News
Today, we’re pleased to introduce updates to our Endpoint Protection,SafeGuard Encryption and Mobile Encryption products that deliver on our vision of Next-Generation Enduser Protection (NGEUP).
NGEUP provides more effective and simpler-to-manage security for enduser devices and data by integrating innovative endpoint, mobile and encryption technologies. It is a stepping stone to achieving our Project Galileo vision of next-generation enduser, server and network technologies all working together as a unified, cloud-managed security system.
Underlying NGEUP — and our entire product strategy — is a core set of three principles:
- Security must be comprehensive.
- Security can be made simple.
- Security is more effective as a system.
The first next-generation feature released on the endpoint is Malicious Traffic Detection, which catches compromised computers in the act of communicating with attackers’ command and control servers.
Similar technology available in next-generation firewalls (including theSophos UTM) can alert administrators to the presence of a compromised system on the network. But because we integrate the feature into the endpoint, we can go further by detecting a compromise on or off the network, identifying the specific malicious file, and cleaning up the infection. For customers, this means better detection rates and less time investigating and manually cleaning compromised systems.
Also released is the new Sophos System Protector, which is the “brain” of our updated endpoint agent. It correlates information from the Malicious Traffic Detector and other components to identify threats that might not be deemed “bad” by any one component on its own. This results in better protection against advanced threats, with fewer false positives.
SafeGuard Encryption 7 brings a number of small but important updates aimed at improving the product’s performance, stability and user experience. SafeGuard Encryption provides complete data protection across multiple platforms & devices, securing data and empowering people to work and collaborate safely without slowing them down. Version 7.0 is now available for download for existing SafeGuard customers.
Sophos Mobile Encryption (SME) 3 makes it possible to create and view encrypted documents and to manage multiple encryption keys from right within the app. SME integrates with Sophos Mobile Control for centralized management and with SafeGuard Encryption for access to your encrypted documents everywhere. SME ensures that users’ mobile data is protected, no matter where the user goes – to ensure that data protection doesn’t end at the office door.
Existing customers of Sophos Cloud Enduser Protection or Sophos Cloud Endpoint Protection Advanced can expect to receive the updates automatically in the next couple weeks, if they haven’t already. The new endpoint features will make their way to our on-premise Endpoint Protection Advanced and Enduser Protection Bundles as part of an update to Sophos Enterprise Console planned for the first half of 2015.
SafeGuard Encryption customers can download version 7 from their My Sophos accounts. Sophos Mobile Encryption 3 is available in the Apple iTunes App Store and the Google Play Store.
Learn more about our Next-Gen Enduser Protection Bundles, or get started now with a free trial.
You can read the original article here.
Lots of customers are looking to switch from big security vendors like Symantec, McAfee, and Kaspersky to Sophos – and it’s easy to see why.
Here are four reasons :
Better performance. Independent test results from AV-Comparatives show how Sophos blows away the competition with the lowest impact score of any vendor.
Better protection. Sophos cloud-based threat intelligence keeps customers protected from the latest threats – in real time.
More compatible. Complete coverage for Windows, Macs, and mobile devices.
More flexible. Deployed on-premise or in the cloud. User-based pricing allows you to add devices at no extra charge.
Better Performance
Better Protection
More Compatible
Sophos vs. the Other Guys
If you are relying on an endpoint solution from Symantec, McAfee, or Kaspersky, it’s time to switch to an endpoint protection that’s faster, with more complete protection, compatibility, and flexibility.
Sophos Endpoint Protection is security that does everything better. Find out more about how easy Sophos beats the other guys.
If you Innovation is the one constant in the security industry, as both hackers and vendors try to outrace each other. Security vendors have always been trying to find the “silver bullet” technology that was going to provide the best possible protection – antivirus, HIPS, application control, sandboxing.
This first generation of security innovation has been great, and each technology has offered key advantages. But in order to protect against increasing complex attacks, it’s going to require new thinking. Next-generation endpoint protection is a leapfrog step in security if it’s delivered as an integrated system, not a collection of point products.
This past May, Sophos announced Project Galileo to address the long-standing problem of security that fails to meet the needs of today’s businesses. We believe security needs to be comprehensive, simple to manage, and work effectively as a system to provide better protection and an unmatched user experience. People don’t want more data; they want more automation—security that thinks for itself, far faster than humans can.
One of the foundational parts of Project Galileo is what we are doing in Next-Generation Enduser Protection. We call it “Enduser” because we believe security needs to be user-based, not device-based. Users have laptops, desktops, mobile phones and tablets they interact with.
The definition of Enduser also includes the user’s data, which needs to be encrypted because, while our primary objective is prevention of malware, when something malicious does find a vulnerability, the data should be unusable to the hackers.
There seems to be a lot of other companies leveraging the term “next-generation,” so to help clarify, here is what we believe Next-Generation Enduser Protection is and is not.
Next-Generation Enduser Protection is:
• Ιntegration of innovative endpoint, mobile and encryption technologies to deliver better, simple-to-manage security for enduser devices and data
• A comprehensive system of security technologies that communicate with each other to deliver far higher levels of protection
• Real-time malware prevention, compromise detection, remediation, and data encryption
• Investment protection through leveraging and extending existing technologies
Next-Generation Enduser Protection is NOT:
• An individual point product that believes it can replace a security system
• Thousands of logs, alerts, and events that humans have to manually sift through to find correlations and issues weeks and months after they occur
• A dashboard that can display dozens or hundreds of non-integrated technologies
• Networking companies that think perimeter-based security with a supplemental endpoint agent is enough to provide complete enduser protection
• More agents that you have to deploy to your devices
• Limited to a specific type of device or platform
• Focused just on the threat and not on the data that needs to be encrypted and protected
Next-Generation Enduser Protection is where the industry needs to head, and very few companies have the breadth or depth to be able to get there. Check out this blog on Jan 20, 2015 to see what true Next-Generation Enduser Protection looks like.
For more information, contact one of our partners.
Read the original article, here.
If you haven’t heard about it by now, it’s time you learned more about the upcoming EU Data Protection Regulation, which applies to anyone collecting data on European Union citizens. What does the regulation say about your responsibilities to protect personal data? Here are five things you need to know about the regulation and what you need to do to get compliant.
