We’re pleased to announce the availability of Sophos Web Gateway – the easy-to-deploy, easy-to-trial web security solution – in additional regions, and there’s a significant update to the product interface coming at the end of November.

What’s new?

1. Sophos Web Gateway (Central Web Gateway Advanced) will be available in additional regions from 7 November.

2. A new, dedicated, product interface for Sophos Web gateway integrated into Sophos Central will be available from the end of November.

Where is it available?

Sophos Web Gateway is now available in all regions except Middle East and Africa.

How will the product interface change?

Sophos Web Gateway will have its own dedicated area within the Central interface towards the end of November. This update makes Web Gateway even more intuitive and easy to configure and manage.

You can learn about some of the great features and benefits that Sophos Web Gateway adds in the three-minute video below

Are there any limitations?

Customers must choose either the US or Ireland data center when enabling their Sophos Central account in order to use Sophos Web Gateway.

Sophos Web Gateway is not at present available from the Frankfurt data center. Once chosen, a Sophos Central account data center location cannot be changed. For customers using the Frankfurt data center who wish to use Sophos Web Gateway, the only option right now is to create a new Central account and choose either the US or Ireland data center. This is due to a limitation in the functionality of Amazon Web Services in the Frankfurt data center. The product team is working to resolve this with Amazon but there is no immediate timescale for this to be fixed.

Of course, if you prefer a hardware or virtual appliance, the new and improved Sophos Web Appliance provides an ideal alternative.

The innovation doesn’t stop here: the team is going to make some significant waves  next year with a hybrid Secure Web Gateway that will work like nothing else in the industry. Our next-generation Secure Web Gateway will offer a seamless migration path for both web appliance and Central customers, so your investment is protected whatever you choose today.

So, how are you protecting your mobile users against web threats? With Sophos Web Gateway you have the perfect Sophos Central answer.

You can read the original article, here.

They say you never get a second chance to make a first impression, but with the Sophos Web Appliance 4.3.0.1, we’re offering our customers a second 30-day trial of Sophos Sandstorm.

Try Sandstorm for a second time to see the value it can bring to your defenses against Ransomware, Advanced Persistent Threats (APTs) and unknown malware.

SWA 4.3.0.1 (now available) resets the Sandstorm trial state so that customers who have previously tried Sandstorm can run another trial to try out the great new features introduced in version 4.3.

With the much-requested file submission feature – added in SWA 4.3 – SWA administrators can quickly and easily submit a suspicious file using the SWA dashboard, by uploading the file or submitting a URL. A trial or full Sandstorm license is required for file submission.

What’s more, you can now select the data center to which you send files for analysis by Sandstorm – allowing customers to ensure that any data residency compliance requirements are met.

Getting started with Sandstorm in SWA is easy – watch the video below to see how…

If you need more information, there’s plenty on our dedicated Sandstorm page.

SWA customers will be updated through our standard staged process – beginning with the first 1% of deployments before moving on to the remaining appliances. You can read the release notes here.

You can read the original article, here.

The biggest ICT & Media Conference in SE Europe, widely regarded as the major annual meeting of all the digital market stakeholders, as well as all those using specialized tools and services in order to implement Digital Transformation, is not far away. It is quite clear that time has come for the real economy to take the reins of growth.

The market has entered a restructure era on its technological, investment and strategic orientation; there is no doubt that “digital bridges” are the only way-out towards new economy, the exit of the country from the fringe and the reclamation of lost competitiveness. The 18th InfoCom World, under the motto Digital Economy: The Highway of NGN, opens a most dynamic way to development! Information & Communication Technologies are the main components of infrastructure, services, products and content.

The main motto of the Conference, Digital Economy: The Highway of NGN, expresses in the best possible way what will be the next day in this market. The key word is speed – for that reason, the title of the first session is “NGN – Full Speed Ahead”. In this session, all available technologies will be presented along with the institutional and regulatory interventions needed. Clearly, in order for all that to succeed, investment is essential and that is the reason why the title of the second session of the Conference is “Digital Economy: Investing in Opportunities”.

The third session focuses on the executives which are called to implement the New Generation Networks revolution.  Greek managers are famous for their efficiency and high performance standards, when  working either locally or abroad. Which absolutely justifies the title “Digital Greece Worldwide: Α High Tech Society!”.

Finally, during the last session, the traditional “Leaders Summit” -this year under the title «New Generation Investments»- the leaders of the Greek ICT market will talk about the evolution of technology and the new, more demanding needs, requirements for new investments, collaboration schemes and synergies, co-exploitation and different distribution models which change the way to contact the final user. Institutional and regulatory interventions will also be examined, along with their footprint in the real economy.

The enterprise community, high-ranking executives in the fields of Telecommunications, Informatics and Media, CEOs, CIOs and IT Directors, Operation Managers, Data Center & Cloud Experts, Network Engineers, IT Strategists & Solution Architects, Manufacturers and Suppliers of Tech Equipment and Consumer Electronics, all of them are taking part in the upcoming InfoCom World Conference.

NSS, Sophos and CyberArk will have a strong presence in an Infocom conference with Sebastian Kaiser, Sales Engineer CEEMEA of Sophos and Bogdan Tobol, Regional Sales Executive – South-Eastern Europe of CyberArk.

