A recent TripWire study highlights the growing problem of cyberattacks, and whether IT staff feel that their companies have the right combination of skills and technology to cope with various types of cyber threats. Top concerns were (in order of importance) ransomware, distributed denial of service (DDoS) attacks, malicious insiders, phishing and vulnerability exploits.

According to the study, 60% of IT professionals surveyed felt that they have the right skills to defend against distributed denial of service (DDoS) attacks, and 63% felt they have the right technology to handle such attacks. That’s a slim majority of the sample; given the increasing prevalence of DDoS attacks, it’s not very reassuring to think that 40% of IT security professionals feel ill-equipped to handle a DDoS attack. One wonders how their customers would feel if they knew that.

Granted, some companies are more vulnerable to DDoS attacks than others. Internet Service Providers and Hosting Providers typically experience DDoS attacks on a daily basis, partly because they have such large surface areas for attacks, and partly because an attack on them can affect multiple downstream customers (sort of like “killing two birds with one stone.”) However, regardless of one’s profile or attack surface, every network is vulnerable to a DDoS attack.  Hackers have many motives, but essentially their goal is to either steal your sensitive data or crash your website.

DDoS attacks come in all sizes, great and small. Most companies fear the large, volumetric attacks that can crash a website or network. However, such attacks are relatively uncommon. More common are the short, sub-saturating attacks that can mask a security breach.  Because most companies possess some form of sensitive data—whether it is customer credit card information, email addresses, social security numbers, or intellectual property—most companies should be concerned about DDoS attacks because they can open the door to security breaches.

Companies face a myriad of cyber threats, but DDoS attacks are both a web availability threat and a security threat. If 40% of companies lack the skills or technology to handle a DDoS attack, that’s cause for concern, for both the companies and their customers. (A Corero survey indicates that loss of customer trust and brand reputation are consequences of DDoS attacks.)

You can read the original article, here.

Ransomware is doubtless a rising threat nowadays, putting all small, medium-sized and large businesses at risk. Our IT and security professionals at LogPoint are constantly working to help our clients withstand such attacks. When fighting ransomware, planning and forethought are crucial so you can limit the impact and quickly recover with minimal disruption. Keep in mind that ransomware variants are constantly changing, and it’s hard to thwart every attack without the help of a real power tool. After all it’s better to be safe than sorry.

The queries and examples used, assumes the environment relies on an EMC backend but works for every kind of storage solution.

Objective

Acquisition of unusual data activity on storage systems within a certain period of time often indicates ransomware activities. With the help of ransomware detection, the organization receives an alarm via email each time suspicious activity is detected. There is a wide variety of suspicious activities, however, the cases when data is deleted, created, or modified in high volumes should always be a warning sign.
Dashboards

The dashboard represents the top 30 users, that showed the highest activity during the past 10 minutes:

Query: label=EMC userSid=*|rename userSid as objectSid| chart count() by objectSid order by count() DESC limit 30| process lookup (LDAP,objectSid)|fields displayName, sAMAccountName, objectSid, count()

Paths, that generate high volumes of data activity by nature (e.g.: Citrix or Xen) are excluded from the search so they cannot distort the results.

Additionally, there is a list called Whitelist which consists of reliable users. The list is auto-generated based on UserSID. Furthermore, there is an in-house scale containing “normal” data activity so the system can capture any activity deviating from that.

Users are assigned to userSIDs by matching with Active Directory. The results are stored in a table from where, data can be permanently used for further analysis.

Alarming

Query: label=EMC  -“bytesWritten”=”0” -“bytesWritten”=”0x0″  event=”0x80” flag=0x2 userSid=*| chart count() as handle by userSid, clientIP | search handle>200

The alarm is triggered and an e-mail is sent to the person in charge, whenever a suspicious data activity, effecting more than 200 files (in-house baseline) is detected. Paths and applications which are labelled as trustworthy are excluded from this rule.

While this is just scratching the surface of how we can fight ransomware at LogPoint, this use case can serve as a great starting point for further discussions about the next steps to take in order to protect your organization.

You can read the original article, here.

SophosLabs has released a malware forecast to coincide with the start of RSA Conference 2017. Typically, our research papers focus on Windows, which has traditionally been the largest battleground. While some of the report does indeed look at Microsoft-specific challenges, we decided to focus more on the increasing malware threats directed at platforms where the risks are often not as well understood, specifically Linux, MacOS and Android devices.

