An elite team of incident response experts on standby to get you back to business quickly in the event of a breach.

I’m proud to share that, for the fifth consecutive year, BeyondTrust has been recognized as a Leader in the Gartner® Magic Quadrant™ for Privileged Access Management! This year, BeyondTrust was recognized as one of only three PAM Leaders and was also positioned highest in Ability to Execute.

In our opinion, this Gartner® recognition validates BeyondTrust’s dynamic market adaptation, powerful product features, and the earned trust placed in us by a substantial and contented customer base. We believe receiving recognition for five years running as a PAM Leader in the Gartner® Magic Quadrant™ also reflects our commitment to innovation, deep understanding of evolving market needs, and relentless dedication to our customers.

Gain complimentary access to the report and read it for yourself anytime here.

Read on for our view on key takeaways from the 2023 PAM MQ™.

Thank you for an Incredible Year—More Awaits in 2024

2023 has been a monumental year for BeyondTrust. We released significant new solutions and saw incredible customer and community growth. There are many trends and capabilities to consider, but you don’t need to go it alone. We’re pleased to provide access to the 2023 Gartner® Magic Quadrant™ for Privileged Access Management to help you evaluate solutions against your unique objectives and requirements. Download your complimentary copy of the report.

Source: BeyondTrust

Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.

Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.

Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.

Join Beta Program

Keeper Security Privileged Access Management (PAM) Insight Report

Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:

• 87% of respondents said they would prefer a simplified version of PAM that is easy to deploy and easy to use.
• 68% of respondents said their current PAM solution has several features they don’t need.
• 84% said they want to streamline their PAM solution in 2023.

KeeperPAM is Revolutionizing Privileged Access Management (PAM) 

With KeeperPAM, credential rotation is simple:

• No cumbersome installs
• No need to open firewalls
• No need to create certificates
• No need to make network changes
• No agents are required
• No need to open any external ports, the solution uses SSL to communicate with Keeper
• No command line tools or scripting needed
• On-demand and automated rotation with a flexible schedule
• Rotate on-premises and cloud credentials/records
• Flexible post-rotation actions

Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM –  delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.

Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.

Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.

Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.

Password Rotation Features

• Automatically rotate credentials for machines, service accounts and user accounts across your infrastructure
• Schedule rotations to occur at any time or on demand
• Perform post-rotation actions such as restarting services, or running other applications as needed
• Secure storage of credentials in the Keeper vault
• Control and audit access to credentials
• Log all actions to Keeper’s Advanced Reporting and Alerts Module (ARAM)
• Create compliance reporting on shared privileged accounts

How KeeperPAM Password Rotation Works

Establish a Gateway

Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.

The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.

Vault Configuration

Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.

Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.

Source: Keeper Security

Business continuity, as defined by TechTarget, “is an organization’s ability to maintain critical business functions during a disaster.” There are many types of events that qualify as a disaster, including security breaches, natural disasters, supply chain disruptions and pandemics. Among these, an often overlooked critical event is the loss of internet connectivity.

For nearly all businesses, loss of internet connectivity means operations halt. For example, if the internet connection goes down, a retail organization cannot process payment cards. If a law firm loses internet connectivity, attorneys and paralegals cannot access critical online resources like Westlaw. Bottom line — business continuity is dependent on internet connectivity.

The National Institute of Standards and Technology (NIST) defines resilience to include “the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.” From a strategy and planning perspective, not only your IT systems but also your network needs to be resilient to function during and rapidly recover from major disruptions, which would include loss of internet connectivity.

This brings us to Datto and Datto’s commitment to business continuity and disaster recovery (BCDR). For years, Datto has been world-renowned for its BCDR and cybersecurity solutions — all designed to maintain business continuity. What’s often overlooked is Datto’s Networking solutions that also incorporate Datto’s vision of resilience and business continuity.

An example of this is the Datto Networking Appliance (DNA). Now available in Europe and Asia-Pacific, Datto DNA is an integrated, all-in-one secure router that features seamless and automatic failover to 4G cellular internet connectivity should the main internet connection go down. This ensures businesses can continue utilizing online services as if nothing disruptive happened at all.

The Datto DNA secure router adds firewalling (1.7 Gbps throughput), Layer 7 deep packet inspection, intrusion detection/prevention (IDS/IPS), web content filtering and more all into one desktop appliance. All of this gives businesses resilient, defense-in-depth security in one easy-to-use appliance.

As for routing, the Datto DNA features Layer 7 traffic management, hosted VoIP support, port aggregation, traffic shaping, support for up to eight VLANs and more, giving small businesses plenty of advanced routing features that optimize network traffic capacity while reducing network congestion and failure.

Integrated Wi-Fi provides fast and secure wireless LAN connectivity, eliminating the need to purchase additional wireless access points.

Cloud-based management, configuration, setup and ongoing management of the Datto DNA is handled via Datto Network Manager. With it, setting up a network can be done in minutes, not hours or days. Furthermore, new integrations with Datto Network Manager and Autotask allow you to manage alerts from Datto Network Manager and create Configuration Items (assets) for your networking devices in your Autotask database.

When your business absolutely, positively has to be connected online, you need resilient networking solutions that ensure business continuity. The Datto DNA secure router embodies this vision from Datto and is a perfect example of what resilient networking is all about. Your business runs on the internet, and if that connection fails, business stops. When it comes to internet connectivity, with Datto, failure is not an option.

Source: Datto

Skilled adversaries don’t break in. They log in.

