Today’s endpoint protection needs to do much more than blocking known malware. Your endpoint solution needs to be intelligent enough to prevent attacks based on suspicious behaviors, and it should be able to detect and clean up infections when they do happen.

Sophos Endpoint Protection integrates a range of innovative technologies to secure your Windows, Mac and Linux systems against malware and advanced threats such as targeted attacks.

We know that it’s not possible to have 100% prevention, 100% of the time. That’s why Sophos Endpoint Protection includes next-gen features like Malicious Traffic Detection and the Sophos System Protector. By correlating suspicious behaviors with threat intelligence from SophosLabs, Sophos Endpoint Protection identifies attacks that have never been seen before, and protects users from every angle.

Malicious Traffic Detection

Malicious Traffic Detection, or MTD, prevents malware from carrying out certain behaviors to do its dirty job. Typically, when malware gets onto a computer the first thing it will do is communicate with an attacker’s server – to request additional instructions, to download more malware, and to send stolen data off to the attackers.

With MTD, we’re able to see when an infected computer is attempting to communicate outside the network in suspicious ways, to find and remove the malware on that machine.

As one example, MTD can detect if one of your endpoints is compromised by the ransomware called CryptoWall, which uses a secret encryption key to scramble all your files and connected drives and demands a ransom to get the key to unscramble them.

For CryptoWall to carry out its marching orders to encrypt your files, it needs to retrieve a key from the attacker’s server. MTD can detect CryptoWall’s “call home” to the bad guys’ server and prevents it from getting the encryption key.

Sophos Endpoint Protection then removes the malware to prevent future damage.

Sophos System Protector

Sophos Endpoint Protection has within it a whole bunch of different components, or sensors. It’s capable of scanning a file and seeing what its code does before it runs. It has a Host Intrusion Prevention System (HIPS) that looks for bad behaviors as the software is running. And it can detect malicious websites and exploit kits by looking for things like malicious javascript containing exploits.

With all these different ways of looking at a file to find out if it’s dangerous, there needs to be an intelligent way to bring all of the pieces together.

Sophos System Protector is the conductor of the orchestra – it coordinates the different activities, using threat intelligence from SophosLabs to make sense of the information we’re getting from all the different sensors.

More reasons to choose Sophos Endpoint Protection

If you’re looking to switch to endpoint protection that’s simply better, there are five big reasons why you should consider choosing Sophos Endpoint Protection.

Learn more about how you can secure your organization with protection that offers these benefits:

• Innovative technology from an industry leader
• Lighting performance that won’t slow your users down
• Sophisticated simplicity – saves time and easy to manage
• User-based licensing to accommodate a modern workforce
• Flexible deployment – on-premise or in the cloud

You can read the original article here.

Ransomware, it’s everywhere. We had hoped that the notorious file-encrypting ransomware called CryptoLocker was defeated after law enforcement knocked out its infrastructure last year, but CryptoLocker and its close cousin CryptoWall have come back stronger than ever.

Ransomware is malware that prevents you from using your files or your computer, and then extorts money from you in exchange for a promise to unlock them.
We’d like to show you more about the newest kinds of ransomware, how they work, and what you as an organization or individual can do to stay safe.

Ransomware: a brief history

Ransomware and fake-antivirus have been around for many years, relying on social engineering to trick computer users into paying the cybercriminals, so their phony warnings claim, to avoid fines from police for supposed crimes, or to clean up “viruses” on their computers that don’t actually exist.

But CryptoLocker and CryptoWall – variations of the malware we sometimes call crypto-ransomware or cryptoware – don’t bother with that sort of trickery. The attackers tell victims up-front that their files have been encrypted by the crooks. Unless you pay for the encryption key held by the attackers, the crooks destroy the private encryption key, making it impossible to recover your files.

How it works

A ransomware attack goes through five stages from the time it installs on your computer to the appearance of the ransom warning on your screen. You can download our step-by-step infographic to learn about the stages of an attack, and get tips on staying safe.

Ransomware protection, prevention and mitigation

If you suspect you’ve been compromised by ransomware, you can remove the malware using our Free Virus Removal Tool. Sadly, there’s not much you can do to get your files back except to pay the ransom – the encryption is too strong to crack. We wouldn’t recommend paying the ransom – there’s no guarantee the criminals won’t up the ante, or that they’ll actually follow through on their promise to send you the keys to decrypt your files.

But it’s easy to understand why so many people do pay the ransom, especially if you’ve lost invaluable corporate or personal data. Recently, a sheriff’s office in Tennessee paid a ransom to CryptoWall cybercrooks, and other police departments and public sector organizations have done the same.

Really, the best defense is a proactive one: always back up all your files, and use anti-malware and anti-spam protections. To learn more about protecting your organization against ransomware attacks, download our free whitepaper, CryptoLocker, CryptoWall and Beyond: Mitigating the Rising Ransomware Threat.

This whitepaper explains:

• A brief history of ransomware, from Winlockers to today’s crypto-ransomware
• How ransomware works and why it is so dangerous
• Specific recommendations that can dramatically reduce your vulnerability

The best ransomware defense: Next-generation protection from Sophos

Before ransomware can do its dirty work, it must contact a live command and control server. Next-generation firewalls such as the Sophos UTM can help block that. So can today’s best client anti-malware software. Our Next-Generation Enduser Protection offers Malicious Traffic Detection (MTD) that goes wherever you go, detecting and stopping malware when it connects to attackers’ servers.

Next-Generation Enduser Protection is the integration of Sophos’s innovative endpoint, mobile and encryption technologies to deliver better protection and simpler management.

To learn more about how to try it for free, visit sophos.com/ngeup.

You can read the original article here.

