The European Union works on various fronts to promote cyber resilience, safeguarding our communication and data and keeping online society and economy secure.

Cybersecurity Strategy

The European Commission and the High Representative of the Union for Foreign Affairs and Security Policy presented a new EU Cybersecurity Strategy at the end of 2020.

The Strategy covers the security of essential services such as hospitals, energy grids and railways. It also covers the security of the ever-increasing number of connected objects in our homes, offices and factories.

The Strategy focuses on building collective capabilities to respond to major cyberattacks and working with partners around the world to ensure international security and stability in cyberspace. It outlines how a Joint Cyber Unit can ensure the most effective response to cyber threats using the collective resources and expertise available to the EU and Member States.

Legislation and certification

Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive)

Cybersecurity threats are almost always cross-border, and a cyberattack on the critical facilities of one country can affect the EU as a whole. EU countries need to have strong government bodies that supervise cybersecurity in their country and that work together with their counterparts in other Member States by sharing information. This is particularly important for sectors that are critical for our societies.

The Directive on security of network and information systems (NIS Directive), which all countries have now implemented, ensures the creation and cooperation of such government bodies. This Directive was reviewed at the end of 2020.

As a result of the review process, the proposal for a Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) was presented by the Commission on 16 December 2020.

The Directive was published in the Official Journal of the European Union in December 2022 and entered into force on 16 January 2023. Member states will have 21 months from the entry into force of the directive in which to incorporate the provisions into their national law (actual date: 18 October 2024).

NIS2 Directive

The NIS2 Directive is the EU-wide legislation on cybersecurity. It provides legal measures to boost the overall level of cybersecurity in the EU.

The EU cybersecurity rules introduced in 2016 were updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape. By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole. 

The Directive on measures for a high common level of cybersecurity across the Union (the NIS2 Directive) provides legal measures to boost the overall level of cybersecurity in the EU by ensuring: 

• Member States’ preparedness, by requiring them to be appropriately equipped. For example, with a Computer Security Incident Response Team (CSIRT) and a competent national network and information systems (NIS) authority,
• cooperation among all the Member States, by setting up a Cooperation Group to support and facilitate strategic cooperation and the exchange of information among Member States.
• a culture of security across sectors that are vital for our economy and society and that rely heavily on ICTs, such as energy, transport, water, banking, financial market infrastructures, healthcare and digital infrastructure.
  

Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive. 

ENISA – the EU cybersecurity agency

ENISA (European Union Agency for Cybersecurity) is the EU agency that deals with cybersecurity. It provides support to Member States, EU institutions and businesses in key areas, including the implementation of the NIS Directive.

The Cyber Resilience Act

The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products. 

The proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, bolsters cybersecurity rules to ensure more secure hardware and software products.

EU Cyber Resilience Act – For safer and more secure digital products 

Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. 

Such products suffer from two major problems adding costs for users and the society: 

• a low level of cybersecurity, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them, and
• an insufficient understanding and access to information by users, preventing them from choosing products with adequate cybersecurity properties or using them in a secure manner.
  

While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cybersecurity. In particular, the current EU legal framework does not address the cybersecurity of non-embedded software, even if cybersecurity attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs. 

Two main objectives were identified aiming to ensure the proper functioning of the internal market:  

• create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle; and
• create conditions allowing users to take cybersecurity into account when selecting and using products with digital elements.
  

Four specific objectives were set out: 

• ensure that manufacturers improve the security of products with digital elements since the design and development phase and throughout the whole life cycle;
• ensure a coherent cybersecurity framework, facilitating compliance for hardware and software producers;
• enhance the transparency of security properties of products with digital elements, and
• enable businesses and consumers to use products with digital elements securely.

Cybersecurity Act

The Cybersecurity Act strengthens the role of ENISA. The agency now has a permanent mandate and is empowered to contribute to stepping up both operational cooperation and crisis management across the EU. It also has more financial and human resources than before. On 18 April 2023, the Commission proposed a targeted amendment to the EU Cybersecurity Act.

