Coronavirus has brought remote working to the top of everyone’s mind. With many organizations already enabling or exploring remote working, here are 11 tips to help your users, and your company, stay secure while protecting everyone’s physical health.

1. Make it easy for users to get started

Remote users may need to set up devices and connect to important services (Mail, Internal Services, SalesForce, etc.) without physically handing them over to the IT department. Look for products (security and otherwise) that offer a Self Service Portal (SSP) that allows users to do things themselves.

2. Ensure devices and systems are fully protected

Go back to basics – ensure all devices, operating systems and software applications are up to date with the latest patches and versions.  All too often malware breaches an organization’s defenses via a rogue unpatched or unprotected device.

3. Encrypt devices wherever possible

When people are out of the office there is often a greater risk of lost or stolen devices; for example, phones left in cafes, laptops stolen from cars. Most devices include native encryption tools such as BitLocker – be sure to use them.

4. Create a secure connection back to the office

Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Plus, it makes it easier for employees to do their jobs.

5. Scan and secure email and establish healthy practice

Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. The crooks are wise to this and already using the coronavirus in phishing emails as a way to entice users to click on malicious links. Ensure your email protection is up-to-date and raise awareness of phishing.

6. Enable web filtering

Applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’ while protecting them from malicious websites.

7. Enable use of cloud storage for files and data

Cloud storage enables people to still access their data if their device fails while working remotely. Don’t leave files and data in the cloud unprotected and accessible by anyone. At the very least, employees must successfully authenticate. Multi factor authentication takes that a step further.

8. Manage use of removable storage and other peripherals

Working from home may increase the chance of people connecting insecure devices to their work computer – to copy data from a USB stick, or to charge another device. Considering that 14% of cyberthreats get in via USBs/external devices*, it’s a good idea to enable device control within your endpoint protection to manage this risk.

9. Control mobile devices

Mobile devices are susceptible to loss and theft. You need to be able to lock or wipe them should this happen. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.

10. Make sure people have a way to report security issues

With home working people can’t walk over to the IT team if they have an issue. Give people a quick and easy way to report security issues, such as an easy-to-remember email address.

11. Make sure you know about “Shadow IT” solutions

With large numbers of people working from home, Shadow IT – where non-IT staff find their own ways of solving issues – will likely increase. Sophos recently discovered ‘public’ Trello boards containing names, emails, dates of birth, ID numbers, and bank account information. Ensure users report use of such tools.

If you’d like more information we’re running a series of webinars on this topic in the coming weeks. Register for you spot today.

All roads lead to Rome, or at least that is what the proverb says, meaning no matter what route you take, you will always end up with the same result.  Unfortunately, this isn’t something you can say for sensitive data.  At Boldon James, we have spent the past twenty years working with defence and intelligence environments, and can report that often many roads exist, but only one of those is operational.

What am I referring to with this proverb? Well, it’s how we classify sensitive data. Applying a classification to an email message should be straight forward: mark it as ‘sensitive’, store as a piece of metadata on the email and send it. The email was probably the first type of electronic data to have a dedicated place to store a Classification. The 1988 X.400 standards included a ‘Security Label’,  which was used by defence and intelligence systems for transmitting classified email messages (the phrase ‘Security Label’ is an X.400 term for what this blog will refer as the ‘Classification’).

You would imagine having only one location to look for the Classification made interoperability easy. However, the downside of X.400 was the strict binary encoding (ASN.1), meaning the recipient of an X.400 Security Label had to first understand the binary, and convert this into text for display to the end-user. If system ‘A’ used a different binary encoding to system ‘B’, the two systems couldn’t interoperate, and with neither system willing to alter their encoding, because of the legacy data they had stored, the solution resulted in complex gateways to convert between the two encoding formats.

We’ve largely left the X.400 world behind us, and moved into the SMTP world where everything is plain text, operates over the internet and is generally a lot easier than X.400. However, in the SMTP world, we don’t:

a) have a standard place to store a Classification or,
b) a standard format for the Classification.

Is this progress? Today, we’ve seen the Classification stored in the subject field, the first line of text in the email body, and a multitude of customised x-headers. Interoperability is generally achieved by adding additional Classifications onto the email. It’s not uncommon to find four or five variants of the Classification (in differing formats) on the email message; in which case, how do we know which one is the reference Classification? The more systems we have that label and share sensitive data,  the more interoperability issues we will begin to see – as we realise that in fact not all roads leads to Rome.

In the defence world, NATO has been looking at data-centric security and written standards (STANAG 4774 and 4778) which defines a standard place and format for storing the Classification on an email message (and also to cryptographically bind that Classification to the email message).  Boldon James is involved in prototyping these standards at various defence events; have we reached the time when the commercial world needs similar standards, allowing all roads return to Rome (or wherever your favourite City is!)?

Boldon James

Earlier this week the personal details of more than 10.6 million MGM Resort hotels guests were published on a hacking forum, the result of a cloud server data breach.

With this in mind, we take a look at some things you can do to avoid falling victim to a public cloud attack, including how Sophos can help you see and secure your data in the public cloud.

Know your responsibilities

Before anything else, you need to understand what you are responsible for when it comes to storing data in the public cloud.

Public cloud providers such as AWS, Azure, and Google offer customers a great deal of flexibility in how they build their cloud environments.

But the consequence of all this flexibility is that they can’t completely protect your virtual network, virtual machines, or data while in the cloud. Instead they run a Shared Responsibility model – they ensure security of the Cloud, while you are responsible for anything you place in the Cloud.

Aspects such as physical protection at the datacenter, virtual separation of customer data and environments – that’s all taken care of by the public cloud providers.

You might get some basic firewall type rules to govern access to your environment. But if you don’t properly configure them – for instance, if you leave ports open to the entire world – then that’s on you. So learn what you’re responsible for – and act on it.

Watch our shared responsibility video to learn more.

Five steps to minimize your risk of attack

Here are five essential steps you should take to minimize your risk of a cloud-based attack, and protect your data.

Step 1: Apply your on-premises security learnings

On-premises security is the result of decades of experience and research. When it comes to securing your cloud-based servers against infection and data loss, it’s a good idea to think about what you already do for your traditional infrastructure, and adapt it for the cloud:

Next-gen firewall

Stop threats from getting onto your cloud-based servers in the first place by putting a web application firewall (WAF) at your cloud gateway. Also look to include IPS (to help with compliance) and outbound content control to protect your servers/VDI.

Sophos XG Firewall protects your cloud and hybrid environments. And, with pre-configured virtual machines in Azure and AWS, you can be up and running quickly.

Server host protection

Run effective cybersecurity protection on your cloud-based servers, just as you would your physical servers.

Sophos Intercept X for Server protects your AWS and Azure workloads from the latest threats. Watch this video overview to see it in action.

