PRODUCTS

News

21

Mar

Our Always on the go, but need to stay connected? It might be tempting to log on to free open Wi-Fi networks at airports, cafes and other public hotspots. Don’t do it – those networks offer no protection against hackers looking to steal your identity.

Sophos security expert James Lyne drove home that point on the TODAY Show, as he demonstrated how easy it would be for a cybercriminal to intercept communications on open networks to steal passwords and bank account details.

Just like his previous research experiments in cities like London and San Francisco, James set up an open Wi-Fi hotspot in New York City to see how many people would connect to his network. The results might surprise you.

In the course of a day, more than 2,300 New Yorkers connected to James’s hotspot without knowing if he was out to do them harm. Even more shocking, 109 people agreed to pay $1 to $2 for the privilege, giving away their credit card information to a complete stranger.

Now, we all know that James is one of the good guys – his research is intended to raise awareness about wireless security, because so many people just don’t understand the risks.

Those risks apply to businesses as well as consumers. If your company employees use open Wi-Fi to connect their work laptops and mobile devices to the Internet, just imagine what a hacker could do with access to your employee passwords – the keys to your kingdom.

You can’t leave your users to fend for themselves. Businesses should keep mobile users safe whether they’re in or out of the office. Endpoint security, encryption, mobile device management, and web security are all critical components of a comprehensive security strategy.

The risks are everywhere, but wireless security doesn’t have to be difficult. Check out the video from the TODAY Show to see James’s hotspot experiment and learn how to stay secure.

Wireless security tips for consumers

Stay secure when using Wi-Fi. Follow these 5 easy tips, and get more of our top wireless security tips at sophos.com/wifi.

  • Think twice before connecting to a wireless network. The best level of protection for a wireless network is called WPA/WPA2. Don’t use WEP or Open networks.
  • Use a VPN (Virtual Private Network) to keep your connection encrypted.
  • Make sure you’re using HTTPS or SSL when visiting sensitive websites such as your email or bank.
  • Keep your mobile devices and laptops secure – turn off connecting automatically to Wi-Fi hotspots.
  • Use an antivirus and always keep your computers, devices and software patched with the latest security updates.

You can read the original article here.

18

Mar

According to ComputerWeekly’s 2015 IT Priorities Report, 46% of IT managers worldwide plan to implement a Bring Your Own Device (BYOD) initiative in 2015, and 30% plan to deploy mobile apps.

If you’re responsible for building your organization’s BYOD policy, there are hundreds, if not thousands, of articles and guides available on the topic – an article by industry consultant Bryan Barringer is one of the most recent, and it carries some very good insights. 

Unfortunately, most of the BYOD policy articles overlook a technology that has been the workhorse for secure remote access for more than a decade: SSL VPN. 

Originally designed for secure remote PC and laptop access, SSL VPNs have adapted and evolved over the years as BYOD morphed from a buzzword to reality for many organizations. The SSL VPN solutions of today, like Array’s AG Series secure access gateways, offer a wide range of support for smart mobile devices. And, due to their unique position at the network edge, with visibility into the endpoints and policy-based control over access to network resources, SSL VPNs can be your first line of defense for BYOD – the foundation for your BYOD policy, if you will. 

For example, Array’s SSL VPN solution provides granular access control based on user and role, and host-checking can verify device and user identity as well as whether the endpoint meets security parameters like anti-virus, anti-spyware, personal firewalls, allowed OS version, etc. 

A mobile client supports secure access for native business apps and HTML5 apps via a secure browser, and all data associated with enterprise apps is stored in a secure container to prevent data leakage. The secure container can be remotely wiped in the event of loss or theft of a mobile device, and device-based identification can be used to prevent future SSL VPN connectivity by that device. 

One Note of Caution: All SSL VPNs Are Not Created Equal 

You may have read over the past year or so of several vulnerabilities associated with OpenSSL, which is commonly used by other SSL VPN vendors. Heartbleed, Man-in-the-Middle, and GHOST are just a few of them. As you’re evaluating SSL VPN options, you may want to ask your vendor if their solution uses OpenSSL. Array’s AG Series uses a proprietary SSL stack, and thus has not been affected by any of the OpenSSL vulnerabilities.

You can read the original article here.

15

Mar

Observing and analyzing DDoS attacks over a period of time helps us all understand trends so that we can better prepare for the future. Verisign has recently published its DDoS Trends Report for the last half of 2014, and there are some interesting observations. 

For one thing, attacks are growing larger in size. In the attacks observed by Verisign in the latter half-year span of 2014, 65% were greater than 1 Gbps in size. Some of the largest attacks reached approximately 300 Gbps, but fortunately those were exceptional cases.

Verisign did say it mitigated multiple attacks in the 200+ Gbps range. In all, the average attack size was 12.42 Gbps, which still represents a 291% increase since a year ago. And while the attacks may have been large in size, they were, mercifully, not terribly long in duration. 

A common perception is that financial services companies, including banks, are the primary target of DDoS attacks. Perhaps this perception stems from the highly publicized attacks on American banks back in 2012 and 2013.

In reality, for the second half of 2014, the vertical sector most often attacked was Media & Entertainment/Content at 43%, followed closely by IT Services/Cloud/SaaS at 41%. The Financial Services sector caught a break for that half of the year, with only 5% of the DDoS attacks hitting that industry. 

The attacks are showing increasing complexity, sometimes quickly and unpredictably changing vectors over the course of the mitigation. For example, Verisign saw sophisticated TCP and UDP floods that targeted specific custom application ports and continuously switched vectors. Attacks are growing more sophisticated in their ability to evade common mitigation approaches. 

