News
An elite team of incident response experts on standby to get you back to business quickly in the event of a breach.
With tangible ‘readiness’ now a key component for cyber resilience, I’m excited to announce the launch of the Sophos Incident Response Services Retainer. It provides all organizations (whether an existing Sophos customer or not) with speedy access to Sophos’ industry-first fixed-cost incident response service in the event of a breach.
The retainer also includes external vulnerability scanning and critical preparedness guidance, enabling organizations to proactively improve their security resilience by pinpointing and resolving issues that reduce the likelihood of a breach in the first place.
Every Minute Counts
The need for go-to incident response support that can activate immediately has never been higher, as revealed in the latest analysis of Active Adversary behavior by Sophos X-Ops:
- The median dwell time in ransomware attacks fell from nine days in 2022 to five in the first half of 2023
- Attackers take just 16 hours on average to reach Active Directory (AD)
- 90% of ransomware attacks occur outside standard weekday business hours
The Sophos retainer cuts red tape, allowing Sophos incident responders to quickly jump into active cyberattacks to investigate and remediate them, minimizing business impact.
The Importance of Preparedness
Planning and preparedness are complementary elements of an incident response strategy. Having a plan is essential, but you also need to be prepared to implement that plan at short notice – and as the research shows, more likely than not outside standard working hours. The Sophos Incident Response Services Retainer gives you on-demand access to a team of incident response experts that will rapidly stop active attacks and get you back to normal operations.
Reducing Cyber Risk for All Organizations
The Sophos Incident Response Services Retainer is available to non-Sophos organizations as well as customers already using Sophos’ endpoint, XDR, network, email, and other security products, or Sophos MDR Essentials. Endpoint configuration health checks and device audits are also included in the retainer for existing Sophos customers.
Organizations that prefer broader services in one package can purchase Sophos MDR Complete, which automatically includes full-scale incident response.
To learn more about this exciting new service, read the Service Brief and speak to your Sophos representative or partner.
Source: Sophos
The Sophos Network Security Team is super pleased to announce a new product integration between Sophos ZTNA and Sophos Firewall.
With the recent release of SFOS v19.5 MR3 and an update today to Sophos Central, Sophos Firewall customers can now take advantage of the new integrated ZTNA gateway in their Sophos Firewall.
This integration makes ZTNA deployments easier than ever by not requiring a separate ZTNA gateway VM to be deployed in order to provide secure access to applications, systems, and data behind the firewall. Essentially, your Sophos Firewall now also serves double duty as a ZTNA gateway.
There are many benefits to this approach
- It reduces your hardware footprint and will ensure you do not have to invest in other platform licenses or hardware resources when deploying ZTNA
- It works everywhere a Sophos Firewall is deployed – head offices, branch offices, public cloud (Azure or AWS)
- Rapid deployment – in just a few minutes
- It works with firewalls in high availability (HA) mode for added resiliency and redundancy
- It enables easy remote management of your firewall via SSH or the Webadmin portal without exposing these to the WAN – greatly reducing your surface area of attack
- It’s free – there is no change in licensing and agent behavior: your ZTNA agents will work seamlessly across any of our gateway platforms – now including Sophos Firewalls
The early access program (EAP) will run from now until October 5th, 2023.
What you will need
- Sophos Firewall v19.5 MR3 (recently released)
- Sophos ZTNA term license account or a free trial (MSP Flex licensed customers can use this following GA in October)
- Role-based access control for both Firewalls and ZTNA
Getting started
Log into your Sophos Central Account to get started. Review the documentation and stop by the community forums to discuss the release. If you’re new to Sophos ZTNA, learn more at Sophos.com/ZTNA.
Source: Sophos
I’m proud to share that, for the fifth consecutive year, BeyondTrust has been recognized as a Leader in the Gartner® Magic Quadrant™ for Privileged Access Management! This year, BeyondTrust was recognized as one of only three PAM Leaders and was also positioned highest in Ability to Execute.
In our opinion, this Gartner® recognition validates BeyondTrust’s dynamic market adaptation, powerful product features, and the earned trust placed in us by a substantial and contented customer base. We believe receiving recognition for five years running as a PAM Leader in the Gartner® Magic Quadrant™ also reflects our commitment to innovation, deep understanding of evolving market needs, and relentless dedication to our customers.
Gain complimentary access to the report and read it for yourself anytime here.
Read on for our view on key takeaways from the 2023 PAM MQ™.
Our View: Key Takeaways from the 2023 Gartner® Magic Quadrant™ for Privileged Access Management
Gartner® Magic Quadrant™ research methodology provides a graphical competitive positioning of four types of technology providers in fast-growing markets: Leaders, Visionaries, Niche Players and Challengers. As companion research, Gartner Critical Capabilities notes provide deeper insight into the capability and suitability of providers’ IT products and services based on specific or customized use cases.
The BeyondTrust Platform addresses both established and transformational identity and security trends included in this year’s report.
The 2023 Magic QuadrantTM for Privileged Access Management (PAM) has witnessed significant evolution, in part due to the growing involvement of cybersecurity insurers. These insurers are encouraging organizations to implement robust PAM strategies as a prerequisite for insurance coverage, thereby accelerating first-time PAM purchases.
Another notable trend is the rising interest in remote PAM use cases, spurred by the global shift to remote work and the outsourcing of core IT services. PAM solutions are broadening their scope to include remote vendors, contractors, and DevOps initiatives. Vendors like BeyondTrust are leading the way with specialized tools for remote PAM.
Get the full report to read deeper about the view of Gartner on these topics.
Why BeyondTrust Stands Out in Identity Security
As we’re consuming the report, here are a few reflections, on my part, on why we are a consistent Leader year over year.
Pioneering Protection Against Identity Threats
The digital landscape has grown increasingly intricate, due to factors like remote work and cloud adoption, making identity protection more challenging than ever. A majority of penetration tests reveal vulnerabilities related to over-privileged cloud identities, and attackers are now using advanced technologies like AI for more potent threats.
Our Identity Security Insights solution addresses these modern challenges head-on by integrating with trusted identity providers and cloud services. Offering real-time threat analysis, it provides a unified view of identities, entitlements, and privileged access, while suggesting actionable security enhancements.
Meeting Emerging Needs in Remote Access
Remote access has emerged as a key area of interest, accelerated by global remote working trends and the COVID-19 pandemic. Organizations are scrutinizing how to securely manage access for remote vendors, contractors, and technicians. These solutions now often include zero-trust features, providing far more than just VPN access, and they extend to specialized needs like cloud infrastructure access.
BeyondTrust provides robust and mature Vendor Privileged Access Management (VPAM) and Cloud Infrastructure Access capabilities as integral features of our Privileged Remote Access solution. Our VPAM functionality allows secure, streamlined access for trusted vendors, effectively eliminating the need for vulnerable VPNs and shared credentials. On the cloud infrastructure front, we empower your cloud developers and DevOps teams with seamless yet secure connectivity, bolstered by robust authentication and comprehensive audit trails.
Our Customers
But what truly speaks volumes? It’s not just accolades, but the real-world impact we’ve had on our clients. With an impressive NPS score of +55 and a CSAT score exceeding 95%, it’s evident that our efforts align with customer satisfaction and excellence.
Our Leadership placement in the MQ™ follows BeyondTrust having been recognized as a “Customers’ Choice” for both Privileged Access Management (PAM) and for Remote Desktop Software by Gartner Peer Insights. We believe a common thread between the Gartner MQ™ and this distinction is our customers and the trust they place in us. We’re honored to work alongside visionary organizations that drive us to innovate faster to solve their hardest digital identity challenges.
Here are just a few recent customer stories that showcase how BeyondTrust helps organizations improve their identity security posture:
- Investec transitioned from a theoretical framework to practical Zero Trust
- ServiceNow enhanced system access and authorization security
- Norton Healthcare successfully achieved HIPAA Compliance with BeyondTrust
Looking Ahead
Though the Gartner® Magic Quadrant™ provides a thorough, expert-driven overview of the PAM vendor landscape, BeyondTrust’s dedication to innovation remains unwavering. Following the April 2023 cut-off date highlighted in the report, BeyondTrust has rolled out a series of notable product launches. Here are some more recent product enhancements:
- Privilege Management for Windows and Mac included Analytics v2 enhancements for intuitive data aggregation, Role-Based Access for APIs to ensure granular control over permissions, and DLL Control to easily block risky DLLs.
- Remote Support was updated to offer FIDO2/YubiKey support for passwordless authentication and API Cookbooks to streamline Jump Item management.