We’re pleased to announce that Sophos has been recognized with the AV-Test Best Usability 2014 Award! AV-Test regularly tests endpoint protection products, including the Windows component of our Endpoint Protection product, which we call Endpoint Security and Control. 

Across multiple tests in 2014, “Sophos Endpoint Security and Control excelled consistently and thus earned the 2014 Award in the category of Usability,” said Andreas Marx, CEO of AV-Test. 

Our tagline is “Security made simple,” and part of delivering on that statement is creating products that are highly usable for our customers. AV-Test Best Usability 2014 AwardWe also understand, though, that usability is only one reason why people choose Sophos. 

We’re leaders in the industry because we combine simplicity with ongoing innovation on the endpoint and, more broadly, in protection of end users across all devices and platforms. 

In addition to our AV-Test award, we’ve been recognized in the Leaders Quadrant of Gartner’s Magic Quadrant for Endpoint Protection Platforms for eight years in a row. Plus, we’ve been named as Champions in the Info-Tech Research Group’s 2014 Vendor Landscape: Endpoint Protection. Learn more about Endpoint Protection from Sophos.

You can read the original article here.

The expert product reviewers at AV-Test handed out awards for the best antivirus software for Android in January, and once again Sophos has aced the test with 100% malware detection. 

Our Free Antivirus and Security for Android (Sophos Mobile Security) accurately detected and blocked every one of the 2,950 samples of malicious Android apps used in the test – and without a single false positive. 

AV-Test recognized our app with a Protection Score of 6.0 (out of a possible score of 6.0), and we also garnered the highest rank of 6.0 in Usability. Our 100% malware detection rate beat out the antivirus products of other vendors including those from Symantec, Kaspersky and McAfee. 

In the Usability category, we passed with flying colors, thanks to app performance that didn’t slow down the device or reduce battery life. Tests also showed that our Android antivirus didn’t flag any legitimate apps (out of nearly 3,000 tested from Google Play and legitimate third-party app stores). Version 4.0 of Sophos Mobile Security also got perfect scores from AV-Test in November 2014. Check out the AV-Test review, and download the free app from Google Play.

About Sophos Mobile Security

Sophos Mobile Security is a robust yet lightweight app that protects your Android devices without compromising performance or battery life. Using up-to-the-minute intelligence from SophosLabs, it automatically scans apps as you install them. 

Other features include a privacy advisor, data and device encryption, and per-app password protection that you can set up for sensitive apps like your email. It’s also available as an enterprise version you can manage through Sophos Mobile Control, our enterprise mobility management and security product. 

You can read the original article here.

Facial recognition technology has been around for many years – the fact that the vast majority of people have two ears, two eyes, a mouth and a nose, all appearing in pretty much the same location, makes basic recognition relatively straightforward.

Total accuracy, however, is much harder to come by – even us humans can only positively identify a subject from a photo 97.53% of the time. Certain groups have an interest in developing software that can match or exceed that level of accuracy though.

Law enforcement and other government agencies would, I’m sure, love to be able to identify suspects from photos and videos in an automated and unequivocal manner. Doing so is generally not so easy though – just this week police in the UK said its computerised system managed to match a mere 10 images to suspects in 18 months. By way of a contrast, when the force pulled in 90 human experts, almost 300 matches were made in just three days.

Other developers of automated facial recognition systems have had far more success though. A study by the Ohio State University last year demonstrated advances made in the technology that allowed for the identification of emotional states with an accuracy level ranging of between 76.9% and 96.9%, depending upon the complexity of the emotion.

More impressive than that, perhaps, is DeepFace – a software recognition system developed by Facebook. DeepFace is so accurate that there is barely a difference between its ability to identify a person and that of a real human being. The software’s algorithms are able to determine whether two different photographs feature the same person with an accuracy rate of 97.25%, regardless of the angle of the shot or the background lighting conditions.

So Facebook’s going to turn this technology on its 1.3 billion users and root out and quantify even more of the social connections implied by your photos, right? They say not. The social network plans to use the system to identify its users in new photos as they are uploaded. If your visage appears in one of the 400 million pictures added to the network each day you’ll receive an email from Facebook alerting you.

If you are not happy about appearing in your friends’ timelines – and it is only your friends that will see it – you’ll have the option to blur your face and retain your privacy. The picture elsewhere is not so clear though: we know Apple has patented its own facial recognition technology and Google employed an app in its now-defunct Glass device which could check those it viewed against sex offender and other criminal databases.

Perhaps unsurprisingly, governments in the US, UK, Germany, New Zealand and Switzerland, among others, have used the tech to identify criminals, enhance border controls and for other purposes.

While none of those uses may be of concern to you now, the future is less clear. As the underlying technology improves, new uses will be found, and we all know how slowly laws catch up with new tech and, when they do, the lawmakers often lack the expertise to legislate in ways that are meaningful to the general public. In the meantime, all we can do is look at each use of facial recognition as it comes along and take any action we feel is necessary – assuming we are able to control it in the first place.

In the case of Facebook and its photo tagging, we’ve already mentioned how likenesses can be blurred out on a case by case basis. Preventing the service from attempting to tag your photo in the first place is quite easy though: Going into your Facebook Settings and then selecting Timeline and Tagging. Under How can I manage tags people add and tagging suggestions there will be an option labelled Who sees tag suggestions when photos that look like you are uploaded? Simply change this to No One.

Readers in Europe will find that the above option is ‘Unavailable’ but don’t worry – the EU has different rules on Facebook tagging that mean your photos are safe, though the service appears to have been partially restored to allow tagging of US residents. If you are on Facebook and want to keep yourself informed about the latest news from the world of internet security and privacy, join the Sophos Facebook page where more than 250,000 people regularly discuss these issues and best practice. If you want to improve your privacy and security settings on the social network, check out our Facebook account tips.

