Remote Desktop Protocol (RDP), while a legitimate tool, is also a common ingress point for attackers looking to break into an organization. A recent Sophos survey found that in 9% of ransomware attacks, RDP was the method used to gain entry.

Fortunately, Intercept X Advanced with EDR makes it easy to identify devices that have open RDP connections and remotely shut them down, all from a single management console.

Sophos EDR includes Live Discover, which leverages a collection of pre-written, fully customizable SQL queries to answer IT operations and threat hunting questions.

To begin, we select which devices we want to check.

There are a variety of different categories to choose from depending on your needs. We have a couple of options for RDP. Identifying devices with running processes that have active RDP connections or finding devices that have RDP enabled.

In this case we want to do the latter, so we’re going to create a short query for the task. A quick search of the Live Discover query sharing forum gives us exactly what we need. A couple of clicks later and we have our query ready to run (we also had the option to select a pre-written query to identify devices with active RDP connections).

The query identifies a device that has RDP enabled. From the same console, we launch a Live Response remote terminal session to the device and use the command line interface to disable RDP.

It’s that easy to detect RDP and disable it across your entire endpoint and server estates. To learn more about Sophos EDR head over to Sophos.com or to try it for yourself, you can start a no-obligation 30-day trial.

We often get asked about the inner workings of Netsparker’s vulnerability scanning engine. People familiar with network and virus scanners also ask what vulnerability databases we use and how often we update them. In reality, it’s all a lot more interesting than ticking boxes on a list of known issues. Time to set the record straight about how a cutting-edge web vulnerability scanner works.

Two Sources of Vulnerability Information

When most people hear the word “scanner”, they think of software that looks for known risks. This is generally what virus scanners and network scanners do: check targets against a list of known issues, such as (respectively) malware signatures and CVE vulnerability reports. So when customers see how effective Netsparker is, their first question is often: “What vulnerability database do you use?” Well, the short answer is: “None, mostly.” The full answer is that Netsparker is an advanced heuristic scanner that also checks for known web application vulnerabilities – but let’s break this down a bit.

The Mundane Part: CVEs

The idea of relying on a vulnerability database comes from the systems and network security world, where a software or hardware bug is discovered, publicly disclosed, and added to a vulnerability database such as CVE. Network scanners, for example, work by finding such known issues in target systems. To fix the vulnerability, you simply patch or update the affected component.

Some CVEs also apply to web applications. These are bugs in widely-used products that need to be patched to avoid attacks. As one part of its scanning process, Netsparker checks for such issues based on the CVE registry and other vulnerability databases, so scans also cover vulnerabilities such as Heartbleed (CVE-2014-0160) or POODLE (CVE-2014-3566). In fact, the Netsparker security advisory program actively contributes to finding bugs in open-source packages by scanning them for vulnerabilities during engine testing. To learn how our security researchers do this, see our article on vulnerability disclosures.

Although an important part of overall security, checking for known issues is relatively easy and not terribly exciting. Things get interesting when you have to check for unknown issues – and this is when you find out how effective your web application security solution truly is.

The Really Clever Part: Heuristics

The vast majority of web application vulnerabilities are brand new issues that were introduced in new code in custom-built applications – so how are you supposed to know about them? This is the main difference between web application security testing and signature-based security checks: web vulnerability scanning is primarily about finding new vulnerabilities resulting from underlying weaknesses categorized in the CWE system. To find previously unknown issues, Netsparker uses a cutting-edge heuristic scanning engine that probes websites and applications for vulnerabilities just like a penetration tester would.

Netsparker uses a variety of advanced heuristic techniques to find all entry points in web applications and test them for vulnerabilities. This includes automatic URL rewriting to provide maximum scan coverage, automated fuzzing to generate unexpected inputs that may reveal a weakness, and proprietary Proof-Based Scanning™ technology to safely test weaknesses and provide proof that the vulnerability is real.

Because web vulnerability scanners don’t rely on signatures, their effectiveness is highly dependent on the quality and maturity of the underlying heuristic scanning engine. If the scanning engine is too eager to flag suspicious responses as signs of vulnerabilities, it will flood the user with false positives. If it is too cautious or simply not advanced enough, it will miss real vulnerabilities or even bypass whole pages, for example because it can’t deal with authentication. As an industry veteran and technology leader, Netsparker knows how to strike the right balance.

