As I write this, I’m working on a company laptop from my home. Earlier today, I was working from a Starbucks. I’m glad Sophos allows me to telecommute on occasion, but it does bring up some common security concerns.

With employee work arrangements growing more flexible, devices and data are leaving the safe confines of the company network. How can you make sure your precious data is secure?

We put together a video that shows how encryption protects your data against some all-too-common (and all-too-human) security failures.

In this scenario, an employee named Alice logs onto an open Wi-Fi network to access an unencrypted file from a popular cloud storage site. If you know anything about how vulnerable Wi-Fi is to hackers, you can probably guess what happens next.

The video shows you exactly how an attacker could use simple hacking tools, a rogue wireless access point and a phishing website to steal Alice’s login credentials, break into her cloud storage account and download confidential corporate files.

Could something like this happen to you or one of your employees? As our video shows, if Alice’s files had been encrypted with a simple solution like SafeGuard Encryption, it wouldn’t matter if a hacker got access to her cloud account. Her files would be completely secure.

To learn more about how encryption can work for you, and how to choose the right encryption product, go to sophos.com/encrypt. That’s where you can:

• Watch fun videos showing you why you need to encrypt
• Download our free and easy-to-understand guide to encryption
• And get a comprehensive encryption solution buyers guide

Blog post: John Zorabedian

You can read the original article, here.

LogPoint is very proud to announce that we have achieved the Common Criteria (CC) certification at the evaluation assurance level (EAL) 3+ level for the LogPoint SIEM product.

CommonCriteria

The journey towards the certification started when LogPoint entered into a strategic partnership with The Boeing Company in late 2013. With the security and certification expertise from Boeing, LogPoint has been able to achieve the certification in within a very short timeframe.

Between three major releases, a catastrophic earthquake, we were able to achieve the certification quicker than the fastest expected duration, as per the official guidelines. This is a testament to the determination, agility and skill between both companies, teams and individuals – working on three continents.

Security-conscious customers, such as the government offices, law enforcement, intelligence, military and financial institutions require Common Criteria Certification as a determining factor in purchasing decisions – and we anticipate that more companies will be interested in this type of certificate the future.

We are very proud to have achieved this level of certification as it assures our customers around the world that LogPoint is safekeeping their trusted information.

Achieving this certification demonstrates LogPoint’s commitment to providing high quality security solutions to its customers, as well as LogPoints ability to perform software development following processes and requirements that guarantee the security and quality of the product.

Read more about our Common Criteria certification on this page.

You can read the original article, here.

We started our firewall revolution last month with the launch of the Project Copernicus beta. Project Copernicus is the codename for our new firewall platform that combines the award-winning SG Series appliance with an all-new operating system based on the best of Sophos and Cyberoam technology.

The feedback during the early stages of the beta has been very positive and helpful in shaping the final product. We’re pleased to announce the availability of Beta 2, which incorporates a number of significant enhancements, updates and fixes based on your feedback.

Improved navigation and menu organization 

• New top level Protection menu, grouping the most common security setup tasks functionally together
• Improved layout of System menu and Object Catalog menu
• Νavigation breadcrumb improvements

Streamlined security policies 

• Consolidated User and Network rule types
• Added templates for common business applications
• Rule ID visibility and search improvements

Hundreds of other fixes and improvements

While we don’t recommend installing beta firmware in your production environment, your participation is important! Please download and evaluate the new Beta 2 in as many deployment scenarios as possible.

You will see the Beta 2 firmware in your Copernicus Firewall under System > Maintenance > Firmware (you may need to click “Check for new Firmware” and reload the page for it to show up). If you’re not already part of the Sophos firewall revolution, you can join up and download the Beta 2 now at www.sophos.com/copernicusbeta.

Please provide feedback on the Sophos User Bulletin Boards.

You can read the original article, here.

According to the 7th (ISC)2 Global Information Security Workforce Study (GISWS), 2015, the following security concerns are considered to be the most critical:

• Application Vulnerabilities
• Malware
• Configuration Mistakes / Oversights
• Mobile Devices
• Hackers
• Faulty Network / System Configuration
• Internal Employees
• Cloud-Based Services
• Cyber Terrorism
• Trusted Third Parties

This list is the result of a global workforce survey conducted by (ISC)2 in 2015. Nearly 14.000 security professionals in different positions (management, executive, and technical) have given their valuable insights.

How does LogPoint fit in helping to prevent or minimize the effects of the abovementioned threats?

One of the most crucial elements is to collect sufficient amounts of data from as many different log sources as possible. LogPoint collects data from all kinds of different log sources, takes this data and converts it into a standardized format. This process is called “normalization”. LogPoint provides pre-defined normalization packages for many different log sources – out-of-the-box. Moreover, if there is a particular log source missing, LogPoint provides its customers with the necessary data within a very short time. There is no need to wait through pre-defined update cycles, which makes it easy to analyze data as quickly as possible without losing too much time!

Once the data has been normalized, it is possible to quickly create queries or run pre-defined searches to analyze the incoming data. Use either simple queries or more complex correlation queries to detect possible threats and receive a warning in real-time, create a dashboard, or run a report. Again, LogPoint provides content (alerts, dashboards, queries, and reports) out-of-the-box for more efficiency. Many of the topics mentioned in the GISWS are already covered in LogPoint.

