We have some great news for users of Sophos Mobile Security, our Android antivirus and security app. Independent IT security institute AV-Test has awarded Sophos another perfect protection score in a July 2015 test of mobile antivirus applications – the sixth test in a row where we scored 100% detection.

Although we’ve aced this Android security test every time for the past year, this particular test was actually quite different from the previous tests run by AV-Test. And we think the difference is really important.

Prior to the July test, AV-Test used a two-run scan: first an on-demand scan, followed by an on-access scan test. The on-demand test is a bulk scan to see if a security tool detects the entire set of malware files used in the test. The on-access scan involves loading a set of malicious apps on a physical mobile device to see if the antivirus detects the malware when it is installed or run.

In July, AV-Test introduced a new “real-time on-access” test, where all apps were reviewed simultaneously on 40 Android smartphones. In addition to testing vendors’ antivirus apps for their detection of malware discovered in the past four weeks, this new test measures proactive detection of the latest Android zero-day threats in real time.

Since this was the first time the test ran, there is no history to compare to. But we think the new test paints a more accurate picture of how security apps perform in the real world, outside of the labs. For that reason we applaud AV-Test and their continued efforts to improve testing – it’s good for the security industry, helping us to continually improve our products, and so benefits our users as well.

Sophos’s Android antivirus stood up very well in the new test – we were one of only 5 out of 26 vendors with perfect malware detection. Sophos is proud to be among this select group.

Android malware – the threat is real and growing

You may have heard some people arguing that the threat of Android malware is overhyped. For instance, Android’s chief security engineer has claimed that Android users shouldn’t bother with antivirus.

Although the risk of Android malware is considerably smaller than that for Windows, we disagree with those critics (Google included). The Android threat is real – and even in Google Play, where malicious apps are discovered from time to time, despite Google’s generally good track record of keeping the Android marketplace clean.

Outside of Google Play, where untrusted developers are given a free pass by unscrupulous app markets, it’s a different story. In just the first six months of 2015, SophosLabs has discovered 610,389 new Android malware samples, bringing the total to approximately 1.9 million.

It’s not just malware we need to be concerned about – we’ve seen another 1 million apps that, while not malware in the strictest definition, nevertheless exhibit sketchy behaviors. These apps, which we call potentially unwanted apps (PUA), may also threaten user privacy and security. Many PUAs contain adware, collect user data unnecessarily, or deceive users with phony malware pop-ups and other scammy behavior.

Android malware PUA chart

(You can see in the chart above the rapid growth of cumulative samples of Android malware and PUA detected by SophosLabs, January 2013 – June 2015.)

Of course, you shouldn’t rely solely on antivirus to protect your Android devices and the personal data you store and access on them.

As AV-Test’s Hendrik Pilz noted recently, smartphones are a very lucrative target for a cybercriminal – many people are now using their Android devices as a primary way to access their most sensitive data, from private photos to email and their bank accounts.

That’s why Hendrik recommends Android security apps that come with extra features, such as an app adviser that “clearly and succinctly indicates the possible security risks of a new app,” allowing the user to make a well-informed decision before installing an app.

We agree, which is why Sophos Mobile Security goes way beyond antivirus – with a privacy advisor, spam protection against unwanted calls or SMS messages, web protection against malicious websites, added security for sensitive apps, device encryption, parental controls, and anti-theft controls. We offer all of these features in a user-friendly app that’s simple to manage. And it’s completely free on Google Play.

A note on false positives

In AV-Test’s July 2015 malware test, Sophos’s Android security app received a lower score in the Usability category as a result of two false positives that AV-Test said we erroneously flagged as dangerous apps.

We’d like to point out (as we did to AV-Test) that the two samples in question were signed by a developer certificate that has been abused in the past to sign both malware and PUAs. In general, our policy (which mirrors Google’s) is to block any samples that are signed with a certificate that has been associated with malware, as the author can no longer be trusted. By warning users about apps signed with low-reputation developer certificates, we’re helping users make more informed decisions about the risks to their security.

We think our position is sensible and supports a better system where app developers should invest in their reputation. It’s good for users, good for legitimate developers, and bad for malicious app authors or those who deliberately want to play at the edges.

Sophos Mobile Security

Sophos Mobile Security is a free, award-winning Android security app that has been downloaded more than 500,000 times from Google Play. It protects your Android devices from malware with up-to-the-minute intelligence from SophosLabs, without impacting performance or battery life. Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email.

It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product.

You can read the original article, here.

Over the coming months we’ll be migrating web services used by our customers and partners to Sophos ID, giving you one account to access all the web services you subscribe to.

Beginning in mid-August, we’re enabling login via Sophos ID for MySophos and SophServ. Using your Sophos ID, you’ll also be able to access Sophos Community, a merger of SophosTalk and Sophos FreeTalk.

Later this year, we’ll enable Sophos ID for our partners to access the Partner Portal, Cloud Partner Dashboard, and Sophos Cloud Firewall Manager.

Existing accounts for one or more of these services will be automatically moved to Sophos ID, so you won’t need to register for a new Sophos ID account if you have a MySophos account today. For your security, when you log in for the first time you will need to reset your password.

We plan to enable Sophos ID for more web services soon, until all services will be accessed via Sophos ID. We’ll keep you updated on these closer to launch.

You can read the original article, here.

We’re extremely proud that Sophos has won the award for best IT vendor in all three security categories in CRN’s Annual Report Card (ARC). It was an honor to win more categories than any other vendor recognized this year.

For the second year running, we’ve been recognized as the winners of two categories – Client Security Software and Network Security Appliances – and this year the channel also chose us as the overall winner for Network Security Software.

The ARC summarizes results from a comprehensive survey of solution provider satisfaction with hardware, services and software vendors.