Cyber Solidarity Act

On the 18 April 2023, the European Commission proposed the EU Cyber Solidarity Act, to improve the response to cyber threats across the EU. The proposal will include a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism to create a better cyber defence method.

Certification

Our digital lives can only work well if there is general public trust in the cybersecurity of IT products and services. It is important that we can see that a product has been checked and certified to conform to high cybersecurity standards. There are currently various security certification schemes for IT products around the EU. Having a single common scheme for certification would be easier and clearer for everyone.

The Commission is therefore working on an EU-wide certification framework, with ENISA at its heart. The Cybersecurity Act outlines the process for achieving this framework.

The EU cybersecurity certification framework 

The EU cybersecurity certification framework for ICT products enables the creation of tailored and risk-based EU certification schemes. 

Certification plays a crucial role in increasing trust and security in important products and services for the digital world. At the moment, a number of different security certification schemes for ICT products exist in the EU. But, without a common framework for EU-wide valid cybersecurity certificates, there is an increasing risk of fragmentation and barriers between Member States. 

The certification framework will provide EU-wide certification schemes as a comprehensive set of rules, technical requirements, standards and procedures. The framework will be based on agreement at EU level on the evaluation of the security properties of a specific ICT-based product or service. It will attest that ICT products and services that have been certified in accordance with such a scheme comply with specified requirements. 

In particular, each European scheme should specify: 

• the categories of products and services covered;
• the cybersecurity requirements, such as standards or technical specifications;
• the type of evaluation, such as self-assessment or third party;
• the intended level of assurance.
  

The assurance levels are used to inform users of the cybersecurity risk of a product, and can be basic, substantial, and/or high. They are commensurate with the level of risk associated with the intended use of the product, service or process, in terms of probability and impact of an accident. A high assurance level would mean that the certified product passed the highest security tests. 

The resulting certificate will be recognised in all EU Member States, making it easier for businesses to trade across borders and for purchasers to understand the security features of the product or service. 

As for the implementation of the certification framework, Member State authorities, gathered in the European Cybersecurity Certification Group (ECCG) have already met several times. 

Stakeholder Cybersecurity Certification Group 

Following the entry into force of the Cybersecurity Act in 2019, the European Commission launched a call for applications to select members of the Stakeholder Cybersecurity Certification Group (SCCG). 

The SCCG will be responsible for advising the Commission and ENISA on strategic issues regarding cybersecurity certification, and assisting the Commission in the preparation of the Union rolling work programme. This is the first stakeholder expert group for cybersecurity certification launched by the European Commission.

 

 

Depending on how you create your passwords, such as the length or including letters, numbers and symbols, the time it would take a cybercriminal to crack it varies. Understanding what makes it easy for cybercriminals to crack your passwords is critical to keeping yourself safe from becoming a victim of this type of attack.

Read on to learn how long it would take to crack your password and what you can do to strengthen your passwords so they’re not easily cracked by a cybercriminal.

What’s Password Cracking?

Password cracking is when cybercriminals use tools and programs to retrieve passwords saved in a computer system or sent via a network. Using these programs, cybercriminals can crack your passwords and get into your accounts in a matter of seconds, minutes, hours, days or years depending on how complex your passwords are. The less complex your passwords are, the faster a password-cracking program can successfully crack them and compromise your accounts.

How Long It Would Take to Crack Your Password

To give you an idea of how long it takes to crack passwords, here are a few examples from the Statista chart below.

According to Statista, passwords with at least one uppercase letter, number, symbol and at least 12 characters will take the longest for a password cracking program to crack – Statista estimates 34,000 years for a password that includes all of those criteria.

On the contrary, passwords that are 6 characters or less will be cracked instantly even when incorporating an uppercase letter, number and symbol. If you find that your password matches up to the criteria in the red, it means your passwords can be cracked instantly or in a matter of minutes, which is a risk to your online security.

The Importance of Random and Strong Passwords

It’s evident from the findings above that using weak passwords that don’t follow password best practices will make them easier for cybercriminals to crack. When you follow password best practices, the ability to crack your password becomes more difficult because of the complexity and length.