Get the Best of Both Worlds

The purpose of a web application security solution is to help the user improve security more efficiently than with manual testing alone. This goes way beyond vulnerability databases and even beyond scanning itself. To get measurable security improvements, you need a holistic view of web application security that pulls together accurate information from all relevant sources and applies it through effective automation.

Netsparker combines high-quality heuristic results from its industry-leading vulnerability scanning engine with information about known issues listed in vulnerability databases. All these vulnerability results are complemented by asset discovery and crawling information, warnings about outdated web technologies, detailed vulnerability descriptions complete with suggested remedies, best-practice recommendations, compliance reports, and more. This gives you a complete picture of what you need to fix in your web environment, so you can start getting real value from Netsparker in a matter of days.

ProLock ransomware emerged on the threat scene in March, a retooled and rebranded version of PwndLocker.

As SophosLabs reveals in its detailed analysis, while ProLock ransomware gives you the first eight kilobytes of decryption for free, it can still cause significant business disruption and economic damage.

Protect against ProLock with Sophos Intercept X

Intercept X gives you multiple layers of protection against ProLock, keeping the data on your endpoints and servers safe:

• CryptoGuard identifies and rolls back the unauthorized encryption of files. In fact, Sophos first detected ProLock when CryptoGuard caught it on a customer network
• Deep learning identifies and blocks ProLock without signatures
• Signatures block variants of ProLock either as Troj/Agent-BEKP or Malware/Generic-S

If you’re running Sophos Intercept X you can relax knowing that you are automatically protected against ProLock, as all three of the above features are enabled by default in our recommended settings.

(If you’re not yet running Intercept X and want to give it a try, visit the web page to learn more and start a no-obligation free trial.)

To check that you have CryptoGuard and Deep Learning enabled:

• Open your Sophos Central Admin console and select Endpoint Protection in the left-hand menu
• Select Policies
• Review the list of threat protection policies already created
• Toggle the buttons to make any necessary changes

Endpoint protection and firewall best practices to block ransomware

51% of IT managers surveyed for our recent State of Ransomware 2020 report said their organization was hit by ransomware last year, and that cybercriminals succeeded in encrypting data in 73% of incidents.

With stats like these it’s worth taking the time to ensure all your ransomware defenses are up-to-date.

The earliest detection of ProLock by Sophos was traced to a compromised server, most likely through an exploit of a Remote Desktop Protocol (RDP).

Putting RDP access behind a virtual private network and using multi-factor authentication for remote access are just a couple of the best practices we recommend to reduce your ransomware risk.

For additional best practices, take a look at our guides Endpoint Protection Best Practices to Block Ransomware and Firewall Best Practices to Block Ransomware.

We are excited to announce that Intercept X for Server Advanced with EDR has been enhanced with powerful cloud visibility features from Cloud Optix.

In addition to even more detail on your AWS, Azure, and GCP cloud workloads, this integration gives customers critical insights into their wider cloud environments, including security groups, hosts, shared storage, databases, serverless, containers, and more.

See your complete cloud environment

The dynamic nature of cloud environments – with assets being spun up and down as and when necessary to meet changing demands – can make security and compliance assessments time-consuming. In many cases, you’ll need to log into multiple consoles and manually collate information to get a full picture.

With Sophos, it’s easy. You get details about your entire cloud infrastructure across different public cloud providers on one screen, in a single management console. You can dive directly into assets to get more detail about your asset inventory and cloud security posture.

Secure your complete cloud environment

Automated scans will detect any insecure deployments, with guided recommendations about how to fix potential issues. Additionally, guardrails can be deployed to lock down configurations, ensuring that they can’t be accidentally or maliciously tampered with and left in an unsafe state.

Artificial intelligence tracks normal behavior patterns, looking for any suspicious activity such as anomalous traffic patterns or unusual login attempts to cloud accounts. Issues are then flagged and prioritized by risk level if they require manual intervention.