- Privileged Remote Access saw new features like FIDO2/YubiKey support for remote users, streamlined vendor onboarding via automation, and optimized Jump Clients for cloud assets.
- Password Safe received a major upgrade, including Terraform Integration for enhanced CI/CD workflows, an Azure DevOps Extension for secure secret retrieval, and OAuth 2.0 standard implementation for secure authentication. The update also included improved accessibility via the web portal and enhanced audit and compliance reporting capabilities.
Notably, we also expanded strategic Technology Alliance Program initiatives like ServiceNow integration for Password Safe and a partnership between BeyondTrust’s Privileged Remote Access and PingOne DaVinci for streamlined least privilege access management.
These innovations collectively underscore BeyondTrust’s commitment to providing comprehensive and secure solutions that address a range of user needs and regulatory compliance demands, enhancing both efficiency and security posture for organizations.
Thank you for an Incredible Year—More Awaits in 2024
2023 has been a monumental year for BeyondTrust. We released significant new solutions and saw incredible customer and community growth. There are many trends and capabilities to consider, but you don’t need to go it alone. We’re pleased to provide access to the 2023 Gartner® Magic Quadrant™ for Privileged Access Management to help you evaluate solutions against your unique objectives and requirements. Download your complimentary copy of the report.
Source: BeyondTrust
Regular rotation of passwords, keys and privileged credentials is a critical best practice that greatly reduces an organization’s risk of falling victim to cyberattacks. By limiting the lifespan of a password, organizations can reduce the amount of time during which a compromised password may be valid.
Password, key and credential rotation – a feature of Privileged Access Management (PAM) – enables organizations to reset privileged credentials on an automated schedule. However, traditional PAM tools are complex, expensive, difficult to deploy and difficult to use – and do not monitor and protect every user on every device from every location.
Keeper’s new password rotation feature enables organizations to easily update users’ privileged credentials on an automated schedule through an easy-to-use centralized PAM platform.
Join Beta Program
Keeper Security Privileged Access Management (PAM) Insight Report
Keeper Security and TrendCandy Research surveyed 400+ IT and security professionals to determine the common challenges companies face with their current Privileged Access Management (PAM) tools. Not only are significant components of traditional PAM solutions not being used, but many respondents admit to never fully deploying the solutions they paid for. Key findings:
- 87% of respondents said they would prefer a simplified version of PAM that is easy to deploy and easy to use.
- 68% of respondents said their current PAM solution has several features they don’t need.
- 84% said they want to streamline their PAM solution in 2023.
KeeperPAM is Revolutionizing Privileged Access Management (PAM)
With KeeperPAM, credential rotation is simple:
- No cumbersome installs
- No need to open firewalls
- No need to create certificates
- No need to make network changes
- No agents are required
- No need to open any external ports, the solution uses SSL to communicate with Keeper
- No command line tools or scripting needed
- On-demand and automated rotation with a flexible schedule
- Rotate on-premises and cloud credentials/records
- Flexible post-rotation actions
Keeper Security’s next-gen Privileged Access Management (PAM) platform – KeeperPAM – delivers enterprise-grade password, secrets and connection management in one unified solution. With Keeper’s password rotation feature, KeeperPAM enables organizations to automate the changing/resetting of system credentials like Active Directory (AD) user accounts, SSH keys, database passwords, AWS IAM accounts, Azure IAM accounts, Windows/Mac/Linux user accounts and more.
Credential-based attacks represent 82% of all data breaches (according to the 2022 Verizon Data Breach Investigations Report). By limiting the lifespan of a password, organizations can reduce the time that a compromised password may be valid.
Unlike traditional PAM solutions, the password rotation configuration in KeeperPAM is managed through the vault and admin console with a lightweight component on-premises to perform the rotation. KeeperPAM supports Keeper’s zero-knowledge, zero-trust architecture, which always encrypts and decrypts data at the local device level. Keeper never has access to the data in a user’s vault.
Password rotation through KeeperPAM is available on the Keeper Desktop App and Web Vault.
Password Rotation Features
- Automatically rotate credentials for machines, service accounts and user accounts across your infrastructure
- Schedule rotations to occur at any time or on demand
- Perform post-rotation actions such as restarting services, or running other applications as needed
- Secure storage of credentials in the Keeper vault
- Control and audit access to credentials
- Log all actions to Keeper’s Advanced Reporting and Alerts Module (ARAM)
- Create compliance reporting on shared privileged accounts
How KeeperPAM Password Rotation Works
Establish a Gateway
Keeper password rotation uses a lightweight and secure on-premises gateway service, which can be installed with a single command. The gateway creates an outbound connection to Keeper’s cloud security vault, establishing a secure tunnel for retrieving rotation requests.
The gateway then utilizes Keeper Secrets Manager (KSM) APIs to request and decrypt secrets for performing rotation and communicating with the target devices. Keeper’s password rotation ensures zero-knowledge security by performing all decryption locally on the gateway service.
Vault Configuration
Rotation is configured and managed entirely through the Keeper Web Vault or Desktop Application. Secrets, rotation schedules and network settings are all stored as encrypted records in Keeper’s cloud vault.
Rotation is easy to deploy and manage within a team. You can easily share access to records and manage which secrets are visible to the gateway using Keeper’s Shared Folders.
Source: Keeper Security
Business continuity, as defined by TechTarget, “is an organization’s ability to maintain critical business functions during a disaster.” There are many types of events that qualify as a disaster, including security breaches, natural disasters, supply chain disruptions and pandemics. Among these, an often overlooked critical event is the loss of internet connectivity.
For nearly all businesses, loss of internet connectivity means operations halt. For example, if the internet connection goes down, a retail organization cannot process payment cards. If a law firm loses internet connectivity, attorneys and paralegals cannot access critical online resources like Westlaw. Bottom line — business continuity is dependent on internet connectivity.
The National Institute of Standards and Technology (NIST) defines resilience to include “the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.” From a strategy and planning perspective, not only your IT systems but also your network needs to be resilient to function during and rapidly recover from major disruptions, which would include loss of internet connectivity.
This brings us to Datto and Datto’s commitment to business continuity and disaster recovery (BCDR). For years, Datto has been world-renowned for its BCDR and cybersecurity solutions — all designed to maintain business continuity. What’s often overlooked is Datto’s Networking solutions that also incorporate Datto’s vision of resilience and business continuity.
An example of this is the Datto Networking Appliance (DNA). Now available in Europe and Asia-Pacific, Datto DNA is an integrated, all-in-one secure router that features seamless and automatic failover to 4G cellular internet connectivity should the main internet connection go down. This ensures businesses can continue utilizing online services as if nothing disruptive happened at all.
The Datto DNA secure router adds firewalling (1.7 Gbps throughput), Layer 7 deep packet inspection, intrusion detection/prevention (IDS/IPS), web content filtering and more all into one desktop appliance. All of this gives businesses resilient, defense-in-depth security in one easy-to-use appliance.
As for routing, the Datto DNA features Layer 7 traffic management, hosted VoIP support, port aggregation, traffic shaping, support for up to eight VLANs and more, giving small businesses plenty of advanced routing features that optimize network traffic capacity while reducing network congestion and failure.
Integrated Wi-Fi provides fast and secure wireless LAN connectivity, eliminating the need to purchase additional wireless access points.
Cloud-based management, configuration, setup and ongoing management of the Datto DNA is handled via Datto Network Manager. With it, setting up a network can be done in minutes, not hours or days. Furthermore, new integrations with Datto Network Manager and Autotask allow you to manage alerts from Datto Network Manager and create Configuration Items (assets) for your networking devices in your Autotask database.
When your business absolutely, positively has to be connected online, you need resilient networking solutions that ensure business continuity. The Datto DNA secure router embodies this vision from Datto and is a perfect example of what resilient networking is all about. Your business runs on the internet, and if that connection fails, business stops. When it comes to internet connectivity, with Datto, failure is not an option.
Source: Datto
Skilled adversaries don’t break in. They log in.
