If you read the Sophos Blog, you will undoubtedly be aware of how our next-gen endpoint solution can protect you and your business. Sophos is really proud of Intercept X and genuinely believes it’s the best product of its kind out there.

However, we realise that you may want to hear independent opinions as well, which is why we’re pleased to share ESGs Lab’s report with you.

When carrying out the testing, Enterprise Strategy Group (ESG) observed Sophos Intercept X’s performance as well as its agility, usability and reliability in detecting and preventing genuine advanced threats and signatureless exploits.

The tests involved:

• Emailing a Word document containing real ransomware code from, what appeared to be, that user’s manager
• Launching a stack pivoting attack that employed an exploit in a PDF file
• Downloading a free report file from the Web, which also downloaded a second file that attempted to zip up the contents of ‘My Documents’ and upload them to a command and control site

And the verdict?

Sophos Intercept X has made excellent progress closing many of the endpoint security gaps that still exist for organizations worldwide.

But, don’t just take their word for it. Try Sophos Intercept X for free!

You can read the original article, here.

In 2016 alone, hackers have taken over $1 Billion in the form of ransoms from users trying to retrieve their files after being infected with ransomware.

Ransomware is the most successful malware attack today. It works by locking up your files and crippling your systems until you’ve handed over money.

And, one of the biggest problems in the fight against ransomware is the constantly reinvented attacks.

Cybercriminals are finding new methods of spreading the malware, evading detection and even developing ransomware that deletes itself as soon as files are encrypted so that even IT security teams are unable to uncover what variant is on the system.

This video digs deeper into the inner workings of ransomware, techniques employed by crooks to evade traditional technologies and how it malware can be stopped:

You can read the original article, here.

With Version 4.4.3, SEP sesam can now be considered one of the leading data backup solutions for VMware environments. With SEP sesam, the data of organizations and enterprises is protected 24/7 and always available. The new SEP sesam version 4.4.3 is one of the leading data protection solutions for VMware environments.

The new release supports:

1. The start of VMs directly from backup storage

2. VMs can be used immediately because no time is lost performing restores. VMware vMotion automatically moves productive VMs from backup storage to productive VMware storage during operations.

3. Backed-up VMDKs can be attached to productive VMs with Linux, Windows and Open Enterprise Server operating systems regardless of the platform.

4. Single file restore from CBT Full, Inc, and Diff backups

5. Instant recovery from CBT Full, Inc, and Diff backups

6. Single file restores and instant recoveries from deduplicated Si3 backups are also possible

7. SATA disks in addition to SCSI disks during backup and restore via the transport mode Hot-Add.

8. Full functionality is ensured for Linux backup servers and remote device servers.

9. We are looking forward to your participation.

SEP sesam supports a wide range of databases having some very important benefits:

The inaugural 2016 Security Excellence Awards by UK magazine Computing saw Sophos collect two industry prizes last night: SafeGuard 8 took the Data Encryption Award and Sophos XG Firewall won the Firewall Solution and UTM Award.

The ceremony was held in London in the shadow of the Shard, where the Sophos representatives enjoyed the somewhat surprising, albeit entertaining, performance of the skinny public-schoolboy-looking freestyle-rapping presenter, Chris Turner.

Out of the hundreds of companies shortlisted for the 21 awards, Sophos was one of very few companies to collect more than one prize on the night.

Sophos SafeGuard 8, its revolutionary next-gen Synchronized Encryption technology, was up against strong competition from companies including Covata, Vormetric and Cloudview. Sophos XG Firewall, with its ultimate firewall performance, security and control, faced heavy rivals including Barracuda and Panda.

Thanks to the solid efforts of the SafeGuard and XG Firewall product teams, once the dust settled and the freestyle rap had died down, there was only one winner in two of the top categories: Sophos.

All in all, we’re very pleased with our results in this first ever year of the Computing Security Excellence Awards, and we are looking forward to collecting many more prizes in years to come.

You can read the original article, here.

After being recognized by Gartner as a leader in seven consecutive Magic Quadrants for Mobile Data Protection, we continue our success by being one of the vendors with the most comprehensive solution in the new Gartner report, Market Guide for Information-Centric Endpoint and Mobile Protection.

This new report by John Girard of Gartner is the replacement for the now retired Gartner Magic Quadrant for Mobile Data Protection. It defines nine different methods for information-centric endpoint protection, ranging from basic device protection to comprehensive file-based protection methods.

Of the 18 representative companies discussed in the report, Sophos is one of only two companies that can provide a solution for every single method with Sophos SafeGuard and Sophos Mobile Control.

