Few terms in networking have generated as much buzz recently as SD-WAN (or Software Defined Networking in a Wide Area Network). All that buzz has been accompanied by equal doses of useful information and confusing rhetoric. As a result, SD-WAN has grown to mean a lot of different things to different people, while some are still trying to figure out exactly what it means.

Fundamentally, SD-WAN is usually about achieving one or more of these networking objectives:

• Reduce connectivity costs: Traditional MPLS connections are expensive, and organizations are shifting to multiple more affordable broadband WAN options
• Business continuity: Organizations require solutions that will elegantly handle WAN failures and outages, and are looking for redundancy, routing, fail-over and session preservation
• Simpler branch office VPN orchestration: VPN orchestration between locations is often complex and time-consuming, so organizations are looking for tools to simplify and automate deployment and setup
• Quality of critical applications: Organizations are seeking real-time visibility into application traffic and performance in order to maintain session quality of mission-critical business apps

What’s most important to you?

XG Firewall includes all the common SD-WAN features and capabilities you need to achieve these goals. Check out our XG Firewall and SD-WAN Solution Brief for the full details, but here’s a quick summary of how XG Firewall can help you achieve your SD-WAN objectives:

Multiple WAN links: XG Firewall offers support for multiple WAN links, including a variety of copper, fiber, and even cellular interface options. XG Firewall can terminate MPLS circuits using Ethernet handoff and VDSL through our optional SPF modem. XG Firewall also offers essential WAN link monitoring, balancing, and fail over capabilities.

Branch office connectivity: Sophos has long been a pioneer in the area of zero-touch branch office connectivity with our unique SD-WAN RED devices. These affordable devices are super easy to deploy by a non-technical person, and provide a robust secure Layer 2 tunnel between the device and a central XG Firewall. XG Firewall also supports site-to-site RED tunnels, as well as a variety of standard VPN solutions and easy orchestration wizards and tools to make inter-office connectivity quick and painless.

VPN support and orchestration: XG Firewall offers support for all the standard site-to-site VPN options you would expect including IPSec, SSL, and even our own unique RED Layer 2 tunnel with routing that is very robust and proven to work reliably in high-latency situations such as over-satellite links. Sophos Firewall Manager or Central Firewall Manager also offer centralized multi-site VPN orchestration tools to easily set up a mesh of VPN SD-WAN connections. XG Firewall also offers a flexible failback option to automatically fail back to the primary VPN connection when a WAN link is restored.

Application visibility and routing: You can’t route what you can’t identify, so accurate, reliable application identification and visibility is critically important. This is one area where XG Firewall and Synchronized Security provide an incredible advantage. Synchronized Application Control provides 100% clarity and visibility into all networked applications, providing a significant advantage in identifying mission critical applications, especially obscure or custom applications.

XG Firewall also includes application-based routing and path selection in every firewall rule as well as policy based routing (PBR), making it easy to direct important application traffic out the optimal WAN interface. Additionally, it includes predefined Fully Qualified Domain Name (FQDN) objects for popular SaaS cloud services with thousands of FQDN hosts definitions included out of the box with the option to easily add more.

What’s Next for SD-WAN with XG Firewall?

XG Firewall includes many innovative solutions to help organizations reach their SD-WAN objectives – from great WAN connectivity options to our unique RED SD-WAN appliances, to our unmatched application visibility and great routing options.

XG Firewall offers a powerful, flexible network connectivity and security solution for every type of network and Sophos is continuing to invest in SD-WAN capabilities in upcoming releases, with new features for link monitoring and management, VPN orchestration, and application routing.

Check out our XG Firewall and SD-WAN Solution Brief, to get further insights into how XG Firewall is solving the top challenges with SD-WAN and helping organizations achieve their important SD-WAN goals.

NSS together with CyberArk and Sophos will inform you of the latest cyber threats and will suggest ways to address them at the 9th Infocom Conference on 17th and 18th of April – Dais Conference Center.

The concept of Industry 4.0 (aka the 4th Industrial Revolution), has begun to be reported more and more, reflecting the utmost modernization and rapid development of all the levels of the production, services and procedure, with the main pillar of all the new and advanced technologies that bring us a revolution in the way that private businesses, public organizations and societies operate.

The basis for Industry 4.0 is the combination of the natural and digital world. The interconnection of machines with information and communication systems and the complete digitization of physical procedures through the combination of existing and emerging technological trends such as Cyber ​​Physical Systems, Artificial Intelligence, Augmented Reality, and the Cognitive computing, as well as Big Data, cloud computing and cryptocurrencies.

In this new era, the Digital Security sector, if we include Information Security, Networks and IT infrastructures also Data Protection, is to have a very important role, creating new challenges and new opportunities that we will present at the 9th Infocom Security Conference, to be held on 17 and 18 April at the Dais Conference Center at Maroussi Athens.

Cyber ​​Security, in all aspects, is vital importance to the effective understand and use all the new technologies that can lead us to the 4th generation Digital Revolution, and that’s why all the professionals should be fully informed about the evolution of cyber-threats, the trends and the strategies that are developed in the field of security, new technologies and new generation protection solutions.

This need for information on Digital Security – with a business-oriented approach, but also scientific, research and technological interest – the Infocom Security Conference will fill for one more year. Infocom Security Conference is the reference point for the security specialist and the place of their annual meeting.

Speeches

17th April 13:30 “Anatomy of a cyberattack – forensics made simple with Artificial Intelligence”, Sophos Sales Engineer Peter Skondro

18th April 14:30 “Are the apps that run your business also your Achilles’ heel”, Cyberark Account Executive  Roee Abaiov

Security Workshops

During the 9th Infocom Security, parallel workshops will take place, offering techniques and practical presentations by specialists about information security issues.