It’s clear that DDoS attacks have reached a point where specialized mitigation techniques are necessary. It’s noted that some companies simply try to over-provision bandwidth and other resources in order to absorb attacks, but that approach is not only needlessly expensive, it’s hardly feasible anymore as attacks grow in size and complexity. It’s simply an arms race that the defending company is doomed to lose without the right mitigation weapons. 

You can read the original article here.

13

Mar

Macs are gaining ground on PCs everywhere, including at the office. Companies are adopting programs that allow users to bring their own devices, or choose the corporate-owned devices they prefer.

When given the choice, many employees are going with what they have at home, and picking Macs over Windows computers. With more Macs, that means extra challenges for IT, from troubleshooting to security.

You’ve heard of the seven deadly sins. We think the 7 Deadly IT Sins are pretty bad too – and neglecting security on Macs is a sin we call “Mac malice.”

Don’t give Macs a pass on security

Macs have a reputation for security that probably has more to do with Apple’s clever marketing than reality – Macs can get malware too.

Even if Macs are less-frequently targeted by malware than PCs, Mac users still use bad passwords, fall victim to phishing or other social engineering, and lose their laptops (and the valuable data on them). And a false sense of security could make Mac users more careless about security than PC users.

“An astounding number of Mac users still believe that they are immune to malicious code,” says James Lyne, Sophos global head of security research. “It’s actually astonishingly easy to create malicious code for the Mac. And as most Mac users don’t use antivirus, it often goes undetected.”

There have been some big security failures that prove just how vulnerable Macs are. Apple’s own employees had their Macs compromised by malware in February 2013 via a vulnerability in Java. In 2012, an attack on another vulnerability in Java infected 600,000 Macs with the Flashback malware.

Just like any other software, Mac OS X needs to be patched against vulnerabilities that attackers can exploit to compromise users and steal data. You may have heard of Shellshock, FREAK, or Goto Fail – all of those security bugs affected Macs. If Macs aren’t protected, they can also spread Windows malware across your network, putting your Windows users at risk even if Mac users aren’t affected.

How to protect your Macs

In the video below, you can watch James use a simple tool to launch an attack that allows him to take over a Mac to do anything a user could do, like turn on the web camera, search files – and possibly gain access to other parts of your corporate network.

It’s fascinating and scary, but James offers some security advice too. Fortunately, it’s easy to protect Macs with the right security solution.

Τhe 7 Deadly IT Sins

Learn more about Mac malice, find out how to keep all your Macs secure, and see if you’re guilty of other security sins on our 7 Deadly IT Sins website.

You can read the original article here.

10

Mar

Our customers rely on us for innovative protection against today’s evolving threats. And with Sophos, there’s no need to compromise on performance. We know performance matters. Users want their security to operate quietly in the background so they can focus on their jobs, without lagging performance due to software updates and virus scans.

Sophos Endpoint Protection is lightning fast, runs well on older systems, and updates quickly with low system impact. You don’t have to believe us – independent tests prove it, and our customers back it up.

Better protection, better performance

Independent tests from AV-Comparatives show that Sophos has one of the best performance impact scores in the industry. Sophos customers back up those test results with real-world experience.

When the Lassen County Office of Education switched to Sophos Endpoint Protection, they saw noticeable performance improvements. “Prior to Sophos, a weekly virus scan would slow our PCs down to the point that it crushed our users’ productivity,” says Robert Talley, IT director for Lassen County. “But Sophos is such a light footprint that our users don’t even notice a lag when scanning is in progress.”

Our lightweight agent and small definition updates (typically about 30KB) mean that initial deployment, updates, and daily use are super-fast and produce minimal overhead. And you get great performance whether you’re on Windows, Mac, or Linux.

More reasons to choose Sophos Endpoint Protection

If you’re looking to switch to endpoint protection that’s simply better, we give you five big reasons why you should consider choosing Sophos Endpoint Protection.

Learn more about how you can secure your organization with protection that offers these benefits:

  • Innovative technology from an industry leader
  • Lighting performance that won’t slow your users down
  • Sophisticated simplicity – saves time and easy to manage
  • User-based licensing to accommodate a modern workforce
  • Flexible deployment – on-premise or in the cloud

You can read the original article here.

6

Mar

Corero Network Security, a leading provider of First Line of Defense security solutions against DDoS attacks, today announced enhancements to its SmartWall Threat Defense (TDS) System, now delivering adaptive, analytics-driven DDoS protection for superior network intelligence and infrastructure availability. By algorithmically detecting and defeating emerging DDoS attack vectors, Corero is providing network and security teams with a powerful tool to keep up with the evolving DDoS attack landscape. This enables organizations to better respond to events, protect their customers, and ensure maximum availability.

Corero is eliminating the need for human intervention in the event of a DDoS attack with the introduction of its powerful Smart-Rule and Flex-Rule filter technologies to analyze and filter malicious attack traffic, combined with automatic anomaly detection and rate-limiting. Attacks are blocked in real-time with a do-no-harm approach, allowing legitimate user traffic to flow unimpeded throughout the duration of the attack.

Smart-Rule Adaptive Filtering Technology

With its patent pending Smart-Rule adaptive filtering technology, Corero is enabling true automated detection and response in the face of newly detected DDoS attack vectors. The Smart-Rule leverages both heuristics and behavioral analysis to track, detect and mitigate attacks using patent- pending algorithms. It determines variances from normal behavior and subsequently applies specific and targeted filtering to block single as well as multi-vector attacks.