1. The EU is currently finalizing the new Data Protection Regulation and it will likely become law this year.
The European Parliament voted in favor of the proposed regulation by an overwhelming majority in March 2014. The regulation still needs to go through further steps before it becomes law. However, based on the near-unanimous support so far, it is widely anticipated that it will be adopted in 2015.
2. Everyone who holds data on European citizens is affected, even if you’re not located in the EU.
The proposed legislation will require everyone who holds data on European citizens to implement appropriate security measures to protect the data, and have a clear data protection policy. That data may include names, photos, email addresses, bank details, posts on social networks, medical information or a computer’s IP address.
If you do business with customers in Europe, that means you need to comply!
3. Fines for non-compliance could cost millions.
Under the proposed legislation, if you suffer a breach of personal data you can incur fines of up to €100 million or 5% annual turnover. Plus you will have to notify affected customers of the breach, with all the associated costs and loss of reputation.
4. Encryption is the best way to secure personal data.
Encryption is widely agreed to be the best data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.
If you can show that the personal data was encrypted, the likelihood of being fined as a result of a breach should be very greatly reduced, and you don’t need to notify affected customers about the breach.
5. Lots of businesses aren’t ready yet, but you can reduce your compliance risk.
Take our 60-second compliance check to see if you are at risk from the proposed regulation – plus, learn how to secure your data and avoid breaches. Download our free whitepaper and sample data protection policy to get started, and visit our resources page to see how Sophos can help.
Read the original article, here.
LogPoint, a European provider of Security Information and Event Management (SIEM) solutions, today announced that it joined the EMC Business Partner Program for Technology Connect Partners and has successfully completed API compatibility requirements for interoperability with the EMC VNX storage platform.
LogPoint is a rapidly growing cyber-security vendor and a leading European provider of Security Information and Event Management (SIEM) solutions. LogPoint enables enterprises to proactively monitor their networks and identify security threats in real-time to prevent cyber-attacks and fulfil their compliance requirements.
LogPoint has integrated logs directly from the EMC VNX storage platform into the LogPoint SIEM platform. The integration will enable LogPoint to integrate VNX audit events into LogPoint, enhancing the real-time overview of the enterprise network environment by forwarding critical events on storage platforms to the LogPoint SIEM-solution. LogPoint views its integration as a key advancement in the efforts to put LogPoint at the heart of major network environments.
“LogPoint’s integration of EMC VNX logs is an important part of the continuous evolution of the LogPoint platform as we continue to integrate a wealth of log sources into the platform. It’s a feature which is very much in demand, especially by large organizations in the public sector that are handling massive amounts of sensitive data and has large number of users, and are relying on the superior performance of the Big Data based LogPoint-platform”, says Christian Have, Vice President, Solution and Integration at LogPoint.
According to Gartner Group, the cybersecurity and SIEM-markets are currently experiencing double-digit growth. An efficient SIEM-solution will not only aid in the timely detection of cyber threats, but it is also a key tool in the ever-important process of network optimisation. In addition, the implementation of a SIEM-solution to monitor and document network traffic is increasingly becoming a compliance requirement in Auditing guidelines, company policies and quality standards such as ISO 27001 that has now become a requirement for public organizations throughout the world.
LogPoint is one of the leading European providers of SIEM solutions. Combining Scandinavian simplicity and European detail, the LogPoint technology surpasses compliance demands and defends against cybercrime and fraud. Headquartered in Copenhagen and with offices in Sweden, Germany, France and the UK, LogPoint serves hundreds of organisations in a dozen European countries.
Read the original article, here.
The European Banking Authority (EBA), the EU body tasked with supervising and regulating the banking sector, has issued a new set of guidelines on the security of internet payments. Among much else, the new instructions [PDF] seem to require payment service providers (PSPs) to ensure two-factor authentication (2FA) is used to verify the identity and intentions of all customers in online transactions. The EBA started work on the guidelines in October, launching a consultation period to gather the input of the banks and other bodies involved in online money transfers. The main target of the guidance are the PSPs, the companies who sit between websites and banks to facilitate money transfers – the likes of PayPal and SagePay will be familiar to many, and security-watchers will surely recognise names like Heartland and WorldPay.
The responses from the PSPs leaned heavily towards not issuing the guidelines, with most respondents preferring to wait for beefier regulation in the upcoming revision of the EU’s Payment Services Directive (PSD2). However with PSD2 not expected to come into force until 2016 or 2017, the EBA opted to release its own guidance early to ensure customers get the best protection possible in what are seen to be highly dangerous times for anyone buying or selling online.
The bulk of the guidelines deal with the nitty-gritty of securing payments, detailing things like risk assessment, traceability and incident reporting. There’s a heavy customer focus too though, with plenty of guidance on what information and advice should be provided to customers.
The most interesting part comes in section 7 of the guidelines, which requires, with some minor room for maneuver, the use of “strong customer authentication”:
The initiation of internet payments, as well as access to sensitive payment data, should be protected by strong customer authentication. PSPs should have a strong customer authentication procedure in line with the definition provided in these guidelines.
Early in the document the phrase “strong customer authentication” is defined as follows:
Strong customer authentication is, for the purpose of these guidelines, a procedure based on the use of two or more of the following elements – categorised as knowledge, ownership and inherence: i) something only the user knows, e.g. static password, code, personal identification number; ii) something only the user possesses, e.g. token, smart card, mobile phone; iii) something the user is, e.g. biometric characteristic, such as a fingerprint. In addition, the elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the internet. The strong authentication procedure should be designed in such a way as to protect the confidentiality of the authentication data.
So by the sounds of it, the EBA is basically committing PSPs to introducing full and proper 2FA to all regular online transactions.
With the guidelines due to come into force in August of 2015, that really doesn’t leave much time for a major step forward in the levels of security implemented by most sites and services. And it’s not so surprising that the consultation period met so much resistance from those tasked with getting this all in place.
Of course these are just “guidelines”, but they should have some teeth. At the very least, they will put the idea of strong security everywhere firmly in the minds of the people building the back-end payment systems which underpin so much of what we do online. That should mean a considerably safer future for all of us, although it remains to be seen whether it will really arrive by next August.
