Sophos UTM has added to our collection of industry awards, after being recognized as the Best UTM Solution at the SC Magazine Awards 2016 Europe, held earlier this week in London.

As the editor-in-chief of SC Magazine points out, these awards are designed to recognize the leading players in the industry and to encourage and praise innovation.

It’s an honor to be considered, and the Sophos SG UTM has now swept this award three times in a row, repeating twice in London and also winning in North America recently.

The judges were impressed by Sophos SG UTM, and its many advantages over the other products considered in this category.

As the judges’ full write-up noted, Sophos SG UTM has a full range of features, allowing businesses of any size to reduce the number of solutions they need to manage their security:

“As a fully-featured web security gateway, email gateway, network firewall and wireless management console, Sophos SG Series UTM has enabled its diverse customer base to reduce the number of solutions they need to manage whilst providing enhanced features, such as Advanced Persistent Threat Protection, which even the smallest company, can easily deploy.”

Read the full review (see page 11) to see why we beat the competition once again.

You can read the original article here.

A new version of a deceptive banking malware has been responsible for a series of attacks on financial institutions in many countries around the world in the past year, SophosLabs reports in a new research paper.

Vawtrak (also known as NeverQuest and Snifula) has been around for a few years now, yet it continues to thrive as a popular crimeware-as-a-service kit used by a variety of cybercriminal groups.

SophosLabs analysis of what we are simply calling Vawtrak version 2 shows the malware authors have introduced new innovations, while making frequent updates to meet demand and stay ahead of defenses. SophosLabs has seen Vawtrak version 2 spreading by phony emails claiming to be shipping delivery notices; and Vawtrak being dropped onto computers already infected by the Pony malware.

In the time since our previous research paper on Vawtrak, new banks and countries have been targeted, with several campaigns in countries including the United States, Canada, United Kingdom, Japan, and Israel, with the US being the largest target.

In our earlier analysis of Vawtrak, Germany and Poland were the top-targeted countries, but we did not see significant activity in those countries using version 2. This change in geographic targets could indicate that Vawtrak’s crimeware customers are no longer interested in those countries.

Innovations in Vawtrak version 2

The developers of Vawtrak have invested significant efforts to improve the malware in version 2, complicate defenses, and frustrate security researchers. According to SophosLabs, Vawtrak version 2 includes some updates that break existing tools used to analyze the malware:

“These changes involve increased levels of obfuscation and changes to the encryption used. … [T]he motivation for the change would appear to be an attempt to temporarily break existing tools that may implement the algorithms used by previous Vawtrak samples.”

SophosLabs also discovered that the Vawtrak authors made version 2 leaner with a smaller footprint for the initial payload used for infection. This leaner version of Vawtrak could allow the authors to introduce advanced features to be added and deployed as modules.

For a more technical analysis of Vawtrak version 2 and additional research insights into this persistent threat, download the SophosLabs research paper.

You can read the original article here.

It’s a challenge for network security professionals to detect, never mind block, every intrusion. What’s troubling is how much time it can take for an organization to realize that its network security system has been breached. In its latest report on cyber security trends, “M-Trends 2016,” FireEye found that it took a median of 146 days for an organization to recognize that its security had been compromised. (This statistic is based on Mandiant’s experience responding to breaches. Organizations that detected a breach on their own or resolved the breach without Mandiant’s involvement are not included in the median.)

Some infamous security breaches weren’t detected for months; the U.S. Office of Personnel Management data breach is one instance that comes to mind. It took OPM staff over a year to become aware of the breach. TalkTalk’s breach was another that made headlines, and raised questions about how long it took for security staff to detect the breach and respond to it. In that incident “criminals accessed details of 156,959 accounts and 15,656 bank account numbers,” according to Express news.

The fact that some breaches have gone unnoticed for days, or even months is cause for concern. That’s way too much time, considering that hackers can infiltrate a network and obtain crucial data in a matter of minutes. Why did it take so long for TalkTalk to realize the security breach? One factor was a distributed denial of service (DDoS) attack. The Guardian reported that “TalkTalk said a distributed denial of service (DDoS) attack – one that overwhelms a website with traffic, taking it offline – was used as a smokescreen for the attack.”

DDoS Attacks Serve As Smokescreens

Corero’s research of its customer base found that 95% of DDoS attacks average less than 30 minutes in duration, and 93% of attacks are 1Gbps or less in size. Such partial link saturation attacks are often called “Dark DDoS attacks” because they can serve as a smokescreen for a security breach that exfiltrates sensitive data. A Dark DDoS attack distracts IT security staff by inundating online systems with junk traffic, while hackers penetrate other network services that are still up and running and vulnerable to attack.

Even if you have a legacy DDoS mitigation solution (such as a cloud scrubbing service), you’re not fully protected from a Dark DDoS attack, because scrubbing solutions still rely too much on human observation and intervention, which results in a time delay. A scrubbing center solution is usually activated at least 30 minutes after the attack has been initiated—by then some damage could already be done, either in terms of affecting a network or website, or stealing sensitive data.

