This three-day training program was designed and intended for experienced technical professionals who want to install, configure and support the XG Firewall in production environments and is the result of an in-depth study on the next generation firewall of Sophos.

The program consists of presentations and practical workshops for the enhancement of teaching content. Due to the nature of the traditions and the varied experience of the trainees, open discussion is encouraged during the training.

(3 days Training)

Tuesday 26 February 2019 – Thursday 28 February 2019

Requirement

Participants should have the  Xg Engineer Certification

Recommended Knowledge

Knowledge of networking to a CompTIA N+ level

Knowledge of IT security to a CompTIA S+ level

Experience configuring network security devices

Be able to troubleshoot and resolve issues in Windows networked environments

Experience configuring and administering Linux/UNIX systems

Content

• Module 1: Enterprise Deployment Scenarios
• Module 2: Advanced Firewall
• Module 3: Authentication
• Module 4: Webserver Protection
• Module 5: RED Management
• Module 6: Wireless Protection
• Module 7: Enterprise VPN
• Module 8: High Availability
• Module 9: Troubleshooting
• Module 10: Sizing

Certification

+ exam: Sophos XG Architect

Duration 3 days

Agenda

Trainer: Micheal Eleftheroglou

Day 1 Tuesday 26 February  2019

9:30-10:15 Module 1: Enterprise Deployment Scenarios Part I

• Bridge mode
• Gateway mode
• Mixed mode

10:15-10:30 break

10:30-12:00 Enterprise Deployment Scenarios Part I

• VLAN
• Link Aggregation
• Routing protocols

12:00-12:15 Break

12:15-13:45 Advanced Firewall  Part I

• Stateful inspection
• Strict policy
• Fast path
• Intrusion prevention
• Anti Dos/floofing
• Advanced Threat Protection

13:45-14:45 Break Lunch

14:45-16:15 Advanced Firewall  Part II

• Asymmetric routing
• Local NAT policy
• DHCP options
• Bind to existing DHCP scope
• Country list
• Drop packet capture
• IPS tuning

16:15-16:30 Break

16:30-17:15 Webserver Protection

• Overview
• Web Servers
• Application Protection policies
• Path specific routing
• Authentication policies
• Certificates

Day 2  Wednesday 27 February 2019

9:30-10:15 Module 4: Authentication

• Single sign-on (SSO)
• LDAP integration
• Secure LDAP
• STAS (Sophos Transparent Authentication Suite
• Troubleshooting STAS

10:15-10:30 Διάλειμμα

10:30-12:00 Authentication part II

• Sophos Authentication for Thin clients (SATC)
• Troubleshooting SATC
• NTLM
• Troubleshooting NTLM

12:00-12:15 Break

12:15-13:45 Module 5: Red Management

• Overview
• RED Models
• Deployment
• Adding a RED interface
• Balancing and failover
• VLAN port configuration

13:45-14:45 Break- Lunch

14:45-15:30 Module 6: Wireless Protection

• Overview
• Access Points
• Wireless networks
• Security modes
• Deployment
• Built-in wireless
• Mesh networks
• Radius authentication
• Class Activity

15:30-15:45 Break

15:45-17:15 Module 7: Enterprise VPN

• Huge and spoke topology
• Ipsec VPN configuration
• Ipsec VPN policies
• NAT overlap
• Route precedence
• VPN failover
• Logs
• Troubleshooting

Day 3 Thursday 28 February 2019

9:30-11:00 Module 8: High Availability

• Overview
• Prerequisites
• HA packet flow
• Configuration
• HA status
• Console commands
• Logs
• General Administration

11:00-11:15  Break

11:15-12:00 Module 9: Troubleshooting

• Consolidated Troubleshooting Report
• SF loader
• Tcpdump

12:00-12:15 Break

12:15-13:45 Module 10: Sizing

• Hardware appliance models
• Hardware appliance sizing
• Software and virtual devices
• Sizing scenarios
• Class activity

13:45-14:45 Break – Lunch

14:45-17-15 Labs and Exams

Today, Amazon Web Services (AWS) announced the AWS Security Hub, with Sophos as a launch partner.

