A very important award for NSS this year came from one of its largest partners, Sophos. The well-known cybersecurity company presented the “Distributor of the Year 2023” award through its representative, Patrick Müller (Regional Manager Eastern Europe, Sophos) to the Executive Director of NSS, George Kapaniris, rewarding NSS’s performance in the Eastern Europe region where it also operates.

NSS Corp. is an international Value-Added Distributor (VAD), specializing in cutting-edge IT solutions covering the technology areas of information security, networking, unified communications, data storage, virtualization, and data center infrastructure systems (datacenters).

“NSS is a very loyal partner to Sophos and that loyalty and dedication is not something that is found everywhere. NSS represents Sophos in the Greek market and demonstrates a high level of technological sophistication. And this is exactly what partners are looking for from a distributor. In addition, it runs a business model that is highly satisfying to its partners on a business level. Our relationship with NSS is based on loyalty, trust and friendship, characteristics that are of real value to partners. It’s not just about sales, but also about the value that a distributor like NSS can bring at a business level” said Patrick Müller of Sophos.

The event for the “Distributor of the Year 2023” award was attended by dozens of partners of NSS in Greece. The event was accompanied by numerous briefings and updates on the latest developments in cybersecurity and the evolving threat landscape as well as on the important changes coming to legislation, directives and regulations in the European Union – most notably the implementation of the NIS 2 Directive, which brings new measures for an even higher common level of cybersecurity across the European territory.

The Executive Director of NSS, George Kapaniris said about the important award the company received: “We are honored, as this award concerns Eastern Europe, a large region where a big number of distributors are very active, something that is not the case in other regions of the continent. This is a very important achievement as we have been working with Sophos for many years,” said Mr. Kapaniris. “You can have faith in your capabilities, and know how good you are at your job, but when your own partners tell you, it becomes a belief. Sophos is a very important partner of ours and it is particularly positive that Athens is now a ‘destination’ – previously it was Prague and Budapest – as there are now few cities that the vendor chooses to visit,” he added.

George Koumintzis, Commercial Director of NSS said about the prestigious award: “With our partners we make sure we have a two-way relationship. They are our source of information about what the market demands at a given moment. From the opposite direction, by embracing the trends in global cybersecurity, we pass on information to them so that they can in return provide vision to their customers“.

The most important tips for password security include choosing long, complex, unique passwords, not storing them in easy-to-hack places and using a password manager.

Unfortunately, most people don’t follow best practices for password security. According to Keeper Security’s 2023 Password Management Report, only 25% of people use strong, unique passwords for all of their accounts. That means 75% of people have insufficient password practices.

The report revealed that one in three people globally feels overwhelmed by password management. If you’re one of those people, read on to learn our top five tips for easy password security that will keep your accounts safe from cybercriminals.

Top Five Password Security Tips

Here are our top five password security tips.

1.Create randomized, long passwords

To create a strong password, you must avoid mistakes that will make your password easy to crack through common password-cracking techniques. Short passwords are easy for robots to crack in just seconds. Dictionary attacks can guess passwords that contain dictionary words. Targeted attacks may find personal information on your social media – like your dog’s name – and use it to guess your password.

Length is more important than complexity according to the National Institute of Standards and Technology (NIST). It will be harder to crack a 20-character password even if it uses dictionary words than a completely random 6-character password. But, creating a password with both length and complexity is the most secure.

Our free password generator can create a strong password for you in seconds. Generate a Password

Every password should have:

• At least 12 characters
• Upper and lowercase letters
• Symbols
• Numbers
• No dictionary words
• No personal data, such as birth year or pet name
• No sequential numbers, such as 1234
• No repeated numbers, such as 8888
• No keyboard patterns, such as QWERTY

Example of a strong password (don’t use this one, it’s no longer secure because it’s public):

• BMOu#L8xc8ijX,#m>uzf

Examples of weak passwords:

• 7b>iCQ (too short)
• Blue17Freed!Dry (has dictionary words)
• KK8*K?Nr3456 (contains sequential numbers)

How to remember your passwords

Strong passwords are hard to remember, but you can make it easier by using mnemonic techniques, such as using the first letter of each word from a favorite quote with numbers and letters added in (“It was the best of times, it was the worst of times” becomes “iwtBot%72#iwtwot”).

You could also use words with numbers and symbols instead of letters (“dog bone” becomes “D0G#!B0N398”).

The easiest way to remember passwords, however, is by using a password manager and storing them in a digital vault with zero-knowledge encryption. A password manager is software that securely stores your passwords and allows you to access them from any device.

2.Don’t reuse passwords

One of the most common ways passwords are compromised is through credential-stuffing attacks. This is when one set of credentials is stolen and a cybercriminal uses them to try to gain access to other accounts.

For example, if a data leak exposes your password to your email account, the cybercriminal could then try to use the same credentials to access your bank accounts, retirement accounts, credit card accounts and so on. However, if you used unique passwords for each of your accounts, then only one account will be compromised.

It’s important to note that cybercriminals often guess similar passwords in credential-stuffing attacks. For example, if the compromised password was weakpassword8, they may try weakpassword9. Choosing a password that you change slightly for every account is not an effective way to prevent hacking, even if it’s a long, complex password.

3.Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an important additional security layer to passwords that protects your account in the case of a data breach. MFA is a second method of authentication you have to enter in addition to your password in order to access an account.

There are a variety of MFA options, including generating codes on an authentication app, getting a code by SMS text or answering security questions. Usually, accounts will give you the option to require MFA only if you are logging in on a device that is not your personal, primary device.

Data breaches are common, so it’s easy for one of your passwords to become compromised. However, if you have MFA enabled then it will be much more difficult for a cybercriminal with your stolen password to access your account.

4.Store and share your passwords securely

Going through the trouble of creating long, complex passwords for your accounts will not protect you if you don’t store them securely.

The days of keeping all your passwords in your phone notes and sending them to others via text are over. Documents, texts, email and other common locations to keep passwords are easily compromised by cybercriminals.

Technology has solved the problem of storing passwords securely with password managers. A  master password is the only password you need to remember to access all of your passwords.

How to store your master password

You should memorize your master password and not share it with anyone. If you absolutely must write it down somewhere, write it on a physical piece of paper and hide it in a safe or other highly secure location.

How to securely share passwords

Password managers will also make it easy to securely share your passwords – for example, if you want to share a Hulu password with your family, your password manager will be able to share it while keeping it safely encrypted.

Browser password managers

It’s important to note that secure password managers are not the same thing as browser password managers. Browser password managers are easy to hack and your passwords are not safely stored. We recommend disabling your browser password manager in your settings.

5.Automate everything with a password manager

A password manager like Keeper Password Manager simplifies password management while offering the highest level of security for all of your accounts. Password managers can:

• Generate strong, unique passwords
• Store passwords with the best encryption
• Automatically fill in your credentials when you log in
• Store 2FA codes so you don’t have to wrangle multiple devices while logging into an account
• Securely store other types of information, like confidential files and ID photos
• Scan the dark web for compromised passwords and alert you to change the affected credentials

Why Poor Password Management Puts You at Risk

Passwords are what stand between cybercriminals and your valuable, confidential data. Reusing passwords, using weak passwords and other bad habits will make it easy for a cybercriminal to hack you once you become a target.

If cybercriminals access your data, it could result in theft of money from your bank account, account takeover and even severe identity theft. These types of incidents are time-consuming and expensive to recover from.

Keep Your Accounts Protected

Using strategies for choosing strong passwords and storing them securely will keep your accounts protected. Keeper Password Manager is the simplest way to streamline your account security. Start a free 30-day trial today to see how we can protect your digital life.

Source: Keeper Security

Murphy’s law famously states that if anything can go wrong, it will go wrong. Security has long-since adopted this mantra and implemented zero trust as a coping mechanism.