Sophos SafeGuard, with its always-on file-based Synchronized Encryption, will protect your files wherever they go, for example when shared across platforms, emailed, or uploaded to cloud-based storage. The secure container technology and personal information management (PIM) capabilities in Sophos Mobile Control provide secure collaboration everywhere, working across mobile devices without compromising security and preventing accidental data leakage.

We agree with Gartner that, considering that information is highly mobile in today’s world, data protection solutions can no longer be centered around full disk encryption but should instead account for the many ways that business information needs protection as it moves.

To find out what Gartner says about the Information-Centric Endpoint and Mobile Protection marketplace, download the complete Market Guide here.

You can read the original article, here.

Sophos a global leader in network and endpoint security, today announced that it has acquired Barricade, a pioneering start-up with a powerful behavior-based analytics engine built on machine learning techniques. The team and technology from Barricade will strengthen Sophos’ synchronized security capabilities and its next-generation network and endpoint protection portfolio.

The developers and data scientists at Barricade have created a technology platform that can significantly enhance the ability to identify malicious or suspicious behavior. Using machine learning and artificial intelligence, it extends the capabilities of rule-based detection technologies that will be increasingly challenged to keep up with the growth of sophisticated and complex attack patterns.

“Barricade has an impressive team of experts in data science and machine learning, and they share the Sophos vision for security made simple,” commented Bill Lucchini, senior vice president and general manager of the Cloud Security Group at Sophos. “Delivering advanced protection to partners and customers without adding layers of complexity is at the core of our product strategy. Enterprise-grade security should be available to all organizations, and the acquisition of Barricade will accelerate the next phase of synchronized security innovation across the Sophos Central management platform.”

Sophos is recognized as a leader in endpoint and network protection with a growing set of next-generation technologies that leverage behavior-based analytics, such as the signatureless threat and exploit detection and root cause analysis recently released in Sophos Intercept X.

“We share the same development philosophy as Sophos – IT security can be complex but managing security products shouldn’t be,” said David Coallier, CEO at Barricade. “We are proud of the technology we have built and are pleased to join the team at Sophos focused on artificial intelligence and machine learning based security analytics. Driving the development of our technology into a comprehensive security solution that every IT professional can use presents us with the next phase in our exciting journey.”

Sophos will maintain the offices in Cork, Republic of Ireland. Barricade CEO David Coallier and the team of developers, data scientists and engineers will join the Sophos Cloud group that reports into general manager and senior vice president of the Sophos Cloud Security Group, Bill Lucchini.

You can read the original article, here.

Sophos Central has integrated many of the products a business needs to stay secure. However, we realize that many organizations have products from multiple vendors and leverage a SIEM (security information and event management) to try to make sense of all the security events produced by all those disparate products.

With data flowing fast, IT teams face a big challenge when it comes to maintaining some semblance of coherent visibility into the vast amounts of information they’re constantly receiving from all their different vendor products.

In that spirit, we’re pleased to announce that SIEM integration has been added to Sophos Central. Whether you use Splunk, ArcSight, or any other major SIEM, you’ll find it easy to connect to Sophos Central. You’ll get real-time insight into the events and alerts for all your Sophos Central products. It’s one integration whether you’re using Endpoint Advanced, or Wireless, or our next gen endpoint, Intercept X, or Email protection, or Encryption… they all work together so it’s a single integration.

Setup couldn’t be easier. Take a look at this short demo video to get an idea of how to get SIEM integration up and running within your organization:

We put a lot of thought and hard work into our SIEM integration solution and we hope you enjoy its benefits as much as we enjoyed building it. With our recently released audit logs and RBAC features, SIEM integration is yet another step forward as we seek to improve the efficiency of IT teams large and small.

You can read the original article, here.

Ransomware has the potential to cause massive disruption to an organization’s productivity. So it’s vital to understand how to build the best possible defense against it.

The producers of ransomware aren’t just idly waiting for their bit of malware to hit its target. They work in professional teams, constantly updating and enhancing new variants of ransomware – and if you’re caught, the consequences can be severe.

But why are these attacks succeeding? How does a typical infection take place? And what security systems should an organization have in place to get the best possible defense?

How to Stay Protected Against Ransomware is a guide from Sophos designed to answer these key questions. Easy to follow and digest, it takes you through a typical attack, offers best security practices to implement, and details the security solutions that all organizations should be using.

It covers:

• The most common ransomware delivery methods
• How security holes and ransomware advances are driving attacks
• Nine best practice security tips to help you stay secure
• Critical security features that all organizations need

Download the FREE whitepaper now to arm yourself with the knowledge to stay safe against ransomware.

And, check out The End of Ransomware page at Sophos.com for everything you need to know to stop ransomware.

You can read the original article, here.

