[vc_row][vc_column column_width_percent=”100″ position_vertical=”middle” align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″ css=”.vc_custom_1603096348997{border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”][vc_column_text css=”.vc_custom_1603092557855{margin-top: 0px !important;margin-bottom: 0px !important;border-top-width: 0px !important;border-bottom-width: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

[/vc_column_text][/vc_column][/vc_row][vc_row unlock_row=”” row_height_percent=”0″ overlay_alpha=”50″ gutter_size=”3″ column_width_percent=”100″ shift_y=”0″ z_index=”0″ css=”.vc_custom_1603096713732{border-right-width: 0px !important;border-left-width: 0px !important;padding-right: 0px !important;padding-left: 0px !important;}”][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ align_medium=”align_center_tablet” medium_width=”0″ align_mobile=”align_center_mobile” mobile_width=”0″ css=”.vc_custom_1603096930728{border-top-width: 0px !important;border-right-width: 0px !important;border-bottom-width: 0px !important;border-left-width: 0px !important;padding-top: 0px !important;padding-right: 0px !important;padding-bottom: 0px !important;padding-left: 0px !important;}”][vc_custom_heading]

In case you missed last Wednesday’s webinar

on Remote Working Solutions by BeyondTrust

and still want to learn how to control, manage, and audit a vendor or an internal remote privileged access, we have prepared a complete recording for you to watch anytime you prefer.

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_gallery el_id=”gallery-131064″ medias=”99600″ gallery_back_color=”color-150912″ gutter_size=”3″ media_items=”media|custom_link|original” screen_lg=”1000″ screen_md=”600″ screen_sm=”480″ single_width=”12″ images_size=”sixteen-nine” single_back_color=”color-150912″ single_shape=”round” single_overlay_opacity=”50″ single_padding=”2″ items=”eyI5OTU5N19pIjp7InNpbmdsZV93aWR0aCI6IjgifX0=”][/vc_column][/vc_row][vc_row][vc_column column_width_percent=”100″ align_horizontal=”align_center” gutter_size=”3″ overlay_alpha=”50″ shift_x=”0″ shift_y=”0″ shift_y_down=”0″ z_index=”0″ medium_width=”0″ mobile_width=”0″][vc_custom_heading]Learn more about BeyondTrust’s Services & Ecosystem [/vc_custom_heading][vc_single_image media=”98982″ media_width_percent=”100″ media_link=”url:https%3A%2F%2Fwww.nss.gr%2Fen%2Fproducts%2Fsecurity%2Fbeyondtrust%2F||target:%20_blank|”][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][vc_custom_heading heading_semantic=”h4″ text_size=”h3″]

If you need us to contact you please either fill in the following info or call our Customer Line +302118000330

[/vc_custom_heading][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][contact-form-7 id=”99312″][/vc_column][/vc_row]

The use of cloud services has soared this year, with 97% of business decision-makers saying that COVID-19 has sped up digital transformation and the use of cloud services at their companies. Organizations that haven’t embraced cloud already are likely to have it on their roadmap.

Speaking with over 3,500 IT Pros in the Sophos State of Cloud Security report, 70% of organizations already hosting data and workloads in the public cloud have reported security incidents in the last 12 months.

At Sophos, we want to help organizations identify and respond to these cloud threats faster, wipe out potential breach points, and optimize cloud spend. You can now do that for free with Cloud Optix on AWS Marketplace.

The free cloud security posture management tool

Cloud Optix, the Sophos cloud security posture management tool, protects Amazon Web Services, Microsoft Azure, and Google Cloud Platform environments. It continually monitors cloud service configurations, and detects suspicious activity, insecure deployments, and over-privileged IAM roles – all while helping optimize your cloud costs. Simply put: it stops potential cloud environment breach points before they are detected and compromised.

Monitor 25 cloud assets for free via AWS Marketplace

Sophos now provides customers with the ability to monitor 25 cloud assets absolutely free. To activate, sign up via the Cloud Optix AWS Marketplace listing, then once logged into your Cloud Optix account, simply activate the free tier from the top right corner of the Cloud Optix dashboard.

How the Cloud Optix free tier works:

• Customers are able to monitor 25 cloud assets for free (see how Cloud Optix counts assets)
• This is an optional free usage tier. To activate, customers should sign up via the Cloud Optix AWS Marketplace listing, then once logged into their Cloud Optix accounts, simply activate the free tier from the top right corner of the Cloud Optix dashboard as shown above.
• Once activated, customers will only be billed for usage that exceeds this limit.