Organizations that have invested in the Microsoft Security suite still need to protect against these advanced, human-led attacks that technology alone cannot prevent. However, the sheer volume of alerts generated by Microsoft security technologies, together with the complexity of the threat landscape and widespread shortage of in-house expertise and capacity, means that delivering effective security operations is an uphill task for most organizations:
- 71% of security teams struggle to determine which security alerts to investigate among the noise generated by their tools
- 52% of leaders say cyberthreats are now too advanced for their organization to deal with on their own, rising to 64% in small businesses
- The median threat response time is 16 hours, leaving attackers significant time to operate within the network
Introducing Sophos MDR for Microsoft Defender
Increasingly, organizations running Microsoft Defender are turning to specialist MDR providers such as Sophos to extend their cyber defenses. Given this pressing need, I am excited to announce the availability of Sophos MDR for Microsoft Defender. With this service, over 500 Sophos analysts monitor, investigate, and respond to Microsoft security alerts 24/7, taking immediate action to stop confirmed threats.
- Detect advanced threats using a wide range of Microsoft Security event sources together with proprietary Sophos detections and human-led threat hunts
- 24/7 expert-led threat response quickly stops attacks and terminates threats
- Integration with non-Microsoft security tools (Sophos or other providers) expands visibility and accelerates investigation response across the entire environment
With our experts taking care of security operations, organizations running Microsoft Defender can reduce cyber risk, increase the impact and efficiency of their existing security investments, and improve insurability.
Unparalleled visibility that delivers accelerated detection and response
The more we see, the faster we act. Unlike other MDR offerings that limit support to Microsoft Defender for Endpoint or Microsoft Sentinel, Sophos MDR leverages signals from the full Microsoft Security suite, including:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud
- Microsoft Defender for Cloud Apps
- Identity Protection (Azure Active Directory)
- MS O365 Security and Compliance Center
- Microsoft Azure Sentinel
- Office 365 Management Activity
Microsoft security solutions are only one part of a threat detection stack that typically includes firewalls, identity solutions, email security tools, NDR platforms, and public cloud security tools. Sophos MDR for Microsoft Defender provides a holistic approach to cybersecurity operations, integrating with almost any technology investment that generates security alerts – including tools from Microsoft, Sophos, and dozens of other providers.
By consolidating and correlating cross-product and cross-vendor telemetry in the Sophos XDR Data Lake, Sophos MDR increases the detection capability of our customers’ security stacks beyond the sum of the individual parts while also maximizing ROI on existing security investments.
Putting the R (Response) into MDR for Microsoft Defender
Identifying a threat is just part of the security operations process; unless you respond in a timely and effective manner, you remain fully exposed to attack. Yet all too often, third-party providers offer only minimal threat response capabilities in Microsoft Defender environments.
Sophos MDR for Microsoft Defender is different. It includes full threat response, containing threats to disrupt malicious activity. The non-exhaustive list of response actions that our analysts are capable of with Sophos MDR for Microsoft Defender includes:
- Terminating processes
- Disabling user accounts
- Forcing log off of user sessions
- Isolating host(s) utilizing Sophos Central
- Applying host-based firewall IP blocks
- Removing malicious artifacts
With Sophos MDR, you can relax knowing that we don’t just tell you about issues, we deal with them for you.
Future-proof your Microsoft defenses with the world’s most trusted MDR service
Testament to the superior outcomes our customers enjoy, Sophos MDR is the world’s most popular and most reviewed MDR solution, with a 4.8/5 rating on Gartner Peer Insights as of July 10, 2023, and a top rating on G2.
We secure more organizations than any other MDR provider, and this extensive experience across all industries and sectors enables us to provide unique “community immunity” to all our customers.
To learn more about Sophos MDR for Microsoft Defender and how it can support you, visit our website, read the service brief, or speak with a security expert today.
Source: Sophos
Today, companies all around the globe use Microsoft 365 cloud services and the advantages are self-evident. Companies no longer need to operate their own infrastructure to provide services on site. Programs and tools obtained simply via the cloud can be scaled easily and cost-effectively in line with user numbers. Especially when compared to a dedicated on-premises system, administration requires fewer IT resources. In addition, the service comes from a trusted, reliable provider. What’s more, whether you’re using Outlook as a mail client or Teams as a digital meeting room, all communication services are located on the same platform. By and large, Microsoft’s office software from the public cloud offers a wealth of communication and collaboration features at a reasonable price.
Nevertheless, companies are advised to install additional solutions for archiving and backing up emails in order to protect the business data they contain and keep this information available in the long term. Indeed, many companies are unaware that Microsoft 365 does not automatically archive and back up email data and, furthermore, that the archiving features built into Microsoft 365 do not offer the scope of services that can be expected from a professional third-party email archiving solution.
Reasons for Using a Professional Email Archiving Solution
The primary objective of any email archiving solution is to store copies of all a company’s emails including file attachments over time in a form that is faithful to the original, quick to find, and permanently available. This enables a company to make optimum use of email as an information resource and reap the many benefits available. Among other things, a professional email archive helps prevent data loss, cut storage demands on the mail server, reduce the workload on an IT team, and comply with the statutory and regulatory requirements governing the retention of business-relevant documents.
Summary of the Archiving Options Available in Microsoft 365
Microsoft offers several different options for securing emails depending on the plan chosen (Business Standard, Business Premium, Enterprise). Some of these features are provided free of charge as part of the basic Microsoft 365 package, while others are included only in the more expensive Enterprise plans. Below is a summary of the native archiving features in Microsoft 365:
- PST Archiving
Users can move emails to PST files and store them locally on their own computer or in the cloud.
- “Archive” Button in Outlook
The “Archive” button allows users to move emails to an archive folder. The emails remain in the Outlook mailbox; only the storage location of the emails change.
- Archive Mailbox Without Exchange Online Archiving
The archive mailbox is a separate mailbox with its own storage capacity to which emails can be moved. This archive mailbox must be set up by an administrator.
- Archive Mailbox With Exchange Online Archiving
With Exchange Online Archiving (EOA), users can move their emails to a separate archive mailbox to which administrators can apply their own archiving and retention policies.
Limitations of the Native Archiving Capabilities of Microsoft 365
However, IT decision-makers need to be aware of certain limitations concerning Microsoft 365’s on-board archiving options. Above all, in terms of security of storage, the use of PST files or the “Archive” button does not protect against data loss. Likewise, the separate archive mailbox provided in M365 (when not using Exchange Online Archiving) does not meet all the criteria of a professional email archiving solution. Only the archive mailbox that comes with Exchange Online Archiving (EOA) supports the functions and features required for professional email archiving, such as retention policies, legal holds and eDiscovery options. However, Exchange Online Archiving is only included in the more expensive M365 plans such as Business Premium and the upscale Enterprise plans.
The “Shared Responsibility” Model
Microsoft applies a policy of shared responsibility to its Microsoft 365 services. As such, Microsoft is responsible for ensuring that services under the Microsoft 365 label are permanently available and are offered redundantly. However, Microsoft does not consider itself responsible for protecting and retaining the data of its customers, and this also applies to any data contained in emails.
Due to the shortcomings and limitations that exist in M365 (depending on the selected archiving function) and the fact that customers are responsible for protecting and retaining their own email data, a professional third-party email archiving solution should be used.
What to Consider When Choosing an Email Archiving Solution for Use with M365
An email archiving solution can be a key element in terms of the long-term protection and retention of business emails. But the decision as to which solution is most compatible with the needs of a business is not always an easy one. Decision-makers are advised to examine the following criteria before choosing archiving software:
Independence From Microsoft
Without an external email archive, users will not be able to access their own emails if the Microsoft Office 365 service fails. A third-party solution will ensure that a vendor lock-in is avoided and the company’s emails will remain accessible even if the M365 service fails.
Self-Service for the End User
Some professional email archiving solutions provide users (not just the administrator) with a fast and efficient means of searching the email archive, as well as the ability to restore emails quickly and simply. This can relieve the burden on an IT team as they no longer need to be contacted to deal with such issues.
Protection Against Data Loss and Manipulation
Emails should be protected against accidental or malicious deletion; if they are not, compliance with legal requirements can be problematic. Even if Microsoft 365 is essentially capable of restoring data erased by mistake, situations can arise that impede or even seriously jeopardize daily business operations.
Compliance With Privacy Laws
When used appropriately, certified email archiving solutions ensure that emails are always processed in accordance with the relevant data privacy laws. Especially since the EU GDPR came into force, data privacy has been the focus of public attention. Even in countries outside the EU, increasing attention is being paid to this sensitive matter.
Reasonable Total Cost of Ownership (TCO)
Microsoft’s most powerful archiving option (Exchange Online Archiving) is included only in specific M365 premium plans that are generally tailored to the needs of larger businesses. Microsoft 365 plans tailored to small and mid-sized businesses (SMBs) do not include Exchange Online Archiving and this would need to be added as an extra paid service. In this case, a third-party solution could be more affordable.
