Since we began writing last year about the consumer-hostile trend in mobile apps that we’re calling fleeceware, the number of apps we’ve discovered that engage in this practice have only increased. In the first two articles we wrote about fleeceware, we covered various Android apps in the official Play Store charging very high subscriptions for apps of questionable quality or utility.

In this latest round of research, we found more than 30 apps we consider fleeceware in Apple’s official App Store.

Many of these apps charge subscription rates like $30 per month or $9 per week after a 3- or 7-day trial period. If someone kept paying that subscription for a year, it would cost $360 or $468, respectively. For an app.

Like we have seen before, most of these fleeceware apps are image editors, horoscope/fortune telling/palm readers, QR code/barcode scanners, and face filter apps for adding silly tweaks to selfies.

Many of these apps lack any extraordinary features that aren’t already present in many other apps, including truly free apps. It’s debatable that the apps provide “ongoing value to the customer,” as required in Apple’s App Store Review Guidelines for app subscriptions, section 3.1.2(a).

When “free” isn’t really free

Many of the fleeceware apps we see are advertised within the App Store as “free” apps, which puts the apps at odds with  section 2.3.2 of the App Store Review Guidelines, which require developers to make sure their “app description, screenshots, and previews clearly indicate whether any featured items, levels, subscriptions, etc. require additional purchases.”

If you think one of these apps is free and install it, the app presents you with a “free trial” notification immediately upon launching the app for the first time. This notification prompts the user to provide payment card details. In some cases, most of the useful features of the app will only be usable if you sign up for the subscription. Some users may sign up to subscribe without reading the fine print, which includes the actual cost of the subscriptions.

Fleeceware in Top Grossing app charts

While the Apple App Store does not publish the number of downloads for any given app within the app’s listing in the store, the company does keep track of how much money apps make. Many of these fleeceware apps are listed among the top grossing apps, at the time of writing. It’s fair to say these apps are generating plenty of revenue for developers, of which Apple keeps a 30% cut during the first year.

Zodiac Master Plus, one of the apps on our list of fleeceware, is listed as the 11th highest revenue-generating app. Another app, named Lucky Life – Future Seer, is earning more revenue than even the extremely popular Britbox, one of the UK’s most popular subscription streaming TV services.

One third party source estimates App Store revenue, which includes all types of purchases, to be $13 billion dollars in 2018, just in the USA.

After one year, Apple gets 15% and the developer’s share increases to 85% of the subscription price.

Advertisements drive more people to fleeceware

If you find yourself wondering why users would even consider installing apps such as these, it’s probably thanks to advertising. These apps are advertised through various popular platforms, including in YouTube videos or on social media platforms like Instagram, TikTok, and even in ads that appear within other apps.

When users visit the app’s page in the App Store app, they’ll find a high number of five-star reviews. While we have no evidence that these are manipulated or artificially inflated reviews, that is another criteria by which the App Store may take action against developers. These advertisements offer a high return on investment, given the high subscription charges.

But not all the reviews are upbeat about these products. Here are a few examples of negative user reviews that illustrate how ads attract users to the apps.

Negative reviews and vulnerable users

These apps also have lots of negative, one-star reviews from users complaining about the challenge of canceling subscriptions and getting refunds, with many iPhone and iPad owners wondering aloud why apps that exhibit this type of behavior exist on Apple’s official App Store.

In one instance, one user posted a complaint about being charged £148 (about US$170) over a 5 month period, when his child accidentally subscribed to one of these apps, and he didn’t notice the subscription charges right away.

The negative reviews for some of these products are devastating.

Both iOS and Android face a fleeceware problem

Fleeceware is a problem on both the Android and iOS mobile platforms. The list below is representative of the fleeceware apps we’ve seen at the time of this writing. App publishers also have the ability to introduce new fleeceware apps by releasing new apps with the same subscription policies, or by converting a previously free app into fleeceware by changing the app’s profile in the App Store, though Apple developer policies prohibit this behavior.

Users should remain vigilant and carefully scrutinize the terms for purchasing or “subscribing” to apps promoted through in-app advertisements. If $30 a week seems like a lot to spend on astrology, a barcode reader, or an app that will show you what you’ll look like when you’re 80 years old, find another app.

How to cancel your subscriptions

If you have one of these fleeceware apps and want to change or cancel your subscription, please follow the instructions below

iOS

This is how you can do it on Iphone as described in Apple support page here.

Android

Instructions for cancelling Android app subscriptions from Google’s Play Store support page:

On your Android phone or tablet, open the Play Store.

1. Check if you’re signed in to the correct Google Account.
2. Tap the hamburger menu icon  Subscriptions.
3. Select the subscription you want to cancel.
4. Tap Cancel subscription.
5. Follow the instructions.

Hackers are busy exploiting coronavirus in their attacks. In recent weeks SophosLabs has seen a surge of COVID- and Corona-related domains registered – while some will be legitimate, it’s a fair bet that the majority are destined for criminal purposes.

