Tourists aren’t the only ones looking at Florida this summer. As the Sunshine State ramps up to greet a flock of vacationers, it’s also facing some far less welcome visitors.

Over the last few weeks, cybercriminals have targeted Florida with advanced ransomware attacks requesting heavy payments in return for restoring data. In one example, the city of Riviera Beach agreed to pay over $600,000 in ransom after its systems were crippled.

Of course, ransomware attacks aren’t limited to Florida and are now commonplace across the globe as cybercriminals continue to evolve their techniques.

How to avoid becoming the next ransomware victim

Sophos Intercept X Advanced gives you the world’s best protection against ransomware. And you can protect your organization for free, for 30 days.

It includes multiple layers of security that deliver unparalleled protection against sophisticated, advanced attacks.

• CryptoGuard technology stops the unauthorized encryption of files by ransomware, rolling any impacted files back to their original state. It’s the ultimate ransomware killer.
• Anti-exploit protection prevents ransomware from using vulnerabilities in software products to infiltrate and spread through organizations.
• The powerful Deep Learning engine uses cutting-edge machine learning to identifiy and block never-before-seen ransomware before it executes.

Watch Intercept X in action against MegaCortex ransomware

Try it yourself

Intercept X uses multiple techniques to defend against ransomware, instantly elevating your defenses. Download and get started today.

Sophos Intercept X continues to perform well in third party tests, and we thought we’d share a few recent results.

Those results include a 100% total accuracy rating by SE Labs, a #1 ranking by AV-Comparatives for malware protection, and an Editors’ Choice designation by PC Magazine.

Our Mac protection also joins in on the fun with a new result from AV-Test. Scoring 18 out of 18, Sophos received the only perfect score in the test.

SE Labs

SE Labs conducts quarterly tests for both enterprise and SMB protection. We’re excited to report that we received a 100% total accuracy rating in both Q1 2019 tests.

AV Comparatives

Intercept X made its first public AV-Comparatives Business Security Test appearance and ranked #1 for malware detection on Macs. We earned a 99.7% detection rate with just 1 false alarm in the “real-world” test, and 99.9% detection and 0 false alarms in the “malware” test.

PC Magazine

Intercept X received an “Excellent” Rating and the “Editors’ Choice” award.

PC Magazine declared that Intercept X is “an instant win for anyone looking to provide a defense against ransomware for any sized business.”

The reviewers went on to say it “has a wide range of sophisticated features to guard against malware of all forms, and has earned the praise of several independent labs as well as earned our Editors’ Choice designation in our ransomware protection for business review roundup”.

AV-Test

Sophos scored a 6 out of 6 on protection, performance, and usability – the only perfect score among vendors tested in June 2019.

Intercept X third party test results and top analyst reports

SE Labs

• AAA Rated for Enterprise – 100% total accuracy rating
• AAA Rated for SMB – 100% total accuracy rating

NSS Labs

• Ranked #1 for Security Effectiveness
• Ranked #1 for Total Cost of Ownership (TCO)

AV-Comparatives

• Ranked #1 for Malware Protection (99.9% detection, 0 false alarms)

MRG Effitas

• Ranked #1 for Malware Protection
• Ranked #1 for Exploit Protection

PC Magazine

Editors’ Choice

AV-Test

• Top Product: 6/6 Protection, 6/6 Usability, 5.6/6 Performance
• #1 macOS protection: 6/6 Protection, 6/6 Usability, 6/6 Performance

Gartner

• Leader: 2018 EPP Magic Quadrant

Forrester

• Leader: 2018 Endpoint Security Wave

At Sophos, we appreciate how hard it is to solve security problems when developing applications – after all, we’ve dedicated the past 30 years to innovating and improving computer security.

Since founding SophosLabs, we’ve leveraged the expertise of our security engineers and researchers, and their intelligence and analysis services, using these as the foundation of many of our solutions to the most difficult cybersecurity problems.

