We’ve recently talked about some of the main reasons why you need to encrypt your data. And we showed you the potential consequences when your data isn’t encrypted.

So now that you’re ready to look more closely at encryption in your organization, where should you begin?

Every organization is different, so there is no one-size-fits-all data protection strategy. Before you can put your strategy into an actionable plan, you need to answer the following four questions.

1. How does data flow into and out of your organization?

Do you receive emails with file attachments, or send them out? Do you receive data on USB sticks or other removable media? How does your organization store and share large amounts of data internally and externally? Do you use cloud based storage services like Dropbox, Box, OneDrive, etc.?

What about mobile devices and tablets? According to a Sophos survey, the average technology user carries three devices. How do you rein in the wide range of devices that have access to enterprise data?

You should look for an encryption solution that is built to adapt to the way you use data and how data flows within an organization.

Use case example: With more and more businesses using cloud storage, you need a solution that secures cloud-based data sharing and provides you with custody of your encryption keys.

2. How does your organization and your people make use of data?

What are your employees’ workflows, and how do they go about making their day-to-day jobs more productive? What tools, devices or apps do they use and do any of those present a possible vector for data loss?

You need to understand how employees use third-party apps, and whether you should prohibit what is often called “shadow IT,” if you can trust the security of those systems, or bring development of these tools in house.

3. Who has access to your data?

This topic can be both an ethical and regulatory discussion. In some situations, users should not ethically have access to certain data (e.g., HR and payroll data).

Worldwide, there are some data protection laws that stipulate only those who need data to perform their tasks should have access to it; everyone else should be denied. Do your employees have access to just the data they need to do their job, or do they have access to data they do not need?

Use case example: IT administrators tend to have unlimited access to data and IT infrastructure. Does the IT administrator need access to everyone’s HR data, or access to the legal department’s documents about the latest court case? In a public company, should people outside of the finance department have access to the latest financial figures?

4. Where is your data?

Centralized and mostly contained in a data center? Completely hosted in the cloud? Sitting on employee laptops and mobile devices?

According to a Tech Pro Research survey, 74% of organizations are either allowing or planning to allow their employees to bring their devices to their office for business use (BYOD). Employees are carrying sensitive corporate data on their devices when they work from home and on the road, increasing the risk of data leaks or compliance breaches. Think how easy it would be to access confidential information about your organization if an employee’s smartphone gets stolen or misplaced.

Challenges and solutions

According to the 2015 Global Encryption & Key Management Trends Study by the Ponemon Institute, IT managers identify the following as the biggest challenges to planning and executing a data encryption strategy:

• 56% – discovering where sensitive data resides in the organization
• 34% – classifying which data to encrypt
• 15% – training users on how to use encryption

Unfortunately, there is no one-size-fits-all solution to these challenges. Your data protection plan must be based on your business: the type of data your business works with and generates, local/industry regulations, and the size of your business.

Employees need to understand how to comply with a clearly defined data protection plan and how to use encryption. They must be clearly told which data they have access to, how this data needs to be accessed and how they can protect this data.

Most importantly, you need to ensure that you can both offer and manage encryption in such a way that it doesn’t impact the organization’s workflows.

To learn how Sophos SafeGuard Encryption helps you address these challenges, check out our blog post about things to consider when choosing the right encryption solution. And download our free whitepaper, Deciphering the Code: A Simple Guide to Encryption.

You can read the original article, here.

Most CSP’s and Mobile Carriers have deployed some form of DDoS scrubbing complex in their network to clean large, long duration DDoS attacks. While this is a necessary first step in proactively working to defeat the DDoS challenge, the threat landscape is constantly changing and requires a more modern approach to protection.

Based on recent attack vectors, Corero has monitored for its own customers, there has been a rapid shift by attackers from large capacity attacks to short duration multi-vector attacks. In fact, Corero has found that 93% of DDoS attack attempts against their customers are 1Gbps or less in size. Further, 96% of attack attempts averaged 30 minutes or less in duration.  These types of attacks are too short to be re-directed to a scrubbing center and appear as noise on a typical CSP/Mobile backbone network.

Unfortunately, once they hit the LTE RAN, these attacks will result in collateral damage and congestion on the radio network. The only way to prevent / mitigate these forms of attacks is to stop them in real-time with an inline DDoS solution placed at the entry point of the internet connection or the network interconnect.

A DDoS system placed at this strategic location has to meet very specific characteristics:

• Very high performance
• High session / flow count
• Instantaneous mitigation
• High granularity to separate good from bad traffic flows
• Do-No-Harm

As mobile networks carry on increasing capacity and performance, CSP’s and Mobile carriers now offer enterprise based services across this infrastructure. To ensure customer reliability, experience and security, CSP’s and Mobile carriers will need to protect their most valuable asset from congestion and downtime as a result of multi-vector short duration DDoS attacks.

