This joint solution provides a highly efficient, scalable and effective network-based platform for service providers and enterprise networks. In turn, they can deliver increased levels of security to their consumer, business and internal customers without any need for end-device software or new network elements.  Utilizing DNS, a lightweight, multi-network, multi-end device protocol, this solution is available for both fixed (xDSL, Cable, NBN) and wireless networks offering protection for PCs, tablets, smartphones, wireless dongles, games consoles, and any IP- enabled device.

“Sophos provides threat intelligence feeds to our network, gateway and endpoint security products. Our partnership with Nominum extends this intelligence to the DNS level, offering security in the core operations of the network,” said Stuart Fisher, Managing Director, Sophos APAC. “SophosLabs identifies more than 30,000 new malicious URLs daily. By adding intelligence from the DNS into the equation, the joint Nominum–Sophos solution offers maximum protection for all network users.”

“Both our companies are highly committed to making the Internet a safer, more secure place for users. Considering the value this partnership will bring into our core markets such as Australia, New Zealand, Singapore, ASEAN, China and India, we anticipate we will see a high-level of adoption.”

“By joining our partner ecosystem, Sophos and Nominum can provide increased protection to Internet users across multiple platforms,” said Brian McElroy, Vice President of Business Development, Nominum.  “A joint Nominum-Sophos security solution offers near real-time (zero day) in-network protection, like the Interpol-fed Nominum Content Blocking solution deployed in Australian carrier networks, which protects Internet users from child sexual exploitation content. Adding this new policy and protection in-network from malicious threats makes great sense.”

Bolstered Channel Team
Sophos has recently strengthened its channel team with the appointments of Kendra Krause, Americas channel chief and Karen Delaney, Australia & New Zealand channel chief.

Prior to Sophos, Krause served most recently as Fortinet’s Channel Sales and Operations vice president. She previously served in channel sales and marketing roles at SonicWall, WatchGuard and CDW. Delaney spearheaded channel strategies at IBM, Acer and Dell/SonicWALL. Since joining the company, she has played an integral part in bringing Distribution Central and Connector Systems onboard as Sophos’ first distribution partners in Australia and New Zealand.

Channel Honors
Sophos has received considerable recognition for both its channel team and channel program. Included among this year’s honors:

• CRN UK’s Channel Sales & Marketing Award—The Sophos Partner Program was declared “best in the UK”. This award recognizes and rewards the achievements of those individuals and teams responsible for making the UK IT channel so successful.
• CRN’s 2013 Top Women of the Channel—Several Sophos’ channel leaders were among the honorees: Kendra Krause, vice president of Americas channel sales, Amy Gelpey, senior channel marketing manager, and Regina Vignone, director of sales.
• CRN’s Power 100 Most Powerful Women of the Channel—Kendra Krause was among the elite list of executives recognized for their channel achievements.
• CRN’s 2013 5-Star Partner Rating—The 5-Star Partner Program rating recognizes an elite subset of Partner Program Guide vendors that give solution providers the best partnering elements in their channel programs.
• CDW—Sophos was named Sapphire Partner of the Year for 2012; Sophos was one of CDW’s fastest-growing partners of the year.

Key Channel Recognition for Sophos UTM
The company was also highlighted in the 2013 CRN Annual Report Card (ARC). This prestigious study is considered the definitive benchmark for measuring excellence in the IT Channel community and recognizes the top-rated vendor partners in the industry. Sophos was given the highest honors for product innovation in the Network Security Appliances category for its unified threat management (UTM) solution, Sophos UTM. Winners were announced live at an awards reception on Tuesday, August 20, 2013, at the XChange 2013 event in Washington, D.C.

“At Sophos, every year is the year of the partner, but this year in particular has truly demonstrated our ‘channel-first’ commitment—from hosting the largest partner conferences in our history to a game-changing new MSP program, our focus is our channel,” said Mike Valentine, senior vice president, worldwide sales, Sophos. “We offer partners the most complete IT security value proposition—proven and award-winning security solutions that are simple to use, combined with the industry’s most powerful channel program. And with an aggressive roadmap that features an impressive array of offerings, we’re very excited about delivering partners even more value in the coming months to help them grow.”

To learn more about the Sophos Partner Program, please click here or visit http://www.sophos.com/en-us/partners.aspx.

Increased migration to virtual servers and the ever-growing threat of attack on critical data are presenting new challenges to IT professionals, as they look to maintain high performance and density of servers, without compromising on security. Sophos Server Protection addresses these challenges by integrating agentless antivirus for vShield and full antivirus clients for Windows, Linux, Mac and UNIX into one centrally managed product.

