According to Gartner, Leaders are at the forefront of making and selling mobile data protection products that are built for enterprise business environments. The requirements necessary for leadership include a long-term road map that follows and/or influence Gartner, Inc’s vision of the developing needs of buyers in the market. Vendors in this quadrant lead the market by making their competitors’ sales staffs nervous and force competitors’ technical staffs to follow their lead. Their MDP products are well-known to clients and are frequently found on RFP shortlists.

“To be positioned as a leader for the past nine years is a testament to our product teams who continue to deliver innovative encryption and data protection products,” said John Shaw, Vice President for enduser security products at Sophos. “An aggressive roadmap, coupled with our plans to make it even simpler for small and medium sized businesses to protect their data by encrypting drives, files, cloud storage and mobile files invisibly, positions us for even more success in the months and years ahead.“

Sophos delivers leading solutions to help organizations protect critical assets. Sophos SafeGuard Enterprise protects data on desktops, laptops, removable media, file shares and to the cloud with proven, standards-based encryption—fully managed from one central console. Sophos also recently announced Sophos Mobile Control 3.5, the latest version of its award-winning mobile device management (MDM) solution, which now also supports iOS 7. Available both on-premise and as-a-service, Sophos Mobile Control 3.5 makes it simple for small and mid-market organizations to secure, monitor and control mobile devices.

Sophos was also positioned as a “Leader” in Gartner, Inc’s “2013 Magic Quadrant for Unified Threat Management.“

Of 2,000 respondents surveyed globally, 58 percent confirmed that management does not see cyber attacks as a significant risk to their business. Despite this, IT infrastructure and asset security incidences, as well as wider security related disruptions, were found to have cost these SMBs a combined average of $1,608,111 over the past 12 months.

The research, sponsored by Sophos, also identified that the more senior the position of the decision maker in the business, the more uncertainty there was surrounding the seriousness of the potential threat.

“The scale of cyber attack threats is growing every single day,“ said Gerhard Eschelbeck, Chief Technology Officer for Sophos, “yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.”

According to the research, there are three main challenges preventing the adoption of a strong security posture: failure to prioritize security (44 percent); insufficient budget (42 percent); and a lack of in-house expertise (33 percent). In many SMBs there is also no clear owner responsible for cyber security, which often means it falls into the purview of the CIO.

“Today in SMBs, the CIO is often the “only information officer”, managing multiple and increasingly complex responsibilities within the business,” said Eschelbeck. “However, these “OIOs” can’t do everything on their own and as employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat.”

The study also reveals uncertainty around whether ‘Bring Your Own Device’ policies (BYOD) and the use of the cloud are likely to contribute to the possibility of cyber attacks. Seventy-seven percent of respondents said the use of cloud applications and IT infrastructure services will increase or stay the same over the next year, yet a quarter of those surveyed indicated they did not know if this was likely to impact security.

Similarly, 69 percent said that mobile access to business critical applications would increase in the next year, despite the fact that half believe this will diminish security postures.
 
“Small and midsize organizations simply cannot afford to disregard security,” said Larry Ponemon, president of the Ponemon Institute. “Without it there’s more chance that new technology will face cyber attacks, which is likely to cost the business substantial amounts. CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognize the potential dangers of not taking cyber security seriously and create support systems to improve SMB security postures.”

The study targeted SMBs in the United States, United Kingdom, Germany and Asia-Pacific (Australia, India, China and Singapore) to better understand how such organizations are managing security risks and threats. Key findings of the study include:

• Fifty-eight percent of respondents say management does not see cyber attacks as a significant risk.
• One-third of respondents admit they are not certain if a cyber attack has occurred in the past 12 months. Forty-two percent of respondents said their organization had experienced a cyber attack in the past 12 months
• Respondents in more senior positions have the most uncertainty about the threats to their organizations, indicating that the more removed the individual is from dealing on a daily basis with security threats, the less informed they are about the seriousness of the situation and the need to make it a priority.
• CISOs and senior management are rarely involved in decisions regarding IT security priorities. While 32 percent say the CIO is responsible for setting priorities, 31 percent say no one function is responsible.

• Forty-four percent of respondents report IT security is not a priority.  As evidence, 42 percent say their budget is not adequate for achieving an effective security posture.  Compounding the problem, only 26 percent of respondents say their IT staff has sufficient expertise.