The only way to achieve this will be to deploy a high performance, highly scalable inline DDoS mitigation system such as the Corero SmartWall Threat Defense system (TDS).

You can read the original article, here.

Sophos, a global leader in network and endpoint security solutions, announced enhancements to its leading Unified Threat Management (UTM) solution designed for organizations of all sizes using Amazon Web Services (AWS). Sophos UTM 9 features Auto Scaling technology to ensure a user’s security layer scales to match application needs without affecting performance.

Sophos UTM 9 is integrated into the network access and application levels to deliver the flexibility and cost control of a cloud-based solution, and eliminates bottlenecks on the AWS architecture that other security solutions not designed to accommodate horizontal scaling, can cause.

The Sophos UTM 9 offers a suite of user-friendly security tools such as a web application firewall, an inline IPS, VPN gateway functionality, granular firewall and web access controls, with extensive real time and historical reporting to help AWS users meet their security needs.

Already placed as a Leader in the the Sept. 2015 Magic Quadrant for Unified Threat Management (UTM) the release of Sophos UTM 9 further strengthens Sophos’ security offerings with enhanced cloud security for businesses utilizing third-party infrastructure to pursue their business goals. AWS users who take advantage of UTM gain access to security that is simple to deploy, mapping it to Auto Scaling rules that free administrators from minute-to-minute configuration changes.

“The new UTM with Auto Scaling demonstrates our commitment to businesses that want to take advantage of the AWS cloud environment and enjoy flexibility at scale,” said Bryan Barney, senior vice president, Network Security Group at Sophos. “The Sophos UTM helps customers take full advantage of their AWS deployment without having to worry about under or overcommitting security resources.”

UTM complements the infrastructure-level security provided by AWS for end-to-end protection. Whereas a rigid security environment can form a bottleneck negating much of the performance advantage of the cloud, by combining Auto Scaling features with layered functionality UTM gives businesses a dynamic security layer that supports even the most demanding applications.

“The Sophos UTM is an integral part of REAN security solution for AWS customers wanting to enhance their cloud security posture, especially customers in regulated industries like government, healthcare and financial services where security and compliance are a premium,” said Sri Vasireddy, president, REAN Cloud Solutions. “The addition of Auto Scaling support in Sophos UTM is very beneficial to how our customers utilize AWS in a fail-safe architecture.”

Availability

Sophos UTM 9 is available now via the AWS Marketplace, where customers can select between a number of subscription models, including bring your own license and hourly billing. Customers with current cluster licenses can apply licenses to the updated version.

For data sheets, demonstration videos and more information on UTM 9 with Auto Scaling, visit http://sophos.com/aws.

You can read the original article, here and here.

We’ve been saying it for years: simple security is better security. We design our products with the IT professional in mind, and the result of our efforts is the most usable security products on the market.

You don’t have to take my word for it: independent testing house Tolly has just published a report comparing the ease of use of our endpoint products to that of our competitors.

And the proof is plain for all to see – Sophos Endpoint Protection and Sophos Cloud require the fewest steps to deploy, manage and use.

The report compares Sophos Endpoint Protection managed by Sophos Enterprise Console and Sophos Cloud against on-premise endpoint solutions from Intel Security (McAfee), Kaspersky, Symantec and Trend Micro. It focuses on tasks related to three areas: deployment, management and visibility.

Overall, both Sophos products required fewer steps than the competing solutions to complete the different tasks (see table below).

While our products were much easier to deploy, the number of steps required for daily management tasks was also significantly lower than any other vendor.

In terms of visibility, the Tolly test looked at a single task of listing active protected endpoints. Tolly notes that Symantec admins are not able to take action directly from the list of endpoints. This requires an unnecessary amount of steps for even the most basic tasks. Kaspersky requires three clicks to just view a list of endpoints, and McAfee cannot list by status at all.

Tolly boils down their findings about Sophos in three bullet points, which say that Sophos endpoint security solutions are:

• Easy to configure and deploy out of the box
• Designed for rapid access to common management and visibility tasks
• Better able to deliver pre-configured, ready to use security functionality than other tested solutions

What is the importance of usability?

This may seem obvious, but better usability means you can actually use a product and its features, and that’s better for your security, productivity and your budget, too.

Anything that is easy to use saves you time compared to something that is complicated. In business terms saving time means you save money. The more features or components that you have paid for that you use means better value for money. Or in business terms, better return on your investment.

