We are extremely pleased to announce that Sophos Firewall v20 is now available. This latest release includes an innovative new active threat response capability, several networking enhancements, added support for securing your remote workforce, and many of your top-requested features.

Sophos Firewall v20 is a free upgrade for all licensed Sophos Firewall customers.

Watch the video below for an overview of what’s new, download the What’s New PDF, or read on for the full details and deep-dive demo videos.

Active Threat Response

Extending Synchronized Security to MDR and XDR provides a direct feed for security analysts to share active threat information with the firewall, enabling it to automatically respond to active threats without creating any firewall rules.

Dynamic Threat Feeds introduces a new threat feed API framework that is easily extensible. It enables threat intelligence to be shared by the Sophos X-Ops team, other Sophos products like MDR and XDR, and ultimately third-party threat feeds in the future.

Synchronized Security extends the same Red Heartbeat, automated response that Sophos Firewall has always had and applies it to MDR/XDR identified threats. This ensures compromised hosts are not able to move laterally or communicate out, while details including host, user, and process are readily available for follow-up. Synchronized Security has also been enhanced with added scalability and reduced false missing heartbeats for devices that are in sleep or hibernation states.

Watch the Active Threat Response demo video.

Remote worker protection and SASE

ZTNA gateway integration makes ZTNA deployments even easier by integrating a ZTNA gateway directly into the firewall. This means any organization that needs to provide remote access to applications hosted behind the firewall doesn’t need to deploy a separate gateway on a VM. They can simply take advantage of the gateway integrated into their firewall. When combined with our single-agent deployment on the remote device, ZTNA couldn’t possibly get any easier. It’s literally zero-touch zero trust.

Third-party SD-WAN integration makes it easy to onramp SD-WAN traffic onto Cloudflare, Akami, or Azure backbone networks to take advantage of their enormous infrastructure, reach, and networking and security services.

Sophos DNS Protection is our new cloud-delivered web security service that will be available separately in early access very soon. It provides a new Sophos-hosted domain name resolution service (DNS) with compliance and security features that are fully supported by Sophos Firewall. This service provides an added layer of web protection, preventing access to known compromised or malicious domains across all ports, protocols, or applications – both unencrypted and encrypted. More news on this new service is coming soon.

Network scalability and resiliency enhancements

A new VPN portal provides a containerized, hardened self-service portal for end users to download VPN clients and configurations, auto-provisioning, and clientless VPN bookmarks.

IPsec enhancements include seamless HA failover, tunnel status monitoring via SNMP, unique PSK support for the same local and remote gateway connections, and DH Group 27-30/RFC6954 support.

SSL VPN enhancements include FQDN (fully qualified domain name) host and group support for both remote access and site-to-site SSL VPN.

SD-WAN scalability triples SD-WAN gateway scalability to 3072 gateways and the number of SD-WAN profiles to 1024.

IPv6 enhancements include DHCP prefix delegation to seamlessly integrate with your ISP and new enhancements to the dynamic routing engine now support BGPv6 for improved IPv6 interoperability.

Watch a video overview of the VPN enhancements or the IPv6 BGPv6 and DHCPv6 capabilities.

Streamlined management

Interface enable/disable delivers a top-requested feature to easily disable or enable network interfaces on the firewall without losing any configuration.

Object reference lookup addresses another top-requested feature to find where a given host or service object is used in rules, policies, and routing.

Hi-res display support adds increased horizontal scalability to the management console to take advantage of high-resolution displays and reduce horizontal scrolling.

Auto-rollback on failed firmware updates reduces any disruption, including high-availability deployments.

Backup and restore now includes the option to restore a backup from a firewall with integrated Wi-Fi to a firewall without Wi-Fi.

Azure AD SSO for captive portal adds support for user authentication on the captive portal using their Azure AD credentials.

Azure group import and RBAC add support for a new import assistant for Azure AD groups and automatic promotion for role-based admin changes.

Watch videos covering the new management features and Azure AD capabilities.