LogPoint helps you detect possible threats in real-time and does so by applying its unique simplicity, which ensures that the analyst avoids making mistakes due to sheer complexity issues. Possible threats as mentioned in the 7th (ISC)2 Global Information Security Workforce Study (GISWS) are already covered by pre-defined content or are easy to implement.

You can read the original article, here.

The new Sophos Cloud Partner Dashboard delivers on the Sophos Galileo vision for connecting both Network and Endpoint, all while giving partners increased visibility to their business.

Designed exclusively for Sophos channel partners, the Sophos Cloud Partner Dashboard provides unified management tools to remotely manage and service both Sophos Cloud accounts and Copernicus firewalls. Actionable information gives partners greater visibility and control over their business, and highlights opportunities to facilitate business growth.

The new interface will become available on October 6, 2015. Highlights of the new Sophos Cloud Partner Dashboard include:

1) Easy access using our new direct log in page which uses the same log in credentials as the Sophos Partner Portal. And, partners can still access the Sophos Cloud dashboard directly from within Sophos Partner Portal.

2) Visibility to both Sophos Copernicus Firewall and Sophos Cloud customers: Partners can see a comprehensive list of firewalls and Sophos Cloud accounts (including trial users), which protection services are deployed, and expiration and usage details.

3) Aggregated view of Sophos Cloud customer alerts: For partners providing IT security services, the new Partner Dashboard offers aggregated alerts for an at-a-glance view of customer alerts, enabling prioritized and fast response.

4) One-click access to each customer’s cloud management console: From the Partner Dashboard, partners can easily access the managed account’s Cloud console with a single click, from both the account details and the alerts view.

5) Single sign on to Sophos Cloud Firewall Manager: When Copernicus Firewall launches, partners will be able to access Sophos Cloud Firewall Manager (CFM) directly from the Sophos Cloud Partner Dashboard. CFM is Sophos’ all-new centralized management console for Copernicus Firewall, enabling partners to manage all firewall devices from a single screen in the cloud.

6) Create Sophos Cloud trial accounts: Partners can provision new trial accounts directly from within the Sophos Cloud Partner Dashboard. This compliments the Sophos trial referral link program to promote Sophos Cloud free trial while protecting your leads.

7) Easily convert accounts: When a Sophos Cloud order is processed, the partner receives the license schedule with an activation code. To activate the account, simply apply the activation code.

For more information and a preview of the new Sophos Cloud Partner Dashboard, please download this PowerPoint file.

The passing of the one-year anniversary of the OpenSSL Heartbleed vulnerability – and a recent rash of highly exploitable vulnerabilities with names of lesser cachet – led me to wonder: Just how frequently are OpenSSL vulnerabilities reported, and what are their impacts?

While Array has developed our own proprietary SSL stack for production traffic, we do use OpenSSL for certain of our products’ functions such as our XML RPC and SOAP APIs, WebUIs and other non-traffic-related tasks. Thus, this exercise is categorically not about OpenSSL bashing – rather, it’s intended to gain a better understanding of the vulnerability landscape and to serve as a foundation for discussion on network security as a whole.

The infographic below was compiled from the NIST National Vulnerability Database, and lists vulnerabilities with Exploitability Subscores of 8.5 and higher (with 10 being the highest). While every attempt was made to ensure accuracy and completeness, the vast scope of the NIST database makes this a nearly insurmountable task.

As you will see, like almost every software ever created, OpenSSL has had its share of vulnerabilities over the years. Many were reported at or shortly after a major product release; after the 1.0.2 release on Jan. 22, 2015, for example, CVE-2015-0291 and CVE-2015-0292 were reported less than two months later.

In many ways, that’s the nature of the beast in open-source software development. The very structure that gives open source such great qualities – multiple developers (often volunteers) working together to create a freely-available code base – can also lead to errors because developers are working independently. However, with an entire community of developers, any errors are typically fixed very quickly, thus mitigating the impact.

And in all fairness, Array products were vulnerable to a couple of the vulnerabilities listed here, as well as a handful of others with lesser exploitability scores. Usually those vulnerabilities were related to the functions mentioned above, or to our older, end-of-sale products like the SPX and TMX Series. Follow the Array Support Twitter feed to keep up to date on all our product notifications.

Next time, I’ll dig deeper into the differences between open-source development and proprietary code bases, and offer concrete suggestions on keeping your network safe. Until then, let’s all be careful out there.

You can read the original article, here.

For most organisations the drive to capture log data is compliance. There are a few exceptions of course, but for most of you this simply means capturing and storing log data.

But why do just that? Doesn’t that seem kind of pointless? If you’ve got to do that then shouldn’t you at least get something out of it other than ticking the compliance box? Don’t get me wrong, being compliant is a good thing and for some of you it’s key to your business. But compliance is only a minimum standard. It’s the least you have to do yet most of us stop there. Why? – That’s another subject for another time.

Most of the focus within SIEM is on the Security (yes I’m including compliance in this bit as well). There is a tremendous amount of security-related value that analysis of your data can bring, all the standard stuff like failed log-ins and privileged user monitoring to name a few. But there are a whole host of other things you can and probably should do but don’t because it’s above and beyond the whole compliance thing. I’m talking about things such as monitoring successful logins and log-offs and determining the time lapse between the two events – is it too short for a human to have done that? Are you getting a lot of logins and log-offs in a short space of time? This could be a sign that someone has got into your accounts and is trying them to see if they are valid. Or maybe you want to find that signal in the noise – comparing user behaviour over time and finding out who is doing something very different to their colleagues. Even simple things like monitoring business critical files and their movement within your organisation will add value to your organisation’s security.