“Servers need the best protection against malware, but managing that protection while maintaining server performance across a diverse environment has inevitably increased complexity and demands on time,” said John Shaw, vice president of product management, Sophos. “We’ve delivered on what matters – server performance and security. Sophos Server Protection provides a single, easy to use management console to assign policies, view alerts and generate reports across platforms. Even licensing, often the bane of IT professionals, is straightforward: one server, one license, any platform.”

Standalone and virtual systems use fewer resources with Sophos Server Protection than with conventional antivirus products. Agentless scanning via vShield Endpoint prevents scan and update storms, automatically protecting every Windows virtual machine on the host through a centralized virtual security appliance. Systems without vShield benefit from a full featured client optimized for performance. Advanced features, including HIPS, application control, and device control, are also included for select platforms.

Sophos Server Protection supports a broad range of server and virtualization platforms, including Windows, Linux, UNIX, Mac, Hyper-V, vSphere/ESX/ESXi and XenServer. It provides proven protection against known and unknown threats, supported by real-time communication with SophosLabs. The Windows client offers additional layers of security, including HIPS, application control and patch assessment.

“Sophos Server Protection is server security made simple, because at Sophos we believe good security shouldn’t have to require the undivided attention of the IT team to make it work. Sophos Server Protection secures your business’s critical assets, without sacrificing performance or adding unnecessary complexity,” concluded Shaw.

Sophos Server Protection will be showcased at VMworld, which takes place in San Francisco between August 25 and 29. Sophos is a VMware Elite Technology Alliance Partner.

Υou can read the original article here.

One risk is that attackers will have the advantage over defenders who choose to run Windows XP because attackers will likely have more information about vulnerabilities in Windows XP than defenders. The problem is, of course, that once patches stop being provided for newly-discovered vulnerabilities, any problems that are found for more recent versions may well be backwards-compatible with XP. As details of these issues will be widely publicised, for very good reasons, there’s bound to be plenty of research going on into which ones can be used to penetrate the systems of anyone still clinging on to XP. Indeed, some people have already speculated that the bad guys will soon be stockpiling newly-found bugs until after the patch deadline, building up an arsenal of woes to unleash on those too lazy, poor, or stuck in their ways to upgrade.

Once the April 2014 deadline has passed, the world of Windows XP will be a perpetual zero-day, with no hope of relief from danger. It’s clearly in Microsoft’s interest to spread maximum fear, to squeeze as much revenue as they can out of Windows users who will have to pay to step up to Windows 7 or 8. But their warnings do carry considerable weight. In operating system terms, XP is pretty ancient, having been released in 2001 and reaching the end of its standard back in 2009. When the five-year extended support phase ends the platform will have very nearly reached its teens. It remains remarkably popular though, with the best available stats putting it on anywhere from 13 to 30% of systems browsing the web – well overtaken by Windows 7 nowadays, but still streets ahead of Windows 8. Its stability, simplicity and familiarity will make it hard to dislodge from a huge residual user base.

This has led to some speculation that Microsoft might relent and extend the support period further, but this seems unlikely. As Rains also points out in his blog piece, even with regular patching, the security provisions in XP just don’t cut it any more, leaving its users open to all sorts of dangers they would be immune from out-of-the-box with less creaky platforms.

You can read the original article here.

 An equally alarming industry statistic, users not running the most recent version of Android (comprising more than 90 percent of active users) are vulnerable to known exploits, resulting in a more than 600 percent increase in Android malware infections.
In order to keep up with and prevent these risks, Sophos has introduced the latest version of its free Android security app, Sophos Mobile Security 3.0, its full-featured mobile securityand anti-virus application.

What’s New in Sophos Mobile Security 3.0

• Application protection: Protects the start of selected applications with a password, meaning you can let others use your phone without risking your corporate data security. You can protect your settings or Google Play app and any other mobile application.
• Faster Scanning: Significantly improves scan speed by leveraging the power of multi- core phones
• Web Protection (now included in free version): Blocks access to malicious or phishing websites, so you can access the Internet worry-free

“If Android malware risks weren’t enough, Android device loss and theft are an enormous issue, especially considering that more than 100 cell phones are lost or stolen every minute just in the US alone,” said Thomas Lippert, senior product manager, mobile, Sophos. “Mobile malware leads to data loss and unexpected cost issues, while actual device loss and theft leads to potentially much worse. Either way, it’s imperative for users to ensure their devices are protected. And we’re providing this protection—for free.”

Sophos Mobile Security is offered for free in Google Play: https://play.google.com/store/apps/details?id=com.sophos.smsec. Optionally, Sophos Mobile Security can integrate into the company’s flagship mobile device management and security solution, Sophos Mobile Control, providing full central management and integration into the compliance enforcement engine. For more information about Sophos’ mobile offerings, please visit:http://www.sophos.com/en-us/products/mobile.aspx.

Sophos currently offers an optimized AMI that is compatible with AWS cloud services. With this new hourly-based model, customers are able to take advantage of the many scaling, redundancy and elasticity features offered by AWS. Put simply, this approach lets customers access and securely defend their cloud resources with a solution optimized for the AWS environment.