Organizations that have invested in the Microsoft Security suite still need to protect against these advanced, human-led attacks that technology alone cannot prevent. However, the sheer volume of alerts generated by Microsoft security technologies, together with the complexity of the threat landscape and widespread shortage of in-house expertise and capacity, means that delivering effective security operations is an uphill task for most organizations:

• 71% of security teams struggle to determine which security alerts to investigate among the noise generated by their tools
• 52% of leaders say cyberthreats are now too advanced for their organization to deal with on their own, rising to 64% in small businesses
• The median threat response time is 16 hours, leaving attackers significant time to operate within the network

Introducing Sophos MDR for Microsoft Defender

Increasingly, organizations running Microsoft Defender are turning to specialist MDR providers such as Sophos to extend their cyber defenses. Given this pressing need, I am excited to announce the availability of Sophos MDR for Microsoft Defender. With this service, over 500 Sophos analysts monitor, investigate, and respond to Microsoft security alerts 24/7, taking immediate action to stop confirmed threats.

• Detect advanced threats using a wide range of Microsoft Security event sources together with proprietary Sophos detections and human-led threat hunts
• 24/7 expert-led threat response quickly stops attacks and terminates threats
• Integration with non-Microsoft security tools (Sophos or other providers) expands visibility and accelerates investigation response across the entire environment

With our experts taking care of security operations, organizations running Microsoft Defender can reduce cyber risk, increase the impact and efficiency of their existing security investments, and improve insurability.

Unparalleled visibility that delivers accelerated detection and response

The more we see, the faster we act. Unlike other MDR offerings that limit support to Microsoft Defender for Endpoint or Microsoft Sentinel, Sophos MDR leverages signals from the full Microsoft Security suite, including:

• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud
• Microsoft Defender for Cloud Apps
• Identity Protection (Azure Active Directory)
• MS O365 Security and Compliance Center
• Microsoft Azure Sentinel
• Office 365 Management Activity

Microsoft security solutions are only one part of a threat detection stack that typically includes firewalls, identity solutions, email security tools, NDR platforms, and public cloud security tools. Sophos MDR for Microsoft Defender provides a holistic approach to cybersecurity operations, integrating with almost any technology investment that generates security alerts – including tools from Microsoft, Sophos, and dozens of other providers.

By consolidating and correlating cross-product and cross-vendor telemetry in the Sophos XDR Data Lake, Sophos MDR increases the detection capability of our customers’ security stacks beyond the sum of the individual parts while also maximizing ROI on existing security investments.

Putting the R (Response) into MDR for Microsoft Defender

Identifying a threat is just part of the security operations process; unless you respond in a timely and effective manner, you remain fully exposed to attack. Yet all too often, third-party providers offer only minimal threat response capabilities in Microsoft Defender environments.

Sophos MDR for Microsoft Defender is different. It includes full threat response, containing threats to disrupt malicious activity. The non-exhaustive list of response actions that our analysts are capable of with Sophos MDR for Microsoft Defender includes:

• Terminating processes
• Disabling user accounts
• Forcing log off of user sessions
• Isolating host(s) utilizing Sophos Central
• Applying host-based firewall IP blocks
• Removing malicious artifacts

With Sophos MDR, you can relax knowing that we don’t just tell you about issues, we deal with them for you.

Future-proof your Microsoft defenses with the world’s most trusted MDR service

Testament to the superior outcomes our customers enjoy, Sophos MDR is the world’s most popular and most reviewed MDR solution, with a 4.8/5 rating on Gartner Peer Insights as of July 10, 2023, and a top rating on G2.

We secure more organizations than any other MDR provider, and this extensive experience across all industries and sectors enables us to provide unique “community immunity” to all our customers.

To learn more about Sophos MDR for Microsoft Defender and how it can support you, visit our website, read the service brief, or speak with a security expert today.

Source: Sophos

Today, companies all around the globe use Microsoft 365 cloud services and the advantages are self-evident. Companies no longer need to operate their own infrastructure to provide services on site. Programs and tools obtained simply via the cloud can be scaled easily and cost-effectively in line with user numbers. Especially when compared to a dedicated on-premises system, administration requires fewer IT resources. In addition, the service comes from a trusted, reliable provider. What’s more, whether you’re using Outlook as a mail client or Teams as a digital meeting room, all communication services are located on the same platform. By and large, Microsoft’s office software from the public cloud offers a wealth of communication and collaboration features at a reasonable price.

Nevertheless, companies are advised to install additional solutions for archiving and backing up emails in order to protect the business data they contain and keep this information available in the long term. Indeed, many companies are unaware that Microsoft 365 does not automatically archive and back up email data and, furthermore, that the archiving features built into Microsoft 365 do not offer the scope of services that can be expected from a professional third-party email archiving solution.

Reasons for Using a Professional Email Archiving Solution

The primary objective of any email archiving solution is to store copies of all a company’s emails including file attachments over time in a form that is faithful to the original, quick to find, and permanently available. This enables a company to make optimum use of email as an information resource and reap the many benefits available. Among other things, a professional email archive helps prevent data loss, cut storage demands on the mail server, reduce the workload on an IT team, and comply with the statutory and regulatory requirements governing the retention of business-relevant documents.

Summary of the Archiving Options Available in Microsoft 365

Microsoft offers several different options for securing emails depending on the plan chosen (Business Standard, Business Premium, Enterprise). Some of these features are provided free of charge as part of the basic Microsoft 365 package, while others are included only in the more expensive Enterprise plans. Below is a summary of the native archiving features in Microsoft 365:

• PST Archiving

Users can move emails to PST files and store them locally on their own computer or in the cloud.

• “Archive” Button in Outlook

The “Archive” button allows users to move emails to an archive folder. The emails remain in the Outlook mailbox; only the storage location of the emails change.

• Archive Mailbox Without Exchange Online Archiving

The archive mailbox is a separate mailbox with its own storage capacity to which emails can be moved. This archive mailbox must be set up by an administrator.

• Archive Mailbox With Exchange Online Archiving

With Exchange Online Archiving (EOA), users can move their emails to a separate archive mailbox to which administrators can apply their own archiving and retention policies.