Other enhancements

Web Application Firewall (WAF) enhancements include geo IP policy enforcement, custom cipher configuration, and TLS version settings, as well as improved security with HSTS enforcement and X-Content-Type-Options enforcement.

Azure Single Arm deployment support enables the choice of a smaller instance size to save on infrastructure costs and reduce network and operational complexity.

Get more details on what’s new

Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v20.

Review the release notes and documentation.

Watch the demo video series:

• What’s New Overview
• Active Threat Response
• VPN Enhancements
• IPv6 BGPv6
• IPv6 DHCPv6
• Management and Quality of Life Enhancements
• Azure AD Captive Portal SSO and Group Import

How to get v20

As with every firewall release, Sophos Firewall v20 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible. This release not only contains great features and performance enhancements, but also important security fixes.

This firmware release will follow our standard update process.

Please note that Sophos Firewall firmware updates are now downloaded from Sophos Central. Get the full details here or follow the quick guide below to get the latest v20 firmware for your firewall:

1. Log in to your Sophos Central account and select “Licensing” from the drop-down menu under your account name in the top right of the Sophos Central console.

2. Select Firewall Licenses on the top left of this screen.

3. Expand the firewall device you’re interested in updating by clicking the “>” to show the licenses and firmware updates available for that device.

4. Click the firmware release you want to download (note there is currently an issue with downloads working in Safari so please use a different browser such as Chrome).

5. You can also click “Other downloads” in the same box above to access initial installers and software platform firmware updates.

The new v20 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall v20 is a fully supported upgrade from any supported Sophos Firewall firmware version.

Check out the v20.0 GA release notes for more details, including the known issues list. Full product documentation is available online and within the product.

Source: Sophos

In today’s fast-paced, always-on era, businesses rely on round-the-clock data availability and enhanced performance to stay competitive. As such, even a short duration of system downtime, data unavailability, or even a reduction in nominal performance, can significantly impact the business.

While on one hand the amount of data being created, processed and stored is increasing rapidly, on the other, the demand for higher throughput and 24/7/365 performance of vital operations for business productivity is greater than ever before.

This begs the question: How would you, as an MSP, ensure your clients’ business keeps running at the same speed in the event of a cyberattack, natural disaster, equipment failure or human error? Depending on unreliable, outdated backup and disaster recovery technology could result in performance lags and prolonged downtime, and could increase the risk of losing data to corruption. For MSPs, having a reliable business continuity and disaster recovery (BCDR) solution is critical to delivering the same level of functionality and performance of systems and processes during disaster recovery as in normal circumstances.

Today’s demanding workloads require advanced BCDR solutions with high-performance disaster recovery capabilities, such as Datto SIRIS NVMe SSD models that are purpose-built for MSPs to ensure their customers’ business is always running and resilient to disasters.

MSP challenges

Resource-intensive production workloads, such as database servers, require similar, superior performance from the disaster recovery (DR) infrastructure to ensure the continuity of user and business experience. For example, let’s say your client’s production environment uses solid-state drives (SSDs) for high-performance workloads. In that case, the DR infrastructure should match the performance of production workloads to meet strict recovery time objectives (RTOs) and client expectations.

NVMe SSDs allow ultrafast read-write and input/output (I/O) performance compared to traditional spinning hard disk drives (HDDs) or cheaper SATA/SAS SSDs. However, NVMe-based hardware can be costly, requiring MSPs and clients to carry significant capital expenditures (CapEx) upfront. It may be challenging to convince MSP leadership to invest more in an infrastructure that sits idle most of the time. The high costs of implementing superior BCDR solutions for clients with stringent RTO and performance requirements also result in MSPs settling for lower profit margins, often due to the prohibitive CapEx costs of premium hardware.

Win new clients and improve margins with Datto

MSPs can improve client satisfaction and create new revenue streams by delivering on requirements of demanding production workloads with high-performance on-site and cloud DR infrastructure based on NVMe SSD-based all-flash technologies.

Datto allows MSPs to implement highly efficient on-site and cloud DR for resource-intensive workloads, like database servers that require a lot of power and resources.