Start protecting your public cloud environments today

Risk-free setup

No downloads are required. Cloud Optix is an agentless, SaaS-based service that’s simple to set up, with read-only access to cloud environments. For help configuring the service, visit the Cloud Optix online help guide.

For more information about our cloud security posture management solution, visit the Cloud Optix page on the Sophos website.

Note: Customers signing up for Cloud Optix via AWS Marketplace will manage the product from a standalone console, providing all the functionality available for Cloud Optix via Sophos Central.

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Requirement

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

On completion of this course, trainees will be able to:

• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Duration: 3 days 

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 mins)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation

• Demonstrate how to create a forensic snapshot and interrogate the database

• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Agenda

Trainer: Michael Eleftheroglou

Day 1,  Tuesday,  November 17th,  2020

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

Day 2,  Wednesday, November 18th,  2020

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

Day 3, Thursday, November 19th, 2020

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

Αυτό το τριήμερο πρόγραμμα εκπαίδευσης παρέχει μια εις βάθος μελέτη του Sophos Central, και σχεδιάστηκε για έμπειρους επαγγελματίες τεχνικούς που σκοπεύουν να προγραμματίσουν, να εγκαταστήσουν, να διαμορφώσουν και να υποστηρίξουν την ανάπτυξη του σε παραγωγικά περιβάλλοντα. Αποτελείται από παρουσιάσεις και πρακτικές εργαστηριακές ασκήσεις για την ενίσχυση της διδακτικής ύλης και του περιεχομένου ενώ ηλεκτρονικά αντίγραφα των εγγράφων για το μάθημα θα παρέχονται σε κάθε εκπαιδευόμενο μέσω της ηλεκτρονικής πύλης. Το μάθημα αναμένεται να διαρκέσει 3 μέρες για να ολοκληρωθεί, εκ των οποίων περίπου 9 ώρες θα δαπανηθούν για πρακτικές ασκήσεις.

Προαπαιτούμενα

Πριν από την παρακολούθηση του μαθήματος, οι συμμετέχοντες θα πρέπει να έχουν:

• Ολοκληρώσει τα Sophos Central Endpoint και Server Protection και θα πρέπει να έχουν περάσει τις εξετάσεις Certified Engineer
• Εμπειρία με δίκτυωση Windows networking και ικανότητα επίλυσης προβλημάτος
• Καλή κατανόηση της ασφάλειας IT
• Εμπειρία χρήσης του command line στο Linux για απλές εργασίες
• Εμπειρία διαμόρφωσης Active Directory Group Policies
• Εμπειρία στη δημιουργία και στη διαχείριση εικονικών servers ή desktop

Απευθυνόμενο κοινό:

Το συγκεκριμένο τριήμερο πρόγραμμα εκπαίδευσης παρέχει μια εις βάθος μελέτη του Sophos Central, και σχεδιάστηκε για έμπειρους επαγγελματίες τεχνικούς που σκοπεύουν να προγραμματίσουν, να εγκαταστήσουν, να διαμορφώσουν και υποστηρίξουν την ανάπτυξη του σε παραγωγικά περιβάλλοντα. Επίσης απευθύνεται σε άτομα που θέλουν να αποκτήσουν την πιστοποίηση Sophos Central Certified Architect.

Στόχοι:

Μετά την ολοκλήρωση αυτού του μαθήματος, οι εκπαιδευόμενοι θα είναι σε θέση να:

• Σχεδιάζουν μία εγκατάσταση λαμβάνοντας υπόψη όλες τις παραμέτρους και μεταβλητές
• Αναλαμβάνουν μία εγκατάσταση πολλαπλών τοποθεσιών κατάλληλη για το περιβάλλον ενός πελάτη
• Εξηγούν τη λειτουργία βασικών στοιχείων, να γνωρίζουν τον τρόπο λειτουργίας τους αλλά και πως να τα διαμορφώνουν
• Ανιχνεύουν την πηγή των μολύνσεων και να καθαρίζουν τις μολυσμένες συσκευές
• Εκτελούν προκαταρκτικά troubleshooting καθώς και να παρέχουν βασική υποστήριξη σε περιβάλλοντα πελατών

Πιστοποίηση

Για να λάβουν την πιστοποίηση Sophos Certified Architect, οι εκπαιδευόμενοι θα πρέπει να δώσουν εξετάσεις και να περάσουν την ηλεκτρονική αξιολόγηση. Η αξιολόγηση δοκιμάζει τις γνώσεις τόσο για το περιεχόμενο που παρουσιάστηκε όσο και για το περιεχόμενο σε πρακτικό επίπεδο. Το ποσοστό επιτυχίας για την αξιολόγηση είναι 80% και περιορίζεται σε 3 προσπάθειες.