Sophos supports this industry-wide effort to consolidate and bring focus to high-priority security alerts on AWS. We believe that visibility is the best defense against today’s threats, highlighting as early as possible any alerts and events that could represent compromise.

We applaud AWS efforts to provide APIs for the AWS Security Hub. This enables sharing of security information across the AWS ecosystem, including that from Sophos, whose products generate and correlate events and alerts.

The approach that AWS has taken with Security Hub parallels the approach that we followed with Sophos Central: collecting security information and presenting it on a single screen for easy viewing, as shown below.

Since AWS is increasingly an extension of customers’ on-premises systems for business-critical applications, protection of AWS applications and data is essential. Now that Sophos integrates with AWS Security Hub, alerts about the AWS environment can be viewed in Sophos Central for easier management. Sophos Central provides visibility not only to events across AWS, but also across on-premises and other environments.

With protection from the industry-leading Sophos Intercept X and XG Firewall products, Sophos Central then correlates that information and automates the response with Synchronized Security.

SHI, a Sophos partner who assists customers migrating to AWS, now recommends use of AWS Security Hub. SHI has tested the connection between AWS Security Hub and Sophos Central, and sees significant benefit from the integration.

“The integration of Sophos Server Protection with the AWS Security Hub provides tremendous confidence for our customers and enables us to help migrate more organizations to the Amazon public cloud” said Chief Cloud Officer, Lee Ziliak

Sophos has also added protection of AWS S3 storage in addition to the current protection for AWS EC2 instances in Sophos Intercept X for Server. Now both EC2 instances and S3 storage buckets are discoverable from customer AWS accounts, easily enabling appropriate security policies to be applied and managed from the map display in Sophos Central, as shown below.

With the efforts of AWS, and the integration and protection that Sophos has added, customers of Sophos Intercept X for Server can now protect business-critical workloads and data stored on AWS, as well as on premises.

You can find out more about the partnership on our website.

For organizations whose cyber defenses may have been going the way of one dimensional, threat hunting has breathed new life into sputtering security programs.

Broadly defined as the manual practice of applying tools, tactics, procedures and intelligence to uncover advanced network attacks that have slipped past existing defenses, threat hunting is surging in popularity.

Able to easily bypass traditional, signature-based security, persistent attackers are using stealthy means to fly under the radar and travel unrestricted across corporate databases, networks and applications – and you need to assume they are already inside yours.

So how do you find them?

While actions such as log and event analysis (automated threat detection) and technologies like endpoint detection and response (EDR) have emerged to help organizations become more proactive at flagging and rebuffing these sophisticated foes, threat hunting pushes the needle even further forward with a human-driven component. Trained personnel pursue attackers while leveraging many of the same capabilities and thought processes that the adversaries use themselves.

Even if your ultimate security goal may be to pre-empt the mega breach, threat hunting is out to discover anything out of the ordinary that could indicate something is amiss in your environment – in the process vastly growing visibility into your network, reducing risk and expanding security maturity. Oftentimes, this means unearthing something that is far less deleterious – and far less thought about – than an advanced persistent threat actor, but critical nonetheless, as non-routine activity of any kind may affect your organization’s operations and bottom line.

What your team may discover on a threat hunt (or via powerful security operations center-backed experts hunting on your behalf) could range from an honest mistake to a spiteful employee to a full-blown hacker incident. As an accountable and responsible security professional, you should want to know about all of them.

1) Hackers “Living off the Land”

As simple as it is to find fault with the current state of security, many businesses are making things more onerous than ever on network intruders to succeed. You may be surprised to learn that this reality has forced miscreants to turn to self-sustainable practices. A tactic known as “living off the land” has grown in popularity in recent years among all types of malicious hackers and typically involves them using tools already approved and installed by your IT team – for instance, PowerShell, a legitimate admin tool used to automate tasks – and using them to run exploits (especially fileless attacks), harvest credentials and traverse the network.