• Respondents estimate that the cost of disruption to normal operations is much higher than the cost of damages or theft of IT assets and infrastructure.

• Mobile devices and BYOD are much more of a security concern than the use of cloud applications and IT infrastructure services. However, these concerns are not preventing extensive use and adoption of mobile devices, especially personal devices.

Uncertainty about their organization’s security strategy and the threats they face varies by industry:

• Respondents in financial services have more confidence, which can probably be attributed to the numerous data protection regulations.
• The technology sector is also more security aware, which is probably due to the IT expertise that exists in these organizations.
• Retailing; education and research; and entertainment and media have the highest level of uncertainty about their organization’s security strategy and the threats they face.

Recommendations:

• Organizations need to concentrate resources on monitoring their security situation in order to make intelligent decisions. While assessing where they stand on the security continuum, organizations need to focus on monitoring, reporting and proactively detecting threats.
• Establish mobile and BYOD security best practices.  Carefully plan and implement a mobile strategy so that it doesn’t have an impact on the overall security posture.
• Organizations should look for ways to bridge the gap created by a shortage of information security professionals.  Consider ways to free-up time for in-house resources, including a move to cloud technologies, security consulting and easy-to-manage solutions.
• Measure the cost of cyber attacks, including lost productivity caused by downtime.  Work with senior management to make cyber security a priority and invest in solutions that restore normal business activity more quickly for a high return on investment.
• Organizations in all sectors are regularly breached and regulations are often simply the beginning of properly securing a network.  Consider consolidated security management to gain a more accurate picture of threats that will help focus on problem areas.

A full copy of the Ponemon Institute study: The Risk of an Uncertain Security Strategy, is available here.

Unfortunately, these companies don’t provide complete end-to-end encryption, and there are many loopholes the NSA, or cybercriminals, can slip through.

That’s why an encryption solution that protects data everywhere — in emails, on disk, or in the cloud — is essential. In this short video, we explain how you can get security and performance; plus how you can manage native encryption on Macs and Windows PCs, while also protecting data everywhere it resides.

James Lyne, global head of security research at Sophos, explains that many companies aren’t using encryption for fear of slowing users down. With Sophos, you don’t have to worry about encryption impacting performance, James says.

The new SafeGuard Enterprise solves the major challenge of managing encryption across multiple platforms, devices, and cloud environments. Users and IT staff can easily share data safely between Windows, Mac and mobile devices – securing data wherever it lives and wherever it is sent.

For more information about how to manage native encryption on Windows PCs with SafeGuard Enterprise, you can download our free whitepaper – Managing BitLocker With SafeGuard Enterprise (registration required).

What’s New in SafeGuard Enterprise 6.1

• With SafeGuard Enterprise you can manage Microsoft BitLocker for Windows or Apple FileVault 2 for Mac from a single console.
• Now with support for Windows 8, and file and disk encryption on Macs, SafeGuard covers more operating systems and platforms.
• Simplified keyring creation grants you seamless, centralized management. With this newest release, you can save time with our key ring creation that requires no repeat login.
• Centrally manage full-disk encryption and file encryption, wherever data is stored: removable media, network file shares and even in the cloud.
• Get up-to-date security status for all your devices with reporting and auditing that lets you monitor and enforce compliance with internal policies and external regulations.

You can read the original article here.

Sophos is the only IT security company to be positioned as a Leader across three critical security areas: Unified Threat Management (UTM), Mobile Data Protection and Endpoint Protection Platforms. “We believe it is a privilege to receive recognition from Gartner. The momentum in our UTM business is truly exciting,” said Bryan Barney, General Manager, Network Security Group, Sophos.

“Most notably, in the past year we’ve released our SG Series appliances, the fastest UTM devices we’ve ever produced and expanded the UTM protection we offer with our new cloud-based sandboxing, integrated mobile device management and really simple to use email encryption. Smaller businesses need effective security that is easy to use and that’s exactly what we provide. And it’s why we’re seeing more and more partners and customers switching to Sophos for their UTM and Next-Gen Firewall needs.”