However I want you to think about the rest of the letters in that acronym SIEM – Information & Event Management…

This is where you can really get some value from your data in areas of your business you might not have thought of. Wouldn’t it be good for your business to monitor your VOIP traffic? Logging and analysing who you are calling, call times and if they are premium or international calls. Maybe you’d just like an alert if someone’s calling the talking clock? Perhaps simply having that information to hand for your finance team to cross reference with your phone bill. Maybe you’d like to monitor the usage of resources in your business? So when renewal time comes around you will have the information you need to know if it’s worth renewing or if your budget could be better spent elsewhere. Maybe you don’t need that Super Fancy Malware Threat Defender 5000, but you do need a new core switch. Having real life usage information to hand will be a valuable tool in assessing where to spend your budget.

The right SIEM can do all of those things for you and more. It can and should be at the heart of everything you do. Data does have value but it’s how you use it that counts. So with all this additional value a SIEM can bring maybe you’ll get lucky and other areas of the business will contribute their budget to purchase the right SIEM. Money follows value, as they say….

By Andy Deacon, Security Consultant, LogPoint

You can read the original article, here.

With the proliferation of data and the need to access it from anywhere at any time, encryption is rapidly emerging as the best place to start your data security strategy.

Despite some common ideas about encryption that it is too complicated to implement or too much of a hassle to manage, that’s not the case with the right encryption solution.

Below are six key aspects to keep in mind while choosing the right encryption solution for your organization.

1. Usability: A security product that’s too complicated to use doesn’t offer very much security at all. An encryption solution needs to be comprehensive yet simple: it should protect data everywhere – at rest, in use, or in transit – but shouldn’t take up too much time or IT resources to implement and manage.

Look for an encryption product that’s easy to set up and deploy, with an intuitive management console. It should also allow for simple key management and enforcement of your data protection policy.

2. Multi-platform: Find a solution that covers all types of encryption, including for multiple operating systems like Windows, Mac, Android, iOS.

3. Adaptability: You ideally want a solution that protects your data without getting in the way of daily work. Your encryption solution should adapt to your organization’s workflow – not the other way around.

4. Independent endorsements: Before making a decision, look at what others are saying about a product. Make sure whatever company you choose for your encryption needs has strong third-party endorsements from industry analysts, reviewers and customers.

5. Scalability: As you grow your business, you need an encryption solution that grows with you.

6. Proof of compliance: In the event that the worst happens and your data is compromised, encryption makes it unreadable and unusable by data thieves. If you work in a vertical or location that has specific data protection laws or regulations, auditors will require proof that the data was encrypted.

Learn more about how encryption can work for you, and how to choose the right encryption product. Check out our free and easy-to-understand guide to encryption, fun videos showing you why you need to encrypt, and a comprehensive encryption solution buyers guide at sophos.com/encrypt.

You can read the original article, here.

SophosLabs researcher Gabor Szappanos is at it again, with new research exploring and explaining the mechanics of a malware creation kit that was used in a series of campaigns between May and August 2015.

Gabor has been tracking the development of malware used in advanced persistent threat (APT) campaigns over the past couple of years, including PlugX and other document-based attacks.

This time, he cracks open the case of an intriguing malware construction kit available in underground cybercrime markets: Microsoft Word Intruder (MWI). MWI, which you can tell from its name is used to create malware exploiting Microsoft Office documents, was developed in Russia but has been used widely by cybercrime groups.

As Gabor explains in his new paper, Microsoft Word Intruder Revealed, virus creation kits are not new: the first ones were created in the early 1990s. But the purpose of creating and publishing them has changed. Instead of making a countercultural statement, the goal now is to make money for the authors, who sell these malware generators to other cybercriminals in underground marketplaces.

The overall effect of the MWI kit, however, is the same as with the old DOS virus generators of the 1990s: it gives cybercrime groups immediate access to Office exploits for malware attacks, even if they lack the skills to develop exploits of their own. According to Gabor, MWI had been used by numerous different malware groups, deploying Trojans from more than 40 different malware families.

There’s a lot of fascinating detail in Gabor’s paper, whether you’re a layperson interested in cybercrime, or a more technical reader. Gabor explains the history of malware creation kits, and how they work, and also dives into the infection mechanism of the MWI generator, pointing out the key characteristics differentiating these samples from other exploited malicious documents.

Download Gabor’s paper – Microsoft Word Intruder Revealed.

You can read the original article, here.

Laptops are ubiquitous in today’s IT environments. How many of your employees are using laptops in the office, on the road, working from home, or all of the above? While massively convenient, and a boon to worker productivity, laptops also represent a major liability. They are easy for employees to lose – and easy for a thief to steal.

On balance, most companies likely think the reward is worth the risk. But the risks are significant when you consider all of the valuable data stored on employee laptops, and the potential for data loss and subsequent fines, lawsuits, lost intellectual property and brand damage. Take the recent example of SterlingBackcheck, a Texas company that provides background screening services to clients around the world.

In early August 2015, SterlingBackcheck sent out a letter informing people that a few months prior a “password-protected laptop was stolen from a SterlingBackcheck employee’s vehicle.”