You can read the original article here.

Array announced the second generation of the AVX10650 virtualized application delivery controller. Why is this important? It gives IaaS providers unprecedented flexibility to support multiple customers while managing just one appliance (or two, for high availability). Or, enterprises can support multiple applications, user types, etc. – again, with just one appliance (or two). 

And unlike other ADC products marketed as ‘multi-tenant,’ AVX10650 instances do not share physical resources. They’re fully independent – each with its own I/O, CPU, SSL card and memory – so there’s no resource contention to drive down performance (and user experience). This is a multi-tenant, virtualized ADC solution that truly offers multiple benefits for IaaS providers and enterprises. 

It offers four different basic configurations, from entry-level basic ADC for up to 32 vAPV instances, to the high-performance large configuration supporting four vAPV instances per appliance and 28Gbps guaranteed throughput per instance. It combines the flexibility of a virtual ADC, with the rock-solid, high-horsepower performance of a physical ADC – more than 2K transactions per second (TPS) for 2048-bit SSL even at the entry level, and up to 17K SSL TPS (2048-bit) in the ‘large’ configuration. 

You can buy just what you need today, and ‘pay as you grow.’ For example, if you determine you need a medium ADC configuration (16 vAPV instances per appliance), you can purchase one quarter, half, three quarters or full capacity (that’s 4, 8, 12 or 16 instances in this case). If an AVX10650 is purchased at less than full capacity, you can upgrade at any time. 

With the AVX10650 virtualized ADC you’re not racking and stacking multiple ADCs to support multiple customers, applications or communities of interest – nor do you have the associated management, power and space headaches. And it provides hardware-based SSL throughput that virtual ADCs can only dream of. Find out more about the next-generation AVX10650 in the press release or datasheet.

You can read the original article here.

In virtualized environments, SSL/TLS data encryption is commonly used to secure mission-critical and sensitive data as it transits to remote users and shared networks. Virtual application delivery controllers (ADCs) are also frequently deployed to provide SSL offloading from servers (reducing their load and thus improving performance) as well as application acceleration, load balancing across links, servers and global data centers, and Web/application security. 

However, SSL/TLS offloading in a virtualized environment presents several key hurdles for virtual ADCs: Software-based performance is typically much lower than that of hardware-based (i.e. dedicated) ADC appliances – and if other virtual machines are sharing the same CPU, resource contention can further reduce performance.

Also, to be effective, the ADC must be able to gain the information needed (from clear text) for intelligent application routing, filtering and/or server persistence – and this requires even more processing power. Scaling can also be problematic. Sure, you can throw more virtual ADCs into the mix, but it will add both cost and setup/management complexity to the equation. 

When you need to ensure SSL/TLS performance through SSL offloading, and scaling is also a concern, consider a hybrid virtual/dedicated model. This model combines the flexibility and low cost of virtual ADCs with the raw horsepower of our dedicated APV Series appliances – which can support up to 4 million SSL/TLS connections/sections and up to 25 Gbps encrypted data throughput per unit. 

See our SSL Offloading and Acceleration in Virtualized Environments white paper for a complete description of how the hybrid virtual/dedicated model works, key features, key benefits and more. 

You can read the original article here.

The more customers you host in your data center, the better, right?  Of course, that means more revenue.  And if those customers are in multiple industry verticals, even better, correct?  Supporting a variety of customer types protects  against revenue fluctuations if rough economic times affect a certain vertical and not the others.  But here’s the rub. 

Hosting a diverse set of customers in your data center is a double-edged sword.  The financial benefits  of an expansive customer set are irrefutable. 

However, the flip side of serving a diverse clientele is the increased exposure to becoming a victim of DDoS attacks. 

A DDoS attack on a hosting data center has many repercussions:

• A DDoS attack on just one hosted customer can create a data center wide outage and major collateral damage for the rest of your customers
• A compromised hosted server in your data center can be used as a powerful botnet attack source and negatively impact your reputation
• Any degradation of service availability or outage will cost you revenue

The very success of customer growth makes you susceptible and vulnerable.  It goes without saying that the resulting damage can be costly data center downtime, customer attrition, and a damaged brand.  Thankfully, there are solutions that can help can help you to protect yourself, and your customers from DDoS attacks:

• Deploying DDoS mitigation on-premises
• Ensuring real-time detection, alerting and mitigation
• Gaining greater visibility into traffic in and out of your data center

I invite you to keep checking back on additional posts that will elaborate on each leg of this 3-legged stool and provide detail on how hosting providers can:

• Protect critical data center infrastructure from DDoS attacks in real-time
• Ensure service availability and SLA’s are met, even under DDoS attack
• Offer value added security insight and protection to your hosted customers

Hosting providers, let’s be proactive in securing you and your customers in the face of DDoS attacks. Corero has the solution.

You can read the original article here.

In the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.

The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.

Many Sophos products do not use Linux, or the glibc software at the heart of the vulnerability, and are therefore unaffected. This includes Sophos Endpoint Protection (Antivirus) for Windows, Mac and Unix; Secure Email Gateway; PureMessage for Microsoft Exchange; Mobile Control and likely others that we are still verifying.

However, Sophos UTM, Sophos UTM Manager (SUM), Secure Web Gateway, Sophos Secure OS for AWS, the Sophos Cloud management infrastructure, and the SAV for vShield virtual appliance are all built on the Linux platform and include the glibc software that is responsible for the vulnerability.

The extent to which this vulnerability can be exploited varies from product to product. In all cases, the product teams are working quickly to update vulnerable software. For information about update availability, see this knowledgebase article. The new Up2Date package for Sophos UTM 9.3 introduces several fixes to our current UTM platform, including an update for glibc to fix potential vulnerability (GHOST, CVE-2015-0235). Please read the article here.