Endpoint security and email protection

While your network may be in the cloud, your laptops and other devices are staying on the ground, and all it takes a phishing email or spyware to steal user credentials for you cloud accounts.

Ensure you keep endpoint and email security up to date on your devices to prevent unauthorized access to cloud accounts.

Step 2: Identify all your cloud assets

If you can’t see the data in the public cloud, you can’t secure it.

That’s why one of the most important factors in getting your cloud security posture right is getting accurate visibility of your infrastructure and how traffic flows through it. This will allow you to identify anomalies in traffic behavior – such as data exfiltration.

Step 3: Build a complete inventory

Build a complete inventory of your cloud estate, including server and database instances, storage services, databases, containers and serverless functions.

As well as looking at numbers of assets, also look for weak spots. Potential risk areas include:

• Databases with ports open to the public internet that could allow attackers to access them
• Cloud storage services set to public
• Virtual hard drive and Elastic Search domains set to public

Step 4: Regularly review identity access management

Actively manage user roles, permissions, and role-based access to cloud services. The scale and interwoven nature of individual and group access to services creates an enormous challenge, and attackers will exploit that gap in security.

Ensure you have visibility over all access types, and their relationships to cloud services to identify overprivileged access and review your policies accordingly. Afterall, if a hacker obtained these credentials, they could search far and wide across your cloud accounts for sensitive data.

Step 5: Actively monitor network traffic

Look for the telltale signs of a breach in your network traffic, with unusual traffic spikes a key indicator of data exfiltration.

The dynamic nature of the cloud means that traffic and assets are changing frequently, so humans generally struggle to track all these data points.

Instead use AI to harness these data sources and build a picture of what “normal” traffic is, then when activities occur outside “normal” you can be alerted instantly to unusual, and potentially malicious behavior.

Sophos Cloud Optix makes it easy for you to see all your cloud databases and workloads. It also enables you to identify potential vulnerabilities within your architecture so you can prevent a potential breach point.

Start an instant no-obligation online demo to see Cloud Optix in action for yourself.

As organizations move quickly to do their part in stopping the spread of COVID-19 people are working remotely more than ever before.  At CyberArk we have taken action to protect the health and safety of our global community of customers, partners and employees – including having our employees across the globe work from home.

It’s not always easy for organizations to move to full remote work, especially having to balance productivity and security. Sudden, unexpected changes in the amount of work being done from home affects the workflows of remote users – especially those requiring privileged access – and most of the time, organizations don’t have the ability to properly scale. Additionally, attackers are working to capitalize on people’s fears and desire for information, which underscores the need to safeguard critical systems and assets.

Utilizing technology to overcome these challenges can help make these trying times a bit easier. Whether that’s making greater use of video chat and conference calling or allowing secure access to internal systems from anywhere, technology is helping business to continue with as little disruption as possible.

Recently we launched a new use case for CyberArk Alero to address the needs of all remote users (employees and vendors) by providing secure remote access to critical systems managed by CyberArk.

Starting today, we’ll be offering qualified customers the use of CyberArk Alero at no cost through the end of May in hopes that it will help ease some of the burden associated with the changing work environment.  There are many ways that we, as individuals and as a company, are working to help our communities during this trying time.  As business continuity plans are being tested, we hope to help organizations keep business running securely while putting the health and safety of all of us first.

Sophos Mobile Control Architect Training (2 days Training) –  Tuesday, March 31st 2020 – Wednesday April 1st, 2020

Requirement

Have completed and passed the Sophos Mobile Certified Engineer course and any subsequent delta modules up to version 8.5

Recommended Knowledge

• Knowledge of how setup a Windows Active Directory environment with servers and workstations
• Experience of Windows networking and the ability to troubleshoot issues
• Understand the principles of DMZs, proxies and reverse proxies
• Experience using Microsoft SQL Server and Microsoft Exchange Server
• Experience with webservers or another web facing infrastructure
• Be familiar with iOS, Android and Window mobile devices

Content

• Module 1: Solution Overview & Architecture
• Module 2: Installation
• Module 3: Configuration & Management
• Module 4: Containers
• Module 5: Sophos Mobile Security
• Module 6: EAS Proxy
• Module 7: Network Access Control
• Module 8: Server Maintenance

Certification

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts

Duration 2 days

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 31 March 2020

9:30-10:30 Module 1: Solution Overview & Architecture

• Review Sophos Mobile knowledge from the Engineer course
• Explore the architecture of Sophos Mobile and deployment options
• Understand communication protocols, clustering and sizing the solution

10:30-10:45 break

10:45-11:45 Module 2: Installation

• Understand the supported devices, servers and database versions for Sophos Mobile
• Understand the installation process
• Understand the installation pre-requisites and tools used to ensure these are met
• Configure an External Directory
• Configure post-installation settings
• Understand cluster configuration and user roles
• Explain the migration tool and troubleshooting steps during installation.

11:45-13:15 Lab 1 Installation

• Prepare the Sophos Mobile Server
• Create an SSL certificate using the Sophos Mobile SSL Certificate Wizard
• Install Sophos Mobile using an existing database and PKCS12 certificate file
• Create and install an APNs certificate
• Configure the internal EAS proxy
• Install the CA Certificate (for iOS devices only)

13:15-14:15 Lunch

14:15-16:15 Module 3: Configuration & Management

• Configure Super Admin settings and customer settings
• Understand configuration inheritance
• Configure SCEP and troubleshoot common issues
• Configure mobile devices
• Understand Device Profiles, Apple VPP, Apple DEP, Android for Work & Device Owner
• Configure Task Bundles and Device groups
• Configure the Self Service Portal
• Configure compliance policies
• Understand how to remove a device from Sophos Mobile
• Troubleshooting common issues

16:15-16:30 Break

16:30-17:30 Lab 2: Configuration & Management

• Configure Super Admin level settings
• Configure inheritance and view assigned configuration
• Create a customer and configure customer level settings
• Enroll a mobile device (Android or iOS)

Day 2 Wednesday 1 April 2020

9:30-10:00 Module 4: Containers

• Explain what Container-only Management is
• Describe which components are included in the Sophos Container
• Explain how document encryption works with Secure Workspace
• Describe the possible compliance actions available
• Explain Samsung KNOX

10:00-10:30 Lab 3: Sophos Container

• Manage documents in Sophos Mobile
• Create an encrypted file using the SafeGuard client
• Configure and test a Sophos Container Policy (Android and iOS)

10:30-10:45 Break

10:45-11:15 Module 5 Sophos Mobile Security

• Explain what Sophos Mobile Security is
• Describe how App Reputation works
• Understand how to manage Sophos Mobile Security
• Troubleshoot common issues