Διάρκεια: 3 ημέρες

Περιεχόμενο προγράμματος εκπαίδευσης

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Περιεχόμενο Εκπαιδευτικού Μαθήματος

Module 1: Deployment Scenarios (60 λεπτά)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 λεπτά)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 λεπτά)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 λεπτά)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 λεπτά)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 λεπτά)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 λεπτά)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 λεπτά)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation
• Demonstrate how to create a forensic snapshot and interrogate the database
• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 λεπτά)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Πρόγραμμα

Εκπαιδευτής: Μιχάλης Ελευθέρογλου

1η Μέρα, Τρίτη 17 Νοεμβρίου, 2020

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

2η Μέρα, Τετάρτη 18 Νοεμβρίου, 2020

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

3η Μέρα, Πέμπτη 19 Νοεμβρίου, 2020

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (Tuesday, November 3rd 2020– Thursday, November 5th 2020)

(3 days Training)

Requirement

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

1. Knowledge of networking to a CompTIA N+ level
2. Knowledge of IT security to a CompTIA S+ level
3. Experience configuring network security devices
4. Be able to troubleshoot and resolve issues in Windows networked environments
5. Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days 

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday, November 3rd, 2020

9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewal can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday, November 4th, 2020

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday, November 5th, 2020

9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

We’re excited to announce the launch of our new Sophos Techvids video hub!

This new platform features our extensive video library (90+ and counting!) of how-to, configuration, and troubleshooting videos, and improves the viewing experience by introducing new and interactive features such as in-video surveys and easy-to-use navigational elements.

Check out: https://techvids.sophos.com

Interactive in-video features

Feedback surveys: In-video prompts and surveys provide an easy way to share your feedback to help us improve future videos.

Interactive video navigation: Available on most of our current videos, the navigational top-bar is interactive. Click to skip directly to the section of the video you want to view.

Not sure where to start? Here are our most popular videos:

• XG Firewall (v18): How to configure SSL VPN remote access
• XG Firewall (v18): NAT enhancements
• Central Endpoint: How to run the Sophos ZAP Tool
• Central Endpoint: How to recover tamper protected windows devices
• Sophos Wireless: Wi-Fi fundamentals

Check out the entire collection at https://techvids.sophos.com today!

Sophos XG Administration Training. This course, which will be held from 13 to 14 October 2020, 09:30-17:30 via Webex due to Covid-19, is designed for technical professionals who will be administering Sophos XG Firewall and provides the skills necessary to manage common day-to- day tasks.

Objectives

On completion of this course, trainees will be able to:

• Recognize the main technical capabilities and how they protect against threats
• Complete common configuration tasks
• Configure the most commonly used features
• View and manage logs and reports
• Identify and use troubleshooting tools

Prerequisites

There are no prerequisites for this course; however, it is recommended you should:

• Be knowledge of networking to a CompTIA N+ level
• Be familiar with security best practices
• Experience configuring network security devices

Certification

To become a Sophos Certified Administrator, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content and contains 40 questions. The pass mark for the assessment is 80%, and is limited to 4 attempts.

Schedule

Training is expected to take two (2) days (24 hours ) to complete, of which approximately half will be spent on the practical exercises.

Content

The training contains 10 modules:

• Module 1 : XG Firewall Overview
• Module 2 : Getting Started with XG Firewall
• Module 3 : Network Protection
• Module 4 : Web Server Protection
• Module 5 : Site-to-Site Connections
• Module 6 : Authentication
• Module 7 : Web Protection and Application Control
• Module 8 : Email Protection
• Module 9 : Wireless Protection
• Module 10 : remote Access
• Module 11: Logging, Reporting and Troubleshooting

For many organizations, Macs are a regular fixture in their IT estates. Whether they comprise just a few devices or a significant proportion, Macs need the same levels of cybersecurity protection and visibility as their Windows cousins.