Here’s the full list of what’s available:

• Cloud asset inventory – see a detailed inventory of your entire cloud infrastructure (e.g. cloud hosts, serverless functions, S3 buckets, databases, and cloud workloads), eliminating the need for time-consuming manual collation
• Access and traffic anomaly detection – unusual login attempts and suspicious traffic patterns are automatically detected and blocked or flagged to the admin as appropriate
• Security scans – daily and on-demand scans monitor your cloud environment to ensure its on-going security. Issues are automatically resolved where possible, with admin notification if manual intervention is required
• Configuration guardrails – stop accidental or malicious tampering with configurations that could negatively impact security posture
• Compliance policies – ensure that your cloud environment conforms to Center for Internet Security (CIS) best practices, helping keep your security posture at its best
• Alert management integrations – receive email notifications when manual intervention is required

Powerful visibility and protection for every setup

This exciting new cloud functionality is available to all Intercept X Advanced for Server with EDR customers at no additional cost. Log into your Sophos Central console, select Cloud Optix, and you can get started right away.

Current customers using Sophos Central that would like to try out this new functionality – in addition to the recently released EDR IT operations and threat hunting capabilities – can start a trial from within the Sophos Central console.

If you don’t have a Sophos Central account, you can register for a trial on Sophos.com.

Intercept X Advanced for Server with EDR and Intercept X Advanced with EDR give organizations unparalleled visibility and protection across their cloud, on-premises, and virtual estates. Cloud Optix shines a spotlight on complete cloud environments, showing what’s there, what needs securing, and making sure that everything stays safe and secure.

Most privileged access management solutions just focus on passwords. BeyondTrust is different. Our innovative Universal Privilege Management approach to cyber security secures every user, asset, and session across your enterprise. Deployed as SaaS or on-premises, BeyondTrust’s Universal Privilege Management approach simplifies deployments, reduces costs, improves usability, and reduces privilege risks.

Increased remote working makes it more important than ever to secure computers and the data on them. With the huge number of laptops that are lost, misplaced, or stolen every day, a crucial first line of defense for devices is full-disk encryption.

With full disk encryption rolled out, admins can ensure sensitive company data can’t be accessed, even if a device falls into the wrong hands. And while disk encryption has long been a vital component of device security, it has also frequently been associated with complexity and admin overhead. Setting up and maintaining servers, dealing with encryption keys, and helping users who’ve forgotten their credentials all takes time and effort.

Hassle-free encryption

With Sophos Central Device Encryption, we focus on making device encryption intuitive and hassle-free. There’s no server to install, and encryption is enabled in a handful of clicks. Sophos Central Device Encryption uses the same core agent as Intercept X, meaning existing Sophos customers have no additional agent to deploy and can start encrypting computers in mere minutes.

Under the hood, we leverage Windows BitLocker and macOS FileVault technology to do the heavy lifting when it comes to encrypting and decrypting data on the disk. With these technologies being integrated deeply into each operating system, performance and security is first-class.

Demonstrate compliance

As a part of compliance requirements, companies often need to verify which computers in the organization are encrypted. The cloud-based Sophos Central Admin console provides great visibility into device status, including which disks are encrypted and the last time a device checked in. The next version of Central Device Encryption adds a new Encryption Status report, further drilling down into device encryption status, making it even easier to help demonstrate compliance across the organization.

Fast recovery

An important consideration with disk encryption is how users will regain access to their devices if they forget their credentials. The Sophos Central Self-Service Portal lets users retrieve their own recovery keys without needing to contact the IT helpdesk. Users get back up and running faster, and IT teams have fewer tickets to deal with.

Sophos Central Device Encryption

The shift towards remote working makes full disk encryption more important than ever. Sophos Central Device Encryption makes it a breeze to deploy and manage devices with full disk encryption. Head over to Sophos.com to find out more and to sign up for a free trial.

Analysis of public cloud accounts across Amazon Web Services, Microsoft Azure, and Google Cloud Platform reveals a silver lining when it comes to the protection of cloud data.

New research shows that in the last year, 70% of organizations that use public cloud services experienced a security incident. These incidents included attacks from ransomware and other malware (50%), exposed data (29%), compromised accounts (25%), and cryptojacking (17%).