Today, we are opening the doors on the Early Access Program for SophosLabs Intelix, our new cloud-based, threat intelligence and threat analysis platform, which is built from the same SophosLabs services that underpin our industry-leading solutions.

SophosLabs Intelix works via Application Programming Interfaces (APIs), part of our a Representation State Transfer (REST) web service. This approach ensures that all software developers of different skill levels should have no trouble getting access to our new services.

SophosLabs Intelix allows software developers around the globe to harness high quality, curated threat intelligence and rich, detailed threat analysis in their own tools, applications, and services. All without compromising on quality, performance or security, and removing the need to consume, aggregate and correlate multiple services from different vendors.

SophosLabs Intelix will initially offer three key services:

1. Cloud Threat Lookups quickly identify known threats in files, URLs, and APKs.
2. Static File Analysis analyses files using machine learning and static analysers.
3. Dynamic File Analysis executes files in a sandbox to reveal their behaviour and intent.

The Sophos Labs Intelix APIs will be available via the AWS Marketplace. Users have the choice between a monthly free tier or Pay As You Go (PAYG) pricing. The monthly free tier will allow each user a set number of API calls to each service for free, paying only for the requests that exceed the monthly free allowance.

For our partner community, SophosLabs Intelix is joining our Sophos Cloud Security Provider Program, adding to the range of technologies and solutions our partners can offer their customers.

Through enabling software developers to tap into the same technologies we use to drive our security solutions, we hope developers will innovate on top of our APIs, kick-start new security solutions, build more secure applications and services, and help make the digital world a safer place to be.

Join the SophosLabs Intelix Early Access Program today.

Learn more about SophosLabs Intelix.

Cybercriminals are becoming increasingly proficient at infiltrating enterprises to steal data for profit, acquire intellectual assets or to simply cause destruction. High profile breaches frequently making the headlines however are just the tip of the iceberg with global losses due to cybercrime projected to hit a staggering eight trillion dollars by 2020.

Enterprises today are now contending with highly organized adversaries who are persistent and have deep pockets and the technological resources that rival most Fortune 100 companies; keeping pace has been arduous. The infographic below depicts the top three cybersecurity issues challenging organizations as they steer towards digital transformation and where a trusted security partner can have significant impact.

Privileged access security is a key pillar of an effective security program. We take our role as a trusted adviser to our customers very seriously and are constantly looking for new ways to help evolve existing privileged access security programs – or guide organizations that are getting started – to prioritize risk and identify opportunities to measure success and demonstrate quantifiable value to the business. CyberArk has interviewed hundreds of organizations, including customers and those who have not yet adopted a privileged access security solution, to determine the biggest hurdles companies face when it comes to privileged access security and what they need to overcome them. We found three key trends:

• Organizations, especially those with resource constraints (basically every company, everywhere), struggle to identify the security goals that provide the most security value to their business in terms of both cybersecurity risk reduction and ROI.
• Companies that adopted a PAM solution were able to accomplish the goals they originally set out to achieve, but they didn’t know where to go next to continue improving their security. They often spoke of “best practice” programs they wanted to follow, but had difficulty applying those programs in a way that provided tangible outcomes specific to their needs.
• Organizations are looking for cybersecurity tools that provide clear advice, backed by quantitative methods to help guide them along their security journey.

CyberArk is proud to introduce the CyberArk Privileged Access Security Assessment Tool to guide organizations across all three fronts.

During an assessment, a technical expert from CyberArk or one of our certified partners will sit with your team, walk you through the process with cybersecurity assessment tool and discuss how your organization is protecting privileged accounts and access today. We frame this conversation on the CyberArk Privileged Access Security Cyber Hygiene Program, which defines seven goals organizations should strive to accomplish to build a comprehensive program to secure privileged access. Based on our findings, the CyberArk Privileged Access Security Assessment Tool will deliver three outputs that will inform not only your technical teams, but also business and IT leaders who are becoming increasingly interested in what security teams are doing to protect the brand.