Flex-Rule On-Demand Countermeasures

Corero is also launching Flex-Rule on-demand countermeasures, arming its customers with a powerful ad hoc filtering capability to allow operators to identify and remove certain classes of DDoS attacks that are not easily mapped to a static protection rule. The SmartWall TDS uses the Flex-Rule with heuristics and closed loop policy allows the SmartWall TDS to quickly determine the nature of an attack and automatically create a countermeasure. This mechanism reduces overall operating expense by allowing operators to concentrate on other forms of security threats impacting the organization.

“This latest technology release supports customer demand for automatic mitigation, utilizing a closed loop system response to even the most sophisticated DDoS attacks,” said Dave Larson, CTO and Vice President, Product, Corero Network Security. “The SmartWall TDS inspects traffic at line rate, and as new DDoS attack techniques are identified, sophisticated analysis determines the need for customizing detection filters and blocking the attack immediately, vastly improving attack visibility, advanced threat protection and time to mitigation.”

Additional new features and benefits of the SmartWall TDS 8.07 include:

 

Alerting, Reporting and Heuristics:

Corero’s SecureWatch Analytics, a complementary tool to the Corero SmartWall TDS, now offers Splunk query capabilities to provide customizable DDoS identification filters for sophisticated alerting, reporting and attack mitigation. This heuristic approach automates defense capabilities and adapts to the evolving DDoS threat landscape, providing customers with advanced real-time protection. With these capabilities, hosting providers, service providers and online enterprises around the world leveraging Corero’s DDoS protection products and services can guarantee service availability and ensure business success.

Open Hybrid Cloud Signaling:

Corero’s open hybrid cloud signaling capabilities provide customers with a hybrid approach to their DDoS defense efforts by combining the benefits of Corero’s leading on-premises solution with the scale of cloud-based anti-DDoS technologies. The SmartWall TDS can connect to any cloud based anti-DDoS service that supports the API, closing the DDoS mitigation loop between cloud and on-premises defense. This enables businesses with an on-demand provider for back up services in the event of massive, volumetric DDoS attacks to initiate that service in a timely manner based on the attack visibility provided by the Corero SmartWall TDS on premises.

Scalability, Power and Performance:

The Corero SmartWall TDS remains the performance leader for in-line DDoS protection, offering the lowest power consumption and smallest footprint, with the highest throughput in defeating DDoS attacks. Capitalizing on the next generation DDoS protection architecture, the Corero SmartWall TDS scales to individual protection clusters supporting up to 160 Gbps of Internet throughput, managed through one centralized console. Customers worldwide are using the SmartWall TDS to protect themselves against the damaging impact of DDoS attacks, with some protecting more than 200 Gbps of peering bandwidth.

4

Mar

Τhe easiest Secure Web Gateway with the best protection is getting a lot faster and smarter… and soon! The team has been working hard over the last several months to deliver a new version of the Sophos Web Appliance so we’re very pleased to announce the roll-out of v4 will get underway at the end of March.

Version 4 brings some of your top requested enhancements:

  • Lightning Performance with limitless connections and 3-7x the performance on existing hardware
  • Added visibility with a new user activity snapshot and detailed timeline report
  • Granular controls over common social web applications like Facebook, Youtube, Twitter and more

Timing and Availability

As usual, existing Sophos Web Appliance customers get this upgrade at no extra charge which will be applied automatically to all Sophos Web Appliances (hardware and virtual) during their regular update window sometime during the first few weeks of April as the roll-out gets underway. No action is required to take advantage of this great new upgrade.

New customer orders shipping at the end of March will include the latest v4 release direct from the factory. If you’re an existing SWA customer and would like to get early access to a beta release of v4, feel free to contact us a swabeta@sophos.com.

Lightning Performance

With more traffic using HTTPS and more complex sites requesting high numbers of concurrent connections and holding them open persistently, proxy capacity and performance is increasingly important. In version 4 we’ve completely re-architected the proxy engine in the Sophos Web Appliance with a brand-new high-performance proxy that can deliver 3-7x the performance on existing hardware, with no limit on connections. It injects a whole new life into existing hardware or virtual appliance installations.

To get the latest sizing guidelines for the full line of hardware or virtual appliance instances, check our updated product technical specifications:

 

Added Visibility

For those looking for additional reporting, we’ve got some great new enhancements in that area as well. We’ve added a new Browse Summary by User Report that shows a user’s web activity over the course of a day, week, or month. It can be accessed easily from the User Report Section.

 

You also get a new detailed timeline report which allows you to dig deep into the details of what sites a user visited during certain time periods. If you get a complaint about someone surfing inappropriate content on a Friday afternoon, this report will help you identify exactly what sites they visited during a specific time period, including the number of hits to that site and the exact time. This new report is accessed from the “Search” section.

 

Granular Controls

One request we receive often from customers and partners is for control over features on popular social web applications like Facebook chat or games.

With version 4.1 following shortly on the heels of v4, we’re adding granular social web app controls to do exactly that. You’ll get a set of easy policy controls to disable unwanted features of popular social web applications like Facebook, LinkedIn, Twitter, YouTube and more. And you can apply these new controls to individual users or groups along with the rest of your policies.

Here’s a mockup of what that might look like:

 

More Information

If you’re new to the Sophos Web Appliance, check out our Secure Web Gateway solutions.

The release notes and documentation will be updated as soon as they are published towards the end of March.