Workshop-room D1

17th April 14:00-15:00 “EDR in Action – Forensics and automatic containment of threats with Sophos Synchronized Security”, Sophos Sales Engineer Peter Skondro

Workshop-room D2

18th April 15:00-16:00 “Learn how to Protect your business Apps in the Age of Industry 4.0”, Cyberark Customer Success, David Kellermann

Sponsor companies’ expo

During the 9th Infocom Security -like every year- there will be an expo for sponsor companies, giving visitors the opportunity to get in touch with businesses active in the country, in the sector of information security services and solutions, in order to stay informed face-to-face about all developments in this area, as well as their own activities.

You move to the public cloud with the dream of infrastructure cost savings, added agility, and taking full advantage of devOps process to speed up development and product delivery. A move to Amazon Web Services, Microsoft Azure or Google Cloud Platform can bring all that good stuff. But soon you’ll meet your new challenge of increasingly complex attacks targeting a more dispersed multi-cloud network.

That’s exactly what we found in the most recent Sophos research study of 10 cloud honeypots placed worldwide. Once the honeypots were live, it took attackers no time at all to discover the SSH service and for login attempts to start. In one instance, a honeypot was attacked less than one minute after it was deployed. And once the login attempts started, the attacks were relentless and continuous.

Put that smile back on your face

To solve the problem of public cloud security and get you back to spending your time on projects that move your business forward, rather than security worries, we’re pleased to announce the launch of Sophos Cloud Optix.

The latest addition to the Sophos Public Cloud Security line up, Cloud Optix is a powerful new tool that allows you to accurately see what you have running in the cloud at all times, while combining the power of AI and automation to simplify compliance, governance and security monitoring in the cloud. And you can have it up and running in less than 10 minutes.

You can’t secure what you can’t see

Running multiple cloud environments, potentially across multiple providers, you’re going to have a tough time visualizing what your actual cloud network and assets look like. This means you can easily spend days or weeks preparing accurate diagrams to ensure they are configured correctly in order to prepare for audits. Cloud Optix is an agentless solution that does this in seconds with complete network inventory, topology visualization and continuous asset monitoring. But don’t just listen to us, here’s why HubSpot chose Sophos:

Sophos Cloud Optix provides us a comprehensive network topology diagram with real-time traffic of our cloud environment. I have better insight into our cloud network security posture than ever before.

– Jessica Mazzone, Security Engineer, HubSpot Inc.

Changing environments need continuous compliance

In an ever-changing, auto-scaling public cloud environment, automatically detecting changes to your cloud environments in real time is a life saver. Cloud Optix continuously monitors compliance, with custom or out-of-the box templates for standards such as SOC2, HIPAA and GDPR, and reports generated in seconds.

Earlier this week, news broke that a Chinese woman attempted to sneak a USB stick loaded with malware into Mar-a-Lago, President Trump’s main place of residence outside of the White House.

The news made international headlines due to the nationality of the alleged attacker and the location of the attempted attack.

Using an external device like a thumb drive to deliver malware is not a new attack method – it has been around for years.

But this somewhat old-school delivery mechanism is still very effective today. Why? Because many endpoint protection products only focus on “next-gen” approaches to endpoint security and skip over proven foundational techniques that have worked for years.

Those techniques include “device control” or “peripheral control” which protects external hard drives.

The USB stick incident at Mar-A-Lago is a perfect example of why you need endpoint protection that combines modern/next-gen techniques *and* foundational techniques like device control. Fortunately, with Intercept X Advanced you get both.

How does Intercept X Advanced protect against this type of attack?

Intercept X Advanced administrators have the ability to control access to removable storage devices (like USB sticks), mobile devices (iPhone, various Androids, Blackberry), Bluetooth, and other peripheral devices.

They can choose to either block the use of peripheral device types altogether, monitor devices, allow in read only mode, or block/allow specific devices.

If a person was able to sneak a USB drive into an environment, they would receive a message similar to this when trying to use it:

But that’s not it…

Even if this feature had not been enabled, Intercept X would be able to detect the malware before it executed using the industry’s best malware detection engine, powered by deep learning technology. Find out more about Intercept X Advanced here.

You can read the original article, here.

XG Firewall v17.5 recently delivered several new innovations including Lateral Movement Protection, management via Sophos Central, and a variety of new features focused on education.

With Maintenance Release 4 (MR4) announced earlier this week, there are a few new important features I want to ensure everyone is able to get the most out of.

While we always encourage all our customers and partners to keep their firewall up-to-date with the latest firmware release, MR4 is the perfect time to update if you haven’t been keeping current to take advantage of the latest security, performance, and many other enhancements.

Email notifications

Several new email notifications have been added to inform you about important system and threat related activity including:

• Started SFOS
• Sign-in failed for web admin console, SSH, or CLI console
• Advanced threat protection alert or drop actions
• Installed new firmware
• System restart initiated through web admin console
• System shutdown initiated through web admin console

To receive these new alerts, simply ensure you have these boxes checked in the Notification Settings tab of your XG Firewall:

Backup encryption

Backup files now use a personal password key for enhanced security. You’ll be required to take advantage of this new feature going forward to protect your backups.

The new options are part of the workflow for scheduling and performing backups and restoration of your XG Firewall configuration on the Backup & Firmware main menu option, on the first tab for Backup & Restore:

Υou’ll notice new entries for an “Encryption password” for the backup and restore process.