Ninety-six percent of these organizations are concerned about their current levels of cloud security, with data security being the top concern for 44% of them. It’s a good time to address the fundamentals of cloud security best practices: access to cloud environments and the protection of sensitive data.

Secure who gets in

Identity security represents a huge challenge for organizations. A review of cloud accounts by the Sophos Cloud Optix cloud security posture management service discovered worrying trends in organizations’ security posture as it relates to cloud account access, with 91% of organizations having over-privileged Identity and Access Management roles and 98% without MFA enabled on their cloud provider accounts.

Managing access to cloud accounts is an enormous challenge and yet only a quarter of organizations in our research saw it as a top area for concern, while a third reported that cybercriminals gained access by stealing cloud provider account credentials

Why securing access matters

Granting extensive access permissions to IAM users, groups, and cloud services is a risky practice. If such credentials get compromised, cybercriminals may gain access to any services and data those permissions grant. All user accounts should have MFA enabled, as it adds an extra layer of protection on top of usernames and passwords.

Secure what can get out

You won’t have to look far to find stories of shared storage-related data breaches caused by misconfiguration, where security settings with public read/list permissions had been enabled. AWS has even released an update to help customers from running afoul of this – one of the biggest causes of cloud data breaches. In our review of cloud accounts, we discovered that accidental data exposure through misconfigured storage services continues to plague organizations, with 60% leaving information unencrypted. Organizations are making it easy for attackers to search for and identify new targets.

The silver lining in all this is that the number of organizations exposing data to the public internet is declining, with Sophos Cloud Optix identifying that only 13% of organizations left database ports open to the internet and 18% of organizations had storage services with public read/list permissions enabled. Assuming there will always be use cases for public access being available, organizations are starting to close the door on this, the most common attack method for obtaining sensitive company and customer data.

Why secure configurations matter

Encryption is critical when it comes to stopping cybercriminals from seeing and reading stored information, and is a requirement for many compliance and security best-practice standards. “Public mode” – a setting that can be applied to databases, shared storage, and other cloud provider services – is a major cause of data breaches, and misconfiguring cloud services in “public mode” allows cybercriminals to automate their searches for security weak points. Guardrails should be in place to prevent such misconfigurations.

Think you know what you’ve got in the cloud?

Take control of your cloud security with a free inventory assessment and security check powered by Sophos Cloud Optix. Activate a free trial to get to get 30 days of commitment-free usage, including:

• Comprehensive inventory of everything you’ve got in the cloud: virtual machines, storage, containers, IAM roles, etc.
• Visualize IAM roles like never before and stop over-privileged access roles and stolen credentials from being exploited in cyberattacks
• Harden Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments to reduce your surface area for attack
• Automatically detect security and compliance vulnerabilities, suspicious access, network traffic and cloud spend anomalies
• No agent, no install, no tie-in

Once you have a Cloud Optix account set up, follow the step-by-step instructions on the screen, which will walk you through adding your AWS, Azure, and GCP environments. For more information, read the Getting Started guide.

Should you need help at any point, check out the community forum or reach out to our technical support team.

In a cloud-first world, the traditional line between network security and application security is becoming blurred. Physical IT infrastructure can now be hidden behind layers of virtualization, and web applications are frequently designed, developed, tested, and deployed entirely in the cloud. At the same time, web applications have become the main target of cyberattacks and now account for 3 out of 4 data breaches worldwide. Web application security has never been more important – and yet there is still some confusion as to its place in the overall security posture. Established organizations often have mature network security programs, while web application security tends to receive far less attention and funding.

As companies continue to shift data and business logic onto cloud platforms and become reliant on web technologies to do business, information security has become a top priority. Business data, intellectual property (IP), and other sensitive information are now prized commodities, so cybercriminals are increasingly focusing their attacks on web applications to extract this data. This means that traditional network perimeter defense with firewalls to filter network traffic is no longer enough to ensure data security and proper access control. If exploited successfully, web application vulnerabilities can not only allow unauthorized access to sensitive data but also provide a foothold to mount denial-of-service attacks or even serve malware to website visitors.