2) Unusual User Behavior

Threat hunts can also turn up anomalous user activity, which may hint at possible threats involving a rogue insider. Actions that could indicate a wayward employee include multiple requests to escalate privileges, large data exfiltration at odd hours, late-night logins and the mass downloading or deletion of files – all of which are uncharacteristic of their normal duties and potentially indicative they are planning, for example, to switch jobs or exact revenge on the business.

3) Old or Unused Machines

In an era of technology sprawl, it may be easy to lose track of active workstations and other systems, which still introduce risk to a company. One of Trustwave’s threat hunters told me about one case in which his team identified IP addresses within a network that were behaving strangely. The hunters turned that information over to the customer, which took three weeks to physically identify the offending machines – they were stored away, apparently unknowingly, in a cabinet somewhere.

4) Policy Breakers Cutting Corners

The insider threat doesn’t always involve malice – sometimes an employee is trying to do the right thing, albeit “overlooking” security policies and ramifications. Going back to the earlier PowerShell example, a worker in accounting may have discovered the tool to be useful for automating reporting but is unaware that attackers may be also able to leverage it to run malicious scripts.

5) Shadow IT

There are plenty of ways to invite malicious content or data-leakage risks into your organization, and the proliferation of web- and cloud-based software has opened that door even wider. While many employees (including C-level executives) are installing applications, often citing their desire to use them to improve productivity, they usually end up being unmanaged and grow a business’ attack surface. Sometimes, a user’s motivation for such a download isn’t as work-focused: Our aforementioned threat hunter recently turned up a “Pokemon Go” mining operation in which a member of the IT team was using several systems to “catch” the animated creatures.

With the knowledge of what a threat hunt helps bring to the surface, you can immediately take risk-reducing actions within your organization. Remember, it’s not always the APT adversary who can bring you down.

You can read the original article, here.

Martin Sugden, CEO of Boldon James, was in Brazil last week and shared a warning that organizations need to comply with LGPD: “companies need to know what kind of information they have, were it is stored and how to deal with it”.

While organizations are increasingly concerned with data protection, many do not have the right tools to protect their information, and do not apply data classification to their data collection, processing, and handling processes. Systems have been designed to view data as belonging to the company not the individual that shared it with the organization. With the arrival of GDPR and LGPD, organizations are having to adapt to the new reality.

Martin Sugden, CEO of Boldon James, was in Brazil last week to meet clients and local partners and on November 29 he met with key members from the local business media to discuss how organizations comply with LGPD: “Companies need to know what kind of information they have, where it is stored and how to deal with it”.

According to Sugden, “Once you understand what information you have, and where the information is held you can make informed decisions about the level of security to be applied from who can access it to should it be encrypted or anonymized to do, I even need to keep it. The current security strategy must take into account that GDPR and LGPD rules are rigid and that any information should be protected wherever it is, including mobile devices, in the supply chain or with advisers. Your users need to be trained and understand your policies”, he commented.

“Recent surveys point out that at least 1/3 of IT executives claim that mobile security is one of their biggest concerns, especially as modern working practices involving mobile devices, social media and BYOD make it easy to lose or inadvertently share data”, said Martin Sugden.

According to the CEO of Boldon James, financial services companies report the most concerns about data security, but it is these companies that invest more in data classification policies and tools. With the GDPR and LGPD, the banking and financial institutions must increase their investments in data security. “Other organizations should follow the same path, so they can better protect their vital business data”, Sugden emphasizes.

Boldon James has been working for 30 years on the development of data classification techniques, being responsible for numerous pioneering data classification projects in large companies in several countries.