Sebastian Kaiser, Sales Engineer CEEMEA, Sophos
13:00 – 14:45 2nd Session: Digital Economy: Investing in Opportunities

Workshop
Auditorium “NAOUSA” 11:15-12:30 “Privileges. The beginning”
Speaker: Bogdan Tobol

Privileges. The beginning.
Uncontrolled access to super-user and administrator accounts leads to unnecessary privileges and is one of the biggest challenges organizations face today.

Workshop
Auditorium “FLORINA” 10:00-11:15 “Sophos XG Firewall v16 technical workshop”
Speaker: Sebastian Kaiser

Sophos XG Firewall v16 technical workshop
Introduction to Sophos XG Firewall v16 that has just been released, providing a high-level technical understanding of the Sophos SFOS Operating System and the different XG modules. Analysis of the components including policies, system configuration, operational management along with basic troubleshooting.

Document exploitation is a well-known method of distributing malware in the malware community. A common theory for why crooks use booby-trapped documents is that victims can be more easily convinced to open document attachments than executables.

Word, Excel and PDF documents that contain so-called exploits – active booby-traps – have the added trick of not requiring their victims to manually enable macros, as is often the case for VBA downloaders.

The latest technical paper from SophosLabs explores why we’re seeing more document exploitation malware in the wild, and investigates the long-standing popularity of a document exploitation generator called Ancalog, which is widely commercially available.

It’s especially interesting to note that many of the vulnerabilities exploited by Ancalog were patched several years ago, often yielding poor results for the attackers. Nevertheless, the ease with which booby-trapped documents can be created with the Ancalog kit has made it the attack tool of choice for many cybercriminal organizations in Russia and Nigeria targeting Asian and African nations.

These cybercrime groups have been using this method steadily over the past two years, and there is no sign that they intend to give up. The ready availability of exploit creation tools in the cyber-underground has opened up document exploitation to a wide range of criminals, and Ancalog is the most popular of these tools nowadays.

Of course, the dependence of criminals on commercial tools like Ancalog that rely on old exploits is a disadvantage for the crooks and an advantage to the defenders. Ancalog doesn’t use zero-day exploits or even exploits that could be considered as new. Even the freshest exploit in its arsenal was fixed over a year ago, with the most commonly used security holes being from 2010 and 2012.

In other words, just applying current patches for Microsoft Office should disarm Ancalog attacks.

Read this new Sophos technical paper to gain a deeper understanding of Ancalog and how it is used by cybercriminals to deploy document exploitation attacks.

You can read the original article, here.

Make no mistake, your organization is a target – do you have an effective security program in place to detect and contain the damage of an attack? With nearly daily headlines about cyber attacks, it’s imperative that organizations understand the role privileged accounts play in the attack life cycle. 

If privileged credentials are not properly managed and protected, business leaders should be prepared to deal with the aftermath of a crippling breach.

Consider the role of privilege in the following scenarios:

• Ransomware Attacks: For many reasons, phishing is a popular attack strategy, and often the phishing emails that target employees with direct (or indirect) access to privileged accounts contain sophisticated malware, such as ransomware.

• Insider Threats: According to industry reports, it takes about 146-170 days to detect an in-progress attack. That’s plenty of time for a malicious insider with access to authorized, privileged accounts (or an external attacker that appears as a legitimate insider) to do real damage.
• Cloud Adoption: The fast-paced migration to the cloud and surge in automation tools comes with an increasing number of privileged accounts within IT infrastructures. This expands the potential attack surface exponentially.

These are just a few reasons why the first and most critical step in executing an effective, layered defense is to prevent the theft and exploitation of privileged credentials—across endpoints, servers and domain controllers, on-premises or in the cloud. Without these credentials, an attacker’s ability to move across the network is blocked. And if you block privilege escalation, you block the attack.

Check out our infographic for more information on the role of privileged accounts in the attack lifecycle, and learn why now is the time to give privileged account security the priority it deserves.

You can read the original article, here.

Sophos  today announced it has been positioned as a ‘Leader’ in Forrester Research, Inc.’s new report, The Forrester Wave: Endpoint Security Suites, Q4 2016. Recognizing that Sophos received the highest scores in the Strategy category, Forrester refers to Sophos Endpoint Protection as delivering “the most enterprise-friendly SaaS endpoint security suite.”

The report cites that “buyers will appreciate its intuitive administrative interface along with the flexibility and scalability required for most enterprise deployments, both large and small.” Forrester also found that overall Sophos customers report a “high level of satisfaction with the product’s effectiveness.”

Forrester evaluated 15 vendors against 25 criteria and categorizes vendor capabilities into three core needs: attack prevention, detection and remediation. The report recommends that before purchase, customers should consider a vendor’s ability to specifically:

• Detect malicious activity post-execution
• Prevent malware and exploits from executing
• Remediate and contain malicious activity and potential vulnerabilities

The report included vendors who have products with the above capabilities and have demonstrated an enterprise market presence with a high-level of interest for their solutions from enterprise customers.

In the report, Forrester also assesses a vendor’s strategy. Sophos scored a maximum rating across the board in the cost and licensing model, product roadmap and go-to-market strategy criteria. Forrester cites, “In a field crowded with both new and legacy endpoint security technologies, Sophos’ roadmap to develop strong signatureless prevention and detection capabilities…should make the product highly competitive over the long term.”