Which is why in addition to proven protection from the latest Mac threats, Endpoint Detection and Response (EDR) is now available for Mac users in addition to Windows and Linux.

Intercept X Advanced with EDR gives both IT admins and cybersecurity experts the power to answer critical IT operations and threat hunting questions, and then remotely take any necessary actions.

Upgrade your IT security operations

Maintaining proper IT hygiene can be a significant time investment for IT admins. Being able to identify which devices need attention and what action needs to be taken can add another layer of complexity.

With Sophos EDR, you can now do just that – quickly and easily. For example:

• Find devices with software vulnerabilities, unknown services running, or unauthorized browser extensions
• Identify devices that have unwanted software
• See if software has been deployed on devices, e.g. to make sure a rollout is complete
• Remotely access devices to dig deeper and take action, such as installing software, editing configuration files, and rebooting a device

Hunt and neutralize threats

Tracking down subtle, evasive threats requires a tool capable of detecting even the smallest indicators of compromise.

With this release, Sophos EDR is significantly enhancing its threat hunting capabilities. For example:

• Detect processes attempting to make a connection on non-standard ports
• Get granular detail on unexpected script executions
• Identify processes that have created files or modified configuration files
• Remotely access a device to deploy additional forensic tools, terminate suspect processes, and run scripts or programs

Introducing Live Discover and Live Response

The features that make solving all the important examples above possible are Live Discover and Live Response.

Live Discover allows you to examine your data for almost any question you can think of by searching across Mac devices with SQL queries. You can choose from a selection of out-of-the-box queries, which can be fully customized to pull the exact information that you need, both when performing IT security operations hygiene and threat hunting tasks. Data is stored on-disk for up to 90 days, meaning query response times are fast and efficient.

Live Response is a command line interface that can remotely access devices in order to perform further investigation or take appropriate action. For example:

• Rebooting a device pending updates
• Terminating suspicious processes
• Browsing the file system
• Editing configuration files
• Running scripts and programs

And it’s all done remotely, so it’s ideal in working situations where you may not have physical access to a device that needs attention.

Try the new features

Existing Intercept X Advanced with EDR customers will automatically see their Mac devices appearing for selection in Live Discover and Live Response by September 16.

Intercept X and Intercept X for Server customers that would like to try out EDR functionality can head to the Sophos Central console, select ‘Free Trials’ in the left-hand menu and choose the ‘Intercept X Advanced with EDR’ or ‘Intercept X Advanced for Server with EDR’ trial.

If you’re new to Sophos Central, start a no-obligation free trial of Intercept X Advanced with EDR today. You’ll get world class protection against the latest cybersecurity threats in addition to powerful EDR capabilities. Get started.

Live Discover and Live Response are available for Windows, Mac, and Linux devices.

Like many other companies, the MailStore team has spent several weeks working from home during the first half of the year, diligently developing our archiving solutions in the process. The team’s success is underlined by today’s release of MailStore Version 13, which we’d like to present to you now.

With several new features and numerous improvements, our new version will not only please admins but end users and business owners too. “We’ve divided these features into four main categories,” explains Björn Meyn, Product Manager at MailStore. “Firstly, we’ve improved our software’s interaction with the key cloud-based services Microsoft 365 and Google G Suite, ensuring much easier integration with these services. MailStore 13’s second focal point is supporting modern authentication through OAuth2 and OpenID Connect. Increased security and an improved user experience are our third and fourth main categories. Long-standing MailStore customers will know that we take both these topics very seriously and that they play a major role in absolutely every release.”

What Admins Can Expect From V13

MailStore 13 offers several new features and improvements that simplify the work of administrators. Here are some of the features that are particularly relevant for admins:

Improved Support of Cloud-Based Services and Modern Authentication

MailStore Server and the MailStore Service Provider Edition (SPE) now support OAuth2 and OpenID Connect, which significantly enhances MailStore’s integration in the cloud-based environments of Microsoft 365 and Google G Suite. This is good news for admins, as it not only enhances MailStore’s user friendliness in combination with these cloud-based services, but also increases security. Administrators benefit from standardized login policies by being able to use the same settings of their Microsoft 365 or Google G Suite clients for MailStore Server (including e.g. multi-factor authentication) without having to enable legacy authentication or the less secure application access. The new two-step login process emulates the login routines used in modern web applications, and MailStore no longer has to process the passwords of remote users during authentication.