Datto SIRIS NVMe SSD models combine up to 10 times performance boost, rugged reliability and priority access to DR-optimized cloud nodes in the Datto Cloud for MSPs to deliver on requirements of even the most demanding clients, including meeting tight RTOs and protecting critical workloads.

While NVMe SSD-based servers can be costly, Datto SIRIS NVMe SSDs eliminate CapEx costs, allowing MSPs to save tens of thousands of dollars compared to other solutions requiring the purchase of own/their hardware and use of hyperscale clouds. For instance, it can cost up to $10,000 or more to perform a DR of a high-performance server in AWS or Azure.

In addition, Datto’s flat-fee subscription model gets rid of unpleasant surprises of hidden costs by including DR/backup cloud, hardware, software, storage and technical support, even for the premium high-cost hardware based on NVMe SSD technologies.

Source: Datto

A very important award for NSS this year came from one of its largest partners, Sophos. The well-known cybersecurity company presented the “Distributor of the Year 2023” award through its representative, Patrick Müller (Regional Manager Eastern Europe, Sophos) to the Executive Director of NSS, George Kapaniris, rewarding NSS’s performance in the Eastern Europe region where it also operates.

NSS Corp. is an international Value-Added Distributor (VAD), specializing in cutting-edge IT solutions covering the technology areas of information security, networking, unified communications, data storage, virtualization, and data center infrastructure systems (datacenters).

“NSS is a very loyal partner to Sophos and that loyalty and dedication is not something that is found everywhere. NSS represents Sophos in the Greek market and demonstrates a high level of technological sophistication. And this is exactly what partners are looking for from a distributor. In addition, it runs a business model that is highly satisfying to its partners on a business level. Our relationship with NSS is based on loyalty, trust and friendship, characteristics that are of real value to partners. It’s not just about sales, but also about the value that a distributor like NSS can bring at a business level” said Patrick Müller of Sophos.

The event for the “Distributor of the Year 2023” award was attended by dozens of partners of NSS in Greece. The event was accompanied by numerous briefings and updates on the latest developments in cybersecurity and the evolving threat landscape as well as on the important changes coming to legislation, directives and regulations in the European Union – most notably the implementation of the NIS 2 Directive, which brings new measures for an even higher common level of cybersecurity across the European territory.

The Executive Director of NSS, George Kapaniris said about the important award the company received: “We are honored, as this award concerns Eastern Europe, a large region where a big number of distributors are very active, something that is not the case in other regions of the continent. This is a very important achievement as we have been working with Sophos for many years,” said Mr. Kapaniris. “You can have faith in your capabilities, and know how good you are at your job, but when your own partners tell you, it becomes a belief. Sophos is a very important partner of ours and it is particularly positive that Athens is now a ‘destination’ – previously it was Prague and Budapest – as there are now few cities that the vendor chooses to visit,” he added.

George Koumintzis, Commercial Director of NSS said about the prestigious award: “With our partners we make sure we have a two-way relationship. They are our source of information about what the market demands at a given moment. From the opposite direction, by embracing the trends in global cybersecurity, we pass on information to them so that they can in return provide vision to their customers“.

The most important tips for password security include choosing long, complex, unique passwords, not storing them in easy-to-hack places and using a password manager.

Unfortunately, most people don’t follow best practices for password security. According to Keeper Security’s 2023 Password Management Report, only 25% of people use strong, unique passwords for all of their accounts. That means 75% of people have insufficient password practices.

The report revealed that one in three people globally feels overwhelmed by password management. If you’re one of those people, read on to learn our top five tips for easy password security that will keep your accounts safe from cybercriminals.

Top Five Password Security Tips

Here are our top five password security tips.

1.Create randomized, long passwords

To create a strong password, you must avoid mistakes that will make your password easy to crack through common password-cracking techniques. Short passwords are easy for robots to crack in just seconds. Dictionary attacks can guess passwords that contain dictionary words. Targeted attacks may find personal information on your social media – like your dog’s name – and use it to guess your password.

Length is more important than complexity according to the National Institute of Standards and Technology (NIST). It will be harder to crack a 20-character password even if it uses dictionary words than a completely random 6-character password. But, creating a password with both length and complexity is the most secure.