Our products that customers install and run on their own installations of Linux (e.g., SAV for Linux, PureMessage for Unix) are not believed to introduce a vulnerability. However, the customer’s underlying Linux system may be vulnerable. Customers are encouraged to test and install vendor-supplied security patches for their Linux distributions to protect against GHOST and other vulnerabilities.

SophosLabs is monitoring for methods and attacks targeting this vulnerability and will use the full capabilities of our product line to deliver protection for customers.

Please see this knowledgebase article for the latest information on which products and versions are affected and what, if any, actions are required for customers to remain secure. To learn more about the GHOST vulnerability, read the excellent write-up on Naked Security.

You can read the original article here.

It’s an honor to announce that we have been positioned as a Leader in Forrester Research, Inc.’s new report, The Forrester Wave: Endpoint Encryption, Q1 2015. We think this is strong validation that Sophos SafeGuard Enterprise Encryption 7 is among the very best encryption products available on the market today.

According to the report, “Sophos was the breakout star in this Forrester Wave evaluation, touting strong hardware-based encryption support, external media encryption policy flexibility, and file-level encryption functionality.” What’s especially rewarding about our position as a Leader is that we believe it shows how our entire company contributes to our success, including our engineering, product management, sales and customer support teams.

What Forrester is saying about us

Forrester states that “security and operations admins will appreciate Sophos’ deep policy granularity and deployment flexibility in a variety of environments and use cases.” Forrester also found that our “user support offerings and ease of deployment were consistently rated as exemplary by customers.”

Forrester evaluated vendors against 52 criteria grouped into three categories:

Current offering: examines the strength of each vendor’s product offering.
Strategy: critiques the viability and execution of a company’s strategy, including its market experience, future vision, integration strategy, global presence and engineering staff.
Market presence: metrics include install base, revenue and partner ecosystem.

Sophos earned the top rank in the Current Offering category, including the highest scores in the sub-categories “endpoint full-dish/volume encryption,” “file/folder encryption” and “external media encryption.”

We had the second highest overall score in the Market Presence category, with the top scores in the subcategories “technology partners” and “financial viability.”
And we also rank second overall in the Strategy category.

Why you need endpoint encryption now more than ever

In addition to evaluating vendors, Forrester’s report examines the critical need for organizations to implement endpoint encryption. Forrester cites the explosion of consumer devices and services that are blurring the lines between work and personal lives as a primary reason why organizations need to endpoint encryption solutions. Meanwhile, a lack of endpoint encryption increases the risk that a data leak or compliance breach event will occur.

The report also states that endpoint encryption offers significant benefits beyond compliance. Security and risk professionals should view endpoint encryption “not merely as a compliance ‘check box,’ but as an essential tool in their arsenal of data protection,” according to Forrester.

To learn more, download a complimentary copy of The Forrester Wave: Endpoint Encryption, Q1 2015 report. (Registration is required).

More recognition for Sophos SafeGuard Encryption 7

Sophos SafeGuard Encryption 7 protects data on multiple devices and operating systems. Whether that data resides on a laptop, a mobile device, or in the cloud, Sophos SafeGuard Encryption 7 is built to match your workflow and processes without slowing down productivity.

In addition to our position as a Leader in The Forrester Wave: Endpoint Encryption, Sophos SafeGuard Encryption 7 has earned Sophos a spot in the Leaders Quadrant of the Gartner Magic Quadrant for Mobile Data Protection for six years in a row. Sophos SafeGuard Encryption 7 was also recognized in 2014 with the TechTarget Readers’ Choice Award for the best encryption solution.

You can read the original article here.

Sophos announced it has been positioned by Gartner, Inc., in the “Leaders” quadrant of Gartner’s “Magic Quadrant for Endpoint Protection Platforms” for the eighth consecutive year.

Gartner identifies four primary stages in the security lifecycle: setting policy, prevention, detection and remediation, and evaluated EPP vendors based on whether the features their solutions offer address these four stages.

According to the report, “the rise of the targeted attack is shredding what is left of the anti-malware market’s stubborn commitment to reactive protection techniques. Improving the malware signature distribution system or adapting behavior detection to account for the latest attack styles will not improve the effectiveness rates against targeted attacks … to be successful going forward, EPP solutions must be more proactive and focus on the entire security life cycle.”

Sophos believes the company’s Project Galileo product strategy of integrating innovative next-generation enduser, server and network protection technologies will further its leadership in this market.

The combination will enable complete, simple-to-manage security that works effectively as a system, in contrast to the the complex, disjointed layers of protection so many businesses wrestle with today.

“We’re continuing to build on our reputation for producing effective, simple-to-use security solutions by introducing next-generation technology that protects customers even better,” said Dan Schiappa, SVP and GM of the Sophos Enduser Security Group. “We believe Gartner’s continued placement of Sophos in the Leaders quadrant for Endpoint Protection Platforms is validation of our innovative strategy and our ability to deliver on that strategy.”

Sophos continues to innovate on the endpoint and, more broadly, in protection of the entire end user, across devices and platforms. The company will soon be launching Next-Generation Enduser Protection aimed at defending customers from sophisticated threats such as Vawtrak, an effective and widespread botnet recently profiled by SophosLabs.

“Next-Generation Enduser Protection is where the industry needs to head,” adds Schiappa. “And Sophos is one of a very few companies worldwide that have the breadth of solutions and the depth of knowledge and expertise to be able to drive this massive and necessary evolution in our industry.”

You can read the original article here.