For this reason, it’s more important than ever to have an automated, inline DDoS mitigation appliance in place, which provides 24/7/365 protection from DDoS attacks. According to Dave Larson, COO of Corero Network Security,

“The only proper defense is to use an automatic, always-on, in-line DDoS mitigation system, which can monitor all traffic in real-time, negate the flood of attack traffic at the Internet edge, eliminate service outages and allow security personnel to focus on uncovering any subsequent malicious activity, such as data breaches.”

You can read the original article here.

For IT security teams, it’s nearly impossible to keep up with the ever-changing cyber threat landscape; not only are there are numerous types of threats, but some attacks are so small in scale that they often escape human detection. Large-scale, volumetric DDoS attacks may cripple websites and grab headlines, but small-scale, low-threshold attacks can be even more nefarious and damaging.

Visibility and Response Time are Critical

The time it takes to detect and respond to a distributed denial of service (DDoS) attack is critical. Human intervention is insufficient for most cyber security attacks because humans can’t immediately see every attack, and they certainly can’t respond fast enough (in real time) to block all infiltrations.

If you can’t recognize a DDoS attack, how can you even begin to defend against it? Hackers need only a few minutes to overrun traditional security solutions and steal sensitive data or map a network to find its vulnerabilities. Even when humans do notice an attack, by the time they respond, the damage may already be done. That’s why IT professionals need granular, real-time network security visibility to monitor and analyze traffic.

Vikram Phatak, CEO and Chairman of NSS Labs recently said, “…attacks happen in computer time, but responses take place in human time. “Companies typically patch monthly, but the bad guys change their approach hourly…Automating the response process shortens the patch window from a week to seconds.”

Automated DDoS Protection is Cost-Effective

In an era when the vast majority of DDoS attacks are under 1 Gbps, and can evade a traditional cloud-based scrubbing center, it’s cost-effective to automate security systems as much as possible. An automated, in-line DDoS protection solution is less expensive than human security staff, and more accurate. That doesn’t mean that security staff are unnecessary, but rather that they need the automated technology to help them be more productive.

The cost of a cyberattack can be enormous, in terms of lost customer trust, revenues, and staff time spent cleaning up the damage. When it comes to cyber threats, a proactive, automated approach makes more sense than a reactive, manual approach.

You can read the original article here.

Mobile devices… everybody has them. We use them every day (sometimes for large parts of the day) for increasingly productive and amazing things – to take selfies, peruse the news, surf the web, compose music, send saucy text messages, make art, and other creative things.

Most also want to use them at work – to read work emails, view and share files, access the company intranet, check the latest revenue spreadsheets, make last-minute edits to the big presentation, and so on. But with the explosion of mobile device usage in business comes the inevitable headache of ensuring that all sensitive and confidential company information stays secure. Data protection regulations must be followed, security policies need to be adhered to and intellectual property must be kept confidential.

As the devices in an organization multiply like rabbits, overworked and understaffed IT departments have to work hard to not lose control. Employees bring their own smartphones and computers to work and expect the same level of access as with corporate-owned devices, which is enough to give any IT admin nightmares.

The best way to cope, while continuing to allow users to work the way they want and to be as productive as possible, is to find a solution that can manage all devices with one secure, time-saving and super-simple solution. Sophos Mobile Control does just that.

We’re very excited to announce the new Sophos Mobile Control 6.1, where in addition to managing traditional iOS, Android and Windows Phone devices you can now also manage Windows 10 laptops, desktops and tablets from the same console. This lets you rest easy knowing you have a uniform company and security policy in place – both for company and privately-owned devices, regardless of whether it’s a phone, desktop or laptop.

Even if contractors, consultants or employees bring a personal Windows 10 laptop to the office, enrollment, provisioning email and granting access to company resources is done with a few clicks in the straightforward management console. It’s also equally easy for the user to remove the computer from company control when access is no longer needed.

Contain yourself, and your users

An additional complication with using privately-owned devices in a company is to make sure that business data stays safe and separated from personal information on the device. Users want their information to stay private and companies want to control access to their sensitive data.

Sophos Mobile Control 6.1 lets you easily configure powerful encrypted containers for documents, emails, calendars and contacts across different OS versions and different devices. If a device becomes compromised or goes missing, access to the data in the containers can instantly be removed by IT. You can even create access control restrictions based on time, Wi-Fi or geo-location.

Best of all, when a user leaves the company, the IT admin can simply remove access to the containers without having to resort to wiping the entire device. Those collections of cat pictures, funky tunes and retro monophonic ringtones are totally safe!

All this means that with Sophos Mobile Control 6.1 you will spend less time and effort managing devices, but you’ll still allow users to be as productive with mobile devices in your business as they deserve to be, without any of the associated risk.

Read more about Sophos Mobile Control. Try the demo now!

You can read the original article here.

If you think your antivirus alone is enough to stay safe from today’s advanced malware threats, you might want to get a second opinion.

Today’s malware is difficult to detect, difficult to remove and difficult to recover from. We estimate that less than 10% of all the new samples analyzed by SophosLabs is previously known malware. You wouldn’t want to gamble with those odds, and you surely don’t want to gamble with your endpoint security.

Sophos Next-Generation Endpoint Security uses signature-less threat detection and response capabilities to better protect you against zero-day attacks, advanced threats and crypto-ransomware that can evade traditional, signature-based endpoint products.