Read the original article, here.
The weeks leading up to Christmas are the busiest for the retail industry all year, which makes this a really opportune time for cybercriminals to break in and steal credit card and other personal data from all those online and in-store shoppers. Recently we surveyed a bunch of IT professionals at UK retailers and found that many of them are concerned they won’t be prepared for attacks against them. Well, we’ve got some simple security advice that retail businesses of any size and anywhere in the world can follow to keep this season a merry one. Here are the top 6 retail threats, and what to do about them.
1. Targeted attacks: The cybercriminals need to break into your network to steal all the valuable customer data you’re storing. A common way in is to aim some credible emails at a specific area of the organization. This might be invoices or undelivered courier items for office management.
Action: Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types. In addition, train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behavior to IT.
2. Legitimate looking sites rigged with exploit kits: Exploit kits work out in real time how to “crack” a PC. These automated kits find a weakness – an unpatched vulnerability in something like your browser or media player – and infect your computer with drive-by downloads.
Action: Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. And install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.
3. Access all areas: Once they’re on the inside, the crooks want to move around your network so they can capture more than just one hapless user’s passwords and confidential files. They want access to your back-end databases, your point-of-sale (PoS) network, your testing network (which may have temporary copies of live programs and data that isn’t as secure as it should be, or have deliberately unpatched servers for troubleshooting), and more.
Action: Consider segregating your networks with next-gen firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside.” And put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in with data loss prevention (DLP), but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out. Finally, implement full-disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.
4. Remote access: You may want or need to allow remote access, maybe even for a third party, for example the vendor of your PoS system. Many breaches happen due to slovenly password practices by outside vendors. You can just ask Target!
Action: Consider implementing your own remote access service using a virtual private network (VPN) and requiring everyone to use two-factor authentication. Do a review of your purchase requirements and vendors with your procurement team if you have a more sizeable infrastructure.
5. Automated malware: If the crooks get in and leave behind malware to automate their dirty work, that malware is often programmed to keep “calling home” to one or more command-and-control servers to fetch further instructions and to exfiltrate (sneak out) what it has found since last time.
Action: Consider web filtering and a next-gen firewall with command-and-control traffic detection. This isn’t as good as blocking the malware before it runs, but it can neutralize (and will draw attention to) malware that would otherwise make off with your crown jewels. Numerous breaches this year would have been detected and thwarted far sooner with this in place.
6. Unnecessary software: Crooks love servers that have more applications and add-on software than needed because it gives them more tricks to try when they are attempting to break in using command injections (getting the server to run the wrong command). Servers don’t usually need Microsoft Office, for example, so why have it at all?
Action: Use Application Control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit. Periodic reviews of builds and expected configuration will also help drift or organic changes leaving you open at some point in the future.
How Sophos UTM can protect your retail business
Sophos UTM (Unified Threat Management) provides the ultimate protection against web, email and network attacks. Spec it as an all-in-one or a bespoke, layered solution with our modular security subscriptions.
Deployment is easy – as a single physical or virtual appliance, or even through the cloud. Reporting is built-in, and you can manage everything through one, intuitive console.
And Sophos UTM gives you lightning-fast performance that beats the competition in independent tests.
Read the original article, here.
Back in June 2013, we announced the End of Life date for ASG V8 as December 31, 2014. This date has now been moved out to March 31, 2015. This gives us sufficient time to ensure that all customers and partners are informed accordingly and migrate all existing V8 customers to V9. If you are not running any Astaro Security Gateway Version 8 installations, you are unaffected by this announcement and can disregard it. If you still maintain an active ASG V8, it is important that you read on for what this end-of-life means for you. You have the opportunity to migrate to UTM 9 – our most powerful version ever. Some older appliances may not be able to fully take advantage of all our new features introduced in UTM 9, like our unmatched HTML5 clientless VPN portal, Endpoint Protection with Web Control (9.1), Wireless Security, and hundreds of other features that have been introduced and upgraded since ASG V8. You can obtain a brand new appliance model at a discount via our Hardware Refresh Program! Read on for more details.
On March 31, 2015, we will conclude all maintenance, security patching, pattern updates, firmware updates and technical support for Astaro Security Gateway (ASG) Version 8. Before this date occurs, you should migrate to the latest stable version of Sophos UTM 9 for which we issue security fixes and provide ongoing protection for your company. To be clear: For a secure, supported version of our product, you need to take steps to move from ASG V8 to UTM 9+ before March 31, 2015.
Customers with an existing valid license and maintenance for ASG V8 have various options for upgrading to a newer version. For a complete list of current options, pricing, and any other questions you have, contact your partner or sales representative who will be happy to assist you in moving to a newer version. Remember, there is a special opportunity to obtain a new appliance model at a discounted price via our Hardware Refresh Program which gives you access to our latest appliance models at a reduced cost for being a loyal customer.
Regardless of if you run ASG V8 on hardware or software, you may need to upgrade your license via MyAstaro to our new “on-demand” licensing system which changed during the lifetime of ASG V8. This is easily done with a button press – just login and upgrade your key so it will work with UTM 9. From there, you can restore your backup file from ASG V8 into UTM 9. You may have to adjust some areas which have changed between versions, but things will look instantly familiar (just with many more cool abilities).
Hardware
Supported hardware appliances running V8.309+, can use the option on the Up2Date menu in WebAdmin to one-touch-upgrade to UTM 9. This brings you to UTM 9 automatically, but requires further Up2Dates after the migration is complete to be at the most current version. You can also install UTM 9 via ISO image and then restore a backup file.
Software
Installations running an ASG V8 software appliance on their own hardware need to install an updated version and then restore a backup file of their configuration, which will apply all your settings except for log files and on-box reports. Logs can be exported in bulk from within the WebAdmin beforehand, while reports will begin anew on your updated platform as existing ones will be purged.
Read the original article, here but we will update soon.