Common attack techniques

Phishing attacks using COVID-19 as a lure are the most visible and immediate cybersecurity risk right now. Common tactics include:

Coronavirus news

Beware of emails, SMS, and WhatsApp messages from unknown sources with information on coronavirus. Often hackers impersonate legitimate organizations and people to make their messages more believable.

Home delivery scams

With many people waiting on home delivery of essential items, hackers are impersonating delivery services. Their goal: to trick you into clicking malicious links or con you into paying extra ‘delivery’ fees.

We’re also seeing coronavirus used in other ways, including:

Extortion attempts

Criminals threaten to infect people with coronavirus unless you pay them. Often these threats include a small piece of personal information to make it more believable.

Malicious apps

Purporting to give you useful information on coronavirus, these apps enable the crooks to access all the information on the device – and even hold you to ransom.

Malicious documents

These documents claim to contain coronavirus-related information. Upon opening them you’re asked to ‘enable editing’ and ‘enable content.’ Doing so installs malicious software onto your computer.

Practical steps to minimize risk

In the current situation, many people are lowering their guard to phishing attacks and scams. We’re more anxious, more eager for information, and therefore less likely to question something that could be suspect.

With that in mind, here are three practical steps you can take to minimize the risk from coronavirus-related attacks.

Enable Multi-Factor Authentication (MFA)

MFA is a great form of defense against attacks that use a fake login page to trick people into entering their credentials.

Raise awareness of these scams amongst your employees

A simple, but effective, step is to always looks at the actual email address used to send the email, not just the display name. (If you’re on a mobile device click on the display name to reveal the real email address.)

Sophos Phish Threat, our phishing simulation and training tool, is available to everyone for free for 30 days, and now includes a coronavirus phishing template to help train your teams.

Make sure your endpoint and email protection are well-configured

When properly set-up, good protection can catch a phishing attack in multiple ways. You can try our endpoint and email protection for free at any time.

This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos. The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

Sophos XG Architect Training (Tuesday 28 April 2020– Thursday 30 April 2020)

(3 days Training)

Requirement

XG Firewall _ Certified Engineer course and delta modules up to version 18.0

Recommended Knowledge

1. Knowledge of networking to a CompTIA N+ level
2. Knowledge of IT security to a CompTIA S+ level
3. Experience configuring network security devices
4. Be able to troubleshoot and resolve issues in Windows networked environments
5. Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Deployment
• Module 2: Base firewall
• Module 3: Network Protection
• Module 4: Synchronized security
• Module 5: Web server Protection
• Module 6: Site to site connections
• Module 7: Authentications
• Module 8: Web Protection
• Module 9: Wireless
• Module 10: Remote Access
• Module 11: High Availability
• Module 12: Pulic Cloud

Certification

+ exam: Sophos XG Architect

Duration 3 days 

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 28 April  2020

9:30-10:45 Module 1: Deployment and Lab

• Recall important information from Engineer courses
• Deployment modes supported by the XG Firewall
• Understand a range of scenarios where each deployment mode would commonly be used
• Use built-in tools to troubleshoot issues
• Labs

10:45-11:00 break

11:00-13:00 Module 2: Base Firewall

• Explain how the XG firewal can be accessed
• Understand the types fo interfaces that can be created
• Understand the benefits of Fast Path Technology
• Configure routing per firewall rule
• Understand best practice for ordering firewall rules
• Explain what Local NAT policy is and known how to configure it.

13:00-14:00 Lunch

14:00-16:00  Labs

• Activate the Sophos XG Firewalls
• Post installation Configuration
• Bridge interfaces
• Create a NAT rule to load balance access to servers
• Create a local NAT policy
• Configure routing using multiple WAN links
• Configure policy-based routing for an MPLS scenario
• Install Sophos Central

16:00-16:15 Break

 16:15-17:15  Module 3:Network Protection and Lab

• Explain what IPS is and how traffic can be offloaded to Fastpath
• Demonstrate how to optimize workload y configuring IPS policies
• Examine advanced Intrusion Prevention and optimize policies
• Configure advanced DOS Protection rules
• Demonstrate how the strict policy can be used to protect networks
• Labs- Create Advanced DoS Rules

Day 2  Wednesday 29 April  2020

9:30-11:00 Module 4: Synchronized Security and Labs

• Explain how Security Heartbeat works
• Configure Synchronized Security
• Deploy Synchronized Security in discover and inline modes
• Understand the advantages and disadvantages of deploying
• Synchronizes Security in different scenarios
• Labs
• Configure source-Based Security
• Hearteat firewall rules
• Destination based Security Heartbeat
• Missing Security Heartbeat
• Lateral Movement Protection

11:00-11:15 Break

11:15-13:45 Module 5 Webserver Protection and Labs

• Explain how Websever Protection works
• Describe protection features for a web application
• Configure Web Server authentication
• Publish a web service using the Web Application Firewall
• Use the preconfigured templates to configure Web Server Protection for common purposes
• Configure SlowHTTP protection
• Labs (Web Application Firewall)
• Labs (Load balancing with Web Server Protection)
• Labs (Web Server Authentication and path-specific routing)