In addition, the new dedicated Microsoft 365 archiving and export profiles make it easier for admins to configure profiles. Here too, the support of modern OAuth2 authentication not only improves security but also integration with Microsoft 365.

Network Share Management

MailStore Server admins now benefit from improved management of network share settings. These settings can now be managed more comfortably and securely via MailStore Server’s Service Configuration rather than via the startup script – e.g. when using a NAS.

Group Policies

Creating group policies for the MailStore Client and the MailStore Outlook Add-in is now easier than ever before: in the case of MailStore Server, the templates are now included in the installation, while in the SPE, they can be downloaded from the Client Access Server’s default page. In Version 13, these templates are available in all languages supported by MailStore.

Certificate Validation

A further improvement for MailStore Server and SPE administrators is the new certificate validation. This has been aligned with the validation process used in most of the important web browsers, enabling administrators to create and implement standardized security and certificate policies for all MailStore clients (MailStore Client, Outlook-Add-in and Web Access).

Encrypted Connections Only

In Version 13, the support of unencrypted connections to MailStore Server has been completely removed. So, administrators can rest assured that all MailStore Server installations permit only encrypted connections with the archive, which can be particularly useful for administrators managing several installations.

Let’s Encrypt™-Certificates

Administrators can now specify a port on which MailStore Server should listen out for the validation requirements of Let’s Encrypt™ TLS-Certificates, thus avoiding port collisions e.g. when MailStore Server is being run with other services on a computer or where only a limited number of IP addresses is available. This simplifies the use of Let’s Encrypt certificates.

MailStore Gateway

In Version 13, administrators can immediately see how many messages are in a MailStore Gateway mailbox. The new version also allows mailboxes still containing messages to be forcibly deleted. Furthermore, the Management Web Interface port can be modified if the standard port is being used by different applications, or the administrator wishes to turn it into a standard HTTPS Port 443.

How End Users Stand to Benefit From the New Version

MailStore 13 also offers several new and improved features aimed at simplifying archive handling for the end user. These include:

Modern Authentication

MailStore Server and SPE users can now login to MailStore using their customary Microsoft 365 or Google G Suite login details. So, rather than having to remember separate passwords for MailStore, all they need to do is use their Microsoft 365 or Google G Suite login data. This way they can also benefit from the additional security features of these cloud-based services when accessing their archive, such as multi-factor authentication.

Removal of Mobile Web Access

Customers who previously used Mobile Web Access for MailStore Server and the SPE are now able to use our modern and secure responsive Web Access. The legacy Mobile Web Access is no longer available in Version 13.

Client-Based Improvements

MailStore Server and SPE users benefit from a number of improvements when it comes to accessing and using the archive. The loading time of the responsive Web Access, in particular, has been significantly reduced. Various other minor improvements as well as comprehensive updating of all web components have been carried out for an even smoother search experience, particularly on mobile devices. The responsive display on mobile devices has also been improved significantly and features, among other things, a larger reading area. Meanwhile, the new “jump to folder” function allows you to switch directly to a desired folder by clicking on the folder path in the message view, which makes it even easier to find emails belonging to the same project or public folder. Time information is also displayed alongside the date in the MailStore Client’s message list.

Encrypted Connections Only

In Version 13, unencrypted connections to MailStore Server are no longer supported. This means that end users receive fewer warning messages when using a modern web browser to access the archive, while being able to rely on secure connections with MailStore Server. It’s also easier for end users to verify the security of a connection via their browser (e.g. via the lock symbol in Chrome’s address bar). This is particularly useful when using non-trusted connections, such as public wireless networks at airports.

Certificate Validation

In both MailStore Server and the SPE, this has been aligned with the certificate validation routine of the most important web browsers, enabling end users to identify breaches of security policies across all clients (MailStore Client, Outlook Add-in and Web Access).

Why Business Owners Can Look Forward to V13

It goes without saying that management also stands to benefit when email handling is simplified for administrators and end users. However, there are three more arguments in favor of MailStore 13 that are particularly relevant for business owners:

Improved Support of Cloud-Based Services and Modern Authentication

Business owners can trust in their investment in MailStore in the long-term, as a key part of our philosophy is to permanently support current industry standards and technologies – and that goes for important cloud-based services such as Microsoft 365 and Google G Suite.

Encrypted Connections and Standardized Certificate Validation

Business owners can also rest assured that MailStore will continually upgrade the security concept of its software in line with industry standards and security recommendations. That said, we always keep in mind the requirements and the IT infrastructure of small and medium-sized businesses. Our motto is “Security by Default”. This makes MailStore a reliable long-term choice when it comes to email archiving solutions.