More than 2,400 solution providers were asked to evaluate their satisfaction with 72 vendor partners in approximately 22 major product categories. The vendors with the highest marks are celebrated as best in class by their partners.

We also secured an Xchange Xcellence award during The Channel Company’s XChange 2015 event (Aug. 9-11, in Washington, D.C.) for our sponsorship of Security University and a great keynote by Sophos senior security expert John Shier.

“Our partner community is absolutely critical to our success in helping businesses and government agencies of all sizes protect their systems and information from cyber-attack,” said Mike Valentine, senior vice president of worldwide sales for Sophos. “The unprecedented high marks awarded by our partners for the 2015 Annual Report Card reflects our companywide commitment to the channel.”

CRN and its readers have recognized many of our key marketing and sales people for their accomplishments and impact within the channel. Now to receive these awards in all three client and network security categories is an honor for our entire company.

It’s also a great opportunity to receive valuable feedback from the IT vendor community that we can use to hone our product offerings and improve communication with our partners.

To our partners, thank you for choosing us as the best security vendor to work with.

You can read the original article, here.

Just recently the Internet Complaint Center (IC3) issued an alert to businesses regarding a rise in extortion campaigns, tied to threats of DDoS attack activity unless a ransom is paid.

The rise in DDoS attacks generally, is not surprising at all and the use of the “DDoS threat” for ransom or extortion is not a new tactic in the world of cyber warfare.  DDoS attack tools are cheap (if not free) to obtain, easy to launch and are most often executed with complete anonymity. Not to mention the wide range of motivations we see in the market.

Corero is working to support providers and their subscribers as they fight against DDoS attacks, and many of these Internet connected businesses have shared (ehem, confessed) that they have actually paid out ransoms just to stay out of the line of fire.

Let’s put this into perspective.

In late 2014, Each of Corero’s protected customers were seeing roughly four DDoS attacks per day against their network and infrastructure—that’s about 350 attacks per quarter.  96% of those attacks last less than 30 minutes in duration. 79% of those attacks were less than 5Gbps in size. High volume link saturating attacks are indeed a threat, but these smaller, frequent and highly damaging attacks are far more commonplace.  How does an organization effectively protect their business from DDoS, regardless of motivation?

What we recommend:

• Consider implementing technology to detect, analyze and respond to DDoS attacks by inspecting raw Internet traffic at line rate – identify and block threats within the first few packets of a given attack.
• Introduce a layered security strategy focusing on continuous visibility and security policy enforcement to establish a proactive first line of defense capable of mitigating DDoS attacks while maintaining full service connectivity, availability and delivery of legitimate traffic.
• Ensure complete application and network layer visibility into DDoS security events. This best practice will also enable forensic analysis of past threats and compliance reporting of security activity.
• Take into account the hybrid approach to DDoS defense – in-line real-time detection and mitigation solutions for the everyday DDoS threat paired with on-demand cloud services for link saturating events.

When it comes to the hybrid approach, the concept of on-demand cloud defense for a pipe saturation attack coupled with in-line, real-time defense provides protection against the whole spectrum. Businesses that engage with their on-demand DDoS mitigation provider can quickly initiate that service based on visibility in the event of a massive volumetric attack.

The main benefit of a hybrid approach is that the on-premises device heavily reduces the number of times an organization switches over to the cloud – lowering cost and providing comprehensive and consistent defense. The implementation of an always-on solution combined with on-demand cloud defense provides businesses with a means of safeguarding against the vast scope of DDoS attacks posed to their networks. With DDoS attacks now being delivered in various sizes and with differing intentions, ensuring that the appropriate prevention best practices are utilized correctly could well be what saves your organization from falling victim to a DDoS attack, and or major breach of information.

Υou can read the original article, here.

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS (SF-OS) that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. The new OS includes a number of important innovations. You’ll see a thoughtfully redesigned user interface, new Security Heartbeat technology, and a policy model that makes protecting users and applications faster and more effective than ever before.

Sophos Firewall OS runs on all existing Sophos SG Series and Cyberoam NG Series and select ia Series devices. It’s also available for a variety of virtual platforms or as a software appliance ISO. 

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. And if you manage multiple appliances, the new Sophos Firewall Manager brings you control of every firewall feature all from a single console.

Project Copernicus introduces a number of important innovations that take simplicity, protection and performance, to a whole new level:

Powerful new unified policy model

• Conveniently manage all your policies in one place
• Policy templates for networks, users, and business applications dramatically streamline configuration
• Manage policy controls for apps, web, QoS, and IPS together on a single screen

Elegantly simple user interface

• A refreshing, thoughtful new approach to firewall management
• It starts with an incredibly rich interactive control center that surfaces everything you need to know
• Focused on making powerful features easy to access, understand, and use

Revolutionary advanced threat protection

• Uniquely integrating the firewall and endpoints to share status and intelligence
• Security Heartbeat status immediately identifies compromised systems
• Policy can instantly isolate and limit access based on Security Heartbeat status

Full-featured centralized management

• Central control over every feature of all your firewall devices
• Push, pull, replicate, or automate policies across firewalls
• Manage from the cloud* or on-premise – whatever best suits your needs

A firewall that makes security easier

Sophos Firewall OS gives you time-saving features you’ll love. With an interface designed to eliminate unnecessary complexity, it enables you to use the powerful features without needing to become an IT security expert.

New Control Center offers instant insight and control

A single screen gives you at-a-glance feeds of system performance, traffic patterns, alerts and policies. Every widget is interactive letting you instantly drilldown into the detail and access the tools you need to take action. You’re never more than 3-clicks from anywhere with menus providing a helping hand to guide you when you’re not sure where to go and embedded screen shot previews and best practice hints and tips.

Policy templates streamline configuration

Pre-defined policy templates let you protect common applications like Microsoft Exchange or Sharepoint fast. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English.