SophosLabs has identified four trends that gained steam in 2016 and will likely remain challenges in 2017:

1. Linux malware that exploits vulnerabilities in Internet of Things (IoT) devices
The report starts by looking at how Linux is increasingly being used to target and infect IoT devices that include everything from webcams to household appliances that connect to the internet. Default passwords, out-of-date versions of Linux and a lack of encryption will continue to make these devices ripe for abuse.

2. The pervasiveness of Android malware
Next, the report looks at the top 10 malware families targeting Android devices, the most pervasive being Andr/PornClk: more than 20% of the cases SophosLabs analyzed in 2016 were from this family. It makes money through advertisements and membership registrations, and it is persistent – taking advantage of root privilege and requesting “Device Android administrators”. It downloads Android Application Packages (APKs), drops shortcuts on home screens and collects such information as the device ID, phone number and other sensitive details.

The report also looks at ransomware SophosLabs identified as Andr/Ransom-I, which pretends to be an update for the operating system and such applications as Adobe Flash and Adult Player. When downloaded, it is used to hijack the victim’s phone. While this malware is not nearly as widespread as the others, accounting for only 1% of all samples and didn’t even make our top 10 list, it is still noteworthy because it targets devices running Android 4.3, which is still used by 10% of Android owners – roughly 140m users worldwide.

3. MacOS malware that spreads potentially unwanted applications (PUA)
The report then goes on to look at MacOS malware that is designed to drop password-stealing code, including ransomware such as OSX/KeRanger-A and a variety of badly behaved adware. Though it continues to see fewer malware and ransomware infections than Windows, MacOS saw its fair share in 2016, and we expect that trend to continue.

4. Microsoft Word Intruder malware that is now expanding its targets beyond Office
Finally, the report looks at Windows-based malware kits that have historically targeted Word but are now expanding their horizons to abuse Flash.

The full report, in PDF form, can be downloaded from here.

You can read the original article, here.

Sophos, a global leader in network and endpoint security, today announced it has entered into an agreement to acquire Invincea, a visionary provider of next-generation malware protection. Invincea’s endpoint security portfolio is designed to detect and prevent unknown malware and sophisticated attacks via its patented deep learning neural-network algorithms. It has been consistently ranked as among the best performing machine learning, signature-less next-generation endpoint technologies in third-party testing and rated highly both for high detection and low false-positive rates.

Headquartered in Fairfax, Va., Invincea was founded by chief executive officer Anup Ghosh to address the rapidly growing zero-day security threat from nation states, cyber criminals and rogue actors. Invincea’s flagship product X by Invincea uses deep learning neural networks and behavioral monitoring to detect previously unseen malware and stops attacks before damage occurs. With a focus on the U.S. government, healthcare and financial services sectors, Invincea has been deployed in some of the most targeted networks in the world.

“By adding Invincea to our portfolio, Sophos is executing on its vision to assemble the most powerful technologies to provide the very best, cutting-edge defenses for our customers,” commented Kris Hagerman, chief executive officer at Sophos. “Invincea is leading the market in machine learning-based threat detection with the combination of superior detection rates and minimal false positives. Invincea will strengthen Sophos’ leading next-gen endpoint protection with complementary predictive defenses that we believe will become increasingly important to the future of endpoint protection and allow us to take full advantage of this significant new growth opportunity. We are proud to welcome the Invincea team to Sophos and look forward to introducing the benefits of this advanced technology to our customers and partners worldwide.”

Sophos is recognized as a leader in endpoint protection today with an expanding set of next-generation technologies such as the signature-less anti-malware, anti-exploit and anti-ransomware technology in Intercept X and the behavior-based analytics, Malicious Traffic Detection and Application Reputation in Sophos Endpoint Protection. The Invincea machine learning malware detection and prevention technology will be fully integrated into the Sophos endpoint protection portfolio, further strengthening Sophos’ leadership in this fast-growing market. The availability of Invincea technology through the Sophos Central security management platform will further enhance the Sophos synchronized security portfolio and real-time intelligence sharing.

“We started Invincea with the vision of using non-signature based technologies, including machine learning, in innovative ways to protect organizations against the most advanced forms of cyber-attack,” commented Anup Ghosh, founder and chief executive officer at Invincea. “X by Invincea represents a new generation in antivirus technology based on deep learning and behavioral monitoring. Joining forces with Sophos presents the perfect opportunity to take our proven, advanced technology to a global audience and make it part of a comprehensive synchronized security system. Sophos is leading the industry in adopting and bringing to market this disruptive new vision for complete, advanced, and integrated security, and we are delighted to join the team and help make it happen.”