Modern web assets include not only websites and web applications but also web services and application programming interfaces (APIs) that are used to exchange data between systems and provide the back-end for countless mobile applications. In a large organization, there can be thousands of different web assets spread across multiple systems and geographies. At this scale and level of complexity, protecting them all from cyberthreats is only possible with dedicated web application security solutions that deliver accurate and actionable results, such as modern dynamic application security testing (DAST) products.

Our white paper Web Application Security or Network Security – Do You Have to Choose? examines the history of web security and analyzes current trends to set the record straight on the role of web application security and network security in any mature cybersecurity program.

Download the PDF version of our white paper: Web Application Security or Network Security – Do You Have to Choose?

NSS, an international Value Added Distributor of leading edge IT solutions, announces today its partnership with BeyondTrust, the worldwide leader in Privileged Access Management and Secure Remote Access. NSS will distribute the most seamless solutions to prevent data breaches related to credential theft, misuse of privileges and breach of remote access in the markets of Greece, Cyprus and Malta as well as in the other Balkan countries. Being an international distributor of cybersecurity solutions in this region, NSS is in a strategic position regarding the distribution of the entire Privileged Access Management (PAM) suite of tools offered by BeyondTrust.

BeyondTrust’s Privileged Access Management portfolio is a comprehensive solution providing visibility and control capabilities to all privileged accounts and users. By integrating a wide range of privileged access security features, the platform simplifies implementation, reduces the risks associated with privileged credentials, reduces costs and significantly improves usability.

“As our strategic partner, NSS will be able to exploit BeyondTrust’s Universal Privilege Management model, a modern approach that addresses the entire universe of privileges across organizations said Alexis Serrano, Director – Channel & Alliances EMEIA of BeyondTrust. “Combining the know-how and in-depth knowledge of NSS in the regional market and its extensive network of partners, along with BeyondTrust’s best solutions, this partnership will help businesses and organizations improve their security strategies and operational resilience”, added Alexis Serrano, Director EMEIA Channels & Alliances.

“As a leader in Privileged Access Management (PAM) with numerous certifications and international distinctions from analysts such as Gartner, in NSS, we are thrilled to offer BeyondTrust’s solutions in the markets of the Balkan Region”, said George F. Kapaniris, NSS Executive Director. “BeyondTrust’s comprehensive PAM solution will allow us to lead our customers through a secure path helping them deal with critical vulnerabilities and immediately shrink the attack surface on their infrastructure”.

The flexible and expandable BeyondTrust platform allows organizations to easily maximize the security of privileges as the threats evolve into endpoint environments, server, cloud, DevOps and network devices. BeyondTrust’s platform integrates the broader range of privileged access capabilities with central management, reports and analytical reports, allowing administrators and security managers to take decisive and informed action and make decisions to successfully deal with attackers. The holistic approach platform stands out for its flexible design that simplifies consolidation, improves user productivity and maximizes IT and security investment.

BeyondTrust gives organizations the visibility and control they need to reduce risk, meet compliance goals and enhance business performance. NSS will expand its product portfolio by offering the innovative Universal Privilege Management approach solutions from BeyondTrust. This partnership will allow NSS to provide a customized PAM solution that meets the unique requirements of each customer.  Find out more on https://www.nss.gr.

Η NSS, διεθνής διανομέας Value Added Distributor (VAD) λύσεων πληροφορικής υψηλής τεχνολογίας ανακοινώνει σήμερα τη συνεργασία της με την BeyondTrust, παγκόσμιο ηγέτη στη διαχείριση προνομιακής πρόσβασης (Privileged Access Management) και ασφαλούς απομακρυσμένης πρόσβασης (Secure Remote Access). Η NSS θα διανέμει στην Ελληνική και Κυπριακή αγορά, καθώς και στα Βαλκάνια και τη Μάλτα, την πιο απρόσκοπτη λύση για την αποτροπή παραβιάσεων δεδομένων που σχετίζονται με κλοπή διαπιστευτηρίων, κακή χρήση προνομίων και παραβίαση της απομακρυσμένης πρόσβασης. Ως διεθνής διανομέας λύσεων ασφάλειας στον κυβερνοχώρο στην περιοχή, η NSS βρίσκεται σε στρατηγική θέση για να διανέμει στην αγορά την πλήρη σουίτα εργαλείων Privileged Access Management (PAM) της BeyondTrust.