The Boldon James Classifier solution allows labels to be filtered to handle, hold, or send documents safely outside of organizations, either to mobile devices, partners or customers.  For example, last year a USB was found on a London street with 76 highly classified files regarding the travel routes taken by Queen Elizabeth when using Heathrow airport, including airport patrol timings  and the identity of personal protection officers who had access to certain secret areas at the airport. This data should not be downloadable and if it was it should be encrypted. A simple classification label using Classifier would have triggered a Rights Management tool to stop this happening.

“Do you know what is critical in your company? If data classification technology were to be applied in conjunction with say a Data Loss Prevention solution or Rights Management, this sensitive data loss would most likely not happen”, said Martin Sugden.

You can read the original article, here.

Sophos is pleased to announce that the early access program (EAP) for XG Firewall management through Sophos Central is now available for you to take a test drive.

As you probably know, Sophos Central is the ultimate cloud-management platform for all of your Sophos products, and it now includes XG Firewall. It makes day-to-day setup, monitoring, and management of your network protection easy. You can quickly and easily add all your XG Firewalls into Sophos Central, giving you secure access to your entire estate from anywhere.

With XG Firewall joining Sophos Central, you can now manage all your Sophos Synchronized Security products from a single cloud console. Intercept X and the rest of the Sophos suite of protection are all there, at your fingertips: mobile, email, wireless, and more.

How to get started in three easy steps:

Check out this step-by-step knowledgebase article for full details, but it’s really as simple as 1, 2, 3:

1. First, you’ll need a Sophos Central account if you don’t already have one. Head on over to cloud.sophos.com to create a trial account or login, and while you’re there, enroll in the Early Access Program by clicking your account in the upper right corner of the console.
2. Next, login into your firewall and add your Sophos Central credentials to the Central Synchronization screen and select the option to Manage from Sophos Central.
3. Then, return to Sophos Central and confirm adding your Firewall. That’s it! Now you can securely access your firewall from anywhere through Sophos Central.

Join the EAP Community Forum to share your feedback with the Sophos team and others.

Additional features coming soon

Over time, additional features will be added to Sophos Central management of your XG Firewall including:

• Backup management and storage for your regularly scheduled firewall backups
• Firmware update management to make multiple firewall updates easy
• Light-touch deployment to enable easy remote setup of a new firewall

And much more!

FAQ

Below are the most frequently asked questions about Sophos Central Management of XG Firewall. You can add your own to the EAP Community Forum where our team will do our best to answer.

Question: Is there a limit on how many firewalls or what type can be managed by Sophos Central?

No, there is no limit. Sophos Central can manage any XG Firewall, hardware, virtual, software or Azure as long as it has a WAN internet connection to connect to Sophos Central.

Question: Is there a charge for Sophos Central management of XG?

No, there is no charge and no special license required for either the EAP or when this capability is generally available. Anyone can setup a Sophos Central account at no charge to manage their XG Firewalls.

Question: Do I need other Sophos products to take advantage of Sophos Central Management of XG Firewall?

No, you don’t need any other Sophos Product to take advantage of Sophos Central Management of your XG Firewalls.

Question: How does the connection and information sharing work between XG and Sophos Central?

XG Firewall initiates a secure TLS encrypted connection with Sophos Central to share information. Since the connection is outbound from the firewall, it is completely secure and a simple way to manage firewall devices remotely without exposing the management interface login on the WAN. No port or other configuration is required. Since there is no storage of the configuration or log or reporting data in Sophos Central, there is no synchronization required – any changes made through Central are taking place on the device as they are made.

Question: Does Sophos Central copy or store any of the data from my Firewall in the cloud?

No, all your Firewall data and configuration information remains on your Firewall.

Question: What version of firmware is required on XG Firewall to manage it from Sophos Central?

XG Firewall v17.5 (or later) is required. This was released in late November and is currently being rolled out in stages to customer systems. If you haven’t already received the automatic update notice in your Firewall console, you can download the firmware update from MySophos.

Question: What are the various central management products that are available for XG Firewall and their differences?