Limitations of the Native Archiving Capabilities of Microsoft 365

However, IT decision-makers need to be aware of certain limitations concerning Microsoft 365’s on-board archiving options. Above all, in terms of security of storage, the use of PST files or the “Archive” button does not protect against data loss. Likewise, the separate archive mailbox provided in M365 (when not using Exchange Online Archiving) does not meet all the criteria of a professional email archiving solution. Only the archive mailbox that comes with Exchange Online Archiving (EOA) supports the functions and features required for professional email archiving, such as retention policies, legal holds and eDiscovery options. However, Exchange Online Archiving is only included in the more expensive M365 plans such as Business Premium and the upscale Enterprise plans.

The “Shared Responsibility” Model

Microsoft applies a policy of shared responsibility to its Microsoft 365 services. As such, Microsoft is responsible for ensuring that services under the Microsoft 365 label are permanently available and are offered redundantly. However, Microsoft does not consider itself responsible for protecting and retaining the data of its customers, and this also applies to any data contained in emails.

Due to the shortcomings and limitations that exist in M365 (depending on the selected archiving function) and the fact that customers are responsible for protecting and retaining their own email data, a professional third-party email archiving solution should be used.

What to Consider When Choosing an Email Archiving Solution for Use with M365

An email archiving solution can be a key element in terms of the long-term protection and retention of business emails. But the decision as to which solution is most compatible with the needs of a business is not always an easy one. Decision-makers are advised to examine the following criteria before choosing archiving software:

Independence From Microsoft

Without an external email archive, users will not be able to access their own emails if the Microsoft Office 365 service fails. A third-party solution will ensure that a vendor lock-in is avoided and the company’s emails will remain accessible even if the M365 service fails.

Self-Service for the End User

Some professional email archiving solutions provide users (not just the administrator) with a fast and efficient means of searching the email archive, as well as the ability to restore emails quickly and simply. This can relieve the burden on an IT team as they no longer need to be contacted to deal with such issues.

Protection Against Data Loss and Manipulation

Emails should be protected against accidental or malicious deletion; if they are not, compliance with legal requirements can be problematic. Even if Microsoft 365 is essentially capable of restoring data erased by mistake, situations can arise that impede or even seriously jeopardize daily business operations.

Compliance With Privacy Laws

When used appropriately, certified email archiving solutions ensure that emails are always processed in accordance with the relevant data privacy laws. Especially since the EU GDPR  came into force, data privacy has been the focus of public attention. Even in countries outside the EU, increasing attention is being paid to this sensitive matter.

Reasonable Total Cost of Ownership (TCO)

Microsoft’s most powerful archiving option (Exchange Online Archiving) is included only in specific M365 premium plans that are generally tailored to the needs of larger businesses. Microsoft 365 plans tailored to small and mid-sized businesses (SMBs) do not include Exchange Online Archiving and this would need to be added as an extra paid service. In this case, a third-party solution could be more affordable.

The Benefits of Independent Email Archiving Software

Third-party solutions can provide extra benefits over and above Microsoft’s native email archiving capabilities:

• An independent archiving solution allows content from email sources other than Microsoft 365 to be stored within the same archive. Managing several archiving solutions at the same time usually increases the cost and complexity of retaining business records. Using a central archive reduces the number of solutions that need to be administered by the IT team and searched through by users.
• Using an archive that is independent of the Microsoft 365 platform makes it easier to follow the 3-2-1 rule, which states that an organization should keep three copies of its data: two locally and one at a remote location separate from the primary system on which the data is created and stored.
• Many third-party archiving solutions support email de-duplication, which can significantly reduce storage requirements.
• Indexing a larger number of file types makes it easier to search for and retrieve emails and file attachments.

Conclusion: Third-Party Email Archiving Is a Necessary Addition to Microsoft 365

Although Microsoft 365 is doubtlessly a reliable, powerful and versatile platform, it does have its limits in terms of email archiving, and decision-makers in SMBs need to consider these shortcomings carefully. Business leaders and IT managers who are unaware of the facts are exposing themselves to unnecessary risk. A professional third-party email archiving solution can mitigate, even eliminate these risks altogether and should, therefore, be considered.

To assist companies in finding a suitable email archiving solution for use of Microsoft 365, the market research institute Osterman Research has produced a white paper on how small and medium-sized businesses that use Microsoft 365 can adequately protect their business email communications. The white paper explores which email archiving options exist, the risks to email data when using Microsoft 365, and what features your organization needs in order to adequately protect and manage the data contained in emails.

Are you interested in finding out more about the results and guidance contained in the white paper of Osterman Research?

Download Here

FAQ

What Options Do Companies Have for Archiving Their Emails in Microsoft 365?

Microsoft provides several options for archiving emails in M365. They include the “Archive” button in Outlook, storing emails in the form of PST files, and using an archive mailbox that has to be configured separately (with or without Exchange Online Archiving). Alternatively, a professional third-party email archiving solution can be used.

Does Microsoft 365 Automatically Archive Emails?

No. Emails are not archived automatically in Microsoft 365. M365 users must take responsibility for securing their emails themselves and decide which email archiving option best meets their corporate and, potentially, legal requirements.

Do Companies Need to Archive Their Emails in Microsoft 365?

Yes. Emails containing business-critical information should always be archived to protect this precious information resource and exploit it to the full. As a rule, legislators also impose legal requirements on the retention of business-relevant emails and on data privacy, both of which render the use of a professional email archiving solution essential.

Is It Sufficient Just to Create Backups of My Emails in Microsoft 365?

No, the purpose of a backup is to save data (e.g. emails) and systems (e.g. the email server) regularly in the short and medium term, and is primarily a means of disaster recovery. Any data produced or modified between two storage cycles will not be protected against loss and manipulation. First and foremost, the objective of any email archiving solution is to store copies of all emails including their file attachments for many years in a form that is faithful to the original, quick to find, and permanently available. This is essential in order to fully exploit the precious information resource that is email, while meeting the laws governing the storage of emails and data privacy.

Source: MailStore

There are an incredible, and increasing number, of electronic signature tools and GlobalSign has been recognized as a Strong Performer for electronic signatures in the Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature.