After a year of big data breaches like Home Depot and Sony, and widespread security vulnerabilities in our shared software, which spawned the likes of Heartbleed and Shellshock, it’s easy to predict that cyber security will be a hot topic in 2015. Our new Security Threat Trends 2015 report investigates the biggest security risks on the horizon and explains the real-world impact of evolving threats on businesses and consumers. Here are the 10 things we believe will have the biggest impact on security in 2015 and beyond.
1. Exploit mitigations reduce the number of useful vulnerabilities.
Cybercriminals have for years feasted on Microsoft Windows. Fortunately, Microsoft has invested in exploit mitigations, which makes writing attack code more difficult. As the difficulty of exploitation increases, some attackers are moving back to social engineering and we also see attackers focusing on non-Microsoft platforms.
2. Internet of Things attacks move from proof-of-concept to mainstream risks.
In 2014 we’ve seen more evidence that manufacturers of Internet of Things (IoT) devices have failed to implement basic security standards, so attacks on these devices are likely to have nasty real world impact. The security industry needs to evolve to deal with these devices.
3. Encryption becomes standard, but not everyone is happy about it.
With growing awareness of security and privacy concerns due to revelations of intelligence agency spying and newsworthy data breaches, encryption is finally becoming more of a default. Certain organizations like law enforcement and intelligence agencies are unhappy about it, under the belief that it will adversely impact safety.
4. More major flaws in widely-used software that had escaped notice by the security industry over the past 15 years.
From Heartbleed to Shellshock, it became evident that there are significant pieces of insecure code used in a large number of our computer systems today. The events of 2014 have boosted the cybercriminals’ interest in typically less-considered software and systems for the years to come – so you should be preparing your response strategy.
5. Regulatory landscape forces greater disclosure and liability, particularly in Europe.
The law moves slowly compared to the technology and security fields, but massive regulatory changes that have been a long time coming are nearly here. It is likely these changes will trigger consideration of more progressive data protection regulation in other jurisdictions.
6. Attackers increase focus on mobile payment systems, but stick more to traditional payment fraud for a while.
Mobile payment systems were the talk of 2014 after Apple stormed ahead with Apple Pay. Cybercriminals will be looking for flaws in these systems, but the present designs have several positive security features. Expect cybercriminals to continue abusing traditional credit and debit cards for a significant period of time as they are the easier target for now.
7. Global skills gap continues to increase, with incident response and education a key focus.
As technology becomes more integrated in our daily lives and a supporting pillar of the global economy, the cybersecurity skills shortage is becoming more critical and broadly recognized by governments and industry. This gap is growing larger with some governments forecasting that they will need until 2030 to meet the present demand for security professionals.
8. Attack services and exploit kits arise for mobile (and other) platforms.
The last few years of cybercrime have been hallmarked by the rise of products and services to make hacking and exploitation point-and-click easy. With mobile platforms being so popular (and increasingly holding juicy data too) it won’t be long until we see more crime packs and tools focusing on these devices explicitly. We may also see this trend come to fruition for other platforms in the IoT space as these devices proliferate around us.
9. The gap between ICS/SCADA and real world security only grows bigger.
Industrial Control Systems (ICS) are typically 10 years or more behind the mainstream in terms of security. Over the next couple of years I anticipate we will see a number of far more serious flaws exposed and used by attackers as motives vacillate between state-sponsored attacks and financially motivated ones. In short, it is an area where many are at significant risk.
10. Interesting rootkit and bot capabilities may turn up new attack vectors.
We are in the process of changing major platforms and protocols from those that we have relied on for some time and these lower level changes will bring interesting lower level flaws that cybercriminals may be able to capitalize on. We are on the edge of a mass of major changes to the old guard technology standards. Watch this space for old wounds re-opened and major new security flaw categories.
That’s just a taste … read the full report here (it’s a free download, no registration necessary): Security Threat Trends 2015.
Read the original article, here.
Sophos announced the release of Sophos Cloud Server Protection, a high performance malware protection solution designed specifically for servers. The solution expands Sophos Cloud to a comprehensive security platform designed to protect desktops, laptops, mobile phones, tablets and now servers with the most effective and simplest to manage business security offering available. Servers store large amounts of sensitive information and have become popular targets for cybercriminals. To secure servers, administrators have traditionally had to choose between desktop-oriented security software and complex, expensive server-specific security tools. Perhaps this is why two thirds of the IT professionals surveyed on Spiceworks identified the complexity of learning, configuring and maintaining server security software as an “important” or “very important” concern.
The new Sophos Cloud Server Protection solution delivers malware protection, host intrusion prevention and web security, as well as clear visibility into the current security status of all managed servers via a simple web-based interface. The new offering from Sophos is also the only server security product that can continually monitor the server environment, detect new applications on an ongoing basis and intelligently adjust policies to maintain operational efficiency.
“If compromising desktops is like stealing a wallet, then hacking a server is like robbing a bank,” said Bill Lucchini, SVP & GM for Sophos Cloud. “Today’s businesses need the most up-to-date protection, and Sophos Cloud Server Protection gives overtaxed IT personnel an innovative, high performance and simple to manage solution for securing server environments.”
“As part of the recent Sophos Cloud beta program, I was able to preview the Server Protection functionality added into the product,” said Scott Hartung, IT Director, The Rivett Group . “We currently use Sophos Cloud to protect our Windows, Mac, and mobile devices. I like the fact that Sophos truly understands server security, and I can see that this new version of Sophos Cloud will help me reduce the time spent on maintaining server security.”
“We are finding that more of our customers are trying to support a geographically diverse workforce,” said Pete Greco, VP of Sales and Technology, Productive Corporation. “Sophos Cloud with Server Protection provides comprehensive visibility and manageability, regardless of where employees and their devices are located. With Sophos, we are certain our clients’ workforce is both secure and available.” Watch a video about Sophos Cloud Server Protection and sign up for your 30-day trial right now.
We’re pleased to commence the roll-out of our latest major UTM software update: UTM Advantage (9.3). More and more organizations are switching to Sophos UTM for their next firewall to take advantage of our all-in-one protection with on-box reporting, simplicity and performance. This release continues to add even more value and protection while making things easier for everyone. If you’re not already a Sophos UTM customer, UTM Advantage (9.3) adds to the 5 great reasons why you should switch to a better Firewall. Watch our brief demo video of what’s new in UTM Advantage (9.3). The complete release notes are provided below.