Our free password generator can create a strong password for you in seconds. Generate a Password

Every password should have:

• At least 12 characters
• Upper and lowercase letters
• Symbols
• Numbers
• No dictionary words
• No personal data, such as birth year or pet name
• No sequential numbers, such as 1234
• No repeated numbers, such as 8888
• No keyboard patterns, such as QWERTY

Example of a strong password (don’t use this one, it’s no longer secure because it’s public):

• BMOu#L8xc8ijX,#m>uzf

Examples of weak passwords:

• 7b>iCQ (too short)
• Blue17Freed!Dry (has dictionary words)
• KK8*K?Nr3456 (contains sequential numbers)

How to remember your passwords

Strong passwords are hard to remember, but you can make it easier by using mnemonic techniques, such as using the first letter of each word from a favorite quote with numbers and letters added in (“It was the best of times, it was the worst of times” becomes “iwtBot%72#iwtwot”).

You could also use words with numbers and symbols instead of letters (“dog bone” becomes “D0G#!B0N398”).

The easiest way to remember passwords, however, is by using a password manager and storing them in a digital vault with zero-knowledge encryption. A password manager is software that securely stores your passwords and allows you to access them from any device.

2.Don’t reuse passwords

One of the most common ways passwords are compromised is through credential-stuffing attacks. This is when one set of credentials is stolen and a cybercriminal uses them to try to gain access to other accounts.

For example, if a data leak exposes your password to your email account, the cybercriminal could then try to use the same credentials to access your bank accounts, retirement accounts, credit card accounts and so on. However, if you used unique passwords for each of your accounts, then only one account will be compromised.

It’s important to note that cybercriminals often guess similar passwords in credential-stuffing attacks. For example, if the compromised password was weakpassword8, they may try weakpassword9. Choosing a password that you change slightly for every account is not an effective way to prevent hacking, even if it’s a long, complex password.

3.Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is an important additional security layer to passwords that protects your account in the case of a data breach. MFA is a second method of authentication you have to enter in addition to your password in order to access an account.

There are a variety of MFA options, including generating codes on an authentication app, getting a code by SMS text or answering security questions. Usually, accounts will give you the option to require MFA only if you are logging in on a device that is not your personal, primary device.

Data breaches are common, so it’s easy for one of your passwords to become compromised. However, if you have MFA enabled then it will be much more difficult for a cybercriminal with your stolen password to access your account.

4.Store and share your passwords securely

Going through the trouble of creating long, complex passwords for your accounts will not protect you if you don’t store them securely.

The days of keeping all your passwords in your phone notes and sending them to others via text are over. Documents, texts, email and other common locations to keep passwords are easily compromised by cybercriminals.

Technology has solved the problem of storing passwords securely with password managers. A  master password is the only password you need to remember to access all of your passwords.

How to store your master password

You should memorize your master password and not share it with anyone. If you absolutely must write it down somewhere, write it on a physical piece of paper and hide it in a safe or other highly secure location.

How to securely share passwords

Password managers will also make it easy to securely share your passwords – for example, if you want to share a Hulu password with your family, your password manager will be able to share it while keeping it safely encrypted.

Browser password managers

It’s important to note that secure password managers are not the same thing as browser password managers. Browser password managers are easy to hack and your passwords are not safely stored. We recommend disabling your browser password manager in your settings.

5.Automate everything with a password manager

A password manager like Keeper Password Manager simplifies password management while offering the highest level of security for all of your accounts. Password managers can:

• Generate strong, unique passwords
• Store passwords with the best encryption
• Automatically fill in your credentials when you log in
• Store 2FA codes so you don’t have to wrangle multiple devices while logging into an account
• Securely store other types of information, like confidential files and ID photos
• Scan the dark web for compromised passwords and alert you to change the affected credentials

Why Poor Password Management Puts You at Risk

Passwords are what stand between cybercriminals and your valuable, confidential data. Reusing passwords, using weak passwords and other bad habits will make it easy for a cybercriminal to hack you once you become a target.