Unique user-level control and insight

The combination of our new user-based policies and our unique User Threat Quotient monitor finally gives you the knowledge and power to regain control of your users, before they become a serious threat to your network.

User identity takes enforcement to a whole new layer

Sophos Firewall OS integrates our patented Layer-8 identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.

User insight that lets you identify and control your biggest risks

Another Sophos exclusive is our User Threat Quotient (UTQ) indicator that provides actionable intelligence on your users behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.

A revolution in advanced threat protection

Sophos delivers the advanced threat protection required to thwart today’s attacks and prevent breaches, but implemented simply. No new agents or products required – just your trusted firewall and endpoint working together to improve protection.

Security Heartbeat integrates Network and Endpoint

An industry first, our Security Heartbeat links your endpoints and your firewall to combine their intelligence and identify systems compromised by previously unknown threats. The Heartbeat status is integrated into security policy settings to instantly trigger actions at both endpoint and network levels to isolate or limit access until systems are healthy again.

More-in-One Protection

Sophos still delivers more in one box than anyone else. No extra hardware required. No extra cost. Like an enterprisegrade Web Application Firewall, SPX Email Encryption, Remote Ethernet Devices (RED), and integrated WiFi controller with the fastest 802.11ac wireless access points on the market.

Full-featured centralized management

Our new Sophos Firewall Manager provides comprehensive central management of all your firewalls. If you are a distributed organization or managed service provider, you get complete control over all your firewalls, with dashboards showing the security status across all your sites.

Sophos Firewall Manager (SFM) and Cloud Firewall Manager* (CFM)

A variety of dashboard views let you monitor all of your SF OS devices. You can push, pull or replicate policies amongst your various firewalls or have new devices inherit policies automatically when they come online. Sophos Firewall Manager (SFM) will be available to deploy on-premise in hardware, software or virtual form-factors to suit any environment.

*Important Note: The new Sophos Cloud Firewall Manager (CFM) will initially be for the exclusive use of our Partner Service Providers before being extended to all our customers at a later date.

Sophos iView provides consolidated reports across multiple appliances

Our dedicated reporting appliance gets an update and now supports reporting of SF-OS devices, UTM 9 and CyberoamOS devices. In addition, we’ve added reports for SF-OS like Advanced Threat Protection, Security Heartbeat, Wireless, and SPX Email Encryption. You get consolidated reporting across multiple firewalls, compliance reports, nearly limitless views, scheduled reporting via email and a long-term storage solution for your reporting data.

Flexible deployment choices without compromise

Sophos continues to provide a flexible array of deployment options to meet the needs of any organization.

Runs on existing hardware and in virtual environments too

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia series hardware appliances, in your choice of virtual environments, or on your own Intel hardware. You can easily extend your network virtually with Sophos Remote Ethernet Devices (RED) or a variety of VPN technologies. And with simple options for HA, WAN and link balancing you can also get the ultimate in redundancy and scalability.

Security audit reports empower evaluations

Our new Discover Mode makes it easy to demonstrate value in trials, evaluations, and Proof of Concepts (PoCs). It enables the firewall to be deployed in TAP or mirror mode into an existing network – seamlessly and transparently – to monitor activity and traffic. The findings are then compiled into a Security Audit Report that provides a complete assessment of potential risks and issues on the network.

Current software continues to be enhanced so you can choose when to migrate

If you are an existing customer rest assured there is no need to rush to deploy the new Sophos Firewall OS. Our current UTM 9.x platform and CyberoamOS continue to be supported and developed so you can choose the right time for your transition. When you do, your licenses will be automatically migrated and you’ll be able to use our SG Series migration tools to preserve and to port across some of your settings.

Hardware Appliance Support

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia Series devices. Our appliances already offer industry leading performance, but with this release our new optimized FastPath scanning technology will boost performance even further making even more of your existing hardware. If you’re using Sophos UTM Series or an non-compatible Cyberoam ia Series device contact your partner to speak about our programs that let you cost effectively upgrade your hardware and take advantage of the new Sophos Firewall OS features.

Watch a video about the Project Copernicus bellow:

password για το video:Copernicus2015!

You can read the original article, here and here.

Linux is widely considered to provide a higher level of security than traditional operating systems. As a result, security tools such as anti-virus software are often ignored on the Linux platform. However, Linux is increasingly popular with attackers, because Linux systems are often used for critical roles such as developer workstations, web servers and internal file servers.

In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux computers can also serve as distribution points for Windows, Mac, and Android malware.

To investigate just how prevalent Linux servers are in the cybercrime ecosystem, Sophos security expert Chester Wisniewski recently took a SophosLabs list of 178,000 newly-infected web servers, and worked backwards to see what operating system they were running.

He found that about 80% of the servers in active use by cybercriminals for spreading malware were running Linux.

In addition, he found that about 80% of those infected Linux systems were other people’s computers: innocent servers, deliberately hacked and co-opted by the crooks to provide bandwidth and legitimacy for online criminality.

So, we’re excited to announce that Sophos Cloud Server Protection now supports Linux, so you can defend your Linux servers and desktops against cyber-threats in just the same way as you protect your Windows and Mac systems.

Sophos Cloud Server Protection for Linux provides on-access (real time), on-demand, and scheduled scanning. It delivers excellent performance, stability, and reliability on a wide range of Linux distributions, including Amazon CentOS.

Protecting your Linux systems with Sophos Cloud is extremely easy: just download the Linux “thin installer” from the download area of your Sophos Cloud Console, and run it on any Linux computers you want to protect. (If you have Linux computers that are already running Sophos Free Antivirus for Linux, you can upgrade them to Sophos Cloud Server Protection and enjoy the benefits of central management, reporting, and access to technical support.)