As mentioned above, existing Sophos Web Appliance customers get this upgrade at no extra charge which will be applied automatically to all Sophos Web Appliances (hardware and virtual) during their regular update window sometime during the first few weeks of April as the roll-out gets underway. No action is required to take advantage of this great new upgrade.

If you’re an existing SWA customer and would like to get early access to a beta release of v4, feel free to contact us a swabeta@sophos.com.

You can read the original article here.

1

Mar

The security of mobile devices and the Internet of Things is surprisingly lax, especially compared to traditional desktops. James Lyne, global head of security research at Sophos, proved just how insecure these devices really are, in a presentation at the Mobile World Congress in Barcelona.

In his live demonstration, James demonstrated tricks that a modestly talented cybercriminal could use to compromise mobile devices and Internet-connected closed-circuit cameras (CCTV).

In our video below, you can watch James hack into an Android tablet over Wi-Fi to record video and audio, and see how insecure CCTV cameras that use weak or no passwords can be breached from the other side of the world.

As James predicts in his report on the top 10 security trends for 2015, IoT manufacturers have failed to implement basic security standards, and attacks on these devices are likely to have nasty real world impact.

And despite the vast quantities of data stored on our mobile devices, many users are unaware of the need for better security. Google’s Android is the market leader, but the majority of Android devices are running older versions that are insecure against the latest attacks.

“These problems are easy to fix. They require us to take the lessons we learned in the PC and apply them quickly – now,” James said.

Watch James’s fascinating presentation!

You can read the original article here.

25

Feb

Today’s endpoint protection needs to do much more than blocking known malware. Your endpoint solution needs to be intelligent enough to prevent attacks based on suspicious behaviors, and it should be able to detect and clean up infections when they do happen.

Sophos Endpoint Protection integrates a range of innovative technologies to secure your Windows, Mac and Linux systems against malware and advanced threats such as targeted attacks.

We know that it’s not possible to have 100% prevention, 100% of the time. That’s why Sophos Endpoint Protection includes next-gen features like Malicious Traffic Detection and the Sophos System Protector. By correlating suspicious behaviors with threat intelligence from SophosLabs, Sophos Endpoint Protection identifies attacks that have never been seen before, and protects users from every angle.

Malicious Traffic Detection

Malicious Traffic Detection, or MTD, prevents malware from carrying out certain behaviors to do its dirty job. Typically, when malware gets onto a computer the first thing it will do is communicate with an attacker’s server – to request additional instructions, to download more malware, and to send stolen data off to the attackers.

With MTD, we’re able to see when an infected computer is attempting to communicate outside the network in suspicious ways, to find and remove the malware on that machine.

As one example, MTD can detect if one of your endpoints is compromised by the ransomware called CryptoWall, which uses a secret encryption key to scramble all your files and connected drives and demands a ransom to get the key to unscramble them.

For CryptoWall to carry out its marching orders to encrypt your files, it needs to retrieve a key from the attacker’s server. MTD can detect CryptoWall’s “call home” to the bad guys’ server and prevents it from getting the encryption key.

Sophos Endpoint Protection then removes the malware to prevent future damage.

Sophos System Protector

Sophos Endpoint Protection has within it a whole bunch of different components, or sensors. It’s capable of scanning a file and seeing what its code does before it runs. It has a Host Intrusion Prevention System (HIPS) that looks for bad behaviors as the software is running. And it can detect malicious websites and exploit kits by looking for things like malicious javascript containing exploits.

With all these different ways of looking at a file to find out if it’s dangerous, there needs to be an intelligent way to bring all of the pieces together.

Sophos System Protector is the conductor of the orchestra – it coordinates the different activities, using threat intelligence from SophosLabs to make sense of the information we’re getting from all the different sensors.

More reasons to choose Sophos Endpoint Protection

If you’re looking to switch to endpoint protection that’s simply better, there are five big reasons why you should consider choosing Sophos Endpoint Protection.

Learn more about how you can secure your organization with protection that offers these benefits:

  • Innovative technology from an industry leader
  • Lighting performance that won’t slow your users down
  • Sophisticated simplicity – saves time and easy to manage
  • User-based licensing to accommodate a modern workforce
  • Flexible deployment – on-premise or in the cloud

You can read the original article here.

21

Feb

Ransomware, it’s everywhere. We had hoped that the notorious file-encrypting ransomware called CryptoLocker was defeated after law enforcement knocked out its infrastructure last year, but CryptoLocker and its close cousin CryptoWall have come back stronger than ever.

Ransomware is malware that prevents you from using your files or your computer, and then extorts money from you in exchange for a promise to unlock them.
We’d like to show you more about the newest kinds of ransomware, how they work, and what you as an organization or individual can do to stay safe.

Ransomware: a brief history

Ransomware and fake-antivirus have been around for many years, relying on social engineering to trick computer users into paying the cybercriminals, so their phony warnings claim, to avoid fines from police for supposed crimes, or to clean up “viruses” on their computers that don’t actually exist.

But CryptoLocker and CryptoWall – variations of the malware we sometimes call crypto-ransomware or cryptoware – don’t bother with that sort of trickery. The attackers tell victims up-front that their files have been encrypted by the crooks. Unless you pay for the encryption key held by the attackers, the crooks destroy the private encryption key, making it impossible to recover your files.

How it works

A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen. You can download our step-by-step infographic to learn about the stages of an attack, and get tips on staying safe.