SEP’s Hybrid Backup and Disaster Recovery solution SEP sesam is especially well suited for heterogeneous IT infrastructures of any size. SEP sesam protects absolutely reliable any company data and supports all virtualization platforms, operating systems, applications and databases, up to SAP HANA, on physical machines and in virtual environments.

25 years of experience in the development of backup software, high quality and data protection standards and an attractive price-performance-ratio are just some of the facts about the numerously certified Backup and Disaster Recovery Solution SEP sesam.

With SEP sesam, the data of organizations and enterprises is protected 24/7 and always available. The new SEP sesam version 4.4.3 is one of the leading data protection solutions for VMware environments.

SEP sesam is ideal for every IT-environment. From small businesses up to major enterprises, SEP sesam supports all common operating systems, virtualization platforms, applications, databases and storage technologies. Secure enterprise-wide backups, restores, and disaster recoveries are extremely fast and easy to implement and to perform. SEP sesam’s multi-streaming technology allows simultaneous backups of an unlimited number of servers. The result is maximum speed performing restore-oriented backups.

Backing up your databases has never been easier as SEP sesam is able to back up the database and database instances directly to any storage media without intermediate storage on the file system. The database communicates directly with SEP sesam and the database management console provides a view of all available databases. SEP sesam supports a wide range of databases having some very important benefits:

• Disaster recovery is managed within SEP sesam GUI and is more easily controlled
• No file system overwrite caused by the redologs, which are deleted automatically after backup
• SEP sesam ensures data integrity in the event of a restore or recovery
• Full system (database) recovery or a point-in-time recovery options
• No file system overwrite; the backup does not take place on the client computer
• Prevents single point of failure with the backup server in a separate virtual backup location
• SEP sesam supports a wide range of databases, including: Oracle, MS SQL, IBM DB2, Informix SAP R/3, MaxDB and more

You can read the original article, here.

We’re pleased to announce the availability of Sophos Web Gateway – the easy-to-deploy, easy-to-trial web security solution – in additional regions, and there’s a significant update to the product interface coming at the end of November.

What’s new?

1. Sophos Web Gateway (Central Web Gateway Advanced) will be available in additional regions from 7 November.

2. A new, dedicated, product interface for Sophos Web gateway integrated into Sophos Central will be available from the end of November.

Where is it available?

Sophos Web Gateway is now available in all regions except Middle East and Africa.

How will the product interface change?

Sophos Web Gateway will have its own dedicated area within the Central interface towards the end of November. This update makes Web Gateway even more intuitive and easy to configure and manage.

You can learn about some of the great features and benefits that Sophos Web Gateway adds in the three-minute video below

Are there any limitations?

Customers must choose either the US or Ireland data center when enabling their Sophos Central account in order to use Sophos Web Gateway.

Sophos Web Gateway is not at present available from the Frankfurt data center. Once chosen, a Sophos Central account data center location cannot be changed. For customers using the Frankfurt data center who wish to use Sophos Web Gateway, the only option right now is to create a new Central account and choose either the US or Ireland data center. This is due to a limitation in the functionality of Amazon Web Services in the Frankfurt data center. The product team is working to resolve this with Amazon but there is no immediate timescale for this to be fixed.

Of course, if you prefer a hardware or virtual appliance, the new and improved Sophos Web Appliance provides an ideal alternative.

The innovation doesn’t stop here: the team is going to make some significant waves  next year with a hybrid Secure Web Gateway that will work like nothing else in the industry. Our next-generation Secure Web Gateway will offer a seamless migration path for both web appliance and Central customers, so your investment is protected whatever you choose today.

So, how are you protecting your mobile users against web threats? With Sophos Web Gateway you have the perfect Sophos Central answer.

You can read the original article, here.

They say you never get a second chance to make a first impression, but with the Sophos Web Appliance 4.3.0.1, we’re offering our customers a second 30-day trial of Sophos Sandstorm.

Try Sandstorm for a second time to see the value it can bring to your defenses against Ransomware, Advanced Persistent Threats (APTs) and unknown malware.

SWA 4.3.0.1 (now available) resets the Sandstorm trial state so that customers who have previously tried Sandstorm can run another trial to try out the great new features introduced in version 4.3.

With the much-requested file submission feature – added in SWA 4.3 – SWA administrators can quickly and easily submit a suspicious file using the SWA dashboard, by uploading the file or submitting a URL. A trial or full Sandstorm license is required for file submission.

What’s more, you can now select the data center to which you send files for analysis by Sandstorm – allowing customers to ensure that any data residency compliance requirements are met.

Getting started with Sandstorm in SWA is easy – watch the video below to see how…

If you need more information, there’s plenty on our dedicated Sandstorm page.

SWA customers will be updated through our standard staged process – beginning with the first 1% of deployments before moving on to the remaining appliances. You can read the release notes here.