Output 1: Privileged Access Security Score

Security score and evaluation history from the Privileged Access Security Assessment tool

You can think of the privileged access security score as similar to a FICO or NPS score in that it reflects concrete metrics and can be tracked over time. The score is based on feedback provided to assessment and evaluation criteria developed by CyberArk. The Privileged Access Security Score is something tangible that organizations and security leaders can use to demonstrate the progress they’ve made  in building a strong privileged access security program.

Output 2: Rich comparison data

Comparison data from the Privileged Access Security Assessment tool

The rich comparison data provides a comparison against peers based on industry, company revenue, number of employees and a variety of other distinctions. We call this collection of attributes a reference group. This data is crucial for leaders interested in understanding how their investment compares to others in their reference group.

Output 3: Assessment report, complete with specific recommendations

For companies that have completed an assessment already, this output has been cited as the most significant in terms of direct value to the business. The assessment report provides companies with a recap of their most recent assessment, a visual history of their assessments, the comparison data from above and, most importantly, specific advice based on their individual feedback.

We give companies technical and process recommendations for the two of the seven goal of the assessment.  These are the areas they should prioritize in the next 12-24 months and the assessment report clearly defines the actions to take to improve privileged access security and protect your organization’s business.

Read the press release to learn more about how the industry, including leading cyber security insurance firms, are leveraging Privileged Access Security Assessment Tool from CyberArk. Get started by filling out a request form or by reaching out to your CyberArk representative.

Read the original article, here.

As Shep Hyken recently noted, personalization continues to become more personal in the customer service field. Personal information (PI) is the future of business, as it provides clients with a customized experience and helps businesses eventually sell more.

However, it means companies will have to curb the wave of consumer rights advocacy and comply with at least one privacy regulation, such as the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), the recently proposed U.S. federal privacy law Data Care Act and so on.

One may treat privacy legislation, with its strict requirements and enormous penalties, as a big stumbling block for business, but I perceive it as a huge enabler. Here are five ways privacy regulations may help boost your business.

1. Optimize business processes.

Privacy regulations enable greater transparency around the data collected by your company. For example, the CCPA requires businesses to disclose the “categories and specific pieces of personal information the business has collected” about them. Though not all privacy laws require you to explicitly inform customers on that information, companies still need to thoroughly audit the data they have to understand what kind of information they store and why.

This is a brilliant opportunity to ask yourself why you collect this data, whether you use it efficiently and how you can optimize its use. This deeper understanding of the data flow will provide more visibility into your business processes and help optimize them or find new ways of leveraging gathered data (by providing extra personalized experiences, for example).

2. Improve data management and achieve cost efficiency.

Another question you may ask yourself after auditing the data is whether you really need all of this data. Most likely, you don’t need it all. Thus, ongoing auditing for the sake of compliance will actually enable your company to prune out unnecessary data, such as redundant, obsolete and trivial (ROT) files, that have no value to your business.

By cleaning up repositories, you can slash costs on data processing and storage, get more predictive bills if you store data in the cloud and wisely allocate your budget.

3. Create a global knowledge base for employees.

Privacy laws grant consumers control over the data businesses hold on them, such as the CCPA’s right to erasure or the GDPR’s right to be forgotten, the right to access and modify data and so on. To handle these requests, you should improve the findability of data (i.e., reorganize repositories and make data globally indexed and searchable).

It’s hard to achieve this without investing in additional technologies, such as data classification and enterprise search software. But it wouldn’t be cost-efficient to spend X amount of money and human resources to deploy this technology just to satisfy occasional data subject requests. This is like buying a Porsche just to drive your children to school down the block.

Instead, you can use additional capabilities to reorganize and index the data you have, or at least the data business employees might need — not just consumers’ PI. This way, your company will improve its corporate memory. Moreover, employees will be more efficient while working with accessible, exhaustive and searchable data, won’t lose business opportunities and will keep contributing to the company’s long-term growth.

4. Achieve audience loyalty and trust.

To truly benefit from the privacy legislation, it’s important to step up and voluntarily take extra responsibilities by extending privacy requirements to all of your clients, not just those who are protected by the CCPA (California consumers), the GDPR (EU residents) or any other standard. By meeting customer demands for data privacy globally, your business will create a stronger bond between your brand and clients.