Documents Signed with Confidence, Integrity, and Trust

If you stopped to think about the importance of a signature to you and your business, there are probably several reasons you may want to introduce and incorporate electronic signatures into your business including efficiency, regulatory compliance, and increased security.

Behind strong business best practices is a robust digital signing solution. “The “Voice of the Customer” is a document that synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers.  This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process, as it focuses on direct peer experiences of implementing and operating a solution.”

“This document will highlight some key insights for the electronic signature market based on 18 months of reviews, and will also point you to particular ways to use the site in your buying process.”

The “Voice of the Customer” report can play a key role in your buying process, as it focuses on direct peer experiences of buying, implementing and operating a solution.

Promoting Strong Business Best Practices with a Strong Signing Solution

Behind strong business practices is a strong signing solution, and with 95% of customers willing to recommend GlobalSign based on 43 reviews as of 31 October 2022, we have been named as a Strong Performer in the 2022 Gartner® Peer Insights™ “Voice of the Customer” report.

GlobalSign’s Digital Signing Service (DSS) helps organizations to sign quickly, easily, securely and with confidence. Through one API integration, DSS is designed to provide a solution which compliments your workflow to boost business efficiency, meet national and industry-specific regulations and provide scalability to your business.

Learn more about Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature and download your complimentary copy of the report.

Source: GlobalSign

The supply chains of today’s global economy rely heavily on technology and information systems to deliver finished goods and services to the end user. However, for all the benefits of a hyperconnected economy this introduces, supply chains also carry with them a high degree of risk.

Systems typically have vulnerabilities which, if exploited by cybercriminals, can have a far-reaching impact. Attacks on the supply chain have risen by over 600%, according to a recent study by Interos, and groups of threat actors (like Magecart) are leveraging supply –chain-specific exploits that make headlines with high-profile attacks.

It’s no wonder that securing the digital supply chain has become a high priority for organizations who want to avoid disruption, protect sensitive data, and prevent brand damage.

Securing Your Partners

Enterprises should begin by identifying and understanding the risks brought in by each of their business partners. Security leaders need to assess the security controls in place, the mitigating and compensating controls, and how each vendor monitors their risk posture. This needs to be done for each business partner — there can be no weak link.

Typically, this is done by asking each partner to fill out a questionnaire, which can vary from a couple dozen questions to over one hundred. While potentially tedious, the purpose is to understand the risk of doing business with a particular partner and determining whether or not to accept that risk. Some companies are even issuing a “FICO score for cybersecurity”, which assigns a safety rating to each party.

Securing Your Own Organization

Organizations should also assess their own security culture. Every organization has within their security strategy prevention and detection controls. However, it is vital to continue to improve the culture of security awareness as human error continues to be one of the top drivers of a breach. In fact, 74% of all breaches are due to the human element, according to the 2023 Verizon Data Breach Investigation Report (DBIR).

One of the best ways to combat human error is with education. At this point, there is still much to learn about securing your enterprise from outside risks. Security awareness training for third-party risk management can help you understand the security shortcomings of a potential partner before taking on that risk.

Similarly, in-house security awareness training can help companies make sure they are not the ones putting others at risk. These programs identify and improve areas of security weakness so that employee behaviors don’t become a liability for the company or any of its partners downstream. This may entail adding phishing simulations, implementing new ways of engaging employees, and modifying communication strategies regarding current tactics being used by bad actors.

Companies should also take note of how their security team engages with the business. This will reveal if they are treated as functional partners, or if there are silos causing employees to view cybersecurity issues as an “IT only” problem.

Currently, the top areas of supply chain weakness involve cloud storage, databases, and compromised credentials. Those are areas touched every day by everyday employees, so it is those same employees that need to do the work to interact with those things safely. Improving the overall security culture will greatly reduce the chance of compromise as employees learn the warning signs of danger.

Securing Your Software Development Cycle

The software development process is another area that should be assessed within the context of a secure supply chain.

This is an area which will demonstrate if the security team is perceived as a valuable business partner or an inhibitor. For example, open-source code is popular to use as it can fast-track projects. However, there are no guarantees that open-source libraries have had proper security inspection.

If there is a good relationship, the business will engage the security team early in the process. They see the value in doing application security testing early because it surfaces vulnerabilities that teams can patch. This sets a course for them to then continue the process throughout the development cycle.

However, if security doesn’t get engaged until the end of the cycle, it’s usually a sign that either something is broken within the process or that security practices aren’t adequately valued. By engaging security only at the end, there is the risk of delays due to critical vulnerabilities. These flaws need to be patched, and this can lead to other issues such as delays in delivery and strained relationships between the business and the security team.

Enterprise Security Is Now a Team Sport

Supply chain security isn’t new, and most security leaders are going to struggle with it. Up until a few years ago, it may have even been a manageable affair. However, with the tech boom of the past few decades and the accelerated pace of the digital revolution, it is a problem that is growing bigger every day.

While secure supply chain management is something that will never be perfect, it’s up to each organization to do their due diligence before entering into business partnerships. A company’s fate becomes the same as its least protected partner, so vetting for cybersecurity weaknesses before signing the contract is an understandable and necessary part of doing business today.

That is why it is every organization’s responsibility to assess not only their partners, but themselves. In a digitally connected supply chain, what happens to one can affect everyone else. Companies should hold all partner organizations to high standards of industry security and expect the same of their own teams. After all, they may be part of someone else’s supply chain.

Source: Fortra

Sophos has released the State of Ransomware in Financial Services 2023, an insightful report based on a survey of 336 IT/cybersecurity professionals across 14 countries working in the financial services sector. The findings reveal the real-world ransomware experiences of the sector.

Rate of attack and data encryption

The 2023 survey revealed that the rate of ransomware attacks in financial services continues to rise. It went up from 55% in the 2022 report to 64% in this year’s study, which was almost double the 34% reported by the sector in the 2021 report. Although the sector experienced an increased attack rate, it was below the cross-sector average of 66%.