Ransomware protection, prevention and mitigation

If you suspect you’ve been compromised by ransomware, you can remove the malware using our Free Virus Removal Tool. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack. We wouldn’t recommend paying the ransom – there’s no guarantee the criminals won’t up the ante, or that they’ll actually follow through on their promise to send you the keys to decrypt your files.

But it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal data. Recently, a sheriff’s office in Tennessee paid a ransom to CryptoWall cybercrooks, and other police departments and public sector organizations have done the same.

Really, the best defense is a proactive one: always back up all your files, and use anti-malware and anti-spam protections. To learn more about protecting your organization against ransomware attacks, download our free whitepaper, CryptoLocker, CryptoWall and Beyond: Mitigating the Rising Ransomware Threat.

This whitepaper explains:

  • A brief history of ransomware, from Winlockers to today’s crypto-ransomware
  • How ransomware works and why it is so dangerous
  • Specific recommendations that can dramatically reduce your vulnerability

The best ransomware defense: Next-generation protection from Sophos

Before ransomware can do its dirty work, it must contact a live command and control server. Next-generation firewalls such as the Sophos UTM can help block that. So can today’s best client anti-malware software. Our Next-Generation Enduser Protection offers Malicious Traffic Detection (MTD) that goes wherever you go, detecting and stopping malware when it connects to attackers’ servers.

Next-Generation Enduser Protection is the integration of Sophos’s innovative endpoint, mobile and encryption technologies to deliver better protection and simpler management.

To learn more about how to try it for free, visit sophos.com/ngeup.

You can read the original article here.

18

Feb

We’re pleased to announce that Sophos has been recognized with the AV-Test Best Usability 2014 Award! AV-Test regularly tests endpoint protection products, including the Windows component of our Endpoint Protection product, which we call Endpoint Security and Control. 

Across multiple tests in 2014, “Sophos Endpoint Security and Control excelled consistently and thus earned the 2014 Award in the category of Usability,” said Andreas Marx, CEO of AV-Test. 

Our tagline is “Security made simple,” and part of delivering on that statement is creating products that are highly usable for our customers. AV-Test Best Usability 2014 AwardWe also understand, though, that usability is only one reason why people choose Sophos. 

We’re leaders in the industry because we combine simplicity with ongoing innovation on the endpoint and, more broadly, in protection of end users across all devices and platforms

In addition to our AV-Test award, we’ve been recognized in the Leaders Quadrant of Gartner’s Magic Quadrant for Endpoint Protection Platforms for eight years in a row. Plus, we’ve been named as Champions in the Info-Tech Research Group’s 2014 Vendor Landscape: Endpoint Protection. Learn more about Endpoint Protection from Sophos.

You can read the original article here.

16

Feb

The expert product reviewers at AV-Test handed out awards for the best antivirus software for Android in January, and once again Sophos has aced the test with 100% malware detection. 

Our Free Antivirus and Security for Android (Sophos Mobile Security) accurately detected and blocked every one of the 2,950 samples of malicious Android apps used in the test – and without a single false positive. 

AV-Test recognized our app with a Protection Score of 6.0 (out of a possible score of 6.0), and we also garnered the highest rank of 6.0 in Usability. Our 100% malware detection rate beat out the antivirus products of other vendors including those from Symantec, Kaspersky and McAfee. 

In the Usability category, we passed with flying colors, thanks to app performance that didn’t slow down the device or reduce battery life. Tests also showed that our Android antivirus didn’t flag any legitimate apps (out of nearly 3,000 tested from Google Play and legitimate third-party app stores). Version 4.0 of Sophos Mobile Security also got perfect scores from AV-Test in November 2014. Check out the AV-Test review, and download the free app from Google Play.

About Sophos Mobile Security

Sophos Mobile Security is a robust yet lightweight app that protects your Android devices without compromising performance or battery life. Using up-to-the-minute intelligence from SophosLabs, it automatically scans apps as you install them. 

Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email. It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product

You can read the original article here.

9

Feb

Facial recognition technology has been around for many years – the fact that the vast majority of people have two ears, two eyes, a mouth and a nose, all appearing in pretty much the same location, makes basic recognition relatively straightforward.

Total accuracy, however, is much harder to come by – even us humans can only positively identify a subject from a photo 97.53% of the time. Certain groups have an interest in developing software that can match or exceed that level of accuracy though.

Law enforcement and other government agencies would, I’m sure, love to be able to identify suspects from photos and videos in an automated and unequivocal manner. Doing so is generally not so easy though – just this week police in the UK said its computerised system managed to match a mere 10 images to suspects in 18 months. By way of a contrast, when the force pulled in 90 human experts, almost 300 matches were made in just three days.

Other developers of automated facial recognition systems have had far more success though. A study by the Ohio State University last year demonstrated advances made in the technology that allowed for the identification of emotional states with an accuracy level ranging of between 76.9% and 96.9%, depending upon the complexity of the emotion.

More impressive than that, perhaps, is DeepFace – a software recognition system developed by Facebook. DeepFace is so accurate that there is barely a difference between its ability to identify a person and that of a real human being. The software’s algorithms are able to determine whether two different photographs feature the same person with an accuracy rate of 97.25%, regardless of the angle of the shot or the background lighting conditions.

So Facebook’s going to turn this technology on its 1.3 billion users and root out and quantify even more of the social connections implied by your photos, right? They say not. The social network plans to use the system to identify its users in new photos as they are uploaded. If your visage appears in one of the 400 million pictures added to the network each day you’ll receive an email from Facebook alerting you.