Usability also means there is less training required to use our products. Less to learn mean less time spent preparing, so you are protected faster. You are less likely to make mistakes and more likely to get it right the first time. Fewer mistakes mean you don’t cause problems or downtime for the business, which in turn means increased productivity.

Perhaps most importantly, the difference between not using a security technology and actually using it is better protection.

According to the Tolly report: “Some solutions can be so complex to implement that features are either easily misconfigured or not used at all. The less effort involved, the more likely it is that the security features will be used and used correctly.”

Simple security is better security. Download the free Tolly usability report to find out why Sophos has the simplest security products on the market. And if you’re ready to try it for yourself, sign up for a free trial of Sophos Endpoint Protection today.

You can read the original article, here.

Security is really all about your endusers. And that’s a problem, because when one user does something wrong, it has the potential to bring down the whole company.

Security companies have been trying to deal with the user problem for decades, but they’ve been going about it the wrong way.

The way most security vendors design their products is to wrap your endpoints – and your users – in layer upon layer of security. But the time, cost and complexity of implementing a whole bunch of additional layers of technology can be overwhelming.

Here’s an example of what I mean. Let’s imagine an enduser named Sam the Sales Guy logs in from the road without using his VPN and gets infected on a website by a drive-by download.

Later in the day Sam reports to the office, logs into the network, and goes about his workday without knowing that the malware on his computer has installed a sophisticated password stealer that silently grabbed the passwords for his Salesforce, corporate email and – why not – his Facebook account.

Fortunately, this security failure could probably be prevented at one of several layers: perhaps via a cloud-based web gateway to protect Sam when he visits the web from a remote location; via some type of endpoint-based advanced persistent threat (APT) detection agent; or maybe a next-generation firewall that would detect malicious traffic coming from Sam’s PC as the malware calls home.

But unfortunately, these various security layers bring about the problem of complexity: now you have multiple endpoint agents, multiple management consoles, and multiple security vendors to deal with.

This is a recipe for failure.

Jon Oltsik of Enterprise Strategy Group has written about the problems of complexity and chaos in security, and he came up with a phrase to talk about the solution that I quite like: Endpoint Security Technology Nirvana.

Jon asks, what if instead of all these disparate layers of security you could integrate all of the best enduser protection technologies into a unified system that is simple to manage?

Here at Sophos we’ve been working on the very same concept. Our focus is on enduser security that is comprehensive, including protection against advanced threats, yet it’s coordinated so different protection modules work together. It’s security that’s user-centric, rather than device-centric. And it brings it all together in one simple-to-use management console.

If you’d like to learn more about how Sophos is building better security for endusers, please check out the  webcast Jon and I recently recorded. We discuss how you can solve security complexity, including these topics:

• A vision for endpoint security nirvana: comprehensive, integrated protection
• Rethinking enduser protection with simplicity in mind
• How integrated security provides better protection than layered security.

On-demand webcast: Why Complexity Is the Enemy of Enduser Security

You can read the original article, here.

SophosLabs researchers are presenting four papers at the 25th annual Virus Bulletin International Conference (VB 2015) – taking place 30 September to 2 October in beautiful Prague – covering some hot topics: Android malware, banking Trojans, and advanced persistent threats (APTs).

Our experts are always sharing new discoveries about the vast and complex web of security threats. But much of the research we’re presenting this year is focused on how the security industry can get better at protecting us against those threats, including through automated systems, smarter testing, and more holistic approaches.

Senior threat researcher James Wyke is presenting a paper exploring how we can provide more holistic protection against the new families of banking Trojans such as Vawtrak and Dyreza. His research paper explains our sandboxed-based system for automatically extracting and storing valuable data, in a scalable way.

Senior threat researchers William Lee and Rowland Yu discuss the efficacy of new security features in Android 5.0 – containerization and SEAndroid – and how these advances still leave corporate mobile devices vulnerable to infection and data loss.

William also joins up with senior threat researcher Xinran Wu to present their reserve paper exploring the increase in malicious mobile apps written with cross-platform development tools, and testing whether existing virus scanners can detect them.

Senior threat researcher Gabor Szappanos presents a paper about a topic he’s explored in depth in several other research papers he’s published recently – APTs. Gabor’s new paper describes some of the problems in defense technologies, and questions the definition of the term APT in a constructive way.

If you’re not able to attend VB 2015, don’t worry – we’ll be publishing all of these papers on sophos.com after the conference.

You can read the original article, here.

Apple has just released the new version of its mobile operating system, iOS 9, and many iOS device owners can’t wait to get it. That’s why we’re happy to offer same-day support for iOS 9 in our mobile products.