Now we’ve added another tool to our arsenal. We’re calling it Sophos Clean, the next generation of malware detection and removal tools.

When Sophos acquired SurfRight last December, we knew we were getting a great company with innovative technology to complement our industry leading, next-gen endpoint protection solution.

As an added bonus, we acquired SurfRight’s popular HitmanPro malware scanning and removal tool, used by more than 23 million users worldwide. Among its industry accolades, HitmanPro recently received a Q1 2016 MRG Effitas 360 Degree Assessment award, one of just five products certified for neutralizing and successfully remediating all threats in real-world testing.

Now we’ve built Sophos Clean on top of the cutting-edge HitmanPro technology, using progressive behavior analytics, forensics and collective intelligence to discover and remove all traces of malware threats that your antivirus might miss.

Resilient malware attacks critical system files or boot records to manipulate Windows and antivirus software – even before the operating system boots. Sophos Clean can remove persistent threats from within the operating system and replace infected Windows resources with safe original versions. Reinfection attempts are proactively blocked until threat remediation has finished.

Sophos Clean is certainly thorough, but it’s also fast.

With a minimal footprint of just 11 MB, Sophos Clean can scan and remediate infections in less than five minutes, because it can immediately distinguish safe applications from malicious software through advanced behavior analysis. And it checks against our Sophos cloud database of trusted applications, reducing instances of false positives.

The on-demand scan does not need to be installed, which is particularly useful in cases of ransomware infection or in situations where malware is manipulating the installed antivirus software and its updates.

Sophos Clean runs alongside any anti-malware protection you already have. You can scan directly from a USB flash drive, CD/DVD or network attached storage.

Simple. Fast. Clean.

Try a 30-day free trial of Sophos Clean today.

You can read the original article here.

Miercom, a leading, independent test center, recently conducted a comparative test of UTM/Next-Gen Firewall appliances from leading network security vendors including Sophos, Fortinet, Check Point, Dell SonicWALL and WatchGuard.

Miercom ran an extensive set of tests, including raw firewall throughput at a variety of real-world packet sizes. We were pleased with the results, as our XG 135w outperformed similar competing models in all tests by a significant margin.

The Sophos XG 135w set its baseline throughput with firewall enabled at 6560 Mbps, 67.7% more than the competing vendor average.

Miercom also measured performance under real-world conditions, with a variety of important security features enabled such as IPS, application control, antivirus and IPS. The Sophos XG 135w ranked tops in every test, including the most demanding with all security features enabled:

In full UTM mode, the Sophos XG 135w claims the highest performance rate. Its throughput surpasses the competitive performance by 31.3%.

With modern web applications placing increasing demands on firewall connection limits, Miercom also ran a series of demanding connection tests, which are ideal for revealing performance bottlenecks imposed by inadequate RAM and processing speed.

Again, the Sophos XG 135w proves it offers outstanding value – with its high-performance Intel multi-core technology and generous amounts of RAM – providing an order-of-magnitude advantage over competing Firewalls. 

The Sophos XG 135w baseline maximum CCPS was 88.5% higher than the competitor average. Its UTM maximum decreased by 10,000 CCPS and was 92% higher than the average. Its concurrent connection rate was extremely high but also had a fairly insignificant decrease when all UTM features were applied.

The bottom line

We couldn’t be more pleased with the results of this comparative testing. But honestly, we’re not that surprised.

We’ve engineered our XG and SG Series appliances to offer the ultimate in state-of-the-art performance, with features other vendors just don’t offer – like high-performance Intel multi-core CPUs, ample RAM, and solid-state storage. Plus we offer the best value and ease-of-use in the industry.

Quite simply, Sophos offers the best price-performance ratio out there, and it’s nice to see Miercom’s testing support that.

Download the Miercom report for full details and results from all their testing.

You can read the original article here.

Looking into current Security Information and Event Management (SIEM) systems, one can notice that all of them attempt to meet certain criteria, such as the native support provided for different log sources and the design of modern features in order to perform data examination and analysis on the sheer volume of the generated log data.

Among these criteria, the compliance management initiatives and the availability of computer forensics capabilities lay at the heart of the discussion. In the present post, the issue under scrutiny is what is computer forensics and how can it be used in today’s world.

A Historic Perspective

Forensics has been around since the dawn of justice. The well-known examples of studying fingerprints or blood groupings and DNA have been used for a long time in order to determine the nature of a crime and locate the perpetrator. Around 1910, Albert Osborn became the first person to develop the essential features of documenting evidence during the examination process. Later, in 1984 the Computer Analysis and Response Team (CART) was established to provide support to FBI’s field offices searching for computer evidence.

Computer forensics, -also called Digital Forensics- has emerged due to the vast increase of cyber activity among the general public. This growth led to greater awareness of the importance of Computer Security and the protection against computer-facilitated crimes. However, the two terms are entirely different despite that they are often closely associated.

• Computer security focuses on techniques and technologies in order to prevent the unauthorized access on computer systems and mainly protect against violation of confidentiality, integrity and availability of data managed by the systems.
• Computer forensics is primarily concerned with the acquisition, preservation and analysis of data gathered by a compromised system after an unauthorized access has taken place.