Norm Laudermilch, chief operating officer and head of product development at Invincea added, “Invincea set out to disrupt the traditional approach to antivirus, and even now no single technology is enough to fully protect customers. I share the Sophos vision for bringing together a powerful ensemble of next-gen technologies to dramatically improve the overall effectiveness of endpoint protection. Along with our world-class technical team at Invincea, I’m looking forward to joining Sophos and helping deliver on this ambitious and exciting vision.”

The Invincea endpoint security portfolio including X by Invincea will continue to be supported and sold by Invincea and available via Invincea’s network of registered partners. Sophos has agreed to acquire Invincea from its current shareholders for a cash consideration of $100 million with a $20 million earn-out. Sophos will retain the company’s office in Fairfax. Invincea CEO Anup Ghosh and COO Norm Laudermilch will join Sophos in key leadership positions.

You can read the original article, here.

In 2013, organizations worldwide started to take insider threats seriously, thanks to a man named Edward Snowden. Yet, his is just one of many cases of authorized insiders who have caused damage – both intentionally and accidentally – to the organizations that trusted them.  From the Sage Group incident in the UK to the case of Harold Martin to, most recently, the IT admin who allegedly held a university’s email system hostage in exchange for $200,000, insider threats are a constant in today’s world.  What’s worse, these examples don’t even begin to touch on the 50 percent of breaches each year that are caused by inadvertent human error.

Today, CyberArk announced a new capability that helps organizations automatically detect and quickly respond to insider threats. The solution automatically records and analyzes all privileged users’ sessions to instantly identify high-risk activity and alert security teams to a potential incident before it’s too late. By automating this process and detecting threats faster, organizations can gain an opportunity to disrupt inside attackers – and careless users – before these incidents turn into costly, reportable breaches. Here’s how you can use this new capability to improve your insider threat detection, investigation and response processes:

Identify and define risks. Define the activities that are particularly high-risk in your organization, and customize your solution to alert you when these activities occur. The activities considered “high-risk” will likely differ from organization to organization, but if you’re not quite sure where to start, check out these recommendations as a starting point.

Track everything. When your privileged users access high-value systems, record everything they do. By tracking each and every action they take during privileged sessions, you’ll have a data stream that can be automatically analyzed. If something suspicious occurs, you’ll have a full video recording to review exactly what happened.

Automate threat detection. You don’t have the time to manually sift through session recordings to look for suspicious behavior – nor should you. Automate the review of privileged user sessions to detect high-risk activity as soon as it occurs.

Respond quickly. With the automated review of user activity, you can be alerted to potential insider attacks immediately. Once you see the alert, you can investigate the situation, watch the suspicious session if it’s still in-progress, and terminate the session to stop any further damage from occurring.

Prioritize audit review. Enable your auditors to be more effective. By applying risk indexes to recorded sessions, auditors can easily prioritize sessions for review, complete audits faster and deliver greater value to the business.

When it comes to threat detection, there is a lot of data you can analyze, but to protect your organization’s most sensitive assets, you need to focus on what matters most. By proactively analyzing privileged user activity on high-value assets, you can focus your efforts on your most sensitive users and information to gain prioritized, actionable alerts that can help you quickly detect and respond to attackers inside your network.

Read this eBook to learn who your insiders really are, and watch this whiteboard video to learn more about how the solution works.

You can read the original article, here.

Distributed denial of service (DDoS) attacks have been around since the early 2000’s, and the technology solutions for mitigating such attacks have evolved dramatically over the past few years. Hackers are more sophisticated, and the attacks are increasing, so the old solutions— which never worked perfectly—are even less effective in today’s cyber threat landscape.

Therefore, it’s surprising to see occasional articles that still recommend outdated approaches, such as remote black holing (also called null routing) to stop unwanted traffic. Hosting service providers sometimes try to block bad traffic by injecting a null route with the IP address of the original DDoS victim into their routing infrastructure, to block all DDoS traffic to the victim.

The problem with this approach is that it cannot tell the difference between bad traffic and good traffic; so it not only blocks all DDoS traffic, but it also blocks all good traffic, so it actually supports the DDoS attack against the original victim. If the upstream ISP null routes all good traffic-and-DDoS traffic into the ‘black hole’ it effectively takes the victim offline. This method of defense is simply not acceptable. Furthermore, because most DDoS attacks are highly spoofed, trying to null route on the source IP addresses is nearly impossible.

Modern DDoS mitigation technology effectively detects and blocks DDoS attacks at a granular level, even the low-threshold, sub-saturating attacks that escape human detention. Why block all traffic, when you can simply block the bad traffic, in real time? You can deploy an automated DDoS protection appliance at the network perimeter, and have always on, automatic detection and blocking of DDoS attacks so they never enter your network.