Enterprises and organizations throughout the EU are facing major challenges in handling personal data as the EU Council are expected to pass the General Data Protection Regulation (GDPR). The GDPR, that will automatically translate into national legislation and introduces dramatic changes with regards to how personal data should be collected, stored, accessed and utilized and how companies are obliged to respond in the event of a data breach.

One of the most dramatic consequences of the new legislation is that companies can be fined up to €100 million or two-five percent of their global turnover – in the event of a data breach of personal data. In addition, companies are required to inform authorities about a data breach within 72 hours and to inform users – paying or otherwise – of data breaches without any delay. The regulation also requires organizations with more than 250 employees to have a Data Protection Officer in place, who is responsible for ensuring compliance.

“With the GDPR coming into effect it’s becoming crucial for any organization to have an efficient process in place to provide detailed documentation of data breaches. The requirements mean that the organization must be able to swiftly identify the breach and document the extent of the leakage. This calls for new security and data protection policies as well as new roles and responsibilities within an organization, but it also calls for new efficient tools like the LogPoint Security Information and Event Management system”, says Jesper Zerlang, CEO of LogPoint.

LogPoint enables enterprises and organizations to proactively monitor their networks and identify security threats in real-time to prevent cyber attacks and fulfil their compliance requirements, including the GDRP. LogPoint is flexible, scalable and hardware independent and very easy to integrate with log-sources from a multitude of systems, ranging from network equipment and storage devices to operating systems and applications. LogPoint collects logs and extracts and stores key events in encrypted format in cutting edge NoSQL – and carries out lightning fast searches using Big Data technologies. LogPoint provides instant overview of activities in the enterprise network and documents all transactions meticulously.

“In the event of a data breach, LogPoint ensures logs, enabling you to get a complete overview of what exactly has been accessed, allowing you to swiftly inform regulators. Further, by utilizing LogPoint you can set up reports, which prove compliance and assist auditors. Preparation is key. Implementation of the General Data Protection Regulation may seem far away, yet experience shows that considering the actual review of the organizational setup as well as potential system upgrades, process changes and new implementations, starting the process now would not be a day too soon“, says Jesper Zerlang.

The European Data Protection Regulation is to replace the Data Protection Directive of 1995, which was created to regulate the progression of personal data within the European Union. Officially known as the Directive 95/46/EC the legislation is part of the EU privacy and human rights law. The aim of the new European Data Protection Regulation is to modernize the legislation and harmonise the current data protection laws in place across the EU member states. The fact that it is a “regulation” instead of a “directive” means it will be directly applicable to all EU member states without a need for national implementing legislation.

“It is of crucial importance that organizations seriously consider how to ensure compliance to the GDPR now. The effects of non-compliance are severe financial penalties, lawsuits and potentially reputational damage beyond repair. We are starting to see CEO’s and boards take an interest in cybersecurity and data protection compliance, but it’s still surprisingly low ranking on the strategic agenda in European enterprises and organizations, considering the dire consequences that a major data breach could have”, says Jesper Zerlang.

According to Gartner Group, the cybersecurity and SIEM-markets are currently experiencing double-digit growth. LogPoint is one of the leading European providers of Security Information and Event Management (SIEM) solutions. Combining Scandinavian simplicity and European detail, the LogPoint technology surpasses compliance demands, defends against cybercrime and fraud and facilitates network optimization. Headquartered in Copenhagen and with offices in Sweden, Germany, France and the UK, LogPoint serves hundreds of organisations in a dozen European countries.

You can read the original article here.

Today, we’re pleased to introduce updates to our Endpoint Protection,SafeGuard Encryption and Mobile Encryption products that deliver on our vision of Next-Generation Enduser Protection (NGEUP). 

NGEUP provides more effective and simpler-to-manage security for enduser devices and data by integrating innovative endpoint, mobile and encryption technologies. It is a stepping stone to achieving our Project Galileo vision of next-generation enduser, server and network technologies all working together as a unified, cloud-managed security system. 

Underlying NGEUP — and our entire product strategy — is a core set of three principles:

1. Security must be comprehensive.
2. Security can be made simple.
3. Security is more effective as a system. 

The first next-generation feature released on the endpoint is Malicious Traffic Detection, which catches compromised computers in the act of communicating with attackers’ command and control servers.

Similar technology available in next-generation firewalls (including theSophos UTM) can alert administrators to the presence of a compromised system on the network. But because we integrate the feature into the endpoint, we can go further by detecting a compromise on or off the network, identifying the specific malicious file, and cleaning up the infection. For customers, this means better detection rates and less time investigating and manually cleaning compromised systems.

Also released is the new Sophos System Protector, which is the “brain” of our updated endpoint agent. It correlates information from the Malicious Traffic Detector and other components to identify threats that might not be deemed “bad” by any one component on its own. This results in better protection against advanced threats, with fewer false positives.

SafeGuard Encryption 7 brings a number of small but important updates aimed at improving the product’s performance, stability and user experience. SafeGuard Encryption provides complete data protection across multiple platforms & devices, securing data and empowering people to work and collaborate safely without slowing them down. Version 7.0 is now available for download for existing SafeGuard customers.

Sophos Mobile Encryption (SME) 3 makes it possible to create and view encrypted documents and to manage multiple encryption keys from right within the app. SME integrates with Sophos Mobile Control for centralized management and with SafeGuard Encryption for access to your encrypted documents everywhere. SME ensures that users’ mobile data is protected, no matter where the user goes – to ensure that data protection doesn’t end at the office door.

Existing customers of Sophos Cloud Enduser Protection or Sophos Cloud Endpoint Protection Advanced can expect to receive the updates automatically in the next couple weeks, if they haven’t already. The new endpoint features will make their way to our on-premise Endpoint Protection Advanced and Enduser Protection Bundles as part of an update to Sophos Enterprise Console planned for the first half of 2015.