If you’re managing iOS devices with Sophos Mobile Control (SMC) or Sophos Cloud Mobile Control, you can upgrade immediately to iOS 9.

No reconfiguration is needed for already-managed iOS devices – they’ll just report the new version number. Users can enroll new iOS 9 devices as usual.

Over at our Naked Security blog, we are strongly recommending the update because of the many important security fixes.

There are also numerous security improvements in iOS 9, including moving from a simple four-digit to a much-stronger six-digit PIN, built-in two-factor authentication, and enhanced user privacy against intrusive advertising. Combined with our mobile device management, application management and policy enforcement, your iOS 9 users will be more secure than ever.

And just as Apple is well known for its simple design and user-friendly interface, our award-winning mobile products make managing all your devices simple.

See how easy it is to manage and secure all your mobile devices: visit sophos.com/mobile for more information.

You can read the original article, here.

We’re excited to announce that the new Gartner Magic Quadrant for Unified Threat Management is out, and Sophos is positioned in the Leaders Quadrant for the fourth year in a row.

We’re now one of only three vendors in the Leaders Quadrant. And we think that says a lot about our standing in the eyes of customers, partners and industry analysts. What are we doing that’s made Sophos a Leader for the past four years?

The Magic Quadrant is based on an assessment of a company’s ability to execute and completeness of vision. We believe our strategy for the mid-market and our channel is working just as we hoped; and we’re delivering on our promise to make security simple with a UTM that is super easy to deploy, manage, and use.

We have an exciting and innovative product roadmap, and in a short time we’ll be revealing the next chapter in the development of our award-winning and market leading UTM.

More and more partners and customers are turning to Sophos, because we keep on winning in the marketplace, and our compelling vision for Sophos UTM and our Next-Generation Firewall means we’ll continue to build the best network security products for years to come.

The momentum in our UTM business just keeps on going, and our continuing growth is astonishing – more than double the rate of the rest of the market.

As the only IT security company to be positioned as a Leader across three key areas of security – Unified Threat Management (UTM), Mobile Data Protection and Endpoint Protection Platforms – we think our complete security offerings make us stand out from the crowd.

You can access the Magic Quadrant for Unified Threat Management report here (registration required): sophos.com/magicquadrant.

You can read the original article, here.

As I write this, I’m working on a company laptop from my home. Earlier today, I was working from a Starbucks. I’m glad Sophos allows me to telecommute on occasion, but it does bring up some common security concerns.

With employee work arrangements growing more flexible, devices and data are leaving the safe confines of the company network. How can you make sure your precious data is secure?

We put together a video that shows how encryption protects your data against some all-too-common (and all-too-human) security failures.

In this scenario, an employee named Alice logs onto an open Wi-Fi network to access an unencrypted file from a popular cloud storage site. If you know anything about how vulnerable Wi-Fi is to hackers, you can probably guess what happens next.

The video shows you exactly how an attacker could use simple hacking tools, a rogue wireless access point and a phishing website to steal Alice’s login credentials, break into her cloud storage account and download confidential corporate files.

Could something like this happen to you or one of your employees? As our video shows, if Alice’s files had been encrypted with a simple solution like SafeGuard Encryption, it wouldn’t matter if a hacker got access to her cloud account. Her files would be completely secure.

To learn more about how encryption can work for you, and how to choose the right encryption product, go to sophos.com/encrypt. That’s where you can:

• Watch fun videos showing you why you need to encrypt
• Download our free and easy-to-understand guide to encryption
• And get a comprehensive encryption solution buyers guide

Blog post: John Zorabedian

You can read the original article, here.

LogPoint is very proud to announce that we have achieved the Common Criteria (CC) certification at the evaluation assurance level (EAL) 3+ level for the LogPoint SIEM product.

CommonCriteria

The journey towards the certification started when LogPoint entered into a strategic partnership with The Boeing Company in late 2013. With the security and certification expertise from Boeing, LogPoint has been able to achieve the certification in within a very short timeframe.

Between three major releases, a catastrophic earthquake, we were able to achieve the certification quicker than the fastest expected duration, as per the official guidelines. This is a testament to the determination, agility and skill between both companies, teams and individuals – working on three continents.

Security-conscious customers, such as the government offices, law enforcement, intelligence, military and financial institutions require Common Criteria Certification as a determining factor in purchasing decisions – and we anticipate that more companies will be interested in this type of certificate the future.

We are very proud to have achieved this level of certification as it assures our customers around the world that LogPoint is safekeeping their trusted information.