UTM Advantage (9.3) brings dozens of new features including:
Stronger protection for web, email and WAF
Smarter Wi-Fi performance and hotspot management
Better everywhere-deployment flexibility
Release Availability and Roll-out Timing
We are rolling out UTM Advantage (9.3) in three main phases over the coming weeks to provide a great upgrade experience for everyone:
- Phase 1: We are starting with an initial Up2Date to select customer systems today.
- Phase 2: Around mid-November, we plan to make the installation package generally availability for download via our FTP site as we continue the release roll-out to additional systems. Any customers wishing to update their UTM as soon as possible can take advantage of the manual download at this time. We’ll post a notification here on the Sophos Blog when the download is available.
- Phase 3: By mid-December we will have rolled-out the Up2Date package for all customer installations including HA/Cluster environments.
Release Notes for UTM 9.300
Major New Features:
- Live AV Look-ups in Email Protection
Introduced previously in UTM 9.2 for Web Protection, Live AV look-ups now come to UTM Email Protection. This option will improve the malware detection rates by consulting the cloud infrastructure from SophosLabs in real-time for possible threat matches. Look-ups that fail will still be scanned by the AV engine, and as part of our global feedback network unknown files will be sampled for execution and deep analysis by SophosLabs to benefit the global community while allowing you to tap the knowledge gained by these events worldwide.
- SPX Email Encryption – Self-Registration
With the self-registration feature, recipients of our unique SPX encrypted email now have the option to register themselves through an online portal where they will be able to create, reset and recover passwords to access their encrypted emails. This eliminates the need to manually communicate passwords to recipients of encrypted emails, and allows them to use the same password (which they will remember) for all encrypted emails. It makes SPX Email Encryption simpler for everyone.
SPX Email Encryption – Support for Attachments on Reply Portal
SPX encrypted email recipients are now able to add attachments when securely replying to the sender using the SPX online portal. This allows for full encryption of all communications both ways.
- URL Tagging
With UTM 9.2 we introduced the Website List feature where customers can add URLs and override the site category. URL tagging extends this feature by allowing customers to apply custom tags, or labels to URLs, in effect creating their own custom site categories. They can then use these tags in Web Policy just like regular system categories. For example, if a customer has a restrictive policy but needs to access customer websites that would otherwise be blocked, they can add their customer sites to the Website List, tag them as ‘Customer Sites’ and then modify the policy to enable access to the ‘Customer Sites’ tag.
- Browsing Time Quotas
Many organizations want to allow users a limited amount of personal browsing time during the day. In many situations, limiting this to specific times of day does is too restrictive. With this new feature in Web Protection, administrators can allocate time quotas to specific sets of sites or categories for specific users or groups. Users can choose when to consume their time quota throughout the day. When they browse to a quota site, they will be warned that they’re about to use their quota. When a quota expires, they’ll be informed accordingly. Administrators can reset quota if necessary through the Web Protection Helpdesk area of the UTM.
- Selective HTTPS Scanning
To allow more flexibility and provide better performance we have implemented an option to allow selective HTTPS filtering. This allows organizations to balance the need for security or visibility into some encrypted traffic, with the privacy and performance concerns that come with decrypting all HTTPS content. For example, customers can focus on performing important scans in HTTPS like (a) the ability to detect malicious content in uncategorized sites, (b) the ability to identify search terms and enforce safe search for Google and other search engines, and (c) the scanning webmail traffic for DLP only for specific sites. Previously, HTTPS decryption had to be enabled for all traffic, with exclusions being set up for individual sites where necessary.
- Support for SG1xx Wireless Hardware
This release will add support for new SG 1xx wireless models we are going to introduce later this year.
- Hotspot Improvements
This release improves our hotspot capabilities with a few new features: First, we built an interface to communicate with Micros Fidelio hotel management software via its FIAS protocol. Second, we have implemented HTTPS support for hotspot login pages. And finally, hotspots can now be configured in a more multi-tenant-like fashion by restricting the “Allowed Users” option on a per-hotspot basis.
- Multiple Bridge Support
Many more advanced firewall configurations can be solved by allowing more then one network bridge. With this release we added support for multiple bridges. With introduction of this feature we at the same time cleaned up the configuration options in the UTM WebAdmin by moving the bridge configuration directly into the interfaces pane to allow you user-friendly and simple control over all aspects of your interface configuration.
Other New Features:
- VLAN DHCP & Tagging
We removed some restrictions around VLANs to make them easier to administer: you can now allow DHCP on VLAN interfaces and you can now tag and untag interfaces on the same hardware.
- True-File-Type Detection
In our web and mail proxy we now traverse archive files (zip, rar, etc.) to detect the types of files inside. This allows granular policy enforcement based on file types included in an archive rather than blocking archive files in general.
One-Click Secure Sophos Customer Support Access to UTM
With an ever increasing number of Sophos global support sites with different IP ranges, it can often be challenging to enable Sophos Support access to the UTM via WebAdmin and SSH . As a result, we’ve implemented a feature that enables administrators to easily enable access to the UTM by Sophos Support upon request with just a single-click.
- WAF Allow/Block Lists
For the Web Application Firewall we’ve now added support of lists to allow and block IP ranges. This is configured in the site paths settings.
- WAF Wildcard Extension
Exceptions for internal servers now allow wildcards also in the middle of the server path. This allows administrators to easily add exceptions for multiple servers effectively eliminating the need to maintain long lists in WebAdmin.
- WAF Prefix/Suffix Option
Some environments, most notably Microsoft servers like Exchange and Sharepoint, require UPN/domain-style user names for log in. By adding an option to append a prefix or suffix to user-names customers now are able to add a default domain (for example) to facilitate this in order to streamline the user experience.
- HyperV 3.5 Support
The UTM 9.3 now fully supports Microsoft Hyper-V Server 2012 R2. We’ve also incorporated MS Integration Tools v3.5 for Hyper-V which include the latest drivers and additional capabilities like high availability and load balancing.