Sophos Intercept X is a next-generation endpoint security product that stops zero-day malware, unknown exploit variants and stealth attacks and includes an advanced anti-ransomware feature that can detect previously unknown ransomware within seconds. Sophos Intercept X installs alongside existing endpoint security software from any vendor, immediately boosting endpoint protection with signatureless detection. Sophos Intercept X is now available and more information can be found on the Sophos Intercept X website.

“This study assesses both traditional and next-generation security vendors against consistent criteria. The placement of Sophos on the strategy axis to the extreme right indicates to us that Sophos is taking the lead by adding next-generation technologies to our proven endpoint protection portfolio,” commented Dan Schiappa, senior vice president and general manager of the Enduser Security Group at Sophos. “I believe that our position as a ‘Leader’ in this report is a testament to Sophos’ continued ability to assess the dynamic security landscape and listen to our customer needs to develop effective endpoint security products that exceed expectations for protection and manageability. I am proud that our customers benefit from our industry-leading technology, our strategy for both on-prem and SaaS deployment through the Sophos Central cloud-based management platform and our ability to consistently bring innovative security products to organizations of all sizes.”

To download the Forrester Wave: Endpoint Security Suites, Q4 2016, please visit the Sophos website.

You can read the original article, here.

We’re pleased to announce the latest release of Sophos Web Appliance 4.3, which adds improved Sophos Sandstorm capabilities and completely updates the underlying Sophos Web Appliance operating system to a new improved kernel.

If you’re not familiar with Sophos Sandstorm, it gives your organization an extra layer of security to defend against fast-moving, targeted attacks, like ransomware, Advanced Persistent Threats (APTs) and newer, unknown malware.

Since its release, Sandstorm has become immensely popular with our customers, so we’re pleased to announce new features that makes Sandstorm even more powerful.

Submit suspicious files to Sandstorm through the Sophos Web Appliance dashboard

In response to customer requests, Sophos Web Appliance (SWA) 4.3 now has a file submission feature. With this, a SWA administrator can quickly and easily submit a suspicious file to Sandstorm using the SWA dashboard, just by uploading the file or submitting a URL. A valid Sandstorm license is required for file submission.

Here’s how easy it is:

Submit your file to Sandstorm in the dashboard:

You’ll then see a Sandstorm file submission confirmation page:

You’ll then see the Sandstorm activity result:

Comply with data residency requirements by choosing your Sandstorm data center location

In addition to the new file submission feature, you can also select the data center where you want to send files for analysis via Sandstorm to ensure that any data residency compliance requirements you may have are met.

Additional enhancements

• Numerous performance, stability and security fixes as part of the core OS upgrade.
• Removal of redundant support for YouTube for Schools, which Google has recently disabled.
• Administrators can receive email notifications if a Sandstorm submission turns out to be malicious after a user has downloaded it.
• Policy-based blocking of additional potentially dangerous file types, including Windows Scripts, Windows System Files, HTML applications.
• Support for using TLS 1.2 for all Sandstorm communications.

Please note: Soon Sandstorm reports will only be able to be retrieved via TLS 1.2. If you are running Sandstorm on V4.2.x, you should upgrade as soon as available to prevent loss of access to the Sandstorm reports through the dashboard. A valid full or trial Sandstorm license is required to enable Sandstorm in Sophos Web Appliance.

There’s lots to see in the new release of Sophos Web Appliance and Sandstorm. You can find out more here.

You can read the original article, here.

Sophos is the same as any other business – we need to keep our employees (and the company) safe, while at the same time we need to give people the freedom to do their jobs.

Our employees want to be helpful, perform well, and give good support to their co-workers, clients and customers. But good nature is exploitable and it’s those easy-to-exploit characteristics that social engineers seek to tap into.

As an attacker, it’s usually easier to try and push past a human than to try and push past a machine. Unless we understand the tactics and techniques of cybercriminals, people may well fall prey to attacks and put the company at risk at the same time.

The best defense for social engineering attacks is a combination of good controls and an awareness program – start with a good, simple, human readable policy and then base training and awareness campaigns around that.

Who you gonna call?

Staff need a single point of contact – it’s vital for people to know they have a specific person or team that they can ask for help from, escalate issues to, or double check something with – no matter how small they think it is.

Remember, the biggest incidents start with the smallest of indicators. We advertise this point of contact through everything we produce for staff – whether it’s an email from HR, a poster in the coffee area or a presentation we give to employees.

Education through awareness

At Sophos we run an internal education campaign called ‘7 deadly sins of security’. This educates employees on basic security topics, including phishing, passwords, scanning and sharing documents.

Our latest campaign, ‘Don’t let your data get ripped – Encrypt!’, coincided with the full launch of our SGN 8 file-level encryption product.

Through this internal education campaign, staff are informed of particular risks and can learn how to combat them through blog posts, banners, and posters throughout the offices.

Not just for new joiners

Security training and awareness shouldn’t just be something to bulk up a new starter’s welcome pack and then left alone forever more. Nor should it be routinely rolled out just to tick a compliance box.

Beginning at the on-boarding stage with simple policy, this training should be a continuous process, delivered through numerous methods to keep staff engaged and informed.

Phishing

One of the techniques we use to build awareness is phishing testing, and we continuously test our co-workers against this type of threat. Based on real phishing threats we receive as a security team, our tests have a good call-to-action with domains that resemble our own. We generally run one a month, and anyone who gets caught out gets some instant automated training explaining what to look out for and why.