SafeGuard Encryption customers can download version 7 from their My Sophos accounts. Sophos Mobile Encryption 3 is available in the Apple iTunes App Store and the Google Play Store.

Learn more about our Next-Gen Enduser Protection Bundles, or get started now with a free trial. 

You can read the original article here.

Lots of customers are looking to switch from big security vendors like Symantec, McAfee, and Kaspersky to Sophos – and it’s easy to see why.

Here are four reasons :

Better performance. Independent test results from AV-Comparatives show how Sophos blows away the competition with the lowest impact score of any vendor.

Better protection. Sophos cloud-based threat intelligence keeps customers protected from the latest threats – in real time.

More compatible. Complete coverage for Windows, Macs, and mobile devices.

More flexible. Deployed on-premise or in the cloud. User-based pricing allows you to add devices at no extra charge.

Better Performance

Better Protection

More Compatible

Sophos vs. the Other Guys

If you are relying on an endpoint solution from Symantec, McAfee, or Kaspersky, it’s time to switch to an endpoint protection that’s faster, with more complete protection, compatibility, and flexibility.

Sophos Endpoint Protection is security that does everything better. Find out more about how easy Sophos beats the other guys.

You can read the original article, here and here.

If you Innovation is the one constant in the security industry, as both hackers and vendors try to outrace each other. Security vendors have always been trying to find the “silver bullet” technology that was going to provide the best possible protection – antivirus, HIPS, application control, sandboxing.

This first generation of security innovation has been great, and each technology has offered key advantages. But in order to protect against increasing complex attacks, it’s going to require new thinking. Next-generation endpoint protection is a leapfrog step in security if it’s delivered as an integrated system, not a collection of point products.

This past May, Sophos announced Project Galileo to address the long-standing problem of security that fails to meet the needs of today’s businesses. We believe security needs to be comprehensive, simple to manage, and work effectively as a system to provide better protection and an unmatched user experience. People don’t want more data; they want more automation—security that thinks for itself, far faster than humans can.

One of the foundational parts of Project Galileo is what we are doing in Next-Generation Enduser Protection. We call it “Enduser” because we believe security needs to be user-based, not device-based. Users have laptops, desktops, mobile phones and tablets they interact with.

The definition of Enduser also includes the user’s data, which needs to be encrypted because, while our primary objective is prevention of malware, when something malicious does find a vulnerability, the data should be unusable to the hackers.

There seems to be a lot of other companies leveraging the term “next-generation,” so to help clarify, here is what we believe Next-Generation Enduser Protection is and is not.

Next-Generation Enduser Protection is:

• Ιntegration of innovative endpoint, mobile and encryption technologies to deliver better, simple-to-manage security for enduser devices and data
• A comprehensive system of security technologies that communicate with each other to deliver far higher levels of protection
• Real-time malware prevention, compromise detection, remediation, and data encryption
• Investment protection through leveraging and extending existing technologies

Next-Generation Enduser Protection is NOT:

• An individual point product that believes it can replace a security system
• Thousands of logs, alerts, and events that humans have to manually sift through to find correlations and issues weeks and months after they occur
• A dashboard that can display dozens or hundreds of non-integrated technologies
• Networking companies that think perimeter-based security with a supplemental endpoint agent is enough to provide complete enduser protection
• More agents that you have to deploy to your devices
• Limited to a specific type of device or platform
• Focused just on the threat and not on the data that needs to be encrypted and protected

Next-Generation Enduser Protection is where the industry needs to head, and very few companies have the breadth or depth to be able to get there. Check out this blog on Jan 20, 2015 to see what true Next-Generation Enduser Protection looks like.

For more information, contact one of our partners.

Read the original article, here.

If you haven’t heard about it by now, it’s time you learned more about the upcoming EU Data Protection Regulation, which applies to anyone collecting data on European Union citizens. What does the regulation say about your responsibilities to protect personal data? Here are five things you need to know about the regulation and what you need to do to get compliant.

1. The EU is currently finalizing the new Data Protection Regulation and it will likely become law this year.

The European Parliament voted in favor of the proposed regulation by an overwhelming majority in March 2014. The regulation still needs to go through further steps before it becomes law. However, based on the near-unanimous support so far, it is widely anticipated that it will be adopted in 2015.

2. Everyone who holds data on European citizens is affected, even if you’re not located in the EU.

The proposed legislation will require everyone who holds data on European citizens to implement appropriate security measures to protect the data, and have a clear data protection policy. That data may include names, photos, email addresses, bank details, posts on social networks, medical information or a computer’s IP address.

If you do business with customers in Europe, that means you need to comply!

3. Fines for non-compliance could cost millions.

Under the proposed legislation, if you suffer a breach of personal data you can incur fines of up to €100 million or 5% annual turnover. Plus you will have to notify affected customers of the breach, with all the associated costs and loss of reputation.

4. Encryption is the best way to secure personal data.

Encryption is widely agreed to be the best data security measure available as it renders the data unintelligible to unauthorized parties in cases of data loss.

If you can show that the personal data was encrypted, the likelihood of being fined as a result of a breach should be very greatly reduced, and you don’t need to notify affected customers about the breach.

5. Lots of businesses aren’t ready yet, but you can reduce your compliance risk.

Take our 60-second compliance check to see if you are at risk from the proposed regulation – plus, learn how to secure your data and avoid breaches. Download our free whitepaper and sample data protection policy to get started, and visit our resources page to see how Sophos can help.

Read the original article, here.

LogPoint, a European provider of Security Information and Event Management (SIEM) solutions, today announced that it joined the EMC Business Partner Program for Technology Connect Partners and has successfully completed API compatibility requirements for interoperability with the EMC VNX storage platform.