This can be used as part of impactful positioning that will give you a competitive advantage and help you stand out from the crowd. You can demonstrate to clients that your company is done with annoyingly formal checkboxes and cookie notifications. Instead, show that you are eager to provide them with a clear privacy policy statement explaining how all your customers can benefit from entrusting you with their PI and what measures your company takes to secure it.

The greatest way to tackle data privacy is by being honest and straightforward about it. When people become increasingly suspicious about their privacy, such an attitude is a way to go.

5. Revamp the security strategy.

The cost of data breaches and business downtime due to theft or loss of critical data continues to grow. So, another benefit of privacy legislation is encouraging companies to overhaul their security policies.

Indeed, it is almost impossible to only protect regulated data and leave the rest of the IT infrastructure out of scope. Therefore, your company will have to establish stricter control over activity across the entire IT environment, initiate solid data protection workflows and better comprehend IT risks. In the long run, this will help you invest more adequate resources in security and decrease the risk of severe security incidents.

There’s no doubt that achieving compliance with data privacy laws is stressful and resource-intensive, and many companies will be prone to taking a formal approach to it. However, don’t be shortsighted. Adhering to data privacy standards is more than marking a checkbox — it is a way to greatly boost your business, stay ahead of the competition and meet the global demand for business consciousness and respect for human privacy.

Read the original article, here.

Cybersecurity isn’t getting any easier. To better understand the day-to-day reality for IT teams we recently commissioned a survey of 3,100 IT managers in 12 countries.

This independent, vendor-agnostic study revealed a number of common challenges:

• Security: 68% of organizations had experienced a threat that got through their defenses in the last year, 90% of which were running up-to-date cybersecurity at the time.
• Visibility: 43% of network traffic is unclassified, meaning IT teams are unable to see and control it.
• Resourcing: 2 in 3 IT managers say their budgets for cybersecurity (technology and people) is too low, and 80% wish they had a stronger security team in place.

As these results show, despite ongoing investment in cybersecurity the traditional approach isn’t working. Why? Because cybercriminals connect multiple techniques in their advanced attacks, but most security products still work in isolation.

It’s time for a different approach.

Synchronized Security is the cybersecurity system where Sophos endpoint, network, mobile, Wi-Fi, email, and encryption products work together, sharing information in real time and responding automatically to incidents:

• Isolate infected endpoints, blocking lateral movement
• Restrict Wi-Fi for non-compliant mobile devices
• Scan endpoints on detection of compromised mailboxes
• Revoke encryption keys if a threat is detected
• Identify all apps on the network

Everything is managed through a single, web-based management console, so you can see and control all your security in one place.

The Best Threat Intelligence Technology at the SC Awards 2019 Europe is testimony to how Synchronized Security is transforming the way organizations manage their security.

By automating incident response, delivering new security insights, and simplifying management  it reduces risk, enhances cross-estate visibility, and enables organizations to scale their security without scaling their resources.

Watch this short video to hear what our customers have to say about Synchronized Security.

Read the original article, here.

Sophos announced the launch of Intercept X Advanced for Server with EDR, bringing the power of Endpoint Detection and Response (EDR) to Intercept X for Server.

EDR gives you the ability to proactively hunt down evasive threats across your server estates (and endpoints with Intercept X Advanced with EDR), understand the scope and impact of security incidents and to confidently report on your security posture at all times.

EDR also allows you to:

• Search for indicators of compromise across the network
• Prioritize events for further investigation
• Analyze files to determine if they’re potentially unwanted or true threats
• Answer tough compliance questions in the event of a breach.

Evolving EDR

EDR is designed to investigate the grey area of files that are suspicious but cannot be immediately identified as malicious or benign. That’s fantastic in theory, but the reality for many organizations is that EDR tools require a level of knowledge and time investment that simply cannot be met.