When taken in full, it can present quite a challenge. But broken down into its various parts it becomes a manageable task, especially when guided by a security partner with the right toolset to take you through each advancing level of security maturity.

What Is Zero Trust? 

Simply put, zero trust is the approach of “never trust, always verify”. This model assumes any user could have malicious intentions and that a cyberattack may already be underway. In other words, zero trust is the approach of erasing inherent trust and requiring constant and ongoing authentication and authorization for the users, services, and systems on the network.

The three basic tenants of a zero-trust strategy are:

1. Always assume a breach
2. Trust no one
3. Verify everything

Even after verifying a user’s identity, the user in question still doesn’t have the “keys to the kingdom”. Zero trust approach denies total access to the user, opting instead to make them prove their identity layer by layer, step by step, continuously. By leveraging network segmentation and establishing micro-perimeters, zero trust measures only grant access to assets when a valid reason is presented for doing so.

How to Get Started 

It’s important to recognize that zero trust is not a technology, but a journey. It includes tools and processes necessary to create an environment that requires full validation before granting access to sensitive data.

Thinking About Zero Trust 

Tackling zero trust in a pragmatic, step-by-step approach can lead to better success than trying to overhaul your entire infrastructure at once. For example, you can start by establishing:

• What to protect. This can be critical assets, systems, software, and data.
• What to protect it from. Are your trouble spots over-privileged users? Poor password hygiene? External threat actors? Whatever it is, prioritize your areas of weakness before you begin.
• A reasonable starting point. Consider an iterative approach of tackling the problem system by system or in groups.

Zero trust is doing now what we were too naïve to do at the inception of the internet; define what is important and figure out how to properly defend it. Because we’re retrofitting old architectures into a new way of security, a lot of smaller steps and customizations need to be made before something can be considered fully ‘zero trust’.

However, each journey starts with a single step.

Vulnerability Management: The Backbone of a Zero Trust Strategy 

The first step of that ‘iterative process’ is to define what the weak spots are. Once organizations have defined the parameters of what needs protecting and what the enemies are, vulnerability management is the logical next step.

This focuses on weaknesses within the infrastructure — not the access points. It identifies and prioritizes vulnerabilities, which require patching and misconfigurations that could be easily exploited. When it comes to vulnerability scanning, most organizations require a flexible solution that can take on the challenges of a hybrid environment without bogging down configuration.

And remember, the right results provide actionable insights to facilitate impactful remediation on the part of the organization.

Applying a Zero Trust Framework 

No matter the size of your organization, it is best to move towards zero trust in steady, measurable steps. John Grancarich, Executive Vice President, Fortra, outlines a management process to achieve progress towards zero trust:

1. Prepare for the journey towards a zero-trust security framework. Know the principles of zero trust, know the scope of your organization and its assets, and get together a team. You need to know what you’re working with.
2. Classify your assets. Organize your areas of protection by the importance of the asset. Once you’ve established low, medium and high impact assets, prioritize from there.
3. Select an initial set of assets to address. Protect your highest impact items first, pausing proactive zero trust security work on all the rest until this is done.
4. Implement initial security controls. Begin choosing, deploying and testing your new zero trust compatible processes, procedures, technological solutions, and services for your identified subgroup.
5. Assess the performance of your controls. Continuously make sure your implementations are running as expected.
6. Authorize systems. Senior leadership signs off on security systems, privacy plans, and the whole operation thus far.
7. Monitor results and refine as needed. Keep a constant watch on zero trust implementations from day one. Monitor for deviations, trigger actions based on conditions met, and reduce false positives discovered in monitoring.

At this point, you iterate the whole process over with the next highest priority assets on your list, and so on from there. In this way, companies can eat the zero-trust elephant one bite at a time, learning how to implement a zero-trust strategy with more accuracy, insight, and success each time around.

The State of Zero Trust Now and Future Predictions 

Research by Cybersecurity Insiders and Fortra reveals how organizations are adopting zero-trust security into daily business flows. Currently, only 15% of respondents indicated zero trust network access (ZTNA) was “already implemented”. Another 9% said they had “no plans” to implement. While far from ubiquitous, it is safe to say that zero trust is a trend that will only increase among business leaders, and one that is garnering a great deal of critical thought.

Preferred ZTNA Tenants 

When asked, there were several zero trust tenants that were most compelling to organizations. They ranked:

• Continuous authentication/authorization (66%)
• Trust earned through verification of entities, including users, devices, and infrastructure components (65%)
• Data protection (64%)
• End-to-end access visibility and auditability (61%)
• Least privilege access (60%)

Don’t Forget Devices 

In our headlong rush to protect the enterprise, it’s easy to overlook the number of risks, threats, and vulnerabilities mobile devices introduce. While many stated the importance of data protection, mobile device management (MDM) and bring your own device (BYOD) was low on their lists of priorities. Understandably, BYOD is tricky to navigate as it relies on privacy yet can be difficult to control. As it stands, mobile devices continue to be a pain point for intrusion prevention and data loss prevention (DLP) efforts.

Secure Access Priorities 

When it comes to achieving ZTNA, respondent companies prioritized in this manner:

• Multi-factor authentication/privileged account management (65%)
• Anomalous activity detection and response (50%)
• Securing access from personal, unmanaged devices (46%)

Securing Public Cloud 

Traditional remote access solutions still aren’t up to the task of dynamically securing today’s distributed cloud environments. Consequently, the most mentioned workaround was “hair pinning” remote and mobile users through data centers to access public app clouds (53%). And shockingly, over a third (34%) have to publicly expose cloud apps to enable remote and mobile users, drastically increasing risk to the enterprise.

Benefits of a Zero Trust Security Framework 

Adopting a zero-trust approach ultimately reduces the attack surface, statistically lowering the chance of attack. While that remains the most obvious benefit, others include:

1. Support for compliance requirements 
   The closed connection tenant of zero trust helps prevent exposure of private data, helping to keep you in the clear with compliance standards such as the federal government’s NIST 800-207, the payment card industry’s PCI DSS, or the healthcare industry’s HIPAA and HITECH requirements.

1. Better cloud access control 
   Zero trust security policies can be applied to give you more visibility and access control within the cloud. With protection attached to the workload, your data remains safe — even if the environment changes.

1. Data breach risk reduction 
   By assuming all entities are hostile, an organization naturally cuts down on the chances of inadvertently letting in a cybercriminal. Less risky users means less chance of a data breach. And should they manage to get inside the network, zero trust deployments are designed to stop them at every turn.

Even starting on the zero-trust path is more beneficial than waiting on the sidelines. Each sector, each asset category, each system you convert to zero trust protection is one more that is harder to breach. Threat actors go for the low-hanging fruit. While organizations are wanting to fully ‘achieve’ zero trust, an unforeseen number of attacks will be blocked by simply making an entity that much harder to hack than all the rest.

Zero trust is a methodology that starts giving from day one.

How Fortra Supports Your Zero Trust Journey 

Fortra is proud to move the needle forward by providing a host of solutions to aid you on your zero-trust journey. While each company’s architecture is their own, we serve as a relentless ally and partner in determining your security needs and identifying the controls that would work best with your particular use case, factoring industry, maturity level and headcount into the process.

Our offerings include:

• Data Classification. Visual and metadata labels to guide how data should be accessed and shared downstream.

• Data Loss Prevention. Learn how your data is being used and block undesirable actions against it.
• Secure File Transfer. Encrypt the automated file transfer process and bundle with DRM to fully protect files in transit.
• Secure Collaboration.Control who can access files — and what they can do with them — even after they’re sent.
• Identity and Access Management. Manage user access to valuable resources and streamline provisioning, PAM, and password management.
• Integrity Management. Identify misconfigurations and indicators of compromise with layered management tools.