You should update your backup settings to utilize a strong password that’s 12 characters or more in length. Once you’ve typed in your password, click “apply”.

All backups from that point onwards, will use the new password as the encryption key.  You can change the password at any time, and even at the time of doing a local backup.  Of course, we suggest you use a password manager so you don’t need to worry about remembering all your passwords, but if you forget your encryption password, you can change it at any time and create a new backup.

Chromebook authentication

If you’re one of the many XG Firewall customers enjoying the new Chromebook authentication support, there’s now a new option to generate the application configuration file from within the XG Firewall console to import into Google GSuite.

This option can be found under Authentication > Services > Download GSuite App Config, as shown below:

Other enhancements

XG Firewall v17.5 MR4 also introduces a number of performance, reliability and stability enhancements.  You can check out the full release notes for more details.

How to get it

As with every XG Firewall firmware update, it will appear in your console automatically at some point in the near future, but if you want to start taking advantage of these enhancements right away, you can download the firmware update immediately from the MySophos Portal.

If you need a refresher on how to update your firmware, watch this short how-to video:

You can read the original article, here.

The age of digital transformation is upon us. Cloud, virtualization and containerization are becoming mainstream. With all of the buzzwords and technology hype, it is easy to forget the real business drivers behind this age of innovation. Established industries like finance and healthcare are being disrupted by new and nimble startups who have leap-frogged established players with new technologies that bring tremendous competitive advantage with speed to market, flexibility and resiliency. Now, established enterprises are adopting these new technologies to ensure and recapture their market leadership positions. It truly is an exciting time in B2B technology, but what about the engine of the enterprise? Business critical applications are the motor that keep firms running. They too are seeing change with the adoption of cloud and SaaS applications, but are often overlooked when it comes to their security.

 Business critical for a reason

Consider the vast information and applications within your organization. Depending on your line of work and industry you will have your own list of critical business applications and related data that if compromised or lost, put your business at a stand-still.  These can include applications like financial transaction apps and their related sensitive customer data; enterprise resource planning (ERP) applications that help manage crucial inventory for retailers or hospitals or critical electronic health record (EHR) applications storing vital electronic personal health information (ePHI) for health care providers, hospitals and insurers.

But how do organizations secure all of this sensitive information and the applications that store and manage it? Unfortunately, many business and IT stakeholders are finding themselves in a risky position. While they are doing a great job curating the right applications for their needs, they are missing the boat on protecting these costly investments that run their enterprises – and drive customer relationships.

According to a recent CyberArk Business Critical Application survey of 1,450 business and IT decision makers conducted across eight EMEA countries, 61% indicated that even the slightest downtime affecting their business critical applications would be massively disruptive and severely impact the business. Yet, 70% of these enterprises do not prioritize the security of business critical applications. So what can you do to help bridge this gap? CyberArk just released an eBook, “The Age of Digital Transformation: 5 Keys to Securing Business Critical Applications,” to answer your questions. Here is a preview of the first two points.

1. Identify what apps are truly business critical

As a security leader, it goes without saying that you need to be one with the business. Get to know your line of business leaders and the leaders of key functions such as finance, human resources and marketing. Once you have a handle on important business initiatives, you will be in a better place to identify the business apps that are truly critical. These could be SaaS applications or even custom applications built using DevOps tools and methodologies.

 2. Get comfortable with the cloud (and securing it)

Understand what your cloud strategy, migration plan and timelines are for on-premises applications that are moving to the cloud or new cloud-native applications. Partner with cross-functional stakeholders to ensure privileged access security is a front-and-center consideration when you’re looking to migrate applications to the cloud or to adopt new cloud applications.

To learn about keys three through five and find out more about securing business critical app, download the eBook here.

Your mailbox is more valuable than ever to attackers, with 93% of company breaches in security now starting with a phishing email. Whether users are targeted to receive phishing emails, or they have their mailbox compromised to send spam and viruses from your organization’s domain, the risks to your organization are great.

The symptoms of a compromised mailbox

When your domain is used to spread malicious email, it can impact your reputation as an email sender and as a trusted business, leading to blocked messages. There are some common symptoms of this activity, which busy users may struggle to notice, leading to undetected threats:

• The user’s mailbox may be blocked from sending emails
• Missing or deleted emails in their inbox
• Recipients report emails being received, but the user has no corresponding sent item
• The existence of inbox rules that neither the user nor your administrator has created. These rules may forward messages to the Junk folder
• Mail forwarding was recently added to the account without consent.

A connected approach

Thanks to its shared user list, Sophos Central is now able to link mailboxes protected by Sophos Email with the associated computers protected by Sophos Endpoint. Once linked, if Sophos Email detects 5 or more spam or virus emails sent in 10 minutes, the mailbox is automatically blocked while an endpoint scan is carried out. The infection is then removed and alerts are shared via Sophos Central.

Watch our video on Sophos Email Compromised Mailbox Detection:

During this year’s RSA conference (visit us at booth #N6253!), CyberArk announced the release of version 10.8 of the CyberArk Privileged Access Security Solution. Version 10.8 focuses on expanding and improving CyberArk’s ability to continuously discover and protect cloud environments as well as augmenting Just-in-Time capabilities for an easy-to-use privileged access control. We’ve included a demo of Version 10.8’s capabilities at the bottom of the page.

The Cloud

Cloud computing, storage and applications have all become integral to modern organizations and the cloud footprint amongst the world’s organizations continues to grow. One of the main tenets of the cloud is speed; speed of deployment, scaling and integration. However, the increased speed at which cloud computing and storage allows organizations to spin up new virtual machines, instances and storage buckets can lead to headaches for both SOC and IT administrators. As cloud computing and storage has become an increasingly popular way conducting business, a staggering 50% of organizations do not have a privileged access security plan to secure cloud instances.