You can read the original article, here.

When most people hear about an “insider threat,” they often assume it’s a malicious employee who is either out to prove a point or trying to selfishly make a buck. Yet, as one startup learned last week, the real “insider threat” is often a well-intentioned person who, in the course of simply trying to do his or her job, accidentally causes something to go wrong.

Human error is a prevalent cause of accidents, which means IT and security teams should prepare accordingly to limit the resulting damage.  Here are a few steps organizations can take to limit the impact of accidental insider damage:

Control executables. Even the most security-aware users fall victim to spear-phishing attacks. By controlling what’s allowed to execute on your systems, you can block attackers’ malware from taking over devices and unknowingly exploiting legitimate user privileges.

Get rid of unnecessary privileges. In the case of GitLab, the team member who accidentally deleted a production database was, in fact, authorized to do so. Yet, too often that’s not the case. According to one recent survey, 91 percent of insiders have access to systems that they shouldn’t. If you can’t access it, you can’t break it.

Monitor user activity. Something about being watched by an authority figure encourages people to think twice about their actions. By recording all activity as users access sensitive IT systems, you can encourage your most privileged users to double check their work and discourage any foul play. This means fewer mistakes, fewer malicious actions and less damage to clean up.

Backup. Then backup some more. If IT teams learned one thing in 2016 (or “The Year of Ransomware” if you read the news), it’s that backing up sensitive data is an imperative. Whether an IT admin accidentally deletes an entire database or a cybercrime ring takes your servers hostage, backups are extremely handy. Just ask any of the companies who learned this lesson the hard way.

You can’t predict which users are accidentally going to damage your systems or fall victim to well- disguised attackers, but you can predict that these things will happen – and more than once. However, with some preparation, you can make sure that when these incidents occur the repercussions are minimal.

You can read the original article, here.

After posting an unprecedented and unbroken streak of perfect test scores in AV-TEST’s comparative test of Android security apps, Sophos Mobile Security added the AV-TEST Best Android Security Award 2016 to the AV-TEST Best Protection Award 2015 from last year.

For 14 consecutive tests, spanning all the way back to September 2014, Sophos Mobile Security has achieved a perfect 100% av-test-best-android-security-award-2016-sophosprotection score in AV-TEST’s comprehensive comparison of the top Android security and antivirus apps. To put this into perspective: Sophos Mobile Security has detected and blocked every single piece of malware that AV-TEST has attempted to throw at it, for more than two years.

In addition to getting a perfect protection score, the app also impressed AV-TEST with its features and usability: “The Android protection from Sophos offers superb malware detection, combined with well-devised security features,” said Andreas Marx, CEO of AV-TEST GmbH.

“Top scores, not only in the test category of protection, but also in terms of usability and a good selection of useful security functions, are among the impressive features offered by Sophos,” commented AV-TEST. The award validates SophosLabs’ efforts to increase testing accuracy this past year. Accuracy was already sharp, but the lab thought it could do better, said Onur Komili, third-party testing manager for infrastructure at Sophos.

“After falling just short of winning the top award in 2015 we knew we could do better, which is exactly what we did,” he said. “It’s been over two years since we last registered a false negative in the AV-Test Android Protection tests and we’re the only vendor who can make that claim. Through a lot of hard work and dedication across all of the team in SophosLabs we managed to close the gap and earned the Best Android Security Award in 2016. We’re very proud to have won this award for the first time and hope to earn many more in the years to come”.

Visit the AV-TEST website to read more about the award and check out the most recent test results. Learn more about the best mobile security product in 2016 and download Sophos Mobile Security for free here.

You can read the original article, here.

We’re excited to share that Sophos has been named a leader in the 2017 Gartner Magic Quadrant for Endpoint Protection Platforms.

We believe our leader placement confirms the quality of Sophos endpoint products and recognizes our ongoing technology innovation, exemplified by Sophos Intercept X.

Intercept X delivers powerful anti-exploit and anti-ransomware capabilities, together with advanced clean-up and root cause analysis tools.

It works both with Sophos Central-managed endpoint protection and also antivirus solutions from other vendors, enhancing protection against advanced, zero-day attacks.

Download the report today to learn more and see why Sophos is positioned as a leader.

Not long ago, and after being recognized by Gartner as a leader in seven consecutive Magic Quadrants for Mobile Data Protection, continued the success by being one of the vendors with the most comprehensive solution in the Gartner report, Market Guide for Information-Centric Endpoint and Mobile Protection.