13:45-14:45 Break and Lunch

14:45-17:45 Module 6: Site to site connections and Labs

• Configure and deploy site to site VPNs in a wide range of environment
• Implement IPsec NATing and failover
• Check and modify route precedence
• Create RED tunnels between XG firewalls
• Understand when to use RED
• Labs ( Create an IPsec site to site VPN
• Labs ( Configure VPN network NATing )
• Labs (Configure VPN failover)
• Labs (Enable RED on the XG firewall)
• Labs (Create a RED tunnel between two XG Firewalls
• Labs (Configure routing for the RED tunnel)
• Labs (Configure route-based VPN)

Day 3 Thursday 30 April  2020

9:00-10:00 Module 7: Authentications and Labs

• Demonstrate how to configure and use RADIUS accounting
• Deploy STAS in large and complex environment
• Configure SATC and STAS together
• Configure Secure LDAP and identify the different secure connections available
• Labs (configure an Active Directory Authentication server)
• Labs (configure single sing-on using STAS
• Labs (Authenticate users over a site to site VPN)

10:00-11:15  Module 8: Web Protection

• Choose the most appropriate type for web protection in different deployment scenarios
• Enable web filtering using the DPI engine or legacy web proxy
• Configure TLS inspection using the DLP engine or legacy web proxy
• Labs (Install the SSL CA certificate)
• Labs (Configure TLS inspection rules)
• Labs (Create a custom web policy for users)

11:15-11:30 Break

11:30-12:15 Module 9: Wireless

• Explain how Sophos Access Points are deployed and identify some common issues
• Configure RADIUS authentication
• Configure a mesh network

12:15-13:05 Module 10:Remote Access

• Configure Sophos Connect and manage the configuration using Sophos Connect Admin
• Configure an IPsec remote access VPN
• Configure an L2TP remote access VPN for mobile devices
• Labs (Sophos Connect)

13:05-14:25 Module 11: High Availability

• Explain what HA is and how it operates
• Demonstrate how to configure HA and explain the difference between quick and manual configuration
• List the prerequisites for high availability
• Perform troubleshooting steps andc heck the logs to ensure that HA is set up correctly.
• Explain the packet flow in high availability
• Demonstrate how to disable HA
• Labs (Create an Active-Passive cluster)
• Labs (Disable High Availability)

14:25-15:05 Break – Lunch

15:05-16-15 Public Cloud and Labs

• Deploy XG firewall in complex network enviroments
• Explain how XG firewall process traffic and use this information to inform the configuration
• Configure advanced networking and protection features
• Deploy XG firewall on public cloud infrastructure
• Labs (Put a service in debug mode to gather logs)
• Labs (Retrieving log files)
• Labs (Troubleshoot an issue from an imported configuration file)
• Labs (Deploy an XG Firewall on Azure (simulation)

16:15  (Exams)

The increase in remote working is driving greater use of mobile devices for business purposes. In this article we explore how Sophos Mobile can help you keep your devices and data secure, and how to balance privacy, security and productivity.

Setting up remote employees

Not everyone has the option to use a corporate-owned device and you may need to enable people to start using personal devices for work. Sophos Mobile lets you to secure any combination of personal and corporate-owned devices with minimal effort.

Users can easily set up their personal macOS, Windows 10, or mobile devices via the flexible self-service portal; they can enroll their device, reset passwords, and get help, all without any involvement from IT.

Balancing privacy and security

In Bring Your Own Device (BYOD) scenarios, you need to protect and control business email and data without intruding on your users’ privacy. The container-only management capabilities in Sophos Mobile let you control corporate content in the Sophos Secure Email and Sophos Secure Workspace apps without requiring management of the mobile device itself. This way, your users’ personal information remains private, while company resources are protected.

Protecting against mobile threats

10% of threats are discovered on mobile devices according to our recent survey of 3,100 IT Managers. Sophos Mobile includes Intercept X for Mobile which leverages our Intercept X deep learning engine to protect your users, their devices and corporate data from known and never-before-seen mobile threats. Intercept X for Mobile also gives your users easy-to-use security tools right at their fingertips, such as the Authenticator, Password Safe, Secure QR Code Scanner and Privacy Advisor.

Set up is as simple as downloading the app from the relevant app store and then enrolling your device via the Corporate management tool.

Your users can also use Intercept X for Mobile for free to protect their personal devices – they can simply download and start using today.

Read our help guide for more information on using Intercept X for Mobile.

Keeping employees safe on the web

Intercept X for Mobile also helps you keep your users safe on the web, stopping risky file types being downloaded, and blocking access to inappropriate websites to maintain productivity and compliance. Read our step-by-step guidelines for creating a Web Filtering policy.