At Sophos we take a different approach. We start with the strongest layer of protection that blocks the latest threats like ransomware and exploits, and also reduces the grey area of suspicious files that need investigation. In effect this means there is less to investigate and it is easier and faster to find the needle in the haystack.

On top of that you get the latest threat intelligence from SophosLabs helping you to make an informed decision on whether a file is benign or malicious.

Download the datasheet to learn more and then try it for free. If you’re a Sophos Central user, you can start a trial directly from the console.

It’s now one year on since the GDPR came in to effect – a regulation with an aim to standardise data protection laws across the EU, increase the privacy and protection of personal data and extend the rights of the data subject. So what has happened since GDPR go-live this past year, and what have we learnt?

According to IAPP research, since go-live, over 500,000 organisations have a registered Data Protection Officer in place – a new required position under the regulation for organisations meeting certain criteria that oversees compliance and data protection obligations.

The new regulation has prompted over 200,000 cases to have been created by data protection authorities and over 94,000 complaints received, ranging from right to erasure to unfair processing.

The GDPR overhauled and detailed new requirements for data breach notifications, which has seen a major increase in reported data breaches – estimated at over 64,000, and in some countries more than double the previous year’s amount.

The hottest topic related to GDPR was how infringements would equate to fines for organisations at fault – to date over €56,000,0000 fines have been issued as GDPR enforcement actions, however, the largest single fine was issued to Google and contributed to the majority of the global total at over €50m.

GDPR and the rest of the world

It should not to be forgotten that the GDPR is applicable not only to EU countries, but any country that holds EU citizen data and although only a small proportion of the total number, this past year has seen almost 300 cross-border cases raised.

Although described as an evolution rather than revolution, the GDPR has ushered in similar data protection regulation proposals across the globe. The California Consumer Privacy Act (CCPA) has been signed in to law with further deadlines to agree and adopt the legislation, although currently only at state level, it’s looking likely the U.S will adopt a GDPR style regulation nationally in the future.

Brazil, Latin America’s largest economy and its Lei Geral de Proteçao de Dados (LGPD) regulation has been modelled directly after the GDPR for 2020, and Australia have solidified data breach notification requirements since 2018 with the Australian Privacy Act amendment.

What have we learnt?

The data is enough to show a turn of the tide on the protection of personal data and enforcement for those who fall short, still – year one is a transition year and with that, we should expect a lot more movement in following years.

The positive note is that it’s not only organisations who are waking up to the need to protect personal data, but other countries now who are adopting similar style approaches for their own citizens personal data.

We have learnt that since the GDPR has been enforced, the majority of businesses have had an enormous amount of resource and investment required to offer the level of protection of personal data, which the average citizen may have been surprised hadn’t previously been in place.

The general consensus is that there is still a long way to go until a GDPR style approach to data protection is realised globally.

Data classification and GDPR compliance

If you want to learn more about how data classification supports GDPR compliance by visual labelling, enhanced workforce awareness of the value of the data used and metadata labels facilitating data security, data management and retention policies, then download our resource: EU GDPR – Protect Sensitive Personal Data On EU Citizens Fact Sheet or request a data classification demo.

Discovering that you’ve been the victim of a breach is never pleasant. Perhaps your customers’ data was stolen and now sits in the wilds of the internet. Maybe your intellectual property and trade secret were compromised. Or you could be concerned the adversaries are still actively lurking on your network.

If this is you, you should have a couple of things already in place, including a well-rehearsed response plan and a digital forensics and incident response (DFIR) retainer. Both help prevent you from having to mobilize a strategy and find expert help during a time of unfolding chaos.

That said, if you’re at the point where the rubber meets the road, it’s time to get moving. Here is what you can expect will be necessary to accomplish in the hours, days, weeks and months following a breach discovery. Part of the burden will naturally fall on you, but outside help is available to amplify your efforts or compensate for any internal resource shortfalls.

1) Make the call.

If you can’t handle the full spectrum of breach response yourself, get in touch with a DFIR investigator immediately. The faster they can begin their investigation, the better.