Password best practices include:

• Not using sequential numbers (e.g. 12345)
• Not including personal information (e.g. home address)
• Not using dictionary words (e.g. Dog)
• Not reusing passwords across multiple accounts
• Creating passwords with at least 12 characters

Oftentimes, people rely on themselves to create all their passwords. This results in using weak passwords because they are easier to remember or it leads to the reuse of passwords across multiple accounts. Reusing passwords is a dangerous practice as it makes it easier for cybercriminals to compromise more than just one of your accounts.

So, how can you go about creating passwords that are random, strong and difficult for cybercriminals to crack?

How to Create Strong Passwords That Are Hard to Crack

Here are a few ways you can create strong passwords that cannot be easily cracked.

Use a password generator tool

A password generator is a tool that aids you in creating unique passwords. When using a password generator, all you have to do is click a button and it’ll generate a unique string of characters based on how long you want your password to be. This is the easiest solution to strengthening your passwords since you won’t have to create them yourself. Keeper has its own password generator tool that is free to use. However, using a password generator tool alone is risky because you’re still left with the problem of having to remember them all – and the more complicated they are, the harder that is to do.

This is where a password manager can help.

Store your passwords in a password manager

A password manager is a cybersecurity tool that aids in generating passwords and storing them securely. Keeper’s password manager securely stores your passwords and allows you to access them on any platform, from any device. All you have to do is create a strong master password and Keeper Password Manager does the rest.

With Keeper, rest assured that your passwords will be almost impossible for a cybercriminal to crack.

Make sure your passwords are at least 12 characters long

Even when using a password generator tool or password manager, you’re still allowed the option to choose how long you want your passwords to be. Keep in mind that passwords less than 12 characters are not as secure as passwords that are at least 12 characters in length. The longer the password, the longer it’ll take for a cybercriminal to crack. The same goes for the complexity of the password.

Prevent Your Passwords From Being Cracked With Keeper

As technology advances, password cracking becomes easier for cybercriminals to successfully do. It’s important to understand the criteria to follow when creating strong, complex passwords and tools you can use to help create them.

Start a free 30-day trial of Keeper Password Manager to see how Keeper helps you create strong, unique passwords.

Source: Keeper

Sophos is excited to announce a new partnership with Cysurance, a next-generation risk mitigation company that insures, warranties and certifies security solutions.

The partnership provides unique, fixed-price cyber insurance to U.S.-based organizations using Sophos Managed Detection and Response (MDR). The policies are the first of their kind to recognize organizations for having a layer of threat detection and response services.

As cyberthreats increase in complexity and velocity, MDR is quickly becoming an essential requirement for organizations to manage their cybersecurity posture. Most organizations simply can’t keep up with the evolving threat landscape, as evidenced by the 59% of U.S. security defenders who say today’s threats are too advanced for their organizations to deal with on their own.

Cysurance recognizes this and the value that Sophos’ 24/7 threat detection and response experts provide to mitigate cyber risk. Cysurance’s fixed-price coverage is a testament to Sophos’ MDR capabilities and the effective security services we provide to organizations.

Kirsten Bay, co-founder and CEO at Cysurance, says:

“The lack of comprehensive and integrated security strategies largely explains why cyber insurance policy fees are rising while coverage limits are declining. Those without defense in depth strategies are at increased cyber risk. However, cybersecurity is a manageable challenge, and Sophos can help. Together, we’re focused on helping organizations take responsible steps to implement proper cybersecurity to protect their business and digital assets. Sophos’ proven MDR solution allows Cysurance to offer a range of best-in-class coverage plans that reward customers for their smart cybersecurity investments.”

The Cysurance policies for Sophos MDR users supports all industry sectors in the U.S., regardless of number of employees or endpoints. Four plans, ranging from $275,000 to $3.2 million in total coverage – including ransomware coverage – are available. To learn more and sign-up, visit https://enroll.cysurance.com/sophos/

This is the latest in a series of cyber insurance partnerships for Sophos, which already this year announced deals with Cowbell and Measured Analytics and Insurance. Its partnership with Cysurance uniquely benefits organizations using Sophos MDR, one of the industry’s most widely used services with more than 17,000 customers.