Achieving this certification demonstrates LogPoint’s commitment to providing high quality security solutions to its customers, as well as LogPoints ability to perform software development following processes and requirements that guarantee the security and quality of the product.

Read more about our Common Criteria certification on this page.

You can read the original article, here.

We started our firewall revolution last month with the launch of the Project Copernicus beta. Project Copernicus is the codename for our new firewall platform that combines the award-winning SG Series appliance with an all-new operating system based on the best of Sophos and Cyberoam technology.

The feedback during the early stages of the beta has been very positive and helpful in shaping the final product. We’re pleased to announce the availability of Beta 2, which incorporates a number of significant enhancements, updates and fixes based on your feedback.

Improved navigation and menu organization 

• New top level Protection menu, grouping the most common security setup tasks functionally together
• Improved layout of System menu and Object Catalog menu
• Νavigation breadcrumb improvements

Streamlined security policies 

• Consolidated User and Network rule types
• Added templates for common business applications
• Rule ID visibility and search improvements

Hundreds of other fixes and improvements

While we don’t recommend installing beta firmware in your production environment, your participation is important! Please download and evaluate the new Beta 2 in as many deployment scenarios as possible.

You will see the Beta 2 firmware in your Copernicus Firewall under System > Maintenance > Firmware (you may need to click “Check for new Firmware” and reload the page for it to show up). If you’re not already part of the Sophos firewall revolution, you can join up and download the Beta 2 now at www.sophos.com/copernicusbeta.

Please provide feedback on the Sophos User Bulletin Boards.

You can read the original article, here.

According to the 7th (ISC)2 Global Information Security Workforce Study (GISWS), 2015, the following security concerns are considered to be the most critical:

• Application Vulnerabilities
• Malware
• Configuration Mistakes / Oversights
• Mobile Devices
• Hackers
• Faulty Network / System Configuration
• Internal Employees
• Cloud-Based Services
• Cyber Terrorism
• Trusted Third Parties

This list is the result of a global workforce survey conducted by (ISC)2 in 2015. Nearly 14.000 security professionals in different positions (management, executive, and technical) have given their valuable insights.

How does LogPoint fit in helping to prevent or minimize the effects of the abovementioned threats?

One of the most crucial elements is to collect sufficient amounts of data from as many different log sources as possible. LogPoint collects data from all kinds of different log sources, takes this data and converts it into a standardized format. This process is called “normalization”. LogPoint provides pre-defined normalization packages for many different log sources – out-of-the-box. Moreover, if there is a particular log source missing, LogPoint provides its customers with the necessary data within a very short time. There is no need to wait through pre-defined update cycles, which makes it easy to analyze data as quickly as possible without losing too much time!

Once the data has been normalized, it is possible to quickly create queries or run pre-defined searches to analyze the incoming data. Use either simple queries or more complex correlation queries to detect possible threats and receive a warning in real-time, create a dashboard, or run a report. Again, LogPoint provides content (alerts, dashboards, queries, and reports) out-of-the-box for more efficiency. Many of the topics mentioned in the GISWS are already covered in LogPoint.

LogPoint helps you detect possible threats in real-time and does so by applying its unique simplicity, which ensures that the analyst avoids making mistakes due to sheer complexity issues. Possible threats as mentioned in the 7th (ISC)2 Global Information Security Workforce Study (GISWS) are already covered by pre-defined content or are easy to implement.

You can read the original article, here.

The new Sophos Cloud Partner Dashboard delivers on the Sophos Galileo vision for connecting both Network and Endpoint, all while giving partners increased visibility to their business.

Designed exclusively for Sophos channel partners, the Sophos Cloud Partner Dashboard provides unified management tools to remotely manage and service both Sophos Cloud accounts and Copernicus firewalls. Actionable information gives partners greater visibility and control over their business, and highlights opportunities to facilitate business growth.

The new interface will become available on October 6, 2015. Highlights of the new Sophos Cloud Partner Dashboard include:

1) Easy access using our new direct log in page which uses the same log in credentials as the Sophos Partner Portal. And, partners can still access the Sophos Cloud dashboard directly from within Sophos Partner Portal.

2) Visibility to both Sophos Copernicus Firewall and Sophos Cloud customers: Partners can see a comprehensive list of firewalls and Sophos Cloud accounts (including trial users), which protection services are deployed, and expiration and usage details.

3) Aggregated view of Sophos Cloud customer alerts: For partners providing IT security services, the new Partner Dashboard offers aggregated alerts for an at-a-glance view of customer alerts, enabling prioritized and fast response.

4) One-click access to each customer’s cloud management console: From the Partner Dashboard, partners can easily access the managed account’s Cloud console with a single click, from both the account details and the alerts view.