2) Document the situation.

Back in my university days, I was a Canadian Navy Reserve officer. A useful lesson from training school that applies here is that before starting any mission, document your situation. Write down the systems/data that have been impacted by the breach, methods that could contain the situation, and how those methods might affect your operations, data, and evidence.

3) And document some more.

Time will speed up as you’re investigating a breach. You’ll be working on it, while also providing updates to others and figuring out next steps. Because of the pressure, it’s easy to forget steps if you’re not recording them. Keep a record of what actions are being taken and when. This detail will help immensely when you’re restoring systems and tracking evidence.

4) Make copies.

Back up systems and data before making any changes. You might need that data later if changes don’t go well, or you might want to further study any malware or viruses on affected systems.

5) Identify what else might be affected.

When an incident is identified, determining which systems are affected is the easy part. More difficult is tracking how those systems interact with the rest of the network, what information may be on them and how that information could enable an attacker to pivot to other systems. It’s better to be wrong and assume the worst than assume attackers got no further than the initial target.

6) Implement containment.

Many options exist to stop the bleeding. Remove compromised systems, update firewall rules, change passwords and more. These steps probably won’t constitute a final resolution, but they will give you time to put a more comprehensive solution in place.

7) Review breach notification requirements.

Ideally you already have this information available in your incident response plan, but if you don’t, you should know that requirements vary by state, country and even industry. And in some cases, you will have to provide notification for a region even if the affected systems weren’t in that region (e.g., if personnel in that region were impacted).

8) Consider legal counsel.

Lawsuits are a common outcome following breaches, but your liability can be managed. Depending on the systems and data affected, you might want assistance from a law firm that specializes in cyber law.

9) Notify stakeholders.

In addition to your requirements to provide breach notifications, you will likely want to proactively notify customers, partners or other interested parties if their data was affected or potentially affected. In your notification, you’ll want to include what actions they should take to protect their own systems and data.

Serving as the storekeeper of your most sensitive assets, from college admissions applications to resumes of executives, databases are relied upon by organizations worldwide to warehouse and make accessible their information.

They are your modern-day treasure chest, essential in helping you manage your data in a world where bits and bytes are growing at staggering rates. Contemporary database systems are rich in features that enable fast, convenient and flexible entry, storage and retrieval.

Of course, the value that databases bring in managing large quantities of information also lead to arguably their biggest downside: security concerns. Between the allure of huge data sets sitting all in one place and the potential security risks that default-enabled features bring – not to mention increasing cloud deployments and the risk that patching will break something – databases require their own specific security attention. If not, something bad may happen, as I alluded to at the start of this post with references to college applications and executive resumes.

To help you avoid similar adverse fate, let’s discuss the primary threats facing databases and some quick reminders of how you can keep them safeguarded from both attacks and mistakes.

1) Credential Threats

Weak password management and authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks and social engineering, namely phishing.

2) Privilege Threats

When a user accidentally misuses access rights that were granted properly, or when an admin grants a user excessive access rights by oversight or out of negligence, it can result in privilege abuse, or more malevolent, privilege escalation.

• Privileged account abuse occurs when the privileges associated with a user account are used inappropriately or fraudulently: maliciously or accidentally, or through willful ignorance of policies.
• Privilege escalation involves attackers taking advantage of vulnerabilities in database management software to convert low-level access privileges to high-level access privileges. Privilege escalation requires more effort and knowledge than simple privilege abuse.

3) System Threats

A myriad of other things could trip up database security. These include:

1. SQL injections: a perennially top attack type that exploits vulnerabilities in web applications to control their database.
2. Missing patches: Once a vulnerability is published, which typically happens around the time a patch is released, hacking automation tools start to include exploits for it. For context, 119 vulnerabilities were patched in five of the most common databases in 2017, according to the 2018 Trustwave Global Security Report.
3. Audits: Databases are key components in breach investigations and compliance audits. Audit logs are mandated by the General Data Protection Regulation, Payment Card Industry Data Security Standard, Sarbanes-Oxley, Health Insurance Portability and Accountability Act and more, yet it is still a significant issue. And following an incident, you don’t want to be in a position where you can only tell that something bad happened, but you cannot get detailed information about what exactly happened.
4. Cloud: Purchasing third-party database systems can lead to a lack of visibility, control and transparency because they will most likely not be provided with a full-service description detailing exactly how the platform works and the security processes the vendor operates.