11:15-11:30 Lab 4: Sophos Mobile Security

• Configure a Sophos Mobile Security policy
• Test the Sophos Mobile Security policy (Android only)

11:30-12:00 Module 6: EAS Proxy

• Describe what EAS Proxy is used for
• Review use of EAS Proxy with Lotus Notes Traveler and O365 support
• Understand the deployment scenarios for EAS Proxy
• Explain clustering and certificate base authentication
• Work through an installation of EAS Proxy
• Troubleshoot common issues and understand the log files generated

12:00-12:20 Lab 5: EAS Proxy

• Install an External EAS Proxy
• Configure the UTM as a reverse proxy for the External EAS proxy
• Update the EAS settings to use the External EAS proxy (Android or iOS)
• Review the external EAS proxy log file

12:20-12:50 Module 7: Network Access Control

• Explain how NAC works
• Configuration NAC
• Describe device compliance options with NAC enabled
• Troubleshoot common issues and understand the log files generated

12:50-13:20 Lab 6: Network Access Control

• Enable Network Access Control
• Test Network Access Control (Android or iOS)
• Unenroll your device
• Remove lab configuration

13:20-14:20 Break – Lunch

14:20-15:00 Module 8:Server Maintenance

• Explain the daily maintenance schedule
• Describe when and how to update Sophos Mobile
• Understand what steps to take if changes are made to your environment
• Understand the deployment scenarios for Sophos Mobile

15:00-15:15 Lab 7: Cluster Configuration Simulation

• Complete the simulation

XG Firewall v18 is here, and with it comes a slew of terrific new features that address the visibility, protection, and performance problems organizations face every day.

One of the more exciting enhancements in v18 adds is Central Firewall Reporting (CFR), Sophos’ new cloud-based reporting tool.

Sophos CFR enables customers to create historical reports on network activity with a great deal of customization. It’s extremely flexible, and it’s included for free on any XG Firewall capable of running the v18 firmware.

Greater insight through analytics

If you are in any way responsible for your organization’s network, here’s a simple question to ask yourself:

Do I have a good understanding of the user activities, applications, network events, risks, and performance in our security environment?

If you don’t or the solution you’re using only scratches the surface, a reporting tool that provides deeper insight in these areas could be just what you need. Armed with deeper analytics, you can implement policy changes to drive efficiencies that enhance productivity while also protecting against cyber threats.

Flexible, customizable reporting

Creating reports on the topics that are important to you should be easy, and with CFR it is.

An integral component of Sophos Central, Central Firewall Reporting provides organizations with a flexible set of options to capture network activity through your Sophos Central account and XG Firewall.

Using the interactive dashboard, you can drill down into the syslog data for a granular view that is presented in a visual format for easy understanding. The data can then be analyzed for trends that could lead to gaps in security, requiring policy changes.

Key features in Central Firewall Reporting

With Central Firewall Reporting, you can create reports to fit your needs using one of the pre-defined report templates and customizing it the way you want. Here are some of the key features:

• Up to seven days of historical reporting
• Rich, granular data organized into easy-to-understand reports
• Pre-defined, out-of-the-box report templates
• Flexible report table and charts allow you to customize each report
• Report Dashboard provides an at-a-glance view from the XG Firewall for network operational health, policy control events, and all security-driven events
• Visual representation of data displayed in graphical form
• Search and retrieval of all log data from the XG Firewall

What’s next for CFR?

Because Central Firewall Reporting is cloud-based, we’ll roll out additional features and report templates without requiring any firmware update to your XG Firewall. Even bigger, however, is a new reporting service with more features and built-in reports.

Complementing the free version of Central Firewall Reporting, CFR Premium is a “for pay” service that unlocks more capabilities and built-in report templates along with historical reporting up to one year.

CFR Premium is designed for organizations with more connected devices that generate larger amounts of syslog data and want the flexibility to add storage capacity as needed. Look out for the launch in the coming months.

In the meantime, try out the free version to see the types of custom reports you can create and the insights you’ll get into network activity. For more information, see the CFR web page on our website.

Sophos

XG Firewall v18 is now available, and it’s sporting the all-new Xstream Architecture, which delivers extreme levels of visibility, protection and performance.

We’ve packed this release with new and enhanced features for you, including:

• Xstream SSL inspection. Get unprecedented visibility into your encrypted traffic flows, support for TLS 1.3 without downgrading, powerful policy tools, and supreme performance.
• AI-powered threat intelligence. Extend your protection against zero-day threats and emerging ransomware variants with multiple best-in-class machine learning models and unmatched insights into suspicious files entering your network.
• Application acceleration. Optimize network performance by putting your important application traffic on the fast path through the firewall and routing it reliably out through your preferred WAN connection.

Watch the overview video to see everything that’s new in XG Firewall v18:

Sophos Central

XG Firewall v18 also includes support for all new central management, reporting, and deployment options launching on Sophos Central next week:

• Group firewall management. Easily keep your full estate of firewalls consistent using groups that automatically keep policies, objects, and settings synchronized.
• Central reporting. Network activity and insights across all your firewalls are now at your fingertips in Sophos Central, with several pre-packaged reports and flexible reporting tools to create your own.
• Zero-touch deployment. Conveniently setup a new firewall in Sophos Central, export the config, load it on a flash drive and have your new firewall automatically connect back to Sophos Central without having to touch it.

And, there’s more!

In addition, there are also a ton of other new features that will enhance your protection, visibility, management experience, and network versatility:

• Synchronized SD-WAN brings the power of Synchronized Security to reliably and accurately route application and user-based traffic over your preferred WAN links
• Firewall, NAT, and SSL Inspection rules and policies are now more powerful, flexible and easier to work with than ever before
• Plug-and-play high-availability (HA) makes it easy to enable business continuity and adds peace-of-mind – simply connect two XG Series appliances together and you’ll be up and running in no time
• Real-time flow monitoring provides at-a-glance insights into active bandwidth consuming hosts, applications, and users
• Expanded notifications and alerts ensure you never miss an important network security event whether it’s related to a threat, service, or important performance metric

How to get XG Firewall v18

As usual, this firmware update comes at no charge for licensed XG Firewall customers.  The firmware will be rolled-out automatically to all systems over the coming weeks, but you can manually update at any time via MySophos.

Head on over to the XG Firewall Community Blog to get the full release notes.

Also check that your current hardware appliance supports v18.

Making the most of your new XG Firewall features

Free online training – available to all XG Firewall customers, our delta training program will help you make the most of the new features in XG Firewall v18.

It walks you through the key enhancements since v17.5 and takes about 90 minutes to complete.  Get started on the XG Firewall training program.

Customer resources and how-to videos – be sure to visit the Customer Resource Center for the latest how-to videos and links to documentation, the community forums, training and other resources.