With any suspected phishing (whether it’s a test from us or the real deal), we actively encourage staff to send possible threats to the security team as soon as they see them – ideally before their first click.

To encourage this, we have clear and simple paths for reporting phishing, including an Outlook button to escalate directly to the team. This is the most straightforward way of being able to proactively defend against this threat.

Protect those passwords

We also have an active password audit program. We enforce large passwords and encourage the use of password managers, as well as check staff passwords and crack any of them that are deemed too simple. Any users with poor passwords get to re-visit our password education campaign.

That’s not everything

This is just a small subset of how we build a security culture. The main thing to remember is that it should be constant, not just a check box.

Security awareness is fine; security culture is where it’s at.

You can read the original article, here.

The firewall team has been working furiously over the last several months on the latest release of XG Firewall and, after an extensive beta, we’re really pleased to announce that XG Firewall v16 is available now. This release is a major update that includes over 120 new features and enhancements across all areas of the firewall.

It’s easier to use, with new navigation, enhanced logging and troubleshooting tools, and streamlined workflows. It’s more powerful, with new policy tools that make it easy to build sophisticated web, email, and routing policies custom tailored to your needs.

It’s got more innovative, with new Synchronized Security features like dynamic app identification and new Security Heartbeat options that improve protection, response, and visibility into what’s happening on your network.

There’s a complete list of new features below, but you’ll probably prefer to see what’s new first hand: watch the full 8-minute overview video of all the major new features or see the highlights in just two minutes.

How to get it

The new XG Firewall v16 firmware is being rolled out automatically to customer systems, so keep an eye open for the firmware update notification in your firewall. However, if you’re eager to install the update sooner, you can download the firmware update from from the Community Forums (and later via MySophos) and apply it anytime. Watch this video that explains how to update your firmware.

If you’re new to XG Firewall, you can see what all the buzz is about here and you can also sign up for a 30-day free trial.

Tell us what you think

Many of the enhancements in v16 are the result of your feedback and input – so thank you very much for your help in making this a great release! But please don’t stop there. Let us know what’s on your mind by stopping by the XG Firewall Community Forums.

Need help? Have questions? Our Community has the answers.

The XG Firewall Community is also the perfect place to get all your questions answered and is staffed by members of our technical engineering team as well as some very knowledgeable expert members. There’s tons of useful content in the Knowledge Base and, soon, the new How-to Library as well (stay tuned for more on that). I think you’ll be impressed with the quality and quantity of content available there.

What’s new

Control Center and navigation

• Enhanced Control Center widgets: Several widgets have improved flip-card views or drill-down results including Reports, Interfaces, and Security Heartbeat.
• Navigation: Left navigation has been expanded to improve access and gain consistency with Sophos Central. Menu items are grouped logically on the left side by task or activity. Second level navigation is now tab-based, enabling quicker two-clicks-to-anywhere access to the most frequently used configuration options. (Note: final tab layout and organization is still being worked on for a subsequent beta build.)

Firewall, network and device configuration

• NAT business rule creation: Improved DNAT, Full NAT, and server load balancing rule creation.
• Firewall to firewall RED tunnels: Site-to-site RED tunnel support.
• Cloning: Enables easy cloning of existing firewall rules, objects and policies.
• Firewall hostname: You can now assign a custom hostname to your firewall.
• Policy routes: Route select traffic to a custom gateway based on source, destination or layer-4 service.
• Country filtering improvements: Streamlined implementing country or continent-based filtering in firewall rules.
• DHCP server and relay: Support for concurrent DHCP Server and Relay configurations at the same time.

Authentication and diagnostics

• Direct live log viewer access: Open the live log viewer in a separate window directly from the Control Center using the magnifying glass at the top of any screen.
• Two-factor authentication: Improved access security with support for OATH-TOTP one-time passwords directly on the firewall, eliminating the need for a separate 2FA solution. Support for IPSec, SSL VPN, User Portal, and WebAdmin access. We recommend using the free Sophos Authenticator app for iOS and Android.
• STAS (Sophos Transparent Authentication Suite) UI: STAS configuration has been added to the GUI enabling easy setup without requiring the CLI.
• Live log viewer enhancements: An improved live log viewer which conveniently opens in a new window, with a 5-second refresh option, color-coded log lines, and the option to activate packet capture.

Web and email protection

• New anti-spam features (HELO/RDNS): Added anti-spam technology to identify non-legitimate mail sending servers.
• Email per-domain routing: Route incoming mail to the correct destination server, based on the target domain.
• Creative Commons enforcement: Reduce the risk of exposure to inappropriate images by enforcing search engine filters for content with a Creative Commons license.
• Unscannable content handling: Options to allow or block content that cannot be scanned due to encryption or containers.
• Redesigned web policy model: Flexible new user and group policy creation and in-line editing tools with inheritance that make web policies more intuitive and easy to maintain while dramatically reducing firewall rule count in many situations.
• Warn action: A new web filtering action in addition to Block or Allow that enables users to proceed to websites only after acknowledging a warning that the site belongs to an inappropriate or undesirable category. This option can be ideal in situations where user education, awareness, and monitoring is desired without strictly prohibiting access.
• Google Apps control: Limit access to a selected Google Apps domain to reduce the risk of data loss from users transferring documents to their personal Google Apps.
• External URL lists: Import external URL lists that require enforcement in certain organizations or jurisdictions.
• Full email MTA – store and forward support: Enable business continuity, allowing the firewall to store mail when target servers are unavailable.
• Email SPX Encryption reply portal: Enable recipients of SPX encrypted emails generated by the firewall to reply securely using a portal on the firewall to draft and send a response.