Financial services reported the highest encryption level in three years: 81% of organizations stated that their data was encrypted, a 50% rise over the 2022 report when 54% reported data encryption. Over one in ten attacks (14%) were stopped before the data was encrypted, down by 67% over last year’s report and the second lowest rate across all sectors in this year’s survey.

In a quarter of attacks (25%) where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

Root causes of attacks

Exploited vulnerabilities (40%) and compromised credentials (23%) were the two most common root causes of the most significant ransomware attacks in the financial services sector. Emails (malicious emails or phishing) were the third most common root cause behind 33% of attacks experienced by the sector.

Data recovery and the propensity to pay the ransom

98% of financial services organizations got their encrypted data back, slightly higher than the 97% cross-sector average. 43% of financial services organizations paid the ransom to recover their encrypted data, while over two-thirds (69%) used backups for data recovery. Encouragingly, the rate of ransom payments in financial services is down from 52% in our 2022 study, while the use of backups to restore data has increased slightly from 66% in the 2022 report to 69% in this year’s report.

However, the proportion of financial services organizations paying higher ransoms has increased, with almost 39% paying a ransom of $1M or more in our 2023 study compared to just 5% in the year before. At the same time, the percentage of financial services organizations that paid less than $100,000 remained in line with last year’s report, coming in at around 40%.

Read the full report here.

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

1. Strengthen defensive shields, including:

• Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
• Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
• 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider

2. Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
3. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 336 in the financial services sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Source: Sophos

MailStore is delighted to have received the Business Excellence Award 2023 in the category “Best Independent Email Archiving Vendor”.

This year, the monthly international business magazine Acquisition International – “AI” for short – presented its Business Excellence Awards for the seventh time. Published for the first time in 2010 by UK B2B publishers AI Global Media Ltd., the magazine Acquisition International now provides 108,000 readers in more than 170 countries with news, comment and analysis on topical business issues and trends.

Norbert Neudeck, Director of Sales at MailStore Software GmbH, was particularly delighted to receive the accolade: “Even after more than 15 years of MailStore history, many SMBs and software companies still do not attach the same importance to email archiving as they do to IT-related topics such as backups or anti-virus software. The benefits to be gained by a company when using a professional email archiving solution go far beyond legal compliance. So, we’re all the more gratified that our efforts have been honored in the Business Excellence Awards.”

The Business Excellence Awards honor companies from a wide range of business sectors, irrespective of how big or well-known they are. Nominations are submitted by the readers.

A research team at Acquisition International then analyses all the publicly available information on nominees and a jury rates the companies on this basis. In order to win an award, a company must satisfy a whole array of different criteria in the areas of e.g. client management and client feedback, innovation, corporate growth, longevity and reputation.

Highlights in our case included the user-friendliness of our email archiving solutions, coupled with a fair pricing policy and first-rate customer support. In addition, our software facilitates the optimum use of email as an information resource, while supporting legal compliance in the area of document retention. Our software is constantly being developed, so users always have a simple, secure, flexible and scalable email archiving solution at their disposal.

Source: MailStore

The Digital Operational Resilience Act (DORA) was enacted in January 2023 and will be in full force January 2025. Even if regulators provide a grace period (just like they did for GDPR) and January 2025 seems like a long way off, time passes quickly. It is, therefore, essential for financial institutions regulated under DORA to start planning their compliance journey.

Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. Today the Council adopted the Digital Operational Resilience Act (DORA) which will make sure the financial sector in Europe is able to stay resilient through a severe operational disruption.

DORA at a Glance 

The press release from the European Council provides a concise description of DORA’s purpose:

“DORA sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.”

Understanding the intersection between DORA, GDPR, and NIS2 is crucial.

Companies regulated under DORA still need to comply with GDPR requirements. It’s important for IT service providers to understand that DORA brings its own set of challenges, separate from GDPR. If a company violates European privacy laws, it can also be in violation of financial services supervisory laws, which can lead to further consequences. Additionally, certain credit institutions and trading venues must follow the NIS2 directive in addition to DORA, but DORA takes precedence in case of any conflicting regulations due to its more specific nature (lex specialis).

DORA requirements are broken down into five foundational pillars to meet the act’s core objectives. Before we get into those, we must point to a few things deriving from DORA’s mission statement. One of them is that the EU Council recognizes that financial institutions are the most highly targeted entities and that security incidents may include business interruption. As per the Bank of England’s “Systemic Risk Survey Results 2022 H2” report, 74% of the participants consider cyberattacks to be the most significant risk in the short and long term. The second-highest risks are inflation and geopolitical incidents, which are almost equally concerning.

One important aspect of a robust security strategy is the ability to quickly recover and return to normal operations, which is exactly what DORA aims to achieve. Additionally, it’s worth noting that supply chains in the financial industry have historically lacked the same level of accountability as the institutions themselves. However, with the implementation of DORA, third-party vendors will now be closely monitored and regulated by industry regulators.

Breaking Down the Five Pillars of DORA

ICT Risk Management 

The first pillar includes frameworks and guidelines to help financial institutions increase the maturity of their risk management programs. These guidelines aim to minimize the risk of attacks by reducing the attack footprint, detecting active attacks, and developing strategies to mitigate the impact of successful attacks. Solutions that align with this category comprise vulnerability management, application security testing, data and asset discovery, and penetration testing. Additionally, safeguarding endpoints, preventing data leaks, and securing public-facing web applications should be considered within this pillar.

Classification and Reporting of ICT-related Incidents 

In the second pillar, there is some overlap with the first one, as it involves identifying signs of compromise in your IT infrastructure and handling any malicious activity. However, it also includes additional guidelines such as a classification system based on the impact and templates for reporting content. This pillar emphasizes maintaining integrity and managing configurations, as well as keeping your incident response plan up-to-date and documented. Solutions that utilize threat intelligence are crucial to detect elusive malicious activities that may have bypassed your initial defenses.