Monitoring and control

Compliance policies in Sophos Mobile help ensure mobile devices are used appropriately – both from a security and business policy perspective. For example, you can:

• Ensure that only reputable apps are downloaded from the relevant app stores
• Block the sideloading of a potentially dangerous app
• Restrict access to business resources
• Allow, forbid or enforce certain features of a device
• Define actions that are executed when a compliance rule is violated

You can create separate compliance policies and assign them to different device groups, allowing you to apply appropriate levels of security and access for your users and devices. See the full list of available compliance rules.

For more information and general configuration steps for both Sophos Mobile and Intercept X for Mobile, take a look at the comprehensive help guide.

Sophos

The widespread nature and severity of coronavirus (COVID-19) continues to raise challenges on a variety of fronts. For many organizations, one of those is the need to enable employees to work from home until it’s safe to return to the office.

Solutions for remote working exist, but they can be costly and complex to implement. And, they may not offer the level of security you need.

If you’re looking for a solution that solves each of these issues, Sophos can help. You can take advantage of our free 90-day XG Virtual Firewall Free Trial to get your employees securely connected from home.

XG Virtual Firewall is available on your favorite virtual platforms including VMware, Hyper-V, Citrix XenApp, and KVM. It provides a bevy of connectivity and security features and it’s easy to set up. Simply visit the free trial page, fill out the form, and you’re off.

Secure connectivity for remote workers

A nice aspect of the virtual free trial is its multi-platform support. You can also select the hardware you want to install it on, which makes the process more convenient.

XG Virtual Firewall includes a base license that offers remote connectivity options for users, including both IPsec through Sophos Connect client, and SSL VPN. Both provide secure methods for connecting from home back to the corporate office and accessing resources such as email, applications, and documents.

Your free trial also includes a FullGuard security bundle that protects your firewall and connected devices from threats such as ransomware, breaches, phishing emails, and more.

You can even add additional services such as Sophos Intercept X to take advantage of our Synchronized Security feature, which shares telemetry data on the health status of each connected device in addition to isolating any endpoint that does become infected so the infection can’t spread laterally to other hosts.

Setting up your XG Virtual Firewall free trial

Keeping your organization running smoothly can be challenging during the best of times. As we switch to a “work from home” model until it’s safe to return to the office, having a solution that meets your remote connectivity and security needs can help make things easier. And, it doesn’t need to be difficult to get up and running quickly.

We’re here to make your XG Virtual Firewall Free Trial simple to deploy and configure so your remote employees can get connected and stay productive. Here are some resources to help you get started.

• Sign up for the XG Virtual Firewall Free Trial
• XG Firewall Virtual and Software Appliance Installation Guide
• XG Firewall: Useful links for configuring VPN remote access
• XG Firewall: How to configure Connect client on XG Firewall
• XG Firewall: How to configure SSL VPN remote access

If you have questions at any point during your free trial please visit our knowledgebase, review our how-to videos, documentation, or contact us.

After 90 days

Should you wish to continue using XG Firewall once the free 90-day trial ends, we can help you transition to a hardware, virtual or cloud instance of XG Firewall.  Speak to your Sophos representative to discuss your requirements.

Sophos Endpoint Protection is designed to secure everyone, whether they’re office-based or working elsewhere. With many customers enabling or exploring remote working for their employees, this article highlights key capabilities that help you keep your users and data secure while working from home.

Setting up remote workers

The Sophos Central management platform makes it easy to set up and protect employees who are working from home, even if they are a new user or are using a personal device.

To get started you can download the installer file for whichever components you wish to deploy. Alternatively you can use email deployment which is perfect for users who are not currently on the network or for users who need to perform the installation themselves.

If users are not already imported or synchronized via Active Directory synchronization, you need to import their email addresses into Sophos Central. Once complete, simply click the Send Installers to Users button that is highlighted in the image below.

A simple wizard will guide you through picking which components to deploy. The user will receive an email with instructions on what to do and a link to the installer for them to run themselves.

For more information on the various deployment methods for our endpoint protection agent, see Knowledge Base article 119265.

Keeping employees safe on the web

When a user is in an office, traditionally it’s your company firewall that enforces web filtering rules. However, unless they are using a VPN, when people work from home their laptop needs to pick up that role and enforce any web filtering rules defined by your organization.

At the same time, working from home can also lead to changes in behaviour as users adopt a ‘home use’ rather than ‘work’ mindset. This can lead them to use their company device for non-work purposes.

The Web Control capabilities in Sophos Endpoint Protection stops risky file types being downloaded and blocks access to inappropriate websites. Read our step-by-step guidelines for creating a Web Control policy.

Controlling which peripherals employees can plug into their devices

14% of cyberattacks entered the organization via USB sticks or external devices, according to our recent survey of 3,100 IT managers. With more people working from home, there is potential for people to plug new devices into their company laptop.

Peripheral Control in Sophos Endpoint Protection enables you to control what employees can and can’t plug into their corporate devices. Read our step-by-step guidelines for creating a Peripheral Control policy.