If you are not happy about appearing in your friends’ timelines – and it is only your friends that will see it – you’ll have the option to blur your face and retain your privacy. The picture elsewhere is not so clear though: we know Apple has patented its own facial recognition technology and Google employed an app in its now-defunct Glass device which could check those it viewed against sex offender and other criminal databases.

Perhaps unsurprisingly, governments in the US, UK, Germany, New Zealand and Switzerland, among others, have used the tech to identify criminals, enhance border controls and for other purposes.

While none of those uses may be of concern to you now, the future is less clear. As the underlying technology improves, new uses will be found, and we all know how slowly laws catch up with new tech and, when they do, the lawmakers often lack the expertise to legislate in ways that are meaningful to the general public. In the meantime, all we can do is look at each use of facial recognition as it comes along and take any action we feel is necessary – assuming we are able to control it in the first place.

In the case of Facebook and its photo tagging, we’ve already mentioned how likenesses can be blurred out on a case by case basis. Preventing the service from attempting to tag your photo in the first place is quite easy though: Going into your Facebook Settings and then selecting Timeline and Tagging. Under How can I manage tags people add and tagging suggestions there will be an option labelled Who sees tag suggestions when photos that look like you are uploaded? Simply change this to No One.

Readers in Europe will find that the above option is ‘Unavailable’ but don’t worry – the EU has different rules on Facebook tagging that mean your photos are safe, though the service appears to have been partially restored to allow tagging of US residents. If you are on Facebook and want to keep yourself informed about the latest news from the world of internet security and privacy, join the Sophos Facebook page where more than 250,000 people regularly discuss these issues and best practice. If you want to improve your privacy and security settings on the social network, check out our Facebook account tips.

You can read the original article here.

6

Feb

Array announced the second generation of the AVX10650 virtualized application delivery controller. Why is this important? It gives IaaS providers unprecedented flexibility to support multiple customers while managing just one appliance (or two, for high availability). Or, enterprises can support multiple applications, user types, etc. – again, with just one appliance (or two). 

And unlike other ADC products marketed as ‘multi-tenant,’ AVX10650 instances do not share physical resources. They’re fully independent – each with its own I/O, CPU, SSL card and memory – so there’s no resource contention to drive down performance (and user experience). This is a multi-tenant, virtualized ADC solution that truly offers multiple benefits for IaaS providers and enterprises. 

It offers four different basic configurations, from entry-level basic ADC for up to 32 vAPV instances, to the high-performance large configuration supporting four vAPV instances per appliance and 28Gbps guaranteed throughput per instance. It combines the flexibility of a virtual ADC, with the rock-solid, high-horsepower performance of a physical ADC – more than 2K transactions per second (TPS) for 2048-bit SSL even at the entry level, and up to 17K SSL TPS (2048-bit) in the ‘large’ configuration. 

You can buy just what you need today, and ‘pay as you grow.’ For example, if you determine you need a medium ADC configuration (16 vAPV instances per appliance), you can purchase one quarter, half, three quarters or full capacity (that’s 4, 8, 12 or 16 instances in this case). If an AVX10650 is purchased at less than full capacity, you can upgrade at any time. 

With the AVX10650 virtualized ADC you’re not racking and stacking multiple ADCs to support multiple customers, applications or communities of interest – nor do you have the associated management, power and space headaches. And it provides hardware-based SSL throughput that virtual ADCs can only dream of. Find out more about the next-generation AVX10650 in the press release or datasheet.

 

You can read the original article here.

 

3

Feb

In virtualized environments, SSL/TLS data encryption is commonly used to secure mission-critical and sensitive data as it transits to remote users and shared networks. Virtual application delivery controllers (ADCs) are also frequently deployed to provide SSL offloading from servers (reducing their load and thus improving performance) as well as application acceleration, load balancing across links, servers and global data centers, and Web/application security. 

However, SSL/TLS offloading in a virtualized environment presents several key hurdles for virtual ADCs: Software-based performance is typically much lower than that of hardware-based (i.e. dedicated) ADC appliances – and if other virtual machines are sharing the same CPU, resource contention can further reduce performance.

Also, to be effective, the ADC must be able to gain the information needed (from clear text) for intelligent application routing, filtering and/or server persistence – and this requires even more processing power. Scaling can also be problematic. Sure, you can throw more virtual ADCs into the mix, but it will add both cost and setup/management complexity to the equation. 

When you need to ensure SSL/TLS performance through SSL offloading, and scaling is also a concern, consider a hybrid virtual/dedicated model. This model combines the flexibility and low cost of virtual ADCs with the raw horsepower of our dedicated APV Series appliances – which can support up to 4 million SSL/TLS connections/sections and up to 25 Gbps encrypted data throughput per unit. 

See our SSL Offloading and Acceleration in Virtualized Environments white paper for a complete description of how the hybrid virtual/dedicated model works, key features, key benefits and more. 

 

You can read the original article here.

1

Feb

The more customers you host in your data center, the better, right?  Of course, that means more revenue.  And if those customers are in multiple industry verticals, even better, correct?  Supporting a variety of customer types protects  against revenue fluctuations if rough economic times affect a certain vertical and not the others.  But here’s the rub. 

Hosting a diverse set of customers in your data center is a double-edged sword.  The financial benefits  of an expansive customer set are irrefutable. 

However, the flip side of serving a diverse clientele is the increased exposure to becoming a victim of DDoS attacks. 