Archiving and backing up emails are two models that fulfill very different purposes. The purpose of backups is to store data regularly over short to medium time frames, thus providing a snapshot of the data in question. Thus, a backup is a means of disaster recovery.
The primary objective of any email archiving solution is to ensure that email data remain available and recoverable over time. These aspects are particularly important for companies in the context of legal retention requirements for business-critical information. What is known as audit security plays a major role here, meaning that retained emails must be tamper-proof, and it must be possible both to log them and export them.
The Benefits of Independent Email Archiving Software
Third-party solutions can provide extra benefits over and above Microsoft’s native email archiving capabilities:
- An independent archiving solution allows content from email sources other than Microsoft 365 to be stored within the same archive. Managing several archiving solutions at the same time usually increases the cost and complexity of retaining business records. Using a central archive reduces the number of solutions that need to be administered by the IT team and searched through by users.
- Using an archive that is independent of the Microsoft 365 platform makes it easier to follow the 3-2-1 rule, which states that an organization should keep three copies of its data: two locally and one at a remote location separate from the primary system on which the data is created and stored.
- Many third-party archiving solutions support email de-duplication, which can significantly reduce storage requirements.
- Indexing a larger number of file types makes it easier to search for and retrieve emails and file attachments.
Conclusion: Third-Party Email Archiving Is a Necessary Addition to Microsoft 365
Although Microsoft 365 is doubtlessly a reliable, powerful and versatile platform, it does have its limits in terms of email archiving, and decision-makers in SMBs need to consider these shortcomings carefully. Business leaders and IT managers who are unaware of the facts are exposing themselves to unnecessary risk. A professional third-party email archiving solution can mitigate, even eliminate these risks altogether and should, therefore, be considered.
To assist companies in finding a suitable email archiving solution for use of Microsoft 365, the market research institute Osterman Research has produced a white paper on how small and medium-sized businesses that use Microsoft 365 can adequately protect their business email communications. The white paper explores which email archiving options exist, the risks to email data when using Microsoft 365, and what features your organization needs in order to adequately protect and manage the data contained in emails.
Are you interested in finding out more about the results and guidance contained in the white paper of Osterman Research?
FAQ
What Options Do Companies Have for Archiving Their Emails in Microsoft 365?
Microsoft provides several options for archiving emails in M365. They include the “Archive” button in Outlook, storing emails in the form of PST files, and using an archive mailbox that has to be configured separately (with or without Exchange Online Archiving). Alternatively, a professional third-party email archiving solution can be used.
Does Microsoft 365 Automatically Archive Emails?
No. Emails are not archived automatically in Microsoft 365. M365 users must take responsibility for securing their emails themselves and decide which email archiving option best meets their corporate and, potentially, legal requirements.
Do Companies Need to Archive Their Emails in Microsoft 365?
Yes. Emails containing business-critical information should always be archived to protect this precious information resource and exploit it to the full. As a rule, legislators also impose legal requirements on the retention of business-relevant emails and on data privacy, both of which render the use of a professional email archiving solution essential.
Is It Sufficient Just to Create Backups of My Emails in Microsoft 365?
No, the purpose of a backup is to save data (e.g. emails) and systems (e.g. the email server) regularly in the short and medium term, and is primarily a means of disaster recovery. Any data produced or modified between two storage cycles will not be protected against loss and manipulation. First and foremost, the objective of any email archiving solution is to store copies of all emails including their file attachments for many years in a form that is faithful to the original, quick to find, and permanently available. This is essential in order to fully exploit the precious information resource that is email, while meeting the laws governing the storage of emails and data privacy.
Source: MailStore
There are an incredible, and increasing number, of electronic signature tools and GlobalSign has been recognized as a Strong Performer for electronic signatures in the Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature.
Documents Signed with Confidence, Integrity, and Trust
If you stopped to think about the importance of a signature to you and your business, there are probably several reasons you may want to introduce and incorporate electronic signatures into your business including efficiency, regulatory compliance, and increased security.
Behind strong business best practices is a robust digital signing solution. “The “Voice of the Customer” is a document that synthesizes Gartner Peer Insights’ reviews into insights for IT decision makers. This aggregated peer perspective, along with the individual detailed reviews, is complementary to Gartner expert research and can play a key role in your buying process, as it focuses on direct peer experiences of implementing and operating a solution.”
“This document will highlight some key insights for the electronic signature market based on 18 months of reviews, and will also point you to particular ways to use the site in your buying process.”
The “Voice of the Customer” report can play a key role in your buying process, as it focuses on direct peer experiences of buying, implementing and operating a solution.
Promoting Strong Business Best Practices with a Strong Signing Solution
Behind strong business practices is a strong signing solution, and with 95% of customers willing to recommend GlobalSign based on 43 reviews as of 31 October 2022, we have been named as a Strong Performer in the 2022 Gartner® Peer Insights™ “Voice of the Customer” report.
GlobalSign’s Digital Signing Service (DSS) helps organizations to sign quickly, easily, securely and with confidence. Through one API integration, DSS is designed to provide a solution which compliments your workflow to boost business efficiency, meet national and industry-specific regulations and provide scalability to your business.
Learn more about Gartner Peer Insights ‘Voice of the Customer’: Electronic Signature and download your complimentary copy of the report.
Source: GlobalSign
The supply chains of today’s global economy rely heavily on technology and information systems to deliver finished goods and services to the end user. However, for all the benefits of a hyperconnected economy this introduces, supply chains also carry with them a high degree of risk.
Systems typically have vulnerabilities which, if exploited by cybercriminals, can have a far-reaching impact. Attacks on the supply chain have risen by over 600%, according to a recent study by Interos, and groups of threat actors (like Magecart) are leveraging supply –chain-specific exploits that make headlines with high-profile attacks.
It’s no wonder that securing the digital supply chain has become a high priority for organizations who want to avoid disruption, protect sensitive data, and prevent brand damage.
Securing Your Partners
Enterprises should begin by identifying and understanding the risks brought in by each of their business partners. Security leaders need to assess the security controls in place, the mitigating and compensating controls, and how each vendor monitors their risk posture. This needs to be done for each business partner — there can be no weak link.
Typically, this is done by asking each partner to fill out a questionnaire, which can vary from a couple dozen questions to over one hundred. While potentially tedious, the purpose is to understand the risk of doing business with a particular partner and determining whether or not to accept that risk. Some companies are even issuing a “FICO score for cybersecurity”, which assigns a safety rating to each party.
Securing Your Own Organization
Organizations should also assess their own security culture. Every organization has within their security strategy prevention and detection controls. However, it is vital to continue to improve the culture of security awareness as human error continues to be one of the top drivers of a breach. In fact, 74% of all breaches are due to the human element, according to the 2023 Verizon Data Breach Investigation Report (DBIR).
One of the best ways to combat human error is with education. At this point, there is still much to learn about securing your enterprise from outside risks. Security awareness training for third-party risk management can help you understand the security shortcomings of a potential partner before taking on that risk.
Similarly, in-house security awareness training can help companies make sure they are not the ones putting others at risk. These programs identify and improve areas of security weakness so that employee behaviors don’t become a liability for the company or any of its partners downstream. This may entail adding phishing simulations, implementing new ways of engaging employees, and modifying communication strategies regarding current tactics being used by bad actors.
Companies should also take note of how their security team engages with the business. This will reveal if they are treated as functional partners, or if there are silos causing employees to view cybersecurity issues as an “IT only” problem.
Currently, the top areas of supply chain weakness involve cloud storage, databases, and compromised credentials. Those are areas touched every day by everyday employees, so it is those same employees that need to do the work to interact with those things safely. Improving the overall security culture will greatly reduce the chance of compromise as employees learn the warning signs of danger.
Securing Your Software Development Cycle
The software development process is another area that should be assessed within the context of a secure supply chain.
This is an area which will demonstrate if the security team is perceived as a valuable business partner or an inhibitor. For example, open-source code is popular to use as it can fast-track projects. However, there are no guarantees that open-source libraries have had proper security inspection.
If there is a good relationship, the business will engage the security team early in the process. They see the value in doing application security testing early because it surfaces vulnerabilities that teams can patch. This sets a course for them to then continue the process throughout the development cycle.
However, if security doesn’t get engaged until the end of the cycle, it’s usually a sign that either something is broken within the process or that security practices aren’t adequately valued. By engaging security only at the end, there is the risk of delays due to critical vulnerabilities. These flaws need to be patched, and this can lead to other issues such as delays in delivery and strained relationships between the business and the security team.