If cybercriminals access your data, it could result in theft of money from your bank account, account takeover and even severe identity theft. These types of incidents are time-consuming and expensive to recover from.

Keep Your Accounts Protected

Using strategies for choosing strong passwords and storing them securely will keep your accounts protected. Keeper Password Manager is the simplest way to streamline your account security. Start a free 30-day trial today to see how we can protect your digital life.

Source: Keeper Security

Murphy’s law famously states that if anything can go wrong, it will go wrong. Security has long-since adopted this mantra and implemented zero trust as a coping mechanism.

When taken in full, it can present quite a challenge. But broken down into its various parts it becomes a manageable task, especially when guided by a security partner with the right toolset to take you through each advancing level of security maturity.

What Is Zero Trust? 

Simply put, zero trust is the approach of “never trust, always verify”. This model assumes any user could have malicious intentions and that a cyberattack may already be underway. In other words, zero trust is the approach of erasing inherent trust and requiring constant and ongoing authentication and authorization for the users, services, and systems on the network.

The three basic tenants of a zero-trust strategy are:

1. Always assume a breach
2. Trust no one
3. Verify everything

Even after verifying a user’s identity, the user in question still doesn’t have the “keys to the kingdom”. Zero trust approach denies total access to the user, opting instead to make them prove their identity layer by layer, step by step, continuously. By leveraging network segmentation and establishing micro-perimeters, zero trust measures only grant access to assets when a valid reason is presented for doing so.

How to Get Started 

It’s important to recognize that zero trust is not a technology, but a journey. It includes tools and processes necessary to create an environment that requires full validation before granting access to sensitive data.

Thinking About Zero Trust 

Tackling zero trust in a pragmatic, step-by-step approach can lead to better success than trying to overhaul your entire infrastructure at once. For example, you can start by establishing:

• What to protect. This can be critical assets, systems, software, and data.
• What to protect it from. Are your trouble spots over-privileged users? Poor password hygiene? External threat actors? Whatever it is, prioritize your areas of weakness before you begin.
• A reasonable starting point. Consider an iterative approach of tackling the problem system by system or in groups.

Zero trust is doing now what we were too naïve to do at the inception of the internet; define what is important and figure out how to properly defend it. Because we’re retrofitting old architectures into a new way of security, a lot of smaller steps and customizations need to be made before something can be considered fully ‘zero trust’.

However, each journey starts with a single step.

Vulnerability Management: The Backbone of a Zero Trust Strategy 

The first step of that ‘iterative process’ is to define what the weak spots are. Once organizations have defined the parameters of what needs protecting and what the enemies are, vulnerability management is the logical next step.

This focuses on weaknesses within the infrastructure — not the access points. It identifies and prioritizes vulnerabilities, which require patching and misconfigurations that could be easily exploited. When it comes to vulnerability scanning, most organizations require a flexible solution that can take on the challenges of a hybrid environment without bogging down configuration.

And remember, the right results provide actionable insights to facilitate impactful remediation on the part of the organization.

Applying a Zero Trust Framework 

No matter the size of your organization, it is best to move towards zero trust in steady, measurable steps. John Grancarich, Executive Vice President, Fortra, outlines a management process to achieve progress towards zero trust:

1. Prepare for the journey towards a zero-trust security framework. Know the principles of zero trust, know the scope of your organization and its assets, and get together a team. You need to know what you’re working with.
2. Classify your assets. Organize your areas of protection by the importance of the asset. Once you’ve established low, medium and high impact assets, prioritize from there.
3. Select an initial set of assets to address. Protect your highest impact items first, pausing proactive zero trust security work on all the rest until this is done.
4. Implement initial security controls. Begin choosing, deploying and testing your new zero trust compatible processes, procedures, technological solutions, and services for your identified subgroup.
5. Assess the performance of your controls. Continuously make sure your implementations are running as expected.
6. Authorize systems. Senior leadership signs off on security systems, privacy plans, and the whole operation thus far.
7. Monitor results and refine as needed. Keep a constant watch on zero trust implementations from day one. Monitor for deviations, trigger actions based on conditions met, and reduce false positives discovered in monitoring.