Source: Sophos

Combining the best of Kaseya Connect and DattoCon, the first joint event since the acquisition of Datto will showcase technical insights, solutions updates and growth strategies with the European IT community.

Kaseya, the leading global provider of unified IT management and cybersecurity software for managed service providers (MSPs) and small to mid-size businesses (SMBs), has commenced its first combined Kaseya DattoCon Europe event taking place at the Convention Centre Dublin, Ireland from 26-28 June.

Bringing together more than 1,000 IT industry leaders over three days of sessions, exclusive certified trainings and networking, the event is a key opportunity for attendees to learn in-depth about Kaseya’s IT service solutions – including the recently launched IT Complete 2.0, the industry’s only purpose-built platform for multi-functional IT professionals.

Leading industry experts will discuss current trends in IT and cybersecurity and share impactful growth strategies for the IT community. A plethora of networking opportunities, actionable sales and marketing advice and hands-on, expert-led product training complete the three-day programme.

New capabilities in IT Complete 2.0

“Organisations ‘powered by Kaseya’ are the most successful in their industries,” said Fred Voccola, CEO, Kaseya. “IT Complete is already the most integrated and comprehensive suite of solutions for IT professionals. With this latest version, we’ve taken its capabilities to the next level by adding another 350 integrations, including all Datto products. We are proud to present IT Complete 2.0 to our European partners.”

• Following the acquisition of Vonahi, Kaseya has added automated network penetration testing to its Security Suite and lowered the pricing for Vonahi solutions by 10%.
• Kaseya has also expanded its MSP Enablement Suite to include the audIT automated sales presentation solution, with five free licenses for every customer.
• The ConnectBooster integration is now available to European partners, simplifying billing processes for MSPs.

Other product updates within IT Complete 2.0 include:

• Datto Endpoint Backup for Servers, a highly anticipated solution giving MSPs the option to protect servers directly to the secure Datto Cloud – no local appliance or IT hands required – while still including all the advanced features Datto BCDR users have come to expect.
• Microsoft 365 Management in Datto RMM, a new feature combining user management and device management to simultaneously give new users everything they need during the onboarding phase. It also revokes access at once when they are offboarding.
• The relaunched Datto Networking Appliance (DNA), a high-performance network router for ‘always on’ Internet connections thanks to fully integrated 4G LTE failover.

New Kaseya Business Services for European customers

Kaseya is also growing its Remote IT and Security Management (RITSM) training programme with a new Professional course. The new 40-hour certification course is designed to address the growing demand for tech talent, with modules covering critical MSP functions such as remote IT and security management, working in sandbox environments and customer service skills.

Key sessions at Kaseya DattoCon Europe included:

• Fred Voccola, CEO, Kaseya will deliver a keynote on the state of the MSP and SMB industry and opportunities ahead.
• Dr. Lior Zoref, Researcher, Advisor, TED Speaker, Former Vice President at Microsoft and author of the best-selling book, Mindsharing: The Art of Crowdsourcing Everything will delve into using collective intelligence to make better decisions and find new solutions to business challenges.
• Ranjan Singh, Chief Product Officer, Kaseya will give an overview of the latest Kaseya and Datto product innovations.
• Jason Manar, CISO, Kaseya will discuss the real threats that keep CISOs up at night.
• Nadir Merchant, General Manager and CTO, IT Glue will present integrated IT management with Kaseya One.

Source: Kaseya

The SophosLabs Intelix portal is an excellent resource for staying informed about the latest cyber threats.

We are pleased to announce the launch of the SophosLabs Intelix portal, a web-based interface allowing anyone to submit suspicious threat artifacts for threat intelligence and classification. This free service is an excellent resource for individuals, researchers, and organizations looking to stay up to date with the latest cyber threats.