“With AWS Marketplace, businesses can find, buy and deploy software that is optimized for Amazon EC2, allowing them to focus on delivering business results faster and at a lower cost,” said Sajai Krishnan, GM, AWS Marketplace. “We’re excited to add the Sophos UTM to AWS Marketplace, as we believe its new on-demand hourly pricing allows customers to utilize this advanced network security solution with the elasticity and ease-of-use they want in the cloud.“

“As a long-standing security provider, we know about the many benefits that Amazon Web Services provides, especially to SMBs that have adopted the cloud,” said Angelo Comazzetto, Senior Product Manager, Sophos. “We pride ourselves on developing complete security offerings that are simple to use, and with this offering, companies can better defend their cloud security resources with layers of security provided by Sophos UTM. We are excited to enable this unique offering in the AWS Marketplace.”

For additional information on Sophos’ UTM offerings, please click here.

She writes: “I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)“.

She hasn’t yet named names or put a price tag on the first recipient. In fact, there are already multiple researchers who’ll be receiving bounty payouts. MSRC plans to hook up those researchers who want to be publicly recognized for their contributions on an acknowledgement page on its bounty web site. “Stay tuned, as it will come soon“, Moussouris says.

What Microsoft can share at this point are these two key results:

•     They’re getting more submissions, earlier. Microsoft has received more vulnerability reports in the first two weeks of its bounty programs than it typically would in an average month. It shows that the strategy for getting more vulnerability reports earlier in the release cycle is working, it says.
•     They’re attracting new researchers. Researchers who’ve rarely, or even never, reported directly to Microsoft are now choosing to talk directly to the company. Microsoft interprets that as proof that its strategy to hear from people it usually doesn’t hear from is bearing fruit.

As Moussouris explains it, Microsoft was canny in how it chose to approach the vulnerability market. There’s the black market, where zero-day bugs fetch the highest prices. Then there’s the gray market, where bug-hunting mercenaries make a mint selling information about exploit techniques and unpatched vulnerabilities to corporations and nation states. Microsoft didn’t go there. Instead, it focused on the white market: the place where buyers are after vulnerability information for defensive use, whether it’s vendors themselves (via bounty programs) or a broker who uses the vulnerabilities for their own protection services or threat reports. Moussouris says that three years ago, white-hat bug hunters were passing up cash on the white market and were instead mostly coming to Microsoft directly. That changed over the past few years. Microsoft has witnessed researchers increasingly holding bugs back to see what the going rate might reach on the various markets, typically after Microsoft has released code to manufacturing. The way Microsoft figures it, it’s identified a gap in the market that its new bounty program is filling: namely, in the pre-release, or beta, period.

Moussouris writes: “It’s not about offering the most money, but rather about putting attractive bounties out at times where there are few buyers (if any)… Trying to be the highest bidder is a checkers move, and we’re playing chess“.

There is data out there that bolster Moussouris’ contention that strategically structured, well-timed bounty programs are a good investment. A study recently released by the University of California, Berkeley reports that paying bounties to independent security researchers is a better investment than hiring employees to do it. Piggy and mouse. Image from ShutterstockFor example, Google’s paid out about $580,000 over three years for 501 Chrome bugs, and Firefox has paid out about $570,000 over the same period for 190 bugs. Compare that with just one full-time salaried security researcher digging through code, at, say, $100,000 per year, and the savings can be huge.

You can read the original article, here.

Some recent industry estimates report that as many as 96 percent of organizations now have employees who use both corporate-managed and personal mobile devices for work purposes, forcing IT to adopt new strategies to protect their data on those devices. Even though huge numbers of smartphones and tablets are lost every day, many users don’t enable even basic password protection.

Mobile malware and hacking is on the rise and many workers are still using unsecured personal mobile devices to access corporate data—a major concern for organizations trying to protect data while letting users work how they want.

Sophos Mobile Control provides the complete security that IT requires to confidently embrace employee device mobility. This latest version delivers Windows Phone 8 support alongside iPhone/iPad and Android, with self-enrollment and self-service capabilities for users, and allows IT to manage the complete device lifecycle as well as loss & theft scenarios.

Also included is an easy-to-use client app, which provides access to compliance status, messages and support information—allowing for comprehensive reporting and giving IT a holistic view of devices. Simpler administration is delivered by an updated menu, dashboard and various other workflow improvements. The SaaS version of Sophos Mobile Control 3.5 delivers better integration into corporate IT with a new remote Exchange ActiveSync (EAS) Proxy that enables organizations to block non-compliant devices from receiving email, and remote LDAP support that allows users to easily connect to Active Directory.

You can read the original article, here.