- Improved performance for URL categorization
In version 9.2 we introduced Live URL Filtering, a new way of doing URL categorization lookups to our cloud data services that offers better performance than the existing CFFS system. On the UTM it provides better local caching of commonly-visited site data. In the cloud, it provides greater responsiveness and automated scaling. With version 9.3 we are enabling this feature by default. Although the URL data used has not changed, this new system will only return one category for each site. This may impact the operation of policy for a small number of sites that previously had more than one category.
Read the original article, here.
Recently recognized as an enterprise mobility management (EMM) market leader by Forrester, Sophos today announced the immediate availability of additional security and device management capabilities for the Android mobile platform. These simple-to-deploy, yet powerful solutions deliver mobile security for businesses of any size. IT professionals can now allow employees to take advantage of all that the Android platform has to offer without putting sensitive data at risk.
According to Nielsen, mobile users are now spending 30 more hours per month on mobile devices than on their laptops, and cybercriminals are taking notice. SophosLabs has identified over 1 million new and unique pieces of Android malware and potentially unwanted applications (PUAs) just since the beginning of 2014. Android malware has grown 1,800 percent over the last two years, by far the fastest growing of any attack surface.
Approximately two billion mobile phones and tablets will be shipped this year, 85 percent of those will be Android devices, and 75 percent of apps on those devices will fail basic security tests. With a mix of corporate-owned and employee-owned devices being used for business anywhere and anytime, organizations clearly require a more comprehensive approach to mobile security. And that’s where Sophos comes in.
Sophos delivers comprehensive Android protection
Sophos Cloud now features Android support, delivering one central and hosted console for managing both desktops and mobile devices. With a simpler user-centric approach, it helps keep corporate information safe with mobility management features like remote lock, remote wipe, password reset, theft protection, Wi-Fi configuration and Microsoft Exchange setup help.
Sophos Mobile Security brings a powerful new antivirus engine and web protection technology to the Android platform. Without reducing device performance or diminishing battery life, this powerful engine provides comprehensive malware protection. In fact, Sophos received a perfect 100 percent Android malware detection rate in the latest AV-Test.
Sophos is the only enterprise mobility management vendor that offers built-in antivirus capabilities and web filtering without relying on third-party software. Additionally, only Sophos delivers a centrally managed, cloud-based mobile security solution that is compatible with Windows, Mac, iOS and now Android platforms – providing simple and complete security for businesses of all sizes.
In addition, Sophos today announced the new Sophos Anti-Malware SDK for Android, which features the core Sophos antivirus engine. Now Telco providers, mobile carriers and other IT vendors can integrate Android anti-malware technology into their own mobile offerings.
With an increasing number of viruses and other malware samples entering the corporate network via mobile devices, it’s more important than ever to deploy Android management and security technology to ensure that sensitive corporate data stays out of the wrong hands.
“Sophos mobile security technology helps us remain secure and shielded from data loss and unexpected costs without reducing staff performance,” commented Josh Moore, network engineer at FF Thompson Hospital. “We get both protection and functionality with Sophos.”
“Sophos has increased our control over various mobile devices, including the Android devices we have deployed,” said David Bridgman, IT security manager at Northcentral University. “With the newest release, the most notable benefit—in addition to the added security—is that there is no difference in our users’ experience.”
“Well over half of all mobile apps fail basic security measures, and these sobering figures are on the rise,” said Dan Schiappa, senior vice president and general manager, end user protection group, Sophos. “Every day the risk is growing, and we’re proud to offer the most comprehensive mobile protection for businesses to keep confidential information out of the wrong hands.”
Watch the Sophos Android Security video now
Read the original article, here.
Every quarter Sophos announces the SPAMPIONSHIP league highlighting the worst offending countries for spam. As we approach Halloween, the Q3 (July-August-September) results for 2014 are in. The Spampionship is a clear reminder that while spam is a global problem, prevention begins at home. That’s because most spam comes from so-called “zombies” – computers infected by malware that puts them under the remote control of cybercrooks who could be on the other side of the world, and probably are.
For example, SophosLabs has clocked a single infected computer sending more than 5,000,000 spams in a single week, illegally promoting an ever-changing cocktail of shady products and services, and pumping out malware in attachments.
And as SophosLabs monitor where spam comes from, they are also simultaneously mapping out where in the world the zombies are. As Cybersecurity Awareness Month draws to a close, it’s time to be part of the solution, and go zombie bashing with Sophos!
Just download and run Sophos’ free Virus Removal Tool to check your computer isn’t infected, and do your bit today!
In this Sophos Naked Security article, Sophos expert Paul Ducklin provides his analysis of the latest Spampionship results.
Highlights of the Q3 2014 Spampionship
Being high on the spam-sending charts, means you’re also high on the scale of people who put their personal information, finances, and even identity at risk.
The Spampionship is the league that everyone wants to lose, and below are the results for Q3 (July, August, September) of 2014.
The “Dirty Dozen” countries
Measuring spam entirely by volume-per-country is a little unfair, because populous countries like China, or very well-connected, like the USA, inevitably bubble up to the top of the list.
Things get fairer – and more interesting – when each country’s spam volume is divided by its approximate population:
Read the original article, here.
Back in the summer we ran a little survey on SpiceWorks and almost 400 Small and Medium Business IT managers gave us their view on the main challenges they have with their current firewall. But some of the results weren’t exactly what we were expecting.
The #1 rated issue was the lack of reporting options
35% of respondents said their firewall provides insufficient reporting and 22% also cited lack of visibility into infected machines which speaks to a lack of useful insight too. Users are hungry for bandwidth and regulatory compliance is Insufficient reporting becoming increasingly important so it’s not really surprising that IT managers crave a better view into what’s happening on their network.
What is surprising is that so few firewall vendors offer their users what they need. Compare the leading UTM/Firewall vendors and you’ll find just one who has over 1000 reports available built-into the appliance. I’ m sure you can guess who check here if you can’t!
At Sophos we prioritize reporting and in addition to the on-box reports we also offer Sophos iView our dedicated virtual reporting appliance for those that simply need more reports or want to correlate reporting across multiple appliances.
Complexity is still the enemy of security
We all know IT threats are coNot easy to managemplex and the survey confirms that all too often the products designed to solve security problems are far too complex too.