As a complement to the database security methodology detailed here, here are some quick tips to remember when setting up strategy for locking down your information repositories.

• ✔ Inventory existing installations.
• ✔ Make sure everything is properly patched.
• ✔ Disable unused functionality.
• ✔ Drop unnecessary privileges.
• ✔ Use strong encryption.
• ✔ Enable auditing.
• ✔ Validate application code.

For more information on how real-life CISOs are constructing their database security programs, check out this e-book.

GlobalSign (www.globalsign.com), a global Certificate Authority (CA) and leading provider of identity and security solutions for the Internet of Things (IoT), today announced that its popular Digital Signing Service (DSS) supports 2014/55/EU, the newly implemented European Union directive regarding electronic invoicing. The directive defines a common standard for e-invoices to reduce the complexity and legal uncertainty around e-invoicing and make cross-border trade relations easier. As a result of the new regulation, which came into force on April 18, all EU public sector contracting authorities are required to receive and process e-invoices that comply with the standard.

In Europe, the need to guarantee “authenticity of origin” (i.e., the identity of the invoice issuer) and “integrity of content” (i.e., the content of the invoice has not been changed from the moment of issuance) for e-invoices was first established in EU Directive 2006/112/EC on Value Added Tax (VAT). Per the regulation, all VAT registered entities had to meet the requirement in order to maintain compliance. The “VAT Directive” specified advanced electronic signatures as one method for meeting this. Advanced electronic signatures guarantee authenticity and integrity of content by uniquely identifying the sender of the invoice, as well as creating a tamper-evident seal on the invoice contents, such that any changes made to the document after it was signed will be detectable.

“DSS provides the throughput, availability, and fault tolerance needed to support high volume electronic invoice generation. With it, we are easily able to meet the new requirements in the EU. In addition, DSS makes it easy to build advanced electronic signatures directly into existing e-invoice generation workflows without requiring significant development time, PKI expertise, hardware investment or ongoing management,” said Lila Kee, General Manager, Americas, GlobalSign. “Global companies need to plan ahead and apply thought around their current invoicing standards moving forward should there be a requirement to meet cross-border standards into Europe.”

To learn more about GlobalSign’s electronic invoicing capabilities, visit https://www.globalsign.com/en/lp/e-invoicing-directive-dss/.

As organizations learn that sophisticated attackers are dwelling unnoticed on their networks for months – or even years – on end, you may be seeing the need to move beyond basic threat prevention and become more proactive in identifying and eradicating threats.

With 83 days the median time between when attackers gain unauthorized access to victim networks and when incidents are first detected, according to the 2018 Trustwave Global Security Report, your adversaries are having ample time to cause real damage. But a defense activity known as threat hunting has emerged in recent years as a key way to counter that seemingly interminable window of time when intruders can operate untrammeled within your borders.

Threat hunting is broadly defined as the manual practice of applying tools, tactics, procedures and intelligence to uncover advanced network attacks that have slipped past existing defenses. Threat hunting’s growing popularity is, in part, because:

• Increasingly sophisticated attackers continue to bypass traditional security prevention technologies.
• The threat hunting toolset is more efficient, with mature endpoint detection and response (EDR) with integrated threat intelligence and use behavior analytics available.
• There are a growing number of security professionals with a deep understanding of threat hunting tools and techniques.

With more interest – and more vendors pushing threat hunting services – you should carefully consider when to invest in proactive threat hunting and how to go about doing the threat hunt. Let’s look at some of the most common reasons for doing a proactive threat hunt. In a future article, we’ll talk about how to decide to do them using in-house or outsourced resources.