Cyber Crime Calls for Forensics

Our dependency on computer systems has given way to novel cyber criminal activities. Theft of intellectual property, damage of company service networks, financial fraud, system penetration and data exfiltration are just few of the computer-facilitated crimes that are being committed even as we speak. They differentiate in terms of how the attack takes place, either as external or insider attacks, where a breach of trust from employees within an organization is involved.

Forensics investigation always comes after the attack has been launched and detected, and it follows certain stages and procedures in order to guarantee that the collected digital evidence can be used by law enforcement to track and prosecute cyber criminals.

Why is Computer Forensics Needed?

Picture a hypothetical scenario where your organization’s premises have been breached by criminals who broke into and stole valuable assets like money, equipment or confidential reports. The first thing that any responsible executive would do is to evaluate the situation and call law enforcement investigators in order to examine the area and gather any useful evidence.

Now, let’s suppose that the crime had been committed electronically, by breaching the organization’s network, acquiring important data and getting access to undisclosed information. Keep also in mind, that the intruder could be an employee of the company using the organization’s computers. As with the case of a physical crime, the person in charge should evaluate the situation, which in the computer security case means to correctly evaluate the alerts coming from host and network intrusion detection and prevention systems (IDPS) and then use the correct tools in order to collect and analyze any data that could be useful digital evidence.

Computer forensics is the next step of the procedure, where you apply contemporary techniques to gather and preserve evidence from the computing devices of interest in a way that is suitable for admission in a court of law. Imagine how flexible the procedure can become if the appropriate tools for evaluating the situation have been preconfigured for dealing effectively with such cases. Finally, consider that cyber crimes occur much more frequently than physical ones, especially when referring to organizations as victims.

Strategic Planning for Business

Despite Dr. Wolfe’s definition, computer forensics as a science can also be used as application in cases that do not or do not want to involve a court of law. Especially in the case of an insider attack, forensics tools can be used to gather evidence that the executive can then use against the employee in order to prove his involvement in the attack. In general, if the organization is concerned about resolving any problems caused by computer security breaches, it would be reasonable to look into the advanced search capabilities of a SIEM platform and emphasize on the reporting and data visualization features of the SIEM solution. It will save valuable time and resources of an organization if its SIEM is set up in a simple and easy to use way for storing and locating data and instantaneously generating the appropriate reports or other graphic formats.

However, performance is less valuable without context in the forensics case. Much of the current debate in the computer security space tends to accentuate the ability of convergence between computer forensics and SIEM in the area of real-time security analytics rather than differentiate the two areas. The underlying issue is what features do the current SIEM solutions provide that can assist in data examination and analysis and which features should be included in a SIEM platform in order to satisfy some of the computer forensics requirements.

You can read the original article here.

There are many misconceptions about cloud security, and it starts with basic misunderstandings about what “the cloud” even is.

Essentially, the cloud is anything hosted and accessed virtually. Webmail systems like Gmail, and social networking sites like Facebook and Twitter are in the cloud. Really, the entire internet is the cloud!

As Sophos experts explain in a new whitepaper describing best practices for cloud security, the most important thing to remember is that when you put data in the cloud, you need to understand how it’s being protected. You shouldn’t assume that security is being taken care of for you.

To help you take the necessary steps to protect your online assets in the cloud, this free Sophos whitepaper defines different cloud models and the unique benefits and challenges of each type; and offers tips for implementing security best practices.

The paper also delves into Amazon Web Services (AWS) and the shared responsibility model – it explains the kinds of security AWS provides, and what security you need to put in place yourself.

Sophos UTM: modular security that auto-scales with the AWS cloud

Sophos UTM with Auto Scaling gives you complete security, from the network firewall to endpoint antivirus, in a single modular system. Sophos UTM integrates with the AWS infrastructure to provide high availability and scalability. And it simplifies your IT security and saves money by combining multiple security solutions, and increases visibility through detailed logs and reports.

Sophos is an advanced tier AWS technology partner, and our security products protect thousands of customer environments running on AWS. We’ve also been awarded the AWS Security Competency designation.

Learn more at sophos.com/AWS.

You can read the original article here.

Corero released the results of our annual DDoS Impact Survey, which polled technology decision makers, network operators and security experts about key DDoS issues and trends that Internet service providers and businesses face in 2016.

Nearly half (45%) of the survey participants indicated that loss of customer trust is the most damaging consequence of DDoS attacks to businesses. Additionally, 34% of survey participants said lost revenue was the worst effect. Sadly that is not surprising, as network or website service availability is crucial to ensure customer trust and satisfaction, and vital to acquire new customers in a highly competitive market. When an end user is denied access to Internet-facing applications or if latency issues obstruct the user experience, it immediately impacts the bottom line.

Certainly, DDoS attacks get the most attention when a firewall fails, service outage occurs, a website goes down or customers complain. But companies should be concerned about DDoS attacks even when the attacks are not large-scale, volumetric attacks that saturate a company’s network and associated server infrastructure. Industry research, as well as our own detection technology, shows that cyber criminals are increasingly launching low-level, small DDoS attacks.