Το χαρτοφυλάκιο Privileged Access Management της BeyondTrust αποτελεί μια ολοκληρωμένη λύση που παρέχει ορατότητα και δυνατότητες ελέγχου σε όλους τους προνομιακούς λογαριασμούς αλλά και τους προνομιακούς χρήστες. Ενοποιώντας ένα ευρύτατο σύνολο δυνατοτήτων ασφάλειας προνομιακής πρόσβασης, η πλατφόρμα απλοποιεί τις υλοποιήσεις, μειώνει τους κινδύνους που σχετίζονται με τα προνομιακά διαπιστευτήρια, μειώνει τα κόστη και βελτιώνει σημαντικά τη χρηστικότητα.

«Ως στρατηγικός συνεργάτης μας, η NSS θα είναι σε θέση να εκμεταλλευτεί το μοντέλο Universal Privilege Management της BeyondTrust, μια σύγχρονη προσέγγιση που αντιμετωπίζει το σύνολο προνομίων σε έναν οργανισμό», δήλωσε ο Alexis Serrano, Director – Channel & Alliances EMEIA της BeyondTrust. «Συνδυάζοντας την τεχνογνωσία και τη βαθειά γνώση της αγοράς που διαθέτει η NSS στην περιοχή αλλά και το εκτεταμένο δίκτυο συνεργατών της, με τις καλύτερες λύσεις της BeyondTrust, αυτή η συνεργασία θα βοηθήσει τις επιχειρήσεις και τους οργανισμούς να βελτιώσουν τις στρατηγικές ασφάλειας και την επιχειρησιακή τους αντοχή», συμπληρώνει ο κος Alexis Serrano, Director – Channel & Alliances EMEIA της BeyondTrust.

«Ως ηγέτης στη διαχείριση της προνομιακής πρόσβασης (PAM) με πολλές περγαμηνές και διεθνείς διακρίσεις από αναλυτές όπως η Gartner, στην NSS, είμαστε ενθουσιασμένοι που φέρνουμε τις λύσεις της BeyondTrust στην ευρύτερη αγορά της Ελλάδος, της Κύπρου, των Βαλκανίων αλλά και της Μάλτας», δήλωσε ο Γιώργος Καπανίρης, Εκτελεστικός Διευθυντής της NSS. «Η ολοκληρωμένη λύση PAM της BeyondTrust θα μας επιτρέψει να καθοδηγήσουμε τους πελάτες μας σε ένα ταξίδι που τους επιτρέπει να αντιμετωπίσουν κρίσιμα τρωτά σημεία και να αρχίσουν αμέσως να συρρικνώνουν την επιφάνεια επίθεσης στις υποδομές τους».

Η ευέλικτη και επεκτάσιμη πλατφόρμα της BeyondTrust, δίνει τη δυνατότητα στους οργανισμούς να κλιμακώσουν εύκολα την ασφάλεια προνομίων καθώς οι απειλές εξελίσσονται σε περιβάλλοντα τελικού σημείου, διακομιστή, cloud, DevOps αλλά και συσκευών δικτύου. Η πλατφόρμα της BeyondTrust ενοποιεί την ευρύτερη σειρά προνομιακών δυνατοτήτων πρόσβασης με κεντρική διαχείριση, αναφορές και αναλυτικές αναφορές, επιτρέποντας στους διαχειριστές, αλλά και στους επικεφαλείς ασφάλειας να λάβουν αποφασιστικές και ενημερωμένες ενέργειες και αποφάσεις για να αντιμετωπίσουν τους επιτιθέμενους. Η ολιστικής προσέγγισης πλατφόρμα ξεχωρίζει για τον ευέλικτο σχεδιασμό της που απλοποιεί τις ενοποιήσεις, βελτιώνει την παραγωγικότητα των χρηστών και μεγιστοποιεί τις επενδύσεις πληροφορικής και ασφάλειας.