The laptop contained unencrypted data including names, Social Security numbers and birthdates for roughly 100,000 people. This kind of data is a potential gold mine for an identity thief. Which is why SterlingBackcheck has offered “free” credit monitoring and ID theft protection to those affected (those services are not actually free – SterlingBackcheck has to pay for them!).

Imagine if this was your company: not only would you face the embarrassment – and cost – of notifying customers of their lost data, you’d also face the prospect of negative media attention for the incident and any number of clients, partners or potential customers questioning your business’s trustworthiness.

The risk of this happening to your business is unfortunately quite high. Although you certainly have to protect yourself against the threat of criminal hackers, a large proportion of data loss is the result of a lost or stolen laptop, USB drive or mobile device. In one study of the healthcare industry, 70% of data lost in 2013 by California healthcare organizations was the result of loss or theft of a physical device such as a hard drive or laptop.

The most staggering thing about these reports is that you almost never hear that the data on lost or stolen devices was encrypted. According to the 2015 Verizon Data Breach Investigation Report, an analysis of data breaches found that the words “unencrypted,” “not encrypted,” and “without encryption” were present in four times as many incident reports as phrases such as “was encrypted” and the like.

That’s unfortunate, because disk and device encryption is absolutely the best defense against this type of data loss. When data is encrypted, it is scrambled in unreadable format called cipher text, and only the person with the encryption key can unscramble it again.

I’d like to point out one other thing about SterlingBackcheck’s notice to those affected by its lost laptop data breach. The company says the laptop was “password protected,” as if that was some kind of adequate defense against data loss.

In reality, an unencrypted laptop’s password protection is worth almost nothing – passwords can be cracked in minutes. Besides, a thief would just need to put the laptop’s hard disk into another computer, or boot the “protected” computer from a CD or USB key in order to get at your data.

What if the data on a lost laptop has been encrypted? There’s no way a crook could read your encrypted data, and the laptop would be worth only as much as the thief could get for its parts.

So, why aren’t more businesses encrypting their laptops and other devices? It’s a bit of a mystery, but I believe it’s because businesses think they have adequate security in place already, or that encryption is too difficult or expensive to implement.

These are myths.

If you want to be absolutely sure your data is protected, encryption should be your first line of defense.

And if you still think encryption is too much of a hassle, I urge you to check out the resources at sophos.com/encrypt, including free whitepapers, reports and videos, showing you just how simple it can be.

You can read the original article, here.

This year, we’re revolutionizing the firewall, giving our award-winning SG Series appliances an all-new operating system that combines the best of both Sophos and Cyberoam technology.

The codename for this new firewall platform is Project Copernicus, and we’re excited to inform you that the beta phase is now underway.

This is your invitation to take an early look at the new software and put it to the test. To get a brief introduction to Project Copernicus and it’s many innovations, watch the short video (password: Copernicus2015!).

Of course, we don’t recommend updating production systems to beta firmware. But if you’re interested in exploring first-hand what Project Copernicus has to offer – and helping us continue to fine-tune it by providing your feedback – we would love to have you participate.

To get started, simply visit sophos.com/copernicusbeta to download the new Sophos Firewall OS for your SG Series, Intel hardware platform, or virtual environment of choice. Then head to the Sophos User Bulletin Board to find documentation and tips, and share your feedback.

You can read the original article, here.

Several writers on Corero’s blog have been calling attention to recent DDoS extortion campaigns. Now the FBI is sending notice to banks and other financial institutions to be on the watch for shakedown attempts. MarketWatch has reported that attackers have already made DDoS extortion attempts against more than 100 financial firms in recent months.

In an article on BankInfoSecurity, Matthew J. Schwartz describes the modus operandi:

Attackers’ tactics are simple: Sometimes they threaten to disrupt a firm’s website, preventing customers from accessing it. And other times they warn that they will release data – which they obtained by hacking into the firm – that contains sensitive information about the organization’s employees and customers. Or, the attackers say, the organization can pay them off – typically via bitcoins – to call off the attack or delete the data.

Some of the companies have had demands to pay tens of thousands of dollars. While a few have paid the extortion money, most have ignored the demands. Gartner analyst and fraud expert Avivah Litan says most financial institutions are reluctant to talk about experiencing either the extortion demands or any ensuing attacks for fear of alarming their customers.

The growth rate of these extortion campaigns seems to be tied to the ease of launching a DDoS attack via various underground services. For just a couple of dollars, anyone can order an attack against a target for a few hours. This can be just enough to take the targeted business offline for a while, causing large revenue losses and frustration for customers.

A business might be tempted to pay the bitcoins to avoid the attack, but law enforcement officials say this isn’t a good idea. A payoff sometimes leads to further demands for even more money.

Cybersecurity expert Brian Homan of BH Consulting offers the following recommendations for dealing with DDoS threats:

• React: Take the threat seriously, and “spin up” an incident response team to deal with any such attacks or threats.

• Defend: Review DDoS defenses to ensure they can handle attackers’ threatened load, and if necessary contract with, subscribe to or buy an anti-DDoS service or tool that can help.

• Alert: Warn the organization’s data centers and ISPs about the threatened attack, which they may also be able to help mitigate.

• Report: Tell law enforcement agencies about the threat – even if attackers do not follow through – so they can amass better intelligence to pursue the culprits.

• Plan: Continually review business continuity plans to prepare for any disruption, if it does occur, to avoid excessive disruptions to the business.

If your company wants to learn more about getting prepared for a DDoS attack, talk to the folks at Corero. They’ll help you make a plan so that you can defend against whatever type of DDoS attack someone wants to throw at you.