ICT Third-Party Risk Management 

The third pillar focuses on supply chain risk management. Although the supply chain risk is typically implied in other mandates, DORA specifically addresses this risk due to the visibility of high-profile supply chain attacks in the last couple of years. To mitigate supply chain threats, organizations must have an inventory of all contractual agreements with ICT service providers and a process to evaluate potential new business partners and existing ones. Some additional considerations include phishing simulations and other security awareness training to help prevent employees from being socially engineered by bad actors masquerading as business partners. Additionally, it is crucial to have controls to prevent malicious files from being shared between partners. Financial institutions must also plan for potential service interruptions caused by their partners.

Digital Operational Resilience Testing 

This fourth pillar emphasizes testing the institution’s plan for dealing with incidents. The aim is to detect any potential shortcomings and identify areas where improvements in efficiency and system strengthening can be made. Tabletop exercises serve as one effective method of testing your incident response plans. In addition, exploring adversary simulations and red teaming would be advisable, which can highlight any weaknesses and enhance your teams’ skills.

Information Sharing Between Financial Entities 

The fifth pillar advocates for collaboration within the financial sector to combat shared adversaries. By exchanging intelligence, indicators of compromise, and the latest tactics, techniques, and procedures (TTPs) with peers in the industry, everyone can increase their ability to withstand challenges.

“Stronger Together” 

Out of these pillars the fifth stands out a bit as it aligns to the theme of the 2023 RSA Conference, which is “Stronger Together”. There were multiple sessions where industry leaders were talking about how the security community needs to work together and share our insights to help improve our defenses against threat actors.

A few years ago, I worked with a former security leader of a global financial institution. He told me that although financial institutions compete with each other for new business, he collaborated regularly with his counterparts at these competitors because they all had the same goal, which was protecting their respective employers from the same types of attackers. Other industries would benefit from this same type of collaboration, so hopefully, we will see more of that in the years to come.

Source: Fortra

Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. Today the Council adopted the Digital Operational Resilience Act (DORA) which will make sure the financial sector in Europe is able to stay resilient through a severe operational disruption.

DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.

Now that the DORA proposal is formally adopted, aspects that require national transposition will be passed into law by each EU member state. At the same time, the relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will develop technical standards for all financial services institutions to abide by, from banking to insurance to asset management. The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.

Background

The Commission came forward with the DORA proposal on 24 September 2020. It was part of a larger digital finance package, which aims to develop a European approach that fosters technological development and ensures financial stability and consumer protection. In addition to the DORA proposal, the package contained a digital finance strategy, a proposal on markets in crypto-assets (MiCA) and a proposal on distributed ledger technology (DLT).

This package bridges a gap in existing EU legislation by ensuring that the current legal framework does not pose obstacles to the use of new digital financial instruments and, at the same time, ensures that such new technologies and products fall within the scope of financial regulation and operational risk management arrangements of firms active in the EU. Thus, the package aims to support innovation and the uptake of new financial technologies while providing for an appropriate level of consumer and investor protection.

The Council adopted its negotiating mandate on DORA on 24 November 2021. Trilogues between the co-legislators started on 25 January 2022 and ended in a provisional agreement on 10 May 2022. Today’s adoption is the final step in the legislative process.

Source: EU

The world’s most trusted cybersecurity platform now secures more than 25 million devices!

July 29, 2023, is a very exciting milestone for all of us at Sophos as it marks the tenth birthday of Sophos Central, the world’s most popular cloud-based security platform.

Originally called Sophos Cloud, the platform initially supported Sophos Endpoint and Server solutions for customers in the U.S. and UK.

Today Sophos Central manages all Sophos’ market-leading next-gen security services and products for our customers and partners across the world. Users can deploy and manage all their security solutions in one place: from our MDR service and XDR security operations tools, to our endpoint, email and cloud security solutions, and our full network stack.

Central by the Numbers

For those of you who, like me, enjoy putting numbers to things, I’d like to share some current usage stats.

• Over 432,000 organizations currently use Sophos Central to secure their organization – more than the population of the Bahamas or Iceland
• 7 million devices are hosted in Sophos Central – greater than the combined populations of Sweden, Singapore, and New Zealand!
• 120 terabytes of data are uploaded to the Sophos data lake every single day – equivalent to 1MB for every person in Japan

Data sovereignty is an important customer consideration with all cloud-based tools. As demand for Sophos Central has grown, so have our data centers: from our initial three in 2013 we now have nine across the EU (x2), U.S. (x2), Canada, Australia, Japan, India, and Brazil.

Delivering Superior Cybersecurity Outcomes

While the numbers demonstrate the popularity of our platform, what I’m most proud of are the tremendous cybersecurity outcomes that Sophos Central delivers for our customers and partners. Organizations running Sophos Central to manage their defenses consistently report protection and efficiency benefits that make a real day-to-day impact, including:

• 85% reduction in the number of cybersecurity incidents the team needs to deal with
• 90% reduction in time spent on day-to-day cybersecurity management
• Doubling the efficiency of the IT team

Sophos Central enables IT teams to stop console-hopping and manage all their security in one place. Should an alert need investigating, you can follow the trail seamlessly across protection technologies to quickly get to the root of the issue and remediate appropriately. User-based policies make it quick and simple to apply consistent approaches across endpoint and network security tools.

We recognize that each organization is different and Sophos Central is a flexible tool that adapts to customer needs. The intuitive dashboards and one-click fixes support stretched IT teams while enterprise-grade features and granularity provide the depth and control security specialists require.

Looking Ahead

While our interface and breadth and depth of capabilities has changed hugely over the last ten years, our passion to elevate usability, utility, and scalability has not.

Over the coming year our dedicated Sophos Central engineering team, partnering with our outstanding product and services teams, will be delivering further leaps forward in customer delighting usability, capability and function; ensuring that we continue to give organizations the very best tools for managing their defenses.

