PRODUCTS

News

15

Sep

The new Sophos Cloud Partner Dashboard delivers on the Sophos Galileo vision for connecting both Network and Endpoint, all while giving partners increased visibility to their business.

Designed exclusively for Sophos channel partners, the Sophos Cloud Partner Dashboard provides unified management tools to remotely manage and service both Sophos Cloud accounts and Copernicus firewalls. Actionable information gives partners greater visibility and control over their business, and highlights opportunities to facilitate business growth.

The new interface will become available on October 6, 2015. Highlights of the new Sophos Cloud Partner Dashboard include:

1) Easy access using our new direct log in page which uses the same log in credentials as the Sophos Partner Portal. And, partners can still access the Sophos Cloud dashboard directly from within Sophos Partner Portal.

2) Visibility to both Sophos Copernicus Firewall and Sophos Cloud customers: Partners can see a comprehensive list of firewalls and Sophos Cloud accounts (including trial users), which protection services are deployed, and expiration and usage details.

3) Aggregated view of Sophos Cloud customer alerts: For partners providing IT security services, the new Partner Dashboard offers aggregated alerts for an at-a-glance view of customer alerts, enabling prioritized and fast response.

4) One-click access to each customer’s cloud management console: From the Partner Dashboard, partners can easily access the managed account’s Cloud console with a single click, from both the account details and the alerts view.

5) Single sign on to Sophos Cloud Firewall Manager: When Copernicus Firewall launches, partners will be able to access Sophos Cloud Firewall Manager (CFM) directly from the Sophos Cloud Partner Dashboard. CFM is Sophos’ all-new centralized management console for Copernicus Firewall, enabling partners to manage all firewall devices from a single screen in the cloud.

6) Create Sophos Cloud trial accounts: Partners can provision new trial accounts directly from within the Sophos Cloud Partner Dashboard. This compliments the Sophos trial referral link program to promote Sophos Cloud free trial while protecting your leads.

7) Easily convert accounts: When a Sophos Cloud order is processed, the partner receives the license schedule with an activation code. To activate the account, simply apply the activation code.

For more information and a preview of the new Sophos Cloud Partner Dashboard, please download this PowerPoint file.

14

Sep

The passing of the one-year anniversary of the OpenSSL Heartbleed vulnerability – and a recent rash of highly exploitable vulnerabilities with names of lesser cachet – led me to wonder: Just how frequently are OpenSSL vulnerabilities reported, and what are their impacts?

While Array has developed our own proprietary SSL stack for production traffic, we do use OpenSSL for certain of our products’ functions such as our XML RPC and SOAP APIs, WebUIs and other non-traffic-related tasks. Thus, this exercise is categorically not about OpenSSL bashing – rather, it’s intended to gain a better understanding of the vulnerability landscape and to serve as a foundation for discussion on network security as a whole.

The infographic below was compiled from the NIST National Vulnerability Database, and lists vulnerabilities with Exploitability Subscores of 8.5 and higher (with 10 being the highest). While every attempt was made to ensure accuracy and completeness, the vast scope of the NIST database makes this a nearly insurmountable task.

As you will see, like almost every software ever created, OpenSSL has had its share of vulnerabilities over the years. Many were reported at or shortly after a major product release; after the 1.0.2 release on Jan. 22, 2015, for example, CVE-2015-0291 and CVE-2015-0292 were reported less than two months later.

In many ways, that’s the nature of the beast in open-source software development. The very structure that gives open source such great qualities – multiple developers (often volunteers) working together to create a freely-available code base – can also lead to errors because developers are working independently. However, with an entire community of developers, any errors are typically fixed very quickly, thus mitigating the impact.

And in all fairness, Array products were vulnerable to a couple of the vulnerabilities listed here, as well as a handful of others with lesser exploitability scores. Usually those vulnerabilities were related to the functions mentioned above, or to our older, end-of-sale products like the SPX and TMX Series. Follow the Array Support Twitter feed to keep up to date on all our product notifications.

Next time, I’ll dig deeper into the differences between open-source development and proprietary code bases, and offer concrete suggestions on keeping your network safe. Until then, let’s all be careful out there.

You can read the original article, here.

11

Sep

For most organisations the drive to capture log data is compliance. There are a few exceptions of course, but for most of you this simply means capturing and storing log data.

But why do just that? Doesn’t that seem kind of pointless? If you’ve got to do that then shouldn’t you at least get something out of it other than ticking the compliance box? Don’t get me wrong, being compliant is a good thing and for some of you it’s key to your business. But compliance is only a minimum standard. It’s the least you have to do yet most of us stop there. Why? – That’s another subject for another time.

Most of the focus within SIEM is on the Security (yes I’m including compliance in this bit as well). There is a tremendous amount of security-related value that analysis of your data can bring, all the standard stuff like failed log-ins and privileged user monitoring to name a few. But there are a whole host of other things you can and probably should do but don’t because it’s above and beyond the whole compliance thing. I’m talking about things such as monitoring successful logins and log-offs and determining the time lapse between the two events – is it too short for a human to have done that? Are you getting a lot of logins and log-offs in a short space of time? This could be a sign that someone has got into your accounts and is trying them to see if they are valid. Or maybe you want to find that signal in the noise – comparing user behaviour over time and finding out who is doing something very different to their colleagues. Even simple things like monitoring business critical files and their movement within your organisation will add value to your organisation’s security.