You can read the original article, here.

We have some great news for users of Sophos Mobile Security, our Android antivirus and security app. Independent IT security institute AV-Test has awarded Sophos another perfect protection score in a July 2015 test of mobile antivirus applications – the sixth test in a row where we scored 100% detection.

Although we’ve aced this Android security test every time for the past year, this particular test was actually quite different from the previous tests run by AV-Test. And we think the difference is really important.

Prior to the July test, AV-Test used a two-run scan: first an on-demand scan, followed by an on-access scan test. The on-demand test is a bulk scan to see if a security tool detects the entire set of malware files used in the test. The on-access scan involves loading a set of malicious apps on a physical mobile device to see if the antivirus detects the malware when it is installed or run.

In July, AV-Test introduced a new “real-time on-access” test, where all apps were reviewed simultaneously on 40 Android smartphones. In addition to testing vendors’ antivirus apps for their detection of malware discovered in the past four weeks, this new test measures proactive detection of the latest Android zero-day threats in real time.

Since this was the first time the test ran, there is no history to compare to. But we think the new test paints a more accurate picture of how security apps perform in the real world, outside of the labs. For that reason we applaud AV-Test and their continued efforts to improve testing – it’s good for the security industry, helping us to continually improve our products, and so benefits our users as well.

Sophos’s Android antivirus stood up very well in the new test – we were one of only 5 out of 26 vendors with perfect malware detection. Sophos is proud to be among this select group.

Android malware – the threat is real and growing

You may have heard some people arguing that the threat of Android malware is overhyped. For instance, Android’s chief security engineer has claimed that Android users shouldn’t bother with antivirus.

Although the risk of Android malware is considerably smaller than that for Windows, we disagree with those critics (Google included). The Android threat is real – and even in Google Play, where malicious apps are discovered from time to time, despite Google’s generally good track record of keeping the Android marketplace clean.

Outside of Google Play, where untrusted developers are given a free pass by unscrupulous app markets, it’s a different story. In just the first six months of 2015, SophosLabs has discovered 610,389 new Android malware samples, bringing the total to approximately 1.9 million.

It’s not just malware we need to be concerned about – we’ve seen another 1 million apps that, while not malware in the strictest definition, nevertheless exhibit sketchy behaviors. These apps, which we call potentially unwanted apps (PUA), may also threaten user privacy and security. Many PUAs contain adware, collect user data unnecessarily, or deceive users with phony malware pop-ups and other scammy behavior.

Android malware PUA chart

(You can see in the chart above the rapid growth of cumulative samples of Android malware and PUA detected by SophosLabs, January 2013 – June 2015.)

Of course, you shouldn’t rely solely on antivirus to protect your Android devices and the personal data you store and access on them.

As AV-Test’s Hendrik Pilz noted recently, smartphones are a very lucrative target for a cybercriminal – many people are now using their Android devices as a primary way to access their most sensitive data, from private photos to email and their bank accounts.

That’s why Hendrik recommends Android security apps that come with extra features, such as an app adviser that “clearly and succinctly indicates the possible security risks of a new app,” allowing the user to make a well-informed decision before installing an app.

We agree, which is why Sophos Mobile Security goes way beyond antivirus – with a privacy advisor, spam protection against unwanted calls or SMS messages, web protection against malicious websites, added security for sensitive apps, device encryption, parental controls, and anti-theft controls. We offer all of these features in a user-friendly app that’s simple to manage. And it’s completely free on Google Play.

A note on false positives

In AV-Test’s July 2015 malware test, Sophos’s Android security app received a lower score in the Usability category as a result of two false positives that AV-Test said we erroneously flagged as dangerous apps.

We’d like to point out (as we did to AV-Test) that the two samples in question were signed by a developer certificate that has been abused in the past to sign both malware and PUAs. In general, our policy (which mirrors Google’s) is to block any samples that are signed with a certificate that has been associated with malware, as the author can no longer be trusted. By warning users about apps signed with low-reputation developer certificates, we’re helping users make more informed decisions about the risks to their security.

We think our position is sensible and supports a better system where app developers should invest in their reputation. It’s good for users, good for legitimate developers, and bad for malicious app authors or those who deliberately want to play at the edges.

Sophos Mobile Security

Sophos Mobile Security is a free, award-winning Android security app that has been downloaded more than 500,000 times from Google Play. It protects your Android devices from malware with up-to-the-minute intelligence from SophosLabs, without impacting performance or battery life. Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email.

It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product.

You can read the original article, here.

Over the coming months we’ll be migrating web services used by our customers and partners to Sophos ID, giving you one account to access all the web services you subscribe to.

Beginning in mid-August, we’re enabling login via Sophos ID for MySophos and SophServ. Using your Sophos ID, you’ll also be able to access Sophos Community, a merger of SophosTalk and Sophos FreeTalk.

Later this year, we’ll enable Sophos ID for our partners to access the Partner Portal, Cloud Partner Dashboard, and Sophos Cloud Firewall Manager.

Existing accounts for one or more of these services will be automatically moved to Sophos ID, so you won’t need to register for a new Sophos ID account if you have a MySophos account today. For your security, when you log in for the first time you will need to reset your password.

We plan to enable Sophos ID for more web services soon, until all services will be accessed via Sophos ID. We’ll keep you updated on these closer to launch.

You can read the original article, here.