A DDoS attack on a hosting data center has many repercussions:

  • A DDoS attack on just one hosted customer can create a data center wide outage and major collateral damage for the rest of your customers
  • A compromised hosted server in your data center can be used as a powerful botnet attack source and negatively impact your reputation
  • Any degradation of service availability or outage will cost you revenue

The very success of customer growth makes you susceptible and vulnerable.  It goes without saying that the resulting damage can be costly data center downtime, customer attrition, and a damaged brand.  Thankfully, there are solutions that can help can help you to protect yourself, and your customers from DDoS attacks:

  • Deploying DDoS mitigation on-premises
  • Ensuring real-time detection, alerting and mitigation
  • Gaining greater visibility into traffic in and out of your data center

I invite you to keep checking back on additional posts that will elaborate on each leg of this 3-legged stool and provide detail on how hosting providers can:

  • Protect critical data center infrastructure from DDoS attacks in real-time
  • Ensure service availability and SLA’s are met, even under DDoS attack
  • Offer value added security insight and protection to your hosted customers

Hosting providers, let’s be proactive in securing you and your customers in the face of DDoS attacks. Corero has the solution.

You can read the original article here.

30

Jan

In the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.

The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.

Many Sophos products do not use Linux, or the glibc software at the heart of the vulnerability, and are therefore unaffected. This includes Sophos Endpoint Protection (Antivirus) for Windows, Mac and Unix; Secure Email Gateway; PureMessage for Microsoft Exchange; Mobile Control and likely others that we are still verifying.

However, Sophos UTM, Sophos UTM Manager (SUM), Secure Web Gateway, Sophos Secure OS for AWS, the Sophos Cloud management infrastructure, and the SAV for vShield virtual appliance are all built on the Linux platform and include the glibc software that is responsible for the vulnerability.

The extent to which this vulnerability can be exploited varies from product to product. In all cases, the product teams are working quickly to update vulnerable software. For information about update availability, see this knowledgebase article. The new Up2Date package for Sophos UTM 9.3 introduces several fixes to our current UTM platform, including an update for glibc to fix potential vulnerability (GHOST, CVE-2015-0235). Please read the article here.

Our products that customers install and run on their own installations of Linux (e.g., SAV for Linux, PureMessage for Unix) are not believed to introduce a vulnerability. However, the customer’s underlying Linux system may be vulnerable. Customers are encouraged to test and install vendor-supplied security patches for their Linux distributions to protect against GHOST and other vulnerabilities.

SophosLabs is monitoring for methods and attacks targeting this vulnerability and will use the full capabilities of our product line to deliver protection for customers.

Please see this knowledgebase article for the latest information on which products and versions are affected and what, if any, actions are required for customers to remain secure. To learn more about the GHOST vulnerability, read the excellent write-up on Naked Security.

You can read the original article here.

29

Jan

It’s an honor to announce that we have been positioned as a Leader in Forrester Research, Inc.’s new report, The Forrester Wave: Endpoint Encryption, Q1 2015. We think this is strong validation that Sophos SafeGuard Enterprise Encryption 7 is among the very best encryption products available on the market today.

According to the report, “Sophos was the breakout star in this Forrester Wave evaluation, touting strong hardware-based encryption support, external media encryption policy flexibility, and file-level encryption functionality.” What’s especially rewarding about our position as a Leader is that we believe it shows how our entire company contributes to our success, including our engineering, product management, sales and customer support teams.

What Forrester is saying about us

Forrester states that “security and operations admins will appreciate Sophos’ deep policy granularity and deployment flexibility in a variety of environments and use cases.” Forrester also found that our “user support offerings and ease of deployment were consistently rated as exemplary by customers.

Forrester evaluated vendors against 52 criteria grouped into three categories:

Current offering: examines the strength of each vendor’s product offering.
Strategy: critiques the viability and execution of a company’s strategy, including its market experience, future vision, integration strategy, global presence and engineering staff.
Market presence: metrics include install base, revenue and partner ecosystem.

Sophos earned the top rank in the Current Offering category, including the highest scores in the sub-categories “endpoint full-dish/volume encryption,” “file/folder encryption” and “external media encryption.

We had the second highest overall score in the Market Presence category, with the top scores in the subcategories “technology partners” and “financial viability.
And we also rank second overall in the Strategy category.

Why you need endpoint encryption now more than ever

In addition to evaluating vendors, Forrester’s report examines the critical need for organizations to implement endpoint encryption. Forrester cites the explosion of consumer devices and services that are blurring the lines between work and personal lives as a primary reason why organizations need to endpoint encryption solutions. Meanwhile, a lack of endpoint encryption increases the risk that a data leak or compliance breach event will occur.

The report also states that endpoint encryption offers significant benefits beyond compliance. Security and risk professionals should view endpoint encryption “not merely as a compliance ‘check box,’ but as an essential tool in their arsenal of data protection,” according to Forrester.

To learn more, download a complimentary copy of The Forrester Wave: Endpoint Encryption, Q1 2015 report. (Registration is required).

More recognition for Sophos SafeGuard Encryption 7

Sophos SafeGuard Encryption 7 protects data on multiple devices and operating systems. Whether that data resides on a laptop, a mobile device, or in the cloud, Sophos SafeGuard Encryption 7 is built to match your workflow and processes without slowing down productivity.

In addition to our position as a Leader in The Forrester Wave: Endpoint Encryption, Sophos SafeGuard Encryption 7 has earned Sophos a spot in the Leaders Quadrant of the Gartner Magic Quadrant for Mobile Data Protection for six years in a row. Sophos SafeGuard Encryption 7 was also recognized in 2014 with the TechTarget Readers’ Choice Award for the best encryption solution.

