Keenan brings more than 20 years of sales and sales management experience to Sophos, including 13 years with SonicWALL, where he most recently built a new sales organization for mid-market accounts and developed the division’s channel strategy. As vice president of North America Sales, Keenan grew the business by fostering key relationships with the company’s channel partners.

“John Keenan is widely respected by the security channel, and I am thrilled to welcome him to Sophos. He brings a proven track record of success in the security space and has winning experience in leading channel and sales teams,” said Michael Valentine, senior vice president of sales for Sophos. “Every day, the Sophos team is working hard to be the preferred vendor in security for the channel and customers. Our products, our people and our partner programs continue to gain industry accolades. In bringing John aboard, we have an ideal leader for continued growth in our North American business.”

“I am excited to join Sophos; the company’s value proposition of ‘security made simple’ clearly resonates with customers and the channel,” said Keenan. “The company’s relentless focus on empowering the channel, a best-in-class portfolio of endpoint, mobile, server and network solutions, and the opportunity to contribute to Mike Valentine’s winning team made my decision to join Sophos an easy one.”

Easy to deploy and simple to manage, Sophos Cloud gives Sophos partners and IT managers at enterprises of all sizes the ability to manage and maintain endpoint security to protect all users, regardless of physical location, via the cloud-based service. The launch of Sophos Cloud is the first step in the company’s aggressive strategy of cloud-enabling its entire portfolio. In addition, Sophos will continue to innovate and extend its ‘on-prem’ security software, providing IT professionals choice in how to best manage IT security in their environment.

Kris Hagerman, chief executive officer for Sophos, said, “Sophos Cloud is the answer to the constant struggle IT teams face in protecting and securing their enterprises. These IT teams may be as small as a single person, but the constant threats and challenges they face could overwhelm an army. To come to their rescue, we’re thrilled to deliver Sophos Cloud – it will be one of our key strategic priorities as we execute on our vision of being the best in the world at delivering complete and powerful IT security to small and mid-market enterprises and organizations of any size looking to simplify their IT security operations“.

With the management console hosted by Sophos Cloud, there is no server set up and service can be deployed instantly, providing complete security coverage everywhere – simply. Sophos Cloud delivers all the essential endpoint protection a company needs without any of the complexity traditionally associated with security management. The service is also consistent with Sophos’ ongoing focus and commitment to be a “Channel First” company.

“The ability to administer our security with Sophos Cloud allows us to better manage our resources and enables us to effectively utilize our time and money. The service was easy for us to implement, and it seamlessly integrated into our environment,” said David Fox, IT Consultant, Neptune Terminals.

“Small and medium businesses are especially challenged regarding IT security. They are targets and must meet security best practices yet are resource constrained,” said Charles Kolodgy, Research Vice President for IDC.

“Sophos Cloud is a welcome addition. Its features can remove some of the complexity tied to security management thus allowing small and mid-market businesses to improve security without taxing their resources”. “As an organization that specializes in IT security and services, M3Corp has had a valuable partnership with Sophos for more than 4 years. Sophos Cloud will help us extend that partnership to quickly deliver cloud security that is easy to deploy and manage, while providing the most efficient and economical security solution to all of our customers throughout Brazil. M3Corp’s partnership with Sophos ensures that our customers will be fully protected from all types of threats,” states Antonio Mocelim, Sales Director, M3Corp.

Availability
Sophos Cloud is currently available. Online 30-day trials are available by visiting: www.sophos.com/cloud

Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) were both designed to help counteract this issue by helping legitimate senders prove that their email isn’t forged.   Now you can implement anti-spam rules in the Sophos Email Appliance that act on the presence or lack of both SPF and DKIM validation and you can even add your own DKIM signatures to outbound mail, providing an added layer of trust to email originating from your organization.

As you would expect, enabling SPF or DKIM policy rules couldn’t be simpler.  With just a couple of clicks you can easily add sender validation using these frameworks to your spam evaluation criteria.

But that’s not all, with v3.8 we’ve also enabled wildcards for selecting sub-domains for  “Select Users” and “Custom Groups” when setting up policy and a few more enhancements.  This release also includes a patch for the OpenSSL man-in-the-middle vulnerability.  You can read all about the updates in the release notes.

Sophos Email Appliance Documentation and Release Notes. Existing email appliance customers will receive this automatically during your next specified update window.