• Vulnerability Management. Discover weaknesses in endpoints, servers, applications and security controls before it’s too late.

While enterprise wide zero trust is always the goal, there is no zero trust “finish line”. As long as threat actors continue to improve their craft, there will always be more exploits to defend against and more creative ways to do so. Zero trust is a process rather than a product.

Fortra enables organizations along their zero-trust journey. Our portfolio of extensive solutions works both conjointly and independently to bring you the best answer to your zero-trust challenge — be it with one solution or a bundle.

Source: Fortra

A 2FA code, which stands for two-factor authentication code, is a form of Multi-Factor Authentication (MFA) that requires a generated code as an additional verification factor to a username and password. For example, when logging in to an account, instead of solely entering your credentials, you would also have to provide a second method of verification by entering a code from an authenticator app or one that is sent to your phone.

Continue reading to learn more about 2FA codes and how you can use them to protect your accounts.

How 2FA Codes Work

Before understanding how 2FA codes work, you first have to know the two types of 2FA codes. The first type is Time-based One-Time Passwords (TOTP) and the second is SMS-based One-Time Passwords (OTP).

TOTP codes are typically generated by authenticator apps that you can download on your phone. These codes regenerate every 30-60 seconds, so they’re different each time you use them. Some password managers also offer the option to generate and store TOTP codes so you don’t need a separate application. When using TOTP codes, it’s important to know that once the set time for them runs out, they expire, so you must always enter the most recent code that appears.

SMS OTP codes are sent to you via text message. You typically receive these text messages when you are attempting to log in to your account and have already entered your credentials correctly. To access your account, you’ll need to enter the code sent to you through text message to verify who you are.

Why Use 2FA Codes?

You should use 2FA codes to add an extra layer of security to your accounts and protect yourself in the event of a data breach.

Extra layer of security

2FA codes, like any other type of MFA, provide your accounts with an extra layer of security. In the case that someone were to guess your password or compromise it due to weak password practices, requiring a 2FA code would prevent them from being able to gain access to your account. This is because they don’t have the ability to see your 2FA codes – only you do.

It’s strongly recommended that you use more than two authentication factors for your accounts to add that critical extra layer of security.

Protects you in the event of a public data breach

Public data breaches are extremely common and often lead to customer data being leaked and published on the dark web. These breaches usually expose customers’ Personally Identifiable Information (PII) and login credentials. In the event that your credentials are involved in a public data breach, having a 2FA code on your account would prevent a threat actor from being able to successfully access it.

How Can I Get a 2FA Code?

There are different ways you can receive 2FA codes and some are more secure than others.

Authenticator apps

Authenticator apps are applications you download onto your phone. Google Authenticator and Microsoft Authenticator are two examples of authenticator apps. When using an authenticator app, you’ll first need to set it up with your account by scanning the Quick Response (QR) code that is given to you. Once it’s set up, every time you log in to that account, you’ll need to enter the 2FA code generated by the authenticator app. The 2FA code given to you is time-based so you’ll need to enter it before time runs out, which is usually 30-60 seconds.

SMS text messages

Another way you can get 2FA codes is by text message. This is the most popular way to receive 2FA codes since it’s the most convenient for users, but receiving 2FA codes this way is also the least secure. Security professionals strongly advise against using this method for receiving 2FA codes because they’re more vulnerable to being intercepted by a threat actor.

For example, if you were to become a victim of a SIM swapping attack, in which a threat actor swaps your SIM card to their phone, they would start receiving all your text messages and phone calls. This means they’d also be able to receive your 2FA codes that are sent through text message, which they can use to compromise your accounts.

Password managers

Certain password managers enable you to generate 2FA codes for your accounts. When you set up 2FA for an account in the same record you have your credentials stored, your 2FA code will autofill along with your credentials. In short, your 2FA codes and credentials will all be stored in the same place, meaning you don’t have to download different apps to access them. One password manager that provides users with the ability to generate and store 2FA codes is Keeper Password Manager.

How to Set Up Two-Factor Codes in Keeper

Keeper Password Manager is the password manager that offers the ability to generate and store 2FA codes in your password vault. Here’s how to set up 2FA codes when using Keeper:

1. Log into your Keeper Vault.
2. Locate the record for which you want to generate and store a 2FA code.
3. Click on the record.
4. In the record, click the edit button on the top right corner that looks like a pencil.
5. Click where it says “Add Two-Factor Code.”
6. From here, you’ll have the option to scan a QR code or enter the code given to you manually.
7. Log into the account for which you want to set up a 2FA code.
8. Find the option to enable two-factor authentication in your security settings (this will vary from account to account).
9. If using Keeper on your phone, scan the QR code displayed during the setup process. If using Keeper on desktop, upload a screenshot of the QR code or manually enter the code provided.

Once you’ve set up the 2FA code in the associated record, your credentials and 2FA code will autofill when you log into your account. Having your 2FA code autofill not only saves you time but also ensures that you’re receiving your 2FA code securely since everything stored in your Keeper Vault is encrypted. Generating and storing your 2FA codes in Keeper takes away the risk of threat actors being able to intercept them.

If you don’t already have a password manager, you can start a free 30-day trial of Keeper Password Manager to see just how secure and convenient it is to store and generate your 2FA codes.

Source: Keeper Security

G2 just released their Fall 2023 Reports, and Sophos is the only cybersecurity provider named a Leader across the G2 Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software and Managed Detection and Response (MDR). Additionally, G2 users also rated Sophos the #1 overall MDR and Firewall solutions.

Independent Sophos customer validation

G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform. In G2’s Fall 2023 Reports, Sophos was a named an Overall Leader in five categories, as well as a Leader in 10 individual market segment Grids:

• Endpoint Protection Suites: Overall, Enterprise, Mid-Market, and Small Business Grids
• EDR: Overall, and Mid-Market Grids
• XDR: Overall and Mid-Market Grids
• Firewall: Overall, Enterprise, Mid-Market, and Small Business Grids
• MDR: Overall, Enterprise, and Mid-Market Grids

We are honored that our services and products have been recognized by our customers and thank them for putting their trust in us.

Delivering defense in depth for today’s businesses

As adversaries have become more sophisticated and elusive, defenders should implement a defense-in-depth strategy that includes protection, detection, and response at every point along the attack chain to cover their entire environment. This layered approach should be inclusive of endpoint, network, email, and cloud security, as well as threat hunting and remediation services by security experts.

The fact that IT and security professionals recognize Sophos as the Leader across these key categories is validation that Sophos delivers the best and most comprehensive set of products and services required for modern day cybersecurity.

Uniquely, all Sophos customers are protected by Sophos X-Ops, a joint task force that brings together deep expertise across the attack environment from frontline threat hunters and incident responders to deep malware and AI specialists. Together they provide unparalleled insights into how threats are built, delivered, and operate in real time. Armed with this deep understanding, Sophos is able to build innovative, powerful, and effective defenses against even the most advanced threats.

Additional Sophos customer and analyst validation

Alongside our G2 recognition, Sophos solutions are widely recognized by customers and the analyst community, including:

Sophos Endpoint

• Named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 13th consecutive time

Sophos Extended Detection and Response (XDR)

• Recognized as the #1 overall leader in the Omdia Universe for Comprehensive Extended Detection and Response (XDR)

Sophos Firewall

• Named a 2022 Gartner® Customers’ Choice™ for Network Firewalls with a 4.7/5 rating on Gartner Peer Insights
• Recognized as a Strong Performer on the Forrester Wave

Sophos Managed Detection and Response (MDR)

• Named a 2023 Gartner® Customers’ Choice™ for Managed Detection and Response Services with a 4.8/5 rating on Gartner Peer Insights
• Top performer in the 2022 MITRE Engenuity ATT&CK Evaluation for Managed Services

Elevate your cyber defenses with Sophos

As the G2 ratings illustrate, Sophos provides unparalleled breadth and depth of protection. Our world-leading endpoint, network, email, cloud, and security operations solutions defend over 550,000 organizations from advanced cyberthreats, including ransomware.