However I want you to think about the rest of the letters in that acronym SIEM – Information & Event Management…

This is where you can really get some value from your data in areas of your business you might not have thought of. Wouldn’t it be good for your business to monitor your VOIP traffic? Logging and analysing who you are calling, call times and if they are premium or international calls. Maybe you’d just like an alert if someone’s calling the talking clock? Perhaps simply having that information to hand for your finance team to cross reference with your phone bill. Maybe you’d like to monitor the usage of resources in your business? So when renewal time comes around you will have the information you need to know if it’s worth renewing or if your budget could be better spent elsewhere. Maybe you don’t need that Super Fancy Malware Threat Defender 5000, but you do need a new core switch. Having real life usage information to hand will be a valuable tool in assessing where to spend your budget.

The right SIEM can do all of those things for you and more. It can and should be at the heart of everything you do. Data does have value but it’s how you use it that counts. So with all this additional value a SIEM can bring maybe you’ll get lucky and other areas of the business will contribute their budget to purchase the right SIEM. Money follows value, as they say….

By Andy Deacon, Security Consultant, LogPoint

You can read the original article, here.

9

Sep

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy.

Despite some common ideas about encryption that it is too complicated to implement or too much of a hassle to manage, that’s not the case with the right encryption solution.

Below are six key aspects to keep in mind while choosing the right encryption solution for your organization.

1. Usability: A security product that’s too complicated to use doesn’t offer very much security at all. An encryption solution needs to be comprehensive yet simple: it should protect data everywhere – at rest, in use, or in transit – but shouldn’t take up too much time or IT resources to implement and manage.

Look for an encryption product that’s easy to set up and deploy, with an intuitive management console. It should also allow for simple key management and enforcement of your data protection policy.

2. Multi-platform: Find a solution that covers all types of encryption, including for multiple operating systems like Windows, Mac, Android, iOS.

3. Adaptability: You ideally want a solution that protects your data without getting in the way of daily work. Your encryption solution should adapt to your organization’s workflow – not the other way around.

4. Independent endorsements: Before making a decision, look at what others are saying about a product. Make sure whatever company you choose for your encryption needs has strong third-party endorsements from industry analystsreviewers and customers.

5. Scalability: As you grow your business, you need an encryption solution that grows with you.

6. Proof of compliance: In the event that the worst happens and your data is compromised, encryption makes it unreadable and unusable by data thieves. If you work in a vertical or location that has specific data protection laws or regulations, auditors will require proof that the data was encrypted.

Learn more about how encryption can work for you, and how to choose the right encryption product. Check out our free and easy-to-understand guide to encryption, fun videos showing you why you need to encrypt, and a comprehensive encryption solution buyers guide at sophos.com/encrypt.

You can read the original article, here.

7

Sep

SophosLabs researcher Gabor Szappanos is at it again, with new research exploring and explaining the mechanics of a malware creation kit that was used in a series of campaigns between May and August 2015.

Gabor has been tracking the development of malware used in advanced persistent threat (APT) campaigns over the past couple of years, including PlugX and other document-based attacks.

This time, he cracks open the case of an intriguing malware construction kit available in underground cybercrime markets: Microsoft Word Intruder (MWI). MWI, which you can tell from its name is used to create malware exploiting Microsoft Office documents, was developed in Russia but has been used widely by cybercrime groups.

As Gabor explains in his new paper, Microsoft Word Intruder Revealed, virus creation kits are not new: the first ones were created in the early 1990s. But the purpose of creating and publishing them has changed. Instead of making a countercultural statement, the goal now is to make money for the authors, who sell these malware generators to other cybercriminals in underground marketplaces.

The overall effect of the MWI kit, however, is the same as with the old DOS virus generators of the 1990s: it gives cybercrime groups immediate access to Office exploits for malware attacks, even if they lack the skills to develop exploits of their own. According to Gabor, MWI had been used by numerous different malware groups, deploying Trojans from more than 40 different malware families.

There’s a lot of fascinating detail in Gabor’s paper, whether you’re a layperson interested in cybercrime, or a more technical reader. Gabor explains the history of malware creation kits, and how they work, and also dives into the infection mechanism of the MWI generator, pointing out the key characteristics differentiating these samples from other exploited malicious documents.

Download Gabor’s paper – Microsoft Word Intruder Revealed.

You can read the original article, here.

4

Sep

Laptops are ubiquitous in today’s IT environments. How many of your employees are using laptops in the office, on the road, working from home, or all of the above? While massively convenient, and a boon to worker productivity, laptops also represent a major liability. They are easy for employees to lose – and easy for a thief to steal.

On balance, most companies likely think the reward is worth the risk. But the risks are significant when you consider all of the valuable data stored on employee laptops, and the potential for data loss and subsequent fines, lawsuits, lost intellectual property and brand damage. Take the recent example of SterlingBackcheck, a Texas company that provides background screening services to clients around the world.

In early August 2015, SterlingBackcheck sent out a letter informing people that a few months prior a “password-protected laptop was stolen from a SterlingBackcheck employee’s vehicle.”

The laptop contained unencrypted data including names, Social Security numbers and birthdates for roughly 100,000 people. This kind of data is a potential gold mine for an identity thief. Which is why SterlingBackcheck has offered “free” credit monitoring and ID theft protection to those affected (those services are not actually free – SterlingBackcheck has to pay for them!).

Imagine if this was your company: not only would you face the embarrassment – and cost – of notifying customers of their lost data, you’d also face the prospect of negative media attention for the incident and any number of clients, partners or potential customers questioning your business’s trustworthiness.

The risk of this happening to your business is unfortunately quite high. Although you certainly have to protect yourself against the threat of criminal hackers, a large proportion of data loss is the result of a lost or stolen laptop, USB drive or mobile device. In one study of the healthcare industry, 70% of data lost in 2013 by California healthcare organizations was the result of loss or theft of a physical device such as a hard drive or laptop.