Synchronized Security

• Real-time application visibility: Enables the firewall to solicit information from the endpoint to determine the application responsible for generating uncategorized network traffic. This is valuable for gaining insights into network traffic that is unrecognized by other firewall solutions.
• Missing Security Heartbeat: Enables the firewall to detect when a previously healthy Endpoint is generating network traffic with a missing Security Heartbeat and automatically identify the system and respond. This may be an indication that the endpoint AV has been tampered with or disabled.
• Destination-based Security Heartbeat: Enables the firewall to limit access to destinations and servers based on the status of their Heartbeat, further bolstering protection from potentially compromised systems until they can be cleaned up. Combined with regular Heartbeat policy enforcement, this can effectively isolate a compromised system completely – both inbound and outbound.

Deployment and hardware

• AP 15C support: Adds support for the entry-level AP 15C ceiling mount access point.
• Improved Security Audit Report: Improved layout, presentation and information for the customer facing Security Audit Report provided after a TAP-mode or Inline-mode Proof-of-Concept deployment.
• Microsoft Azure platform support: Support for deployment in Microsoft Azure as a preconfigured virtual machine from the Microsoft Azure Marketplace with pay-as-you-go or bring-your-own-licensing (BYOL) options.
• High availability enhancements: HA support for configurations using dynamic (DHCP/PPPoE) interfaces.
• RED 15w support: Adds support for the RED 15w with integrated wireless.
• 4x10G 4-Port Flexiport module support for 1U XG Series appliances

Issues addressed

• Open issues addressed: In addition to new features, this release has closed hundreds of open issues identified since the release of v15 across all areas of the product. Check the release notes for details.
• Vulnerabilities addressed: A number of vulnerabilities have also been closed with this release, improving the security of your Firewall

What’s next

Now, of course, we’re not done yet by any means. There’s still lots of great things we want to do, but I think you’re going to love the improvements in this release so I encourage you to check it out.

You can read the original article, here.

According to a variety of industry reports, cyber security spending is measured in Billions of dollars, and it’s projected to grow – driven by a number of market factors including cloud, mobile, IoT and other “elements of digital business.”

But as organizations move quickly to shore up their security systems, motivated attackers continue to innovate and evolve their tactics just as rapidly. From sophisticated phishing attacks, software flaws and reverse-engineering, to protocol analysis, misuse of cryptography, side-channel attacks and even attacks on physical security measures, attackers often have little trouble getting into an organization’s network. Remember – attackers are patient – always looking for a crack to enter enterprise networks.

This is one reason why layered security is critical – ideally including proactive controls such as encryption and detection systems to identify malicious behavior. Yet security systems can be largely ineffective without privileged account security in place as a safeguard.

Think of it this way: privileged accounts are embedded within every piece of security, database and network technology – used for installation and management. As such, they represent a gateway into your organization’s most valuable assets. If you deploy a million dollars’ worth of next-gen firewalls but don’t secure their privileged accounts, an attacker can obtain those credentials and go right through your firewall. Attackers are experts in spotting “cracks,” including small vulnerabilities that only exist for a few hours. Even the smallest “crack” of one stolen credential can be enough to make your million-dollar firewall investment nearly worthless—or worse, take down your entire organization.

Today’s reality is that the IT infrastructure is not fully protected unless privileged accounts and their credentials (accessed by both humans AND applications) are secured.

To maintain the credibility and efficacy of your security solutions, put privileged account security in place before you deploy any other security controls or detection solutions. For other reasons to prioritize privileged account security today, download our new At-a-Glance Guide.

You can read the original article, here.

Cab rides, airport security, busy cafes, hotel rooms, airplanes; all can be very treacherous places for laptop computers. Each year, millions of laptops are lost, stolen or simply left behind, with many of them containing important and sensitive data.

Full-disk encryption is the essential first line of defense for protecting data in any of these events and, plainly speaking, it should be used for all business computers.

Traditionally, the catch with full-disk encryption has been that in order to use it efficiently across an organization, a bit of effort is needed: data protection policies need to be created, management servers must be installed, key recovery processes need to be put in place, users have to be trained, and so on.

We figured you don’t have time for all that, so let’s make it simple: We’re very excited to announce Sophos Central Device Encryption, which is our full-disk encryption for Windows managed from Sophos Central – our single, integrated, web-based administration interface.

Sophos Central Device Encryption offers a three-click policy setup, no key management servers to install, compliance and reporting features, and self-service key recovery for your users. It’s the easiest way to manage BitLocker encryption for all your Windows users.

With installation and setup done in minutes, it’s an extremely powerful addition to your data protection strategy.

Why not see for yourself? Take Sophos Central Device Encryption for a spin today with a free 30-day trial.

Read more about Sophos Central Device Encryption here or see it in action below.

You can read the original article, here.

For more than a decade, CyberArk has focused on helping companies to protect high value assets inside the network. Over the years, privileged account security has evolved from compliance-driven projects to thoughtful strategic programs adopted enterprise wide.

