analysis, while ProLock ransomware gives you the first eight kilobytes of decryption for free, it can still cause significant business disruption and economic damage.

Protect against ProLock with Sophos Intercept X

Intercept X gives you multiple layers of protection against ProLock, keeping the data on your endpoints and servers safe:

• CryptoGuard identifies and rolls back the unauthorized encryption of files. In fact, Sophos first detected ProLock when CryptoGuard caught it on a customer network
• Deep learning identifies and blocks ProLock without signatures
• Signatures block variants of ProLock either as Troj/Agent-BEKP or Malware/Generic-S

If you’re running Sophos Intercept X you can relax knowing that you are automatically protected against ProLock, as all three of the above features are enabled by default in our recommended settings.

(If you’re not yet running Intercept X and want to give it a try, visit the web page to learn more and start a no-obligation free trial.)

To check that you have CryptoGuard and Deep Learning enabled:

• Open your Sophos Central Admin console and select Endpoint Protection in the left-hand menu
• Select Policies
• Review the list of threat protection policies already created
• Toggle the buttons to make any necessary changes

Endpoint protection and firewall best practices to block ransomware

51% of IT managers surveyed for our recent State of Ransomware 2020 report said their organization was hit by ransomware last year, and that cybercriminals succeeded in encrypting data in 73% of incidents.

With stats like these it’s worth taking the time to ensure all your ransomware defenses are up-to-date.

The earliest detection of ProLock by Sophos was traced to a compromised server, most likely through an exploit of a Remote Desktop Protocol (RDP).

Putting RDP access behind a virtual private network and using multi-factor authentication for remote access are just a couple of the best practices we recommend to reduce your ransomware risk.

For additional best practices, take a look at our guides Endpoint Protection Best Practices to Block Ransomware and Firewall Best Practices to Block Ransomware.

We are excited to announce that Intercept X for Server Advanced with EDR has been enhanced with powerful cloud visibility features from Cloud Optix.

In addition to even more detail on your AWS, Azure, and GCP cloud workloads, this integration gives customers critical insights into their wider cloud environments, including security groups, hosts, shared storage, databases, serverless, containers, and more.

See your complete cloud environment

The dynamic nature of cloud environments – with assets being spun up and down as and when necessary to meet changing demands – can make security and compliance assessments time-consuming. In many cases, you’ll need to log into multiple consoles and manually collate information to get a full picture.

With Sophos, it’s easy. You get details about your entire cloud infrastructure across different public cloud providers on one screen, in a single management console. You can dive directly into assets to get more detail about your asset inventory and cloud security posture.

Secure your complete cloud environment

Automated scans will detect any insecure deployments, with guided recommendations about how to fix potential issues. Additionally, guardrails can be deployed to lock down configurations, ensuring that they can’t be accidentally or maliciously tampered with and left in an unsafe state.

Artificial intelligence tracks normal behavior patterns, looking for any suspicious activity such as anomalous traffic patterns or unusual login attempts to cloud accounts. Issues are then flagged and prioritized by risk level if they require manual intervention.

Here’s the full list of what’s available:

• Cloud asset inventory – see a detailed inventory of your entire cloud infrastructure (e.g. cloud hosts, serverless functions, S3 buckets, databases, and cloud workloads), eliminating the need for time-consuming manual collation
• Access and traffic anomaly detection – unusual login attempts and suspicious traffic patterns are automatically detected and blocked or flagged to the admin as appropriate
• Security scans – daily and on-demand scans monitor your cloud environment to ensure its on-going security. Issues are automatically resolved where possible, with admin notification if manual intervention is required
• Configuration guardrails – stop accidental or malicious tampering with configurations that could negatively impact security posture
• Compliance policies – ensure that your cloud environment conforms to Center for Internet Security (CIS) best practices, helping keep your security posture at its best
• Alert management integrations – receive email notifications when manual intervention is required

Powerful visibility and protection for every setup

This exciting new cloud functionality is available to all Intercept X Advanced for Server with EDR customers at no additional cost. Log into your Sophos Central console, select Cloud Optix, and you can get started right away.

Current customers using Sophos Central that would like to try out this new functionality – in addition to the recently released EDR IT operations and threat hunting capabilities – can start a trial from within the Sophos Central console.

If you don’t have a Sophos Central account, you can register for a trial on Sophos.com.

Intercept X Advanced for Server with EDR and Intercept X Advanced with EDR give organizations unparalleled visibility and protection across their cloud, on-premises, and virtual estates. Cloud Optix shines a spotlight on complete cloud environments, showing what’s there, what needs securing, and making sure that everything stays safe and secure.

Most privileged access management solutions just focus on passwords. BeyondTrust is different. Our innovative Universal Privilege Management approach to cyber security secures every user, asset, and session across your enterprise. Deployed as SaaS or on-premises, BeyondTrust’s Universal Privilege Management approach simplifies deployments, reduces costs, improves usability, and reduces privilege risks.

Increased remote working makes it more important than ever to secure computers and the data on them. With the huge number of laptops that are lost, misplaced, or stolen every day, a crucial first line of defense for devices is full-disk encryption.