The most staggering thing about these reports is that you almost never hear that the data on lost or stolen devices was encrypted. According to the 2015 Verizon Data Breach Investigation Report, an analysis of data breaches found that the words “unencrypted,” “not encrypted,” and “without encryption” were present in four times as many incident reports as phrases such as “was encrypted” and the like.

That’s unfortunate, because disk and device encryption is absolutely the best defense against this type of data loss. When data is encrypted, it is scrambled in unreadable format called cipher text, and only the person with the encryption key can unscramble it again.

I’d like to point out one other thing about SterlingBackcheck’s notice to those affected by its lost laptop data breach. The company says the laptop was “password protected,” as if that was some kind of adequate defense against data loss.

In reality, an unencrypted laptop’s password protection is worth almost nothing – passwords can be cracked in minutes. Besides, a thief would just need to put the laptop’s hard disk into another computer, or boot the “protected” computer from a CD or USB key in order to get at your data.

What if the data on a lost laptop has been encrypted? There’s no way a crook could read your encrypted data, and the laptop would be worth only as much as the thief could get for its parts.

So, why aren’t more businesses encrypting their laptops and other devices? It’s a bit of a mystery, but I believe it’s because businesses think they have adequate security in place already, or that encryption is too difficult or expensive to implement.

These are myths.

If you want to be absolutely sure your data is protected, encryption should be your first line of defense.

And if you still think encryption is too much of a hassle, I urge you to check out the resources at sophos.com/encrypt, including free whitepapers, reports and videos, showing you just how simple it can be.

You can read the original article, here.

2

Sep

This year, we’re revolutionizing the firewall, giving our award-winning SG Series appliances an all-new operating system that combines the best of both Sophos and Cyberoam technology.

The codename for this new firewall platform is Project Copernicus, and we’re excited to inform you that the beta phase is now underway.

This is your invitation to take an early look at the new software and put it to the test. To get a brief introduction to Project Copernicus and it’s many innovations, watch the short video (password: Copernicus2015!).

Of course, we don’t recommend updating production systems to beta firmware. But if you’re interested in exploring first-hand what Project Copernicus has to offer – and helping us continue to fine-tune it by providing your feedback – we would love to have you participate.

To get started, simply visit sophos.com/copernicusbeta to download the new Sophos Firewall OS for your SG Series, Intel hardware platform, or virtual environment of choice. Then head to the Sophos User Bulletin Board to find documentation and tips, and share your feedback.

You can read the original article, here.

27

Aug

Several writers on Corero’s blog have been calling attention to recent DDoS extortion campaigns. Now the FBI is sending notice to banks and other financial institutions to be on the watch for shakedown attempts. MarketWatch has reported that attackers have already made DDoS extortion attempts against more than 100 financial firms in recent months.

In an article on BankInfoSecurity, Matthew J. Schwartz describes the modus operandi:

Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data.

Some of the companies have had demands to pay tens of thousands of dollars. While a few have paid the extortion money, most have ignored the demands. Gartner analyst and fraud expert Avivah Litan says most financial institutions are reluctant to talk about experiencing either the extortion demands or any ensuing attacks for fear of alarming their customers.

The growth rate of these extortion campaigns seems to be tied to the ease of launching a DDoS attack via various underground services. For just a couple of dollars, anyone can order an attack against a target for a few hours. This can be just enough to take the targeted business offline for a while, causing large revenue losses and frustration for customers.

A business might be tempted to pay the bitcoins to avoid the attack, but law enforcement officials say this isn’t a good idea. A payoff sometimes leads to further demands for even more money.

Cybersecurity expert Brian Homan of BH Consulting offers the following recommendations for dealing with DDoS threats:

  • React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats.
  • Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help.
  • Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate.
  • Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits.
  • Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business.

If your company wants to learn more about getting prepared for a DDoS attack, talk to the folks at Corero. They’ll help you make a plan so that you can defend against whatever type of DDoS attack someone wants to throw at you.

You can read the original article, here.

21

Aug

We have some great news for users of Sophos Mobile Security, our Android antivirus and security app. Independent IT security institute AV-Test has awarded Sophos another perfect protection score in a July 2015 test of mobile antivirus applications – the sixth test in a row where we scored 100% detection.

Although we’ve aced this Android security test every time for the past year, this particular test was actually quite different from the previous tests run by AV-Test. And we think the difference is really important.

Prior to the July test, AV-Test used a two-run scan: first an on-demand scan, followed by an on-access scan test. The on-demand test is a bulk scan to see if a security tool detects the entire set of malware files used in the test. The on-access scan involves loading a set of malicious apps on a physical mobile device to see if the antivirus detects the malware when it is installed or run.

In July, AV-Test introduced a new “real-time on-access” test, where all apps were reviewed simultaneously on 40 Android smartphones. In addition to testing vendors’ antivirus apps for their detection of malware discovered in the past four weeks, this new test measures proactive detection of the latest Android zero-day threats in real time.

Since this was the first time the test ran, there is no history to compare to. But we think the new test paints a more accurate picture of how security apps perform in the real world, outside of the labs. For that reason we applaud AV-Test and their continued efforts to improve testing – it’s good for the security industry, helping us to continually improve our products, and so benefits our users as well.

Sophos’s Android antivirus stood up very well in the new test – we were one of only 5 out of 26 vendors with perfect malware detection. Sophos is proud to be among this select group.

Android malware – the threat is real and growing

You may have heard some people arguing that the threat of Android malware is overhyped. For instance, Android’s chief security engineer has claimed that Android users shouldn’t bother with antivirus.

Although the risk of Android malware is considerably smaller than that for Windows, we disagree with those critics (Google included). The Android threat is real – and even in Google Play, where malicious apps are discovered from time to time, despite Google’s generally good track record of keeping the Android marketplace clean.