For more information on how to enable safe and secure remote working, visit our remote working page or speak with your Sophos representative.

As organizations look to keep their workforce connected and productive, the ability for employees to work from home or any another location has become critical. While coronavirus (COVID-19) is driving the current increase in remote working, long commute times, severe weather and the need for greater flexibility are just some of the other reasons companies are looking at alternatives to working in an office.

Sophos XG Firewall and SD-RED devices provide businesses, schools, hospitals and other organizations with multiple solutions for secure remote connectivity. Employees can have access to applications, email and resources on the network from their own home, just as if they were onsite. And, you can keep them safe with features like web filtering which controls access to websites containing harmful and inappropriate content. Here’s how:

XG Firewall and Connect client

If you own an XG Firewall (hardware or virtual appliance), you have a perpetual Base license that includes both IPsec and SSL VPN connectivity. You can choose either or both to provide your remote workers with access to the corporate network.

Setting up IPsec-based remote access is managed through Sophos Connect client on XG Firewalls running v17.5 or newer firmware. Connect client is focused on ease of use and reliability to ensure an extremely positive user experience. Just select your desired network or office and click “Connect” to establish an encrypted VPN tunnel that secures the transmission of traffic (data, applications, etc.) between the firewall and remote device. On the client side, the remote device uses free Connect client software for either Windows or macOS to create the VPN connection.

SD-RED

An alternative solution for connectivity from home is Sophos SD-RED. These low-cost Remote Ethernet Devices create a secure Layer 2 VPN tunnel to a central XG Firewall. SD-RED makes a great remote access solution for connecting remote sites, as well as for individual employees who deal with particularly sensitive information, such as executives.

No technical expertise is needed to connect the device. Simply note the device ID in your XG Firewall and ship it to the employee. As soon as it’s plugged in and connected to the internet, the SD-RED appliance contacts your XG Firewall and establishes a secure dedicated VPN tunnel. You can connect to the device directly or wirelessly through a Sophos APX wireless access point.

IPsec or SSL VPN: Which remote access solution is right for me?

With both IPsec and SSL VPN options available to you in XG Firewall, how do you choose the one that’s right for you? Here are some points to consider when evaluating your environment:

IPsec VPN – Sophos Connect client

Strengths:

• Easy for administrators to bulk deploy and provision
• Intuitive to use
• Consistent performance
• Windows and macOS support

Challenges:

• IPsec occasionally blocked on hotel/public hotspot networks
• No automated user group provisioning
• Currently limited to 255 simultaneous connections

SSL VPN

Strengths:

• Provision access by user groups
• Works in more restricted environments

Challenges:

• Agent deployment geared to end user self-installation
• User action required to deploy VPN policies
• Windows-only support

Resources

Sophos has a series of tools to help you learn more about configuring IPsec and SSL VPN connections for secure remote access using your XG Firewall:

• XG Firewall: Useful links for configuring VPN remote access – Community article
• Using Sophos Connect VPN client – Community article
• XG Firewall: Sophos Connect client – Knowledge Base article
• Sophos Connect client – User Assistance article
• Sophos Connect VPN client – Video
• XG Firewall: How to deploy Sophos Connect via Group Policy Object (GPO) – Knowledge Base article
• XG Firewall: How to configure SSL VPN remote access – Knowledge Base article and video
• XG Firewall: Licensing guide – Knowledge Base article
• XG Firewall: Performance testing methodology – Knowledge Base article

Securing remote connections

With sensitive information travelling back and forth between the firewall and remote devices over the internet, ensuring the traffic is secured from threats is critical. If your XG Firewall has a TotalProtect Plus or FullGuard Plus license, traffic is scanned for ransomware, viruses, intrusions, and other threats in both directions, providing comprehensive protection.

Extend your protection with Synchronized Security

When your remote device has an active Sophos Intercept X license, it can share real-time threat, health and security information with XG Firewall via the Security Heartbeat ™. If a remote device becomes infected, XG Firewall isolates the device until it is cleaned, preventing the infection from moving laterally to other devices on the network.

Stay home, stay connected

Whatever reason your workforce is at home, you can help them stay connected with your XG Firewall. Check out the resources in this article, and for more information, speak with your local Sophos sales team. Stay tuned for enhancements to Connect client in an upcoming XG Firewall v18 maintenance release.

Sophos

Coronavirus has brought remote working to the top of everyone’s mind. With many organizations already enabling or exploring remote working, here are 11 tips to help your users, and your company, stay secure while protecting everyone’s physical health.

1. Make it easy for users to get started

Remote users may need to set up devices and connect to important services (Mail, Internal Services, SalesForce, etc.) without physically handing them over to the IT department. Look for products (security and otherwise) that offer a Self Service Portal (SSP) that allows users to do things themselves.

2. Ensure devices and systems are fully protected

Go back to basics – ensure all devices, operating systems and software applications are up to date with the latest patches and versions.  All too often malware breaches an organization’s defenses via a rogue unpatched or unprotected device.