Along the way, we have innovated and enhanced our offering to stay ahead of ever-changing advanced threats, but our focus remains on helping our customers to proactively protect privileged accounts. Today our platform delivers new a layer of security inside the network – designed to help organizations build and maintain trust in their IT systems and protect what matters. This is not only our mission, it’s our passion. Working closely with customers and educating the market about best practices is not only important, but essential for the entire business community. Best practices are not static –they advance as new insights are available. We listen, observe, collaborate and advise as threats emerge and evolve.

CyberArk works with security teams at companies in virtually every industry, and there is a growing recognition that privileged account security must be a top priority. Cyber attack headlines extend well beyond hospitals, government and financial institutions. All organizations have valuable assets – data about employees, customers, IP, financial information – and all organizations have privileged accounts that need to be secured in order for those assets to be protected.

Credentials -and, in particular, privileged credentials- give attackers the permissions necessary to access servers and steal data or go after the domain controllers and take control of the IT environment. They are the gateway to an organization’s most valuable assets and are the common denominator in the cyber attack life cycle. Securing privileged accounts and credentials must be at the top of the enterprise security agenda. In fact, it’s time to put privilege first.

With this in mind, we’ve highlighted five reasons to make privileged account security your first priority, and each is detailed in our new guide, which I encourage you to read.

5 top reasons to prioritize privileged account security:

• Single solution to protect against insider threats and external attackers
• Privileged accounts represent the express lane to your domain controllers.
• Privilege is the road most traveled.
• Your security systems need to be secure.
• Securing privileged accounts is the first action following an attack

Prioritizing privilege will put you on the fast-track to reducing your organization’s risk profile with measurable return on your investment.

You can read the original article, here.

How do things stand with you in terms of protection for personal PCs and Macs? Do the following situations sound familiar? Missed updates? Calls from your mother when the PC has once again been hit by a virus? Complicated installation processes?

If you answer „Yes“ to some or all of these questions, then we have just the rescue package you need: Sophos Home, our free security solution for private users that guarantees you all-round protection.

With Sophos Home you will get the same award-winning technology that IT professionals trust to protect their businesses – for free, for your personal devices. You will get:

• A fully-featured security tool for up to 10 PCs and Macs
• A free full version, not trialware or adware that you constantly need to renew
• Anti-virus, anti-malware and web content filtering

Sophos Home is extremely easy to use – you really don’t have to be a security expert. To register, just visit www.sophos.com/home and create an account.
We hope that you enjoy using Sophos Home and that the fall season gets off to a relaxing start for you!

At Sophos, we’re no strangers to next-generation security. You can see it across our entire product line, from our powerful Security Heartbeat technology that leverages Sophos Central to facilitate communication between endpoints and the network, to our advanced behavioral analytics and malicious traffic detection features (and a whole lot more).

Today, with the introduction of Sophos Intercept X, we’re taking a massive leap forward in next-generation protection – not just for Sophos, but across the entire security industry as a whole.

Sophos Intercept X ushers in a new era of endpoint protection for modern threats, featuring signatureless anti-exploit, anti-ransomware, and anti-hacker technology that includes beautiful visual root-cause analysis and advanced malware cleanup – all managed via the Sophos Central Admin console.

No other solution on the market offers so many features in a single package. Use it alongside our Sophos Central Endpoint Advanced protection or as additional protection to augment and double-check the antivirus coverage from your current vendor, all with minimal impact to system performance: no signatures, no scanning, and no meaningful CPU usage until we’ve intercepted and eliminated something malicious.

You’ve undoubtedly seen countless headlines about crippling ransomware attacks that cost people billions of dollars each year. With Sophos Intercept X, we’ve integrated powerful ransomware protection that’s capable of not only automatically stopping ransomware attacks as soon as they’re detected, but rolling back damaged files to known and safe states as well.

While ransomware seems to grab all the headlines these days, our ransomware-killing technology is made possible by the advanced anti-exploit technology that serves as the foundation of Intercept X. It blocks zero-day and patient-zero threats without the need for traditional file scanning or signature updates. In other words: even if we don’t know about it yet, we can still stop it.

In addition, we’ve added automated forensic reporting that traces attacks back to their origins, pinpoints additional infection points, and offers prescriptive guidance for strengthening your organization’s security posture in the future. Sophos Intercept X also includes comprehensive deep-cleaning technology, which hunts spyware down that other traditional AV misses and rips out deeply embedded, lingering malware to make remediation a snap. Again, no other vendor offers this much protection in a single package.

We invite you to take Intercept X for a free 30-day spin alongside our advanced endpoint protection or your current vendor’s. If you’re already a Sophos Central customer, simply contact your partner to get set up; if you’re new to Sophos, sign up for a free 30-day trial account of Sophos Central, which includes Intercept X. Please visit the Sophos Intercept X product page for more details.

We hope you enjoy using Intercept X as much as we’ve enjoyed building it. This is the first in a new line of incredibly powerful next-generation solutions from Sophos. We’re extremely excited with how far we’ve come and with what’s still on the horizon.

Υou can read the original article here.

Just like the visible stars in any night sky, the number of IoT devices may soon be countless and with that, count on at least one vulnerability and probably more for each device. IoT is exacerbating concerns over mobile security threats, as well as exploits that lack a mobile component. IoT will play a role in more than one-fourth of all cyberattacks by 2020.

The sheer number of connected devices forming an attack surface globally and the degree to which these devices and our increasingly connected culture are so easily compromised will continue to compound the issue. A lot of research is going into methods for exploiting IoT. Organizations need to be equally aware of the threats and attack vectors in order to form plans for protection, detection and response.