Take advantage of Partner and Sophos Professional Services:  To augment your local Sophos partner’s services, we offer services to help you getting up and running and make the most of your XG Firewall, including the latest capabilities in v18.

While Sophos Professional Services can help with any task, here are the most common services they provide:

• XG Firewall deployment and setup
• XG Firewall v18 DPI, FastPath and SSL Engine Optimization
• XG Firewall Health Checks

Here are some direct links to helpful resources:

• Customer Training Portal (free Delta Training)
• Customer Resource Center (with how-to videos)
• Community Forum Recommended Reads
• What’s New and Release Notes
• XG Firewall v18 Complete Documentation

New to XG Firewall?

If you’re new to XG Firewall, see how it provides the world’s best network visibility, protection and response on the new XG Firewall website.

Sophos

We have all seen films where the defences of a medieval castle prevent the attackers from gaining entry – the deep moat, unscalable walls and impenetrable portcullis. From within the castle, the firing of arrows, canons and boiling oil poured onto the attackers all help protect the castle residents inside.

In many ways, a lot of the commercial, defence and intelligence organisations have treated their IT networks in the same way – protect the perimeter, and your information inside will remain safe. Unfortunately, today this isn’t the case; the perimeter protecting your information is widening. With the boom of Cloud services, an increasingly mobile workforce and the need to share information, the protection of the perimeter becomes even more difficult when we’re unsure exactly where the perimeter is, and the more opening doors we place in our perimeter, the harder it becomes to protect.

We still need to protect the perimeter using our existing network-centric security tools, but also need to protect the information we store inside our network. An information-centric approach uses classification and encryption to protect the information wherever it moves, placing less importance on where your information resides.

Classification of your information at the point of creation is key to the success of information-centric security; this is very familiar to the defence and intelligence communities but may require an important mindset change to some commercial organisations. Once your information is correctly classified, you begin to understand the sensitivity of your information, and can treat it accordingly – a document containing project plans is more sensitive than a document with today’s restaurant menu, for example.

Metadata is the usual method for storing the classification with your information, but for protection of your information, the classification must be cryptographically bound to your information (this prevents your sensitive document becoming insensitive). Also, to facilitate information sharing, the metadata cannot be bespoke to your organisation; otherwise sharing information is made more difficult with unreadable classification metadata.

With the information classified and protected using a common format, the organisation can now begin to apply access control policies to control the flow of information throughout the entire network. Who needs access to the information, the location of the user, the type of device they are using are all factors that may affect whether a user has access to the sensitive project plan document.

The ability to control the sharing of information is made easier with information-centric security. Ongoing, rights management technology can be applied (using an open standard) to control access to the information after it was shared, as we may only want to share sensitive information externally for a limited time.

Data is the building blocks for information, and it is information we use in our everyday lives. By adopting an information-centric security approach, we can begin to control, protect and monitor our data wherever it resides.

Boldon James

Η νέα αρχιτεκτονική Xstream στο XG Firewall v18 περιλαμβάνει μια ολοκαίνουργια, υψηλής απόδοσης λύση επιθεώρησης SSL που προσφέρει την καλύτερη ορατότητα της βιομηχανίας σε κρυπτογραφημένες ροές κίνησης (δεδομένων), υποστήριξη για TLS 1.3 χωρίς υποβάθμιση και ιδιαίτερα υψηλά επίπεδα απόδοσης.

Με τον όγκο της κρυπτογραφημένης κίνησης να βρίσκεται τώρα κοντά στο 80% και να αυξάνεται σταθερά, η επιθεώρηση SSL αποτελεί κορυφαίο ζήτημα για πολλούς οργανισμούς. Και με το δίκιο τους.

Αυτός ο όγκος κρυπτογράφησης όχι μόνο δημιουργεί ένα τεράστιο τυφλό σημείο, που οι χάκερς εκμεταλλεύονται, αλλά έχει ωθήσει και τα περισσότερα τείχη προστασίας σε σημεία πέρα από τις δυνατότητες τους. Πολλοί οργανισμοί είναι ανίκανοι να κάνουν πολλά για το πρόβλημα με αποτελέσμα τα firewalls τους ουσιαστικά καθίστανται ξεπερασμένα.

Η νέα αρχιτεκτονική Xstream του XG Firewall παρόλα αυτά έχει σχεδιαστεί για το σύγχρονο κρυπτογραφημένο διαδίκτυο.

Εξαιρετική ορατότητα σε κρυπτογραφημένες ροές κίνησης

Το XG Firewall είναι μοναδικό στην παροχή ορατότητας πρωτοφανούς επιπέδου στις κρυπτογραφημένες ροές κίνησης. Μόλις συνδεθείτε, μπορείτε με μια ματιά να έχετε εικόνα για τον όγκο κρυπτογραφημένης κίνησης στο δίκτυό σας, να βλέπετε πόση από αυτή αποκρυπτογραφείται ενεργά αλλά και αν υπάρχουν προβλήματα συμβατότητας.

Με μερικά μόνο κλικ επίσης είστε σε θέση να επιλύσετε τυχόν πιθανά ζητήματα για να εξασφαλίσετε μια εξαιρετική εμπειρία χρήσης.

Εξαιρετική εστίαση στην ασφάλεια και υποστήριξη για TLS 1.3 (χωρίς υποβάθμιση)

Οι περισσότεροι προμηθευτές τειχών προστασίας και UTM θα ισχυριστούν ότι παρέχουν υποστήριξη TLS 1.3 ωστόσο στην πραγματικότητα υποβαθμίζουν τις κρυπτογραφημένες συνεδρίες σε TLS 1.2. Το XG Firewall σχεδιάστηκε για να αναλάβει τις απαιτήσεις του σύγχρονου κρυπτογραφημένου διαδικτύου με πλήρη υποστήριξη του προτύπου TLS 1.3.

Το TLS 1.3 είναι το πιο πρόσφατο πρότυπο για όλους τους καλούς λόγους. Έτσι, επιλύει σημαντικά ζητήματα ασφάλειας και απόδοσης που υπάρχουν με το TLS 1.2. Η υποβάθμιση (downgrading) δημιουργεί ένα άνοιγμα για επιθέσεις και ρίχνει την απόδοση.

Με την υποστήριξη του TLS 1.3 να αυξάνει διαρκώς μεταξύ των μεγάλων web servers και των οργανισμών hosting, κανείς δεν πρέπει να εξετάσει την αγορά ενός τείχους προστασίας σήμερα χωρίς κατάλληλη υποστήριξη για το πρότυπο TLS 1.3.