You can read the original article, here.

The biggest ICT & Media Conference in SE Europe, widely regarded as the major annual meeting of all the digital market stakeholders, as well as all those using specialized tools and services in order to implement Digital Transformation, is not far away. It is quite clear that time has come for the real economy to take the reins of growth.

The market has entered a restructure era on its technological, investment and strategic orientation; there is no doubt that “digital bridges” are the only way-out towards new economy, the exit of the country from the fringe and the reclamation of lost competitiveness. The 18th InfoCom World, under the motto Digital Economy: The Highway of NGN, opens a most dynamic way to development! Information & Communication Technologies are the main components of infrastructure, services, products and content.

The main motto of the Conference, Digital Economy: The Highway of NGN, expresses in the best possible way what will be the next day in this market. The key word is speed – for that reason, the title of the first session is “NGN – Full Speed Ahead”. In this session, all available technologies will be presented along with the institutional and regulatory interventions needed. Clearly, in order for all that to succeed, investment is essential and that is the reason why the title of the second session of the Conference is “Digital Economy: Investing in Opportunities”.

The third session focuses on the executives which are called to implement the New Generation Networks revolution.  Greek managers are famous for their efficiency and high performance standards, when  working either locally or abroad. Which absolutely justifies the title “Digital Greece Worldwide: Α High Tech Society!”.

Finally, during the last session, the traditional “Leaders Summit” -this year under the title «New Generation Investments»- the leaders of the Greek ICT market will talk about the evolution of technology and the new, more demanding needs, requirements for new investments, collaboration schemes and synergies, co-exploitation and different distribution models which change the way to contact the final user. Institutional and regulatory interventions will also be examined, along with their footprint in the real economy.

The enterprise community, high-ranking executives in the fields of Telecommunications, Informatics and Media, CEOs, CIOs and IT Directors, Operation Managers, Data Center & Cloud Experts, Network Engineers, IT Strategists & Solution Architects, Manufacturers and Suppliers of Tech Equipment and Consumer Electronics, all of them are taking part in the upcoming InfoCom World Conference.

NSS, Sophos and CyberArk will have a strong presence in an Infocom conference with Sebastian Kaiser, Sales Engineer CEEMEA of Sophos and Bogdan Tobol, Regional Sales Executive – South-Eastern Europe of CyberArk.

Sebastian Kaiser, Sales Engineer CEEMEA, Sophos
13:00 – 14:45 2nd Session: Digital Economy: Investing in Opportunities

Workshop
Auditorium “NAOUSA” 11:15-12:30 “Privileges. The beginning”
Speaker: Bogdan Tobol

Privileges. The beginning.
Uncontrolled access to super-user and administrator accounts leads to unnecessary privileges and is one of the biggest challenges organizations face today.

Workshop
Auditorium “FLORINA” 10:00-11:15 “Sophos XG Firewall v16 technical workshop”
Speaker: Sebastian Kaiser

Sophos XG Firewall v16 technical workshop
Introduction to Sophos XG Firewall v16 that has just been released, providing a high-level technical understanding of the Sophos SFOS Operating System and the different XG modules. Analysis of the components including policies, system configuration, operational management along with basic troubleshooting.

Document exploitation is a well-known method of distributing malware in the malware community. A common theory for why crooks use booby-trapped documents is that victims can be more easily convinced to open document attachments than executables.

Word, Excel and PDF documents that contain so-called exploits – active booby-traps – have the added trick of not requiring their victims to manually enable macros, as is often the case for VBA downloaders.

The latest technical paper from SophosLabs explores why we’re seeing more document exploitation malware in the wild, and investigates the long-standing popularity of a document exploitation generator called Ancalog, which is widely commercially available.

It’s especially interesting to note that many of the vulnerabilities exploited by Ancalog were patched several years ago, often yielding poor results for the attackers. Nevertheless, the ease with which booby-trapped documents can be created with the Ancalog kit has made it the attack tool of choice for many cybercriminal organizations in Russia and Nigeria targeting Asian and African nations.

These cybercrime groups have been using this method steadily over the past two years, and there is no sign that they intend to give up. The ready availability of exploit creation tools in the cyber-underground has opened up document exploitation to a wide range of criminals, and Ancalog is the most popular of these tools nowadays.

Of course, the dependence of criminals on commercial tools like Ancalog that rely on old exploits is a disadvantage for the crooks and an advantage to the defenders. Ancalog doesn’t use zero-day exploits or even exploits that could be considered as new. Even the freshest exploit in its arsenal was fixed over a year ago, with the most commonly used security holes being from 2010 and 2012.

In other words, just applying current patches for Microsoft Office should disarm Ancalog attacks.