The problem with such attacks is two-fold: small, short-duration DDoS attacks still negatively impact network performance, and—more importantly, such attacks often act as a smokescreen for more malicious attacks. While the network security defenses are degraded, logging tools are overwhelmed and IT teams are distracted, the hackers may be exploiting other vulnerabilities and infecting the environment with various forms of malware. Small DDoS attacks often escape the radar of traditional scrubbing solutions. Many organizations have no anti-DDoS systems in place to monitor DDoS traffic, so they are not even aware that their networks are being attacked regularly.

The survey also asked participants about their current methods of handling the DDoS threat; nearly one third (30%) of respondents rely on traditional security infrastructure products (firewall, IPS, load balancers) to protect their businesses from DDoS attacks. Those companies are very vulnerable to DDoS attacks because it’s well documented that traditional security infrastructure products aren’t sufficient to mitigate DDoS attacks.

An overwhelming majority (85%) of respondents indicated they believe upstream Internet Service Providers should offer additional security services to their subscribers to remove DDoS attack traffic completely. Furthermore, 51% responded that they would be willing to pay their Internet Service Provider(s) for a premium service that removes DDoS attack traffic before it is delivered to them, and 35% indicated they would allocate 5-10% of their current ISP spend to subscribe to this type of service. Clearly there is market demand for protection services from Internet Service Providers, and organizations are willing to pay for a service that protects them from DDoS attacks.

You can read the original article here.

The Radicati Group has just released its Enterprise Mobility Management – Market Quadrant 2016 report, and we’re proud that Sophos has earned a place in the Top Players quadrant, demonstrating our leadership in the industry.

Radicati, an independent market research firm not aligned with any vendor, evaluates enterprise mobility management (EMM) vendors based on feature functionality and strategic vision. Radicati says Top Players are “the current market leaders, with products that offer both breadth and depth of functionality,” and have a “solid vision for the future.”

As a Top Player, our EMM product, Sophos Mobile Control, is considered a “complete EMM solution” with “comprehensive feature sets” in the areas of mobile device management (MDM), mobile application management (MAM), mobile security, and mobile content management.

We believe we’re a Top Player because we designed Sophos Mobile Control to provide the best mobile security for users, their devices and corporate data. Sophos Mobile Control empowers your mobile workforce to do their jobs with convenience and security, without burdening IT.

Radicati’s Market Quadrant report highlights Sophos strengths, including the integration of Sophos Mobile Control with Sophos Safeguard Encryption, which allows users to securely share encrypted files to their mobile devices. Sophos Secure Workspace allows users to securely add, view and edit encrypted documents stored in the cloud, helping workers easily collaborate from anywhere.

The new Sophos Secure Email – a container solution for email, calendar and contacts – helps IT easily provision email to employee mobile devices across iOS and multiple Android versions.

Another strength noted by Radicati is that Sophos Mobile Control integrates seamlessly with the Sophos UTM, encryption and endpoint protection solutions, for a complete security strategy.

Download a complementary copy of the full Radicati EMM Market Quadrant report to see how the different EMM vendors placed in the Market Quadrant, and learn more about why Radicati named us a Top Player.

Sophos Mobile Control

Sophos Mobile Control is the simplest way to enable secure mobile productivity and collaboration for your business. Sophos Mobile Control is a complete stand-alone mobile security solution, while also integrating directly with Sophos UTM and Sophos SafeGuard Encryption to deliver the most comprehensive mobile protection available on the market today.

You can read the original article here.

Array Networks Inc.,a global leader in application delivery networking, announced today the immediate availability of three new fifth-generation application delivery controller (ADC) appliances. Running Array’s recently released Version 8.6 software, the entry-level APV1600 and APV2600 and the mid-range APV3600 achieve industry-leading Layer-4, Layer-7 and SSL benchmarks for throughput and connections per second – delivering up to 300% better performance without increasing prices for Array customers.

• APV1600 Layer-4 and Layer-7 throughput increased by 50% to 3.7Gbps and 3Gbps respectively. Layer-4 connections per second increased by 300% to 280K, while Layer-7 requests per second increased by 100% to 200K.
• APV2600 Layer-4 and Layer-7 throughput increased by 100% to 18Gbps and 13Gbps respectively. Layer-4 connections per second increased by 50% to 360K, while Layer-7 requests per second increased by 100% to 200K. Full-featured list price starting at $13,995.
• APV3600 Layer-4 throughput increased by 100% to 37Gbps. Layer-4 connections per second increased by 33% to 1M, while Layer-7 requests per second increased by 20% to 635K. 2048-bit SSL TPS increased by 40% to 35K.

Industry-Leading Software SSL

With the introduction of elliptic curve cryptography (ECC) support in Array’s recently released Version 8.6 software, the APV1600, 2600 and 3600 appliances now support industry-leading performance for software-based SSL offload. The APV1600, 2600 and 3600 support up to 2100, 5500 and 35,000 SSL TPS respectively without the need for additional-cost hardware acceleration modules – performance that is between 4-to-6 times better than similarly priced alternative ADC solutions.

“As a pioneer in integrated traffic management and application delivery, we are pleased to launch the fifth generation of our APV Series products,” said Paul Andersen, senior director of marketing at Array Networks. “While recent efforts have seen Array expand its portfolio of cloud and security-focused solutions, we remain committed to leading the way for both physical and virtual load balancing and application delivery solutions. With the new APV1600, 2600 and 3600 appliances, Array continues to raise the bar for entry-level and mid-range solutions, providing our customers with a superior combination of features, reliability and price-performance.”