3. Encrypt devices wherever possible

When people are out of the office there is often a greater risk of lost or stolen devices; for example, phones left in cafes, laptops stolen from cars. Most devices include native encryption tools such as BitLocker – be sure to use them.

4. Create a secure connection back to the office

Using a Virtual Private Network (VPN) ensures that all the data transferred between the home user and the office network is encrypted and protected in transit. Plus, it makes it easier for employees to do their jobs.

5. Scan and secure email and establish healthy practice

Home working will likely lead to a big increase in email as people can no longer speak to colleagues in person. The crooks are wise to this and already using the coronavirus in phishing emails as a way to entice users to click on malicious links. Ensure your email protection is up-to-date and raise awareness of phishing.

6. Enable web filtering

Applying web filtering rules on devices will ensure that users can only access content appropriate for ‘work’ while protecting them from malicious websites.

7. Enable use of cloud storage for files and data

Cloud storage enables people to still access their data if their device fails while working remotely. Don’t leave files and data in the cloud unprotected and accessible by anyone. At the very least, employees must successfully authenticate. Multi factor authentication takes that a step further.

8. Manage use of removable storage and other peripherals

Working from home may increase the chance of people connecting insecure devices to their work computer – to copy data from a USB stick, or to charge another device. Considering that 14% of cyberthreats get in via USBs/external devices*, it’s a good idea to enable device control within your endpoint protection to manage this risk.

9. Control mobile devices

Mobile devices are susceptible to loss and theft. You need to be able to lock or wipe them should this happen. Implement application installation restrictions and a Unified Endpoint Management solution to manage and protect mobile devices.

10. Make sure people have a way to report security issues

With home working people can’t walk over to the IT team if they have an issue. Give people a quick and easy way to report security issues, such as an easy-to-remember email address.

11. Make sure you know about “Shadow IT” solutions

With large numbers of people working from home, Shadow IT – where non-IT staff find their own ways of solving issues – will likely increase. Sophos recently discovered ‘public’ Trello boards containing names, emails, dates of birth, ID numbers, and bank account information. Ensure users report use of such tools.

If you’d like more information we’re running a series of webinars on this topic in the coming weeks. Register for you spot today.

All roads lead to Rome, or at least that is what the proverb says, meaning no matter what route you take, you will always end up with the same result.  Unfortunately, this isn’t something you can say for sensitive data.  At Boldon James, we have spent the past twenty years working with defence and intelligence environments, and can report that often many roads exist, but only one of those is operational.

What am I referring to with this proverb? Well, it’s how we classify sensitive data. Applying a classification to an email message should be straight forward: mark it as ‘sensitive’, store as a piece of metadata on the email and send it. The email was probably the first type of electronic data to have a dedicated place to store a Classification. The 1988 X.400 standards included a ‘Security Label’,  which was used by defence and intelligence systems for transmitting classified email messages (the phrase ‘Security Label’ is an X.400 term for what this blog will refer as the ‘Classification’).

You would imagine having only one location to look for the Classification made interoperability easy. However, the downside of X.400 was the strict binary encoding (ASN.1), meaning the recipient of an X.400 Security Label had to first understand the binary, and convert this into text for display to the end-user. If system ‘A’ used a different binary encoding to system ‘B’, the two systems couldn’t interoperate, and with neither system willing to alter their encoding, because of the legacy data they had stored, the solution resulted in complex gateways to convert between the two encoding formats.

We’ve largely left the X.400 world behind us, and moved into the SMTP world where everything is plain text, operates over the internet and is generally a lot easier than X.400. However, in the SMTP world, we don’t:

a) have a standard place to store a Classification or,
b) a standard format for the Classification.

Is this progress? Today, we’ve seen the Classification stored in the subject field, the first line of text in the email body, and a multitude of customised x-headers. Interoperability is generally achieved by adding additional Classifications onto the email. It’s not uncommon to find four or five variants of the Classification (in differing formats) on the email message; in which case, how do we know which one is the reference Classification? The more systems we have that label and share sensitive data,  the more interoperability issues we will begin to see – as we realise that in fact not all roads leads to Rome.

In the defence world, NATO has been looking at data-centric security and written standards (STANAG 4774 and 4778) which defines a standard place and format for storing the Classification on an email message (and also to cryptographically bind that Classification to the email message).  Boldon James is involved in prototyping these standards at various defence events; have we reached the time when the commercial world needs similar standards, allowing all roads return to Rome (or wherever your favourite City is!)?

Boldon James

Earlier this week the personal details of more than 10.6 million MGM Resort hotels guests were published on a hacking forum, the result of a cloud server data breach.

With this in mind, we take a look at some things you can do to avoid falling victim to a public cloud attack, including how Sophos can help you see and secure your data in the public cloud.

Know your responsibilities

Before anything else, you need to understand what you are responsible for when it comes to storing data in the public cloud.

Public cloud providers such as AWS, Azure, and Google offer customers a great deal of flexibility in how they build their cloud environments.