5) Single sign on to Sophos Cloud Firewall Manager: When Copernicus Firewall launches, partners will be able to access Sophos Cloud Firewall Manager (CFM) directly from the Sophos Cloud Partner Dashboard. CFM is Sophos’ all-new centralized management console for Copernicus Firewall, enabling partners to manage all firewall devices from a single screen in the cloud.

6) Create Sophos Cloud trial accounts: Partners can provision new trial accounts directly from within the Sophos Cloud Partner Dashboard. This compliments the Sophos trial referral link program to promote Sophos Cloud free trial while protecting your leads.

7) Easily convert accounts: When a Sophos Cloud order is processed, the partner receives the license schedule with an activation code. To activate the account, simply apply the activation code.

For more information and a preview of the new Sophos Cloud Partner Dashboard, please download this PowerPoint file.

The passing of the one-year anniversary of the OpenSSL Heartbleed vulnerability – and a recent rash of highly exploitable vulnerabilities with names of lesser cachet – led me to wonder: Just how frequently are OpenSSL vulnerabilities reported, and what are their impacts?

While Array has developed our own proprietary SSL stack for production traffic, we do use OpenSSL for certain of our products’ functions such as our XML RPC and SOAP APIs, WebUIs and other non-traffic-related tasks. Thus, this exercise is categorically not about OpenSSL bashing – rather, it’s intended to gain a better understanding of the vulnerability landscape and to serve as a foundation for discussion on network security as a whole.

The infographic below was compiled from the NIST National Vulnerability Database, and lists vulnerabilities with Exploitability Subscores of 8.5 and higher (with 10 being the highest). While every attempt was made to ensure accuracy and completeness, the vast scope of the NIST database makes this a nearly insurmountable task.

As you will see, like almost every software ever created, OpenSSL has had its share of vulnerabilities over the years. Many were reported at or shortly after a major product release; after the 1.0.2 release on Jan. 22, 2015, for example, CVE-2015-0291 and CVE-2015-0292 were reported less than two months later.

In many ways, that’s the nature of the beast in open-source software development. The very structure that gives open source such great qualities – multiple developers (often volunteers) working together to create a freely-available code base – can also lead to errors because developers are working independently. However, with an entire community of developers, any errors are typically fixed very quickly, thus mitigating the impact.

And in all fairness, Array products were vulnerable to a couple of the vulnerabilities listed here, as well as a handful of others with lesser exploitability scores. Usually those vulnerabilities were related to the functions mentioned above, or to our older, end-of-sale products like the SPX and TMX Series. Follow the Array Support Twitter feed to keep up to date on all our product notifications.

Next time, I’ll dig deeper into the differences between open-source development and proprietary code bases, and offer concrete suggestions on keeping your network safe. Until then, let’s all be careful out there.

You can read the original article, here.

For most organisations the drive to capture log data is compliance. There are a few exceptions of course, but for most of you this simply means capturing and storing log data.

But why do just that? Doesn’t that seem kind of pointless? If you’ve got to do that then shouldn’t you at least get something out of it other than ticking the compliance box? Don’t get me wrong, being compliant is a good thing and for some of you it’s key to your business. But compliance is only a minimum standard. It’s the least you have to do yet most of us stop there. Why? – That’s another subject for another time.

Most of the focus within SIEM is on the Security (yes I’m including compliance in this bit as well). There is a tremendous amount of security-related value that analysis of your data can bring, all the standard stuff like failed log-ins and privileged user monitoring to name a few. But there are a whole host of other things you can and probably should do but don’t because it’s above and beyond the whole compliance thing. I’m talking about things such as monitoring successful logins and log-offs and determining the time lapse between the two events – is it too short for a human to have done that? Are you getting a lot of logins and log-offs in a short space of time? This could be a sign that someone has got into your accounts and is trying them to see if they are valid. Or maybe you want to find that signal in the noise – comparing user behaviour over time and finding out who is doing something very different to their colleagues. Even simple things like monitoring business critical files and their movement within your organisation will add value to your organisation’s security.

However I want you to think about the rest of the letters in that acronym SIEM – Information & Event Management…

This is where you can really get some value from your data in areas of your business you might not have thought of. Wouldn’t it be good for your business to monitor your VOIP traffic? Logging and analysing who you are calling, call times and if they are premium or international calls. Maybe you’d just like an alert if someone’s calling the talking clock? Perhaps simply having that information to hand for your finance team to cross reference with your phone bill. Maybe you’d like to monitor the usage of resources in your business? So when renewal time comes around you will have the information you need to know if it’s worth renewing or if your budget could be better spent elsewhere. Maybe you don’t need that Super Fancy Malware Threat Defender 5000, but you do need a new core switch. Having real life usage information to hand will be a valuable tool in assessing where to spend your budget.