GDPR-Certified

Just like the previous version, MailStore Server 13 has been rigorously audited by an independent data protection expert under General Data Protection Regulation (GDPR) rules. This certification verifies that MailStore Server – when used appropriately – meets the personal data processing requirements set out in the GDPR. Thanks to these regular and independent software audits, business owners can rest assured that MailStore Server can help them meet their obligations under the GDPR, for example by defining sophisticated retention policies. The official certificate on the audit results can be requested by our interested customers and partners via sales@mailstore.com. Registered MailStore partners can also download the certificate from our Partner Portal.

For managed service providers who offer their customers email archiving as a service using the MailStore Service Provider Edition, the following applies: MailStore SPE version 13 was also audited and certified according to the same criteria as MailStore Server in accordance with the EU’s GDPR. Registered MailStore partners can download the certificate from our Partner Portal or request it by e-mail from partners@mailstore.com.

And What About MailStore Home Users?

While the focus of Version 13 undeniably lies with our commercial products MailStore Server and the MailStore SPE, home users of our free archiving solution MailStore Home are not left empty-handed. In Version 13, MailStore Home also includes the practical “jump to folder” function, which allows emails from the same folder to be easily located by clicking on the folder path. End users can also be more creative with their passwords, which can now include spaces at the beginning and end. Other minor improvements and fixes result in an improved user experience for end users with MailStore Home.

Availability

Version 13 of MailStore Server and the MailStore SPE is now available to download from the company website at zero cost for all existing customers with valid Update & Support Service. Customers whose Update and Support Service has expired can renew via a paid upgrade and also update to the new version.

Interested companies might also want to download the version as part of a free 30-day trial.

Service providers interested in the MailStore SPE can register free of charge here to obtain all the relevant information including access to a free trial version.

MailStore Home can be downloaded from the Products page of our website.

For Gustavo Cornejo Lizama, Network Manager for a large public sector organization in Santiago, Chile, moving to a Sophos cybersecurity system has halved his team’s workload.

A team of twenty IT professionals supports the organization’s one thousand employees, however only three ‑ a security expert and two admins ‑ focus on cybersecurity.

To protect against malware and other threats, they use a Sophos cybersecurity system: a Sophos XG Firewall along with Sophos next-gen endpoint and server protection.

Everything is managed through the cloud-based Sophos Central administrative console.

Gustavo shared the impact the Sophos system had on their day-to-day cybersecurity operations.

Life before Sophos: entire work days spent monitoring cybersecurity

With their previous cybersecurity products, Gustavo and team faced a huge amount of daily administration and were slowed down by network issues.

In fact, they used to spend a full eight hours a day between them monitoring for security issues. This took up a significant proportion of their overall capacity, limiting the team’s ability to work on other tasks.

Life after Sophos: 50% reduction in admin time plus improved bandwidth

Since switching to the Sophos system, Gustavo and team have been able to reduce the time spent monitoring for security issues from eight hours to four hours a day.

Management is now simpler and easier, as they can control everything through the Sophos Central console. At the same time, they also experience far fewer network issues.

One feature which has been particularly beneficial is the ability to identify and control all applications on the network, which we call Synchronized App Control.

Sophos endpoint protection and XG Firewall constantly share information in real time, enabling the firewall to identify all apps, including those that would prefer to remain hidden.

Armed with this insight, Gustavo has been able to block social media and streaming, resulting in improved user productivity and bandwidth.

Favorite feature

A favorite feature of Gustavo and team is the ability to manage firewall, server, and endpoint security through a single cloud-based platform, giving them one-stop shopping for security management. Everything they need is at their fingertips with a single login.

Whether managing bandwidth, controlling apps, or dealing with general security issues, everything is handled through a unified console, cutting the time spent on these weighty tasks in half.

See it in action

Watch this demo video to see just how easy day-to-day security management is with a Sophos system.

To try the system for yourself, the easiest way is to start a free trial of one of our products.

And for anything else, or to discuss your own challenges, the Sophos team is here to help.

The COVID-19 era has ushered in a global organisational transition to remote working policies and highlighted the need to bolster protection against cyber-attacks and inadvertent data misuse at the hands of employees.