Outside of Google Play, where untrusted developers are given a free pass by unscrupulous app markets, it’s a different story. In just the first six months of 2015, SophosLabs has discovered 610,389 new Android malware samples, bringing the total to approximately 1.9 million.

It’s not just malware we need to be concerned about – we’ve seen another 1 million apps that, while not malware in the strictest definition, nevertheless exhibit sketchy behaviors. These apps, which we call potentially unwanted apps (PUA), may also threaten user privacy and security. Many PUAs contain adware, collect user data unnecessarily, or deceive users with phony malware pop-ups and other scammy behavior.

Android malware PUA chart

(You can see in the chart above the rapid growth of cumulative samples of Android malware and PUA detected by SophosLabs, January 2013 – June 2015.)

Of course, you shouldn’t rely solely on antivirus to protect your Android devices and the personal data you store and access on them.

As AV-Test’s Hendrik Pilz noted recently, smartphones are a very lucrative target for a cybercriminal – many people are now using their Android devices as a primary way to access their most sensitive data, from private photos to email and their bank accounts.

That’s why Hendrik recommends Android security apps that come with extra features, such as an app adviser that “clearly and succinctly indicates the possible security risks of a new app,” allowing the user to make a well-informed decision before installing an app.

We agree, which is why Sophos Mobile Security goes way beyond antivirus – with a privacy advisor, spam protection against unwanted calls or SMS messages, web protection against malicious websites, added security for sensitive apps, device encryption, parental controls, and anti-theft controls. We offer all of these features in a user-friendly app that’s simple to manage. And it’s completely free on Google Play.

A note on false positives

In AV-Test’s July 2015 malware test, Sophos’s Android security app received a lower score in the Usability category as a result of two false positives that AV-Test said we erroneously flagged as dangerous apps.

We’d like to point out (as we did to AV-Test) that the two samples in question were signed by a developer certificate that has been abused in the past to sign both malware and PUAs. In general, our policy (which mirrors Google’s) is to block any samples that are signed with a certificate that has been associated with malware, as the author can no longer be trusted. By warning users about apps signed with low-reputation developer certificates, we’re helping users make more informed decisions about the risks to their security.

We think our position is sensible and supports a better system where app developers should invest in their reputation. It’s good for users, good for legitimate developers, and bad for malicious app authors or those who deliberately want to play at the edges.

Sophos Mobile Security

Sophos Mobile Security is a free, award-winning Android security app that has been downloaded more than 500,000 times from Google Play. It protects your Android devices from malware with up-to-the-minute intelligence from SophosLabs, without impacting performance or battery life. Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email.

It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product.

You can read the original article, here.

19

Aug

Over the coming months we’ll be migrating web services used by our customers and partners to Sophos ID, giving you one account to access all the web services you subscribe to.

Beginning in mid-August, we’re enabling login via Sophos ID for MySophos and SophServ. Using your Sophos ID, you’ll also be able to access Sophos Community, a merger of SophosTalk and Sophos FreeTalk.

Later this year, we’ll enable Sophos ID for our partners to access the Partner Portal, Cloud Partner Dashboard, and Sophos Cloud Firewall Manager.

Existing accounts for one or more of these services will be automatically moved to Sophos ID, so you won’t need to register for a new Sophos ID account if you have a MySophos account today. For your security, when you log in for the first time you will need to reset your password.

We plan to enable Sophos ID for more web services soon, until all services will be accessed via Sophos ID. We’ll keep you updated on these closer to launch.

You can read the original article, here.

17

Aug

We’re extremely proud that Sophos has won the award for best IT vendor in all three security categories in CRN’s Annual Report Card (ARC). It was an honor to win more categories than any other vendor recognized this year.

For the second year running, we’ve been recognized as the winners of two categories – Client Security Software and Network Security Appliances – and this year the channel also chose us as the overall winner for Network Security Software.

The ARC summarizes results from a comprehensive survey of solution provider satisfaction with hardware, services and software vendors.

More than 2,400 solution providers were asked to evaluate their satisfaction with 72 vendor partners in approximately 22 major product categories. The vendors with the highest marks are celebrated as best in class by their partners.

We also secured an Xchange Xcellence award during The Channel Company’s XChange 2015 event (Aug. 9-11, in Washington, D.C.) for our sponsorship of Security University and a great keynote by Sophos senior security expert John Shier.

“Our partner community is absolutely critical to our success in helping businesses and government agencies of all sizes protect their systems and information from cyber-attack,” said Mike Valentine, senior vice president of worldwide sales for Sophos. “The unprecedented high marks awarded by our partners for the 2015 Annual Report Card reflects our companywide commitment to the channel.”

CRN and its readers have recognized many of our key marketing and sales people for their accomplishments and impact within the channel. Now to receive these awards in all three client and network security categories is an honor for our entire company.

It’s also a great opportunity to receive valuable feedback from the IT vendor community that we can use to hone our product offerings and improve communication with our partners.

To our partners, thank you for choosing us as the best security vendor to work with.

You can read the original article, here.

12

Aug

Just recently the Internet Complaint Center (IC3) issued an alert to businesses regarding a rise in extortion campaigns, tied to threats of DDoS attack activity unless a ransom is paid.

The rise in DDoS attacks generally, is not surprising at all and the use of the “DDoS threat” for ransom or extortion is not a new tactic in the world of cyber warfare.  DDoS attack tools are cheap (if not free) to obtain, easy to launch and are most often executed with complete anonymity. Not to mention the wide range of motivations we see in the market.

Corero is working to support providers and their subscribers as they fight against DDoS attacks, and many of these Internet connected businesses have shared (ehem, confessed) that they have actually paid out ransoms just to stay out of the line of fire.