Το XG Firewall προσφέρει επιπλέον -μεταξύ άλλων- τα καλύτερα controls στην βιομηχανία για την διαχείριση μη ασφαλών και παλαιότερων σουιτών κρυπτογράφησης (cipher) χάρη στις ολοκληρωμένες επιλογές που διαθέτει ως μέρος των νέων προφίλ αποκρυπτογράφησης (Decryption Profiles) που μπορούν να χρησιμοποιηθούν στους κανόνες επιθεώρησης TLS.

Έχετε πλήρη επιχειρησιακού επιπέδου controls  για να επιτύχετε την τέλεια ισορροπία μεταξύ ασφάλειας, ιδιωτικότητας, απόδοσης και συμμόρφωσης για τον οργανισμό και την επιχείρηση σας.

Εκπληκτική απόδοση

Η νέα αρχιτεκτονική Xstream στο XG Firewall v18 προσφέρει εξαιρετική απόδοση σε όλες τις λειτουργίες του τείχους προστασίας, συμπεριλαμβανομένης και της επιθεώρησης SSL.

Η νέα αρχιτεκτονική επεξεργασίας πακέτων συμπεριλαμβάνει μία ολοκαίνουργια μηχανή συνεχούς ροής βαθιάς επιθεώρησης πακέτων, που όχι μόνο παρέχει αποκρυπτογράφηση SSL υψηλής απόδοσης αλλά και hands-off αποκρυπτογράφηση περιεχομένου για IPS, προστασία ιστού, AV (antivirus), αναγνώριση και έλεγχο εφαρμογών και όλα τα παραπάνω από μία μοναδική μηχανή.

Χρησιμοποιώντας τα πλέον σύγχρονα μοντέλα μηχανικής εκμάθησης, η νέα υπηρεσία πληροφοριών απειλών (threat intelligence) αναλύει επίσης τα εισερχόμενα αρχεία με ενεργό κώδικα σε πραγματικό χρόνο, για να εντοπίσει απειλές που είναι άγνωστες και δεν έχουν ακόμα παρατηρηθεί, ώστε να διατηρεί τα τελευταία φορτία ransomware και άλλες απειλές εκτός του εταιρικού δικτύου σας.

Με το νέο χαρακτηριστικό Xstream SSL Inspection στο XG Firewall v18, τα κρυπτογραφημένα αρχεία δεν μπορούν πλέον να «κρύβουν» απειλές που ενδέχεται να περάσουν απαρατήρητες από το τείχος προστασίας του δικτύου σας.

Που να μάθετε περισσότερα

Για περισσότερες πληροφορίες σχετικά με τις προκλήσεις που αντιμετωπίζουν τα περισσότερα τείχη προστασίας όσον αφορά στην σωστή επιθεώρηση της κρυπτογραφημένης κίνησης TLS, το τεράστιο τυφλό σημείο που αυτό δημιουργεί και για το πώς οι χάκερ χρησιμοποιούν όλο και περισσότερο την κρυπτογράφηση προς όφελός τους, μπορείτε να διαβάσετε την πιο πρόσφατη αναφορά της Sophos: Έχει η κρυπτογράφηση καταστήσει το υφιστάμενο τείχος προστασίας σας ασήμαντο;

Αν δεν γνωρίζετε το XG Firewall, ρίξτε μία ματιά σε όλα τα άλλα πλεονεκτήματα που παρέχει όσον αφορά στην ορατότητα, στην προστασία και στην απόδοση του δικτύου σας και ξεκινήσετε άμεσα με ένα online demo.

CRN, a brand of The Channel Company, recently unveiled its 100 Coolest Cloud Companies of 2020, and Sophos has made the list as a top cloud security vendor.

We were selected for our innovation in product development, the quality of our services and partner programs, and our success in helping customers save money and maximize the impact of their cloud computing technology.

We were also recognized for enabling organizations to manage a multi-layered security strategy across the office, data center and cloud from a single console, Sophos Central.

With our cloud tools you can protect AWS, Azure, GCP, Kubernetes and infrastructure as code environments from the latest malware, ransomware and vulnerabilities.

We provide next-gen server workload protection, virtual firewall series and Sophos Cloud Optix, a powerful tool that automates and simplifies the detection and response of cloud security vulnerabilities and misconfigurations to reduce risk exposure.

Among the many differentiators offered by our public cloud security suite is the AI at the heart of Cloud Optix. Instead of inundating teams with massive numbers of undifferentiated alerts, Cloud Optix uses AI to significantly reduce alert fatigue and shrink incident response and resolution times.

It does this by identifying the risk profiling security and compliance risks, with contextual alerts that group affected resources, and providing detailed remediation steps, including direct links to the cloud provider’s console. This ensures teams focus on and fix their most critical security vulnerabilities fast.

In addition, Cloud Optix makes software development fast and secure with API-driven architecture that seamlessly integrates with existing DevOps tools and processes.

It analyzes infrastructure as code templates at any stage of the development pipeline automatically or on-demand, and ensures templates do not introduce vulnerabilities that could be exploited in a cyberattack. This proactive approach helps organizations meet security and compliance standards.

Bob Skelley, CEO of The Channel Company, said of the awards:

“The IT channel relies on cloud services as the foundation for building modern, transformational solutions. CRN’s annual list of 100 Coolest Cloud Companies seeks to honor the top cloud providers, whose mission and actions support innovation in cloud-based technologies. Our team congratulates these honorees and thanks them for their commitment to leading positive change in cloud technology”.

Receiving praise from trusted third parties in cloud security isn’t new for us though. Cloud Computing magazine recently announced us as a winner of the 2019 Cloud Computing Security Excellence Award, and honoured Cloud Optix in two categories: those that most effectively leverage cloud platforms to deliver network security, and those providing security for cloud applications.

We give away free software so you can always stay safe. Check for security risks, remove viruses and protect your network. Try out our free tools below.

Intercept X for Mobile

Device

Intercept X for Mobile continuously monitors for and alerts users and IT administrators to signs of potential compromise so they can rapidly remediate issues and automatically revoke access to corporate resources. Compliance checks detect jailbreaking, rooting, encryption status, and more, informing users and IT administrators of necessary operating system updates. Device health check recommendations further guide security settings.

Network
Intercept X for Mobile monitors network connections for suspicious activity in real time, warning users and IT administrators of potential Man-in-the-Middle (MitM) attacks. Web filtering and URL checking also stop access to known bad sites, and SMS phishing detection spots malicious URLs.

Apps
Intercept X for Mobile detects malicious and potentially unwanted applications installed on devices, protecting against malware, ransomware and fleeceware.

Download Google Play | Apple App Store

 

HitmanPro – Malware Removal Tool

Our malware removal tool for Windows scans your entire computer for any issues, and if anything is found, you’ll have a free 30-day license to remove the threat. Don’t wait until you get infected, you can run it anytime to see how well your current antivirus or endpoint protection software is performing.