You can read the original article, here.

Our mission at Sophos is to provide the best security solutions on the market and to make them easier to understand, deploy and manage than any of our competitors’ offerings.

From our continuous assessment of the threat landscape, two things are abundantly clear: first, that email is one of the most problematic sources of infection; and second, it’s the ordinary, well-meaning people who often let poisonous emails into their organizations.

It’s easy to be tricked into clicking on a malicious email. So wouldn’t it be great to create a culture where the first instinct of each user was to think twice — even if just for a moment — before clicking on links, downloading attachments or running software that arrived via email? Think of how many threats could be neutralized before they even have a chance to make their way on to corporate networks.

So we’re excited to be able to help create that culture by announcing Sophos Phish Threat, a phishing attack simulator that’s powerful, thoughtful and very easy to use. You’ll be up and running in minutes, with campaigns to help your users learn to spot phishing links, dangerous attachments, and bogus scripts meant to cripple your organization before they have a chance to do harm.

Simply choose a campaign type, select one or more training modules, pick a simulated phishing message, and decide which users to test. Then sit back as the results roll in: top-notch reporting tells you how many messages have been sent out, who’s clicked, and, of those, who’s gone through the required modules. It couldn’t be easier.

Sophos Phish Threat is the outcome of our worldwide hunt for the right technology to offer. That hunt led us to Silent Break Security and its Phish Threat application.

The simulator was developed by Brady Bloxham, the founder of the company, whose pedigree as a former National Security Agency analyst helped convince us that it’s a perfect fit alongside our other best-of-breed solutions in the Sophos Central Admin management console. Brady’s product and team are the perfect addition to the Sophos family and we’re delighted to have them join us.

Sophos Phish Threat is available today in North America and will be available soon in other regions. Give it a try for free and let us know what you think!

You can read the original article, here.

In recent weeks, the UK retail bank Lloyds was hit with a denial of service attack, which reportedly lasted for two days and attempted to block access to 20 million accounts. The attack was part of a broader DDoS campaign against an unspecified number of UK banks that only affected services at Lloyds, Halifax and Bank of Scotland. Availability of services was affected but no customers suffered any financial loss.  The attack has attracted significant media attention, being such a high-profile attack with far-reaching potential consequences.

Motive Behind DDoS Attacks on UK Banks

It has also now emerged that the attack was launched as part of a DDoS extortion strategy, which involved a hacker demanding around £75,000 ransom from the bank. An anonymous hacker reportedly told Motherboard that they contacted Lloyds on 11 January by email, informing the bank about security vulnerabilities, and demanded that they pay a ‘consultation fee’ in bitcoins to avoid being attacked. This element of the attack highlights important concerns regarding the evolution of ransom-related DDoS attacks and the threat they pose to businesses.

Increase in DDoS Attacks for Ransom

For some time now, attackers have been using DDoS attacks as part of a wider campaign of cyber threats and techniques, and the trend of ransom-related DDoS has been growing. In a 2016 study, we found that 80 percent of European IT security professionals expect their business to be threatened with a DDoS ransom attack during the next 12 months.

DDoS extortion campaigns are a common tool in the cyber-threat arsenal, and one of the easiest ways for an attacker to turn a quick profit. When service availability is threatened, the victim company needs to consider the potential loss in downtime, revenues and brand damage. When faced with these costly implications, you can understand why some organizations choose to pay the ransom in hopes of circumventing the attack. But in most cases, this is futile: the promise of withholding attacks after the payout is empty.

Corero’s research, which polled over 100 security professionals at the Infosecurity Europe conference in London, highlights the growing threat of cyber extortion attempts targeting businesses in the United Kingdom and continental Europe. In May 2016, the City of London Police warned of a new wave of ransom driven DDoS attacks orchestrated by Lizard Squad, in which UK businesses were told that they would be targeted by a DDoS attack if they refused to pay five bitcoins, equivalent to just over £1,500. Corero’s Security Operations Center also recorded a sharp increase in hackers targeting their customers with such demands at the end of 2015.

Even more concerning was the finding in the study that almost half of these IT security professionals (43%) thought that it was possible that their organization might pay such a ransom demand.

Effective DDoS Defense Methods

The only way for an organization to defend themselves against the DDoS threat, whether ransom-related or other, is to have an always-on, automated DDoS mitigation solution that detects and mitigates DDoS attack attempts instantaneously, even the low-threshold, short duration attacks—and stops them in their tracks. These low-level, sub-saturating DDoS attacks are often used as a precursor to ransom demands, because they are typically not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques. For this reason, full visibility across all potential network incursions is an essential part of any defense solution, as is the capability to respond in real-time in the event of an attack.