Whether you’re looking to upgrade your firewall, enhance your endpoint defenses, streamline and accelerate your threat investigations, or add 24/7 human-led threat detection and response, we can help.

Our solutions are tremendous on their own – and even better together. Customers running both Sophos Intercept X Endpoint and Sophos Firewall consistently report that they are able to double the efficiency of their IT/cybersecurity team and realize a reduction of up to 85% in the number of security incidents that require investigation. With Sophos you can build a long-term security strategy with confidence. Wherever you start, and whatever your goals, Sophos can help you enjoy superior cybersecurity outcomes.

For more information on our services and products, speak to your Sophos partner or representative and visit our website.

Source: Sophos

Sophos Intercept X has been named a Customers’ Choice in the 2023 Gartner® Peer Insights™ Voice of the Customer report for Endpoint Protection Platforms.

Sophos earned a 4.8/5.0 rating in the report based on 451 verified reviews – no other vendor had a higher rating. Additionally, Sophos was recognized as the only Customers’ Choice vendor in the Education segment, and is also the only vendor named a Customers’ Choice across all industry segments in the report.

Access the full report here.

This latest recognition makes Sophos the only vendor to be named a Customers’ Choice in Endpoint Protection Platforms, Managed Detection and Response (MDR) Services, Network Firewalls, and Mobile Threat Defense in 2023 – a testament to Sophos’ ability to deliver a comprehensive, end-to-end cybersecurity platform protecting all facets of an organization.

Here are some examples of what customers had to say:

Prevent Breaches, Ransomware and Data Loss with Sophos Endpoint

Sophos Intercept X Endpoint works for you and with you, adapting your defenses in response to an attack. As threats increase in volume, complexity and impact, Sophos delivers better security outcomes for real-world organizations. To learn more, visit our website or speak to your Sophos partner or representative today.

Source: Sophos

In today’s digital world where organizations conduct the majority of their daily business and operations online, concerns about data privacy loom large. Customers are becoming more skeptical of how companies use their data, and governments and regulatory bodies are increasingly stepping in to regulate data collection. Consequently, the data privacy landscape is rapidly evolving, with industry and geographical data protection standards increasingly coming to the fore.

While the United States has the National Institute of Standards and Technology (NIST) Guide to Protecting the Confidentiality of Personally Identifiable Information, the European Union relies on the General Data Protection Regulation (GDPR) to protect personally identifiable information (PII) and consumer privacy. More region-wise laws and regulations, such as the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), are also coming into effect every year. There are industry regulations as well, like the Health Insurance Portability and Accountability Act (HIPAA) for the health sector and the Payment Card Industry Data Security Standard (PCI DSS) for the finance sector, that make the regulatory world more convoluted.

As businesses strive to successfully navigate this ever-evolving, complex data protection regulation landscape, this presents a unique opportunity for managed service providers (MSPs). By providing data compliance services for businesses, MSPs can offer better value for their customers and generate a new and future-proof revenue stream. However, given the complexity and breadth of the regulatory compliance market, it’s not an easy ask.

MSPs often struggle to provide profitable data compliance services to customers due to various reasons, such as the high costs involved in implementing data compliance services, complexity of the compliance solutions and lack of skilled professionals. While these challenges restrict many MSPs from entering the compliance market, the MSPs that already offer compliance services often do so by thinning their margins or even operating at a loss. That’s where the integration of Datto Workplace with Compliance Manager GRC can be a game changer.

Secure collaboration solution meets simplified compliance management

Purpose-built for MSPs, Datto Workplace is one of the most secure and efficient enterprise file sync and share (EFSS) platform available in the market today. The platform enables users to access their files and collaborate securely from anywhere, on any device. By integrating with Compliance Manager GRC — a compliance management software — Datto Workplace now offers easy-to-use and robust data compliance features that can help MSPs create a new revenue stream or expand the margins on their existing data compliance services.

Users often store sensitive data in working files to achieve their productivity goals. By identifying, tagging and summarizing those PII data, Datto Workplace’s PII scan and summary feature prevents that data from getting leaked and empowers the business (your client) to stay compliant. Powered by Compliance Manager GRC, this feature automatically scans files and folders for sensitive data and PII, like Social Security numbers (SSN), U.S. driving licenses, birth dates and Automated Clearing House (ACH) numbers. It then flags and tags the files containing PII to bring heightened security awareness and provides a detailed PII summary report.

Notably, this unique automated feature of the platform also helps you to reduce your technicians’ workloads by up to 50% and eliminates the need for compliance-specific skill sets. For instance, another way to identify PII data in files and folders is by using Microsoft 365’s innate feature. However, it’s a manual and cumbersome process that requires up to 51 custom search queries to be created and maintained, which should then be followed by manual search results tracking.

Offer data compliance services at a healthy margin

MSPs can get this feature at a predictable, low cost. Datto Workplace and Compliance Manager GRC have flat-fee subscription models with no hidden or surprise costs to shock you. You get an immediate return on investment with larger margins without any CAPEX investment.

Datto is the world’s largest vendor of proven, reliable and secure BCDR solutions for MSPs. Go the Datto way, offer cost-efficient data compliance services to your clients and take your MSP game to the next level.

Source: Datto

Sophos Email has everything you’ve come to expect from a world-class email security solution.

It leverages the most advanced threat intelligence, behavioral analysis, machine learning, and reputation analytics to keep malicious email from ever reaching your users’ inboxes.

But it doesn’t stop there: state of the art language processing, display name analysis, look-a-like domain checks, and post-delivery protection put a stop to benign-looking messages that later turn out to be malicious.

Add to that an entire suite of data loss prevention and encryption tools, Microsoft 365 integration, powerful message handling features, and shared threat intelligence with other Sophos products that enables you to identify previously unseen indicators of compromise and remove suspicious files across environments.

It’s a core pillar of our portfolio that extends visibility across Microsoft 365, cloud server workloads, endpoints, the network and more.

But we’re not slowing down one bit. In fact, we’ve recently accelerated Sophos Email development to include a host of new features and technologies.

On-demand clawback

Sophos Email post-delivery protection automatically removes messages containing attachments and URLs that are benign at the time of delivery but later become active and malicious.

With on-demand clawback, administrators can now manually remove any message from users’ inboxes with the click of a button in the Sophos Central admin console. No more wading through Microsoft Exchange or security consoles and having to run PowerShell scripts.

This feature is available to all customers running Microsoft 365 with post-delivery protection enabled. It’s a great tool for removing messages that might not be malicious but that may contain sensitive or confidential information.

The next evolution of our clawback capabilities will be our API and alerting into the Managed Detection and Response (MDR) Console, which is due out this quarter and will provide our MDR analysts with the ability to remove threats and stop active malicious email campaigns directly from their consoles.

Mail flow rules (MFR) tamper protection

Also for Microsoft 365 customers is our new mail flow rules tamper protection. Changes to mail flow rules can inadvertently break mail flow. This new feature alerts customers and provides one-click resolution, restoration, and correction to configurations and mail flow.

Google directory sync

Using Google Workspace instead? We’ve added directory synchronization features that make it a snap to keep your Workspace users and mailboxes up to date inside the Sophos Central console. No need for manual configuration or roundabout synchronization with Microsoft Azure first.