Sophos Central is ideal for Sophos customers who want to monitor and manage their firewalls conveniently alongside their other Sophos products in Sophos Central: It offers a full list of all your firewalls under management along with quick access to manage any of them individually (one-at-a-time). It does not yet offer any policy template tools or alerting and monitoring like Sophos Firewall Manager.

Sophos Firewall Manager (SFM) is our on-premise product that enables rich powerful multi-device management features. It is ideal for organizations managing a large number of devices or those who want to take advantage of the policy template and other multi-device management tools.

You can read the original article, here.

50% of employees admit to clicking links from unknown senders. But which 50%? It’s time for a targeted approach to cybersecurity training.

Teaching users with simulated phishing attacks and training is half the battle in the race against phishing attacks. But what about the real test for users? The phishing emails, the unverified USBs, the ones that cripple the customer database on a Sunday at 1am?

Sophos Phish Threat now offers a breakthrough in cybersecurity training with Sophos Synchronized Security. By connecting Sophos Email and Phish Threat, we’ve taken the guesswork out of finding those riskier users in your organization – those who need a more targeted approach to training.

A breakthrough in cybersecurity training

50% of employees* admit having clicked on an email link from an unknown sender in the last 6 months that turned out to be malware or a scam. Regular attack simulations and security awareness training make all the difference, with existing Phish Threat customers able to reduce susceptibility to attack by 31% in just four tests (that’s opening and still clicking to you and me).

But while you train all users on cyberthreats, how do you find and train the weakest links in your organization?

Sophos Synchronized Security now lets you do that by connecting Sophos Email and Phish Threat. It helps you identify users who regularly click malicious links or violate other security policies, and lets you enroll them directly into targeted training.

Sophos Email and Phish Threat

Available now, Sophos Email Advanced is the first Secure Email Gateway to feed intelligence directly to a security awareness training solution for the best results.

The new Sophos Email Advanced At Risk Users report highlights which users are clicking email links rewritten by Time-of-Click URL protection, and identifies those who have either been warned or blocked from visiting a website due to its risk profile. You can then enroll those users in Phish Threat simulations and security awareness training with one click – increasing their threat awareness and reducing risk.

Take the guesswork out of training today

The greatest risk from attackers is not individual campaigns, but instead connected attacks, where vehicles like phishing are used to first penetrate your defenses.

Sophos is already the only vendor to offer a layered security defense, with protection at every point of the attack chain. Synchronized Security goes beyond that to take the guesswork out of finding those users who need a more targeted approach to training. Find out more about Sophos Email and Sophos Phish Threat today, and take the 30 day free trial.

More than ever, customers understand their right to data privacy. As major brands continue to lose sensitive data to cybercriminals in high-profile cloud security failures, customer trust in companies across industries is fading. Only 25 percent of consumers believe most companies handle their data responsibly, according to PricewaterhouseCoopers (PwC). As a result, secure, transparent data handling practices are more imperative than ever.

New regulations signal that governing bodies are also taking the enterprise’s responsibility for data privacy very seriously. The Brazil Privacy Act and the California Consumer Privacy Act support the consumer’s right to understand how their data is collected and used, and the New York Department of Financial Services (NYDFS) requirements are among the first regulations to address cloud security risks. Proposed rules require financial institutions to conduct vulnerability assessments and practice data classification and safe data management, whether the data resides on-premises or in the cloud.

Misconfigurations Cause Database Security Mayhem

Despite increased pressure to protect customer data, security teams are still struggling to address database security risks. Misconfigured servers, networked backup incidents and other system misconfigurations resulted in the exposure of 2 billion data records in 2017, according to the “IBM X-Force Threat Intelligence Index 2018” — that’s a 424 percent increase in such data breaches over last year’s total.