At this point, you iterate the whole process over with the next highest priority assets on your list, and so on from there. In this way, companies can eat the zero-trust elephant one bite at a time, learning how to implement a zero-trust strategy with more accuracy, insight, and success each time around.

The State of Zero Trust Now and Future Predictions 

Research by Cybersecurity Insiders and Fortra reveals how organizations are adopting zero-trust security into daily business flows. Currently, only 15% of respondents indicated zero trust network access (ZTNA) was “already implemented”. Another 9% said they had “no plans” to implement. While far from ubiquitous, it is safe to say that zero trust is a trend that will only increase among business leaders, and one that is garnering a great deal of critical thought.

Preferred ZTNA Tenants 

When asked, there were several zero trust tenants that were most compelling to organizations. They ranked:

• Continuous authentication/authorization (66%)
• Trust earned through verification of entities, including users, devices, and infrastructure components (65%)
• Data protection (64%)
• End-to-end access visibility and auditability (61%)
• Least privilege access (60%)

Don’t Forget Devices 

In our headlong rush to protect the enterprise, it’s easy to overlook the number of risks, threats, and vulnerabilities mobile devices introduce. While many stated the importance of data protection, mobile device management (MDM) and bring your own device (BYOD) was low on their lists of priorities. Understandably, BYOD is tricky to navigate as it relies on privacy yet can be difficult to control. As it stands, mobile devices continue to be a pain point for intrusion prevention and data loss prevention (DLP) efforts.

Secure Access Priorities 

When it comes to achieving ZTNA, respondent companies prioritized in this manner:

• Multi-factor authentication/privileged account management (65%)
• Anomalous activity detection and response (50%)
• Securing access from personal, unmanaged devices (46%)

Securing Public Cloud 

Traditional remote access solutions still aren’t up to the task of dynamically securing today’s distributed cloud environments. Consequently, the most mentioned workaround was “hair pinning” remote and mobile users through data centers to access public app clouds (53%). And shockingly, over a third (34%) have to publicly expose cloud apps to enable remote and mobile users, drastically increasing risk to the enterprise.

Benefits of a Zero Trust Security Framework 

Adopting a zero-trust approach ultimately reduces the attack surface, statistically lowering the chance of attack. While that remains the most obvious benefit, others include:

1. Support for compliance requirements 
   The closed connection tenant of zero trust helps prevent exposure of private data, helping to keep you in the clear with compliance standards such as the federal government’s NIST 800-207, the payment card industry’s PCI DSS, or the healthcare industry’s HIPAA and HITECH requirements.

1. Better cloud access control 
   Zero trust security policies can be applied to give you more visibility and access control within the cloud. With protection attached to the workload, your data remains safe — even if the environment changes.

1. Data breach risk reduction 
   By assuming all entities are hostile, an organization naturally cuts down on the chances of inadvertently letting in a cybercriminal. Less risky users means less chance of a data breach. And should they manage to get inside the network, zero trust deployments are designed to stop them at every turn.

Even starting on the zero-trust path is more beneficial than waiting on the sidelines. Each sector, each asset category, each system you convert to zero trust protection is one more that is harder to breach. Threat actors go for the low-hanging fruit. While organizations are wanting to fully ‘achieve’ zero trust, an unforeseen number of attacks will be blocked by simply making an entity that much harder to hack than all the rest.

Zero trust is a methodology that starts giving from day one.

How Fortra Supports Your Zero Trust Journey 

Fortra is proud to move the needle forward by providing a host of solutions to aid you on your zero-trust journey. While each company’s architecture is their own, we serve as a relentless ally and partner in determining your security needs and identifying the controls that would work best with your particular use case, factoring industry, maturity level and headcount into the process.

Our offerings include:

• Data Classification. Visual and metadata labels to guide how data should be accessed and shared downstream.