In the most recent quarter of trading, April to June 2014, Sophos recorded a 27 percent increase in UTM sales, and a 33 percent increase in new customer business for UTM. This demonstrates the significant share gains the company is making; Sophos’ network security business now accounts for billings in excess of $150 million — with tremendous growth across North America, Asia Pacific and EMEA, among other regions. Additionally, the company’s “channel first” focus continues to deliver success with the signing of several new strategic channels to market such as the recently agreed distribution deal with Ingram Micro in North America. Sophos now has over 25,000 UTM channel partners worldwide, with the number of partners growing at over 20 percent a year.

According to Gartner, “the Leaders quadrant contains vendors at the forefront of making and selling UTM products that are built for midsize-business requirements. The requirements necessary for leadership include a wide range of models to cover midsize-business use cases, support for multiple features, and a management and reporting capability that’s designed for ease of use.

Vendors in this quadrant lead the market in offering new safeguarding features, and in enabling customers to deploy them inexpensively without significantly affecting the end-user experience or increasing staffing burdens. These vendors also have a good track record of avoiding vulnerabilities in their security products. Common characteristics include reliability, consistent throughput, and products that are intuitive to manage and administer.”

To download a complimentary copy of this report, click here.

You can read the original article, here.

Sophos currently offers an optimized AMI that is compatible with AWS cloud services. With this new hourly-based model, customers are able to take advantage of the many scaling, redundancy and elasticity features offered by AWS. Put simply, this approach lets customers access and securely defend their cloud resources with a solution optimized for the AWS environment.

“With AWS Marketplace, businesses can find, buy and deploy software that is optimized for Amazon EC2, allowing them to focus on delivering business results faster and at a lower cost,” said Sajai Krishnan, GM, AWS Marketplace. “We’re excited to add the Sophos UTM to AWS Marketplace, as we believe its new on-demand hourly pricing allows customers to utilize this advanced network security solution with the elasticity and ease-of-use they want in the cloud.“

“As a long-standing security provider, we know about the many benefits that Amazon Web Services provides, especially to SMBs that have adopted the cloud,” said Angelo Comazzetto, Senior Product Manager, Sophos. “We pride ourselves on developing complete security offerings that are simple to use, and with this offering, companies can better defend their cloud security resources with layers of security provided by Sophos UTM. We are excited to enable this unique offering in the AWS Marketplace.”

For additional information on Sophos’ UTM offerings, please click here.

“On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments. The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate“.

The conclusions we reached, based on the announcement above, were:

• The network was breached.
• A code-signing key was stolen.
• Malware has been signed with it and circulated.
• At least one infected file was posted on an Opera server.
• That file may have been downloaded and installed by Opera itself.
• Cleanup and remediation has now been done at Opera.
• That sounds a bit more like Security breach not stopped.
• How else could a signed-and-infected file have been automatically downloaded by an already-installed instance of Opera? Anyway, wouldn’t Opera’s auto-update have failed or produced a warning due to the expired certificate? Until Opera has worked out the answer to these questions, Opera users probably want to assume the worst.

The good news is that the malware involved is widely detected by anti-virus tools, and the period of possible exposure via Opera itself was at most 36 minutes.

→ According to Opera, Sophos products block the offending file as Mal/Zbot-FG.

So, if you are an Opera for Windows user:

• Download a fresh copy of the latest version (since the buggy download appears to be a thing of the past).
• Make sure your anti-virus is up to date.
• If you can spare the time, do an on-demand (“scan now”) check of your computer.
• If we find out more detail about whether malware was distributed by existing Opera installations or not, we’ll let you know.

You can read the original article, here.

In an increasingly complex security environment Sophos works with partners to make security simple to deliver, implement and manage. Over the last 12 months Sophos has created a more flexible and generous partner programme, providing partners with protection for deal registrations, attractive margins and joint lead generation initiatives. The programme also provides up-to-date certification, to ensure partner sales and technical teams are fully trained across Sophos’s latest solutions to help drive partner businesses forward. Delivered by dedicated channel relationship managers, Sophos gets to know partner businesses to ensure they feel supported every step of the way.

James Vyvyan, Regional Vice President, UKI, Sophos said: “We’re delighted to have won ‘Security Vendor of the Year’. Sophos is committed to a ‘channel first’ strategy and we believe that by taking the time to understand our partners’ business model, we can work together to provide the solutions that best suit their customers’ IT security needs.”