The right SIEM can do all of those things for you and more. It can and should be at the heart of everything you do. Data does have value but it’s how you use it that counts. So with all this additional value a SIEM can bring maybe you’ll get lucky and other areas of the business will contribute their budget to purchase the right SIEM. Money follows value, as they say….

By Andy Deacon, Security Consultant, LogPoint

You can read the original article, here.

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy.

Despite some common ideas about encryption that it is too complicated to implement or too much of a hassle to manage, that’s not the case with the right encryption solution.

Below are six key aspects to keep in mind while choosing the right encryption solution for your organization.

1. Usability: A security product that’s too complicated to use doesn’t offer very much security at all. An encryption solution needs to be comprehensive yet simple: it should protect data everywhere – at rest, in use, or in transit – but shouldn’t take up too much time or IT resources to implement and manage.

Look for an encryption product that’s easy to set up and deploy, with an intuitive management console. It should also allow for simple key management and enforcement of your data protection policy.

2. Multi-platform: Find a solution that covers all types of encryption, including for multiple operating systems like Windows, Mac, Android, iOS.

3. Adaptability: You ideally want a solution that protects your data without getting in the way of daily work. Your encryption solution should adapt to your organization’s workflow – not the other way around.

4. Independent endorsements: Before making a decision, look at what others are saying about a product. Make sure whatever company you choose for your encryption needs has strong third-party endorsements from industry analysts, reviewers and customers.

5. Scalability: As you grow your business, you need an encryption solution that grows with you.

6. Proof of compliance: In the event that the worst happens and your data is compromised, encryption makes it unreadable and unusable by data thieves. If you work in a vertical or location that has specific data protection laws or regulations, auditors will require proof that the data was encrypted.

Learn more about how encryption can work for you, and how to choose the right encryption product. Check out our free and easy-to-understand guide to encryption, fun videos showing you why you need to encrypt, and a comprehensive encryption solution buyers guide at sophos.com/encrypt.

You can read the original article, here.

SophosLabs researcher Gabor Szappanos is at it again, with new research exploring and explaining the mechanics of a malware creation kit that was used in a series of campaigns between May and August 2015.

Gabor has been tracking the development of malware used in advanced persistent threat (APT) campaigns over the past couple of years, including PlugX and other document-based attacks.

This time, he cracks open the case of an intriguing malware construction kit available in underground cybercrime markets: Microsoft Word Intruder (MWI). MWI, which you can tell from its name is used to create malware exploiting Microsoft Office documents, was developed in Russia but has been used widely by cybercrime groups.

As Gabor explains in his new paper, Microsoft Word Intruder Revealed, virus creation kits are not new: the first ones were created in the early 1990s. But the purpose of creating and publishing them has changed. Instead of making a countercultural statement, the goal now is to make money for the authors, who sell these malware generators to other cybercriminals in underground marketplaces.

The overall effect of the MWI kit, however, is the same as with the old DOS virus generators of the 1990s: it gives cybercrime groups immediate access to Office exploits for malware attacks, even if they lack the skills to develop exploits of their own. According to Gabor, MWI had been used by numerous different malware groups, deploying Trojans from more than 40 different malware families.

There’s a lot of fascinating detail in Gabor’s paper, whether you’re a layperson interested in cybercrime, or a more technical reader. Gabor explains the history of malware creation kits, and how they work, and also dives into the infection mechanism of the MWI generator, pointing out the key characteristics differentiating these samples from other exploited malicious documents.

Download Gabor’s paper – Microsoft Word Intruder Revealed.

You can read the original article, here.

Laptops are ubiquitous in today’s IT environments. How many of your employees are using laptops in the office, on the road, working from home, or all of the above? While massively convenient, and a boon to worker productivity, laptops also represent a major liability. They are easy for employees to lose – and easy for a thief to steal.

On balance, most companies likely think the reward is worth the risk. But the risks are significant when you consider all of the valuable data stored on employee laptops, and the potential for data loss and subsequent fines, lawsuits, lost intellectual property and brand damage. Take the recent example of SterlingBackcheck, a Texas company that provides background screening services to clients around the world.

In early August 2015, SterlingBackcheck sent out a letter informing people that a few months prior a “password-protected laptop was stolen from a SterlingBackcheck employee’s vehicle.”

The laptop contained unencrypted data including names, Social Security numbers and birthdates for roughly 100,000 people. This kind of data is a potential gold mine for an identity thief. Which is why SterlingBackcheck has offered “free” credit monitoring and ID theft protection to those affected (those services are not actually free – SterlingBackcheck has to pay for them!).