You can read the original article, here.

The Internet of Things (IoT) has been in the news lately for facilitating numerous DDoS exploits across the planet. A global non-profit think tank called the Online Trust Alliance (OTA) has published a paper entitled IoT, a vision for the future. It outlines how the IoT can grow and thrive, especially given that “users’ confidence that their data is secure and private is at an all-time low.” The paper lays out some of the unique challenges posed by securing the IoT and how the network of things can become more sustainable and protect users’ privacy.It is based on an OTA framework of interlocking trust relationships that was released earlier this year.

Securing the IoT is more complex than securing ordinary endpoints. The IoT has a collection of smart devices, such as webcams and Internet-connected printers, which run internal apps (such as web and FTP servers) and cloud services, all of which have their own vulnerabilities.

As the OTA report says, “Every facet and data layer is a potential risk and each data flow must be secured.” Second, building in security for IoT is not usually first and foremost in the minds of every app developer. This is what happened with the Chinese webcam vendor that was part of the botnet exploit mentioned at the beginning of this post. These vendors are usually more interested in having an app that could easily manage the numerous cameras around the world. Not to pick on this vendor, but this is the typical scenario. Most IoT devices are designed without security or privacy needs up front.

Finally, many IoT devices aren’t easily updated when it comes to operating systems or firmware or both. Some of these devices have been in use for more than a decade without any updates. Witness how many IoT devices make use of outdated Windows XP embedded OS, or run on XP hosts. As the OTA report states, “Unfortunately, while such solutions may ship secure, no degree of patching can address design limitations against unforeseen threats decades later.” OTA convened a cross industry working group with the vision to create an IoT Trust Framework, a voluntary self-regulatory model. (You need to be an OTA member in order to download the framework.) They worked with over 100 stakeholders and focused on 31 criteria covering the connected home, office and wearable technologies.

The framework looks at device security, using privacy by design principles, including transparency and device controls, adding lifecycle support and having data portability and transferability. The framework also includes such things as readily available and clearly stated privacy policies, disclosure by the device makers about personally identifiable data collected by each device, descriptions of what data is shared by the device and with whom, and the term and duration of data retention policies.

There are other matters such as forcing default passwords to be changed on first use and using SSL and HTTPS protocols by default. All of these are worthy practices for non-IoT devices too. The OTA framework is a good start at trying to stem the tide of potential IoT security weaknesses. Hopefully it will catch on and prevent future botnet-like exploits from happening.

You can read the original article, here.

According to official data, in 2016 alone, hackers have taken over $1 Billion in the form of ransoms from users trying to retrieve their files after being infected with ransomware.

Ransomware is the most successful malware attack today. It works by locking up your files and crippling your systems until you’ve handed over money. And, one of the biggest problems in the fight against ransomware is the constantly reinvented attacks.

Cybercriminals are finding new methods of spreading the malware, evading detection and even developing ransomware that deletes itself as soon as files are encrypted so that even IT security teams are unable to uncover what variant is on the system.

Ransomware has the potential to cause massive disruption to an organization’s productivity. So it’s vital to understand how to build the best possible defense against it.

The producers of ransomware aren’t just idly waiting for their bit of malware to hit its target. They work in professional teams, constantly updating and enhancing new variants of ransomware – and if you’re caught, the consequences can be severe.

So, with ransomware making headlines for all of the wrong reasons, the pressure is on to put together a top of the line defense.  Starting from scratch can be very tough and time consuming. Sophos can make it easier for you. What you can do? Head over to the Sophos Anti-Ransomware Hub and grab your free anti-ransomware toolkit.

Put together by security experts, the kit gives you great resources to help you better understand the ransomware threat, choose the best possible protection for your organization, and get your users up to speed on best security practices.

It includes:

• Anti-ransomware IT security checklist
• Whitepaper on how to stay protected against ransomware
• Posters for your workplace
• On-demand webinar and PowerPoint deck to help educate your users

You will find more information here.

Small- and medium-sized businesses (SMBs) are the backbone of the U.S. economy. According to data available in the U.S. Small Business Administration’s Small Business Profile for 2016, SMBs with fewer than 500 employees make up 99.7 percent of all U.S. companies and employ 56.8 million workers—48 percent of the U.S. workforce.