We called it Sophos Cloud Server Protection for Linux, because the vast majority of Linux systems out there are servers. But you can protect your Linux workstations as well – just add them into your license along with the servers!

For more information, please visit https://www.sophos.com/servers

Υou can read the original article, here.

SEP sesam webinar: SEP sesam Enterprise Backup – Introduction and Live Demo, August, 11th at 10:00 am CEST. Register for this Webinar now! SEP sesam is looking forward to your participation!

SEP sesam provides a complete solution suite for all backup and disaster recovery requirements in an IT infrastructure. During our live presentation we will present a quick overview of the most important features and demonstrate the functionality of SEP sesam as a central backup solution.

We invite you to ask questions during the session; our technicians will be available to follow up with any requests. 

Contents:

• Backup of different Operating Systems – Windows, Linux, Novell
• Backup of virtualized environments
• Backup of Databases and Groupware systems
• Reporting and monitoring in a SEP sesam environment
• Identifying and defining backup tasks
• Configuring backup media (both disk and tape)
• Data Migration – Transfer data between disk/tape 

Leading cyber security company Sophos, today announced the results of its latest research highlighting the state of IT security in the UK’s public sector. The research, conducted on behalf of Sophos by Dods Research, found that only 41 per cent of respondents thought that their current IT security practices would offer suitable protection against the growing threat of cyber-crime. Almost 50 per cent said they did not know, indicating a low level of awareness of cyber security and cybercrime across the general local government workforce.

The research, which surveyed, 2,728 local government and police workers across a wide range of disciplines, highlighted that over the past 12 months, the majority (90 per cent) of local government and police organisations have been affected by budget cuts. This has prompted job losses (67 per cent) and cuts in overall front line services (63 per cent) in many areas of the organisation. When it came to IT, 62 per cent said they are planning to make savings by increasing or implementing shared services – splitting the costs with other neighbouring organisations. However, only 30 per cent of those surveyed said their organisations are exploring the consolidation of existing IT services to make savings, and only nine per cent are looking at consolidating their IT security services.

The research also canvassed public sector opinion about what the biggest drivers for change have been from an IT security point of view, with 59 per cent highlighting the demand for more remote and mobile working practices. Furthermore, 46 per cent cited increased awareness of data security thanks to high profile security breaches and upcoming EU legislation. When asked directly what their main concerns were from an IT security point of view, the research found that, issues around data loss (47 per cent) were at the top of the agenda followed by remote access (31 per cent) and targeted attacks (25 per cent).

However, despite the move towards more remote and mobile working policies, public sector organisations still remain sceptical about turning to flexible cloud storage solutions with only 16 per cent using these tools. This was an interesting find considering that other serious issues, such as shadow IT (11 per cent) and BYOD (18 per cent) factored extremely low on the scale of concerns, indicating that it may not be something at the forefront of local government security minds. In contrast however, 63 per cent of local government workers who responded agreed that encryption was becoming more of a necessity within their organisation.

James Vyvyan, regional vice president of Sophos UK & Ireland, says “With cybercrime at an all-time high and public sector budgets reducing year-on-year, it’s more important than ever that organisations maximise the resources available to them. There is a clear trend towards local authorities partnering with neighbouring authorities to increase and implement shared services. This collaborative approach is certainly helpful in the fight against cybercrime. Our research indicates that local authorities and police may also be missing the opportunity to consolidate their IT and security technologies, which can deliver further savings, helping to protect jobs and frontline services.”

Υou can read the original article, here and here.

Sophos announced the availability of Sophos Cloud Web Gateway, a cloud-based secure web gateway that delivers advanced protection for users, devices and data across multiple operating systems, regardless of their location. The addition of secure web gateway to Sophos Cloud integrates technology from Mojave Networks, which Sophos acquired in October 2014.

Sophos Cloud Web Gateway provides protection from the latest malware and phishing threats, granular policy management, advanced content filtering and big-data web traffic analytics – all without the need for physical appliances. Access to a global network of data centers makes the comprehensive analysis of data traffic for content and security compliance fast and transparent for the end user.

IT managers are able to pinpoint ‘at risk’ users or devices through activity, behaviors and usage monitoring with advanced alerts, warnings and notifications.  Granular policies can be set by device, by user or by group, and tamper protection prevents the accidental or intentional changing of settings, keeping even rogue users compliant.

Bill Lucchini, senior vice president and general manager for Sophos Cloud Security business unit commented, “In today’s world employees are mobile and work across multiple devices.  Securing the perimeter or a single device is no longer sufficient.  Sophos Cloud Endpoint and Mobile products cover employees wherever they work and on whatever device they are using.  Now, with the addition of a powerful web gateway Sophos Cloud provides a full suite of enterprise-grade security solutions designed for the mid-market.”

“Sophos’ unified defense vision and the benefits that the cloud managed offering gives to SMBs with limited IT resources, will be well received in the marketplace. Ease of use is also a primary focus for Sophos, and one that customers and partners both attest is well-received,” agreed Rob Westervelt, research manager, at IDC.

Stephen Weber, a partner, at CDN and active beta-tester said, “Participating in the Sophos Cloud Web Gateway Beta provided CDN with hands-on experience of the solution and insight into how Sophos is enhancing their platform. Our main goal is to offer our customers the best solutions on the market and we foresee Sophos Cloud Web Gateway as enhancing an already comprehensive security model.”