As we celebrate this milestone anniversary, be assured that Sophos Central will continue to be at the heart of Sophos innovation and product and service delivery for the decade to come.

Source: Sophos

Sophos Firewall has received Frost & Sullivan’s prestigious Competitive Strategy Leadership Award in the next-generation firewall (NGFW) industry. Frost & Sullivan applies a rigorous analytical process to evaluate multiple vendors for each award category before determining the final award recipient.

We are very honored that Sophos Firewall was awarded this distinction based on strategic innovation and customer impact.

Frost & Sullivan praised our focus on delivering a turn-key cybersecurity solution that enables organizations to scale their security operations without increasing IT complexity. They also praised us for enabling organizations to reduce TCO, strengthen their security posture, enhance visibility, and improve compliance.

They noted that we are uniquely positioned to provide a holistic cybersecurity platform through Sophos Central, which eliminates blind spots in increasingly complex network environments while not forcing customers to compromise on performance for better firewall security:

“Sophos’ firewall offering removes the burden of choosing between security and performance with its Xstream acceleration engine, which balances data traffic between CPUs to optimize performance and keep the network secure.”

Frost & Sullivan concluded that Sophos Firewall aligns with customer needs for better price/performance and value, a great ownership experience, and the option to easily scale or adapt as their needs change or grow.

“Sophos has capitalized on opportunities to simplify its product portfolio, solidifying its position as one of the leading NGFW vendors in the market. For its strong overall performance, Sophos earns Frost & Sullivan’s 2023 Global Competitive Strategy Leadership Award in the next-generation firewall (NGFW) industry.”

Download the full Frost & Sullivan Award Report and check Sophos.com/Firewall for more information.

Source: Sophos

The evolution of businesses and IT infrastructures over the last few years has been staggering, resulting in data disparately distributed throughout the business ecosystem. This makes it difficult to monitor both the data and the server carrying it. That’s why it is crucial for managed service providers (MSPs) like you to be well-prepared to protect and recover your critical server workloads regardless of where they are located.

Due to data sprawl, it gets quite challenging for MSPs to provide complete data protection to “edge cases,” which include small businesses with individual servers, servers situated in very remote or inhospitable places, or servers distributed over multiple sites. It also gets incredibly complicated and time-consuming to implement and manage the backup infrastructure of the server workloads, especially when there’s a need to implement a separate on-site backup appliance at each location. Added to this is the heavy cost incurred by MSPs to carry out the entire operation.

Hence, most MSPs tend to avoid rolling out or managing backup infrastructures.

Putting MSPs at risk

The reluctance to manage backup infrastructures can be costly for MSPs since it leaves their clients’ data unprotected. Not backing up data creates data loss risks and possible exposure to ransomware attacks, resulting in business downtime and reputation loss for the MSP. This can directly impact the MSP’s profitability and must be addressed smartly.

Direct backup to the cloud

A dedicated backup infrastructure in a data center isn’t always the solution. Complementing your tech stack with a direct backup to the cloud would be the ideal choice. With the help of a unified, direct-to-cloud business continuity and disaster recovery (BCDR) solution, you can bolster your data protection and take it beyond the boundaries of primary data centers. You can do away with all the complexities associated with the implementation and management of modern IT infrastructure, in turn saving technician time and energy and focusing on helping your clients grow their business.

Another reason to amplify your stack and opt for direct-to-cloud backup is the possibility of new revenue and healthy margin opportunities. It allows the backup services to expand beyond their spheres of influence and include the protection of clients’ systems, eliminating the risk of data loss and the possibility of downtime — at great operating margins.

A game changer for MSPs

Datto Endpoint Backup for Servers offers compact, direct-to-cloud BCDR solutions for servers anywhere. Purpose-built for MSPs, this solution combines its direct cloud backup feature with ransomware protection and powerful disaster recovery (DR) capabilities and can be managed via a unified management portal. It eliminates the need to put hardware on-site.

Let’s take a look at what it brings to the table.

Enhancing your and the clients’ reputation

Ransomware attacks are on the rise owing to their late detection. Such a threat can result in unplanned downtime and jeopardize your company’s reputation. Datto’s latest solution, with its unique ransomware detection capabilities, scans for early warnings and regularly checks immutable backups stored in the Datto Cloud with Cloud Deletion Defense™ — protecting your customers’ businesses from IT disasters. This goes a long way towards preserving and enhancing your reputation as well as that of your clients. The same technologies as Datto SIRIS and Datto Continuity for Microsoft Azure are used here to eliminate ransomware threats.

Expanding your BCDR services

Datto Endpoint Backup for Servers helps create new revenue streams for your business and expands the scope of your BCDR services by offering complete protection for “edge case” servers. Despite the expansion of services, the costs involved in providing complete protection (backup, DR and DR testing) follow a flat-fee structure and are lower than “do-it-yourself” (DIY) vendors, whose costs are often high and unpredictable. The solution comes with the lowest total cost of ownership (TCO), without any hidden/variable fees. No extra charges for cloud storage, computing, DR or DR testing are incurred. Such a cost-effective pricing model enables predictable business growth for you and your clients.

Simplifying the backup business

The recent shift to a hybrid business model has led to increased complexity within the IT landscape, with data and servers scattered across multiple sites. Datto Endpoint Backup for Servers comes with a centralized management portal that simplifies the data backup workflow while saving time and eliminating complexity in just a few clicks. The portal is connected with both Datto BCDR solutions and Datto Continuity for Microsoft Azure. Hence, managing the full backup stack from a single, unified interface is now a reality. The MSP-centric architecture of the solution delivers optimal technician efficiency and minimum overhead costs compared to solutions designed for enterprise IT.

Best-in-class tech support

Datto-certified experts are there to quickly help you with proven, direct-to-tech, 24/7/365 support. This ensures proper monitoring of your backup and DR services and pushes you and your clients to succeed.