Read this new Sophos technical paper to gain a deeper understanding of Ancalog and how it is used by cybercriminals to deploy document exploitation attacks.

You can read the original article, here.

Make no mistake, your organization is a target – do you have an effective security program in place to detect and contain the damage of an attack? With nearly daily headlines about cyber attacks, it’s imperative that organizations understand the role privileged accounts play in the attack life cycle. 

If privileged credentials are not properly managed and protected, business leaders should be prepared to deal with the aftermath of a crippling breach.

Consider the role of privilege in the following scenarios:

• Ransomware Attacks: For many reasons, phishing is a popular attack strategy, and often the phishing emails that target employees with direct (or indirect) access to privileged accounts contain sophisticated malware, such as ransomware.

• Insider Threats: According to industry reports, it takes about 146-170 days to detect an in-progress attack. That’s plenty of time for a malicious insider with access to authorized, privileged accounts (or an external attacker that appears as a legitimate insider) to do real damage.
• Cloud Adoption: The fast-paced migration to the cloud and surge in automation tools comes with an increasing number of privileged accounts within IT infrastructures. This expands the potential attack surface exponentially.

These are just a few reasons why the first and most critical step in executing an effective, layered defense is to prevent the theft and exploitation of privileged credentials—across endpoints, servers and domain controllers, on-premises or in the cloud. Without these credentials, an attacker’s ability to move across the network is blocked. And if you block privilege escalation, you block the attack.

Check out our infographic for more information on the role of privileged accounts in the attack lifecycle, and learn why now is the time to give privileged account security the priority it deserves.

You can read the original article, here.

Sophos  today announced it has been positioned as a ‘Leader’ in Forrester Research, Inc.’s new report, The Forrester Wave: Endpoint Security Suites, Q4 2016. Recognizing that Sophos received the highest scores in the Strategy category, Forrester refers to Sophos Endpoint Protection as delivering “the most enterprise-friendly SaaS endpoint security suite.”

The report cites that “buyers will appreciate its intuitive administrative interface along with the flexibility and scalability required for most enterprise deployments, both large and small.” Forrester also found that overall Sophos customers report a “high level of satisfaction with the product’s effectiveness.”

Forrester evaluated 15 vendors against 25 criteria and categorizes vendor capabilities into three core needs: attack prevention, detection and remediation. The report recommends that before purchase, customers should consider a vendor’s ability to specifically:

• Detect malicious activity post-execution
• Prevent malware and exploits from executing
• Remediate and contain malicious activity and potential vulnerabilities

The report included vendors who have products with the above capabilities and have demonstrated an enterprise market presence with a high-level of interest for their solutions from enterprise customers.

In the report, Forrester also assesses a vendor’s strategy. Sophos scored a maximum rating across the board in the cost and licensing model, product roadmap and go-to-market strategy criteria. Forrester cites, “In a field crowded with both new and legacy endpoint security technologies, Sophos’ roadmap to develop strong signatureless prevention and detection capabilities…should make the product highly competitive over the long term.”

Sophos Intercept X is a next-generation endpoint security product that stops zero-day malware, unknown exploit variants and stealth attacks and includes an advanced anti-ransomware feature that can detect previously unknown ransomware within seconds. Sophos Intercept X installs alongside existing endpoint security software from any vendor, immediately boosting endpoint protection with signatureless detection. Sophos Intercept X is now available and more information can be found on the Sophos Intercept X website.

“This study assesses both traditional and next-generation security vendors against consistent criteria. The placement of Sophos on the strategy axis to the extreme right indicates to us that Sophos is taking the lead by adding next-generation technologies to our proven endpoint protection portfolio,” commented Dan Schiappa, senior vice president and general manager of the Enduser Security Group at Sophos. “I believe that our position as a ‘Leader’ in this report is a testament to Sophos’ continued ability to assess the dynamic security landscape and listen to our customer needs to develop effective endpoint security products that exceed expectations for protection and manageability. I am proud that our customers benefit from our industry-leading technology, our strategy for both on-prem and SaaS deployment through the Sophos Central cloud-based management platform and our ability to consistently bring innovative security products to organizations of all sizes.”

To download the Forrester Wave: Endpoint Security Suites, Q4 2016, please visit the Sophos website.

You can read the original article, here.

We’re pleased to announce the latest release of Sophos Web Appliance 4.3, which adds improved Sophos Sandstorm capabilities and completely updates the underlying Sophos Web Appliance operating system to a new improved kernel.

If you’re not familiar with Sophos Sandstorm, it gives your organization an extra layer of security to defend against fast-moving, targeted attacks, like ransomware, Advanced Persistent Threats (APTs) and newer, unknown malware.

Since its release, Sandstorm has become immensely popular with our customers, so we’re pleased to announce new features that makes Sandstorm even more powerful.