Admin access to end-user lists

And that’s not all. We’ve added a new and highly-requested feature: admin access to end user allow and block lists, complete with import, export, and the ability to search, add, and delete entries directly from within the Sophos Central console. This feature was one of the top customer and field requests over the last 18 months and will reduce support tickets while enhancing the experience for both admins and end users.

And there’s more!

I’m from South Louisiana, so we call this “lagniappe” (a little extra).

We’ve also added new smart banners for plain-text messages and messages that might be unscannable due to key-signing, password protection, or encryption. And coming in the Q3 timeframe, we’re adding the ability to control which languages and countries of origin are allowed to deliver email to inboxes.

And that’s just the beginning. Check out Sophos.com/Email for further enhancements or reach out to your Sophos rep with any questions.

Source: Sophos

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced it has been named a Customers’ Choice for Managed Detection and Response (MDR) in the inaugural Gartner® Voice of the Customer Peer Insights™ report. Sophos received an overall customer rating of 4.8/5, based on 261 reviews, as of May 31 2023, with verified customer reviews praising the service.

The report highlights that Sophos was one of the vendors to receive the highest “Willingness to Recommend” score at 97%, and was also named Customers’ Choice for MDR in the Midsize Enterprise segment, which Gartner ranges between $50 million to $1 billion.

“Regardless of their size and target market, organizations are in the cross-hairs of cyberattackers and need constant 24/7 monitoring, threat detection and response as part of their cybersecurity strategy. The overwhelmingly positive response in the new Gartner Peer Insights report is, in our opinion, indiciative of the trust our customers have in us and the quality of our human-led threat detection and response expertise,” said Rob Harrison, vice president of product management at Sophos. “Our customers’ response also demonstrates the value of our MDR service’s unique ability to integrate and manage existing multi-vendor security environments in a range of markets, including larger, mid-market enterprises.”

Select Sophos MDR customer quotes from the report include:

• “Having Sophos support their own endpoint, firewall, and email security products with their own staff’s MDR service has taken our confidence in their critical responses to a new level,” said an IT manager in the manufacturing industry
• “Stop working so hard. Let Sophos MDR do it,” said a director of IT in the software industry
• “Knowing we have a team watching our organization 24/7/365 gives comfort,” said a manager of cybersecurity and government, risk and compliance in the manufacturing industry

Sophos MDR is the most widely used MDR offering with more than 17,000 customers across all industries, and is the most reviewed MDR solution on other Gartner Peer Insights and G2 reports. It is the only MDR service that can be delivered across end users’ existing third-party security deployments as well as Sophos offerings. Sophos recently launched Sophos MDR for Microsoft Defender, a fully-managed offering that provides the industry’s most robust threat response capabilities for organizations using Microsoft Security. The solution adds a critical layer of 24/7 protection across the Microsoft Security suite of endpoint, SIEM, identity, cloud, and other solutions to safeguard against data breaches, ransomware and other active adversary cyberattacks.

Vendors placed in the upper-right quadrant meet or exceed both the market average Overall Experience and the market average User Interest and Adoption.

A complimentary copy of the Gartner Peer Insights Voice of the Customer: MDR Services report is available for additional information.

Source: Sophos

There are many different types of phishing scams, but email remains the most common of them all. Responding to a sender, clicking on a link, or downloading a file that may not be trustworthy can lead to data corruption, leaked confidential information, and infected devices or networks.

Read the tips below or scroll down to view the full infographic.

Here is how to avoid becoming a phishing victim:

1.INSPECT THE SENDER’S EMAIL ADDRESS

Phishing involves using email addresses that contain suspicious elements to target victims, even sometimes spoofing a well-known site or brand. Be on the lookout for changed or added words or characters, as well as misspelled words within a domain name.

2.EXAMINE THE MESSAGE’S GREETING AND TONE

Be wary of emails that utilize a generic greeting and an urgent tone. Phishing emails target many people at once and implore the recipient to take immediate action, usually without a personalized opening line.

3.LOOK FOR VERIFIABLE SENDER CONTACT INFORMATION

Avoid responding to emails that don’t contain any return contact information for the sender, such as a phone number, email address, or office location.

4.DON’T SEND SENSITIVE INFORMATION VIA EMAIL

Even if the email has an urgent tone, never divulge confidential information in reply to an email. Cyber criminals leverage social engineering techniques to obtain personal data like names, addresses, banking information, and more that can be used for fraudulent activity.

5.AVOID CLICKING ON UNEXPECTED LINKS

Don’t click on links that come from unfamiliar email senders or organizations. You may be redirected to a website or start a download that can compromise your data or infect your device.

6.AVOID OPENING UNTRUSTWORTHY EMAIL ATTACHMENTS

Avoid opening email attachments from untrustworthy senders or simply to satisfy your curiosity. Suspicious attachments can be carriers of malware and ransomware payloads that can corrupt your data and harm your device.

7.INSTALL A PHISHING FILTER FOR YOUR EMAIL CLIENT

Ensure that you have a phishing filter that works with your desktop email software of choice. You can also install one for use in your browser. While it won’t keep out all phishing messages, it will greatly reduce the number of attempts that show up in your inbox.

95% of data breaches are due to human error.

Source: Fortra

Sophos has released The State of Ransomware in Education 2023, an insightful report based on a survey of 400 IT/cybersecurity professionals across 14 countries working in education. The findings reveal the real-world ransomware experiences of the sector.

Rate of attack and data encryption

The education sector reported the highest rates of ransomware attacks of all the industries surveyed. 80% of lower education providers and 79% of higher education providers reported that they were hit by ransomware in the 2023 survey, up from 56% and 64%, respectively, in our 2022 survey. The 2023 rates of attack are more than double than reported in our 2021 survey, when 44% of education providers experienced a ransomware attack.

Data encryption in the education sector has continued to rise: the rate in lower education has gone up from 72% to 81% year over year. Higher education reported a 73% rate of data encryption, similar to the 74% reported the year before.

18% of attacks in lower education were stopped before the data was encrypted, down from 22% the year prior. Encouragingly, higher education reported an increase in the rate of attacks stopped before data encryption, up from 22% in the 2022 report to 25% in the 2023 report.

Of the lower education organizations that had data encrypted, 27% said their data was also stolen. This figure reached 35% in higher education, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

Root causes of attacks

Compromised credentials (36%) and exploited vulnerabilities (29%) were the top two most common root causes of the most significant ransomware attacks in lower education. Emails (malicious emails or phishing) were the starting points for nearly one-third of the attacks (30%), suggesting that the sector is highly exposed to email-based threats.

In higher education, exploited vulnerabilities (40%) were the most common root cause of ransomware attacks, followed by compromised credentials at 37%. Together, they account for over three-quarters of ransomware attacks (77%) in higher education. Email-based attacks (malicious email or phishing) are a less common root cause but still drive almost one in five ransomware incidents (19%).

Data recovery and the propensity to pay the ransom

All higher education and 99% of lower education organizations got their encrypted data back, higher than the 97% cross-sector average.

73% in lower education used backups for data recovery, while almost half (47%) paid the ransom. Higher education was among the bottom three sectors globally for backup use, with only two-thirds (63%) reporting the use of backups for data recovery. The sector also reported one of the highest rates of ransom payments for data recovery at 56%.

While the cross-sector recovery costs increased year over year, in lower education, they have remained level ($1.59M in the 2023 report vs. $1.58M the in 2022 report). In higher education, recovery costs have dropped considerably from the $1.42M reported in the 2022 survey to just over $1 million in the 2023 survey, suggesting that as ransomware rates increase, higher education organizations are getting better at recovering from attacks and are able to do so at a lower cost.

Read the full report here.

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

1. Strengthen defensive shields, including:

• Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
• Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
• 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider

1. Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
2. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 400 in the education sector: 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and including both public and private sector education providers. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Source: Sophos

An elite team of incident response experts on standby to get you back to business quickly in the event of a breach.