• Removes viruses, Trojans, rootkits, spyware, and other malware
• No setup or install needed
• Free second opinion scanner tells you what was missed

Download Business  | Home

Sophos XG Firewall Home Edition

Give your home network a much needed security boost. The Home Edition of the Sophos XG Firewall features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more.

• Full protection for your home users and your home network
• Integrated, hardened Linux operating system
• Runs on Intel-compatible hardware

Download

 

Virus Removal Tool

Our free Virus Removal Tool is a quick and easy way to find and get rid of any threats lurking on your computer. Our tool identifies and cleans up infections your antivirus might have missed.

• Removes viruses, Conficker, rootkits, and fake antivirus
• Supports Windows XP SP2 and up
• Works alongside your existing antivirus

Download

Sophos UTM Home Edition

This software version of the Sophos UTM Firewall features full network, web, mail and web application security, with VPN functionality, for as many as 50 IP addresses. The Sophos UTM Home Edition contains its own operating system and overwrites all data on the computer during the installation process. Therefore, a separate, dedicated computer is needed.

• Fully-equipped software version of the Sophos UTM appliance
• Full web application security with VPN
• Protects up to 50 IP addresses

Download

 

Sophos Antivirus for Linux Free Edition

Protect your mission critical Linux servers and stops all threats—even those designed for Windows. We keep our antivirus light and easy, so your Linux servers can remain lighting fast. It works quietly in the background with your choice of scanning on-access, on-demand or on a schedule.

• Finds and blocks malware
• Installs easily and runs quietly
• Supports the most popular Linux distributions
• Upgradeable for support and centralized management

Download

The term “classification” has been thrown around progressively by software companies that offer related products like data governance and DLP.  In some cases, the vendor will define “classification” as the ability to discover and protect data, which is a very new and misleading use of the word.  Traditionally “classification” was related to visual and metadata markings, like the control markings used by the intelligence community.  Outside of that community, a full range of standard classifications and their related markings can be found in the CUI (controlled unclassified information) handbook.  CUI is just one of many classification systems that involve markings.  In other words, those systems require that the data is somehow “marked.”  Protecting a file with DLP or encryption is not the same thing as “marking” the file as confidential.

For those who are unfamiliar with classification, it can be confusing when certain terms are thrown around.  For instance, what is the difference (if any) between classifications, values, file properties, metadata markings, visual markings, and marking formats?  Let’s look at a real world example, and put these terms into context.

If a sensitive document is marked with [TOP SECRET] in the header, then we could say that the classification is “top secret”, which in an abstract way is describing an option within a category.  In the Classifier Admin console, those categories are called “selectors” and the options are called “values.”  So the value might be “top_secret”, and there can be alternate values, like “TOP SECRET”.  When those values are written to locations, like the header in MS Word, they can be formatted using any combination of fonts, font sizes, colors, justification, brackets and other punctuation.  In other words, placing [TOP SECRET] in the header requires a marking format that writes the classification value in all caps and encapsulates it in brackets.

Markings that appear in the header are considered to be visual markings (aka visible markings).  Any non-visual marking is called a metadata marking. Classifier, for instance can place metadata in the file properties (document properties and custom document properties) of a Word document.  This metadata may use the same “[TOP SECRET]” marking format that was used for the header.  As an alternative, the metadata can be more encoded, e.g., [xyzTopSecx] or [TS].  The Classifier label detection mechanism (and other software, e.g., DLP and data governance tools) will be configured to equate those markings with the “top secret” level.  If the DLP detects [xyzTopSecx] in the keywords document property, then the file will be protected from leaving the organisation.

“Classification” products must be able to read and write labels in the manner described above.  The alternative is that data is simply discovered and protected.  Fingerprinting might be the closest substitute to classification.  At first glance fingerprinting gives us a way to track and identify specific files.  That is a powerful value add that can be important in certain use cases.  The challenge is that the fingerprint database can be large, and communications can take excessive bandwidth (depending on how it’s used).  Furthermore, fingerprinting is typically on or off.  Either the fingerprint is applied or not.  There is no “public fingerprint” vs. “confidential fingerprint”.  So true classification stands alone as the only solution to complex classification needs, like the categories used in regulatory compliance like CUI.

Contact us today to find out more about protecting your sensitive data using a classification tool that really does classify your data how you need it to.

Today, businesses everywhere are investing in infrastructure to support growth – whether that’s moving to the cloud or automating tasks and processes.  However, the newly introduced devices, application stacks and accounts that come with this modernization all present additional opportunities for attacker exploitation. For any organization – big or small – identifying and addressing security risks across this expanding attack surface can be a formidable challenge.

Privileged access management (PAM) programs that secure pathways to critical business information are foundational to an effective corporate cybersecurity program. Why?  Attackers view privileged accounts as one of the best ways to gain a foothold within an organization’s infrastructure. In fact, the vast majority of cyber attacks involve compromised privileged credentials and PAM solutions provide a critical layer of defense.

But, while securing privileged access consistently tops the lists of projects that can reduce risk and improve operational efficiency, some misconceptions surrounding PAM persist. Today, we’re going to bust five of the most prevalent PAM myths.

Myth #1: Because privileged access exists everywhere, it is impossible to secure.

While the scope of privileged access can be intimidating based on the complexity of your environment, dedicated PAM solutions and related policies can actually shrink the attack surface by shutting down pathways to critical resources.

Leading PAM solutions can automatically map privileged credentials across cloud and hybrid environments, saving security teams significant time and effort. And for those unsure of where privileged accounts exists, there are free tools like CyberArk Discovery & Audit to help organizations gain visibility into their privileged account landscape.

Additionally, modern PAM tools also incorporate automatic rotation of SSH keys and other privileged credentials at regular intervals to eliminate the time-consuming and error-prone manual tasks required for regulatory compliance. Meanwhile, automatic session monitoring capabilities systematically record all privileged account sessions and identify which users are operating privileged accounts.

Finally, the best PAM tools also provide detailed session monitoring recordings that can be sorted into searchable metadata for compliance and incident response teams and leverage user behavior analytics to automatically detect and suspend risky privileged sessions.

The impossible just became achievable.  Between account mapping, automatic credential rotation and detailed session monitoring, privileged access can be uncovered, managed and secured.

Myth #2: Privileged access management tools are challenging for administrators to manage.

That may have been true in the past, but today’s PAM solutions greatly ease and simplify administrator workloads. Collecting all privileged accounts in a centralized vault eliminates the need to manually search for and manage privileged credentials. In increasingly dynamic network environments, centrally locating the necessary tools to appropriately manage users’ privileged access can improve the efficiency and efficacy of IT projects. Automation tools also enable administrators to eliminate time-intensive tasks in favor of more strategic initiatives.