LogPoint is a rapidly growing cyber-security vendor and a leading European provider of Security Information and Event Management (SIEM) solutions. LogPoint enables enterprises to proactively monitor their networks and identify security threats in real-time to prevent cyber-attacks and fulfil their compliance requirements.

LogPoint has integrated logs directly from the EMC VNX storage platform into the LogPoint SIEM platform. The integration will enable LogPoint to integrate VNX audit events into LogPoint, enhancing the real-time overview of the enterprise network environment by forwarding critical events on storage platforms to the LogPoint SIEM-solution. LogPoint views its integration as a key advancement in the efforts to put LogPoint at the heart of major network environments.

“LogPoint’s integration of EMC VNX logs is an important part of the continuous evolution of the LogPoint platform as we continue to integrate a wealth of log sources into the platform. It’s a feature which is very much in demand, especially by large organizations in the public sector that are handling massive amounts of sensitive data and has large number of users, and are relying on the superior performance of the Big Data based LogPoint-platform”, says Christian Have, Vice President, Solution and Integration at LogPoint.

According to Gartner Group, the cybersecurity and SIEM-markets are currently experiencing double-digit growth. An efficient SIEM-solution will not only aid in the timely detection of cyber threats, but it is also a key tool in the ever-important process of network optimisation. In addition, the implementation of a SIEM-solution to monitor and document network traffic is increasingly becoming a compliance requirement in Auditing guidelines, company policies and quality standards such as ISO 27001 that has now become a requirement for public organizations throughout the world.

 LogPoint is one of the leading European providers of SIEM solutions. Combining Scandinavian simplicity and European detail, the LogPoint technology surpasses compliance demands and defends against cybercrime and fraud. Headquartered in Copenhagen and with offices in Sweden, Germany, France and the UK, LogPoint serves hundreds of organisations in a dozen European countries.

Read the original article, here.

The European Banking Authority (EBA), the EU body tasked with supervising and regulating the banking sector, has issued a new set of guidelines on the security of internet payments. Among much else, the new instructions [PDF] seem to require payment service providers (PSPs) to ensure two-factor authentication (2FA) is used to verify the identity and intentions of all customers in online transactions. The EBA started work on the guidelines in October, launching a consultation period to gather the input of the banks and other bodies involved in online money transfers. The main target of the guidance are the PSPs, the companies who sit between websites and banks to facilitate money transfers – the likes of PayPal and SagePay will be familiar to many, and security-watchers will surely recognise names like Heartland and WorldPay.

The responses from the PSPs leaned heavily towards not issuing the guidelines, with most respondents preferring to wait for beefier regulation in the upcoming revision of the EU’s Payment Services Directive (PSD2). However with PSD2 not expected to come into force until 2016 or 2017, the EBA opted to release its own guidance early to ensure customers get the best protection possible in what are seen to be highly dangerous times for anyone buying or selling online.

The bulk of the guidelines deal with the nitty-gritty of securing payments, detailing things like risk assessment, traceability and incident reporting. There’s a heavy customer focus too though, with plenty of guidance on what information and advice should be provided to customers.

The most interesting part comes in section 7 of the guidelines, which requires, with some minor room for maneuver, the use of “strong customer authentication”:

The initiation of internet payments, as well as access to sensitive payment data, should be protected by strong customer authentication. PSPs should have a strong customer authentication procedure in line with the definition provided in these guidelines.

Early in the document the phrase “strong customer authentication” is defined as follows:

Strong customer authentication is, for the purpose of these guidelines, a procedure based on the use of two or more of the following elements – categorised as knowledge, ownership and inherence: i) something only the user knows, e.g. static password, code, personal identification number; ii) something only the user possesses, e.g. token, smart card, mobile phone; iii) something the user is, e.g. biometric characteristic, such as a fingerprint. In addition, the elements selected must be mutually independent, i.e. the breach of one does not compromise the other(s). At least one of the elements should be non-reusable and non-replicable (except for inherence), and not capable of being surreptitiously stolen via the internet. The strong authentication procedure should be designed in such a way as to protect the confidentiality of the authentication data.

So by the sounds of it, the EBA is basically committing PSPs to introducing full and proper 2FA to all regular online transactions.

With the guidelines due to come into force in August of 2015, that really doesn’t leave much time for a major step forward in the levels of security implemented by most sites and services. And it’s not so surprising that the consultation period met so much resistance from those tasked with getting this all in place.

Of course these are just “guidelines”, but they should have some teeth. At the very least, they will put the idea of strong security everywhere firmly in the minds of the people building the back-end payment systems which underpin so much of what we do online. That should mean a considerably safer future for all of us, although it remains to be seen whether it will really arrive by next August.

Read the original article, here.

The weeks leading up to Christmas are the busiest for the retail industry all year, which makes this a really opportune time for cybercriminals to break in and steal credit card and other personal data from all those online and in-store shoppers. Recently we surveyed a bunch of IT professionals at UK retailers and found that many of them are concerned they won’t be prepared for attacks against them. Well, we’ve got some simple security advice that retail businesses of any size and anywhere in the world can follow to keep this season a merry one. Here are the top 6 retail threats, and what to do about them.

1. Targeted attacks: The cybercriminals need to break into your network to steal all the valuable customer data you’re storing. A common way in is to aim some credible emails at a specific area of the organization. This might be invoices or undelivered courier items for office management.

Action: Ensure you have effective endpoint, network and email protection that filters out spam, malware and dangerous file types. In addition, train employees to be suspicious of emails, especially those that contain attachments, and to report any unusual emails or attachment behavior to IT.