You can read the original article, here.

She writes: “I personally notified the very first bounty recipient via email today that his submission for the Internet Explorer 11 Preview Bug Bounty is confirmed and validated. (Translation: He’s getting paid.)“.

She hasn’t yet named names or put a price tag on the first recipient. In fact, there are already multiple researchers who’ll be receiving bounty payouts. MSRC plans to hook up those researchers who want to be publicly recognized for their contributions on an acknowledgement page on its bounty web site. “Stay tuned, as it will come soon“, Moussouris says.

What Microsoft can share at this point are these two key results:

•     They’re getting more submissions, earlier. Microsoft has received more vulnerability reports in the first two weeks of its bounty programs than it typically would in an average month. It shows that the strategy for getting more vulnerability reports earlier in the release cycle is working, it says.
•     They’re attracting new researchers. Researchers who’ve rarely, or even never, reported directly to Microsoft are now choosing to talk directly to the company. Microsoft interprets that as proof that its strategy to hear from people it usually doesn’t hear from is bearing fruit.

As Moussouris explains it, Microsoft was canny in how it chose to approach the vulnerability market. There’s the black market, where zero-day bugs fetch the highest prices. Then there’s the gray market, where bug-hunting mercenaries make a mint selling information about exploit techniques and unpatched vulnerabilities to corporations and nation states. Microsoft didn’t go there. Instead, it focused on the white market: the place where buyers are after vulnerability information for defensive use, whether it’s vendors themselves (via bounty programs) or a broker who uses the vulnerabilities for their own protection services or threat reports. Moussouris says that three years ago, white-hat bug hunters were passing up cash on the white market and were instead mostly coming to Microsoft directly. That changed over the past few years. Microsoft has witnessed researchers increasingly holding bugs back to see what the going rate might reach on the various markets, typically after Microsoft has released code to manufacturing. The way Microsoft figures it, it’s identified a gap in the market that its new bounty program is filling: namely, in the pre-release, or beta, period.

Moussouris writes: “It’s not about offering the most money, but rather about putting attractive bounties out at times where there are few buyers (if any)… Trying to be the highest bidder is a checkers move, and we’re playing chess“.

There is data out there that bolster Moussouris’ contention that strategically structured, well-timed bounty programs are a good investment. A study recently released by the University of California, Berkeley reports that paying bounties to independent security researchers is a better investment than hiring employees to do it. Piggy and mouse. Image from ShutterstockFor example, Google’s paid out about $580,000 over three years for 501 Chrome bugs, and Firefox has paid out about $570,000 over the same period for 190 bugs. Compare that with just one full-time salaried security researcher digging through code, at, say, $100,000 per year, and the savings can be huge.

You can read the original article, here.

Although it can be exploited in some cases, the good news is that not all implementations can be exploited, and only certain services and applications allow a hacker to exploit this issue. Please see our article on Naked Security for an explanation of the vulnerability itself.

In addition, we have examined our products and we are confident that the Shellshock vulnerability can’t be exploited in any Sophos product. Our IT systems have also been patched or were not vulnerable. For the latest information on how this bug affects Sophos products, please refer to our knowledgebase article from Sophos Support. 

You can read the original article, here.

Best in Biz Awards, the only independent business award program judged by members of the press and industry analysts.

The Arkeia Network Backup Suite comprises Arkeia Software’s line of backup-and-restore solutions. Administrators can deploy Arkeia’s backup servers as software applications, hardware appliances or virtual appliances. Arkeia Software protects both virtual and physical environments and manages backups to disk, to tape, and to the cloud.

For more information click here

new Router Utility app. Ready when you are, wherever you are, the Router Utility app gives you instant insight into device status, events, bandwidth usage, and more. And with full support for push notifications, you’ll know immediately whenever there’s an important status change or performance issue, helping you to keep small glitches from becoming major problems.

For more information click here

for next-generation networks.

Bandwidth management using deep packet inspection (DPI) is a relatively new field for enterprises or carriers / network operators. Ipoque technology can help solve many of the issues that arise from growing user numbers generating ever more traffic with a large variety of new applications. PRX Traffic Manager solutions detect applications with a combination of layer-7 deep packet inspection (DPI) and behavioral traffic analysis. The integrated quality-of-service (QoS) management allows prioritization, shaping and blocking of classified traffic.