The newest CyberArk release provides a robust strategy for securing privileged access throughout AWS environments. It enables organizations to detect, alert and respond to potential attacks or misuse in AWS environments relating to Identity and Access Management (IAM) accounts and EC2 instances. To further the integration of these new capabilities, CyberArk customers can now deploy threat detection, alerting and response capabilities as an AMI or CloudFormation template.

It’s no small feat to secure these accounts and instances. A recent CloudInsight Essentials study showed that, among the 31,000 EC2 instances studied, there were 150,000 misconfigurations detected, 30,000 of which were linked to IAM accounts. These IAM accounts provide privileged users sweeping access to create, edit and update AWS Simple Storage Service (S3) buckets. S3 buckets are a public cloud storage resource similar to file folders that can store objects containing descriptive metadata and sensitive information.

With the CyberArk Privileged Access Security Solution, organizations can now continuously discover unmanaged privileged AWS accounts and instances and automatically add these accounts to a list of pending approvals to prevent further misuse. CyberArk customers are also able to initiate automatic Access Key rotation and re-creation if unauthorized or unmanaged access is detected. They can also send alerts to SOC and IT administrators based on detected misuse so that they can take a risk-based approach to their cloud inventories.

Just-in-Time

Just-in-Time solutions are simple to use and that can make life easier. However, it’s important not to lose sight of the rest of the necessary security precautions. Drawbacks to not fully managing and rotating privileged credentials associated with critical servers, databases and cloud-instances include having minimal visibility into activities taking place on those targets and a lack of native workflows. Having a tiered structure in place that implements higher levels of security (automatic session isolation, recording and threat detection and response) on cloud consoles, domain controllers, and other critical systems is a best practice.
Ensuring that the right person has the right access to the right resource at the right time for the right reason is a fundamental component of privileged access security. This is “Just-in-Time access,” a strong option for organizations that are looking to kick-start their privileged access security programs by introducing an easy-to-use solution.

Building on existing Just-in-Time access to Windows servers, which provided users provisional access to a defined subset of Windows servers for a pre-determined amount of time, this release advances those capabilities. Now, administrators have the ability to configure on a minute-by-minute basis the amount of time approved for access to target Windows servers. As part of the CyberArk Privileged Access Security Solution, Just-in-Time access adds another route for organizations to take toward implementing a robust privileged access security program.

In addition to advanced cloud capabilities and Just-in-Time functionality, other features included in this release are:

• A new policy that, if enacted, will require end-users to provide a reason for every privileged connection to a target system. That reason is sent to a reviewer for approval, automatically audited and stored.

• A new authentication method, “Cognito,” for AWS environments that enables application users to sign in directly through a user pool or third-party identity provider and supports the multi-configuration of SAML

Register for our webinar to learn more about CyberArk’s ability to extend privileged threat detection and response to the cloud.

he total number of records exposed in the healthcare sector rose to 11.5 million in 2018, according to the fifth annual Healthcare Breach Report, published by Bitglass.

The number of breaches reached a three-year low at 290 breaches total; however, the number of exposed records nearly doubled from 2017. Also notable in the report was that nearly half (46%) of the 11.5 million individuals who were affected by healthcare breaches in 2018 were so because of hacking and IT incidents.

An analysis of data acquired from a US Department of Health and Human Services (HHS) database that holds information on breaches involving protected health information (PHI) revealed that breaches in the healthcare industry fell into one of four categories.

In addition to those breaches related to malicious hackers and improper IT security, 36% of healthcare data breaches were categorized as caused by unauthorized access or disclosure of protected health information. A smaller number were the result of theft of endpoint devices. According to the report, the number of breaches caused by lost and stolen devices has fallen by nearly 70% since 2014. The final category encompassed those miscellaneous breaches and leaks related to items such as improper disposal of data.

On average, nearly 40,000 people were affected per breach, which is more than double the average number affected in 2017. Given that nearly half of breaches occurred because of hacking or IT issues, the report suggested that bad actors are targeting healthcare IT systems more frequently because they know there are massive amounts of sensitive data stored on those systems.

“Healthcare firms have made progress in bolstering their security and reducing the number of breaches over the last few years,” said Rich Campagna, CMO of Bitglass, in a press release. “However, the growth in hacking and IT incidents does deserve special attention. As such, healthcare organizations must employ the appropriate technologies and cybersecurity best practices if they want to secure the patient data within their IT systems.”

You can read the original article, here.

Strong, unique identities are the core of IoT device security. Giving unique identities allows them to be authenticated when they come online and throughout the lifetime. It proves integrity and securely communicates with other devices, services and users. But how do you know what’s the best of the best?

In the true spirit of an “awards season” that just passed, we think it only makes sense to unveil one more: The market’s pick for best in IoT Security – The GlobalSign IoT Identity Platform! In fact, we just took home a 2019 Silver Cybersecurity Excellence Award – recognizing companies, products and individuals demonstrating excellence, innovation and leadership in information security.

We believe the IoT Identity Platform stands out for an ability to address critical device security requirements. No other product today protects the identity, integrity and privacy of devices and data from chip to cloud through authentication, authorization, and encryption – while staying highly scalable. This is especially true due to the platform being a high volume, high throughput infrastructure, capable of issuing 3,000 certificates per second and enabling customers to validate Proof of Concept with low-volume test certificates – then scale to millions of identities using the same RESTful API.