Especially as organizations move to the cloud, PAM tools can be particularly useful to address emerging risks of cloud migration. When adopting a hybrid or public cloud infrastructure, even slight misconfigurations can create new vulnerabilities.  Having holistic tools in place to discover risks associated with privileged access can improve an organization’s security posture.

Myth #3: Identity and Access Management (IAM) solutions are sufficient to protect privileged access.

It’s true that IAM tools and Multi-Factor Authentication (MFA) methods are strategic investments – but they do not replace the value of a PAM solution.  PAM solutions can independently protect privileged accounts with human and non-human identities like application accounts used in robotic process automation (RPA) or DevOps – something IAM solutions simply aren’t designed to do.

Focused on risk reduction, PAM tools can also protect privileged business users from sophisticated social engineering attacks capable of bypassing MFA. Most importantly, IAM tools require direct connection to user databases like Active Directory (AD). These connections are often hosted on-premises. If any on-premises server is compromised, attackers can gain control over AD to implement Kerberos attacks, such as Golden Ticket, and exist undetected in a company’s network. PAM can provide a vital security layer for servers hosting IAM’s direct connection to user databases like AD.

To create a strong enterprise security fabric, IAM systems and PAM solutions should be deployed as collaborative tools.

Myth #4: Privileged Access Management solutions interfere with operational efficiency.

The truth is that the daily tasks of most workers don’t require elevated privileges – and therefore PAM solutions won’t impact them at all.  For those who do require elevated privileges, leading PAM tools offer a variety of user-friendly formats, including RDP, SSH and web-native access, to provide credential vaulting and session management in the background of their daily workflows. Native and transparent access provides organizations with comprehensive privileged session recordings while minimizing disruption for end users.

In fact, using PAM tools to automate time-consuming tasks for IT and security employees can improve productivity by freeing up time for higher-value projects. Audit teams can achieve the same benefits by automating compliance tasks — especially in highly regulated industries like healthcare and banking.  Manually sorting through all sessions that involve privileged credentials to find high-risk activity can be extremely time consuming. PAM solutions can automate these tasks and identify risky behavior for audit teams, freeing them up to spend their time on other critical tasks.

Modern PAM solutions can actually be a boon to operational efficiency – not an impairment.

Myth #5: It’s Difficult to Calculate ROI for Privileged Access Management solutions. 

The average cost of a data breach in 2019 came in at nearly $4 million dollars. Notably, this figure does not include the additional costs of lost business from reputation damage and theft of intellectual property. Privileged access is a focal point for organizations to demonstrate where security solutions can have a high impact.

In any security program, cost-efficiency is key. Organizations must take a risk-based approach, applying finite resources where they can achieve quick wins and long-lasting impact. And it’s in this area where PAM solutions can really shine. PAM is a high-leverage point where modest investments can achieve outsized ROI and risk reduction.

After deploying a PAM solution, organizations can scan their systems to see the decrease in the number of unsecured and unprotected systems. Since any unmanaged privileged account is a potential attack vector, each privileged account that has been discovered, secured and protected by a PAM solution is a direct reduction in the exposed attack surface and proof of ROI.

Effective security starts with protecting an organization’s most valuable information, and as a common target in most cyber attacks, unmanaged and unprotected privileged access represents a significant threat. By locking down privileged credentials, organizations deprive attackers of their preferred routes to critical data and assets. Simultaneously, session monitoring and threat detection capabilities can help teams detect and investigate misuse of privileged credentials — improving an organization’s response time to in-progress attacks.

Furthermore, many PAM solutions can PAM solutions can integrate with other enterprise software  solutions – from IoT device gateways  DevOps tools and network devices to vulnerability management systems – enhancing their value and streamlining security operations on the whole.

Want to learn more?  Check out CyberArk’s approach to Privileged Access Management or visit our resource center to find out more about the efficiency and security benefits of PAM.

CyberArk

Sophos Mobile 9.5 is now available in Sophos Central, bringing a host of exciting improvements. Key enhancements include:

Sophos Intercept X for Mobile

Leveraging deep learning anti-malware technology, Intercept X for Mobile protects users, their devices, and corporate data from known and never-before-seen mobile threats.

Device, network and application protection will be delivered in a completely redesigned interface, which enables easy management and identification of any security holes on users’ devices.

Device Security continuously monitors for potential compromise and sends alerts so IT admins can rapidly and automatically remediate issues and revoke access to corporate resources.

Network Security monitors network connections for suspicious activity in real time, warning IT admins and users of potential Man-in-the-Middle (MitM) attacks. Web filtering and URL checking also stop access to known bad sites, protecting users from unsuitable content, and SMS phishing detection ­spots malicious URLs.

Application Security detects malicious and suspicious applications installed on devices, protecting against malware, ransomware and potentially unwanted apps like Fleeceware.

Intercept X for Mobile can be deployed via Sophos Mobile or 3rd party UEM Products, e.g. Microsoft Intune, allowing administrators to build conditional access policies, restricting access to applications, data and corporate resources when threats are detected.

Chromebook security – education-focused security

With this release we add a great new feature, Chromebook security!

This is ideal when working with schools, as we all know kids are pretty smart when it comes to technology these days and will find ways around security. Let’s help school admins with that task.

• Web protection that’s ideal for education
• On & off-campus web filtering
• Enrolment via Sophos Mobile or G Suite

Sophos Mobile 9.5 updates

Our secure UEM solution in Central lets customers manage, secure and configure mobile and traditional endpoint devices, apps and content. The latest update, Sophos Mobile 9.5, includes device management enhancements:

• Improved task bundle wizard
• Android Enterprise QR code enrollment
• Support for Samsung OEM config
• Enhanced security reporting

How to get Sophos Mobile 9.5

If you’re a current Sophos Central Mobile customer you won’t need to do anything, you’ll automatically get the upgrade. For on premise customers, you’ll need to manually upgrade to 9.5.

And, if you’ve never tried Sophos mobile before, download Intercept X for Mobile for free – on Android or iOS – and test our industry leading mobile protection for yourself!

Don’t take our word for it, have a look at the independent test – we’ve been named a leader in the IDC report and on top of that we aced the Miercom and AVTest tests.

The intuitive management console for all your security solutions.

Sophos Central is an award-winning security platform that lets you manage all your products from a single, intuitive interface.

From next-gen endpoint and encryption to mobile and web security, we have you covered. By moving to Sophos Central you’ll enjoy:

• Easier IT management: Control everything through a single, web-based console.
• Superior protection: Get market-leading products engineered to work together.
• Better security ROI: Save time and money by consolidating into a single platform.

Try it for free and see how our Sophos Central can help you to manage your IT security with a single interface, and benefit from the revolutionary Synchronized Security technology. Learn more, here.