IoT attack vectors

Enterprise data stores of intellectual property and customer data can seem far removed from a smart home’s intelligent fridge or thermostat. Yet black hat crackers absolutely can spoof that fridge, launch a man-in-the-middle attack, gain control of your employee’s smartphone and from there, potentially gain access into your organization.

The same kinds of IoT devices and hardware that provide efficiencies and conveniences in the home do likewise at the office. The path to your data treasures is greatly abridged when these gadgets are plugged directly into the office.

Attackers are including smart home and smart office IoT in botnets to attack the enterprise. Due to limited security for IoT, black hat crackers can readily use these devices in the same way they do zombie computers, building and maintaining significantly larger botnets and enabling their botnet armies and C&C servers with more power and an extended grasp to launch more efficient and effective attacks.

As with other DDoS attacks, these can be used to overwhelm cybersecurity while another much more damaging attack takes place. Furthermore, with their added size and strength, these IoT botnets (or botnets combining IoT gadgets and zombie computers) can send many times more Phishing emails, exploding the likelihood that someone will fall prey and infect the organization. There are many examples of how weaponized IoT devices that form botnets for DDoS attacks can do harm.

Black hats have demonstrated attacks where the successful manipulation of IoT can lead to hacks on gmail. With so many business personnel using gmail, this is another potential path into the enterprise for the hungry attacker.

Don’t forget the IIoT (Industrial Internet of Things) and SCADA devices that industry is increasingly connecting to the Internet. An internet connection is all attackers need to find and manipulate IIoT and SCADA devices and bring affected parties to their knees through the compounding repercussions of their acts.

Cybersecurity for IoT: Where to Begin

To secure IoT, begin now to select and design IoT assets, deployments, and infrastructure with centralized monitoring and management in mind. This way, you can start to secure IoT hardware from a central system rather than by doling out nonuniform security measures here and there a bit at a time. Read about increasing your secuirty posture for better IoT defense.

You can read the original article here.

SophosLabs has just released a research paper on a new way that cybercriminals are distributing malware that makes money by “borrowing” your computer to mine cryptocurrency.

The report by Attila Marosi, Senior Threat Researcher at Sophos, investigates the Mal/Miner-C malware, which criminals are using to mine the cryptocurrency Monero.

In this paper, Marosi examines how Mal/Miner-C quietly infects victims’ computers and communicates with host servers to run mining operations covertly in the background.

Alone, one computer may not make a big impact on cryptocurrency mining, but the criminals aim to infect as many computers as possible with their malware so they can reap the cumulative financial reward from hundreds of thousands of infected computers.

Marosi investigates how NAS devices are used as a distribution server for the Mal/Miner-C malware, and explores the criminals’ mining activities and how much money this racket is potentially worth to them.

Download this new technical paper today to learn about Mal/Miner-C, how it is used to mine cryptocurrencies, and how you can help to stop the crooks.

You can read the original article here.

Apple has made iOS 10 available and will push upgrade notifications out to devices over the next few days. Some early adopters even have iOS 10 already installed!

Good news – Sophos Mobile Control is ready with same-day support of iOS 10. Once iOS 10 is loaded onto your users’ devices, it’ll be supported by all components of Sophos Mobile Control.

For a comprehensive list of iOS 10 features, please visit Apple’s iOS product page. Another good source of information about iOS 10 and the newly-announced Apple gadgets is Digg.com’s live blog from Apple’s recent iPhone 7 keynote.

As long as your users are using the latest versions of Sophos Mobile Control apps, there’s nothing you need to do to fully support iOS 10 across your Sophos Mobile Control estate. We’ve already tested against the various alpha and beta versions of iOS 10 and have modified Sophos Mobile Control to be compatible whenever your users are ready to update their devices.

You can read the original article here.

We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management* is out, and Sophos is positioned in the Leaders Quadrant for the fifth year running.

We continue to be one of only three vendors in the Leaders Quadrant. And we think that says a lot about our standing in the eyes of customers, partners and industry analysts.

The Magic Quadrant is based on an assessment of a company’s ability to execute and completeness of vision.

Our strategy for the mid-market and our channel is clearly working very well as we deliver on our promise to make security simple with unique innovations that make our UTM products easy to deploy, manage and use. As a result, more and more partners and customers are turning to Sophos for their next firewall and UTM. In fact, the momentum in our growth is outstanding – more than triple the industry growth rate.

With the launch of our new and innovative XG Firewall and Synchronized Security we are also delivering on our vision for the future of IT Security where security components work better together to improve protection and respond to incidents. And with more and more IT infrastructure moving to the cloud, our leadership in protecting IaaS further reinforces our ability to anticipate important trends impacting your business and ensure your network is secure everywhere.

As the only IT security company to be positioned as a Leader across both Unified Threat Management* and Endpoint Protection Platforms** – we think our complete security offerings uniquely position us to deliver on the next generation of protection – Synchronized Security.

You can access the Magic Quadrant for Unified Threat Management report here (registration required).

You can read the original article here.

The Shadow Brokers are a self-styled hacker group that recently kicked off a tongue-in-cheek media campaign claiming that they’d penetrated the NSA (or someone like that – they’re referring to the victim as the Equation Group).

Shadow Brokers say they’ve made off with a virtual warehouse of tip-top “cyberweapons” that they plan to auction off.