But the consequence of all this flexibility is that they can’t completely protect your virtual network, virtual machines, or data while in the cloud. Instead they run a Shared Responsibility model – they ensure security of the Cloud, while you are responsible for anything you place in the Cloud.

Aspects such as physical protection at the datacenter, virtual separation of customer data and environments – that’s all taken care of by the public cloud providers.

You might get some basic firewall type rules to govern access to your environment. But if you don’t properly configure them – for instance, if you leave ports open to the entire world – then that’s on you. So learn what you’re responsible for – and act on it.

Watch our shared responsibility video to learn more.

Five steps to minimize your risk of attack

Here are five essential steps you should take to minimize your risk of a cloud-based attack, and protect your data.

Step 1: Apply your on-premises security learnings

On-premises security is the result of decades of experience and research. When it comes to securing your cloud-based servers against infection and data loss, it’s a good idea to think about what you already do for your traditional infrastructure, and adapt it for the cloud:

Next-gen firewall

Stop threats from getting onto your cloud-based servers in the first place by putting a web application firewall (WAF) at your cloud gateway. Also look to include IPS (to help with compliance) and outbound content control to protect your servers/VDI.

Sophos XG Firewall protects your cloud and hybrid environments. And, with pre-configured virtual machines in Azure and AWS, you can be up and running quickly.

Server host protection

Run effective cybersecurity protection on your cloud-based servers, just as you would your physical servers.

Sophos Intercept X for Server protects your AWS and Azure workloads from the latest threats. Watch this video overview to see it in action.

Endpoint security and email protection

While your network may be in the cloud, your laptops and other devices are staying on the ground, and all it takes a phishing email or spyware to steal user credentials for you cloud accounts.

Ensure you keep endpoint and email security up to date on your devices to prevent unauthorized access to cloud accounts.

Step 2: Identify all your cloud assets

If you can’t see the data in the public cloud, you can’t secure it.

That’s why one of the most important factors in getting your cloud security posture right is getting accurate visibility of your infrastructure and how traffic flows through it. This will allow you to identify anomalies in traffic behavior – such as data exfiltration.

Step 3: Build a complete inventory

Build a complete inventory of your cloud estate, including server and database instances, storage services, databases, containers and serverless functions.

As well as looking at numbers of assets, also look for weak spots. Potential risk areas include:

• Databases with ports open to the public internet that could allow attackers to access them
• Cloud storage services set to public
• Virtual hard drive and Elastic Search domains set to public

Step 4: Regularly review identity access management

Actively manage user roles, permissions, and role-based access to cloud services. The scale and interwoven nature of individual and group access to services creates an enormous challenge, and attackers will exploit that gap in security.

Ensure you have visibility over all access types, and their relationships to cloud services to identify overprivileged access and review your policies accordingly. Afterall, if a hacker obtained these credentials, they could search far and wide across your cloud accounts for sensitive data.

Step 5: Actively monitor network traffic

Look for the telltale signs of a breach in your network traffic, with unusual traffic spikes a key indicator of data exfiltration.

The dynamic nature of the cloud means that traffic and assets are changing frequently, so humans generally struggle to track all these data points.

Instead use AI to harness these data sources and build a picture of what “normal” traffic is, then when activities occur outside “normal” you can be alerted instantly to unusual, and potentially malicious behavior.

Sophos Cloud Optix makes it easy for you to see all your cloud databases and workloads. It also enables you to identify potential vulnerabilities within your architecture so you can prevent a potential breach point.

Start an instant no-obligation online demo to see Cloud Optix in action for yourself.

As organizations move quickly to do their part in stopping the spread of COVID-19 people are working remotely more than ever before.  At CyberArk we have taken action to protect the health and safety of our global community of customers, partners and employees – including having our employees across the globe work from home.

It’s not always easy for organizations to move to full remote work, especially having to balance productivity and security. Sudden, unexpected changes in the amount of work being done from home affects the workflows of remote users – especially those requiring privileged access – and most of the time, organizations don’t have the ability to properly scale. Additionally, attackers are working to capitalize on people’s fears and desire for information, which underscores the need to safeguard critical systems and assets.

Utilizing technology to overcome these challenges can help make these trying times a bit easier. Whether that’s making greater use of video chat and conference calling or allowing secure access to internal systems from anywhere, technology is helping business to continue with as little disruption as possible.

Recently we launched a new use case for CyberArk Alero to address the needs of all remote users (employees and vendors) by providing secure remote access to critical systems managed by CyberArk.

Starting today, we’ll be offering qualified customers the use of CyberArk Alero at no cost through the end of May in hopes that it will help ease some of the burden associated with the changing work environment.  There are many ways that we, as individuals and as a company, are working to help our communities during this trying time.  As business continuity plans are being tested, we hope to help organizations keep business running securely while putting the health and safety of all of us first.