We’re extremely proud that Sophos has won the award for best IT vendor in all three security categories in CRN’s Annual Report Card (ARC). It was an honor to win more categories than any other vendor recognized this year.

For the second year running, we’ve been recognized as the winners of two categories – Client Security Software and Network Security Appliances – and this year the channel also chose us as the overall winner for Network Security Software.

The ARC summarizes results from a comprehensive survey of solution provider satisfaction with hardware, services and software vendors.

More than 2,400 solution providers were asked to evaluate their satisfaction with 72 vendor partners in approximately 22 major product categories. The vendors with the highest marks are celebrated as best in class by their partners.

We also secured an Xchange Xcellence award during The Channel Company’s XChange 2015 event (Aug. 9-11, in Washington, D.C.) for our sponsorship of Security University and a great keynote by Sophos senior security expert John Shier.

“Our partner community is absolutely critical to our success in helping businesses and government agencies of all sizes protect their systems and information from cyber-attack,” said Mike Valentine, senior vice president of worldwide sales for Sophos. “The unprecedented high marks awarded by our partners for the 2015 Annual Report Card reflects our companywide commitment to the channel.”

CRN and its readers have recognized many of our key marketing and sales people for their accomplishments and impact within the channel. Now to receive these awards in all three client and network security categories is an honor for our entire company.

It’s also a great opportunity to receive valuable feedback from the IT vendor community that we can use to hone our product offerings and improve communication with our partners.

To our partners, thank you for choosing us as the best security vendor to work with.

You can read the original article, here.

Just recently the Internet Complaint Center (IC3) issued an alert to businesses regarding a rise in extortion campaigns, tied to threats of DDoS attack activity unless a ransom is paid.

The rise in DDoS attacks generally, is not surprising at all and the use of the “DDoS threat” for ransom or extortion is not a new tactic in the world of cyber warfare.  DDoS attack tools are cheap (if not free) to obtain, easy to launch and are most often executed with complete anonymity. Not to mention the wide range of motivations we see in the market.

Corero is working to support providers and their subscribers as they fight against DDoS attacks, and many of these Internet connected businesses have shared (ehem, confessed) that they have actually paid out ransoms just to stay out of the line of fire.

Let’s put this into perspective.

In late 2014, Each of Corero’s protected customers were seeing roughly four DDoS attacks per day against their network and infrastructure—that’s about 350 attacks per quarter.  96% of those attacks last less than 30 minutes in duration. 79% of those attacks were less than 5Gbps in size. High volume link saturating attacks are indeed a threat, but these smaller, frequent and highly damaging attacks are far more commonplace.  How does an organization effectively protect their business from DDoS, regardless of motivation?

What we recommend:

• Consider implementing technology to detect, analyze and respond to DDoS attacks by inspecting raw Internet traffic at line rate – identify and block threats within the first few packets of a given attack.
• Introduce a layered security strategy focusing on continuous visibility and security policy enforcement to establish a proactive first line of defense capable of mitigating DDoS attacks while maintaining full service connectivity, availability and delivery of legitimate traffic.
• Ensure complete application and network layer visibility into DDoS security events. This best practice will also enable forensic analysis of past threats and compliance reporting of security activity.
• Take into account the hybrid approach to DDoS defense – in-line real-time detection and mitigation solutions for the everyday DDoS threat paired with on-demand cloud services for link saturating events.

When it comes to the hybrid approach, the concept of on-demand cloud defense for a pipe saturation attack coupled with in-line, real-time defense provides protection against the whole spectrum. Businesses that engage with their on-demand DDoS mitigation provider can quickly initiate that service based on visibility in the event of a massive volumetric attack.

The main benefit of a hybrid approach is that the on-premises device heavily reduces the number of times an organization switches over to the cloud – lowering cost and providing comprehensive and consistent defense. The implementation of an always-on solution combined with on-demand cloud defense provides businesses with a means of safeguarding against the vast scope of DDoS attacks posed to their networks. With DDoS attacks now being delivered in various sizes and with differing intentions, ensuring that the appropriate prevention best practices are utilized correctly could well be what saves your organization from falling victim to a DDoS attack, and or major breach of information.

Υou can read the original article, here.

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS (SF-OS) that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. The new OS includes a number of important innovations. You’ll see a thoughtfully redesigned user interface, new Security Heartbeat technology, and a policy model that makes protecting users and applications faster and more effective than ever before.

Sophos Firewall OS runs on all existing Sophos SG Series and Cyberoam NG Series and select ia Series devices. It’s also available for a variety of virtual platforms or as a software appliance ISO. 

Sophos is revolutionizing the firewall with our all-new Sophos Firewall OS that combines the best of both Sophos UTM and Cyberoam next-generation firewall technology. And if you manage multiple appliances, the new Sophos Firewall Manager brings you control of every firewall feature all from a single console.

Project Copernicus introduces a number of important innovations that take simplicity, protection and performance, to a whole new level:

Powerful new unified policy model

• Conveniently manage all your policies in one place
• Policy templates for networks, users, and business applications dramatically streamline configuration
• Manage policy controls for apps, web, QoS, and IPS together on a single screen

Elegantly simple user interface

• A refreshing, thoughtful new approach to firewall management
• It starts with an incredibly rich interactive control center that surfaces everything you need to know
• Focused on making powerful features easy to access, understand, and use

Revolutionary advanced threat protection

• Uniquely integrating the firewall and endpoints to share status and intelligence
• Security Heartbeat status immediately identifies compromised systems
• Policy can instantly isolate and limit access based on Security Heartbeat status

Full-featured centralized management

• Central control over every feature of all your firewall devices
• Push, pull, replicate, or automate policies across firewalls
• Manage from the cloud* or on-premise – whatever best suits your needs

A firewall that makes security easier

Sophos Firewall OS gives you time-saving features you’ll love. With an interface designed to eliminate unnecessary complexity, it enables you to use the powerful features without needing to become an IT security expert.