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Requirement

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

On completion of this course, trainees will be able to:

• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Duration: 3 days 

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2:Client Deployment Methods (65 mins)
• Module 3:Endpoint Protection Policies (80 mins)
• Module 4:Server Protection Policies (30 mins)
• Module 5:Protecting Virtual Servers (60 mins)
• Module 6:Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Endpoint Detection and Response (30mins)
• Module 9:Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• • Identify some of the common challenges when deploying Central
  • Deploy Update Caches – Set up Message Relays
  • Configure AD Sync Utility
  • Identify where Update Caches and Message Relays should be used
  • Labs (45 mins)
    • Register and activate a Sophos Central evaluation
    • Install Server Protection
    • Install and Configure AD Sync Utility
    • Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)
  • Enable Server Lockdown
  • Deploy using Active Directory Group Policy
  • Use the Competitor Removal Tool
  • Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
  • Test Threat Protection Policies
  • Configure and Test Exclusions
  • Configure Web Control Policies
  • Configure Application Control Policies
  • Data Control Policies
  • Configure and test Tamper Protection

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)
  • Configure Sever Groups and Policies
  • Manage Server Lockdown
  • Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
  • Download the installer for the Security Virtual Machine
  • Install the Security Virtual Machine (SVM) on a Hyper-V Server
  • Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
  • Perform a manual installation of the Guest VM Agent and view logs
  • Test and configure a script to deploy the GVM Agent
  • Manage Guest VMs from the Central Console
  • Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)
  • Generate and analyze an RCA
  • Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)
  • Source of Infection Tool
  • Release a File from SafeStore
  • Disinfect a Linux Server

Module 8: Endpoint Detection and Response (30 mins)

• Explain what EDR is and how it works
• Demonstrate how to use threat cases and run threat searches
• Explain how to use endpoint isolation for admin initiated and automatic isolation

• Demonstrate how to create a forensic snapshot and interrogate the database

• Labs (30 mins)

• • Create a forensic snapshot and interrogate the database
  • Run a threat search and generate a threat case

Module 9: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements
• Labs (25 mins)
  • Enable Manually Controlled Updates
  • Enable Multi-Factor Authentication
    

Agenda

Trainer: Michael Eleftheroglou

Day 1 Tuesday 11  February  2020

9:30-10:30 Deployment Scenarios

10:30-10:45 Break

10:45-11:30 Labs

11:30-11:45 Break

11:45-13:00 Client Deployment Methods I

13:00-14:00 Break Lunch

14:00-15:30 Labs

15:30-15:45 Break

15:45-17:15 End Point Policies

Day 2  Wednesday 12 February  2020

9:30-11:15 Labs

11:15-11:30 Break

11:30-12:00 Server Protection Policies

12:00-12:15 Break

12:15-13:30 Labs

13:30-14:30 Break- Lunch

14:30-15:30 Protecting Virtual servers

15:30-15:45 Break

15:45-16:45 Labs

16:45-17:30 Logging and Reporting

Day 3 Thursday 13 February 2020

9:30-10:30 Labs

10:30-10:45 Break

10:45- 11:30 Managing Infections

11:30-12:00 Labs

12:00-12:10 Break

12:10-12:40 Endpoint Detection and Response

12:40-13:45 Management

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

To better understand the realities of network security today, Sophos commissioned leading research specialist Vanson Bourne to conduct an independent survey of 3,100 IT managers spanning 12 countries and six continents.

The results shed new light onto the practical reality of today’s network security and the challenges IT teams face. It also reveals the Achilles heel of next-gen firewalls: the struggle to balance performance, privacy and protection.

Expect to find a threat on your network

The first takeaway from the survey is that organizations should expect to be hit by a cyberthreat. Over two-thirds (68%) of respondents fell victim to a cyberattack in the last year.

This propensity to fall victim to a threat is not the result of a lack of protection: 91% of affected organizations were running up-to-date cybersecurity protection at the time of the attack. However, good intentions and good practices are clearly not enough: there are still holes in organizations’ defenses that are enabling threats to get through.

Firewall enhancement wish list

Better threat visibility topped the list of improvements that IT managers want from their firewall, with 36% including it in their top three desired enhancements.

The fact that visibility outranked a desire for better protection illustrates just how significant an issue lack of insight is for IT teams.

However, firewall security isn’t the only area in need of improvements, three in ten of the IT managers also wanted better performance.

Overall, a clear picture emerged: it’s no longer a question of one or the other, rather, today’s IT teams require both performance and protection from their firewalls.

The understated risk: encrypted traffic

Encryption keeps network traffic private, but it doesn’t mean the contents can be trusted. In fact, encrypted traffic is a huge security risk because it renders firewalls blind to what is flowing through the network and prevents them from identifying and blocking malicious content.

Hackers are actively exploiting encryption to enable their attacks to enter undetected. SophosLabs research has revealed that 32% of malware uses encryption.

The level of encrypted network traffic is rising rapidly. Data from the Google Transparency Report indicates that over 80% of web sessions are now encrypted across all platforms, up from 60% just two years ago. However, the IT managers surveyed believed that on average only 52% of their network traffic is encrypted.

The discrepancy between perceived and actual levels of encryption together with the widespread use of encryption in cyberattacks suggests that encrypted traffic is an underestimated security risk.

The Achilles heel of network security

While 82% of survey respondents agreed that TLS inspection is necessary, only 3.5% of organizations are decrypting their traffic to properly inspect it.

There are a number of reasons behind this: concerns about firewall performance; a lack of proper policy controls; poor user experience; and complexity.

The reality is that most organizations need to carefully balance performance, privacy and security. However, they lack the tools needed to do so effectively and efficiently. As a result, they are choosing to allow encrypted traffic to pass unchecked and putting themselves at risk from hidden network threats.

This inability to balance performance, privacy and protection is the Achilles heel, the hidden weakness, of many next-gen firewall and UTM solutions.

Sophos XG Firewall: Designed for the modern encrypted internet

The Xstream Architecture in XG Firewall v18 offers a ground-up solution to eliminating the network traffic blind spot without impacting performance.

It delivers:

• High performance, a lightweight streaming engine with high connection capacity
• Unmatched visibility into your encrypted traffic flows and any errors
• Top security that supports TLS 1.3 and all modern cipher suites with robust certificate validation
• Inspection of all traffic, being application and port agnostic
• A great user experience with extensive interoperability to avoid breaking the internet
• Powerful policy tools that offer the perfect balance of performance, privacy and protection

The new Xstream SSL Inspection engine will be available to all XG Firewall customers at no extra charge. Try it now as part of the early access program.

To learn more about Sophos XG Firewall and see it in action, visit the web page or start an instant online demo.

Download a PDF copy of the report to get the full survey results.