Cyber security is as important for these companies as it is for large multinationals. SMBs also have sensitive information from employees and customers, proprietary information about products, and they often are part of a global supply chain for other companies. Every business is a target, regardless of size, and none can afford to ignore the security of its IT infrastructure.

The SMB: lots of assets, limited resources

SMBs may assume they have little to interest hackers and therefore put cyber security on the back burner. We know this isn’t true. Hospitals, for example, hold sensitive health information and have networked medical devices at risk. Unfortunately, some learned the hard way with episodes of ransomware disrupting business and damaging reputations.

It is not just a company’s own information and systems that are at risk. SMBs have been the channel in high-profile breaches that compromised millions of records. The 2015 breach of a retail company in which data from 40 million customer credit card accounts were stolen and the U.S. Office of Personnel Management breach that exposed more than 20 million employee records are believed to have originated with credentials from third-party vendors. Attackers use a weak link in the supply chain to breach a larger target; they use the compromised credentials to escalate IT privileges and use privileged accounts to compromise critical systems.

Businesses today run on IT. This makes cyber security a business necessity as well as a technology requirement. A strong security program can not only protect a business’s assets, it can also give it a competitive advantage.

Although SMBs face the same cyber security challenges as large businesses, they often have fewer resources and little in-house expertise to address these challenges. This makes it important that they get the best return on their security investments by prioritizing the right things in their security programs.

The need to know

Cloud computing and hosted services can make advanced technology affordable, and SMBs often find it cost-effective to outsource many IT functions, including security. But at the end of the day, each business is still responsible for its own security. Owners and executives need to understand the basics of cyber security, know what their service providers are doing and what questions to ask of them.

Security needs will vary depending on circumstances. Each company must understand its attack surface—vulnerable areas in the IT environment that could breached to compromise systems—and the impact of each potential breach. By assessing the impact, vulnerabilities can be prioritized, so that the cyber security program focuses on the areas needed to manage risks.

The key to protecting an IT infrastructure is privileged accounts. These accounts, if compromised, can effectively turn an intruder into an insider, giving the attacker rights to move throughout the network, escalate privileges, change settings and configurations and access data. When allocating scarce cyber security resources, privileged accounts must be identified, assessed and prioritized.

A single standard for security

An SMB IT infrastructure may not be as complex as a global enterprise, but the benefits of a layered approach to cyber security applies to all. Additionally, there are documented best practices and basic cyber hygiene practices that should be followed.

Learn more about how CyberArk can help your organization protect privileged accounts.

You can read the original article, here.

SE Labs has just released its Q4 2016 testing results, and we’re pleased to report that Sophos Endpoint Protection scored high.

The results are a testament to Sophos Lab’s diligence in protecting customers against real-time malware threats that are constantly evolving.

The charts below, taken from the report, show how Sophos fared in the various SMB and Enterprise categories.

SMB category:

Enterprise category:

You can read the original article, here.

Sophos Home is a ‘lean, mean, virus-killing machine’ – that’s the verdict of Which?, and who are we to argue?

Which?, the highly regarded UK product testing magazine, placed Sophos Home in the #1 spot, ahead of Panda, Avast, and AVG. The publication gave Sophos Home 5 stars for performance, 5 stars for phishing, and 4 stars for ease-of-use. Which? had this to say about Sophos Home:

“Sophos Home is a lean, mean, virus-killing machine. For fuss-free peace of mind that doesn’t cost a thing, then definitely download it”.

“Sophos keeps things very simple. It’s a no-frills package that doesn’t cluster its interface with lots of details or complex options. Installation and setup is very easy. The software uses nice, clear messaging if it spots something suspicious”.

“The full function is very thorough. It found and destroyed pretty much every single virus we planted on our test PC…And if you’re concerned about getting taken in by online phishing scams, Sophos’s protection will give you peace of mind. Scam websites are flagged the moment you land on them”.

See how we compare to the other programs that were tested (paywall; account required). And, don’t forget, ensure your Windows PC is protected against the threats — download Sophos Home for FREE today!

You can read the original article, here.

Mac malware is on the rise. While Apple does provide system protection for MacOS Sierra, dangerous infections that can wreak havoc are consistently being developed and deployed by cybercriminals.

That’s why we created Sophos Home to protect every Mac in your home with business-grade security. To show you just what Sophos Home is made of independent testing lab AV-Test put it to the test, along with 11 other MacOS security tools.

Our free commercial-grade home security was able to detect 100 percent of the Mac malware the testing lab threw at it, placing us at the top of the pack! Plus, it fully removed all the malware samples.