New Control Center offers instant insight and control

A single screen gives you at-a-glance feeds of system performance, traffic patterns, alerts and policies. Every widget is interactive letting you instantly drilldown into the detail and access the tools you need to take action. You’re never more than 3-clicks from anywhere with menus providing a helping hand to guide you when you’re not sure where to go and embedded screen shot previews and best practice hints and tips.

Policy templates streamline configuration

Pre-defined policy templates let you protect common applications like Microsoft Exchange or Sharepoint fast. Simply select them from a list, provide some basic information and the template takes care of the rest. It sets all the inbound/ outbound firewall rules and security settings for you automatically – displaying the final policy in a statement in plain English.

Unique user-level control and insight

The combination of our new user-based policies and our unique User Threat Quotient monitor finally gives you the knowledge and power to regain control of your users, before they become a serious threat to your network.

User identity takes enforcement to a whole new layer

Sophos Firewall OS integrates our patented Layer-8 identity based policy technology enabling user level controls over applications, bandwidth and other network resources regardless of IP-address, location, network or device. It literally takes firewall policy to a whole new layer.

User insight that lets you identify and control your biggest risks

Another Sophos exclusive is our User Threat Quotient (UTQ) indicator that provides actionable intelligence on your users behavior. Our firewall correlates each user’s surfing habits and activity with advanced threat triggers and history to identify users with risk-prone behavior.

A revolution in advanced threat protection

Sophos delivers the advanced threat protection required to thwart today’s attacks and prevent breaches, but implemented simply. No new agents or products required – just your trusted firewall and endpoint working together to improve protection.

Security Heartbeat integrates Network and Endpoint

An industry first, our Security Heartbeat links your endpoints and your firewall to combine their intelligence and identify systems compromised by previously unknown threats. The Heartbeat status is integrated into security policy settings to instantly trigger actions at both endpoint and network levels to isolate or limit access until systems are healthy again.

More-in-One Protection

Sophos still delivers more in one box than anyone else. No extra hardware required. No extra cost. Like an enterprisegrade Web Application Firewall, SPX Email Encryption, Remote Ethernet Devices (RED), and integrated WiFi controller with the fastest 802.11ac wireless access points on the market.

Full-featured centralized management

Our new Sophos Firewall Manager provides comprehensive central management of all your firewalls. If you are a distributed organization or managed service provider, you get complete control over all your firewalls, with dashboards showing the security status across all your sites.

Sophos Firewall Manager (SFM) and Cloud Firewall Manager* (CFM)

A variety of dashboard views let you monitor all of your SF OS devices. You can push, pull or replicate policies amongst your various firewalls or have new devices inherit policies automatically when they come online. Sophos Firewall Manager (SFM) will be available to deploy on-premise in hardware, software or virtual form-factors to suit any environment.

*Important Note: The new Sophos Cloud Firewall Manager (CFM) will initially be for the exclusive use of our Partner Service Providers before being extended to all our customers at a later date.

Sophos iView provides consolidated reports across multiple appliances

Our dedicated reporting appliance gets an update and now supports reporting of SF-OS devices, UTM 9 and CyberoamOS devices. In addition, we’ve added reports for SF-OS like Advanced Threat Protection, Security Heartbeat, Wireless, and SPX Email Encryption. You get consolidated reporting across multiple firewalls, compliance reports, nearly limitless views, scheduled reporting via email and a long-term storage solution for your reporting data.

Flexible deployment choices without compromise

Sophos continues to provide a flexible array of deployment options to meet the needs of any organization.

Runs on existing hardware and in virtual environments too

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia series hardware appliances, in your choice of virtual environments, or on your own Intel hardware. You can easily extend your network virtually with Sophos Remote Ethernet Devices (RED) or a variety of VPN technologies. And with simple options for HA, WAN and link balancing you can also get the ultimate in redundancy and scalability.

Security audit reports empower evaluations

Our new Discover Mode makes it easy to demonstrate value in trials, evaluations, and Proof of Concepts (PoCs). It enables the firewall to be deployed in TAP or mirror mode into an existing network – seamlessly and transparently – to monitor activity and traffic. The findings are then compiled into a Security Audit Report that provides a complete assessment of potential risks and issues on the network.

Current software continues to be enhanced so you can choose when to migrate

If you are an existing customer rest assured there is no need to rush to deploy the new Sophos Firewall OS. Our current UTM 9.x platform and CyberoamOS continue to be supported and developed so you can choose the right time for your transition. When you do, your licenses will be automatically migrated and you’ll be able to use our SG Series migration tools to preserve and to port across some of your settings.

Hardware Appliance Support

You can deploy Sophos Firewall OS on any Sophos SG Series or Cyberoam NG Series and select ia Series devices. Our appliances already offer industry leading performance, but with this release our new optimized FastPath scanning technology will boost performance even further making even more of your existing hardware. If you’re using Sophos UTM Series or an non-compatible Cyberoam ia Series device contact your partner to speak about our programs that let you cost effectively upgrade your hardware and take advantage of the new Sophos Firewall OS features.