The IoT Identity Platform can manage all types of digital certificates in any market vertical or IoT Gateway – semiconductor, industrial manufacturing, automotive, smart grid, agriculture, healthcare, construction, logistics and more. The central feature is IoT Edge Enroll, a full-fledged enrollment client used to provision and manage PKI-based identities to IoT devices of all types. The main function is a Registration Authority with an embedded GlobalSign CA Root of Trust, whitelisting, challenge-response, and policy-based management.

Edge Enroll also includes connectors for hardware security modules (HSMs), and can be deployed in a public or private cloud, on-premises, or as a GlobalSign managed service. The offering supports an expanded list of enrollment and communication protocols in response to flexibility required by IoT ecosystems. It backs PKCS #7, #10 and #12, can accommodate batching of certificate/requests, and performs private key generation and key escrow. The solution uses secure TLS communication, IP address whitelisting and integrates with secure elements such as Physical unclonable function (PUF), Trusted Platform Module (TPM), and STSafe (Secure STMicroelectronics microcontroller).

Even better, our solution is also being leveraged across a broad range of industries. Just last April, the platform was integrated with the Arm® Mbed™ Cloud platform – allowing any third-party developer using Mbed Cloud to quickly automate issuance of digital certificates from GlobalSign, along with certificate management services. This also ensures every Mbed supported device can have a unique device certificate from a trusted third party such as GlobalSign.

Last year, we also began working with Longview, a Carnegie Technologies company as it began packaging its newly launched industrial IoT asset management solution. Their development team took an approach that included four key areas: security by design, multiple layers of security, securing the supply chain and partnering for success. Ultimately, Longview IoT packaged the right IoT technologies – including GlobalSign’s IoT Identity Platform — to provide customers with a single, secure, and optimized solution to monitor and manage industrial assets. It delivers end-to-end IoT solutions, pre-configured for various industries and designed to work right out-of-the-box.

The explosion of IoT connected devices is staggering. Although technology has improved manufacturing, enhanced decision-making and improved the safety, comfort and efficiency of our lives – it’s also created the largest attack surface ever. GlobalSign’s IoT Platform rises to this challenge of securing IoT by protecting identity, integrity and privacy of devices and data – from chip to cloud through authentication, authorization and encryption.

So who needs the Oscars? Awards season is over, but our IoT Platform continues to deliver. To learn more, visit https://www.globalsign.com/en/lp/iot-identity-platform/

You can read the original article, here.

CyberArk aims to make implementing and managing a robust privileged access program as easy as possible for our customers. CyberArk continues to lead the industry with its own investments in innovation to consistently deliver the most value to customers – especially in terms of simplicity, automation and improved operational efficiencies. Over the course of the last calendar year alone, CyberArk introduced dozens of new capabilities  to help customers more easily implement and scale their privileged access security controls. Here’s a list of our top seven updates to the Core CyberArk Privileged Access Security solution:

1. Privileged Session Management for the Cloud – In March of last year, CyberArk acquired cloud security provider Vaultive and rolled the functionality into the CyberArk Privileged Access Security Solution. This provides organizations with greater visibility and control over privileged business users, social media, SaaS, IaaS and PaaS administrators, and enables customers to manage privileged sessions natively. This introduces yet another method for CyberArk customers to isolate and monitor sessions for web-based applications. These sessions are automatically assigned a risk-score, much like any other privileged session in CyberArk, which helps SOC admins take a risk-based approach to securing their most critical assets. Accounts that revolve around cloud providers (AWS, Azure, Google Cloud Platform) social media (Twitter, Facebook, LinkedIn) and other web applications like Salesforce and OpenShift can now be secured while providing a native login experience to the admins and privileged business users of this critical applications.

2. Integrated threat detection and response — Threat detection, alerts, and responses generated by the CyberArk Privileged Access Security Solution are now 100% integrated into the main console and also sent as logs directly to your SIEM tool or other alerting system. CyberArk administrators now have access to in-depth analytics on who or what is utilizing privileged access in the environment and to see this information without having to look up from where they set policies, review sessions or log in to do their other administrative tasks. Not only that, but they are also able to receive prioritized alerts and initiate automated action to take a risk-based approach to privileged access security; tackling the riskiest accounts, credentials and activities first, thus reducing clutter and excessive alerts.
3. Automatic Risky Session Termination –CyberArk provides security teams with the tools they need to automatically suspend or terminate risky privileged sessions based on policy from the web based interface or via API. The new tools enables security operations teams to mitigate risk by automatically shutting down or suspending sessions that pose a security risk until verified, rather than waiting for a human to identify the problem and act.
4. PowerShell Utility for Un-Suspending Users — When a suspended user needs to be granted re-entry to CyberArk, instead of losing time relying on manual intervention to let the user back in, a member of our Customer Success Team, Randy Brown, came up with clever way to use a PowerShell utility to revive suspended accounts. We’ve made this time-saver available free on GitHub, and this is one of many useful tools made available to our customers on GitHub.
5. Automatic Account On-Boarding — Combing through all the privileged accounts that are discovered and onboarding them en masse into the vault can be time consuming. It can also presents a security risk when end users create backdoor access to perform their own tasks. With CyberArk’s recent introduction of automatic account onboarding, neither of these things are an issue anymore. Automatic account onboarding helps administrators scale their privileged controls with reduced human intervention and increased speed to manage privileged accounts that present risk to your organization.
6. Privileged Access Security Installer – When CyberArk released version 10.4, it included the Privileged Access Security Installer, which delivers a massive reduction in the steps required to deploy all of the CyberArk Core Privileged Access Security components. This is part of a concerted effort to support smaller deployments that deploy all CyberArk components on a single server.
7. CyberArk Marketplace – Since the launch of the CyberArk Marketplace in 2018, CyberArk has deepened the depth and breadth of ready-to-deploy integrations – especially in key areas like IT Management and security software, Industrial Control Systems, Robotic Process Automation and Identity Access Management. Customers who use the CyberArk Marketplace can easily find and deploy integrations from CyberArk’s 100+ certified technical partners to bolster their security posture.