Read the full report to find out how we did in all areas of the testing. And, most importantly, ensure your Mac stays ahead of the threats – download Sophos Home for FREE today!

You can read the original article, here.

We are excited to announce that we are introducing a new way of experiencing LogPoint! LogPoint Free is a completely free version of LogPoint, which lets you ingest up to 350 events per second (eps), from up to 10 nodes.

LogPoint Free provides full LogPoint functionality, access to support, Help Center and Community.

Free Extension

The LogPoint Free license runs for 90 days but can be extended for free upon request. You can also easily upgrade to a LogPoint license if needed.

Is LogPoint Free for you?

LogPoint Free is designed for you to get full access to the functionality of our proven LogPoint technology and the entire LogPoint and ecosystem. Whether you are testing the solution for your business, or simply have personal, ad hoc needs for search, analytics and visualization of data – LogPoint Free is for you.

What is included in LogPoint Free?

We like to keep things simple and transparent: Full functionality!

Some highlights of what’s included:

• Easily upgrade the license and keep all configured intelligence if you decide to upgrade
• Your favorite analytics tools: Search, Alerting, Reporting, Dashboards
• Unlimited number of users
• Access to the knowledgebase and selected applications
• Full access to our awesome community

What happens if…

350 eps refer to the amount of data you can add per second. If you go above the 350 eps, the events exceeding the limit will simply be dropped without any penalty to functionality. There is no limit on storage, which is only constrained by the supporting hardware. If you need more than 350 eps or 10 nodes, easily upgrade to a LogPoint license suited to your needs. Support is included with LogPoint Free, but please note that response time is “best effort.”

You can download LogPoint Free completely for free HERE – get running in less than 5 minutes!

You can read the original article, here.

Information security professionals recognize that cyber attackers will exploit endpoint vulnerabilities and then make a beeline for privileged credentials. As a result, organizations are evaluating how they can take steps to secure privilege on the endpoint as a fundamental part of their security program.

CyberArk Viewfinity has enabled organizations to reduce both the attack surface and the risk of information stolen or encrypted and held for ransom—all while achieving the right balance between productivity and security. To keep pace with the ever-evolving threat landscape, we unveiled new threat protection features this week: CyberArk Viewfinity is now available as CyberArk Endpoint Privilege Manager.

By interlocking three core capabilities: privilege management, application control and new  credential theft detection and blocking, CyberArk Endpoint Privilege Manager represents a combination of powerful technology, deep research and best practices to stop attackers from advancing beyond the endpoint and doing damage.

Key enhancements include:

• The ability to detect and block credential theft attempts by malicious users and applications, including Windows credentials, remote access application credentials and those credentials stored by popular web browsers for use with, for example, corporate network and cloud applications.
• New behavioral analytics to block and contain advanced threats targeting credential theft at the endpoint.
• The ability to block hash harvesting at the endpoint to prevent Pass-the-Hash, an attack leveraging stolen credentials.

The introduction of CyberArk Endpoint Privilege Manager comes on the heels of an FBI flash alert that recommends prioritizing credential protection, including implementing least privilege and restricting local accounts, to limit a threat actor’s ability to gain highly privileged account access and move throughout a network.

CyberArk Endpoint Privilege Manager is available now. For additional resources on detecting and containing cyber attacks while effectively balancing security and productivity, visit this page.

You can read the original article, here.

It is with pride and great pleasure that we have the opportunity today to launch our Threat Intelligence application!

With this application, we provide a simple and efficient module for providing contextual attack information to observations from sensor data in your network.

Context

The Threat Intelligence application sources data from best-in-class ProofPoint and the large collection of indicators from Critical Stack. With these sources ingested, LogPoint can analyse structured and unstructed data, alerting if any match between the known-bad indicators and collected enterprise data is identified.

The LogPoint taxonomy and technology stack allows for inspecting any type of collected data, regardless if it comes from your ERP platform, online collaboration platform, hosted Office365 or firewall/antivirus platform. If the data is in LogPoint – it can be correlated with the indicators of compromise.

Reduce Time to Detection

Enterprise log-data is valuable when analysed in and of itself. By correlating your internal data with indicators of compromise, seemingly innocent data can hint at a potential issue. With pre-canned analytics in the form of alert-rules, dashboards and data mappings running out of the box, the Threat Intelligence application is a turn-key application.

Want to Know More?

You can read more about how to get started and set up Threat Intelligence in this blog post.

We also suggest you sign up for our webinar on Threat Intelligence! It takes place December 1st, 2016. Read more about it here.

You can read the original article, here.