Built to scale MSPs

With Datto Endpoint Backup for Servers, you get appliance-less, direct-to-cloud backup managed via a client-centric view for consistent data protection across remote servers, data centers, Azure and SaaS. Due to this single-pane-of-glass management, there’s a streamlining of daily operations, increasing overall BCDR efficiency with smart features like screenshot verification, automated testing and email alerts. As a result, MSPs like you get a much simpler and smarter BCDR solution.

A sign of such an evolved, smarter BCDR process is the hourly backup of your clients’ servers directly to the secure and private Datto Cloud, ensuring rapid recovery during downtime, cyberattacks and outages. This sets the standard for a secure cloud infrastructure and paves the way for unhindered business growth.

Source: Datto

Even with a well-guarded IT infrastructure, business disruptions are inevitable regardless of the size or industry of a company. This is especially true for organizations operating in harsh or highly uncertain environments, such as oil rigs, mines and factory floors. From cyberthreats to natural disasters and hardware failure, many factors could halt industrial and manufacturing production. One such factor is excessive vibration, which could cause data errors in hard disk drives (HDDs) and hamper operational continuity.

Challenges MSPs face serving clients operating in complex and risky environments

Managed service providers (MSPs) often struggle to deliver robust disaster recovery (DR) solutions to clients in the industrial and manufacturing sectors. This is due to the risk of low DR success rate and extended downtime because of the damage caused by excessive vibration to DR infrastructures relying on spinning HDDs.

In addition, MSPs face thinning margins implementing business continuity and disaster recovery (BCDR) solutions for clients with stringent recovery time objectives (RTOs). MSPs need premium hardware to deliver superior BCDR services and meet shorter RTO goals, which require high capital expenditure (CapEx).

Why HDDs aren’t ideal for disaster recovery in harsh environments

HDDs have many moving parts that operate with incredibly high precision. The mechanical components, read/write heads and platters or magnetic disks are delicate and sensitive, making them vulnerable to physical damage. The platter and heads rotate at high speeds of 10,000 to 15,000 rotations per minute (RPM) to store and retrieve information. Because of the delicate nature of its components and the rates at which it works, a sudden jerk or strong vibration could easily damage a hard disk drive and cause read-write errors. Data recovery from a damaged hard disk drive platter can be tedious and time-consuming.

HDDs vs. SSDs

HDDs are inexpensive compared to solid-state drives (SSDs) and provide more storage space. However, rotating HDDs have many mechanical parts that are prone to wear and tear after a few years of regular use, increasing the risk of hardware failure. SSDs, on the other hand, utilize flash memory to store information, have no moving mechanical components and can withstand bumps and vibrations. SSDs are highly durable and reliable storage mediums, even in harsh environments like manufacturing plants and factories. They are much lighter, faster, quieter and consume less energy than HDDs.

Minimize risks and expand margins with Datto SIRIS NVMe SSD Models

A crucial part of running a successful MSP business is having the right set of tools in your tech stack.

The new Datto SIRIS models, built using NVMe SSD, minimize risks by decreasing DR hardware failure rates caused by vibrations in harsh environments, like oil rigs, mines and factory floors. Our solutions allow you to increase your BCDR service profitability even for demanding clients and workloads since Datto SSD models come at one simple flat fee — no upfront CapEx costs or hidden or extra charges.

Datto’s flat-fee subscription model eliminates surprises by including DR/backup cloud, hardware, software, storage and technical support, even for the premium high-cost hardware based on NVMe SSD technologies.

Most Datto BCDR implementations deliver immediate return on investment (ROI) with larger margins and zero CapEx investment required.

Source: Datto

When ransomware strikes, files become encrypted. That’s the hallmark signature of most ransomware attacks. Even if you pay the ransom, there’s no guarantee that you’ll get the keys to unlock your encrypted files. Bottom line, when ransomware hits you are likely to lose important data.

This ends with Ransomware Rollback. Ransomware Rollback is a new, innovative feature included with Datto Endpoint Detection and Response (EDR) that gives you peace of mind knowing that when a ransomware attack hits you’ll be able to get your files back, intact as they were before the incident.

Datto EDR includes Ransomware Detection, a unique and powerful antimalware technology that identifies known and unknown types of ransomware and kills the encryption process once an attack begins. As fast as Ransomware Detection is, the attacker’s encryption process always strikes first, meaning some files become encrypted before Ransomware Detection can kill the process and isolate the endpoint.

To address this, Datto created Ransomware Rollback, a lightweight application that tracks changes on endpoint disk space, providing rollback functionality for files and databases impacted by ransomware attacks. It consists of software that runs silently in the background, as well as a desktop application used for monitoring and managing the rollback process.

The solution works by intercepting file system calls made by applications and then performs tracking of the changes made. For example, if a file is renamed, deleted, or updated, the system records these changes and stores them in a designated tracking directory on the user’s disk.

For database applications like SQL Server or QuickBooks, Ransomware Rollback saves the data being written on an operation-by-operation basis, allowing the entire update to be rolled back if it is compromised by ransomware.

Unlike other EDR applications that offer similar rollback capabilities, Datto EDR with Ransomware Rollback does not rely on Windows shadow copy, which is often targeted by ransomware attacks. This ensures that your files and data are safe from even the most advanced cyberattack.

What’s more, Ransomware Rollback solves the problem of “wiper” attacks. Data wipers are one of the fastest growing categories of malware. Here, the objective of a wiper attack is to delete and destroy files and data.

Ransomware Rollback even restores deleted files, such as those hit by a wiper attack or files deleted by accident. Through the creation of hard links in a tracking directory, Ransomware Rollback ensures that users can restore deleted files, no matter the circumstance.

Ransomware Rollback is an integral component of Ransomware Detection, which is included with Datto EDR. With one click, you can quickly revert encrypted data and files back to their previous state, which makes the recovery process easy, efficient and effortless.

To get a demo of Datto EDR with Ransomware Rollback, click here.

Source: Datto