You can read the original article here.

27

Jan

Sophos announced it has been positioned by Gartner, Inc., in the “Leaders” quadrant of Gartner’s “Magic Quadrant for Endpoint Protection Platforms” for the eighth consecutive year.

Gartner identifies four primary stages in the security lifecycle: setting policy, prevention, detection and remediation, and evaluated EPP vendors based on whether the features their solutions offer address these four stages.

According to the report, “the rise of the targeted attack is shredding what is left of the anti-malware market’s stubborn commitment to reactive protection techniques. Improving the malware signature distribution system or adapting behavior detection to account for the latest attack styles will not improve the effectiveness rates against targeted attacks … to be successful going forward, EPP solutions must be more proactive and focus on the entire security life cycle.”

Sophos believes the company’s Project Galileo product strategy of integrating innovative next-generation enduser, server and network protection technologies will further its leadership in this market.

The combination will enable complete, simple-to-manage security that works effectively as a system, in contrast to the the complex, disjointed layers of protection so many businesses wrestle with today.

We’re continuing to build on our reputation for producing effective, simple-to-use security solutions by introducing next-generation technology that protects customers even better,” said Dan Schiappa, SVP and GM of the Sophos Enduser Security Group. “We believe Gartner’s continued placement of Sophos in the Leaders quadrant for Endpoint Protection Platforms is validation of our innovative strategy and our ability to deliver on that strategy.

Sophos continues to innovate on the endpoint and, more broadly, in protection of the entire end user, across devices and platforms. The company will soon be launching Next-Generation Enduser Protection aimed at defending customers from sophisticated threats such as Vawtrak, an effective and widespread botnet recently profiled by SophosLabs.

Next-Generation Enduser Protection is where the industry needs to head,” adds Schiappa. “And Sophos is one of a very few companies worldwide that have the breadth of solutions and the depth of knowledge and expertise to be able to drive this massive and necessary evolution in our industry.”

You can read the original article here.

26

Jan

Enterprises and organizations throughout the EU are facing major challenges in handling personal data as the EU Council are expected to pass the General Data Protection Regulation (GDPR). The GDPR, that will automatically translate into national legislation and introduces dramatic changes with regards to how personal data should be collected, stored, accessed and utilized and how companies are obliged to respond in the event of a data breach.

One of the most dramatic consequences of the new legislation is that companies can be fined up to €100 million or two-five percent of their global turnover – in the event of a data breach of personal data. In addition, companies are required to inform authorities about a data breach within 72 hours and to inform users – paying or otherwise – of data breaches without any delay. The regulation also requires organizations with more than 250 employees to have a Data Protection Officer in place, who is responsible for ensuring compliance.

With the GDPR coming into effect it’s becoming crucial for any organization to have an efficient process in place to provide detailed documentation of data breaches. The requirements mean that the organization must be able to swiftly identify the breach and document the extent of the leakage. This calls for new security and data protection policies as well as new roles and responsibilities within an organization, but it also calls for new efficient tools like the LogPoint Security Information and Event Management system”, says Jesper Zerlang, CEO of LogPoint.

LogPoint enables enterprises and organizations to proactively monitor their networks and identify security threats in real-time to prevent cyber attacks and fulfil their compliance requirements, including the GDRP. LogPoint is flexible, scalable and hardware independent and very easy to integrate with log-sources from a multitude of systems, ranging from network equipment and storage devices to operating systems and applications. LogPoint collects logs and extracts and stores key events in encrypted format in cutting edge NoSQL – and carries out lightning fast searches using Big Data technologies. LogPoint provides instant overview of activities in the enterprise network and documents all transactions meticulously.

In the event of a data breach, LogPoint ensures logs, enabling you to get a complete overview of what exactly has been accessed, allowing you to swiftly inform regulators. Further, by utilizing LogPoint you can set up reports, which prove compliance and assist auditors. Preparation is key. Implementation of the General Data Protection Regulation may seem far away, yet experience shows that considering the actual review of the organizational setup as well as potential system upgrades, process changes and new implementations, starting the process now would not be a day too soon“, says Jesper Zerlang.

The European Data Protection Regulation is to replace the Data Protection Directive of 1995, which was created to regulate the progression of personal data within the European Union. Officially known as the Directive 95/46/EC the legislation is part of the EU privacy and human rights law. The aim of the new European Data Protection Regulation is to modernize the legislation and harmonise the current data protection laws in place across the EU member states. The fact that it is a “regulation” instead of a “directive” means it will be directly applicable to all EU member states without a need for national implementing legislation.

It is of crucial importance that organizations seriously consider how to ensure compliance to the GDPR now. The effects of non-compliance are severe financial penalties, lawsuits and potentially reputational damage beyond repair. We are starting to see CEO’s and boards take an interest in cybersecurity and data protection compliance, but it’s still surprisingly low ranking on the strategic agenda in European enterprises and organizations, considering the dire consequences that a major data breach could have”, says Jesper Zerlang.

According to Gartner Group, the cybersecurity and SIEM-markets are currently experiencing double-digit growth. LogPoint is one of the leading European providers of Security Information and Event Management (SIEM) solutions. Combining Scandinavian simplicity and European detail, the LogPoint technology surpasses compliance demands, defends against cybercrime and fraud and facilitates network optimization. Headquartered in Copenhagen and with offices in Sweden, Germany, France and the UK, LogPoint serves hundreds of organisations in a dozen European countries.

You can read the original article here.