Intelix provides detailed, explainable, and proven threat intelligence, allowing people to make informed decisions. Submitted files and URLs undergo detailed threat analysis, including cloud lookups, static analysis, and dynamic analysis (cloud sandboxing).

From the rich reports generated, users can understand the verdict and the features and/or behaviors that led to the verdict.

The Intelix portal showcases the power of the SophosLabs detection technologies and the Sophos X-Ops threat intelligence platform used by Sophos products.

If you’re a registered Sophos customer, the Intelix Portal offers additional features. By signing in with your Sophos ID, you can access the results of all previous analyses for up to one year. You can also instantly escalate an analysis to Sophos Support or SophosLabs for human review of the verdict.

The SophosLabs Intelix portal is an excellent resource for staying informed about the latest cyber threats. Whether you’re a researcher, an individual, or a business, the portal provides a wealth of information to help you stay one step ahead of cybercriminals. Intelix is also available in the AWS Marketplace and for OEM use cases.

Try it out today or visit Sophos.com/Intelix to learn more.

Source: Sophos

Cybercriminals often use phishing emails to get you to click on malicious links or attachments. Clicking on these scams can trigger a malware infection that places all your sensitive data at risk of becoming compromised. Before deciding to click on an attachment, you should make sure it’s safe to open.

You can check if an email attachment is safe by having antivirus software scan the attachments in your emails, double-checking who the sender is and not opening any attachments that are marked as spam. Keep reading to learn more about unsafe email attachments and how you can keep yourself from falling victim to them.

The Risks of Opening Unsafe Email Attachments

One of the biggest risks of opening unsafe email attachments is having your device become infected with malicious software called malware. When malware is successfully installed onto your computer, it can log your keystrokes, take screenshots of your activity and compromise your computer’s camera or microphone. All of this data is then sent to the cybercriminal who targeted your device.

Cybercriminals use malware to steal your sensitive data such as your account login information or credit card numbers. Depending on the type of malware that is installed on your computer, what the cybercriminal can get away with varies.

3 Tips To Check If an Email Attachment Is Safe

Here are tips you can use to check if an email attachment is safe.

Double-check who the sender is 

Checking the sender’s email and name is a very important step to take before deciding to click on an email attachment. However, you cannot just rely on the sender’s name to verify an email. Many cybercriminals spoof the names of senders to make it look like they’re coming from a trusted source, when in reality, they’re not. Even if you use an email provider like Gmail, which released an update that shows a blue checkmark next to “verified” senders, don’t trust it fully. Cybercriminals have already found a way to exploit Gmail’s blue checkmark verification.

Instead, rather than clicking on the attachment, contact the sender yourself through another communication method to confirm that it is really the person or organization who sent it.

Don’t open any email attachments that are marked as spam

Many email providers flag spam emails and automatically place them into your spam folder. If your email provider does this, ensure you don’t open any attachments from those flagged emails as they’re likely to be phishing attempts.

Use antivirus software to scan attachments

Antivirus software is a type of program you install on your computer that detects, isolates and removes viruses and other malware before cybercriminals can successfully infect your computer. An added benefit to some antivirus software is that it can also scan the attachments in your email to check if they’re safe. If they’re not safe, your antivirus software will let you know.

Which Email Attachments Are Generally Safe To Open?

Some email attachments that are considered generally safe to open are:

• .JPEG
• .JPG
• .PNG
• .GIF
• .TIF
• .TIFF
• .MPEG
• .MPG
• .MP3
• .MP4
• .WAV
• .MOV

While these types of attachments are considered safe, we still recommend being cautious about clicking them, especially when they’re unsolicited or from an unknown sender.

Which email attachments are less safe to open?

Some email attachments that are considered less safe to open include:

• .EXE
• .DOC
• .DOCX
• .XLS
• .XLSX
• .PPT
• .DMG
• .ZIP
• .RAR
• .HTML

Before deciding to click on these types of attachments, we recommend taking precautions such as using antivirus software and confirming the sender. If it’s a file from a sender you were expecting, there’s most likely nothing to worry about.