Let’s put this into perspective.

In late 2014, Each of Corero’s protected customers were seeing roughly four DDoS attacks per day against their network and infrastructure—that’s about 350 attacks per quarter.  96% of those attacks last less than 30 minutes in duration. 79% of those attacks were less than 5Gbps in size. High volume link saturating attacks are indeed a threat, but these smaller, frequent and highly damaging attacks are far more commonplace.  How does an organization effectively protect their business from DDoS, regardless of motivation?

What we recommend:

  • Consider implementing technology to detect, analyze and respond to DDoS attacks by inspecting raw Internet traffic at line rate – identify and block threats within the first few packets of a given attack.
  • Introduce a layered security strategy focusing on continuous visibility and security policy enforcement to establish a proactive first line of defense capable of mitigating DDoS attacks while maintaining full service connectivity, availability and delivery of legitimate traffic.
  • Ensure complete application and network layer visibility into DDoS security events. This best practice will also enable forensic analysis of past threats and compliance reporting of security activity.
  • Take into account the hybrid approach to DDoS defense – in-line real-time detection and mitigation solutions for the everyday DDoS threat paired with on-demand cloud services for link saturating events.

When it comes to the hybrid approach, the concept of on-demand cloud defense for a pipe saturation attack coupled with in-line, real-time defense provides protection against the whole spectrum. Businesses that engage with their on-demand DDoS mitigation provider can quickly initiate that service based on visibility in the event of a massive volumetric attack.

The main benefit of a hybrid approach is that the on-premises device heavily reduces the number of times an organization switches over to the cloud – lowering cost and providing comprehensive and consistent defense. The implementation of an always-on solution combined with on-demand cloud defense provides businesses with a means of safeguarding against the vast scope of DDoS attacks posed to their networks. With DDoS attacks now being delivered in various sizes and with differing intentions, ensuring that the appropriate prevention best practices are utilized correctly could well be what saves your organization from falling victim to a DDoS attack, and or major breach of information.

Υou can read the original article, here.

10

Aug

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS (SF-OS) that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. The new OS includes a number of important innovations. You’ll see a thoughtfully redesigned user interface, new Security Heartbeat technology, and a policy model that makes protecting users and applications faster and more effective than ever before.

Sophos Firewall OS runs on all existing Sophos SG Series and Cyberoam NG Series and select ia Series devices. It’s also available for a variety of virtual platforms or as a software appliance ISO. 

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. And if you manage multiple appliances, the new Sophos Firewall Manager brings you control of every firewall feature all from a single console.

Project Copernicus introduces a number of important innovations that take simplicity, protection and performance, to a whole new level:

Powerful new unified policy model

  • Conveniently manage all your policies in one place
  • Policy templates for networks, users, and business applications dramatically streamline configuration
  • Manage policy controls for apps, web, QoS, and IPS together on a single screen

Elegantly simple user interface

  • A refreshing, thoughtful new approach to firewall management
  • It starts with an incredibly rich interactive control center that surfaces everything you need to know
  • Focused on making powerful features easy to access, understand, and use

Revolutionary advanced threat protection

  • Uniquely integrating the firewall and endpoints to share status and intelligence
  • Security Heartbeat status immediately identifies compromised systems
  • Policy can instantly isolate and limit access based on Security Heartbeat status

Full-featured centralized management

  • Central control over every feature of all your firewall devices
  • Push, pull, replicate, or automate policies across firewalls
  • Manage from the cloud* or on-premise – whatever best suits your needs

A firewall that makes security easier

Sophos Firewall OS gives you time-saving features you’ll love. With an interface designed to eliminate unnecessary complexity, it enables you to use the powerful features without needing to become an IT security expert.

New Control Center offers instant insight and control

A single screen gives you at-a-glance feeds of system performance, traffic patterns, alerts and policies. Every widget is interactive letting you instantly drilldown into the detail and access the tools you need to take action. You’re never more than 3-clicks from anywhere with menus providing a helping hand to guide you when you’re not sure where to go and embedded screen shot previews and best practice hints and tips.

Policy templates streamline configuration

Pre-defined policy templates let you protect common applications like Microsoft Exchange or Sharepoint fast. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English.

Unique user-level control and insight

The combination of our new user-based policies and our unique User Threat Quotient monitor finally gives you the knowledge and power to regain control of your users, before they become a serious threat to your network.

User identity takes enforcement to a whole new layer

Sophos Firewall OS integrates our patented Layer-8 identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.

User insight that lets you identify and control your biggest risks

Another Sophos exclusive is our User Threat Quotient (UTQ) indicator that provides actionable intelligence on your users behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.

A revolution in advanced threat protection

Sophos delivers the advanced threat protection required to thwart today’s attacks and prevent breaches, but implemented simply. No new agents or products required – just your trusted firewall and endpoint working together to improve protection.

Security Heartbeat integrates Network and Endpoint

An industry first, our Security Heartbeat links your endpoints and your firewall to combine their intelligence and identify systems compromised by previously unknown threats. The Heartbeat status is integrated into security policy settings to instantly trigger actions at both endpoint and network levels to isolate or limit access until systems are healthy again.

More-in-One Protection

Sophos still delivers more in one box than anyone else. No extra hardware required. No extra cost. Like an enterprisegrade Web Application Firewall, SPX Email Encryption, Remote Ethernet Devices (RED), and integrated WiFi controller with the fastest 802.11ac wireless access points on the market.

Full-featured centralized management

Our new Sophos Firewall Manager provides comprehensive central management of all your firewalls. If you are a distributed organization or managed service provider, you get complete control over all your firewalls, with dashboards showing the security status across all your sites.