Submit suspicious files to Sandstorm through the Sophos Web Appliance dashboard

In response to customer requests, Sophos Web Appliance (SWA) 4.3 now has a file submission feature. With this, a SWA administrator can quickly and easily submit a suspicious file to Sandstorm using the SWA dashboard, just by uploading the file or submitting a URL. A valid Sandstorm license is required for file submission.

Here’s how easy it is:

Submit your file to Sandstorm in the dashboard:

You’ll then see a Sandstorm file submission confirmation page:

You’ll then see the Sandstorm activity result:

Comply with data residency requirements by choosing your Sandstorm data center location

In addition to the new file submission feature, you can also select the data center where you want to send files for analysis via Sandstorm to ensure that any data residency compliance requirements you may have are met.

Additional enhancements

• Numerous performance, stability and security fixes as part of the core OS upgrade.
• Removal of redundant support for YouTube for Schools, which Google has recently disabled.
• Administrators can receive email notifications if a Sandstorm submission turns out to be malicious after a user has downloaded it.
• Policy-based blocking of additional potentially dangerous file types, including Windows Scripts, Windows System Files, HTML applications.
• Support for using TLS 1.2 for all Sandstorm communications.

Please note: Soon Sandstorm reports will only be able to be retrieved via TLS 1.2. If you are running Sandstorm on V4.2.x, you should upgrade as soon as available to prevent loss of access to the Sandstorm reports through the dashboard. A valid full or trial Sandstorm license is required to enable Sandstorm in Sophos Web Appliance.

There’s lots to see in the new release of Sophos Web Appliance and Sandstorm. You can find out more here.

You can read the original article, here.

Sophos is the same as any other business – we need to keep our employees (and the company) safe, while at the same time we need to give people the freedom to do their jobs.

Our employees want to be helpful, perform well, and give good support to their co-workers, clients and customers. But good nature is exploitable and it’s those easy-to-exploit characteristics that social engineers seek to tap into.

As an attacker, it’s usually easier to try and push past a human than to try and push past a machine. Unless we understand the tactics and techniques of cybercriminals, people may well fall prey to attacks and put the company at risk at the same time.

The best defense for social engineering attacks is a combination of good controls and an awareness program – start with a good, simple, human readable policy and then base training and awareness campaigns around that.

Who you gonna call?

Staff need a single point of contact – it’s vital for people to know they have a specific person or team that they can ask for help from, escalate issues to, or double check something with – no matter how small they think it is.

Remember, the biggest incidents start with the smallest of indicators. We advertise this point of contact through everything we produce for staff – whether it’s an email from HR, a poster in the coffee area or a presentation we give to employees.

Education through awareness

At Sophos we run an internal education campaign called ‘7 deadly sins of security’. This educates employees on basic security topics, including phishing, passwords, scanning and sharing documents.

Our latest campaign, ‘Don’t let your data get ripped – Encrypt!’, coincided with the full launch of our SGN 8 file-level encryption product.

Through this internal education campaign, staff are informed of particular risks and can learn how to combat them through blog posts, banners, and posters throughout the offices.

Not just for new joiners

Security training and awareness shouldn’t just be something to bulk up a new starter’s welcome pack and then left alone forever more. Nor should it be routinely rolled out just to tick a compliance box.

Beginning at the on-boarding stage with simple policy, this training should be a continuous process, delivered through numerous methods to keep staff engaged and informed.

Phishing

One of the techniques we use to build awareness is phishing testing, and we continuously test our co-workers against this type of threat. Based on real phishing threats we receive as a security team, our tests have a good call-to-action with domains that resemble our own. We generally run one a month, and anyone who gets caught out gets some instant automated training explaining what to look out for and why.

With any suspected phishing (whether it’s a test from us or the real deal), we actively encourage staff to send possible threats to the security team as soon as they see them – ideally before their first click.

To encourage this, we have clear and simple paths for reporting phishing, including an Outlook button to escalate directly to the team. This is the most straightforward way of being able to proactively defend against this threat.

Protect those passwords

We also have an active password audit program. We enforce large passwords and encourage the use of password managers, as well as check staff passwords and crack any of them that are deemed too simple. Any users with poor passwords get to re-visit our password education campaign.

That’s not everything

This is just a small subset of how we build a security culture. The main thing to remember is that it should be constant, not just a check box.

Security awareness is fine; security culture is where it’s at.

You can read the original article, here.

The firewall team has been working furiously over the last several months on the latest release of XG Firewall and, after an extensive beta, we’re really pleased to announce that XG Firewall v16 is available now. This release is a major update that includes over 120 new features and enhancements across all areas of the firewall.