You can read the original article here.

Many organizations are considering next-generation solutions to deal with the unknown threats cybercriminals use to evade traditional defenses. One technology that’s had a fair share of hype is the sandbox.

A sandbox is an isolated, safe environment that imitates an entire computer system to execute suspicious programs, monitor their behavior, and understand their intended purpose, without endangering an organization’s network.

Choosing a sandboxing solution can be a challenge due to the numerous options available on the market. Consider the following five points before you make your decision.

1. Does the solution analyze a broad range of suspicious objects?

Pick a sandbox solution that can detect threats designed to evade sandboxes. Your sandbox needs to be able to analyze a broad range of suspicious files. Check that your chosen solution can analyze archives, Microsoft Office documents and PDFs, as well as executables.

2. Does it offer comprehensive operating system and application stack coverage?

Comprehensive platform coverage is important for detecting malware that has been fine-tuned to run only in a specific operating system or application.

3. Does it give contextual information about the malware or targeted attack?

Context about the targeted attack is mission critical. You need a solution that can give you granular, incident-based reports that provide valuable context.

4. What is the sandbox analysis rate?

Choose a solution that uses anti-malware and reputation services to reduce the number of wrongly convicted files and the number of files sent for sandboxing. This helps reduce impact on performance and your users.

5. Does it use collective security intelligence?

Conventional security checks fail to discover unknown threats. To improve the accuracy of detecting these threats, choose a solution that uses cloud-based collective threat intelligence from multiple events and customers.

We address all these questions in our new guide, Defeating the Targeted Threat: Bolstering Defenses With a Sandbox Solution. This free paper explains why you should consider a sandbox and answers your questions about what to look for in a sandbox solution.

Introducing Sophos Sandstorm

Sophos Sandstorm is an advanced persistent threat (APT) and zero-day malware defense solution that complements Sophos security products. It quickly and accurately detects, blocks, and responds to evasive threats that other solutions miss, by using powerful cloud-based, next-generation sandbox technology.

To find out if Sophos Sandstorm is the right sandbox solution for your business, visit sophos.com/sandstorm.

You can read the original article here.

Mobile devices are essential for the modern information worker. According to Forrsights Workforce Employee Survey, 74% of information workers use two or more devices for work, including desktops, laptops, smartphones and tablets.

Many of those employees are using the same device to manage personal and professional tasks, yet they still want to keep their personal and corporate data separate.

In the era of enterprise mobility, organizations need visibility and control over who is moving their corporate data, where, and with which apps and devices.

An enterprise mobility management (EMM) solution can help organizations move away from restrictive device and content policies and towards secure environments where protected data is easily accessible from anywhere for on-the-go employees.

The task of enterprise mobile security really boils down to three basic needs:

• Protecting the user and device
• Protecting access to the enterprise network
• Protecting enterprise data

And of course, most importantly, you need an easy-to-use solution that lets you accomplish your goals with available resources.

EMM solutions are aimed at smartphone and tablet devices and should support multiple operating systems. The core components of EMM include: mobile device management, mobile application management, mobile security, and mobile content management.

Download the free whitepaper Getting Started With Enterprise Mobility Management, to see how you can craft an effective EMM strategy, empowering your workforce while keeping corporate data safe.

Sophos Mobile Control

Sophos Mobile Control is the simplest way to enable secure mobile productivity and collaboration for your business. Sophos Mobile Control is a complete stand-alone mobile security solution, while also integrating directly with Sophos UTM and Sophos SafeGuard Encryption to deliver the most comprehensive mobile protection available on the market today.

You can read the original article here.

Array Networks Inc., a global leader in application delivery networking, announced today the immediate availability of subscription-based virtual application delivery controllers (ADCs) in Amazon Web Services Marketplace (AWS Marketplace), an online software store that streamlines the procurement process for customers looking to find, buy, and immediately start using third-party software and services that run on AWS.

As cloud and virtualization continues to expand its footprint within the business landscape, ensuring performance and availability for these new deployment models has become increasingly important. In addition, enterprises and service providers deploying on the cloud need to make applications securely available to a growing base of end users. Array’s vAPV virtual ADC for AWS provides optimized performance and availability for business-critical applications running on AWS.

Array’s new subscription-based virtual ADC offerings complement existing Array ‘bring-your-own-license’ (BYOL) solutions available in AWS Marketplace. In contrast to BYOL offerings – which require customers to purchase a license from Array – the new subscription offerings allow customers to purchase Array solutions directly from AWS on either an hourly or a yearly basis. For additional flexibility, both hourly and yearly subscription options are available in four different sizes (entry, small, medium and large) to meet the needs of any size business or deployment.

For enterprises migrating to the cloud, they can purchase all of the storage, server and networking they need on the AWS Cloud and scale as demand for their products and services grows using Array‘s vAPV ADCs. And for those that have deployed Array ADCs in their own data centers, it is now an option to burst to AWS and have an identical application delivery solution on the AWS Cloud for back-up capacity.