By offering this service, GlobalSign hopes to encourage the use of SSL in application development and the growth of security best-practices.

Through GlobalSign’s commitment to the open-source community, projects are eligible to receive one free Wildcard SSL Certificate valid for as long as the project meets minimum requirements. Open-source software projects that allow developers and the general public to freely access the source code have become very popular and are looked upon by many as leaders in the industry, representing an important segment of the technology community. Offering SSL Certificates will allow developers to improve the trust and security of their projects, which people around the world rely on. GlobalSign hopes this partnership can also make a difference by setting an example in how SSL is deployed today.

“We are delighted to show our commitment to the open-source community by offering free SSL Certificates to these projects,” said Ryan Hurst, chief technology officer, GMO GlobalSign, Inc. “We believe this effort will not only help the developers and users of open-source projects but also encourage the adoption of industry best-practices in the use of SSL.”

To qualify for a free Wildcard SSL Certificate from GlobalSign, the software project must use a license approved by the Open Source Initiative. GlobalSign will also require that projects maintain secure SSL configurations. Projects can quickly and easily evaluate their SSL strength by using the GlobalSign SSL Configuration Checker, which currently checks for over 30 common problems relating to configuration and provides recommendations on how to fix them, thus making it easy to achieve a secure configuration.
Those in the open-source software community who are interested in obtaining a free Wildcard SSL Certificate from GlobalSign may enroll for it by visiting https://www.globalsign.com/ssl/ssl-open-source/.

Click here to see the original article.

Sophos Complete MSP Security is the first MSP-focused solution to offer complete protection for networks, endpoints, and mobile devices from a single vendor.

Sophos Complete MSP Security makes offering IT security as a service easier and more profitable. MSPs can offer a full range of IT security services that provide instant credibility and proven protection, including centralized management that allows them to easily manage all of their customers’ locations at no extra charge.

With Sophos’ new self-provisioning MSP licensing, this program offers compelling usage-based pricing and pay-as-you-go monthly billing, and it requires no up-front commitments – a business model demanded by today’s MSPs that had gone unmet – until now.

You can read the original article, here.

 Through the partnership, both parties aim to meet the increasing demand for SSL and other digital certificates requirements in the region through a range of dedicated enterprise solutions.

With over 55 percent growth in the SSL market during the last year (source: www.netcraft.com), the requirement for security in the Scandinavian region is at an all-time high. GlobalSign has been working with TrustZone for several years to encourage best practices for website security throughout this territory, issuing over 11,000 SSL Certificates through TrustZone, resulting in a significant acceleration in market growth of over 100 percent (source: www.netcraft.com). The partnership demonstrates both companies’ commitment in working together to enable customers to benefit from industry-leading SSL security solutions and in providing high levels of customer support, delivered directly by TrustZone at the local level.

The two organizations have joined forces to better serve the enterprise market in particular and are introducing GlobalSign’s leading Managed SSL and Enterprise PKI (ePKI) solutions to TrustZone’s customer base, enabling advanced on-demand management of a range of digital certificates. The scalability of both solutions gives large enterprises the ability to streamline workflows, whilst reducing the cost and time resources typically associated with digital certificate management and PKI deployments.

You can read the original article, here.

“On June 19th we uncovered, halted and contained a targeted attack on our internal network infrastructure. Our systems have been cleaned and there is no evidence of any user data being compromised. We are working with the relevant authorities to investigate its source and any potential further extent. We will let you know if there are any developments. The current evidence suggests a limited impact. The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware. This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software, or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between 01.00 and 01.36 UTC on June 19th, may automatically have received and installed the malicious software. To be on the safe side, we will roll out a new version of Opera which will use a new code signing certificate“.

The conclusions we reached, based on the announcement above, were:

• The network was breached.
• A code-signing key was stolen.
• Malware has been signed with it and circulated.
• At least one infected file was posted on an Opera server.
• That file may have been downloaded and installed by Opera itself.
• Cleanup and remediation has now been done at Opera.
• That sounds a bit more like Security breach not stopped.
• How else could a signed-and-infected file have been automatically downloaded by an already-installed instance of Opera? Anyway, wouldn’t Opera’s auto-update have failed or produced a warning due to the expired certificate? Until Opera has worked out the answer to these questions, Opera users probably want to assume the worst.

The good news is that the malware involved is widely detected by anti-virus tools, and the period of possible exposure via Opera itself was at most 36 minutes.

→ According to Opera, Sophos products block the offending file as Mal/Zbot-FG.

So, if you are an Opera for Windows user:

• Download a fresh copy of the latest version (since the buggy download appears to be a thing of the past).
• Make sure your anti-virus is up to date.
• If you can spare the time, do an on-demand (“scan now”) check of your computer.
• If we find out more detail about whether malware was distributed by existing Opera installations or not, we’ll let you know.

You can read the original article, here.