What’s Next?

Right now, cybersecurity professionals are having to do more with less. Having solutions, tools and features in place to help security teams effectively and efficiently use the products in their purview is more essential than ever. We recently hosted a webinar that outlines, and demonstrates new capabilities introduced in version 10 that help customers deploy, integrate and scale with CyberArk. Click here to access the recording and learn more!

This course provides an in-depth study of Sophos Central, designed for experienced technical professionals who will be planning, installing, configuring and supporting deployments in production environments. It consists of presentations and practical lab exercises to reinforce the taught content, and electronic copies of the supporting documents for the course will be provided to each trainee through the online portal. The course is expected to take 3 days to complete, of which approximately 9 hours will be spent on the practical exercises.

Sophos Central Architect Training

3 days Training

Wednesday 20 March 2019 – Friday 22 March 2019

Requirements

Prior to attending this course, trainees should:

• Complete the Sophos Central Endpoint and Server Protection and should have passed the Certified Engineer exam
• Experience with Windows networking and the ability to troubleshoot issues
• A good understanding of IT security
• Experience using the Linux command line for common tasks
• Experience configuring Active Directory Group Policies
• Experience creating and managing virtual servers or desktop

Target audience:

This course is designed for technical professionals who will be planning, installing, configuring and supporting deployments in production environments. And for individuals wishing to obtain the Sophos Central Certified Architect certification.

Objectives:

• On completion of this course, trainees will be able to:
• Design an installation considering all variables
• Undertake a multi-site installation appropriate for a customer environment
• Explain the function of core components, how they work, and how to configure them
• Track the source of infections and cleanup infected devices
• Perform preliminary troubleshooting and basic support of customer environments

Certification:

To become a Sophos Certified Architect, trainees must take and pass an online assessment. The assessment tests their knowledge of both the presented and practical content. The pass mark for the assessment is 80%, and is limited to 3 attempts.

Content

• Module 1: Deployment Scenarios (60 mins)
• Module 2: Client Deployment Methods (65 mins)
• Module 3: Endpoint Protection Policies (80 mins)
• Module 4: Server Protection Policies (30 mins)
• Module 5: Protecting Virtual Servers (60 mins)
• Module 6: Logging and Reporting (45 mins)
• Module 7: Managing Infections (45 mins)
• Module 8: Management (65 mins)

Course content

Module 1: Deployment Scenarios (60 mins)

• Identify some of the common challenges when deploying Central
• Deploy Update Caches – Set up Message Relays
• Configure AD Sync Utility
• Identify where Update Caches and Message Relays should be used
• Labs (45 mins)

1. Register and activate a Sophos Central evaluation
2. Install Server Protection
3. Install and Configure AD Sync Utility
4. Deploy an Update Cache and Message Relay

Module 2: Client Deployment Methods (65-75 mins)

• Identify the recommended steps for deploying Sophos Central
• Explain the installation process, and identify the different types of installer
• Automate deployment for Windows, Linux and Mac computers
• Migrate endpoints from Enterprise Console
• Locate installation log files
• Remove third-party products as part of a deployment
• Labs (75-90 mins)

1. Enable Server Lockdown
2. Deploy using Active Directory Group Policy
3. Use the Competitor Removal Tool
4. Deploy to a Linux Server using a Script

Module 3: Endpoint Protection Policies (80-90 mins)

• Describe the function and operation of each of the components that make up an Endpoint Protection and Intercept X
• Configure policies to meet a customer’s requirements and follow best practice
• Test and validate Endpoint Protection
• Configure exclusions
• Configure Data Loss Prevention
• Labs (100-120 mins)
• Test Threat Protection Policies
• Configure and Test Exclusions
• Configure Web Control Policies
• Configure Application Control Policies
• Data Control Policies

Module 4: Server Protection Policies (30 mins)

• Configure Server Protection Policies
• Configure and Manage Server Lockdown
• Labs (65-75 mins)

1. Configure Sever Groups and Policies
2. Manage Server Lockdown
3. Test Linux Server Protection

Module 5: Protecting Virtual Servers (60 mins)

• Connect AWS and Azure accounts to Sophos Central – Deploy Server Protection to AWS and Azure
• Deploy and Manage Sophos for Virtual Environments
• Labs (60 mins)
• Download the installer for the Security Virtual Machine
• Install the Security Virtual Machine (SVM) on a Hyper-V Server
• Configure Threat Protection policies to apply to the Security VMs and the Guest VMs they protect
• Perform a manual installation of the Guest VM Agent and view logs
• Test and configure a script to deploy the GVM Agent
• Manage Guest VMs from the Central Console
• Test Guest VM Migration

Module 6: Logging and Reporting (45 mins)

• Explain the types of alert in Sophos Central, and be able to read an RCA
• Use the Sophos Central logs and reports to check the health of your estate
• Export data from Sophos Central into a SIEM application
• Locate client log files on Windows, Mac OS X and Linux
• Labs (55-60 mins)

1. Generate and analyze an RCA
2. Configure SIEM with Splunk

Module 7: Managing Infections (45-60 mins)