Sophos Mobile Control Architect Training (2 days Training) –  Tuesday, March 31st 2020 – Wednesday April 1st, 2020

Requirement

Have completed and passed the Sophos Mobile Certified Engineer course and any subsequent delta modules up to version 8.5

Recommended Knowledge

• Knowledge of how setup a Windows Active Directory environment with servers and workstations
• Experience of Windows networking and the ability to troubleshoot issues
• Understand the principles of DMZs, proxies and reverse proxies
• Experience using Microsoft SQL Server and Microsoft Exchange Server
• Experience with webservers or another web facing infrastructure
• Be familiar with iOS, Android and Window mobile devices

Content

• Module 1: Solution Overview & Architecture
• Module 2: Installation
• Module 3: Configuration & Management
• Module 4: Containers
• Module 5: Sophos Mobile Security
• Module 6: EAS Proxy
• Module 7: Network Access Control
• Module 8: Server Maintenance

Certification

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts

Duration 2 days

Lab Environment

Each student will be provided with a pre-configured environment which simulates a company network with two sites, a head office and a branch office and contains Windows Servers, a Windows Desktop and three XG Firewalls

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 31 March 2020

9:30-10:30 Module 1: Solution Overview & Architecture

• Review Sophos Mobile knowledge from the Engineer course
• Explore the architecture of Sophos Mobile and deployment options
• Understand communication protocols, clustering and sizing the solution

10:30-10:45 break

10:45-11:45 Module 2: Installation

• Understand the supported devices, servers and database versions for Sophos Mobile
• Understand the installation process
• Understand the installation pre-requisites and tools used to ensure these are met
• Configure an External Directory
• Configure post-installation settings
• Understand cluster configuration and user roles
• Explain the migration tool and troubleshooting steps during installation.

11:45-13:15 Lab 1 Installation

• Prepare the Sophos Mobile Server
• Create an SSL certificate using the Sophos Mobile SSL Certificate Wizard
• Install Sophos Mobile using an existing database and PKCS12 certificate file
• Create and install an APNs certificate
• Configure the internal EAS proxy
• Install the CA Certificate (for iOS devices only)

13:15-14:15 Lunch

14:15-16:15 Module 3: Configuration & Management

• Configure Super Admin settings and customer settings
• Understand configuration inheritance
• Configure SCEP and troubleshoot common issues
• Configure mobile devices
• Understand Device Profiles, Apple VPP, Apple DEP, Android for Work & Device Owner
• Configure Task Bundles and Device groups
• Configure the Self Service Portal
• Configure compliance policies
• Understand how to remove a device from Sophos Mobile
• Troubleshooting common issues

16:15-16:30 Break

16:30-17:30 Lab 2: Configuration & Management

• Configure Super Admin level settings
• Configure inheritance and view assigned configuration
• Create a customer and configure customer level settings
• Enroll a mobile device (Android or iOS)

Day 2 Wednesday 1 April 2020

9:30-10:00 Module 4: Containers

• Explain what Container-only Management is
• Describe which components are included in the Sophos Container
• Explain how document encryption works with Secure Workspace
• Describe the possible compliance actions available
• Explain Samsung KNOX

10:00-10:30 Lab 3: Sophos Container

• Manage documents in Sophos Mobile
• Create an encrypted file using the SafeGuard client
• Configure and test a Sophos Container Policy (Android and iOS)

10:30-10:45 Break

10:45-11:15 Module 5 Sophos Mobile Security

• Explain what Sophos Mobile Security is
• Describe how App Reputation works
• Understand how to manage Sophos Mobile Security
• Troubleshoot common issues

11:15-11:30 Lab 4: Sophos Mobile Security

• Configure a Sophos Mobile Security policy
• Test the Sophos Mobile Security policy (Android only)

11:30-12:00 Module 6: EAS Proxy

• Describe what EAS Proxy is used for
• Review use of EAS Proxy with Lotus Notes Traveler and O365 support
• Understand the deployment scenarios for EAS Proxy
• Explain clustering and certificate base authentication
• Work through an installation of EAS Proxy
• Troubleshoot common issues and understand the log files generated

12:00-12:20 Lab 5: EAS Proxy

• Install an External EAS Proxy
• Configure the UTM as a reverse proxy for the External EAS proxy
• Update the EAS settings to use the External EAS proxy (Android or iOS)
• Review the external EAS proxy log file

12:20-12:50 Module 7: Network Access Control

• Explain how NAC works
• Configuration NAC
• Describe device compliance options with NAC enabled
• Troubleshoot common issues and understand the log files generated

12:50-13:20 Lab 6: Network Access Control

• Enable Network Access Control
• Test Network Access Control (Android or iOS)
• Unenroll your device
• Remove lab configuration

13:20-14:20 Break – Lunch

14:20-15:00 Module 8:Server Maintenance

• Explain the daily maintenance schedule
• Describe when and how to update Sophos Mobile
• Understand what steps to take if changes are made to your environment
• Understand the deployment scenarios for Sophos Mobile

15:00-15:15 Lab 7: Cluster Configuration Simulation

• Complete the simulation