Ease of use only narrowly misses out on top spot with 34% saying its a frustration.
Adminstrators need a strong link between seeing what is happening and doing something about it. This is essential in security products where a weakness at one point on the network can quickly become a problem for the entire organization.
Advanced threats? We’re covered, at least we think we are!
Other surprising results were hreportingow few people cited lack of protection against advanced threats and poor performance as weaknesses. We hear a lot about how traditional firewall and antivirus technologies can no longer protect against sophisticated Advanced Persistent Threats. This is seemingly a non-issue for 90% of those surveyed.
IT managers are either confident their firewalls have the necessary protection place, like command and control detection and sandboxing, or simply have more pressing needs and don’t see advanced threats as their concern but for governments and larger enterprises to worry about.
Performance matters or does it?
That performance rates so lowpoor perf is possibly the biggest surprise. Performance is often a key concern for buyers when selecting a firewall with technical data, sizing guides and comparative reports providing useful guidance for buyers to select the right firewall for their needs. This result suggests the guidance and advice of channel resellers is proving effective and buyers are right-sizing their firewalls.
All in all some interesting results that suggest reporting and ease of management should be carefully looked at when selecting a replacement firewall. But maybe this is not really that surprising after all as these areas do reflect the core focus of network security managers. Without visibility into what’s happening, or the ability to quickly put protection in place an IT Manager’s life becomes very difficult.
Sophos UTM – ease of use and on-box reporting as standard
Sophos UTM is designed to be easy to use and includes extensive on-box reporting as standard – no need for additional hardware or subscriptions. Our new SG Series appliance all include a hard drive or a solid-state disk, giving you comprehensive reporting that you can access in seconds. So you can see what’s happening on your network in real-time and quickly access historical data.
Watch this short video to see it in action. On-box reporting as standard is just one of the reasons to make your next firewall a Sophos firewall.
Read the original article, here.
Dropbox usernames and passwords were leaked online this week. It’s the latest in a string of recent data breaches involving compromises of third-party websites that take advantage of password re-use to get at users’ accounts on multiple services. In 2014 alone, millions have had their private information and passwords compromised, leading to what some are calling data breach “fatigue.” Dropbox was quick to respond, denying a breach on their end while urging their users to enable tighter password security measures. Dropbox’s response was refreshing when compared to that of other major brands, such as Home Depot, which chose to communicate very little with the public, distributing only a few carefully crafted press releases.
As businesses learn to navigate their way through crisis management in the digital age, there are solutions that can mitigate risk, greatly saving these companies both dollar value and reputation value. Sophos offers a complete suite of solutions to ensure your customers’ data is safe and secure. A major component of this is our SafeGuard Encryption solution. Simply put, encryption adds the crucial layer of security in situations where a customer’s data is breached. Even if a bad guy gets hold of a user’s data, it’s utterly useless when encrypted, whether that data is at rest or in motion (e.g, being uploaded/downloaded from the cloud).
Although this breach was not due to a compromise of Dropbox itself, are you confident that your important files are safe when stored in the public cloud? In the case of cloud storage services, of which Dropbox is one of many, encryption prevents any breach, regardless of who caused it, from resulting in the loss or exposure of data. Using an encryption solution where the keys and control mechanisms are stored far from the potential points of compromise means you can control how data is stored, and manage who has access.
Learn more about SafeGuard Encryption
Sophos SafeGuard Encryption solves the major challenge of managing encryption across multiple platforms, devices, and cloud environments. Users and IT staff can share data safely between Windows, Mac and mobile devices – securing data wherever it lives and wherever it is sent. For more information about SafeGuard Encryption, get our free whitepaper Managing BitLocker With SafeGuard Enterprise (registration required).
Or download our Encryption Buyers Guide to learn more about how to choose the best encryption solution for your needs. You can also read interesting articles about SafeGuard Encryption, here and here.
Read the original article, here.
Sophos announced additions to its range of SG Series firewall/UTM appliances, WiFi access points, and the availability of Sophos iView, a new dedicated virtual reporting appliance. By extending its Network Security portfolio with new entry-level and enterprise class appliances, Sophos now provides businesses of any size and the channel partners that serve them with the flexibility to consolidate their security with a complete proven solution set.
Sophos SG Series Appliances
In April 2014 Sophos released the first of its new generation of network security appliances, the Sophos SG Series. Today, Sophos announced six additional firewall appliances, meaning that Sophos customers and partners can now choose from 12 SG Series models. As with the existing models, each uses the latest Intel multi-core technology to provide optimal performance. The new appliances include four desktop models ideal for small office deployments and two new 2U models that utilize the fastest Intel Chips and deliver extensive redundancy and customization features. Further desktop models will be available later in the year with integrated wireless connectivity, including two which support the 802.11ac standard.
Sophos iView
The release of the Sophos iView virtual appliance addresses what a recent Sophos survey on Spiceworks of SMB IT managers identified as their most significant frustration with existing firewalls from any vendor – insufficient reporting. This was the number one complaint with 35 percent of respondents saying they’d like greater reporting options. With over 1,000 built-in reports, including regulatory compliance reports, Sophos iView will give IT managers the extra depth they need. Users can also build their own custom reports and dashboards, focusing on problem areas or users on their network. Available as a virtual appliance only, Sophos iView supports VMware, Hyper-V, Citrix, and KVM virtual environments.
As a dedicated reporting appliance, Sophos iView can offload reporting duties and provide a range of added capabilities such as:
- Compliance reporting for industry standard regulations such as HIPAA, PCI, SOX, and GLBA
- Consolidated reporting across multiple UTM firewalls for a complete view of all network traffic from a single console
- Long-term persistent log management and storage for security and backup with convenient access for audits or forensics
- Licensing that is based on storage requirements, with the entry level vSI-Light including 100GB of storage and the vSI-Unlimited
Wireless Access Points
In addition to the SG Series and iView appliances, Sophos also announced the AP 100, the first in a new generation of wireless access points that support the latest 802.11ac protocols, and an entry level access point, the AP 15. As with previous Sophos wireless access points, the new AP15 and AP100 models can be managed directly from the Sophos SG Series appliances, meaning the wireless network is tightly integrated with the firewall protection.