Cybercriminals are innovating quickly to take advantage of enterprise cloud security challenges. Many are using and creating open source tools to scan the web for unprotected cloud storage and, in some cases, locking these systems for ransom. Results from a Threat Stack study indicated that the majority of cloud databases are unprotected or otherwise misconfigured. Researchers attributed the prevalence of misconfigurations to employee negligence and insufficient IT policies.

Why The Enterprise Cloud Is Vulnerable

Still, it would be unfair to blame the current state of enterprise cloud security on employee negligence — at least, not entirely. Critical misconfigurations are technically the result of inadvertent insider error, but the reality is a bit more complex. Correcting configurations and compliance risks is difficult because security teams lack actionable visibility into cloud risks. There’s a glut of security risk to deal with, and traditional approaches to assessing risk result in an abundance of data with little actionable intelligence.

The enterprise cloud environment is complex and difficult to capture with vulnerability assessment tools designed for physical network and endpoint risk assessments. The unstructured, NoSQL landscape of the big data on cloud evolves on a near-daily basis to accommodate new forms of unstructured data. It’s no wonder that trying to assess database security risk across heterogeneous environments is often compared to finding a needle in a haystack.

Layered vulnerability assessments are crucial to protect against cloud security and compliance risks. Under some recent regulatory requirements, in fact, vulnerability assessments are mandatory. However, the enterprise needs vulnerability solutions that can support the scale of cloud database-as-a-service (DBaaS), traditional on-premises databases, warehouses and big data environments in a meaningful way.

Advanced analytics are necessary to sort through complex event data to correlate patterns and find true outliers that are associated with meaningful risk of data loss or advanced threats. The sheer volume and variety of data in the enterprise cloud requires proactive vulnerability assessment. A vulnerability assessment solution should automate risk prioritization, recommend remediation and simplify complex compliance requirements.

How To Achieve Real-Time Security And Compliance In Cloud Or Hybrid Environments

Reducing risk requires visibility and control with an adaptive, real-time approach to understanding exposure. In a database environment, assessments should actively examine privileges, authentication, configuration, versioning and patching. Finding and remediating advanced threats from insiders, ransomware and data breaches requires advanced analytics. Your vulnerability assessment solution should rank risks based on the importance of data and breach likelihood and recommend remediation actions.

Security and risk are convening in the enterprise, and vulnerability tools should deliver risk intelligence that can be shared with the chief information officer (CIO), chief security officer (CSO) and chief risk officer (CRO). Enterprise cloud environments are complex, but a vulnerability assessment tool can provide a consolidated and actionable view into risk, remediation, compliance and policy. To drive continued value, however, a vulnerability assessment solution must scale to new services as new applications, databases and cloud services are deployed over time.

The cloud has shifted the landscape and created the need for a new approach to assessing risks. If understanding compliance and configurations feels like finding needles in a haystack, it may be time to automate. Data privacy is now a compliance and customer imperative, and understanding the state of your databases is critical, so aim to scale your security assessments with a solution designed for the complexities of the enterprise cloud environment.

You can read the original article, here.

Sophos Intercept X with EDR has been recognized again as an industry leader. Among the winners in Computing’s Security Excellence Awards, Intercept X took home the award for Security Innovation of the Year for the second year in a row.

The Security Excellence Awards, which took place on 21 November in the heart of London, is hosted by UK-based tech magazine Computing as part of its annual Enterprise Security & Risk Management Summit. The ceremony celebrates the industry’s best security companies, solutions, products and personalities across 20 categories.

On the Security Innovation of the Year award, Computing says:

“The security industry and its products are continually evolving, as it keeps pace with the new tricks and tactics developed by hackers to attack corporate networks. This award will be given to the product or service which demonstrates something truly new and original”.

Learn more about our award-winning Intercept X Advanced with EDR or try it for free today.

Today marks a major milestone with the release of the first-ever Gartner 2018 Magic Quadrant for Privileged Access Management.^* CyberArk was named a Leader, positioned highest for ability to execute and furthest for completeness of vision.