It’s easier to use, with new navigation, enhanced logging and troubleshooting tools, and streamlined workflows. It’s more powerful, with new policy tools that make it easy to build sophisticated web, email, and routing policies custom tailored to your needs.

It’s got more innovative, with new Synchronized Security features like dynamic app identification and new Security Heartbeat options that improve protection, response, and visibility into what’s happening on your network.

There’s a complete list of new features below, but you’ll probably prefer to see what’s new first hand: watch the full 8-minute overview video of all the major new features or see the highlights in just two minutes.

How to get it

The new XG Firewall v16 firmware is being rolled out automatically to customer systems, so keep an eye open for the firmware update notification in your firewall. However, if you’re eager to install the update sooner, you can download the firmware update from from the Community Forums (and later via MySophos) and apply it anytime. Watch this video that explains how to update your firmware.

If you’re new to XG Firewall, you can see what all the buzz is about here and you can also sign up for a 30-day free trial.

Tell us what you think

Many of the enhancements in v16 are the result of your feedback and input – so thank you very much for your help in making this a great release! But please don’t stop there. Let us know what’s on your mind by stopping by the XG Firewall Community Forums.

Need help? Have questions? Our Community has the answers.

The XG Firewall Community is also the perfect place to get all your questions answered and is staffed by members of our technical engineering team as well as some very knowledgeable expert members. There’s tons of useful content in the Knowledge Base and, soon, the new How-to Library as well (stay tuned for more on that). I think you’ll be impressed with the quality and quantity of content available there.

What’s new

Control Center and navigation

• Enhanced Control Center widgets: Several widgets have improved flip-card views or drill-down results including Reports, Interfaces, and Security Heartbeat.
• Navigation: Left navigation has been expanded to improve access and gain consistency with Sophos Central. Menu items are grouped logically on the left side by task or activity. Second level navigation is now tab-based, enabling quicker two-clicks-to-anywhere access to the most frequently used configuration options. (Note: final tab layout and organization is still being worked on for a subsequent beta build.)

Firewall, network and device configuration

• NAT business rule creation: Improved DNAT, Full NAT, and server load balancing rule creation.
• Firewall to firewall RED tunnels: Site-to-site RED tunnel support.
• Cloning: Enables easy cloning of existing firewall rules, objects and policies.
• Firewall hostname: You can now assign a custom hostname to your firewall.
• Policy routes: Route select traffic to a custom gateway based on source, destination or layer-4 service.
• Country filtering improvements: Streamlined implementing country or continent-based filtering in firewall rules.
• DHCP server and relay: Support for concurrent DHCP Server and Relay configurations at the same time.

Authentication and diagnostics

• Direct live log viewer access: Open the live log viewer in a separate window directly from the Control Center using the magnifying glass at the top of any screen.
• Two-factor authentication: Improved access security with support for OATH-TOTP one-time passwords directly on the firewall, eliminating the need for a separate 2FA solution. Support for IPSec, SSL VPN, User Portal, and WebAdmin access. We recommend using the free Sophos Authenticator app for iOS and Android.
• STAS (Sophos Transparent Authentication Suite) UI: STAS configuration has been added to the GUI enabling easy setup without requiring the CLI.
• Live log viewer enhancements: An improved live log viewer which conveniently opens in a new window, with a 5-second refresh option, color-coded log lines, and the option to activate packet capture.

Web and email protection

• New anti-spam features (HELO/RDNS): Added anti-spam technology to identify non-legitimate mail sending servers.
• Email per-domain routing: Route incoming mail to the correct destination server, based on the target domain.
• Creative Commons enforcement: Reduce the risk of exposure to inappropriate images by enforcing search engine filters for content with a Creative Commons license.
• Unscannable content handling: Options to allow or block content that cannot be scanned due to encryption or containers.
• Redesigned web policy model: Flexible new user and group policy creation and in-line editing tools with inheritance that make web policies more intuitive and easy to maintain while dramatically reducing firewall rule count in many situations.
• Warn action: A new web filtering action in addition to Block or Allow that enables users to proceed to websites only after acknowledging a warning that the site belongs to an inappropriate or undesirable category. This option can be ideal in situations where user education, awareness, and monitoring is desired without strictly prohibiting access.
• Google Apps control: Limit access to a selected Google Apps domain to reduce the risk of data loss from users transferring documents to their personal Google Apps.
• External URL lists: Import external URL lists that require enforcement in certain organizations or jurisdictions.
• Full email MTA – store and forward support: Enable business continuity, allowing the firewall to store mail when target servers are unavailable.
• Email SPX Encryption reply portal: Enable recipients of SPX encrypted emails generated by the firewall to reply securely using a portal on the firewall to draft and send a response.