Η BeyondTrust δίνει στους οργανισμούς την ορατότητα και τον έλεγχο που χρειάζονται για τη μείωση του κινδύνου, την επίτευξη των στόχων συμμόρφωσης και την ενίσχυση της επιχειρησιακής απόδοσης. Η NSS θα αξιοποιήσει τις καινοτόμες λύσεις συνολικού ελέγχου προνομιακής πρόσβασης της BeyondTrust για να συμπληρώσει τις λύσεις τεχνολογίας που προσφέρει ήδη στην ευρύτερη περιοχή όπου δραστηριοποιείται. Αυτή η συνεργασία θα επιτρέψει στην NSS να παρέχει μια προσαρμοσμένη λύση PAM που να ανταποκρίνεται στις μοναδικές απαιτήσεις κάθε πελάτη της. Μάθετε περισσότερα στην ιστοσελίδα της NSS https://www.nss.gr.

Managing IT security takes a lot of time. Well, 26% of an IT team’s time to be precise, based on feedback from the 3,100 IT managers we surveyed last year.

With time an increasingly precious commodity, the good news for XG Firewall users is that you can double the efficiency of your security team while also increasing your protection. How? By running Intercept X with EDR as your endpoint protection.

Double the efficiency of your IT team

Like XG Firewall, Intercept X is part of the Sophos cybersecurity system, and you can manage both solutions through the Sophos Central platform.

This eliminates the need to jump from console to console to see what’s going on. No more struggling to track data across platforms. Instead you have a single security console with consolidated alerts visible from the dashboard.

The Sophos Central Dashboard consolidates alerts across all products for instant visibility.

XG Firewall and Intercept X also share threat, health and user data, enabling you to quickly investigate any incidents that do occur.

When the firewall shows you the device name rather than just the IP address life becomes significantly easier.

See the name as well as the IP address of affected devices

In fact, customers tell us they’ve seen day-to-day security admin fall by 90% since they started running XG Firewall and Intercept X together, managed through Sophos Central.

Elevate your protection

Intercept X with EDR lets you elevate your protection by combining market-leading technologies with the ability to identify the root causes behind security and IT operations incidents.

Like your XG Firewall, Intercept X is powered by Sophos’ deep learning engine. It also gives you the most comprehensive exploit and ransomware protection on the market.

In addition, the new EDR capabilities enable you to see what’s really going on across your environment.

Fully-customizable queries quickly give you the answers to questions such as:

• Why is a device running slowly?
• Are machines pending a re-boot?
• Where is RDP enabled?
• Are any programs trying to connect with a non-standard port?

Armed with this information you can stop potential incidents before they occur, and address underlying issues.

Try for yourself

If you’re managing your XG Firewall through Sophos Central you can start a no-obligation free trial of Intercept X with EDR in just three clicks.

Simply scroll to the Free Trials link in the main left-hand navigation and follow the instructions.

If you’re not yet using Sophos Central, start a trial via our website. You’ll be up and running in a matter of minutes.

Hear from customers

To learn more about the benefits of running XG Firewall and Intercept X, read the Sophos Business Impact report.

It shares the experiences of five customers across North America, Europe, and Asia, quantifying the impact on their team and their organization.

Think you know what you’ve got in the cloud? Think again.

The accessibility of the public cloud is a double-edged sword: while it enables teams to spin up new resources in minutes, it also makes it hard for IT teams to keep track of everything that needs to be secured.

Take control of your cloud security with a free inventory assessment and security check, powered by Sophos Cloud Optix.  Activate a free trial to get to get 30 days commitment-free usage:

• Comprehensive inventory of everything you’ve got in the cloud: virtual machines, storage, containers, IAM Users etc.
• Covers Amazon Web Services, Microsoft Azure, Google Cloud Platform, Kubernetes clusters, and Infrastructure-as-Code environments
• Automatically scans for security gaps so you can address areas of weakness
• No agent, no install, no tie-in

Real-time security alerts, enabling you to take immediate action

Detect and prevent cloud security and compliance gaps

Cloud Optix is an agentless SaaS solution that integrates with your cloud infrastructure accounts using the native cloud provider APIs, logs, and cloud services.