“Customers are beginning to combine traditional hardware appliances with virtual solutions and cloud hosted solutions to create architectures that best suit technical and business requirements,” said Paul Andersen, director of marketing at Array Networks. “We are dedicated to meeting our customers’ evolving application deployment requirements and expanding Array’s offerings in the AWS Marketplace is a great step to broadening access to guaranteed performance in virtualized infrastructures.”

Perpetual, monthly and yearly subscription BYOL licenses are available from Array to provide flexibility that is in line with the flexibility of AWS. Hourly and yearly subscriptions for entry, small, medium and large virtual ADCs are available immediately directly from AWS Marketplace.

Υou can read the original article here.

Your organization likely spends many resources preventing external breaches and takes the necessary measures to ensure that your company’s data is protected. However, did you consider if you’re in fact having coffee with the hacker every morning…?

Organizations tend to forget that almost half of data losses are results of internal breaches, half of which are intentional criminal acts and the rest a consequence of human error (figure 1).

Handling data while at the same time ensuring protection of privacy, is a crucial ingredient for success in today’s business environment. How do we acknowledge these facts and minimize internal breaches, without increasing distrust and monitoring of our employees’ every move?

Intentional breaches

A survey from Clearswift recently revealed that one third of employees is willing to sell company data for the right price. Again: one out of three! Of course organizations have legal measures to safeguard that employees act ethically, but business processes are highly based on trust of confidentiality.

The intentional breaches are often committed by employees with easy access to critical company data and companies usually don’t have sufficient measures implemented to ensure restricted access. So how can you achieve a balance between providing your employees freedom to operate, while still monitoring and detecting suspicious behavior?

Implementing a solution to detect unusual behavior and pattern recognition will be a great starting point. Let’s say that an employee operating in the marketing department with a consistent workflow starts accessing files within research and development. Often there will be a natural explanation, but if the employee simultaneously uploads large data amounts via Dropbox, one might expect that something is wrong. A SIEM solution is able to assist in the process of detecting unusual behavior like this and can provide your company with a holistic view of data flows and analysis.

A recent report from Intel Security shows that the most common format of stolen data are regular documents. Due to the electronic handling of sensitive corporate documents, stealing data is no longer associated with tiptoeing towards the copying machine around midnight. It is as easy as using a USB stick or sending an e-mail, but these actions all leave a digital fingerprint. This digital footprint enables your SIEM solution to detect a potential breach and make the management team aware of the possible malicious activity.

Accidental breaches

Even though half of data breaches are internal, as mentioned, around 50 percent of these are not a result of greed, but rather employees’ ignorance of the implications of certain actions. We may all know the famous example of the U.S. Department of Homeland Security, who planted USB sticks with their own company logo in the parking lot outside their office. Shockingly, they found that 90% of the USB sticks were picked up by employees and without hesitation plugged into company computers.

This illustrates the fact that internal data breaches are often not a result of greed, but rather ignorance or unawareness of proper cyber security best practices.

How can we make employees think twice before picking up the USB drive and checking the content without hesitation? It is important that companies have internal focus on current issues, update operational practices and implement sufficient data handling policies.

By employing a SIEM solution and establishing formal measures for operations, companies will be able to setup alarms if e.g. blueprints, strategic roadmaps or new product descriptions are accessed or transferred electronically – thus, providing organizations with the ability to identify and address potential vulnerabilities and anomalies within their IT environment.

Final recommendations

It is crucial for companies to start acknowledging the importance of internal breaches and establish measures for responding to the challenge. Often it is small errors leading to increased vulnerability. By employing a SIEM solution and establishing company governance addressing operational practices, companies will be able to address the issue of internal breaches and mitigate the problem.

Υou can read the original article here.

While the security industry has been increasingly trending toward complicated point products – each with their own admin consoles, policy setup, and terminology – we’ve been steadfast in our belief that powerful, feature-filled, and industry-leading security should be integrated and uncomplicated.

You may be aware of our “Security made simple” tagline, but if even if you aren’t, you should absolutely feel it when you use our products. And we believe that we’ve taken a major step forward in that spirit today with the launch of our all-new Sophos Central integrated management platform, formerly known as Sophos Cloud.

While Sophos Cloud has been widely recognized as an incredibly powerful and easy-to-use tool for managing endpoint, mobile, web, and server products, Sophos Central paves the way for accelerating the innovation that’s been a constant focus of ours since the launch of our very first products.

We’ve worked incredibly hard on Sophos Central over the past year, but we’re not done yet. In the coming year, you’ll come to rely on Sophos Central as home base whether you are a partner, admin or end user.

• Sophos Central Partner helps you manage and track your business, identify revenue opportunities, and features seamless jump-points to Sophos Central Admin.
• Sophos Central Admin leads the way when it comes to real-time, synchronized security. The identification and remediation of threats becomes a simple one- or two-click affair.
• And our upcoming Sophos Central Self Service offering will make it easy for end users to work with quarantined email, bring-your-own-device provisioning, data encryption, Wi-Fi setup and much, much more.

We’re absolutely thrilled about the release of Sophos Central. We think it strikes an almost impossible balance between power and ease-of-use. But we’re even more excited about what it represents for the future of Sophos. This is a big day; this year will be even bigger.

Υou can read the original article here.