I’m proud to share that, for the fifth consecutive year, BeyondTrust has been recognized as a Leader in the Gartner® Magic Quadrant™ for Privileged Access Management! This year, BeyondTrust was recognized as one of only three PAM Leaders and was also positioned highest in Ability to Execute.

In our opinion, this Gartner® recognition validates BeyondTrust’s dynamic market adaptation, powerful product features, and the earned trust placed in us by a substantial and contented customer base. We believe receiving recognition for five years running as a PAM Leader in the Gartner® Magic Quadrant™ also reflects our commitment to innovation, deep understanding of evolving market needs, and relentless dedication to our customers.

Gain complimentary access to the report and read it for yourself anytime here.

Read on for our view on key takeaways from the 2023 PAM MQ™.

Thank you for an Incredible Year—More Awaits in 2024

2023 has been a monumental year for BeyondTrust. We released significant new solutions and saw incredible customer and community growth. There are many trends and capabilities to consider, but you don’t need to go it alone. We’re pleased to provide access to the 2023 Gartner® Magic Quadrant™ for Privileged Access Management to help you evaluate solutions against your unique objectives and requirements. Download your complimentary copy of the report.

Source: BeyondTrust

Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.

Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.

Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.

Join Beta Program

Keeper Security Privileged Access Management (PAM) Insight Report

Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:

• 87% of respondents said they would prefer a simplified version of PAM that is easy to deploy and easy to use.
• 68% of respondents said their current PAM solution has several features they don’t need.
• 84% said they want to streamline their PAM solution in 2023.

KeeperPAM is Revolutionizing Privileged Access Management (PAM) 

With KeeperPAM, credential rotation is simple:

• No cumbersome installs
• No need to open firewalls
• No need to create certificates
• No need to make network changes
• No agents are required
• No need to open any external ports, the solution uses SSL to communicate with Keeper
• No command line tools or scripting needed
• On-demand and automated rotation with a flexible schedule
• Rotate on-premises and cloud credentials/records
• Flexible post-rotation actions

Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM –  delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.

Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.

Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.

Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.

Password Rotation Features

• Automatically rotate credentials for machines, service accounts and user accounts across your infrastructure
• Schedule rotations to occur at any time or on demand
• Perform post-rotation actions such as restarting services, or running other applications as needed
• Secure storage of credentials in the Keeper vault
• Control and audit access to credentials
• Log all actions to Keeper’s Advanced Reporting and Alerts Module (ARAM)
• Create compliance reporting on shared privileged accounts

How KeeperPAM Password Rotation Works

Establish a Gateway

Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.

The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.

Vault Configuration

Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.

Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.

Source: Keeper Security

Business continuity, as defined by TechTarget, “is an organization’s ability to maintain critical business functions during a disaster.” There are many types of events that qualify as a disaster, including security breaches, natural disasters, supply chain disruptions and pandemics. Among these, an often overlooked critical event is the loss of internet connectivity.

For nearly all businesses, loss of internet connectivity means operations halt. For example, if the internet connection goes down, a retail organization cannot process payment cards. If a law firm loses internet connectivity, attorneys and paralegals cannot access critical online resources like Westlaw. Bottom line — business continuity is dependent on internet connectivity.

The National Institute of Standards and Technology (NIST) defines resilience to include “the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.” From a strategy and planning perspective, not only your IT systems but also your network needs to be resilient to function during and rapidly recover from major disruptions, which would include loss of internet connectivity.

This brings us to Datto and Datto’s commitment to business continuity and disaster recovery (BCDR). For years, Datto has been world-renowned for its BCDR and cybersecurity solutions — all designed to maintain business continuity. What’s often overlooked is Datto’s Networking solutions that also incorporate Datto’s vision of resilience and business continuity.

An example of this is the Datto Networking Appliance (DNA). Now available in Europe and Asia-Pacific, Datto DNA is an integrated, all-in-one secure router that features seamless and automatic failover to 4G cellular internet connectivity should the main internet connection go down. This ensures businesses can continue utilizing online services as if nothing disruptive happened at all.

The Datto DNA secure router adds firewalling (1.7 Gbps throughput), Layer 7 deep packet inspection, intrusion detection/prevention (IDS/IPS), web content filtering and more all into one desktop appliance. All of this gives businesses resilient, defense-in-depth security in one easy-to-use appliance.

As for routing, the Datto DNA features Layer 7 traffic management, hosted VoIP support, port aggregation, traffic shaping, support for up to eight VLANs and more, giving small businesses plenty of advanced routing features that optimize network traffic capacity while reducing network congestion and failure.

Integrated Wi-Fi provides fast and secure wireless LAN connectivity, eliminating the need to purchase additional wireless access points.

Cloud-based management, configuration, setup and ongoing management of the Datto DNA is handled via Datto Network Manager. With it, setting up a network can be done in minutes, not hours or days. Furthermore, new integrations with Datto Network Manager and Autotask allow you to manage alerts from Datto Network Manager and create Configuration Items (assets) for your networking devices in your Autotask database.

When your business absolutely, positively has to be connected online, you need resilient networking solutions that ensure business continuity. The Datto DNA secure router embodies this vision from Datto and is a perfect example of what resilient networking is all about. Your business runs on the internet, and if that connection fails, business stops. When it comes to internet connectivity, with Datto, failure is not an option.

Source: Datto

Skilled adversaries don’t break in. They log in.

Organizations that have invested in the Microsoft Security suite still need to protect against these advanced, human-led attacks that technology alone cannot prevent. However, the sheer volume of alerts generated by Microsoft security technologies, together with the complexity of the threat landscape and widespread shortage of in-house expertise and capacity, means that delivering effective security operations is an uphill task for most organizations:

• 71% of security teams struggle to determine which security alerts to investigate among the noise generated by their tools
• 52% of leaders say cyberthreats are now too advanced for their organization to deal with on their own, rising to 64% in small businesses
• The median threat response time is 16 hours, leaving attackers significant time to operate within the network

Introducing Sophos MDR for Microsoft Defender

Increasingly, organizations running Microsoft Defender are turning to specialist MDR providers such as Sophos to extend their cyber defenses. Given this pressing need, I am excited to announce the availability of Sophos MDR for Microsoft Defender. With this service, over 500 Sophos analysts monitor, investigate, and respond to Microsoft security alerts 24/7, taking immediate action to stop confirmed threats.

• Detect advanced threats using a wide range of Microsoft Security event sources together with proprietary Sophos detections and human-led threat hunts
• 24/7 expert-led threat response quickly stops attacks and terminates threats
• Integration with non-Microsoft security tools (Sophos or other providers) expands visibility and accelerates investigation response across the entire environment

With our experts taking care of security operations, organizations running Microsoft Defender can reduce cyber risk, increase the impact and efficiency of their existing security investments, and improve insurability.

Unparalleled visibility that delivers accelerated detection and response

The more we see, the faster we act. Unlike other MDR offerings that limit support to Microsoft Defender for Endpoint or Microsoft Sentinel, Sophos MDR leverages signals from the full Microsoft Security suite, including:

• Microsoft Defender for Endpoint
• Microsoft Defender for Identity
• Microsoft Defender for Cloud
• Microsoft Defender for Cloud Apps
• Identity Protection (Azure Active Directory)
• MS O365 Security and Compliance Center
• Microsoft Azure Sentinel
• Office 365 Management Activity

Microsoft security solutions are only one part of a threat detection stack that typically includes firewalls, identity solutions, email security tools, NDR platforms, and public cloud security tools. Sophos MDR for Microsoft Defender provides a holistic approach to cybersecurity operations, integrating with almost any technology investment that generates security alerts – including tools from Microsoft, Sophos, and dozens of other providers.