Enterprise Security Is Now a Team Sport
Supply chain security isn’t new, and most security leaders are going to struggle with it. Up until a few years ago, it may have even been a manageable affair. However, with the tech boom of the past few decades and the accelerated pace of the digital revolution, it is a problem that is growing bigger every day.
While secure supply chain management is something that will never be perfect, it’s up to each organization to do their due diligence before entering into business partnerships. A company’s fate becomes the same as its least protected partner, so vetting for cybersecurity weaknesses before signing the contract is an understandable and necessary part of doing business today.
That is why it is every organization’s responsibility to assess not only their partners, but themselves. In a digitally connected supply chain, what happens to one can affect everyone else. Companies should hold all partner organizations to high standards of industry security and expect the same of their own teams. After all, they may be part of someone else’s supply chain.
Source: Fortra
Sophos has released the State of Ransomware in Financial Services 2023, an insightful report based on a survey of 336 IT/cybersecurity professionals across 14 countries working in the financial services sector. The findings reveal the real-world ransomware experiences of the sector.
Rate of attack and data encryption
The 2023 survey revealed that the rate of ransomware attacks in financial services continues to rise. It went up from 55% in the 2022 report to 64% in this year’s study, which was almost double the 34% reported by the sector in the 2021 report. Although the sector experienced an increased attack rate, it was below the cross-sector average of 66%.
Financial services reported the highest encryption level in three years: 81% of organizations stated that their data was encrypted, a 50% rise over the 2022 report when 54% reported data encryption. Over one in ten attacks (14%) were stopped before the data was encrypted, down by 67% over last year’s report and the second lowest rate across all sectors in this year’s survey.
In a quarter of attacks (25%) where data was encrypted, data was also stolen, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
Root causes of attacks
Exploited vulnerabilities (40%) and compromised credentials (23%) were the two most common root causes of the most significant ransomware attacks in the financial services sector. Emails (malicious emails or phishing) were the third most common root cause behind 33% of attacks experienced by the sector.
Data recovery and the propensity to pay the ransom
98% of financial services organizations got their encrypted data back, slightly higher than the 97% cross-sector average. 43% of financial services organizations paid the ransom to recover their encrypted data, while over two-thirds (69%) used backups for data recovery. Encouragingly, the rate of ransom payments in financial services is down from 52% in our 2022 study, while the use of backups to restore data has increased slightly from 66% in the 2022 report to 69% in this year’s report.
However, the proportion of financial services organizations paying higher ransoms has increased, with almost 39% paying a ransom of $1M or more in our 2023 study compared to just 5% in the year before. At the same time, the percentage of financial services organizations that paid less than $100,000 remained in line with last year’s report, coming in at around 40%.
Read the full report here.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields, including:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimize attack preparation, including making regular backups, practicing recovering data from backups, and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
About the survey
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 336 in the financial services sector. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.
Source: Sophos
MailStore is delighted to have received the Business Excellence Award 2023 in the category “Best Independent Email Archiving Vendor”.
This year, the monthly international business magazine Acquisition International – “AI” for short – presented its Business Excellence Awards for the seventh time. Published for the first time in 2010 by UK B2B publishers AI Global Media Ltd., the magazine Acquisition International now provides 108,000 readers in more than 170 countries with news, comment and analysis on topical business issues and trends.
Norbert Neudeck, Director of Sales at MailStore Software GmbH, was particularly delighted to receive the accolade: “Even after more than 15 years of MailStore history, many SMBs and software companies still do not attach the same importance to email archiving as they do to IT-related topics such as backups or anti-virus software. The benefits to be gained by a company when using a professional email archiving solution go far beyond legal compliance. So, we’re all the more gratified that our efforts have been honored in the Business Excellence Awards.”
The Business Excellence Awards honor companies from a wide range of business sectors, irrespective of how big or well-known they are. Nominations are submitted by the readers.
A research team at Acquisition International then analyses all the publicly available information on nominees and a jury rates the companies on this basis. In order to win an award, a company must satisfy a whole array of different criteria in the areas of e.g. client management and client feedback, innovation, corporate growth, longevity and reputation.
Highlights in our case included the user-friendliness of our email archiving solutions, coupled with a fair pricing policy and first-rate customer support. In addition, our software facilitates the optimum use of email as an information resource, while supporting legal compliance in the area of document retention. Our software is constantly being developed, so users always have a simple, secure, flexible and scalable email archiving solution at their disposal.
Source: MailStore
The Digital Operational Resilience Act (DORA) was enacted in January 2023 and will be in full force January 2025. Even if regulators provide a grace period (just like they did for GDPR) and January 2025 seems like a long way off, time passes quickly. It is, therefore, essential for financial institutions regulated under DORA to start planning their compliance journey.
Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. Today the Council adopted the Digital Operational Resilience Act (DORA) which will make sure the financial sector in Europe is able to stay resilient through a severe operational disruption.
DORA at a Glance
The press release from the European Council provides a concise description of DORA’s purpose:
“DORA sets uniform requirements for the security of network and information systems of companies and organizations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to, and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.”
Understanding the intersection between DORA, GDPR, and NIS2 is crucial.
Companies regulated under DORA still need to comply with GDPR requirements. It’s important for IT service providers to understand that DORA brings its own set of challenges, separate from GDPR. If a company violates European privacy laws, it can also be in violation of financial services supervisory laws, which can lead to further consequences. Additionally, certain credit institutions and trading venues must follow the NIS2 directive in addition to DORA, but DORA takes precedence in case of any conflicting regulations due to its more specific nature (lex specialis).
DORA requirements are broken down into five foundational pillars to meet the act’s core objectives. Before we get into those, we must point to a few things deriving from DORA’s mission statement. One of them is that the EU Council recognizes that financial institutions are the most highly targeted entities and that security incidents may include business interruption. As per the Bank of England’s “Systemic Risk Survey Results 2022 H2” report, 74% of the participants consider cyberattacks to be the most significant risk in the short and long term. The second-highest risks are inflation and geopolitical incidents, which are almost equally concerning.
One important aspect of a robust security strategy is the ability to quickly recover and return to normal operations, which is exactly what DORA aims to achieve. Additionally, it’s worth noting that supply chains in the financial industry have historically lacked the same level of accountability as the institutions themselves. However, with the implementation of DORA, third-party vendors will now be closely monitored and regulated by industry regulators.
Breaking Down the Five Pillars of DORA
ICT Risk Management
The first pillar includes frameworks and guidelines to help financial institutions increase the maturity of their risk management programs. These guidelines aim to minimize the risk of attacks by reducing the attack footprint, detecting active attacks, and developing strategies to mitigate the impact of successful attacks. Solutions that align with this category comprise vulnerability management, application security testing, data and asset discovery, and penetration testing. Additionally, safeguarding endpoints, preventing data leaks, and securing public-facing web applications should be considered within this pillar.
Classification and Reporting of ICT-related Incidents
In the second pillar, there is some overlap with the first one, as it involves identifying signs of compromise in your IT infrastructure and handling any malicious activity. However, it also includes additional guidelines such as a classification system based on the impact and templates for reporting content. This pillar emphasizes maintaining integrity and managing configurations, as well as keeping your incident response plan up-to-date and documented. Solutions that utilize threat intelligence are crucial to detect elusive malicious activities that may have bypassed your initial defenses.
ICT Third-Party Risk Management
The third pillar focuses on supply chain risk management. Although the supply chain risk is typically implied in other mandates, DORA specifically addresses this risk due to the visibility of high-profile supply chain attacks in the last couple of years. To mitigate supply chain threats, organizations must have an inventory of all contractual agreements with ICT service providers and a process to evaluate potential new business partners and existing ones. Some additional considerations include phishing simulations and other security awareness training to help prevent employees from being socially engineered by bad actors masquerading as business partners. Additionally, it is crucial to have controls to prevent malicious files from being shared between partners. Financial institutions must also plan for potential service interruptions caused by their partners.
Digital Operational Resilience Testing
This fourth pillar emphasizes testing the institution’s plan for dealing with incidents. The aim is to detect any potential shortcomings and identify areas where improvements in efficiency and system strengthening can be made. Tabletop exercises serve as one effective method of testing your incident response plans. In addition, exploring adversary simulations and red teaming would be advisable, which can highlight any weaknesses and enhance your teams’ skills.
Information Sharing Between Financial Entities
The fifth pillar advocates for collaboration within the financial sector to combat shared adversaries. By exchanging intelligence, indicators of compromise, and the latest tactics, techniques, and procedures (TTPs) with peers in the industry, everyone can increase their ability to withstand challenges.