Sophos also won two awards in CRN’s DACH awards on 13 November: Security Vendor of the Year and Channel Champion of the Year 2013.
Commentary from the Sophos Channel

“Many of the innovations Sophos has introduced are unique to the market. These unique solutions make it possible for us to differentiate ourselves from other security consultants and better meet our clients’ needs,” said Mark Robinson, Director, Globelink Infrastructure & Network Security.

“The Sophos Partner Programme empowers proactive and enthusiastic partners like ourselves to achieve the levels of technical and sales accreditation required to represent Sophos at the highest level,” said Paul Cox, Managing Director, Quadsys.

“We’ve worked closely with Sophos for more than 12 years and feel the relationship is stronger now than it has ever been. The sales, technical, financial and management teams at Sophos and Foursys are all working really closely together, which means we get it right and we both put customer service at the top of the agenda,” said Paul Prior, Managing Director, Foursys.

Developed by SophosLabs, this new Sophos UTM approach brings together multiple technologies to rapidly identify and isolate infected clients and prevent communication with malicious command and control hosts. This latest version introduces botnet protection and cloud-based sandboxing to expand on the Sophos UTM’s existing multi-layer Firewall, Web, Email and Endpoint protection. This extends the Sophos commitment to small and mid-market companies, delivering access to advanced protection without the complexity and cost normally associated with such functionality. 

“The initial stages of targeted attacks can often go unnoticed by security systems that don’t control incoming and outgoing traffic. For organizations with limited IT resources, investing time and money in a dedicated ATP solution to detect these early signs is simply not realistic, given how tricky, complex and fast moving this type of traffic is,” says Chris Kraft, vice president, product management, Sophos. “That’s what we wanted to change. Today, with a few simple clicks, users get advanced protection without needing to be full-time security experts themselves.” 

This new release also significantly enhances the speed of security scanning, with initial data showing the new performance optimized IPS doubling throughput speed in test environments. The Email, Web, and Network Protection modules all experience significant enhancements, including:

• Simplified Email Encryption and DLP – Sophos SPX technology eliminates need for a separate Public Key Infrastructure and policy-based DLP can trigger automatic encryption
• Smarter Web Control – streamlined policy setup enables granular user control and transparent web filtering of https traffic provides seamless protection
• Mobile Access Control – enhances Wi-Fi and VPN security by combining Sophos UTM with Mobile Device Management functionality in Sophos Mobile Control
• Performance Optimized IPS – intelligent processes and pattern management deliver enhanced scanning speeds to rapidly block network attacks and prevent breaches
• Botnet/Command and Control Protection – Sophos Advanced Threat Protection identifies and blocks infected machines communicating with malware command and control servers

“The UTM market is one of the most competitive in security. Numerous features and applications have been added over the past few years, and we’re increasingly seeing solutions are providing more effective security and better performance,” said John Grady, Research Manager, Security Products and Services, IDC. “This latest release from Sophos continues to simplify complex technologies. SPX email encryption is an example of that and is a differentiated approach among other UTM vendors.”

“Students are smart and always find ways to circumvent security, so schools are always in need of better ways to manage their web access and block inappropriate content,” says Bart Wilson, systems support manager, from Twotrees Technologies LLC, a Sophos partner. “UTM 9.2 is a huge step forward in solving this problem. By adding https traffic to web filtering in transparent mode, Sophos will help our customers to take back control – especially with so many students browsing on mobile devices.”

For additional information on all of the features in Sophos UTM 9.2 and extra information on Sophos’ network security solutions, please visit our Network Security area, watch the UTM videos, or check out the dedicated Sophos UTM blogs.

You can read the original article here.

The partnership means users of Sophos Mobile Control 4.0 and Check Point Mobile VPN can link the two solutions to provide network access control for any mobile devices attempting to use the corporate network. Non-compliant devices are isolated from the network, protecting the organization from unauthorized mobile devices. This ensures that only managed devices that meet an organization’s security policy may connect and use business resources.

Mobile devices continue to multiply rapidly in the workplace and today’s flexible working styles mean that, increasingly, employees are requiring and gaining access to the corporate network wherever they are. As a result of this surge in mobility, effectively securing both corporate data and networks has become an enormous challenge for IT and security managers. Much of an IT administrator’s day can be spent provisioning, securing, locating, managing and updating these mobile devices.