What To Do If You Click an Unsafe Email Attachment

Here are the steps you can take if you accidentally click on an unsafe email attachment.

1. Disconnect your device from the internet

One of the first things you need to do is disconnect your device from the internet. Malware can spread through your WiFi and infect other devices connected to the same network if it remains connected. Disconnecting your device from the internet can also lessen the amount of damage the malware causes.

2. Change your passwords and enable MFA

After disconnecting your device from the internet, you should use a different device to change the passwords for all of your accounts, most importantly, your email. You can use a password manager to help you change the passwords quickly. Keeper Password Manager offers a free 30-day trial that you can start using right away. A password manager will help you create strong, unique passwords for each of your accounts and securely store them so you never forget them.

Along with changing your passwords, enable Multi-Factor Authentication (MFA). MFA adds an extra layer of security to your account to prevent anyone but you from being able to access it. An added benefit to using a password manager is that it can also store your 2FA codes and autofill them when you log in.

3. Scan your device for viruses and other malware

Most antivirus software programs work without having to be connected to the internet. If you already have antivirus installed on your infected computer, run a scan so the malware is removed from your device. If you don’t already have antivirus software, you’ll need to connect to the internet and download an antivirus program.

Some malware and viruses may prevent you from being able to download antivirus software. If this is the case, you’ll need the help of a professional. If you already have everything on your device backed up, another approach you can take is completely wiping your computer. Remember, wiping your computer will remove everything from it, including your files, pictures and other data, so only take this approach if you know all of your data is backed up.

4. Keep an eye out for suspicious activity 

After taking the steps above, it’s important to keep an eye on your accounts. You never know what the cybercriminal could have gotten away with in a short period of time. Watch out for any suspicious activity such as purchases you didn’t make or unusual login attempts on any of your accounts.

Protect Yourself From Unsafe Email Attachments

One of the best ways you can stay safe from falling victim to phishing email scams is by knowing how to spot them. This means knowing the red flags to look for, like unsolicited email attachments. As a preventative measure, always use strong passwords on each of your accounts and always have MFA enabled. The stronger your cyber hygiene is, the safer you and your data will be, even if you accidentally fall for a scam and click on an unsafe email attachment or link.
Start a free 30-day trial of Keeper Password Manager today to start protecting your accounts and data from cybercriminals.

Source: Keeper

Sophos rated 4.7/5 in Network Firewalls. Customers have recognized Sophos for the second consecutive year.

Over the last two years, customers have recognized Sophos with an average overall rating of 4.7/5 based on 462 reviews, as of March 31, 2023. What’s more, Sophos is the only vendor to be named a Customers’ Choice for BOTH the 2021 Endpoint Protection Platforms and 2023 Network Firewalls market categories. In addition, we are the only vendor to be named a Customers’ Choice for the Network Firewalls Public Sector, Gov’t, Edu segment.

Based solely on independent customer reviews that have been rigorously evaluated by Gartner, we believe this recognition is a testament to the unparalleled value that Sophos Firewall delivers thanks to its industry leading protection, superior visibility, and easier management.

---

Access the full report here.

---

Gartner Peer Insights shares the independent voices of verified enterprise customers. Recent feedback on Sophos Firewall includes:

 

 

 

 

 

 

 

 

 

 

 

 

These are just a few of the hundreds of Sophos network firewall customer reviews available on the Gartner Peer Insights site. I would like to take this opportunity to thank our customers who have shared their feedback; we truly appreciate your time and your trust.

Sophos Firewall optimizes your network protection

Sophos Firewall delivers the ultimate value for your network security investment by providing powerful protection and performance for even the most demanding network environments, with benefits you just can’t get with any other firewall:

Expose hidden risks – Sophos Firewall does a far better job exposing hidden risks than other solutions through a visual dashboard, rich on-box and cloud reporting, and unique risk insights.

Block unknown threats – Sophos Firewall makes blocking unknown threats faster, easier, and more effective than other firewalls with advanced high-performance TLS inspection and a full suite of advanced protection capabilities that are very easy to set up and manage.