Sophos Cloud Web Gateway features include:

Advanced web protection from today’s threats

• Global network of web gateways ensures web traffic is analyzed quickly and transparently
• Intelligently scans web content and blocks the latest web threats – backed by Sophos Labs
• Multi-protocol scanning across application & web traffic – including HTTPS and SSL

Big-data, cloud-powered reporting 

• Big-data reporting – no onsite servers or management overhead
• Granular reports available by user, by device, by application, by category

Effortless to deploy, simple to manage

• Deploys in a matter of minutes
• Easily expandable to meet changing business needs with flexible subscription-based SaaS pricing

Simple but powerful policy control

• Easy and intuitive policy settings
• Customize policies to meet compliance obligations, manage productivity and optimize bandwidth
• Control applications such as Instant Messaging and Skype

Reliable enforcement on the go

• Web security designed for employee computers and mobile devices on or off the corporate network
• Endpoint agent with sophisticated tamper protection safeguards

Wayne Scarano, chief executive officer, SGA Cyber Security added, “Sophos Cloud Web Gateway provides complete visibility and control into deployed devices, while still providing the comprehensive security we’ve come to expect from Sophos. The ease of deployment and seamless integration with Sophos Cloud will have our users up and running almost immediately. Most importantly, our clients will be better protected against the latest web threats.”

With the introduction of the new Sophos Cloud Web Gateway and the Sophos Web Appliance, IT managers can get great web security from Sophos whether they choose an appliance or cloud model for their business.

The latest version of Sophos Web Appliance was recently released with a new proxy engine with up-to 7x the scanning performance on the same hardware and improved granular controls over features like chat, games and comments to manage the use of popular social media apps like Facebook, LinkedIn, Twitter and YouTube. In addition it now provides enhanced user reporting including snap-shot and detailed  reports which show a chronological list of every website a user has visited over a day, week, month or longer.

For more information on the Sophos Secure Web Gateway solutions including Sophos Cloud and Sophos Web Appliance visit: https://www.sophos.com/en-us/products/secure-web-gateway.aspx

Watch a video demonstration of the Sophos Secure Cloud Web Gateway bellow:

You can read the original article, here.

Last week, we mentioned that application control is now available as part of a Sophos Cloud public beta. The beta also introduces a new next-generation endpoint protection feature called download reputation.

While it may not sound flashy, download reputation is an important step forward in protecting users from advanced threats, like zero-day malware designed to evade traditional antivirus defenses.

Download reputation crowdsources threat intelligence by drawing on the experience of our global customer base to help determine a file’s reputation. In other words, every user with download reputation enabled helps contribute to the collective security of our customers.

Let’s take a look at how download reputation works.

When a user tries to download an executable file from a supported web browser, download reputation asks SophosLabs for information about the file. If the file is known to be malicious, it will, of course, be blocked. If the file is not known to be malicious but has a low reputation — or no reputation at all — the user will be prompted and asked whether to block or allow the file.

So how do we determine a file’s reputation? SophosLabs looks at a combination of a file’s prevalence (how common it is), its age (older files are less likely to be unidentified threats), and the URL from which the file was downloaded. Layered atop this objective information is an important subjective measure: of the users who have been prompted about the file, how many of them blocked it and how many allowed it? If most users allowed the file, it might indicate that this is a legitimate download from a reputable source. If many users blocked the download, perhaps it indicates that users were feeling pressured or deceived into saving the file.

This crowdsourced approach to download reputation protects customers from advanced threats in two important ways. First, it closes the gap between known or suspected malware, which we can block with confidence, and known safe files, which we feel confident allowing to run. Second, it gives SophosLabs early warning if a new threat has emerged that is currently evading detection. This gives the Labs a chance to analyze the file further and develop new detection capabilities if needed.

Try download reputation in Sophos Cloud

Would you like to join the beta of download reputation and application control? If you’re an existing Sophos Cloud customer, just select “Beta Programs” from the “Account” drop-down menu in the Cloud console.

Not yet a customer? Try Sophos Cloud for free, and you can join the beta as described above. If you’re using our on-premise Endpoint Protection, download reputation is expected to make its way to Sophos Enterprise Console later this year.

You can read the original article, here.

We’re pleased to announce version 3.9 of the Sophos Email Appliance (SEA). This update features Sophos Delay Queue technology – a sophisticated enhancement that increases spam detection by as much as 4% and blocks snowshoe spam.

Snowshoe spam is a type of unsolicited bulk email that spreads the load of a campaign over a large number IP addresses and domains in short busts, much like how snowshoes distribute your weight as you walk on snow.

Snowshoe spam campaigns only run for a few minutes at a time. This technique has proved to be a challenge for traditional anti-spam approaches of content analysis and IP reputation-based systems.

How Sophos Email Appliance blocks snowshoe spam

Our engineering and SophosLabs teams have developed an innovative solution to stamp out snowshoe spam that combines machine-learning technology with a Delay Queue feature.

Delay Queue finds suspicious mail, queues it, then blocks snowshoe spam when the mail is rescanned minutes later.

Here’s how it works.

When the Delay Queue feature is switched on, the SEA enters an 11-day learning routine to determine your organization’s normal email behavior. It records IP addresses to build a history database and highly-accurate queueing heuristic rules to determine suspicious mail.

The SEA then uses these rules to determine how likely a suspicious email is to be spam and moves the email to the Delay Queue. Depending on a how suspicious emails are, they are held for 5-60 minutes.

As a snowshoe spam campaign is typically over within minutes, during the time the mail spends in the Delay Queue SophosLabs will have developed the definitions required to detect any snowshoe campaign emails. When the mail is released from the Delay Queue it is rescanned and spam will be blocked.

Delay Queue already proven in the field

In April 2015, we had a restricted release of SEA which used the Delay Queue feature to great effect. The results speak for themselves:

• Delay Queue detected 4% more spam.
• There were zero customer complaints about delayed legitimate mail.

We expect the full roll-out to all customers to be complete by the end of July. So when your appliance updates, make sure you turn on this great new feature to stamp out snowshoe spam.

You can read the original article, here.

Application control is one of the most popular features of our on-premise Endpoint Protection product – so popular, in fact, that we are frequently asked when it will be available in Sophos Cloud.Well, we’re happy to say that we’ve launched a public beta of application control for Sophos Cloud.