• Identify the types of detection and their properties
• Explain how computers might become infected
• Identify and use the tools available to cleanup malware
• Explain how the quarantine works and manage quarantined items
• Cleanup malware on a Linux Server
• Labs (40 mins)

1. Source of Infection Tool
2. Release a File from SafeStore
3. Disinfect a Linux Server

Module 8: Management (65 mins)

• Use the Controlled Updates policies appropriately
• Enable multi-factor authentication
• Use the Enterprise Dashboard to manage multiple sub-estates
• Identify the benefits of the Partner Dashboard
• Identify common licensing requirements

Labs (25 mins)

1. Enable Manually Controlled Updates
2. Enable Multi-Factor Authentication

Daily morning headlines from Dark Reading, Krebs on Security, ThreatPost and others remind us that breaches are inevitable – they are not a matter of “if,” but instead, “when.” This is increasingly understood, so one wonders if this reality leads people to make overly rash decisions based on what they read with their morning cuppa joe?

Catch that last question? Let’s talk about recency bias – the tendency to place too much weight on recent events.

While many IT practitioners, especially those in security, believe that we are perfectly astute and calculated bastions of logical decision-making, we are all, indeed, human. And agencies and news publications alike have capitalized on fear mongering, knowing that we cannot avoid consuming and commenting on the latest event driving headlines. Now, while there is little danger in your Kardashian obsession (Mine lately has been Jho Low, the embattled billionaire accused of swindling billions from the Malaysian government), there is potential danger in basing security purchases and strategies purely on the latest security fad.

New tools and technologies constantly enter the security market. Some vendors, often founded by security practitioners, are deploying powerful systems absolutely bursting with functionality, intelligence and potential. Moreover, while the wildly innovative and nascent tools are interesting, security leaders have to provide the most security value they can – increasingly in terms of quantifiable risk reduction — across their entire organization.

What I suggest is, instead of chasing headlines, to adopt technologies that have gained recognition from security thought leaders and influencers for their ability to reduce risk and increase a company’s security posture. One place to look for direction is the Center for Internet Security (CIS), which provides a list of top security controls. This includes what they call “controlled use of administrative privileges” and we call privilege access security. Privileged access exists everywhere in your organization and has existed as long as administrator and superuser accounts have been integral to the operation of applications and infrastructure. Although it seems obvious that protecting privileged access is critical to maintaining security, it was, at a time, viewed as a niche security tool or something organizations could do as an “extra” step to securing the enterprise… a “nice to have,” if you will.

If you look into key regulations, across myriad industries, you will find that protecting privileged access is one of the key tenants to adhere to when the auditors come knocking. PCI-DSS 3.2, Sarbanes Oxley, HIPAA and NERC CIP all require the protection and monitoring of privileged users and sessions.  That being said, embarking on a privileged access security program isn’t just about checking the box to fulfill a compliance requirement but a key step in staying one step ahead of the attackers.

Many of us work in high tech because there is constant innovation and cutting edge solutions that push the limits of computing.

Technophiles should not fear as there are privileged access security companies like CyberArk experimenting with bleeding-edge tools, developing brand new technologies and implementing techniques to stay ahead of the attackers. For those interested in innovative techniques and deep privileged access security research, check out the CyberArk Threat Research Blog – and remember, news publications are fighting to be the most sensational and generate the most clicks. Trust your instincts and deploy proven privileged access controls instead.

Today we’re excited to announce that XG Firewall, our flagship next-generation firewall, joins Sophos Central, the ultimate cybersecurity management platform in the cloud. Sophos customers can now manage their XG Firewall and Intercept X, alongside their Sophos Server, Mobile and Encryption products – all from a single pane of glass.

This marks the first time that an industry leading firewall product and an industry leading endpoint product are managed together from the same console. And it really couldn’t come at a better time, with dangerous and sophisticated threats like Emotet threatening many organizations with hundreds of new variants every day.

These advanced threats demand a coordinated defense, with multiple layers of security technologies working together to identify, block, and isolate the attack at several points in the chain. This prevents the threat from getting any kind of foothold on the network and spreading laterally.

Sophos Synchronized Security and Security Heartbeat provide the ideal solution to identify and respond to threats like Emotet.

Leveraging the latest advanced threat protection technologies and sharing important health, status and telemetry information between XG Firewall and Intercept X, Synchronized Security can see it, stop it, and secure it – before these threats can cause any damage. It’s what I like to refer to as an unfair advantage.

With XG Firewall joining Sophos Central, Synchronized Security just got another unfair advantage when it comes to staying ahead of both the hackers and their latest threats.

Not only do you have a coordinated defense, but you also now have the full benefits of a completely integrated management experience.

XG Firewall joining Sophos Central offers great benefits for everyone

If you’re an existing Sophos Central customer:

If you’re using Sophos Central to manage Intercept X or any other Sophos product, you’ll be familiar with the convenience and ease of managing your IT security through Sophos Central. But now it’s time to synchronize your security.

You can add an XG Series appliance to your network to enable Synchronized Security and unlock the full potential of an integrated security system – easy and risk free. You can manage it in Sophos Central alongside your other Sophos products, and you don’t even need to replace your existing firewall. Check it out.

If you’re an existing XG Firewall customer:

You can now monitor and access all your firewalls securely through Sophos Central – all at no extra charge. Take advantage of the Sophos Central dashboard view for your firewalls, and you’ll get enhanced alerting options as well as direct access to any of your firewalls with a single click. And now you can add Intercept X to your endpoints to enable Synchronized Security, and manage everything from the same console. Check it out.