Watch a video about the Project Copernicus bellow:

password για το video:Copernicus2015!

You can read the original article, here and here.

Linux is widely considered to provide a higher level of security than traditional operating systems. As a result, security tools such as anti-virus software are often ignored on the Linux platform. However, Linux is increasingly popular with attackers, because Linux systems are often used for critical roles such as developer workstations, web servers and internal file servers.

In addition to being susceptible to Linux-based and cross-platform exploits, unprotected Linux computers can also serve as distribution points for Windows, Mac, and Android malware.

To investigate just how prevalent Linux servers are in the cybercrime ecosystem, Sophos security expert Chester Wisniewski recently took a SophosLabs list of 178,000 newly-infected web servers, and worked backwards to see what operating system they were running.

He found that about 80% of the servers in active use by cybercriminals for spreading malware were running Linux.

In addition, he found that about 80% of those infected Linux systems were other people’s computers: innocent servers, deliberately hacked and co-opted by the crooks to provide bandwidth and legitimacy for online criminality.

So, we’re excited to announce that Sophos Cloud Server Protection now supports Linux, so you can defend your Linux servers and desktops against cyber-threats in just the same way as you protect your Windows and Mac systems.

Sophos Cloud Server Protection for Linux provides on-access (real time), on-demand, and scheduled scanning. It delivers excellent performance, stability, and reliability on a wide range of Linux distributions, including Amazon CentOS.

Protecting your Linux systems with Sophos Cloud is extremely easy: just download the Linux “thin installer” from the download area of your Sophos Cloud Console, and run it on any Linux computers you want to protect. (If you have Linux computers that are already running Sophos Free Antivirus for Linux, you can upgrade them to Sophos Cloud Server Protection and enjoy the benefits of central management, reporting, and access to technical support.)

We called it Sophos Cloud Server Protection for Linux, because the vast majority of Linux systems out there are servers. But you can protect your Linux workstations as well – just add them into your license along with the servers!

For more information, please visit https://www.sophos.com/servers

Υou can read the original article, here.

SEP sesam webinar: SEP sesam Enterprise Backup – Introduction and Live Demo, August, 11th at 10:00 am CEST. Register for this Webinar now! SEP sesam is looking forward to your participation!

SEP sesam provides a complete solution suite for all backup and disaster recovery requirements in an IT infrastructure. During our live presentation we will present a quick overview of the most important features and demonstrate the functionality of SEP sesam as a central backup solution.

We invite you to ask questions during the session; our technicians will be available to follow up with any requests. 

Contents:

• Backup of different Operating Systems – Windows, Linux, Novell
• Backup of virtualized environments
• Backup of Databases and Groupware systems
• Reporting and monitoring in a SEP sesam environment
• Identifying and defining backup tasks
• Configuring backup media (both disk and tape)
• Data Migration – Transfer data between disk/tape 

Leading cyber security company Sophos, today announced the results of its latest research highlighting the state of IT security in the UK’s public sector. The research, conducted on behalf of Sophos by Dods Research, found that only 41 per cent of respondents thought that their current IT security practices would offer suitable protection against the growing threat of cyber-crime. Almost 50 per cent said they did not know, indicating a low level of awareness of cyber security and cybercrime across the general local government workforce.

The research, which surveyed, 2,728 local government and police workers across a wide range of disciplines, highlighted that over the past 12 months, the majority (90 per cent) of local government and police organisations have been affected by budget cuts. This has prompted job losses (67 per cent) and cuts in overall front line services (63 per cent) in many areas of the organisation. When it came to IT, 62 per cent said they are planning to make savings by increasing or implementing shared services – splitting the costs with other neighbouring organisations. However, only 30 per cent of those surveyed said their organisations are exploring the consolidation of existing IT services to make savings, and only nine per cent are looking at consolidating their IT security services.

The research also canvassed public sector opinion about what the biggest drivers for change have been from an IT security point of view, with 59 per cent highlighting the demand for more remote and mobile working practices. Furthermore, 46 per cent cited increased awareness of data security thanks to high profile security breaches and upcoming EU legislation. When asked directly what their main concerns were from an IT security point of view, the research found that, issues around data loss (47 per cent) were at the top of the agenda followed by remote access (31 per cent) and targeted attacks (25 per cent).

However, despite the move towards more remote and mobile working policies, public sector organisations still remain sceptical about turning to flexible cloud storage solutions with only 16 per cent using these tools. This was an interesting find considering that other serious issues, such as shadow IT (11 per cent) and BYOD (18 per cent) factored extremely low on the scale of concerns, indicating that it may not be something at the forefront of local government security minds. In contrast however, 63 per cent of local government workers who responded agreed that encryption was becoming more of a necessity within their organisation.

James Vyvyan, regional vice president of Sophos UK & Ireland, says “With cybercrime at an all-time high and public sector budgets reducing year-on-year, it’s more important than ever that organisations maximise the resources available to them. There is a clear trend towards local authorities partnering with neighbouring authorities to increase and implement shared services. This collaborative approach is certainly helpful in the fight against cybercrime. Our research indicates that local authorities and police may also be missing the opportunity to consolidate their IT and security technologies, which can deliver further savings, helping to protect jobs and frontline services.”

Υou can read the original article, here and here.