As the market pioneer, not only is this a major accomplishment for us as an organization, but it’s also an important milestone for the market at large. According to the report, “Privileged access management is one of the most critical security controls, particularly in today’s increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.”

As the company recognized for establishing the market category, we are extremely proud to be named a Leader. We remain laser-focused on helping organizations to secure the enterprise by delivering innovative solutions that break the attack chain and protect their most valuable assets. We will continue our work to make a quantifiable impact on the security of companies and governmental organizations around the world, enabling them to adopt digital transformation strategies with confidence.

As we celebrate being named a Leader in the Gartner Magic Quadrant for Privileged Access Management, we’d like to thank all of our incredible customers, partners and employees who have been, and will continue to be, the cornerstone of our success.

Read the Full Report

Download the full 2018 Magic Quadrant for Privileged Access Management report here. To learn more about the CyberArk Privileged Access Security Solution or to see what customers and other industry experts say about us, visit our website.

You can read the original article, here.

CyberArk announced it was named a Leader in “The Forrester Wave: Privileged Identity Management, Q4 2018.”¹ Based on Forrester’s evaluation of the 11 most significant privileged identity management vendors, CyberArk ranks highest in both the current offering and market presence categories.

According to the report, “The [CyberArk] solution has strong password safe, session management, and privileged threat analytics, as well as the broadest DevOps support of any vendor evaluated in this Forrester Wave.” CyberArk received the highest possible score in report criteria including customer satisfaction; privileged threat/behavior analytics; privilege delegation and escalation; privileged session monitoring plans; and container support plans.

The CyberArk Privileged Access Security Solution is the most comprehensive solution on the market for protecting against the exploitation of privileged accounts, credentials and secrets anywhere – including on the endpoint and across on-premises, hybrid cloud and DevOps environments.

“This Forrester Wave report reinforces, in our opinion, the importance of privileged identity management for controlling both human user and machine access to an organization’s most sensitive assets and information,” said Marianne Budnik, CMO, CyberArk. “We are proud to be named a Leader by Forrester, and appreciate the support of our customers and partners who look to CyberArk as a trusted advisor and partner in their efforts to invest in modern infrastructure, improve business agility and drive new opportunities for growth.”

To download a complimentary copy of The Forrester Wave: Privileged Identity Management, Q4 2018 report, visit https://www.cyberark.com/resource/forrester-wave-privileged-identity-management/

You know the old saying, “The rich get richer”? Well, our UTM 9 platform is feature rich, but every year we pack more and more features into it. This year is no exception with our UTM 9.6 release.

Here’s what’s included in UTM 9.6

Let’s Encrypt integration

• Generate and renew Let’s Encrypt certificates from within the UTM
• Generated certificates can be used in all UTM components

Web Application Firewall (WAF) page customization

• Custom themes for all error pages that are delivered via the WAF
• Enables the use of a custom corporate identity on all pages

Manual Sandstorm submission

• Allows an admin to upload a file for detonation within Sophos Sandstorm
• Files that have not been received via email or web download can also be analyzed with Sophos Sandstorm

Persistent Sandstorm reports

• Enhanced reporting for Sandstorm activity over time and with historic information
• Reporting also covers hash lookup based results from Sophos Sandstorm

Other enhancements

• Unified RED firmware with improved 3G/4G support
• Submission port support in SMTP proxy
• Configurable listen address in SMTP proxy
• New advanced thread protection library with better performance and protection

The full release notes can be found on the Sophos Community.

How to get it

The release will be rolled out automatically in phases over the coming weeks. For anyone that wants the latest and greatest now, you can download the latest firmware yourself.

If you have any questions, check out the Sophos UTM 9 Community Forums.

We’re excited to announce that we’ve been awarded Security Vendor of the Year at the CRN UK Channel Awards 2018!

The CRN Channel Awards celebrated its 25th anniversary by recognising exceptional achievements in the UK channel industry over the past 12 months.