If you’re new to Sophos:

XG Firewall and Intercept X offer the ultimate protection from today’s advanced threats. Synchronized Security provides a coordinated defense that enables our products to work better together and share information through Security Heartbeat™. And you can now manage everything through a single, easy to use cloud-based console: Sophos Central. Check it out.

You can read the original article, here.

I recently listened to a podcast discussing the expanding legalization of sports betting in the United States.

The guest turned out to be a cybersecurity enthusiast-turned-professional poker player. In one part of the show, he described how, in advance of the Super Bowl, sportsbooks offer hundreds of bets known as propositions, or “props,” on which gamblers can wager their hard-earned dollars.

The props range from the seemingly sensical – How many combined touchdowns will both teams score? – to the more obscure (and slightly absurd) – What color of Gatorade will be dumped on the winning coach?

In gambling, the No. 1 rule is the house always wins. But Super Bowl props provide a potentially advantageous opportunity for the shrewd bettor. Why is this the case?

To explain, the podcast guest drew on his security background and compared the plethora of Super Bowl wagering options to the ever-widening cyberattack surface.

The more choices a smart punter has on which to risk their money, he said, the more likely they will discover opportunities that can be exploited. Thus, their edge of winning is bigger. The same goes for malicious hackers seeking entry into a target organization. Their likelihood of success grows with each available vulnerability.

Which brings us to the point of all of this: Your attack surface is teeming with potential liabilities. Here are the modern-day risks you need to mitigate to help prevent your adversaries from cashing in.

Endpoints

Most advanced threats that evade traditional prevention security measures start on the endpoint, and with the explosive growth of the Internet of Things (IoT), that means you have more ground to cover than ever. Desktops and laptops may be the most common initial infection point, but anything with an internet connection places your organization at risk. That includes non-traditional endpoints, including routers. To overcome limitations, you should combine strong internal policies with testing, detection and response capabilities to help stay protected.

Applications and Databases

Applications act as the digital front door into your organization, and databases are their connected companions. Both necessitate varying forms of protection, each requiring a multi-pronged approach. The threat of vulnerable applications, responsible for a surprisingly large number of the major data breaches in recent years, can be assuaged with web application firewalls, scanning and testing, and stronger development training. Meanwhile, database defense must evolve beyond simple patching to also include vulnerability testing, user rights management and activity monitoring.

End-Users

Phishing is one of those information security problems that even your grandparents know about – yet it remains one of the most successful means of attack, even against businesses that know it’s coming. The reason why is simple: It works. Everybody still uses email, and attackers have invoked clever ways to prey on human emotions and dupe uses into divulging confidential credentials or clicking on links and attachments. To address human frailty and conquer savvy phishers, you should deploy an advanced email security gateway, complemented by a security awareness program that uses creative ways to reach employees.

You can read the original article here.

The financial services industry experiences 35% of all data breaches, earning it the unflattering title of the most-breached sector. It’s easy to understand why. The industry is known for its wide array of interconnected systems and the processing of millions of transactions — factors that render it particularly vulnerable to attack.

As the threat, frequency and impact of these attacks increase, new legal risks emerge, including litigation and steep regulatory fines. In fact, according to a Forbes Insights/K&L Gates survey, the trends that present the most potential for legal risks include dealing with data (69%), cybersecurity (47%), a changing regulatory environment (46%), fraud protection (39%) and digital transformation (39%).

Regulators are reacting quickly. For example, the U.S. Securities and Exchange Commission recently issued new guidance calling for public companies to be more forthcoming when disclosing cybersecurity risks, even before a breach or attack occurs. Financial institutions are also stepping up to increase data security. For instance, 92% of the 200 U.S. financial services executives surveyed by Forbes Insights are currently using encryption technology.

But getting ahead of hackers requires knowing the dangers that lurk outside an organization. Here are the top three threats facing the financial services industry:

1) Web Application Attacks

Financial institutions rely on business-critical web applications to serve customers, promote their services and connect to back-end databases. However, many of these applications are hosted online, making them easily accessible to hackers. Types of web application attacks range from buffer-overflows to SQL injection attacks, in which a hacker injects SQL statements into a data-entry field, tricking the system into revealing confidential data.

2) DDoS Attacks

Distributed denial of service (DDoS) attacks impair the performance of resources, such as servers, causing websites and applications to slow down or crash. The result: angry customers who are unable to access critical financial services when they need them most. For financial services firms, the repercussions can be even worse, including disrupted business flows, stolen data, damaged reputation and lost revenue.

3) Insider Threats

Beyond hackers, employees are among the top cybersecurity threats to financial institutions. Oftentimes, unwitting workers fall victim to phishing scams or accidentally download malware. However, disgruntled employees may collude with hackers by sharing their passwords or intentionally ignoring corporate cybersecurity protocol. Either way, insider threats can take months – sometimes years – to detect.

Safety Practice

Amid increased exposure to these risks, financial institutions need to take measures to ensure greater data security and minimize legal exposure. To do so, consider the following steps:

• Draft internal policies, procedures and contractual provisions regarding the discovery, investigation, remediation and reporting of breaches.
• Obtain the right insurance coverage for various types of cyber risks and consider the adequacy of existing insurance programs.
• Partner with a third-party cybersecurity team that can help manage internet security and prevent cyberattacks and data breaches.

In today’s hyper-connected, technology-driven financial services sector, data security breaches, DDoS attacks and insider threats are on the rise. However, executives in the industry can take action by educating themselves on the dangers ahead and taking the right precautionary measures.

You can read the original article, here.