Top cybersecurity leaders outline key areas to facilitate successful remote workforce environments in this latest article by HelpNetSecurity, including HelpSystems CEO Kate Bolseth, who discusses the value of data classification in protecting vulnerable corporate assets.

“One thing must be clear” Kate Bolseth writes: “your entire management team needs to assist in establishing the right infrastructure in order to facilitate a successful remote workforce environment.

Before looking at any solutions, answer the following questions:

• How are my employees accessing data?
• How are they working?
• How can we minimize the risk of data breaches or inadvertent exposure of sensitive data?
• How do we discern what data is sensitive and needs to be protected?

The answers will inform organizational planning and facilitate employee engagement while removing potential security roadblocks that might thwart workforce productivity. These guidelines must be as fluid as the extraordinary circumstances we are facing without creating unforeseen exposure to risk.

When examining solutions, any option worth considering must be able to identify and classify sensitive personal data and critical corporate information assets. The deployment of enterprise-grade security is essential to protecting the virtual workforce from security breaches via personal computers as well as at-home Wi-Fi networks and routers.

Ultimately, it’s the flow of email that remains the biggest vulnerability for most organizations, so make sure your solution examines emails and files at the point of creation to identify personal data and apply proper protection while providing the link to broader data classification”.

We’re pleased to announce the addition of new reporting capabilities for Sophos Central Firewall Reporting (CFR). If you’re a customer of CFR Advanced, you’ll see new options to save, schedule, and export your favorite reports in Sophos Central, further extending your powerful custom reporting capabilities in the cloud.

What’s new and how to use it

• Save reports as templates – Central Firewall Reporting Advanced lets you save custom report templates. First, customize a report with the columns, filters, and chart type you want. Then save it in your template library for quick access whenever you need to run it.
• Schedule reports – Getting your favorite and custom reports is now even easier, as you can schedule them to be delivered your inbox or picked up in Sophos Central at your convenience. The scheduler allows you to set a frequency for your reports, including daily, weekly, and monthly options.
• Export your reports – Reports can now be exported in HTML, CSV, and (coming next month) PDF formats. As an additional bonus, the exported reports provide up to 100,000 records in a report, whereas the interactive reports in Central are limited to 10,000 records. Download your favorite report for offline viewing directly from Sophos Central or have it delivered to your inbox.

You have complete control over the scheduling frequency, report format, and delivery…

We will be covering Central Firewall Reporting in more detail in an upcoming article in our Making the Most of XG Firewall v18 series.

What you need

CFR Advanced is a new subscription license that offers additional firewall log data storage for historical reporting, and now adds these new features for saving, scheduling, and exporting reports.

CFR Advanced subscriptions are on a per-firewall basis, so each firewall you wish to report on in Sophos Central will require its own CFR Advanced license.

CFR Advanced licenses are purchased in 100GB storage quantities. You can use the storage estimation tool (at sophos.com/cfrsizing) to quickly determine the estimated storage required for your particular needs.

XG Firewall v18 is required to take advantage of Central Firewall Reporting. We encourage everyone to upgrade today to take advantage of all the great new performance, security, and feature enhancements.

Talk to your preferred Sophos partner today about adding CFR Advanced to your account so you can take full advantage of the rich customizable reporting options in Sophos Central.

New to Sophos Central Reporting?

If you’re new to Sophos Central Reporting, you can try it for free. Simply set up your firewalls for Sophos Central management and log into Sophos Central to give it a go.

You can learn more about what’s included with Sophos Central management and reporting on our website or download the PDF brochure. And if you’re new to Sophos XG Firewall, be sure to check out how you can add the best visibility, protection, and response to your network.

Security services bestow organizations with the security expertise they desperately need to combat ever-increasingly capable threat actors, as illustrated by the momentum in uptake of our Managed Threat Response service.

Remote Desktop Protocol (RDP), while a legitimate tool, is also a common ingress point for attackers looking to break into an organization. A recent Sophos survey found that in 9% of ransomware attacks, RDP was the method used to gain entry.

Fortunately, Intercept X Advanced with EDR makes it easy to identify devices that have open RDP connections and remotely shut them down, all from a single management console.

Sophos EDR includes Live Discover, which leverages a collection of pre-written, fully customizable SQL queries to answer IT operations and threat hunting questions.

To begin, we select which devices we want to check.

There are a variety of different categories to choose from depending on your needs. We have a couple of options for RDP. Identifying devices with running processes that have active RDP connections or finding devices that have RDP enabled.