Sophos Firewall Manager (SFM) and Cloud Firewall Manager* (CFM)

A variety of dashboard views let you monitor all of your SF OS devices. You can push, pull or replicate policies amongst your various firewalls or have new devices inherit policies automatically when they come online. Sophos Firewall Manager (SFM) will be available to deploy on-premise in hardware, software or virtual form-factors to suit any environment.

*Important Note: The new Sophos Cloud Firewall Manager (CFM) will initially be for the exclusive use of our Partner Service Providers before being extended to all our customers at a later date.

Sophos iView provides consolidated reports across multiple appliances

Our dedicated reporting appliance gets an update and now supports reporting of SF-OS devices, UTM 9 and CyberoamOS devices. In addition, we’ve added reports for SF-OS like Advanced Threat Protection, Security Heartbeat, Wireless, and SPX Email Encryption. You get consolidated reporting across multiple firewalls, compliance reports, nearly limitless views, scheduled reporting via email and a long-term storage solution for your reporting data.

Flexible deployment choices without compromise

Sophos continues to provide a flexible array of deployment options to meet the needs of any organization.

Runs on existing hardware and in virtual environments too

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia series hardware appliances, in your choice of virtual environments, or on your own Intel hardware. You can easily extend your network virtually with Sophos Remote Ethernet Devices (RED) or a variety of VPN technologies. And with simple options for HA, WAN and link balancing you can also get the ultimate in redundancy and scalability.

Security audit reports empower evaluations

Our new Discover Mode makes it easy to demonstrate value in trials, evaluations, and Proof of Concepts (PoCs). It enables the firewall to be deployed in TAP or mirror mode into an existing network – seamlessly and transparently – to monitor activity and traffic. The findings are then compiled into a Security Audit Report that provides a complete assessment of potential risks and issues on the network.

Current software continues to be enhanced so you can choose when to migrate

If you are an existing customer rest assured there is no need to rush to deploy the new Sophos Firewall OS. Our current UTM 9.x platform and CyberoamOS continue to be supported and developed so you can choose the right time for your transition. When you do, your licenses will be automatically migrated and you’ll be able to use our SG Series migration tools to preserve and to port across some of your settings.

Hardware Appliance Support

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia Series devices. Our appliances already offer industry leading performance, but with this release our new optimized FastPath scanning technology will boost performance even further making even more of your existing hardware. If you’re using Sophos UTM Series or an non-compatible Cyberoam ia Series device contact your partner to speak about our programs that let you cost effectively upgrade your hardware and take advantage of the new Sophos Firewall OS features.

Watch a video about the Project Copernicus bellow:

 

password για το video:Copernicus2015!

You can read the original article, here and here.

6

Aug

Linux is widely considered to provide a higher level of security than traditional operating systems. As a result, security tools such as anti-virus software are often ignored on the Linux platform. However, Linux is increasingly popular with attackers, because Linux systems are often used for critical roles such as developer workstations, web servers and internal file servers.

In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux computers can also serve as distribution points for Windows, Mac, and Android malware.

To investigate just how prevalent Linux servers are in the cybercrime ecosystem, Sophos security expert Chester Wisniewski recently took a SophosLabs list of 178,000 newly-infected web servers, and worked backwards to see what operating system they were running.

He found that about 80% of the servers in active use by cybercriminals for spreading malware were running Linux.

In addition, he found that about 80% of those infected Linux systems were other people’s computers: innocent servers, deliberately hacked and co-opted by the crooks to provide bandwidth and legitimacy for online criminality.

So, we’re excited to announce that Sophos Cloud Server Protection now supports Linux, so you can defend your Linux servers and desktops against cyber-threats in just the same way as you protect your Windows and Mac systems.

Sophos Cloud Server Protection for Linux provides on-access (real time), on-demand, and scheduled scanning. It delivers excellent performance, stability, and reliability on a wide range of Linux distributions, including Amazon CentOS.

Protecting your Linux systems with Sophos Cloud is extremely easy: just download the Linux “thin installer” from the download area of your Sophos Cloud Console, and run it on any Linux computers you want to protect. (If you have Linux computers that are already running Sophos Free Antivirus for Linux, you can upgrade them to Sophos Cloud Server Protection and enjoy the benefits of central management, reporting, and access to technical support.)

We called it Sophos Cloud Server Protection for Linux, because the vast majority of Linux systems out there are servers. But you can protect your Linux workstations as well – just add them into your license along with the servers!

For more information, please visit https://www.sophos.com/servers

Υou can read the original article, here.

5

Aug

SEP sesam webinar: SEP sesam Enterprise Backup – Introduction and Live Demo, August, 11th at 10:00 am CEST. Register for this Webinar now! SEP sesam is looking forward to your participation!

SEP sesam provides a complete solution suite for all backup and disaster recovery requirements in an IT infrastructure. During our live presentation we will present a quick overview of the most important features and demonstrate the functionality of SEP sesam as a central backup solution.

We invite you to ask questions during the session; our technicians will be available to follow up with any requests. 

Contents:

  • Backup of different Operating Systems – Windows, Linux, Novell
  • Backup of virtualized environments
  • Backup of Databases and Groupware systems
  • Reporting and monitoring in a SEP sesam environment
  • Identifying and defining backup tasks
  • Configuring backup media (both disk and tape)
  • Data Migration – Transfer data between disk/tape 

 

4

Aug

Leading cyber security company Sophos, today announced the results of its latest research highlighting the state of IT security in the UK’s public sector. The research, conducted on behalf of Sophos by Dods Research, found that only 41 per cent of respondents thought that their current IT security practices would offer suitable protection against the growing threat of cyber-crime. Almost 50 per cent said they did not know, indicating a low level of awareness of cyber security and cybercrime across the general local government workforce.