Click here to watch the webinar

latest threat trends as well as tips for fighting back and keeping your people and devices secure.

In the past year cybercriminals found ways to attack new platforms from Android to cloud services. And Sophos saw a resurgence of old malware techniques with new twists. Hackers got smarter and better organized, developing better ways to spread their crime packs and to evade detection.

Fortunately, Sophos security experts at SophosLabs are always on the case.

Download your free copy of the 2013 Security Threat Report here
Playlist of Threat Report videos here
Check out Sophos 2013 security trend predictions here

will be called BasicGuard; this will target smaller businesses giving them all the essential features of a market leading UTM at an affordable price.

What is Sophos launching?

Sophos is launching three new components:

1) Two new entry level appliance bundles UTM 100 and UTM 110 with Basic Guard Subscription. Both are based on the existing Sophos UTM110/120 hardware. BasicGuard is the only feature bundle available for UTM100 and also available as an alternative option for UTM110.

2) With customers connecting more and more devices to their network Sophos is removing the 10 IP/user limitations of the UTM110 and introducing a throughput limitation instead, which is different for UTM100, 110 and 120 (hence depending on the license type while all using the same hardware).

3) A price reduction for UTM110 FullGuard.

Furthermore, BasicGuard contains:

• Web Application Control
• Network Firewall & IPS
• Remote Access and VPN
• Wireless Protection
• Web Antivirus and URL filter
• Email Antivirus and Antispam

Vendor Landscape Report entitled, “Vendor Landscape: Application Delivery Controllers: It’s a Lot More than Just Load Balancing”.

The report assessed the strengths and weaknesses of 10 leading application delivery controller (ADC) vendors. Array received a high score in the “Innovator” category based on its features for support and migration toward IPv6 before much of the competition and for being on the leading edge of SSL acceleration, offering 2048 bit encryption.

Array’s AppVelocity server load balancing appliances optimize the availability, security and performance of enterprise applications, IP data services and data center equipment. Powered by Array SpeedCore™, AppVelocity server load balancing appliances leverage parallel multi-core processing to achieve breakthrough scalability and performance for application delivery.  Available on Array’s APV Series Application Delivery Controller hardware and engineered for modern datacenter, cloud and virtual environments, AppVelocity server load balancing appliances boost application performance and speed return-on-investment from the small enterprise to the large service provider.

For more information click here

improved economics for protection of private and public clouds.

Powered by Array’s award-winning 64-bit SpeedCore platform, the new product gives enterprises and service providers the ability to run Array’s proven AG Series secure access gateways as virtual machines on commodity servers running VMware ESXi, Citrix XenServer or OpenXen hypervisors.

Each vxAG Virtual Secure Access Gateway supports all of the features and functions found on Array’s dedicated hardware AG 1000 Series secure access gateways. Available for 64-bit versions of VMware ESXi 4.1 or later, XenServer 5.6 or later and OpenXen 4.0 or later, the vxAG Virtual Secure Access Gateway gives enterprises and service providers the agility and flexibility to create and offer dynamic secure access services.

For more information click here

adding more bandwidth.

ipoque announced that four more large enterprises have finally said “enough” with adding more bandwidth to solve their open-loop problem of trying to meet their continuous thirst for more throughput. These companies instead turned to ipoque to improve the performance of their traffic by better monitoring and managing their networks.

ipoque’s new white paper illustrates the advantages of a multi-tier architecture of loosely coupled, well-integrated systems that is extensible, flexible and scalable enough to meet present and future challenges of network operators. The document regards the technical background and explains the functions of each network component, focusing mainly on the policy enforcement system.

Fo more information click here

Broadband Traffic Management Congress 2012.

The Broadband Traffic Management Congress takes place in London between 06/11/2012 – 08/11/2012.

Royal Garden Hotel, London

For more information click here

adds new features like dual-band wireless for even greater range, reliability, and speed.

Manage from Anywhere
Like all AP One series products, the AP One 300M offers anywhere, anytime remote management via the InControl cloud-based management platform. And starting with Firmware 5.4, Balance users can centrally manage up to 20 AP One devices for free with the Balance’s built-in WLAN Controller.

Deliver Wi-Fi Everywhere
The AP One 300M also features two Gigabit Ethernet WAN ports and a 2.4GHz/5GHz 802.11a/b/g/n radio for more flexibility and speed, as well as greater signal coverage and reliability.