Automatically respond to incidents – Sophos Firewall with Synchronized Security automatically responds to incidents on the network thanks to Sophos Security Heartbeat, which shares real-time intelligence between your Sophos endpoints and your firewall.

Sophos Firewall is just part of the best cybersecurity ecosystem

Sophos Firewall is tightly integrated with our full line of secure access network security products, including Sophos Switches, Wireless, SD-RED and ZTNA – along with the rest of the Sophos cybersecurity ecosystem of endpoint, XDR, MDR, and messaging security solutions.

Whether you want to manage it yourself with our easy and integrated Sophos Central cloud manager, or have us manage it for you with our 24/7 managed threat detection and response service, we’ve got you covered.

Source: Sophos

While some people have returned to working in an office, it seems that the majority have not. Looking back, the pandemic will likely have been a turning point for many things around the world, and the rhythms of office-centered worklife will be something that will never return to the old ways.

With this increased flexibility employees are not just working from home behind consumer-grade Wi-Fi routers; they are also spending part of the day at the park or coffee shop, or perhaps even having a “working holiday.” Those in charge of protecting enterprise assets have to assume these endpoints are always in hostile territory.

Even before the pandemic, organizations working toward improving their security maturity were often trying to “push left.” What is pushing left? At its most basic level it means moving things closer to the start. It originates from software development where the stages of the development process are conceptualized from left to right, left being the beginning. In applied security we also use the term “pushing left,” but rather than referring to the software development process we are referring to the attack chain, which moves from reconnaissance on the left through action (exfiltration or other attacker goal) on the right.

For many years, the most comprehensive security strategies have involved defense in depth. The idea is that not all technologies are suitable for detecting a given threat type, so it is best to deploy them in layers. These layers often directly correspond to how far “left” something is in the attack chain. If you can detect something at the network border through your firewall, email, or web filters, you have contained the threat before it has any negative impact on operations.

Ideally you want to detect and block an attacker as far left as possible, i.e., as early as possible. Pushing detections left also alerts security analysts that an intrusion may be underway, initiating more focused threat hunting to anticipate gaps in defenses your attacker may be attempting to exploit.

For employees at the office, you can centralize control of these defenses and provide optimum protection. The question is, are you able to provide the same protection for remote workers regardless of their location? Can you monitor and respond to threats being detected on those assets when they are out of the office? As many have observed, this did not work as well as we would have liked when we all went into lockdown, many of us without a plan.

While there are still many benefits to monitoring the network when you have control of it, including reduced endpoint overhead and the ability to keep threats at a distance from sensitive assets, we need to ensure we can take as much of this protection as possible with us when we are out and about.

We must ensure not only that protection is optimized, but also that we don’t lose our ability to monitor, detect, and respond to attacks targeting these remote assets. Most organizations have moved to utilizing EDR/XDR solutions (or plan to in the very near future) , which is a great start, but not all solutions are comprehensive.

In the remote-work era, insufficiently protected remote users can encounter plenty of issues – malicious URLs and downloads, and networks attacks, to name only the most mundane – that in the Before Times would have been handled by machines guarding the corporate “fort.” The biggest missing components when users are “outside the fort” are HTTPS filtering and web content inspection of the sort that is typically implemented within next-generation firewalls. When you add these technologies to pre-execution protection, behavioral detection, machine learning models, client firewalls, DLP, application control, and XDR, you are starting to look at a comprehensive stack of defenses for attackers to overcome – even if the endpoints themselves are now free-range.

For initiatives like zero trust network access (ZTNA) to be effective, we must not only wrap the applications we interact with, but we must also wrap the endpoints that connect to them. Simple checks like whether the OS up-to-date and whether it has security software installed may be a good start, but not all protection is created equal.

With most devices being connected to the internet whenever they’re in use, we can leverage the power of the cloud to help provide ubiquitous protection and monitoring. Modern security solutions must assume the endpoint device or phone is in a hostile environment at all times. The old idea of inside and outside is not only outdated, it’s downright dangerous.

Source: Sophos