The research, which surveyed, 2,728 local government and police workers across a wide range of disciplines, highlighted that over the past 12 months, the majority (90 per cent) of local government and police organisations have been affected by budget cuts. This has prompted job losses (67 per cent) and cuts in overall front line services (63 per cent) in many areas of the organisation. When it came to IT, 62 per cent said they are planning to make savings by increasing or implementing shared services – splitting the costs with other neighbouring organisations. However, only 30 per cent of those surveyed said their organisations are exploring the consolidation of existing IT services to make savings, and only nine per cent are looking at consolidating their IT security services.

The research also canvassed public sector opinion about what the biggest drivers for change have been from an IT security point of view, with 59 per cent highlighting the demand for more remote and mobile working practices. Furthermore, 46 per cent cited increased awareness of data security thanks to high profile security breaches and upcoming EU legislation. When asked directly what their main concerns were from an IT security point of view, the research found that, issues around data loss (47 per cent) were at the top of the agenda followed by remote access (31 per cent) and targeted attacks (25 per cent).

However, despite the move towards more remote and mobile working policies, public sector organisations still remain sceptical about turning to flexible cloud storage solutions with only 16 per cent using these tools. This was an interesting find considering that other serious issues, such as shadow IT (11 per cent) and BYOD (18 per cent) factored extremely low on the scale of concerns, indicating that it may not be something at the forefront of local government security minds. In contrast however, 63 per cent of local government workers who responded agreed that encryption was becoming more of a necessity within their organisation.

James Vyvyan, regional vice president of Sophos UK & Ireland, says “With cybercrime at an all-time high and public sector budgets reducing year-on-year, it’s more important than ever that organisations maximise the resources available to them. There is a clear trend towards local authorities partnering with neighbouring authorities to increase and implement shared services. This collaborative approach is certainly helpful in the fight against cybercrime. Our research indicates that local authorities and police may also be missing the opportunity to consolidate their IT and security technologies, which can deliver further savings, helping to protect jobs and frontline services.”

Υou can read the original article, here and here.

 

2

Aug

Sophos announced the availability of Sophos Cloud Web Gateway, a cloud-based secure web gateway that delivers advanced protection for users, devices and data across multiple operating systems, regardless of their location. The addition of secure web gateway to Sophos Cloud integrates technology from Mojave Networks, which Sophos acquired in October 2014.

Sophos Cloud Web Gateway provides protection from the latest malware and phishing threats, granular policy management, advanced content filtering and big-data web traffic analytics – all without the need for physical appliances. Access to a global network of data centers makes the comprehensive analysis of data traffic for content and security compliance fast and transparent for the end user.

IT managers are able to pinpoint ‘at risk’ users or devices through activity, behaviors and usage monitoring with advanced alerts, warnings and notifications.  Granular policies can be set by device, by user or by group, and tamper protection prevents the accidental or intentional changing of settings, keeping even rogue users compliant.

Bill Lucchini, senior vice president and general manager for Sophos Cloud Security business unit commented, “In today’s world employees are mobile and work across multiple devices.  Securing the perimeter or a single device is no longer sufficient.  Sophos Cloud Endpoint and Mobile products cover employees wherever they work and on whatever device they are using.  Now, with the addition of a powerful web gateway Sophos Cloud provides a full suite of enterprise-grade security solutions designed for the mid-market.”

“Sophos’ unified defense vision and the benefits that the cloud managed offering gives to SMBs with limited IT resources, will be well received in the marketplace. Ease of use is also a primary focus for Sophos, and one that customers and partners both attest is well-received,” agreed Rob Westervelt, research manager, at IDC.

Stephen Weber, a partner, at CDN and active beta-tester said, “Participating in the Sophos Cloud Web Gateway Beta provided CDN with hands-on experience of the solution and insight into how Sophos is enhancing their platform. Our main goal is to offer our customers the best solutions on the market and we foresee Sophos Cloud Web Gateway as enhancing an already comprehensive security model.”

Sophos Cloud Web Gateway features include:

Advanced web protection from today’s threats

  • Global network of web gateways ensures web traffic is analyzed quickly and transparently
  • Intelligently scans web content and blocks the latest web threats – backed by Sophos Labs
  • Multi-protocol scanning across application & web traffic – including HTTPS and SSL

Big-data, cloud-powered reporting 

  • Big-data reporting – no onsite servers or management overhead
  • Granular reports available by user, by device, by application, by category

Effortless to deploy, simple to manage

  • Deploys in a matter of minutes
  • Easily expandable to meet changing business needs with flexible subscription-based SaaS pricing

Simple but powerful policy control

  • Easy and intuitive policy settings
  • Customize policies to meet compliance obligations, manage productivity and optimize bandwidth
  • Control applications such as Instant Messaging and Skype

Reliable enforcement on the go

  • Web security designed for employee computers and mobile devices on or off the corporate network
  • Endpoint agent with sophisticated tamper protection safeguards

Wayne Scarano, chief executive officer, SGA Cyber Security added, “Sophos Cloud Web Gateway provides complete visibility and control into deployed devices, while still providing the comprehensive security we’ve come to expect from Sophos. The ease of deployment and seamless integration with Sophos Cloud will have our users up and running almost immediately. Most importantly, our clients will be better protected against the latest web threats.”

With the introduction of the new Sophos Cloud Web Gateway and the Sophos Web Appliance, IT managers can get great web security from Sophos whether they choose an appliance or cloud model for their business.