Synchronized Security

• Real-time application visibility: Enables the firewall to solicit information from the endpoint to determine the application responsible for generating uncategorized network traffic. This is valuable for gaining insights into network traffic that is unrecognized by other firewall solutions.
• Missing Security Heartbeat: Enables the firewall to detect when a previously healthy Endpoint is generating network traffic with a missing Security Heartbeat and automatically identify the system and respond. This may be an indication that the endpoint AV has been tampered with or disabled.
• Destination-based Security Heartbeat: Enables the firewall to limit access to destinations and servers based on the status of their Heartbeat, further bolstering protection from potentially compromised systems until they can be cleaned up. Combined with regular Heartbeat policy enforcement, this can effectively isolate a compromised system completely – both inbound and outbound.

Deployment and hardware

• AP 15C support: Adds support for the entry-level AP 15C ceiling mount access point.
• Improved Security Audit Report: Improved layout, presentation and information for the customer facing Security Audit Report provided after a TAP-mode or Inline-mode Proof-of-Concept deployment.
• Microsoft Azure platform support: Support for deployment in Microsoft Azure as a preconfigured virtual machine from the Microsoft Azure Marketplace with pay-as-you-go or bring-your-own-licensing (BYOL) options.
• High availability enhancements: HA support for configurations using dynamic (DHCP/PPPoE) interfaces.
• RED 15w support: Adds support for the RED 15w with integrated wireless.
• 4x10G 4-Port Flexiport module support for 1U XG Series appliances

Issues addressed

• Open issues addressed: In addition to new features, this release has closed hundreds of open issues identified since the release of v15 across all areas of the product. Check the release notes for details.
• Vulnerabilities addressed: A number of vulnerabilities have also been closed with this release, improving the security of your Firewall

What’s next

Now, of course, we’re not done yet by any means. There’s still lots of great things we want to do, but I think you’re going to love the improvements in this release so I encourage you to check it out.

You can read the original article, here.

According to a variety of industry reports, cyber security spending is measured in Billions of dollars, and it’s projected to grow – driven by a number of market factors including cloud, mobile, IoT and other “elements of digital business.”

But as organizations move quickly to shore up their security systems, motivated attackers continue to innovate and evolve their tactics just as rapidly. From sophisticated phishing attacks, software flaws and reverse-engineering, to protocol analysis, misuse of cryptography, side-channel attacks and even attacks on physical security measures, attackers often have little trouble getting into an organization’s network. Remember – attackers are patient – always looking for a crack to enter enterprise networks.

This is one reason why layered security is critical – ideally including proactive controls such as encryption and detection systems to identify malicious behavior. Yet security systems can be largely ineffective without privileged account security in place as a safeguard.

Think of it this way: privileged accounts are embedded within every piece of security, database and network technology – used for installation and management. As such, they represent a gateway into your organization’s most valuable assets. If you deploy a million dollars’ worth of next-gen firewalls but don’t secure their privileged accounts, an attacker can obtain those credentials and go right through your firewall. Attackers are experts in spotting “cracks,” including small vulnerabilities that only exist for a few hours. Even the smallest “crack” of one stolen credential can be enough to make your million-dollar firewall investment nearly worthless—or worse, take down your entire organization.

Today’s reality is that the IT infrastructure is not fully protected unless privileged accounts and their credentials (accessed by both humans AND applications) are secured.

To maintain the credibility and efficacy of your security solutions, put privileged account security in place before you deploy any other security controls or detection solutions. For other reasons to prioritize privileged account security today, download our new At-a-Glance Guide.

You can read the original article, here.

Cab rides, airport security, busy cafes, hotel rooms, airplanes; all can be very treacherous places for laptop computers. Each year, millions of laptops are lost, stolen or simply left behind, with many of them containing important and sensitive data.

Full-disk encryption is the essential first line of defense for protecting data in any of these events and, plainly speaking, it should be used for all business computers.

Traditionally, the catch with full-disk encryption has been that in order to use it efficiently across an organization, a bit of effort is needed: data protection policies need to be created, management servers must be installed, key recovery processes need to be put in place, users have to be trained, and so on.

We figured you don’t have time for all that, so let’s make it simple: We’re very excited to announce Sophos Central Device Encryption, which is our full-disk encryption for Windows managed from Sophos Central – our single, integrated, web-based administration interface.

Sophos Central Device Encryption offers a three-click policy setup, no key management servers to install, compliance and reporting features, and self-service key recovery for your users. It’s the easiest way to manage BitLocker encryption for all your Windows users.

With installation and setup done in minutes, it’s an extremely powerful addition to your data protection strategy.

Why not see for yourself? Take Sophos Central Device Encryption for a spin today with a free 30-day trial.

Read more about Sophos Central Device Encryption here or see it in action below.

You can read the original article, here.