Application control allows IT admins to monitor and optionally block users running specific applications on their Windows computers. For example, if your business is standardized on Internet Explorer 11, you can prevent users from running Chrome, Firefox and older versions of Internet Explorer.

Other examples include restricting use of peer-to-peer file sharing apps and blocking non-IT users from running network monitoring tools.

Sophos makes application control simple by maintaining a categorized list of commonly restricted applications. It’s point-and-click simple to select a specific application, or an entire category, to block or monitor. You can even choose to automatically restrict applications as soon as Sophos adds them to a category, so you don’t have to constantly check for new additions.

If you’re an existing Sophos Cloud customer, joining the beta is easy. Just select “Beta Programs” from the “Account” drop-down menu in the Cloud console. In addition to application control, you’ll get to try our upcoming download reputation feature, which improves protection against new, unknown threats.

Not yet a customer? Try Sophos Cloud for free, and you can join the beta as described above.

You can read the original article, here.

Corero’s Q4, 2014 DDoS Trends and Analysis Report highlights that organizations are faced with DDoS attack attempts at an alarming frequency. For example, Corero’s customers on average are experiencing up to four DDoS attacks per day –up to 351 DDoS attacks per quarter. 

What we find even more interesting is that 96% of the DDoS attacks experienced last less than 30 minutes and 73% last less than 5 minutes in duration. These are the attacks that may or may not cause an actual service outage, but are certainly a nuisance to IT teams, and hide more nefarious activity.

With these statistics in mind, Corero CEO, Ashley Stephenson surveyed a group of Network and IT security leaders at a recent CISO and Analyst Roundtable event in London, UK to get their perspective on DDoS threats and the impact to their business.

Ashley queried the panel as to what level of DDoS activity they see on the networks they’re responsible for, with four main DDoS categories to consider:

Directed DDoS: Attack traffic that directly targets an organization’s networks or services.  These attacks are intended to cause a site and/or service outage including degradation of operations.

Indirect DDoS:  Designed to leverage an organization’s internal resources for the purposes of attacking other entities on the Internet. Examples of indirect DDoS attacks include NTP mon_getlist requests, recursive DNS queries, SSDP discovery messages, Microsoft SQL Server Resolution Protocol requests, and internal botnet infected machines, etc.

Profiling/Probing/Scanning DDoS: Attackers attempting to test and/or map an organization’s network resources; including its defenses.  These probes are intended to collect vulnerability and/or exploitability profiles that may be used in future attacks.

Smokescreen/Confusion/Obfuscation DDoS: Designed to conceal or divert attention from intrusion or compromise hacking that may be linked to compromise or breach attempts.

The majority of panelist surveyed, agreed that they have seen all four categories of attacks and the number of incidents appears to be growing, driving further concern about eliminating these types of activities on their own networks.  As a result, most were beginning to include DDoS defense strategies into their IT security budgets as a necessary line item to manage the risks associated with DDoS attacks.

From the CISO panel and the activities Corero observes daily, it’s becoming quite apparent that nearly every organization who relies on the Internet to conduct their business, must take the appropriate steps to protect against the onslaught of DDoS attacks.

You can read the original article, here.

You may have seen the OpenSSL team announced, on Monday 2015-07-06, that it had a “high severity” update coming out in three days’ time. The update was published Thursday 2015-07-09. The update is out, and our verdict is that the bug isn’t as bad or as widespread as we feared at first.

Simply explained, CVE-2015-1793 is a certificate verification flaw. This means that crooks who can lure or misdirect you to a bogus website (or email server, or indeed any internet service using TLS/SSL for its security) may be able trick you into thinking that you are somewhere legitimate and secure. As you probably know, TLS/SSL relies on a “chain of trust” formed by cryptographic certificates. This chain of certificates reassures you that the secure website you are visiting really does belong to the organisation you expect. This latest bug in OpenSSL means that a crook may be able to create a certificate in someone else’s name, and then to sneak it past OpenSSL’s certificate verifcation process without triggering a warning, even though the certificate isn’t signed by a trusted CA. 

That makes a man-in-the-middle (MiTM) attack feasible, where a crook intercepts your traffic, say to a social networking site; feeds you a fake login page with a fake HTTPS certificate; and convinces you to give away your password because the warnings that ought to prevent the phishing deception never show up. Fortunately, the scope of this bug is narrower than we feared after reading Monday’s OpenSSL advisory. First, this bug doesn’t give cybercrooks the ability to steal data or break into your servers directly. 

The good news is no Sophos products are at risk from this bug. Only the current pre-release Beta version of Sophos Management Communication System (MCS 3.0.0 Beta), a component used by Sophos Cloud and UTM Endpoint products, includes an affected version of OpenSSL. However, MCS does not use the relevant part of the OpenSSL code for certificate verification, so cannot fall foul of the bug. Nevertheless, we expect to update MCS 3 Beta with the latest OpenSSL version by mid-August 2015. All other Sophos product families either don’t use OpenSSL at all, or use one of the unaffected versions. 

For more information see the links below. If you have any questions please contact your account manager in the first instance. 

Learn more about OpenSSL CVE-2015-1793 (Naked Security) 

See the latest Sophos support information (KBA)

You can read the original article, here.

Last month, Array joined the Intel Network Builders program, which is working to accelerate the transition to Software-Defined Networking (SDN) and Network Functions Virtualization (NFV). As of this writing, the ecosystem has more than 150 vendor/members, as well as a growing list of end-user organizations.

Joining the Intel program is another important milestone in Array’s commitment to NFV. (As you may recall, late last year Array joined the OPNFV Project as a silver founding member.) It also serves to reemphasize why our commitment to a CPU-based architecture – vs. relying on ASICs – makes a very big difference in our application delivery controller and secure access gateway products, and thus benefits our partners and customers as well.