To help you believe they have some good stuff in the auction files, they’ve released a bunch of hacked data for free, including documents, programs, scripts, exploit code and so on.

Interestingly, there’s more free stuff (191MB compressed) than there is data up for auction (134MB compressed):

-rw-rw-r–  1 bloke staff  134289064 25 Jul 10:49 eqgrp-auction-file.tar.xz.gpg
-rw-rw-r–  1 bloke staff  191282372 25 Jul 10:50 eqgrp-free-file.tar.xz.gpg

We can only assume that the “auction” is supposed to be interpreted as a giant lampoon of the buying-and-selling-of-exploits scene, because the terms of the auction are absurd:

• There’s no cutoff time for bidding. The crooks will stop collecting bitcoins and pick a winner if and when they choose, which could be any time (or never).
• You’re not allowed to know what you’re buying. It’s a secret.
• The crooks keep every bid you submit, whether you end up winning or not.
• Once the total of all bids gets to BTC 1M (over $0.5B), everyone in the world gets everything for free.

Actually, for all the tongue-in-cheek here, the Shadow Brokers crew make an excellent point when they explain why they aren’t giving away the list of cybermaterial:

Q. What is in auction files? A: Is secret. Equation Group not know what lost. We want Equation Group to bid so we keep secret. You bid against Equation Group, win and find out or bid pump price up, piss them off, everyone wins.

That’s a common problem after a data breach: not knowing quite how bad it really was, with the result that in your official breach disclosure you have to assume and describe the worst that could have happened.

When a crook breaks into your flat and steals your widescreen TV, you can tell, because there’s a huge area of blank wall where the TV used to be.

But when a crook wanders into your network and steals your data, it’s a different sort of theft: all your data’s still there, as well as being in any number of other places as well.

What we know

What we do know from the Shadow Brokers eqgrp-free-file.tar archive is that something was stolen or leaked by someone, at some unknown earlier time.

Whether it’s only being leaked now by the original thieves, or whether it’s been re-stolen by a new lot of crooks, we don’t know.

But at least one of the exploitable vulnerabilities amongst the free files, found in the Firewall/EXPLOITS/EXBA/ directory, not only works, but also turns out to have been a zero-day bug.

EXBA is short for EXTRABACON, and the EXBA script is documented like this:

#CISCO ASA SNMP exploit script
#Works on most 8.x(y) versions through 8.4(4).
#Do not use against unknown or unsupported versions

The files in the archive are timestamped June 2013, for what that’s worth, and the affected Cisco ASA versions listed date from 2007 to the start of 2012.

ASA is short for Adaptive Security Appliance, one of Cisco’s firewall products.

The bug was obviously news to Cisco, who quickly and creditably responded with a detailed analysis of the flaw.

What to do?

As far as we can see, the exploit and shellcode that Shadow Brokers published for this vulnerability almost certainly won’t work as they stand against any recent version of the Cisco ASA product.

Nevertheless, because the bug was never disclosed, it remained in Cisco’s code.

That means a determined attacker has a huge head start at finding an exploit for recent Cisco ASA products, even if both the EXTRABACON script and its associated attack code needs work.

In other words, check out Cisco’s writeup to check if you’re at risk and, if so, what to do about it.

You can read the original article here.

Being an IT security professional isn’t easy these days; the cyber threat landscape is constantly evolving. Ransomware, Trojans, Malware, and distributed denial of service (DDoS) attacks are some of the most common types of threats. Each has different vectors and flavors, and each brings its own risks and costs. IT pros clearly need multiple layers of security, but which layers are most important? Common solutions range from firewalls to anti-virus software and network intrusion and advanced persistent threat tools.

With all those threats, we understand it must be hard to prioritize which security solutions are the most important to implement. However, DDoS attacks are increasingly common and growing more dangerous and sophisticated, so if you don’t have an anti-DDoS solution in place, consider the risks. Can your network threat defense handle a DDoS attack? It’s proven that intrusion prevention systems and firewalls are no match for DDoS attacks.

If you think your organization is unlikely to be a DDoS target, think again; you don’t have to be a high-profile company or organization to be a victim of DDoS. When most people think of DDoS, they think in terms of the incidents that make headline news, when attacks take a website or application offline. However, DDoS hackers seldom launch attacks to take a website offline. An overwhelming majority (93%) of DDoS attacks are under 1Gbps, and last less than 30 minutes. That may sound harmless, but it’s not. Increasingly hackers use “Dark DDoS” attacks as a smokescreen for more destructive, stealthy cyber-attacks.

Sometimes IT security staff don’t even realize when their website or application is undergoing a DDoS attack. Other times, the attack is noticed, but while the IT security staff are busily investigating why their network performance is dragging, the cyber criminals are equally busy behind that smokescreen, testing for network vulnerabilities, installing malware, stealing intellectual property or exfiltrating sensitive data from your network. By the time IT security staff discover the true source of the problem, the hackers probably did plenty of damage. Even if security staff “swing” the traffic out to a cloud-based scrubbing service, that usually takes 10-30 minutes to enforce.

That’s why investing in automated, inline network threat protection may be your wisest move; it detects and blocks even the smallest DDoS traffic packets. There are many security issues that beg for attention, but DDoS attacks pose a double threat because while they sometimes cripple a website, they more often mask more nefarious and damaging network infiltrations. IT security professionals can cover two bases by having an anti-DDoS appliance in place.

You can read the original article here.