Sometimes the decision to invest in a threat hunt is easy. If you know your organization is breached, a reactive threat hunt may ensue, when incident responders look for the cause and extend of the breach. Determining when to invest money and resources proactively can be more difficult, though in the following situations, a proactive threat hunt is a security best practice.

1. You’re partaking a merger or acquisition: Companies involved in M&A activities should make evaluating the security posture and controls of an acquisition part of their due diligence process. A proactive threat hunt should be a part of this process to ensure that when the two company networks connect, it doesn’t give an attacker already on one network easy access to the other.
2. You’ve experienced a breach: When discovering a data breach, companies will go through their IR plan to determine the who, what, when, where and how details of the breach and remediate issues. A few weeks or months after resolution is a good time to invoke a proactive threat hunt to double check that the threat is really gone. Even the most thorough IR team can miss an indicator of compromise or some other weakness that attackers can leverage to strike again.
3. Your partner has experienced a breach: Sometimes a breached supplier, contractor or other third-party firm may indicate that your business has been hit as well. If you get notification from a partner that they’ve sustained a compromise, a proactive threat hunt can help determine if their misfortune extends to your network.
4. You are (or your organization has hired) a new CISO: Industry studies vary, but most suggest the average chief security tenure is somewhere between 12 and 24 months. New CISOs, responsible for protecting and enabling your business, should have a proactive threat hunt done to ensure that along with their new position, they haven’t inherited any unknown attackers.
5. Your risk tolerance is low: If your organization is not willing to take on significant risk, it requires a highly mature security program. Organizations like these should include regular proactive threat hunts as part of their security program to validate environmental integrity and uncover advanced threats dwelling in their environment.

Aside from finding unknown malicious actors or threats pestering across your IT infrastructure, threat hunting can also provide visibility into previously unknown weaknesses in your environment, such as outdated and vulnerable software, violations to policy, insider threats and unprotected databases. Finding and fixing any or all issues identified help increase security and reduce risk.

SC Media recently reviewed XG Firewall and awarded it their top 5-star rating across all areas including features, documentation, performance, support, ease of use, and value.

In the course of the review, they highlighted many of XG Firewall’s advantages over competing firewall products.

The SC Labs Review team examined key areas of the product including the Control Center and reporting capabilities, noting:

“At a glance visibility shows traffic light style indicators of hidden risk on the network such as top risk users, suspicious payloads, endpoint health, advanced threats, network attacks and more“.

They also highlighted the important threat visibility, protection and response benefits that Security Heartbeat provides:

“Administrators do not need to do anything to automatically isolate threats as a result of the dynamic firewall rules and lateral movement protection coordinated with the endpoints“.

The reviewers also noted the importance of Synchronized Application Control:

“Integrating the endpoint with the firewall also allows for the identification of applications that would not otherwise be identified“.

They also noted many of our unique XG Series appliance benefits:

“Hardware advantages include flexible connectivity, business continuity and easy management, high performance solid-state storage on every model“.

Overall, the SC Labs review team was super impressed with the product’s many visibility, protection, and response benefits.

Learn more about XG Firewall at Sophos.com/XGFirewall.

This month, SophosLabs has been examining a new ransomware attack called MegaCortex that uses layers of automation, obfuscation, and a variety of other techniques to infect victims and spread throughout an environment without detection.

Fortunately for Sophos customers, Intercept X leverages multiple layers of defense to stop MegaCortex, including:

• Blocking PsExec from executing the batch script remotely
• Deep Learning to quarantine the malware before it executes
• Tamper Protection to stop the attacker from disabling Sophos
• CryptoGuard to identify the ransomware’s malicious encryption and roll back any impacted files

How it works

You can learn more about the attack and how Intercept X stops it in this short video:

Learn more

For a technical analysis of MegaCortex, check out the SophosLabs Uncut article.

To find out more about Intercept X, visit the Sophos website, or sign up for a free trial.

The UK’s Information Commissioner stressed in a speech that nearly one year into GDPR, the regulation is at a critical stage.