You can read the original article here.
Sophos announced that it has acquired cloud-based security firm Mojave Networks of San Mateo, Calif. This acquisition will strengthen Sophos cloud-managed and appliance-based security solutions. To Sophos Cloud, an integrated cloud-managed security offering, Mojave will add a rich cloud-based web security solution. And to Sophos’ line of network security hardware it will enable hybrid deployment options (SaaS and non-SaaS) to meet diverse web security needs. An increasingly mobile workforce and an explosion of mobile devices have created a serious challenge for IT. To safeguard valuable corporate data and to secure roaming devices, Mojave’s innovative security platform provides an effective cloud-based network security solution that is easy to deploy and manage. It will allow Sophos customers to benefit by providing:
- A cloud-based web filtering engine enabling full protection for web interactions without requiring additional on-site technology
- Near instantaneous protection from emerging threats by supplying real-time threat intelligence from the cloud
- A simple and intuitive management experience designed for small and mid-market enterprises or pragmatic enterprises of any size
- A zero-compromise approach to security across Windows, Mac, iOS, and Android devices, delivering context-awareness, visibility and seamless protection whether they are on or off the corporate network
“Mojave Networks is a young innovative company that has built a leading platform right at the intersection of three cutting-edge areas of security: cloud, web security, and mobile,” said Kris Hagerman, CEO, Sophos. “We’re dedicated to delivering security that is both powerful and comprehensive, but also simple. By integrating Mojave Networks’ technology into Sophos Cloud, we’re extending our leadership position and enhancing an offering that is already one of the fastest growing products in Sophos’ history.”
“We are proud of the work we’ve done at Mojave to pioneer a cloud-based approach to mobile and web security that offers unrivaled protection from malicious threats, security for mobile workers, and uniform policies across platforms,” said Garrett Larsson, CEO of Mojave Networks. “As part of Sophos we can continue to pursue our vision of comprehensive security for a mobile workforce at an accelerated pace, as we take full advantage of the rapid growth of Sophos Cloud, Sophos’ world-class community of more than 15,000 partners, and Sophos’ global presence. We’re excited to join such an innovative and disruptive leader in the IT security space.”
Sophos plans to integrate Mojave Networks’ technology into its fast-growing Sophos Cloud product line in early 2015 and then later in 2015 into appliance-based network security solutions. This will allow Sophos partners to offer their customers an integrated security platform that brings together best-of-breed PC, Mac, mobile, and network protection abilities through a single cloud-based console. This represents another leap forward in delivering comprehensive protection to organizations seeking enterprise-class security without enterprise-class complexity.
You can read theoriginal article here.
InfoCom World Congress is the largest event on digital technologies in SE Europe, attracting more than 3,500 delegates per year. It successfully records and captures for many years to run the course taken and convergence happening in Technology, Informatics, Telecommunications & Media sectors. The 16th InfoCom World titled «Techonomy: Time for Synergies!» will take place on October 21, 2014 at Divani Caravel Hotel. This year’s conference takes place in a period when special emphasis is given to technology, business strategies and synergies that are now unanimously recognized as a driver for growth.
NSS could not be absent so is one of the Sponsors of the conference. Come to chat with us !!
A lot has changed since 1995, the last time a major European law was passed on the subject of data protection (the Data Protection Directive 95/46/EC). For example, mobile devices are ubiquitous, and it’s not unusual to carry two or even three at a time. Meanwhile, sensitive company data is moving outside the safety of the traditional corporate security perimeter. Employees email documents to themselves, access data from personal smartphones and tablets, and store data in the cloud. Major data breaches are commonplace today, putting customers at risk of identity theft and financial loss, and businesses at risk of losing customer and investor loyalty. European businesses are not prepared to meet regulatory requirements outlined in the EU Data Protection Regulation, due to be enacted by the EU parliament in 2015. That’s the story told by a survey of 1,500 office workers in the UK, France and Germany, conducted by Sophos. Although a large majority of poll respondents (84%) agree that stricter data protection requirements are needed, most lack confidence that their employers are compliant (77%), and many do not know what type of data protection their companies currently have in place.
During a roundtable discussion about the survey, our security experts talked about the current state of data protection and how the new requirements might impact businesses. Anthony Merry, director of product management in the data protection group at Sophos, said companies have to get a better understanding of not just what regulations require, but what data protection actually is. “Many of the companies I talk to still do not understand what data protection is, why businesses need to do it and why it is important, and that needs to change,” he said, according to ComputerWeekly.
Some of the proposed changes to the EU Data Protection Directive include huge fines for non-compliant companies in the event of a data breach — as much as 5% of global turnover, or €100m, whichever is higher. Compared to relatively lax data protection laws in the United States, such punitive laws could be seen as harmful to businesses.
However, if companies are encrypting their data — on disks, mobile devices, storage drives, and in the cloud — they don’t have to worry as much. “If data is encrypted, even if IT systems are breached, companies will not be liable under the law,” Anthony said. Unfortunately, businesses in the countries we surveyed have a long way to go to complete data protection. According to our survey, only 62% of UK companies are encrypting laptops, along with 36% in France and 56% in Germany. Encryption of mobile devices is even farther behind: 41% in the UK, compared to 21% in France and 32% in Germany.
Learn more about data protection
Sophos SafeGuard Encryption solves the major challenge of managing encryption across multiple platforms, devices, and cloud environments. Users and IT staff can share data safely between Windows, Mac and mobile devices – securing data wherever it lives and wherever it is sent. For more information about SafeGuard Encryption, get our free whitepaper Managing BitLocker With SafeGuard Enterprise (registration required). Or download our Encryption Buyers Guide to learn more about how to choose the best encryption solution for your needs.
Jan
a conference featuring prominent Chief Executives representing mobile operators, device manufacturers, technology providers, vendors and content owners from across the world.
Ipoque participates at industry tradeshows and conferences around the world. If you are interested in viewing a full demonstration of Ipoque’s products and solutions join at GSMA Mobile World Congress 2013.
25 – 28 February 2013
Fira Gran Via, Barcelona
Booth #6E126 – Hall 6
For more information click here