The latest version of Sophos Web Appliance was recently released with a new proxy engine with up-to 7x the scanning performance on the same hardware and improved granular controls over features like chat, games and comments to manage the use of popular social media apps like Facebook, LinkedIn, Twitter and YouTube. In addition it now provides enhanced user reporting including snap-shot and detailed  reports which show a chronological list of every website a user has visited over a day, week, month or longer.

For more information on the Sophos Secure Web Gateway solutions including Sophos Cloud and Sophos Web Appliance visit: https://www.sophos.com/en-us/products/secure-web-gateway.aspx

Watch a video demonstration of the Sophos Secure Cloud Web Gateway bellow:

You can read the original article, here.

31

Jul

Last week, we mentioned that application control is now available as part of a Sophos Cloud public beta. The beta also introduces a new next-generation endpoint protection feature called download reputation.

While it may not sound flashy, download reputation is an important step forward in protecting users from advanced threats, like zero-day malware designed to evade traditional antivirus defenses.

Download reputation crowdsources threat intelligence by drawing on the experience of our global customer base to help determine a file’s reputation. In other words, every user with download reputation enabled helps contribute to the collective security of our customers.

Let’s take a look at how download reputation works.

When a user tries to download an executable file from a supported web browser, download reputation asks SophosLabs for information about the file. If the file is known to be malicious, it will, of course, be blocked. If the file is not known to be malicious but has a low reputation — or no reputation at all — the user will be prompted and asked whether to block or allow the file.

So how do we determine a file’s reputation? SophosLabs looks at a combination of a file’s prevalence (how common it is), its age (older files are less likely to be unidentified threats), and the URL from which the file was downloaded. Layered atop this objective information is an important subjective measure: of the users who have been prompted about the file, how many of them blocked it and how many allowed it? If most users allowed the file, it might indicate that this is a legitimate download from a reputable source. If many users blocked the download, perhaps it indicates that users were feeling pressured or deceived into saving the file.

This crowdsourced approach to download reputation protects customers from advanced threats in two important ways. First, it closes the gap between known or suspected malware, which we can block with confidence, and known safe files, which we feel confident allowing to run. Second, it gives SophosLabs early warning if a new threat has emerged that is currently evading detection. This gives the Labs a chance to analyze the file further and develop new detection capabilities if needed.

Try download reputation in Sophos Cloud

Would you like to join the beta of download reputation and application control? If you’re an existing Sophos Cloud customer, just select “Beta Programs” from the “Account” drop-down menu in the Cloud console.

Not yet a customer? Try Sophos Cloud for free, and you can join the beta as described above. If you’re using our on-premise Endpoint Protection, download reputation is expected to make its way to Sophos Enterprise Console later this year.

You can read the original article, here.

29

Jul

We’re pleased to announce version 3.9 of the Sophos Email Appliance (SEA). This update features Sophos Delay Queue technology – a sophisticated enhancement that increases spam detection by as much as 4% and blocks snowshoe spam.

Snowshoe spam is a type of unsolicited bulk email that spreads the load of a campaign over a large number IP addresses and domains in short busts, much like how snowshoes distribute your weight as you walk on snow.

Snowshoe spam campaigns only run for a few minutes at a time. This technique has proved to be a challenge for traditional anti-spam approaches of content analysis and IP reputation-based systems.

How Sophos Email Appliance blocks snowshoe spam

Our engineering and SophosLabs teams have developed an innovative solution to stamp out snowshoe spam that combines machine-learning technology with a Delay Queue feature.

Delay Queue finds suspicious mail, queues it, then blocks snowshoe spam when the mail is rescanned minutes later.

Here’s how it works.

When the Delay Queue feature is switched on, the SEA enters an 11-day learning routine to determine your organization’s normal email behavior. It records IP addresses to build a history database and highly-accurate queueing heuristic rules to determine suspicious mail.

The SEA then uses these rules to determine how likely a suspicious email is to be spam and moves the email to the Delay Queue. Depending on a how suspicious emails are, they are held for 5-60 minutes.

As a snowshoe spam campaign is typically over within minutes, during the time the mail spends in the Delay Queue SophosLabs will have developed the definitions required to detect any snowshoe campaign emails. When the mail is released from the Delay Queue it is rescanned and spam will be blocked.

Delay Queue already proven in the field

In April 2015, we had a restricted release of SEA which used the Delay Queue feature to great effect. The results speak for themselves:

  • Delay Queue detected 4% more spam.
  • There were zero customer complaints about delayed legitimate mail.

We expect the full roll-out to all customers to be complete by the end of July. So when your appliance updates, make sure you turn on this great new feature to stamp out snowshoe spam.

You can read the original article, here.

27

Jul

Application control is one of the most popular features of our on-premise Endpoint Protection product – so popular, in fact, that we are frequently asked when it will be available in Sophos Cloud.Well, we’re happy to say that we’ve launched a public beta of application control for Sophos Cloud.

Application control allows IT admins to monitor and optionally block users running specific applications on their Windows computers. For example, if your business is standardized on Internet Explorer 11, you can prevent users from running Chrome, Firefox and older versions of Internet Explorer.

Other examples include restricting use of peer-to-peer file sharing apps and blocking non-IT users from running network monitoring tools.

Sophos makes application control simple by maintaining a categorized list of commonly restricted applications. It’s point-and-click simple to select a specific application, or an entire category, to block or monitor. You can even choose to automatically restrict applications as soon as Sophos adds them to a category, so you don’t have to constantly check for new additions.

If you’re an existing Sophos Cloud customer, joining the beta is easy. Just select “Beta Programs” from the “Account” drop-down menu in the Cloud console. In addition to application control, you’ll get to try our upcoming download reputation feature, which improves protection against new, unknown threats.

Not yet a customer? Try Sophos Cloud for free, and you can join the beta as described above.

You can read the original article, here.