“Stronger Together”
Out of these pillars the fifth stands out a bit as it aligns to the theme of the 2023 RSA Conference, which is “Stronger Together”. There were multiple sessions where industry leaders were talking about how the security community needs to work together and share our insights to help improve our defenses against threat actors.
A few years ago, I worked with a former security leader of a global financial institution. He told me that although financial institutions compete with each other for new business, he collaborated regularly with his counterparts at these competitors because they all had the same goal, which was protecting their respective employers from the same types of attackers. Other industries would benefit from this same type of collaboration, so hopefully, we will see more of that in the years to come.
Source: Fortra
Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms. Today the Council adopted the Digital Operational Resilience Act (DORA) which will make sure the financial sector in Europe is able to stay resilient through a severe operational disruption.
DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services. DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats. These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.
Now that the DORA proposal is formally adopted, aspects that require national transposition will be passed into law by each EU member state. At the same time, the relevant European Supervisory Authorities (ESAs), such as the European Banking Authority (EBA), the European Securities and Markets Authority (ESMA) and the European Insurance and Occupational Pensions Authority (EIOPA), will develop technical standards for all financial services institutions to abide by, from banking to insurance to asset management. The respective national competent authorities will take the role of compliance oversight and enforce the regulation as necessary.
Background
The Commission came forward with the DORA proposal on 24 September 2020. It was part of a larger digital finance package, which aims to develop a European approach that fosters technological development and ensures financial stability and consumer protection. In addition to the DORA proposal, the package contained a digital finance strategy, a proposal on markets in crypto-assets (MiCA) and a proposal on distributed ledger technology (DLT).
This package bridges a gap in existing EU legislation by ensuring that the current legal framework does not pose obstacles to the use of new digital financial instruments and, at the same time, ensures that such new technologies and products fall within the scope of financial regulation and operational risk management arrangements of firms active in the EU. Thus, the package aims to support innovation and the uptake of new financial technologies while providing for an appropriate level of consumer and investor protection.
The Council adopted its negotiating mandate on DORA on 24 November 2021. Trilogues between the co-legislators started on 25 January 2022 and ended in a provisional agreement on 10 May 2022. Today’s adoption is the final step in the legislative process.
Source: EU
The world’s most trusted cybersecurity platform now secures more than 25 million devices!
July 29, 2023, is a very exciting milestone for all of us at Sophos as it marks the tenth birthday of Sophos Central, the world’s most popular cloud-based security platform.
Originally called Sophos Cloud, the platform initially supported Sophos Endpoint and Server solutions for customers in the U.S. and UK.
Today Sophos Central manages all Sophos’ market-leading next-gen security services and products for our customers and partners across the world. Users can deploy and manage all their security solutions in one place: from our MDR service and XDR security operations tools, to our endpoint, email and cloud security solutions, and our full network stack.
Central by the Numbers
For those of you who, like me, enjoy putting numbers to things, I’d like to share some current usage stats.
- Over 432,000 organizations currently use Sophos Central to secure their organization – more than the population of the Bahamas or Iceland
- 7 million devices are hosted in Sophos Central – greater than the combined populations of Sweden, Singapore, and New Zealand!
- 120 terabytes of data are uploaded to the Sophos data lake every single day – equivalent to 1MB for every person in Japan
Data sovereignty is an important customer consideration with all cloud-based tools. As demand for Sophos Central has grown, so have our data centers: from our initial three in 2013 we now have nine across the EU (x2), U.S. (x2), Canada, Australia, Japan, India, and Brazil.
Delivering Superior Cybersecurity Outcomes
While the numbers demonstrate the popularity of our platform, what I’m most proud of are the tremendous cybersecurity outcomes that Sophos Central delivers for our customers and partners. Organizations running Sophos Central to manage their defenses consistently report protection and efficiency benefits that make a real day-to-day impact, including:
- 85% reduction in the number of cybersecurity incidents the team needs to deal with
- 90% reduction in time spent on day-to-day cybersecurity management
- Doubling the efficiency of the IT team
Sophos Central enables IT teams to stop console-hopping and manage all their security in one place. Should an alert need investigating, you can follow the trail seamlessly across protection technologies to quickly get to the root of the issue and remediate appropriately. User-based policies make it quick and simple to apply consistent approaches across endpoint and network security tools.
We recognize that each organization is different and Sophos Central is a flexible tool that adapts to customer needs. The intuitive dashboards and one-click fixes support stretched IT teams while enterprise-grade features and granularity provide the depth and control security specialists require.
Looking Ahead
While our interface and breadth and depth of capabilities has changed hugely over the last ten years, our passion to elevate usability, utility, and scalability has not.
Over the coming year our dedicated Sophos Central engineering team, partnering with our outstanding product and services teams, will be delivering further leaps forward in customer delighting usability, capability and function; ensuring that we continue to give organizations the very best tools for managing their defenses.
As we celebrate this milestone anniversary, be assured that Sophos Central will continue to be at the heart of Sophos innovation and product and service delivery for the decade to come.
Source: Sophos
Sophos Firewall has received Frost & Sullivan’s prestigious Competitive Strategy Leadership Award in the next-generation firewall (NGFW) industry. Frost & Sullivan applies a rigorous analytical process to evaluate multiple vendors for each award category before determining the final award recipient.
We are very honored that Sophos Firewall was awarded this distinction based on strategic innovation and customer impact.
Frost & Sullivan praised our focus on delivering a turn-key cybersecurity solution that enables organizations to scale their security operations without increasing IT complexity. They also praised us for enabling organizations to reduce TCO, strengthen their security posture, enhance visibility, and improve compliance.
They noted that we are uniquely positioned to provide a holistic cybersecurity platform through Sophos Central, which eliminates blind spots in increasingly complex network environments while not forcing customers to compromise on performance for better firewall security:
“Sophos’ firewall offering removes the burden of choosing between security and performance with its Xstream acceleration engine, which balances data traffic between CPUs to optimize performance and keep the network secure.”
Frost & Sullivan concluded that Sophos Firewall aligns with customer needs for better price/performance and value, a great ownership experience, and the option to easily scale or adapt as their needs change or grow.
“Sophos has capitalized on opportunities to simplify its product portfolio, solidifying its position as one of the leading NGFW vendors in the market. For its strong overall performance, Sophos earns Frost & Sullivan’s 2023 Global Competitive Strategy Leadership Award in the next-generation firewall (NGFW) industry.”
Download the full Frost & Sullivan Award Report and check Sophos.com/Firewall for more information.
Source: Sophos
The evolution of businesses and IT infrastructures over the last few years has been staggering, resulting in data disparately distributed throughout the business ecosystem. This makes it difficult to monitor both the data and the server carrying it. That’s why it is crucial for managed service providers (MSPs) like you to be well-prepared to protect and recover your critical server workloads regardless of where they are located.
Due to data sprawl, it gets quite challenging for MSPs to provide complete data protection to “edge cases,” which include small businesses with individual servers, servers situated in very remote or inhospitable places, or servers distributed over multiple sites. It also gets incredibly complicated and time-consuming to implement and manage the backup infrastructure of the server workloads, especially when there’s a need to implement a separate on-site backup appliance at each location. Added to this is the heavy cost incurred by MSPs to carry out the entire operation.
Hence, most MSPs tend to avoid rolling out or managing backup infrastructures.
Putting MSPs at risk
The reluctance to manage backup infrastructures can be costly for MSPs since it leaves their clients’ data unprotected. Not backing up data creates data loss risks and possible exposure to ransomware attacks, resulting in business downtime and reputation loss for the MSP. This can directly impact the MSP’s profitability and must be addressed smartly.
Direct backup to the cloud
A dedicated backup infrastructure in a data center isn’t always the solution. Complementing your tech stack with a direct backup to the cloud would be the ideal choice. With the help of a unified, direct-to-cloud business continuity and disaster recovery (BCDR) solution, you can bolster your data protection and take it beyond the boundaries of primary data centers. You can do away with all the complexities associated with the implementation and management of modern IT infrastructure, in turn saving technician time and energy and focusing on helping your clients grow their business.
Another reason to amplify your stack and opt for direct-to-cloud backup is the possibility of new revenue and healthy margin opportunities. It allows the backup services to expand beyond their spheres of influence and include the protection of clients’ systems, eliminating the risk of data loss and the possibility of downtime — at great operating margins.