ASICs came to the fore some years ago, when the general-purpose CPUs and operating systems of that time were unable to provide the performance required to process ever-growing network traffic loads. As in any design choice, however, there are (and remain) drawbacks to an ASICs-based approach. ASICs carry higher engineering costs, which typically translate into higher product cost, and software bugs can be very complex to fix. Those two factors combine to result in a longer time to market for new features, new capabilities, and bug fixes.

In the meantime, Array developed its SpeedCore operating system, a next-generation software architecture that allows Array products to take advantage of CPU advances, and to easily scale to meet the needs of complex and high-performance application delivery networking environments.

SpeedCore’s multi-core technology allows Array to leverage general-purpose processors to provide equal or better performance than ASIC-based architectures, with better agility and much lower costs. SpeedCore’s CPU-based environment allows Array to introduce new features and enhancements quickly, and without requiring our customers to rip-and-replace their existing products, or even to take products offline for a hardware upgrade. Instead, Array customers can add features or special customizations with just a simple, non-disruptive software upgrade.

In addition, leveraging the SpeedCore operating system and a CPU-based architecture for our dedicated and virtualized appliances minimizes overall complexity and maintains guaranteed high performance and reliability, while keeping the lid on support costs.

Array’s early choices on architectural design also hold important ramifications for the transition to NFV. The efficiency and agility of SpeedCore and a CPU-based architecture will allow Array ADC and SSL VPN products to more easily accommodate the new NFV model. In addition, Array ADCs have highly granular visibility into applications, allowing them to gather application-level insights that can be leveraged to guide SDN-based switch packets, thus improving performance and security.

Lastly, I/O is one the main performance bottlenecks when virtualizing the network functions. Intel’s ability to support SR-IOV on multiple platforms/hypervisors becomes a key factor in ensuring that Array’s virtualized network functions perform at the highest possible network throughput. Array’s virtualized platform (the AVX Series) uses Intel’s NIC and SR-IOV technology to achieve industry-first guaranteed-per-instance performance on a multi-tenant platform.

As you can see, architectural decisions made early in a product’s life cycle can have a huge impact on performance, agility and reliability far down the line. Array’s foresight in choosing an Intel-based architecture, coupled with our innovative SpeedCore OS, has given users of Array’s ADC and SSL VPN products a wealth of benefits.

To read more about ASIC-based vs. CPU-based architectures, see Array’s SpeedCore white paper. To learn more about SpeedCore, visit our Web site.

You can read the original article, here.

People are really starting to pay attention to the great things we’re doing in the mobile security space. It’s not just the analysts, trade press or independent testers – although they certainly have noticed. The channel is catching on too.

That’s why we’re so proud to be named Vendor of the Year in Enterprise Mobility Management at the Integrator ICT Champion Awards 2015 – because we were chosen in voting by the region’s SI (system integrator) channel.

We’ve received a lot of other awards recently for our enterprise mobility management (EMM) solution, Sophos Mobile Control, including a 5 Star rating from SC Magazine, and perfect ratings from AV-Test for our Android antivirus.

Analysts like Forrester and Gartner have placed us among the top vendors in the industry. And one industry report found that small and mid-sized businesses (SMBs) are using Sophos Mobile Control more than any other EMM product, including those from vendors AirWatch and MobileIron.

Maybe the channel likes Sophos Mobile Control so much because, as an award-winning, highly-rated, and SMB-approved EMM product, it’s a great opportunity for channel partners to win in the dynamic and fast-growing market space.

Watch this video to get a look at the innovative features in Sophos Mobile Control v5, or visit sophos.com/mobile for more information.

You can read the original article, here.

Sophos today announced that for the second consecutive year it has been positioned in the Visionaries Quadrant of Gartner’s Magic Quadrant for Enterprise Mobility Management Suites (EMM)¹. We believe Sophos is positioned as a Visionary due to its unique understanding of the rapidly evolving mobility landscape.

In addition to Gartner’s acknowledgement, Forrester Research recognizes Sophos as one of the 15 most significant vendors in the EMM space. In the recent follow-up report to the Forrester Wave², it notes Sophos’ “robust endpoint, encryption, and EMM products. Sophos offers strong data, app, OS, and network protection features and has a compelling vision of managing security as a system with deep integration between its mobile, advanced endpoint (laptop/desktop), web, and network security technologies.”

“Sophos delivers the most user-friendly security that empowers employees while mitigating the risks inherent in trends such as BYOD,” said Dan Schiappa, SVP and GM of the Sophos Enduser Security Group. “Businesses can protect their corporate data and maximize their productivity on mobile phones. This is what makes Sophos attractive to small and mid-sized enterprises that do not have large IT staff and has resulted in a 50 percent increase in Sophos Mobile Control installations in the past year”.

With a new self-service portal, Sophos Mobile Control 5 makes compliance with corporate security policy simple for both administrator and end user across iOS 8, Windows Phone and Android platforms. Sophos also delivers advanced anti-malware, anti-spam and web protection for Android devices, as well as network access control to reduce the risk of data breaches.

You can read the original article, here.

A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.

It’s the same the world over. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach to an organization has reached $3.8 million – on average, $154 for every single compromised record. It’s significantly higher in the US and Germany, where the costs are $217 and $211 per compromised record, respectively. These are quite staggering figures.

Now, it’s not uncommon for companies who sell cybersecurity services like IBM and Sophos to talk big numbers like this. After all, clearly we think it’s good to see businesses are investing in doing something about this problem. But you do have to wonder if those billions are being spent effectively. As leaders in the security industry, we have a crucial role to play to ensure they are. We need to deal with the growing complexity of threats without introducing more complex solutions, and cost.