By consolidating and correlating cross-product and cross-vendor telemetry in the Sophos XDR Data Lake, Sophos MDR increases the detection capability of our customers’ security stacks beyond the sum of the individual parts while also maximizing ROI on existing security investments.

Putting the R (Response) into MDR for Microsoft Defender

Identifying a threat is just part of the security operations process; unless you respond in a timely and effective manner, you remain fully exposed to attack. Yet all too often, third-party providers offer only minimal threat response capabilities in Microsoft Defender environments.

Sophos MDR for Microsoft Defender is different. It includes full threat response, containing threats to disrupt malicious activity. The non-exhaustive list of response actions that our analysts are capable of with Sophos MDR for Microsoft Defender includes:

• Terminating processes
• Disabling user accounts
• Forcing log off of user sessions
• Isolating host(s) utilizing Sophos Central
• Applying host-based firewall IP blocks
• Removing malicious artifacts

With Sophos MDR, you can relax knowing that we don’t just tell you about issues, we deal with them for you.

Future-proof your Microsoft defenses with the world’s most trusted MDR service

Testament to the superior outcomes our customers enjoy, Sophos MDR is the world’s most popular and most reviewed MDR solution, with a 4.8/5 rating on Gartner Peer Insights as of July 10, 2023, and a top rating on G2.

We secure more organizations than any other MDR provider, and this extensive experience across all industries and sectors enables us to provide unique “community immunity” to all our customers.

To learn more about Sophos MDR for Microsoft Defender and how it can support you, visit our website, read the service brief, or speak with a security expert today.

Source: Sophos

Today, companies all around the globe use Microsoft 365 cloud services and the advantages are self-evident. Companies no longer need to operate their own infrastructure to provide services on site. Programs and tools obtained simply via the cloud can be scaled easily and cost-effectively in line with user numbers. Especially when compared to a dedicated on-premises system, administration requires fewer IT resources. In addition, the service comes from a trusted, reliable provider. What’s more, whether you’re using Outlook as a mail client or Teams as a digital meeting room, all communication services are located on the same platform. By and large, Microsoft’s office software from the public cloud offers a wealth of communication and collaboration features at a reasonable price.

Nevertheless, companies are advised to install additional solutions for archiving and backing up emails in order to protect the business data they contain and keep this information available in the long term. Indeed, many companies are unaware that Microsoft 365 does not automatically archive and back up email data and, furthermore, that the archiving features built into Microsoft 365 do not offer the scope of services that can be expected from a professional third-party email archiving solution.

Reasons for Using a Professional Email Archiving Solution

The primary objective of any email archiving solution is to store copies of all a company’s emails including file attachments over time in a form that is faithful to the original, quick to find, and permanently available. This enables a company to make optimum use of email as an information resource and reap the many benefits available. Among other things, a professional email archive helps prevent data loss, cut storage demands on the mail server, reduce the workload on an IT team, and comply with the statutory and regulatory requirements governing the retention of business-relevant documents.

Summary of the Archiving Options Available in Microsoft 365

Microsoft offers several different options for securing emails depending on the plan chosen (Business Standard, Business Premium, Enterprise). Some of these features are provided free of charge as part of the basic Microsoft 365 package, while others are included only in the more expensive Enterprise plans. Below is a summary of the native archiving features in Microsoft 365:

• PST Archiving

Users can move emails to PST files and store them locally on their own computer or in the cloud.

• “Archive” Button in Outlook

The “Archive” button allows users to move emails to an archive folder. The emails remain in the Outlook mailbox; only the storage location of the emails change.

• Archive Mailbox Without Exchange Online Archiving

The archive mailbox is a separate mailbox with its own storage capacity to which emails can be moved. This archive mailbox must be set up by an administrator.

• Archive Mailbox With Exchange Online Archiving

With Exchange Online Archiving (EOA), users can move their emails to a separate archive mailbox to which administrators can apply their own archiving and retention policies.

Limitations of the Native Archiving Capabilities of Microsoft 365

However, IT decision-makers need to be aware of certain limitations concerning Microsoft 365’s on-board archiving options. Above all, in terms of security of storage, the use of PST files or the “Archive” button does not protect against data loss. Likewise, the separate archive mailbox provided in M365 (when not using Exchange Online Archiving) does not meet all the criteria of a professional email archiving solution. Only the archive mailbox that comes with Exchange Online Archiving (EOA) supports the functions and features required for professional email archiving, such as retention policies, legal holds and eDiscovery options. However, Exchange Online Archiving is only included in the more expensive M365 plans such as Business Premium and the upscale Enterprise plans.

The “Shared Responsibility” Model

Microsoft applies a policy of shared responsibility to its Microsoft 365 services. As such, Microsoft is responsible for ensuring that services under the Microsoft 365 label are permanently available and are offered redundantly. However, Microsoft does not consider itself responsible for protecting and retaining the data of its customers, and this also applies to any data contained in emails.

Due to the shortcomings and limitations that exist in M365 (depending on the selected archiving function) and the fact that customers are responsible for protecting and retaining their own email data, a professional third-party email archiving solution should be used.

What to Consider When Choosing an Email Archiving Solution for Use with M365

An email archiving solution can be a key element in terms of the long-term protection and retention of business emails. But the decision as to which solution is most compatible with the needs of a business is not always an easy one. Decision-makers are advised to examine the following criteria before choosing archiving software:

Independence From Microsoft

Without an external email archive, users will not be able to access their own emails if the Microsoft Office 365 service fails. A third-party solution will ensure that a vendor lock-in is avoided and the company’s emails will remain accessible even if the M365 service fails.

Self-Service for the End User

Some professional email archiving solutions provide users (not just the administrator) with a fast and efficient means of searching the email archive, as well as the ability to restore emails quickly and simply. This can relieve the burden on an IT team as they no longer need to be contacted to deal with such issues.

Protection Against Data Loss and Manipulation

Emails should be protected against accidental or malicious deletion; if they are not, compliance with legal requirements can be problematic. Even if Microsoft 365 is essentially capable of restoring data erased by mistake, situations can arise that impede or even seriously jeopardize daily business operations.

Compliance With Privacy Laws

When used appropriately, certified email archiving solutions ensure that emails are always processed in accordance with the relevant data privacy laws. Especially since the EU GDPR  came into force, data privacy has been the focus of public attention. Even in countries outside the EU, increasing attention is being paid to this sensitive matter.

Reasonable Total Cost of Ownership (TCO)

Microsoft’s most powerful archiving option (Exchange Online Archiving) is included only in specific M365 premium plans that are generally tailored to the needs of larger businesses. Microsoft 365 plans tailored to small and mid-sized businesses (SMBs) do not include Exchange Online Archiving and this would need to be added as an extra paid service. In this case, a third-party solution could be more affordable.

The Benefits of Independent Email Archiving Software

Third-party solutions can provide extra benefits over and above Microsoft’s native email archiving capabilities:

• An independent archiving solution allows content from email sources other than Microsoft 365 to be stored within the same archive. Managing several archiving solutions at the same time usually increases the cost and complexity of retaining business records. Using a central archive reduces the number of solutions that need to be administered by the IT team and searched through by users.
• Using an archive that is independent of the Microsoft 365 platform makes it easier to follow the 3-2-1 rule, which states that an organization should keep three copies of its data: two locally and one at a remote location separate from the primary system on which the data is created and stored.
• Many third-party archiving solutions support email de-duplication, which can significantly reduce storage requirements.
• Indexing a larger number of file types makes it easier to search for and retrieve emails and file attachments.