In CRN’s words: Security Vendor of the YearThe award recognises the overall contribution that [Sophos] is making to business development in the channel, in terms of its product range and development, channel and marketing programmes, and service and support.

Sophos focuses 100 percent of its resources on building products and programs with the needs of channel partners in mind. If you’re interested in working with us, take a look at the Sophos Partner Program and learn how, together, we can take your business to the next level.

You can read the original article, here.

The team is hard at work putting the finishing touches on our next major release of XG Firewall, and it is a huge release! XG Firewall v17.5 brings some amazing new Synchronized Security features as well as many of your most-requested features.

The best part is you can start taking advantage of many of these new capabilities today, as part of the Early Access Program.

What’s new in XG Firewall v17.5

Here’s a quick overview of the key new features in v17.5:

• Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
• Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
• Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
• Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
• IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
• Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
• VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
• Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
• Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.

In addition, coming in a following maintenance release we have:

• Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
• Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation) – XG Firewall can now be updated via USB.

Sophos Central management of XG Firewall

With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start soon.

You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:

• Secure access and management with single-sign-on through Sophos Central from anywhere.
• Backup management and storage for your regularly scheduled firewall backups.
• Firmware update management to make multiple firewall updates easy.
• Light-touch deployment to enable easy remote setup of a new firewall.

Get early access now!

Head on over to the XG Firewall Community Forums to get the v17.5 EAP firmware update, additional information on what’s new, and to share your feedback with the Sophos Product Team and the rest of the community.

You can read the original article, here.

Who’s responsible for cybersecurity at work? Is it the security team, the employees or a mix of both?

And, perhaps most importantly of all, does everyone in your organization agree?

A recent study commissioned by Sophos revealed that six out of ten employees feel more relaxed about IT security at work than at home, with 45% of people admitting that they don’t feel responsible for IT security at work.

Company security policies are designed to create a safe workplace for all employees. Those policies are often developed by a security team with years of experience, but policies only work if they’re adhered to. No matter how good your security team is, it’s relying on everyone else to make it their responsibility to maintain a safe workplace by following its policies. Helping employees to learn and understand those policies is vitally important.

The workplace isn’t a homogeneous whole though, it’s a collection of individuals with different personalities and learning styles. If everyone receives the same training content, don’t be surprised if the message doesn’t sink in everywhere.

New award-winning security training

Sophos Phish Threat is here to make security awareness training stick.

Phish Threat covers a wide range of topics from general or role-based security awareness to regulatory compliance, in a variety of engaging formats. It makes use of videos, interactive modules and gamification in a mix of visual styles to ensure that everyone gets the message.

Today, we’re excited to announce that our range of training has grown. Thanks to our latest Phish Threat learning partnership with Ninjio, we’ve added over 30 new training modules, plus we’re growing Phish Threat by one new module every month!

Ninjio shares our approach of short, engaging training, and its unique style recently scooped it the Gartner Customer Choice award for Computer Based Training 2018. By dramatizing real-life cyber threat headlines, with Hollywood script writers and great animations, Ninjio brings stories to life.

The freshest content

With all that training at your fingertips, your employees should be cybersecurity ninjas in no time. But to truly test their new-found skills, Phish Threat also provides more than 500 customizable attack email templates in nine languages. And new templates are being added every week, so to help we’ve made it easier to find the latest content fast.

Featured templates

The latest phishing attacks and seasonal campaigns train users to identify real-world attacks hitting their inboxes today, as well as the seasonal campaigns they need to know about.

New templates

New templates are automatically applied to every Phish Threat account. The New flag allows you to quickly find the most recently added templates, to help keep things interesting for your employees.

Five stars from customers

Our latest independent customer reviews show how easy it is to get started, and the almost immediate impact that Phish Threat is having on reducing risk.

“The cloud offering was extremely easy to deploy. The training exercises and videos were extremely relevant, engaging and just the right length”.

You can start educating your employees today with our free anti-phishing toolkit.