Although over 95% of organizations fall into the small to medium-size business (SMB) category, almost all security solutions are designed for large enterprises – and are therefore frequently too complex for the resource-strapped SMB. All too often we see SMBs using multiple products that work separately to defeat separate elements of the threat. Products they don’t have the time or expertise to properly manage. The result is less effective security, causing many decision makers to put IT managers and their budgets under tighter scrutiny.

That’s why we advise the businesses we work with to think about security in a more joined-up way, rather than layering on new products each time there’s a new threat. When I say “joined-up,” what exactly do I mean? Well, to stop complex threats you need security products that can work together as a system – to protect the end user and corporate data, across all points of the network.

SMBs need security solutions that evolve by integrating new protection technologies into their existing agents and consoles and that share intelligence and policies across the different points of protection.

Very often, security breaches are the result of simple oversights that cybercriminals are always quick to exploit. You can reduce these risks with a security framework that is integrated, coordinated, and context-aware. And as we have noted, this is especially critical for SMB organizations, which typically lack dedicated IT security personnel. Ultimately, such a joined-up approach will reduce costs and improve security at the same time, simply by requiring fewer products to procure, deploy, manage and expensively maintain.

You’ll probably not be surprised to hear that this is the Sophos approach to developing products. Wherever we can, we integrate security functions across all points to improve overall protection. Great examples of how Sophos protection is synchronized and consistent at every point include Web + Endpoint policy and enforcement synchronization; Firewall + Mobile Device Management network access control; Endpoint + Email DLP content control lists and encryption integration; and Next-Gen Enduser technologies like Malicious Traffic Detection.

And we’re continuing to develop new technologies that will soon take this a step further, creating a truly connected endpoint and firewall security system that simplifies prevention, detection and response to advanced malware and targeted attacks. This technology will share contextual information between the endpoint and the firewall using the Network/Endpoint Security Heartbeat. We’re looking forward to sharing more with you soon about this project – which we call “Project Galileo” – and how it works.

One final thought: it’s not enough to have the right security products in place. You also need education and training to help employees understand the simple steps they can take to secure themselves and the business where they work.

So maybe we can all think and act in a more joined-up way. With smart investment in the education of staff and products that work better together, we might see more businesses reducing the risk of breaches while avoiding some of the costs.

You can read the original article, here.

Serving over 27,000 students and 2,500 faculty and employees, the University of San Carlos (USC) in Cebu City, Philippines, is the premier university in Cebu and one of the top 10 leading universities in the country.

As USC continued to expand with more users and devices connected to the network, bandwidth consumption became an issue – resulting in decreasing security of its network, as many security features could not be turned on.

With a staff of just nine people, the USC IT team found itself overwhelmed by security incidents, including the hacking of the university’s website from time to time. USC needed a robust yet simple-to-manage and resource-friendly security solution to meet its requirements.

Rather than renewing its previous solutions, which would have cost more than it originally paid for them, USC began looking for a simple security solution from a single vendor that it could entrust with the security of its network, web and email servers, and 2,800 workstations.

“We were always on the lookout for a single brand that could do it all and we found that with Sophos’s strong security protection, easy maintenance, a user-friendly set up – all with a low total cost of ownership,” said Rhea Rowena Rivera, USC’s Head of Information Resource Management, Technical and Networking Services and Helpdesk Services.

Sophos and its local partner All Links Trading helped USC transition easily to a suite of Sophos UTM appliances to secure its web and mail servers and control web applications, and Endpoint Protection to secure its desktops against sophisticated threats and data loss.

Before, USC needed to check separate solutions protecting traffic to the web and that managing traffic on the Local Area Network (LAN).

With a Sophos SG 650 UTM, now the university has the capability to protect and enhance bandwidth performance of campus public web servers, the local network and Wi-Fi network.

Via the UTM, USC’s IT team has central management to enforce security policies across two campuses, while conserving bandwidth to keep staff and students productive.

And with Sophos’s single management interface, detailed logs and reporting functions, there is a clear path for the university’s future roadmap to centralize management of all five university campuses at their main data center.

Just like USC, there are many organizations of all sizes with costly security systems that don’t meet their current or future needs.

Download the University of San Carlos case study learn more about how Sophos solutions can provide simple yet complete security and low cost of ownership for your organization.

Υou can read the original article here.

Web filtering used to be rather easy – IT departments could block inappropriate categories of websites like adult, gambling, and perhaps social media, and the job was done.

More recently, however, cybercriminals have begun to infect large numbers of users on the web by compromising legitimate sites that you probably don’t want to block with strict browsing policies.

In fact, SophosLabs detects 20,000 to 40,000 malicious URLs every day – and 80% of those are compromised legitimate websites. Web filtering that only blocks dodgy sites won’t keep users safe from web-borne threats.

As Sophos global head of security research James Lyne explains in this short video, cybercriminals can infect web users automatically via a drive-by download.

So how can you keep your users safe on the web, and also allow them to stay productive while doing their jobs?

Here are three tips for better web security.

1. In addition to a URL filtering solution that blocks known malicious sites, make sure you perform deep scanning of web traffic as it’s accessed to guard against compromised legitimate websites. Real-time reputation filtering protects you from new malicious websites as soon as they come online.
2. Make sure you’re protecting users when they’re outside your main office. A UTM can be a cost effective way to provide protection at local sites. For those at-home and traveling workers, use an endpoint security solution that integrates web policy enforcement and web content scanning directly into your laptops.
3. Keep your endpoints and software well-patched to protect against drive-by downloads that exploit vulnerable software and applications. Limit the number of Internet browsers, applications and plugins in your organization to a standardized set and enforce their use as policy.

7 Deadly IT Sins

Learn more about web security by checking out our 7 Deadly IT Sins website. It explains common security mistakes organizations make, and offers videos, whitepapers and other free resources to help you fix them.

Υou can read the original article here.