2. Legitimate looking sites rigged with exploit kits: Exploit kits work out in real time how to “crack” a PC. These automated kits find a weakness – an unpatched vulnerability in something like your browser or media player – and infect your computer with drive-by downloads.

Action: Most exploit kits see success due to exploits in software for which a patch is already available and just has not been deployed. Consider a patch assessment tool to ensure your operating system and applications are up to date with the latest security fixes. And install endpoint protection software and/or a secure web gateway that can identify and block exploit kits before they infect your systems.

3. Access all areas: Once they’re on the inside, the crooks want to move around your network so they can capture more than just one hapless user’s passwords and confidential files. They want access to your back-end databases, your point-of-sale (PoS) network, your testing network (which may have temporary copies of live programs and data that isn’t as secure as it should be, or have deliberately unpatched servers for troubleshooting), and more.

Action: Consider segregating your networks with next-gen firewalls that treat your internal departments as potentially hostile to each other, rather than having one big “inside” fenced off from the even bigger “outside.” And put in place a device control strategy to identify and control the use of removable storage devices – not only does this prevent bad stuff getting in with data loss prevention (DLP), but it can also help stop personally identifiable information (PII) and intellectual property (IP) data from going out. Finally, implement full-disk protection and encrypt sensitive data stored on servers or removable media for sharing with business partners.

4. Remote access: You may want or need to allow remote access, maybe even for a third party, for example the vendor of your PoS system. Many breaches happen due to slovenly password practices by outside vendors. You can just ask Target!

Action: Consider implementing your own remote access service using a virtual private network (VPN) and requiring everyone to use two-factor authentication. Do a review of your purchase requirements and vendors with your procurement team if you have a more sizeable infrastructure.

5. Automated malware: If the crooks get in and leave behind malware to automate their dirty work, that malware is often programmed to keep “calling home” to one or more command-and-control servers to fetch further instructions and to exfiltrate (sneak out) what it has found since last time.

Action: Consider web filtering and a next-gen firewall with command-and-control traffic detection. This isn’t as good as blocking the malware before it runs, but it can neutralize (and will draw attention to) malware that would otherwise make off with your crown jewels. Numerous breaches this year would have been detected and thwarted far sooner with this in place.

6. Unnecessary software: Crooks love servers that have more applications and add-on software than needed because it gives them more tricks to try when they are attempting to break in using command injections (getting the server to run the wrong command). Servers don’t usually need Microsoft Office, for example, so why have it at all?

Action: Use Application Control to keep track of, and restrict, unnecessary software that reduces security without adding any needed benefit. Periodic reviews of builds and expected configuration will also help drift or organic changes leaving you open at some point in the future.

How Sophos UTM can protect your retail business

Sophos UTM (Unified Threat Management) provides the ultimate protection against web, email and network attacks. Spec it as an all-in-one or a bespoke, layered solution with our modular security subscriptions.

Deployment is easy – as a single physical or virtual appliance, or even through the cloud. Reporting is built-in, and you can manage everything through one, intuitive console.

And Sophos UTM gives you lightning-fast performance that beats the competition in independent tests.

Read the original article, here.

Back in June 2013, we announced the End of Life date for ASG V8 as December 31, 2014. This date has now been moved out to March 31, 2015. This gives us sufficient time to ensure that all customers and partners are informed accordingly and migrate all existing V8 customers to V9. If you are not running any Astaro Security Gateway Version 8 installations, you are unaffected by this announcement and can disregard it. If you still maintain an active ASG V8, it is important that you read on for what this end-of-life means for you. You have the opportunity to migrate to UTM 9 – our most powerful version ever.  Some older appliances may not be able to fully take advantage of all our new features introduced in UTM 9, like our unmatched HTML5 clientless VPN portal, Endpoint Protection with Web Control (9.1), Wireless Security, and hundreds of other features that have been introduced and upgraded since ASG V8. You can obtain a brand new appliance model at a discount via our Hardware Refresh Program! Read on for more details.

On March 31, 2015, we will conclude all maintenance, security patching, pattern updates, firmware updates and technical support for Astaro Security Gateway (ASG) Version 8. Before this date occurs, you should migrate to the latest stable version of Sophos UTM 9 for which we issue security fixes and provide ongoing protection for your company. To be clear: For a secure, supported version of our product, you need to take steps to move from ASG V8 to UTM 9+ before March 31, 2015.

Customers with an existing valid license and maintenance for ASG V8 have various options for upgrading to a newer version. For a complete list of current options, pricing, and any other questions you have, contact your partner or sales representative who will be happy to assist you in moving to a newer version. Remember, there is a special opportunity to obtain a new appliance model at a discounted price via our Hardware Refresh Program which gives you access to our latest appliance models at a reduced cost for being a loyal customer.

Regardless of if you run ASG V8 on hardware or software, you may need to upgrade your license via MyAstaro to our new “on-demand” licensing system which changed during the lifetime of ASG V8. This is easily done with a button press – just login and upgrade your key so it will work with UTM 9. From there, you can restore your backup file from ASG V8 into UTM 9. You may have to adjust some areas which have changed between versions, but things will look instantly familiar (just with many more cool abilities).

Hardware

Supported hardware appliances running V8.309+, can use the option on the Up2Date menu in WebAdmin to one-touch-upgrade to UTM 9. This brings you to UTM 9 automatically, but requires further Up2Dates after the migration is complete to be at the most current version. You can also install UTM 9 via ISO image and then restore a backup file.

Software

Installations running an ASG V8 software appliance on their own hardware need to install an updated version and then restore a backup file of their configuration, which will apply all your settings except for log files and on-box reports. Logs can be exported in bulk from within the WebAdmin beforehand, while reports will begin anew on your updated platform as existing ones will be purged.

Read the original article, here but we will update soon.