A game changer for MSPs
Datto Endpoint Backup for Servers offers compact, direct-to-cloud BCDR solutions for servers anywhere. Purpose-built for MSPs, this solution combines its direct cloud backup feature with ransomware protection and powerful disaster recovery (DR) capabilities and can be managed via a unified management portal. It eliminates the need to put hardware on-site.
Let’s take a look at what it brings to the table.
Enhancing your and the clients’ reputation
Ransomware attacks are on the rise owing to their late detection. Such a threat can result in unplanned downtime and jeopardize your company’s reputation. Datto’s latest solution, with its unique ransomware detection capabilities, scans for early warnings and regularly checks immutable backups stored in the Datto Cloud with Cloud Deletion Defense™ — protecting your customers’ businesses from IT disasters. This goes a long way towards preserving and enhancing your reputation as well as that of your clients. The same technologies as Datto SIRIS and Datto Continuity for Microsoft Azure are used here to eliminate ransomware threats.
Expanding your BCDR services
Datto Endpoint Backup for Servers helps create new revenue streams for your business and expands the scope of your BCDR services by offering complete protection for “edge case” servers. Despite the expansion of services, the costs involved in providing complete protection (backup, DR and DR testing) follow a flat-fee structure and are lower than “do-it-yourself” (DIY) vendors, whose costs are often high and unpredictable. The solution comes with the lowest total cost of ownership (TCO), without any hidden/variable fees. No extra charges for cloud storage, computing, DR or DR testing are incurred. Such a cost-effective pricing model enables predictable business growth for you and your clients.
Simplifying the backup business
The recent shift to a hybrid business model has led to increased complexity within the IT landscape, with data and servers scattered across multiple sites. Datto Endpoint Backup for Servers comes with a centralized management portal that simplifies the data backup workflow while saving time and eliminating complexity in just a few clicks. The portal is connected with both Datto BCDR solutions and Datto Continuity for Microsoft Azure. Hence, managing the full backup stack from a single, unified interface is now a reality. The MSP-centric architecture of the solution delivers optimal technician efficiency and minimum overhead costs compared to solutions designed for enterprise IT.
Best-in-class tech support
Datto-certified experts are there to quickly help you with proven, direct-to-tech, 24/7/365 support. This ensures proper monitoring of your backup and DR services and pushes you and your clients to succeed.
Built to scale MSPs
With Datto Endpoint Backup for Servers, you get appliance-less, direct-to-cloud backup managed via a client-centric view for consistent data protection across remote servers, data centers, Azure and SaaS. Due to this single-pane-of-glass management, there’s a streamlining of daily operations, increasing overall BCDR efficiency with smart features like screenshot verification, automated testing and email alerts. As a result, MSPs like you get a much simpler and smarter BCDR solution.
A sign of such an evolved, smarter BCDR process is the hourly backup of your clients’ servers directly to the secure and private Datto Cloud, ensuring rapid recovery during downtime, cyberattacks and outages. This sets the standard for a secure cloud infrastructure and paves the way for unhindered business growth.
Source: Datto
Even with a well-guarded IT infrastructure, business disruptions are inevitable regardless of the size or industry of a company. This is especially true for organizations operating in harsh or highly uncertain environments, such as oil rigs, mines and factory floors. From cyberthreats to natural disasters and hardware failure, many factors could halt industrial and manufacturing production. One such factor is excessive vibration, which could cause data errors in hard disk drives (HDDs) and hamper operational continuity.
Challenges MSPs face serving clients operating in complex and risky environments
Managed service providers (MSPs) often struggle to deliver robust disaster recovery (DR) solutions to clients in the industrial and manufacturing sectors. This is due to the risk of low DR success rate and extended downtime because of the damage caused by excessive vibration to DR infrastructures relying on spinning HDDs.
In addition, MSPs face thinning margins implementing business continuity and disaster recovery (BCDR) solutions for clients with stringent recovery time objectives (RTOs). MSPs need premium hardware to deliver superior BCDR services and meet shorter RTO goals, which require high capital expenditure (CapEx).
Why HDDs aren’t ideal for disaster recovery in harsh environments
HDDs have many moving parts that operate with incredibly high precision. The mechanical components, read/write heads and platters or magnetic disks are delicate and sensitive, making them vulnerable to physical damage. The platter and heads rotate at high speeds of 10,000 to 15,000 rotations per minute (RPM) to store and retrieve information. Because of the delicate nature of its components and the rates at which it works, a sudden jerk or strong vibration could easily damage a hard disk drive and cause read-write errors. Data recovery from a damaged hard disk drive platter can be tedious and time-consuming.
HDDs vs. SSDs
HDDs are inexpensive compared to solid-state drives (SSDs) and provide more storage space. However, rotating HDDs have many mechanical parts that are prone to wear and tear after a few years of regular use, increasing the risk of hardware failure. SSDs, on the other hand, utilize flash memory to store information, have no moving mechanical components and can withstand bumps and vibrations. SSDs are highly durable and reliable storage mediums, even in harsh environments like manufacturing plants and factories. They are much lighter, faster, quieter and consume less energy than HDDs.
Minimize risks and expand margins with Datto SIRIS NVMe SSD Models
A crucial part of running a successful MSP business is having the right set of tools in your tech stack.
The new Datto SIRIS models, built using NVMe SSD, minimize risks by decreasing DR hardware failure rates caused by vibrations in harsh environments, like oil rigs, mines and factory floors. Our solutions allow you to increase your BCDR service profitability even for demanding clients and workloads since Datto SSD models come at one simple flat fee — no upfront CapEx costs or hidden or extra charges.
Datto’s flat-fee subscription model eliminates surprises by including DR/backup cloud, hardware, software, storage and technical support, even for the premium high-cost hardware based on NVMe SSD technologies.
Most Datto BCDR implementations deliver immediate return on investment (ROI) with larger margins and zero CapEx investment required.
Source: Datto
When ransomware strikes, files become encrypted. That’s the hallmark signature of most ransomware attacks. Even if you pay the ransom, there’s no guarantee that you’ll get the keys to unlock your encrypted files. Bottom line, when ransomware hits you are likely to lose important data.
This ends with Ransomware Rollback. Ransomware Rollback is a new, innovative feature included with Datto Endpoint Detection and Response (EDR) that gives you peace of mind knowing that when a ransomware attack hits you’ll be able to get your files back, intact as they were before the incident.
Datto EDR includes Ransomware Detection, a unique and powerful antimalware technology that identifies known and unknown types of ransomware and kills the encryption process once an attack begins. As fast as Ransomware Detection is, the attacker’s encryption process always strikes first, meaning some files become encrypted before Ransomware Detection can kill the process and isolate the endpoint.
To address this, Datto created Ransomware Rollback, a lightweight application that tracks changes on endpoint disk space, providing rollback functionality for files and databases impacted by ransomware attacks. It consists of software that runs silently in the background, as well as a desktop application used for monitoring and managing the rollback process.
The solution works by intercepting file system calls made by applications and then performs tracking of the changes made. For example, if a file is renamed, deleted, or updated, the system records these changes and stores them in a designated tracking directory on the user’s disk.
For database applications like SQL Server or QuickBooks, Ransomware Rollback saves the data being written on an operation-by-operation basis, allowing the entire update to be rolled back if it is compromised by ransomware.
Unlike other EDR applications that offer similar rollback capabilities, Datto EDR with Ransomware Rollback does not rely on Windows shadow copy, which is often targeted by ransomware attacks. This ensures that your files and data are safe from even the most advanced cyberattack.
What’s more, Ransomware Rollback solves the problem of “wiper” attacks. Data wipers are one of the fastest growing categories of malware. Here, the objective of a wiper attack is to delete and destroy files and data.
Ransomware Rollback even restores deleted files, such as those hit by a wiper attack or files deleted by accident. Through the creation of hard links in a tracking directory, Ransomware Rollback ensures that users can restore deleted files, no matter the circumstance.
Ransomware Rollback is an integral component of Ransomware Detection, which is included with Datto EDR. With one click, you can quickly revert encrypted data and files back to their previous state, which makes the recovery process easy, efficient and effortless.
To get a demo of Datto EDR with Ransomware Rollback, click here.
Source: Datto
The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.
Cybersecurity Strategy
The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy at the end of 2020.
The Strategy covers the security of essential services such as hospitals, energy grids and railways. It also covers the security of the ever-increasing number of connected objects in our homes, offices and factories.
The Strategy focuses on building collective capabilities to respond to major cyberattacks and working with partners around the world to ensure international security and stability in cyberspace. It outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to the EU and Member States.