With full disk encryption rolled out, admins can ensure sensitive company data can’t be accessed, even if a device falls into the wrong hands. And while disk encryption has long been a vital component of device security, it has also frequently been associated with complexity and admin overhead. Setting up and maintaining servers, dealing with encryption keys, and helping users who’ve forgotten their credentials all takes time and effort.

Hassle-free encryption

With Sophos Central Device Encryption, we focus on making device encryption intuitive and hassle-free. There’s no server to install, and encryption is enabled in a handful of clicks. Sophos Central Device Encryption uses the same core agent as Intercept X, meaning existing Sophos customers have no additional agent to deploy and can start encrypting computers in mere minutes.

Under the hood, we leverage Windows BitLocker and macOS FileVault technology to do the heavy lifting when it comes to encrypting and decrypting data on the disk. With these technologies being integrated deeply into each operating system, performance and security is first-class.

Demonstrate compliance

As a part of compliance requirements, companies often need to verify which computers in the organization are encrypted. The cloud-based Sophos Central Admin console provides great visibility into device status, including which disks are encrypted and the last time a device checked in. The next version of Central Device Encryption adds a new Encryption Status report, further drilling down into device encryption status, making it even easier to help demonstrate compliance across the organization.

Fast recovery

An important consideration with disk encryption is how users will regain access to their devices if they forget their credentials. The Sophos Central Self-Service Portal lets users retrieve their own recovery keys without needing to contact the IT helpdesk. Users get back up and running faster, and IT teams have fewer tickets to deal with.

Sophos Central Device Encryption

The shift towards remote working makes full disk encryption more important than ever. Sophos Central Device Encryption makes it a breeze to deploy and manage devices with full disk encryption. Head over to Sophos.com to find out more and to sign up for a free trial.

Analysis of public cloud accounts across Amazon Web Services, Microsoft Azure, and Google Cloud Platform reveals a silver lining when it comes to the protection of cloud data.

New research shows that in the last year, 70% of organizations that use public cloud services experienced a security incident. These incidents included attacks from ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%).

Ninety-six percent of these organizations are concerned about their current levels of cloud security, with data security being the top concern for 44% of them. It’s a good time to address the fundamentals of cloud security best practices: access to cloud environments and the protection of sensitive data.

Secure who gets in

Identity security represents a huge challenge for organizations. A review of cloud accounts by the Sophos Cloud Optix cloud security posture management service discovered worrying trends in organizations’ security posture as it relates to cloud account access, with 91% of organizations having over-privileged Identity and Access Management roles and 98% without MFA enabled on their cloud provider accounts.

Managing access to cloud accounts is an enormous challenge and yet only a quarter of organizations in our research saw it as a top area for concern, while a third reported that cybercriminals gained access by stealing cloud provider account credentials

Why securing access matters

Granting extensive access permissions to IAM users, groups, and cloud services is a risky practice. If such credentials get compromised, cybercriminals may gain access to any services and data those permissions grant. All user accounts should have MFA enabled, as it adds an extra layer of protection on top of usernames and passwords.

Secure what can get out

You won’t have to look far to find stories of shared storage-related data breaches caused by misconfiguration, where security settings with public read/list permissions had been enabled. AWS has even released an update to help customers from running afoul of this – one of the biggest causes of cloud data breaches. In our review of cloud accounts, we discovered that accidental data exposure through misconfigured storage services continues to plague organizations, with 60% leaving information unencrypted. Organizations are making it easy for attackers to search for and identify new targets.

The silver lining in all this is that the number of organizations exposing data to the public internet is declining, with Sophos Cloud Optix identifying that only 13% of organizations left database ports open to the internet and 18% of organizations had storage services with public read/list permissions enabled. Assuming there will always be use cases for public access being available, organizations are starting to close the door on this, the most common attack method for obtaining sensitive company and customer data.

Why secure configurations matter

Encryption is critical when it comes to stopping cybercriminals from seeing and reading stored information, and is a requirement for many compliance and security best-practice standards. “Public mode” – a setting that can be applied to databases, shared storage, and other cloud provider services – is a major cause of data breaches, and misconfiguring cloud services in “public mode” allows cybercriminals to automate their searches for security weak points. Guardrails should be in place to prevent such misconfigurations.

Think you know what you’ve got in the cloud?

Take control of your cloud security with a free inventory assessment and security check powered by Sophos Cloud Optix. Activate a free trial to get to get 30 days of commitment-free usage, including:

• Comprehensive inventory of everything you’ve got in the cloud: virtual machines, storage, containers, IAM roles, etc.
• Visualize IAM roles like never before and stop over-privileged access roles and stolen credentials from being exploited in cyberattacks
• Harden Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments to reduce your surface area for attack
• Automatically detect security and compliance vulnerabilities, suspicious access, network traffic and cloud spend anomalies
• No agent, no install, no tie-in

Once you have a Cloud Optix account set up, follow the step-by-step instructions on the screen, which will walk you through adding your AWS, Azure, and GCP environments. For more information, read the Getting Started guide.

Should you need help at any point, check out the community forum or reach out to our technical support team.