There are millions of “smart,” connected devices that comprise the Internet of Things (IoT), ranging from mobile phones to computers, home thermostats, video surveillance cameras and coffeemakers. The analyst firm Gartner recently forecast that 4 billion connected things will be in use in the consumer sector in 2016, and will reach 13.5 billion in 2020.

The Internet of Things comes with advantages, as well as a host of security disadvantages. To begin with, IoT devices often do not have strong security features built into them to prevent hackers from accessing them. Aside from personal privacy and security concerns that result from these security gaps, the bigger danger is that these connected devices can be harnessed by hackers to form a botnet, which is an interconnected network of computers infected with malware without the user’s knowledge. Botnets are also known as “zombie armies” that can be deployed on thousands—if not millions—of connected devices to send a spam attack, spread malware or launch a distributed denial of service (DDoS) attack. The more Internet-connected devices there are, the greater the potential for extremely large botnets.

Many manufacturers are undoubtedly improving the security of their IoT devices, but even if manufacturers tried to keep up with the latest security best practices, hackers would probably find a security gap or figure out a work-around. In particular, DDoS attacks are common because it’s so easy to purchase and launch a DDoS toolkit. In a recent Information Age article, “Should we be afraid of big bad botnets?” Corero COO Dave Larson writes:

“A quick Google search and a PayPal account makes botnets readily available for just a few dozen dollars, with no coding experience necessary. And they are becoming increasingly popular – DDoS-for-hire botnets are now estimated to be behind as many as 40% of all network layer attacks.”

The ultimate goal of a DDoS hacker who hacks into an IoT device is not to interfere with consumer heating systems or interrupt their morning coffee ritual; rather, the goal is to harness thousands of devices to turn them into a zombie army. A DDoS attack can be large enough to bring even an otherwise “secure” corporate network to its knees, or it can be small—barely noticeable “white noise” that escapes human detection yet infiltrates and maps networks in a matter of seconds. Both are dangerous.

Larson continues:

“Looking forward, there is really no limit to the potential size and scale of future botnet-driven DDoS attacks, particularly when they harness the full range of smart devices incorporated into the Internet of Things. By using amplification techniques on the millions of very high bandwidth density devices currently accessible, such as baby video monitors and security cameras, DDoS attacks are set to become even more colossal in scale.”

It is difficult to prevent IoT devices from being recruited into a botnet, but organizations can certainly protect their networks by deploying an in-line, real-time, automated solution at the network edge, to detect and eliminate the threats from entering a network. Botnet DDoS attacks cannot be traced to their origins, so the best approach is a defensive one; build a SmartWall Threat Defense System to protect your network.

You can read the original article here.

Cyberattacks that use unknown malware to evade conventional protection are a growing threat, and many businesses are considering next-generation sandbox solutions to deal with these unknown threats.

But these technologies are often too complex and expensive for many businesses to consider. This is why we’ve developed Sophos Sandstorm – to provide the advanced protection organizations need, while also making it simple and affordable to buy and maintain.

Your business needs a range of security technologies to stay protected against known and unknown threats: URL filtering, AV scanning, Live Protection and IPS are all critical to your protection.

These technologies are complemented by Sophos Sandstorm’s next-generation sandbox, which provides you with your own dedicated environment to quickly and accurately detect, block and respond to unknown, evasive threats.

How Sophos Sandstorm works

Your Sophos security solution tests a potential threat against all conventional security checks, such as using anti-malware signatures and looking for bad URLs. If the file is not detected as a threat, the Sophos security solution sends a file hash to Sophos Sandstorm to determine if it has been previously analyzed.

If it has been previously analyzed, Sandstorm passes the threat intelligence to the Sophos security solution. Here the file will be delivered to the user’s device, or blocked depending on the information provided.

If the hash has not been seen before, a copy of the suspicious file is sent to Sandstorm. Here the file is detonated and its behavior is monitored. Once fully analyzed, Sophos Sandstorm passes the threat intelligence to the Sophos security solution. Again, the file will be delivered to the user’s device or blocked, depending on the Sandstorm intelligence.

The Sophos security solution uses the detailed intelligence from Sophos Sandstorm to create deep, forensic reports on each threat incident.

How to try Sophos Sandstorm

Businesses like yours are looking for a cost-effective, advanced threat solution that’s also easy to manage and provides useful threat intelligence.

Sophos Sandstorm is easy to try, and works with our Secure Web Gateway, Secure Email Gateway, UTM and Next-Gen Firewall. Simply click on the free trial button, then activate the policy.

Watch the short video below and visit sophos.com/sandstorm to learn more about why Sophos Sandstorm is the simplest, most effective solution to protect your business against unknown threats.

You can read the original article here.

Array recently published a new white paper, titled ‘360° Application Security.’ The white paper describes an architecture for holistic multi-layer security for Web-based business operations that addresses all potential attack vectors, and does so in a coordinated manner using an architecture that will scale to meet the needs of a growing business.

The infographic provides a brief overview and synopsis of key points in the white paper.

Learn more about how you can achieve security without compromise – gaining the security needed to keep your operation running smoothly, without unduly impacting performance and productivity. Click the image below to view the 360° Application Security infographic.

You can read the original article here.