Legislation and certification
Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive)
Cybersecurity threats are almost always cross-border, and a cyberattack on the critical facilities of one country can affect the EU as a whole. EU countries need to have strong government bodies that supervise cybersecurity in their country and that work together with their counterparts in other Member States by sharing information. This is particularly important for sectors that are critical for our societies.
The Directive on security of network and information systems (NIS Directive), which all countries have now implemented, ensures the creation and cooperation of such government bodies. This Directive was reviewed at the end of 2020.
As a result of the review process, the proposal for a Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) was presented by the Commission on 16 December 2020.
The Directive was published in the Official Journal of the European Union in December 2022 and entered into force on 16 January 2023. Member states will have 21 months from the entry into force of the directive in which to incorporate the provisions into their national law (actual date: 18 October 2024).
NIS2 Directive
The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.
The EU cybersecurity rules introduced in 2016 were updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape. By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.
The Directive on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) provides legal measures to boost the overall level of cybersecurity in the EU by ensuring:
- Member States’ preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority,
- cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States.
- a culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.
Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.
ENISA – the EU cybersecurity agency
ENISA (European Union Agency for Cybersecurity) is the EU agency that deals with cybersecurity. It provides support to Member States, EU institutions and businesses in key areas, including the implementation of the NIS Directive.
The Cyber Resilience Act
The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.
EU Cyber Resilience Act – For safer and more secure digital products
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021.
Such products suffer from two major problems adding costs for users and the society:
- a low level of cybersecurity, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, and
- an insufficient understanding and access to information by users, preventing them from choosing products with adequate cybersecurity properties or using them in a secure manner.
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
Two main objectives were identified aiming to ensure the proper functioning of the internal market:
- create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle; and
- create conditions allowing users to take cybersecurity into account when selecting and using products with digital elements.
Four specific objectives were set out:
- ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
- ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
- enhance the transparency of security properties of products with digital elements, and
- enable businesses and consumers to use products with digital elements securely.
Cybersecurity Act
The Cybersecurity Act strengthens the role of ENISA. The agency now has a permanent mandate and is empowered to contribute to stepping up both operational cooperation and crisis management across the EU. It also has more financial and human resources than before. On 18 April 2023, the Commission proposed a targeted amendment to the EU Cybersecurity Act.
Cyber Solidarity Act
On the 18 April 2023, the European Commission proposed the EU Cyber Solidarity Act, to improve the response to cyber threats across the EU. The proposal will include a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism to create a better cyber defence method.
Certification
Our digital lives can only work well if there is general public trust in the cybersecurity of IT products and services. It is important that we can see that a product has been checked and certified to conform to high cybersecurity standards. There are currently various security certification schemes for IT products around the EU. Having a single common scheme for certification would be easier and clearer for everyone.
The Commission is therefore working on an EU-wide certification framework, with ENISA at its heart. The Cybersecurity Act outlines the process for achieving this framework.
The EU cybersecurity certification framework
The EU cybersecurity certification framework for ICT products enables the creation of tailored and risk-based EU certification schemes.
Certification plays a crucial role in increasing trust and security in important products and services for the digital world. At the moment, a number of different security certification schemes for ICT products exist in the EU. But, without a common framework for EU-wide valid cybersecurity certificates, there is an increasing risk of fragmentation and barriers between Member States.
The certification framework will provide EU-wide certification schemes as a comprehensive set of rules, technical requirements, standards and procedures. The framework will be based on agreement at EU level on the evaluation of the security properties of a specific ICT-based product or service. It will attest that ICT products and services that have been certified in accordance with such a scheme comply with specified requirements.
In particular, each European scheme should specify:
- the categories of products and services covered;
- the cybersecurity requirements, such as standards or technical specifications;
- the type of evaluation, such as self-assessment or third party;
- the intended level of assurance.
The assurance levels are used to inform users of the cybersecurity risk of a product, and can be basic, substantial, and/or high. They are commensurate with the level of risk associated with the intended use of the product, service or process, in terms of probability and impact of an accident. A high assurance level would mean that the certified product passed the highest security tests.
The resulting certificate will be recognised in all EU Member States, making it easier for businesses to trade across borders and for purchasers to understand the security features of the product or service.
As for the implementation of the certification framework, Member State authorities, gathered in the European Cybersecurity Certification Group (ECCG) have already met several times.
Stakeholder Cybersecurity Certification Group
Following the entry into force of the Cybersecurity Act in 2019, the European Commission launched a call for applications to select members of the Stakeholder Cybersecurity Certification Group (SCCG).
The SCCG will be responsible for advising the Commission and ENISA on strategic issues regarding cybersecurity certification, and assisting the Commission in the preparation of the Union rolling work programme. This is the first stakeholder expert group for cybersecurity certification launched by the European Commission.
Depending on how you create your passwords, such as the length or including letters, numbers and symbols, the time it would take a cybercriminal to crack it varies. Understanding what makes it easy for cybercriminals to crack your passwords is critical to keeping yourself safe from becoming a victim of this type of attack.
Read on to learn how long it would take to crack your password and what you can do to strengthen your passwords so they’re not easily cracked by a cybercriminal.
What’s Password Cracking?
Password cracking is when cybercriminals use tools and programs to retrieve passwords saved in a computer system or sent via a network. Using these programs, cybercriminals can crack your passwords and get into your accounts in a matter of seconds, minutes, hours, days or years depending on how complex your passwords are. The less complex your passwords are, the faster a password-cracking program can successfully crack them and compromise your accounts.
How Long It Would Take to Crack Your Password
To give you an idea of how long it takes to crack passwords, here are a few examples from the Statista chart below.
According to Statista, passwords with at least one uppercase letter, number, symbol and at least 12 characters will take the longest for a password cracking program to crack – Statista estimates 34,000 years for a password that includes all of those criteria.
On the contrary, passwords that are 6 characters or less will be cracked instantly even when incorporating an uppercase letter, number and symbol. If you find that your password matches up to the criteria in the red, it means your passwords can be cracked instantly or in a matter of minutes, which is a risk to your online security.
The Importance of Random and Strong Passwords
It’s evident from the findings above that using weak passwords that don’t follow password best practices will make them easier for cybercriminals to crack. When you follow password best practices, the ability to crack your password becomes more difficult because of the complexity and length.
Password best practices include:
- Not using sequential numbers (e.g. 12345)
- Not including personal information (e.g. home address)
- Not using dictionary words (e.g. Dog)
- Not reusing passwords across multiple accounts
- Creating passwords with at least 12 characters
Oftentimes, people rely on themselves to create all their passwords. This results in using weak passwords because they are easier to remember or it leads to the reuse of passwords across multiple accounts. Reusing passwords is a dangerous practice as it makes it easier for cybercriminals to compromise more than just one of your accounts.
So, how can you go about creating passwords that are random, strong and difficult for cybercriminals to crack?
How to Create Strong Passwords That Are Hard to Crack
Here are a few ways you can create strong passwords that cannot be easily cracked.
Use a password generator tool
A password generator is a tool that aids you in creating unique passwords. When using a password generator, all you have to do is click a button and it’ll generate a unique string of characters based on how long you want your password to be. This is the easiest solution to strengthening your passwords since you won’t have to create them yourself. Keeper has its own password generator tool that is free to use. However, using a password generator tool alone is risky because you’re still left with the problem of having to remember them all – and the more complicated they are, the harder that is to do.
This is where a password manager can help.
Store your passwords in a password manager
A password manager is a cybersecurity tool that aids in generating passwords and storing them securely. Keeper’s password manager securely stores your passwords and allows you to access them on any platform, from any device. All you have to do is create a strong master password and Keeper Password Manager does the rest.
With Keeper, rest assured that your passwords will be almost impossible for a cybercriminal to crack.
Make sure your passwords are at least 12 characters long
Even when using a password generator tool or password manager, you’re still allowed the option to choose how long you want your passwords to be. Keep in mind that passwords less than 12 characters are not as secure as passwords that are at least 12 characters in length. The longer the password, the longer it’ll take for a cybercriminal to crack. The same goes for the complexity of the password.
Prevent Your Passwords From Being Cracked With Keeper
As technology advances, password cracking becomes easier for cybercriminals to successfully do. It’s important to understand the criteria to follow when creating strong, complex passwords and tools you can use to help create them.
Start a free 30-day trial of Keeper Password Manager to see how Keeper helps you create strong, unique passwords.
Source: Keeper