Conclusion: Third-Party Email Archiving Is a Necessary Addition to Microsoft 365

Although Microsoft 365 is doubtlessly a reliable, powerful and versatile platform, it does have its limits in terms of email archiving, and decision-makers in SMBs need to consider these shortcomings carefully. Business leaders and IT managers who are unaware of the facts are exposing themselves to unnecessary risk. A professional third-party email archiving solution can mitigate, even eliminate these risks altogether and should, therefore, be considered.

To assist companies in finding a suitable email archiving solution for use of Microsoft 365, the market research institute Osterman Research has produced a white paper on how small and medium-sized businesses that use Microsoft 365 can adequately protect their business email communications. The white paper explores which email archiving options exist, the risks to email data when using Microsoft 365, and what features your organization needs in order to adequately protect and manage the data contained in emails.

Are you interested in finding out more about the results and guidance contained in the white paper of Osterman Research?

Download Here

FAQ

What Options Do Companies Have for Archiving Their Emails in Microsoft 365?

Microsoft provides several options for archiving emails in M365. They include the “Archive” button in Outlook, storing emails in the form of PST files, and using an archive mailbox that has to be configured separately (with or without Exchange Online Archiving). Alternatively, a professional third-party email archiving solution can be used.

Does Microsoft 365 Automatically Archive Emails?

No. Emails are not archived automatically in Microsoft 365. M365 users must take responsibility for securing their emails themselves and decide which email archiving option best meets their corporate and, potentially, legal requirements.

Do Companies Need to Archive Their Emails in Microsoft 365?

Yes. Emails containing business-critical information should always be archived to protect this precious information resource and exploit it to the full. As a rule, legislators also impose legal requirements on the retention of business-relevant emails and on data privacy, both of which render the use of a professional email archiving solution essential.

Is It Sufficient Just to Create Backups of My Emails in Microsoft 365?

No, the purpose of a backup is to save data (e.g. emails) and systems (e.g. the email server) regularly in the short and medium term, and is primarily a means of disaster recovery. Any data produced or modified between two storage cycles will not be protected against loss and manipulation. First and foremost, the objective of any email archiving solution is to store copies of all emails including their file attachments for many years in a form that is faithful to the original, quick to find, and permanently available. This is essential in order to fully exploit the precious information resource that is email, while meeting the laws governing the storage of emails and data privacy.

Source: MailStore

There are an incredible, and increasing number, of electronic signature tools and GlobalSign has been recognized as a Strong Performer for electronic signatures in the Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature.

Documents Signed with Confidence, Integrity, and Trust

If you stopped to think about the importance of a signature to you and your business, there are probably several reasons you may want to introduce and incorporate electronic signatures into your business including efficiency, regulatory compliance, and increased security.

Behind strong business best practices is a robust digital signing solution. “The “Voice of the Customer” is a document that synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers.  This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process, as it focuses on direct peer experiences of implementing and operating a solution.”

“This document will highlight some key insights for the electronic signature market based on 18 months of reviews, and will also point you to particular ways to use the site in your buying process.”

The “Voice of the Customer” report can play a key role in your buying process, as it focuses on direct peer experiences of buying, implementing and operating a solution.

Promoting Strong Business Best Practices with a Strong Signing Solution

Behind strong business practices is a strong signing solution, and with 95% of customers willing to recommend GlobalSign based on 43 reviews as of 31 October 2022, we have been named as a Strong Performer in the 2022 Gartner® Peer Insights™ “Voice of the Customer” report.

GlobalSign’s Digital Signing Service (DSS) helps organizations to sign quickly, easily, securely and with confidence. Through one API integration, DSS is designed to provide a solution which compliments your workflow to boost business efficiency, meet national and industry-specific regulations and provide scalability to your business.

Learn more about Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature and download your complimentary copy of the report.

Source: GlobalSign

The supply chains of today’s global economy rely heavily on technology and information systems to deliver finished goods and services to the end user. However, for all the benefits of a hyperconnected economy this introduces, supply chains also carry with them a high degree of risk.

Systems typically have vulnerabilities which, if exploited by cybercriminals, can have a far-reaching impact. Attacks on the supply chain have risen by over 600%, according to a recent study by Interos, and groups of threat actors (like Magecart) are leveraging supply –chain-specific exploits that make headlines with high-profile attacks.

It’s no wonder that securing the digital supply chain has become a high priority for organizations who want to avoid disruption, protect sensitive data, and prevent brand damage.

Securing Your Partners

Enterprises should begin by identifying and understanding the risks brought in by each of their business partners. Security leaders need to assess the security controls in place, the mitigating and compensating controls, and how each vendor monitors their risk posture. This needs to be done for each business partner — there can be no weak link.

Typically, this is done by asking each partner to fill out a questionnaire, which can vary from a couple dozen questions to over one hundred. While potentially tedious, the purpose is to understand the risk of doing business with a particular partner and determining whether or not to accept that risk. Some companies are even issuing a “FICO score for cybersecurity”, which assigns a safety rating to each party.

Securing Your Own Organization

Organizations should also assess their own security culture. Every organization has within their security strategy prevention and detection controls. However, it is vital to continue to improve the culture of security awareness as human error continues to be one of the top drivers of a breach. In fact, 74% of all breaches are due to the human element, according to the 2023 Verizon Data Breach Investigation Report (DBIR).

One of the best ways to combat human error is with education. At this point, there is still much to learn about securing your enterprise from outside risks. Security awareness training for third-party risk management can help you understand the security shortcomings of a potential partner before taking on that risk.

Similarly, in-house security awareness training can help companies make sure they are not the ones putting others at risk. These programs identify and improve areas of security weakness so that employee behaviors don’t become a liability for the company or any of its partners downstream. This may entail adding phishing simulations, implementing new ways of engaging employees, and modifying communication strategies regarding current tactics being used by bad actors.

Companies should also take note of how their security team engages with the business. This will reveal if they are treated as functional partners, or if there are silos causing employees to view cybersecurity issues as an “IT only” problem.

Currently, the top areas of supply chain weakness involve cloud storage, databases, and compromised credentials. Those are areas touched every day by everyday employees, so it is those same employees that need to do the work to interact with those things safely. Improving the overall security culture will greatly reduce the chance of compromise as employees learn the warning signs of danger.

Securing Your Software Development Cycle

The software development process is another area that should be assessed within the context of a secure supply chain.

This is an area which will demonstrate if the security team is perceived as a valuable business partner or an inhibitor. For example, open-source code is popular to use as it can fast-track projects. However, there are no guarantees that open-source libraries have had proper security inspection.

If there is a good relationship, the business will engage the security team early in the process. They see the value in doing application security testing early because it surfaces vulnerabilities that teams can patch. This sets a course for them to then continue the process throughout the development cycle.

However, if security doesn’t get engaged until the end of the cycle, it’s usually a sign that either something is broken within the process or that security practices aren’t adequately valued. By engaging security only at the end, there is the risk of delays due to critical vulnerabilities. These flaws need to be patched, and this can lead to other issues such as delays in delivery and strained relationships between the business and the security team.

Enterprise Security Is Now a Team Sport

Supply chain security isn’t new, and most security leaders are going to struggle with it. Up until a few years ago, it may have even been a manageable affair. However, with the tech boom of the past few decades and the accelerated pace of the digital revolution, it is a problem that is growing bigger every day.

While secure supply chain management is something that will never be perfect, it’s up to each organization to do their due diligence before entering into business partnerships. A company’s fate becomes the same as its least protected partner, so vetting for cybersecurity weaknesses before signing the contract is an understandable and necessary part of doing business today.

That is why it is every organization’s responsibility to assess not only their partners, but themselves. In a digitally connected supply chain, what happens to one can affect everyone else. Companies should hold all partner organizations to high standards of industry security and expect the same of their own teams. After all, they may be part of someone else’s supply chain.

Source: Fortra