Imagine if this was your company: not only would you face the embarrassment – and cost – of notifying customers of their lost data, you’d also face the prospect of negative media attention for the incident and any number of clients, partners or potential customers questioning your business’s trustworthiness.

The risk of this happening to your business is unfortunately quite high. Although you certainly have to protect yourself against the threat of criminal hackers, a large proportion of data loss is the result of a lost or stolen laptop, USB drive or mobile device. In one study of the healthcare industry, 70% of data lost in 2013 by California healthcare organizations was the result of loss or theft of a physical device such as a hard drive or laptop.

The most staggering thing about these reports is that you almost never hear that the data on lost or stolen devices was encrypted. According to the 2015 Verizon Data Breach Investigation Report, an analysis of data breaches found that the words “unencrypted,” “not encrypted,” and “without encryption” were present in four times as many incident reports as phrases such as “was encrypted” and the like.

That’s unfortunate, because disk and device encryption is absolutely the best defense against this type of data loss. When data is encrypted, it is scrambled in unreadable format called cipher text, and only the person with the encryption key can unscramble it again.

I’d like to point out one other thing about SterlingBackcheck’s notice to those affected by its lost laptop data breach. The company says the laptop was “password protected,” as if that was some kind of adequate defense against data loss.

In reality, an unencrypted laptop’s password protection is worth almost nothing – passwords can be cracked in minutes. Besides, a thief would just need to put the laptop’s hard disk into another computer, or boot the “protected” computer from a CD or USB key in order to get at your data.

What if the data on a lost laptop has been encrypted? There’s no way a crook could read your encrypted data, and the laptop would be worth only as much as the thief could get for its parts.

So, why aren’t more businesses encrypting their laptops and other devices? It’s a bit of a mystery, but I believe it’s because businesses think they have adequate security in place already, or that encryption is too difficult or expensive to implement.

These are myths.

If you want to be absolutely sure your data is protected, encryption should be your first line of defense.

And if you still think encryption is too much of a hassle, I urge you to check out the resources at sophos.com/encrypt, including free whitepapers, reports and videos, showing you just how simple it can be.

You can read the original article, here.

This year, we’re revolutionizing the firewall, giving our award-winning SG Series appliances an all-new operating system that combines the best of both Sophos and Cyberoam technology.

The codename for this new firewall platform is Project Copernicus, and we’re excited to inform you that the beta phase is now underway.

This is your invitation to take an early look at the new software and put it to the test. To get a brief introduction to Project Copernicus and it’s many innovations, watch the short video (password: Copernicus2015!).

Of course, we don’t recommend updating production systems to beta firmware. But if you’re interested in exploring first-hand what Project Copernicus has to offer – and helping us continue to fine-tune it by providing your feedback – we would love to have you participate.

To get started, simply visit sophos.com/copernicusbeta to download the new Sophos Firewall OS for your SG Series, Intel hardware platform, or virtual environment of choice. Then head to the Sophos User Bulletin Board to find documentation and tips, and share your feedback.

You can read the original article, here.

Several writers on Corero’s blog have been calling attention to recent DDoS extortion campaigns. Now the FBI is sending notice to banks and other financial institutions to be on the watch for shakedown attempts. MarketWatch has reported that attackers have already made DDoS extortion attempts against more than 100 financial firms in recent months.

In an article on BankInfoSecurity, Matthew J. Schwartz describes the modus operandi:

Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data.

Some of the companies have had demands to pay tens of thousands of dollars. While a few have paid the extortion money, most have ignored the demands. Gartner analyst and fraud expert Avivah Litan says most financial institutions are reluctant to talk about experiencing either the extortion demands or any ensuing attacks for fear of alarming their customers.

The growth rate of these extortion campaigns seems to be tied to the ease of launching a DDoS attack via various underground services. For just a couple of dollars, anyone can order an attack against a target for a few hours. This can be just enough to take the targeted business offline for a while, causing large revenue losses and frustration for customers.

A business might be tempted to pay the bitcoins to avoid the attack, but law enforcement officials say this isn’t a good idea. A payoff sometimes leads to further demands for even more money.

Cybersecurity expert Brian Homan of BH Consulting offers the following recommendations for dealing with DDoS threats:

• React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats.

• Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help.

• Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate.

• Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits.

• Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business.

If your company wants to learn more about getting prepared for a DDoS attack, talk to the folks at Corero. They’ll help you make a plan so that you can defend against whatever type of DDoS attack someone wants to throw at you.

You can read the original article, here.