In this case we want to do the latter, so we’re going to create a short query for the task. A quick search of the Live Discover query sharing forum gives us exactly what we need. A couple of clicks later and we have our query ready to run (we also had the option to select a pre-written query to identify devices with active RDP connections).

The query identifies a device that has RDP enabled. From the same console, we launch a Live Response remote terminal session to the device and use the command line interface to disable RDP.

It’s that easy to detect RDP and disable it across your entire endpoint and server estates. To learn more about Sophos EDR head over to Sophos.com or to try it for yourself, you can start a no-obligation 30-day trial.

We often get asked about the inner workings of Netsparker’s vulnerability scanning engine. People familiar with network and virus scanners also ask what vulnerability databases we use and how often we update them. In reality, it’s all a lot more interesting than ticking boxes on a list of known issues. Time to set the record straight about how a cutting-edge web vulnerability scanner works.

Two Sources of Vulnerability Information

When most people hear the word “scanner”, they think of software that looks for known risks. This is generally what virus scanners and network scanners do: check targets against a list of known issues, such as (respectively) malware signatures and CVE vulnerability reports. So when customers see how effective Netsparker is, their first question is often: “What vulnerability database do you use?” Well, the short answer is: “None, mostly.” The full answer is that Netsparker is an advanced heuristic scanner that also checks for known web application vulnerabilities – but let’s break this down a bit.

The Mundane Part: CVEs

The idea of relying on a vulnerability database comes from the systems and network security world, where a software or hardware bug is discovered, publicly disclosed, and added to a vulnerability database such as CVE. Network scanners, for example, work by finding such known issues in target systems. To fix the vulnerability, you simply patch or update the affected component.

Some CVEs also apply to web applications. These are bugs in widely-used products that need to be patched to avoid attacks. As one part of its scanning process, Netsparker checks for such issues based on the CVE registry and other vulnerability databases, so scans also cover vulnerabilities such as Heartbleed (CVE-2014-0160) or POODLE (CVE-2014-3566). In fact, the Netsparker security advisory program actively contributes to finding bugs in open-source packages by scanning them for vulnerabilities during engine testing. To learn how our security researchers do this, see our article on vulnerability disclosures.

Although an important part of overall security, checking for known issues is relatively easy and not terribly exciting. Things get interesting when you have to check for unknown issues – and this is when you find out how effective your web application security solution truly is.

The Really Clever Part: Heuristics

The vast majority of web application vulnerabilities are brand new issues that were introduced in new code in custom-built applications – so how are you supposed to know about them? This is the main difference between web application security testing and signature-based security checks: web vulnerability scanning is primarily about finding new vulnerabilities resulting from underlying weaknesses categorized in the CWE system. To find previously unknown issues, Netsparker uses a cutting-edge heuristic scanning engine that probes websites and applications for vulnerabilities just like a penetration tester would.

Netsparker uses a variety of advanced heuristic techniques to find all entry points in web applications and test them for vulnerabilities. This includes automatic URL rewriting to provide maximum scan coverage, automated fuzzing to generate unexpected inputs that may reveal a weakness, and proprietary Proof-Based Scanning™ technology to safely test weaknesses and provide proof that the vulnerability is real.

Because web vulnerability scanners don’t rely on signatures, their effectiveness is highly dependent on the quality and maturity of the underlying heuristic scanning engine. If the scanning engine is too eager to flag suspicious responses as signs of vulnerabilities, it will flood the user with false positives. If it is too cautious or simply not advanced enough, it will miss real vulnerabilities or even bypass whole pages, for example because it can’t deal with authentication. As an industry veteran and technology leader, Netsparker knows how to strike the right balance.

Get the Best of Both Worlds

The purpose of a web application security solution is to help the user improve security more efficiently than with manual testing alone. This goes way beyond vulnerability databases and even beyond scanning itself. To get measurable security improvements, you need a holistic view of web application security that pulls together accurate information from all relevant sources and applies it through effective automation.

Netsparker combines high-quality heuristic results from its industry-leading vulnerability scanning engine with information about known issues listed in vulnerability databases. All these vulnerability results are complemented by asset discovery and crawling information, warnings about outdated web technologies, detailed vulnerability descriptions complete with suggested remedies, best-practice recommendations, compliance reports, and more. This gives you a complete picture of what you need to fix in your web environment, so you can start getting real value from Netsparker in a matter of days.