It uses information from these sources to give you a detailed inventory of assets in your cloud accounts and provide an intuitive topological view of the environment’s architecture and traffic flows.

Inventory of all your resources

Topological view of your architecture and traffic flows

Cloud Optix also provides up-to-the-minute reports. These make it easy to stay in compliance with both regulatory requirements and internal security policies, including monitoring your daily spend.

Stay in compliance with real-time reports

Get up and running in minutes

Cloud Optix is managed through the Sophos Central security platform. There are two ways to activate your free usage period:

• Already using Sophos Central:  Click on the Free Trials link at the bottom of the left-hand menu in your Central admin console.

• New to Sophos Central: Request a free trial via our website. Your trial will give you access to Cloud Optix as well as all the other security services available in Sophos Central (endpoint protection, server protection etc.).

Next, follow the on-screen step-by-step instructions that will walk you through adding your AWS, Azure and GCP environments.  For more information, read the Getting Started guide.

Should you need help at any point, check out the community forum or reach out to our technical support team.

What happens when the trial period is over?

If you wish to continue using Cloud Optix at the end of the free usage period, simply purchase a subscription. Otherwise, you can just stop using the service. There’s no tie-in, no catch, no obligation.

XG Firewall v18 got off to a tremendous start with thousands of customers upgrading on launch day to take advantage of the new Xstream Architecture and other great enhancements.

Today, the product team is pleased to announce a new release of XG Firewall v18, maintenance release 1 (MR1), that is now available for all XG Firewall devices.

This latest release includes all security hotfixes as well as over fifty performance, reliability and stability enhancements and support for our new SD-RED devices.

Upgrading to v18 MR1 is seamless from v17.5 MR6 and above and from any other v18 release version. You will soon start seeing the new release appear in your console with a firmware upgrade notification, but you don’t need to wait, you can grab the new release anytime from the MySophos Licensing Portal: Upgrade Today!

What’s new and in it for you

Watch this brief 5-minute overview of what’s new in XG Firewall v18:

Here are the top new enhancements:

• Xstream Architecture: A new streaming DPI engine, high-performance TLS 1.3 inspection, AI-powered threat intelligence with in-depth reporting, and FastPath application acceleration.
• Sophos Central: Group firewall management and cloud reporting make management easier and provide deeper insights into network activity with flexible report customization tools and a new license for extending your firewall data storage in the cloud.
• Synchronized SD-WAN: brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over preferred WAN links.
• Plug-and-Play High Availability (HA): makes it easy to enable business continuity and adds peace-of-mind – simply connect two XG Series appliances together and you’ll be up and running in no time and now Sophos Central also supports HA pairs.
• Real-time flow monitoring: Get at-a-glance insights into active bandwidth consuming hosts, applications, and users – a fan favorite feature from our UTM 9 platform.
• Expanded notifications and alerts: You will never miss an important network security event whether it’s related to a threat, service, or important performance metric.
• New SD-RED Model Support: With MR1, take advantage of our all-new SD-RED 20 and SD-RED 60 models that provide added performance, modular connectivity, and redundant power for the ultimate solution to remote branch or device connectivity.

Upgrading XG Firewall firmware is easy. Watch this video for a refresher.

Start enjoying the benefits of added visibility, protection and performance with XG Firewall v18 MR1 today!

Migrating from SG UTM

Sophos SG UTM customers interested in taking advantage of all the great new enhancements in XG Firewall can do so for free – anytime. A valid license can be transferred over at no extra charge and Sophos Professional Services is happy to help with migration if desired.  Existing SG Series hardware is fully supported (except for the SG 105 which lacks the minimum required 4 GB of RAM). However, you may want to take this opportunity to consider refreshing your hardware to take full advantage of all the new capabilities such as TLS inspection. Check out this recent article for full details.

Migrating from Cyberoam

Migrating from Cyberoam to XG Firewall v18 is strongly encouraged to get all the added usability, security and performance benefits of XG Firewall. Contact your preferred Sophos partner to inquire about upgrading to the latest high-performance XG Series appliance hardware.

New to XG Firewall

If you’re new to XG Firewall, see why it offers the world’s best visibility, protection and response.