Sophos Mobile Control continually assesses the compliance status of each mobile device – detecting jailbreaks, blacklisted apps or insecure settings. Via a simple out-of-the-box interface with Check Point’s Mobile VPN, it blocks any non-compliant device from accessing the corporate network via VPN, proactively reducing the risk of data breaches.

“By integrating Check Point Mobile VPN with the mobile device management features of Sophos Mobile Control, IT departments can easily manage how mobile users access centrally-stored corporate resources, allowing them to regain control of their networks all through a simple interface,” says Alon Kantor, vice president of business development at Check Point Software Technologies. “Check Point’s partnership with Sophos provides our joint customers with a simple solution for the increasingly common problem of mobile network access control.”

“The rapid growth of mobile devices in the workplace combined with today’s range of threats means that mobile security is an increasing priority for many organizations,” says Ari Buchler, senior vice president corporate development at Sophos. ”We’re delighted to be partnering with Check Point to provide a simple solution to this complex problem, and to enable users of Sophos Mobile Control and Check Point Mobile VPN to keep compromised mobile devices off their networks. This integration demonstrates both companies’ commitment to meeting the needs of customers in the face of a continuously evolving threat landscape.”

Sophos Mobile Control 4.0

Sophos released Sophos Mobile Control 4.0 in May 2014. In addition to managing mobile devices, applications and email, it is the only EMM solution to offer file-level encryption, ensuring that each document connected to the server remains secure and that users can collaborate safely. Sophos Mobile Control also delivers robust, integrated security against malware and malicious web sites to protect against the rapidly-growing, nearly 1 million unique pieces of mobile malware seen by SophosLabs. In addition, Sophos is the only EMM vendor to offer categorical web filtering so organizations can control network performance and security by managing which websites their users can access. Available on premise or as-a-service, Sophos Mobile Control provides a simple and differentiated approach for organizations to manage and secure mobile devices, content and applications. Learn more about Sophos Mobile Control 4.0.

According to IDC, Sophos Mobile Control is the market leader among small and medium businesses in North America, with 25% market share. Sophos is also the only IT security company to be positioned as a Leader in all three of the following Gartner Magic Quadrants: Unified Threat Management (UTM), Mobile Data Protection and Endpoint Protection Platforms.

Integration with Check Point Mobile VPN

Check Point Mobile VPN application establishes a secure VPN (Virtual Private Network) tunnel to the corporate network infrastructure via a Check Point Security Gateway. By unifying Sophos Mobile Control and Check Point VPN gateways, IT departments can ensure that only compliant devices are allowed access to the corporate network. Compliance policies for corporate owned mobile devices reside on the Mobile Device Management Servers.

When a device attempts to connect to the corporate network, compliance is checked. This can prevent users from installing a VPN client on unmanaged devices and trying to access the organization. The Security Gateway can also block the unknown devices of valid users.

You can read the original article, here.

 But what are the implications of biometric technology as far as enterprise security is concerned? Ryan Hurst, CTO of enterprise SaaS Certificate Authority GlobalSign, has told Softpedia that biometric technology could turn out to be highly beneficial to organizations looking to protect their data, but it depends a great deal on how it’s implemented.

“The recent confirmation of the integration of biometrics in the new iPhone has many asking what the implications are for enterprises. It is too early to tell for sure as the answer will depend on how they have implemented this feature,” said Hurst told us in an emailed statement.

“That said, as mentioned during the Apple keynote, only about half of smartphone users apply a passcode today making mobile devices carrying sensitive corporate data a huge vulnerability for enterprises. If the biometric technology used on the device is applied correctly this could mean more secure enterprise data,” he added.

“More importantly this will force many enterprises to take another look at their own authentication strategy and ask if biometrics is a viable form of authentication for them in comparison to other stronger forms, such as one time passwords and smart cards, and weighing the security benefits and risks of each.”

Hurst highlights the fact that the use of biometric technology could be beneficial in case mobile devices containing enterprise data are stolen or lost. “The first rule of security is if the attacker has physical access to your device then the device is no longer yours. However, the use of biometrics has the potential to make it more difficult for the attacker which can significantly reduce the impact of lost or stolen phones containing enterprise data,” he explained.

You can read the original article, here.