• Data Loss Prevention. Learn how your data is being used and block undesirable actions against it.
• Secure File Transfer. Encrypt the automated file transfer process and bundle with DRM to fully protect files in transit.
• Secure Collaboration.Control who can access files — and what they can do with them — even after they’re sent.
• Identity and Access Management. Manage user access to valuable resources and streamline provisioning, PAM, and password management.
• Integrity Management. Identify misconfigurations and indicators of compromise with layered management tools.

• Vulnerability Management. Discover weaknesses in endpoints, servers, applications and security controls before it’s too late.

While enterprise wide zero trust is always the goal, there is no zero trust “finish line”. As long as threat actors continue to improve their craft, there will always be more exploits to defend against and more creative ways to do so. Zero trust is a process rather than a product.

Fortra enables organizations along their zero-trust journey. Our portfolio of extensive solutions works both conjointly and independently to bring you the best answer to your zero-trust challenge — be it with one solution or a bundle.

Source: Fortra

A 2FA code, which stands for two-factor authentication code, is a form of Multi-Factor Authentication (MFA) that requires a generated code as an additional verification factor to a username and password. For example, when logging in to an account, instead of solely entering your credentials, you would also have to provide a second method of verification by entering a code from an authenticator app or one that is sent to your phone.

Continue reading to learn more about 2FA codes and how you can use them to protect your accounts.

How 2FA Codes Work

Before understanding how 2FA codes work, you first have to know the two types of 2FA codes. The first type is Time-based One-Time Passwords (TOTP) and the second is SMS-based One-Time Passwords (OTP).

TOTP codes are typically generated by authenticator apps that you can download on your phone. These codes regenerate every 30-60 seconds, so they’re different each time you use them. Some password managers also offer the option to generate and store TOTP codes so you don’t need a separate application. When using TOTP codes, it’s important to know that once the set time for them runs out, they expire, so you must always enter the most recent code that appears.

SMS OTP codes are sent to you via text message. You typically receive these text messages when you are attempting to log in to your account and have already entered your credentials correctly. To access your account, you’ll need to enter the code sent to you through text message to verify who you are.

Why Use 2FA Codes?

You should use 2FA codes to add an extra layer of security to your accounts and protect yourself in the event of a data breach.

Extra layer of security

2FA codes, like any other type of MFA, provide your accounts with an extra layer of security. In the case that someone were to guess your password or compromise it due to weak password practices, requiring a 2FA code would prevent them from being able to gain access to your account. This is because they don’t have the ability to see your 2FA codes – only you do.

It’s strongly recommended that you use more than two authentication factors for your accounts to add that critical extra layer of security.

Protects you in the event of a public data breach

Public data breaches are extremely common and often lead to customer data being leaked and published on the dark web. These breaches usually expose customers’ Personally Identifiable Information (PII) and login credentials. In the event that your credentials are involved in a public data breach, having a 2FA code on your account would prevent a threat actor from being able to successfully access it.

How Can I Get a 2FA Code?

There are different ways you can receive 2FA codes and some are more secure than others.

Authenticator apps

Authenticator apps are applications you download onto your phone. Google Authenticator and Microsoft Authenticator are two examples of authenticator apps. When using an authenticator app, you’ll first need to set it up with your account by scanning the Quick Response (QR) code that is given to you. Once it’s set up, every time you log in to that account, you’ll need to enter the 2FA code generated by the authenticator app. The 2FA code given to you is time-based so you’ll need to enter it before time runs out, which is usually 30-60 seconds.

SMS text messages

Another way you can get 2FA codes is by text message. This is the most popular way to receive 2FA codes since it’s the most convenient for users, but receiving 2FA codes this way is also the least secure. Security professionals strongly advise against using this method for receiving 2FA codes because they’re more vulnerable to being intercepted by a threat actor.

For example, if you were to become a victim of a SIM swapping attack, in which a threat actor swaps your SIM card to their phone, they would start receiving all your text messages and phone calls. This means they’d also be able to receive your 2FA codes that are sent through text message, which they can use to compromise your accounts.

Password managers

Certain password managers enable you to generate 2FA codes for your accounts. When you set up 2FA for an account in the same record you have your credentials stored, your 2FA code will autofill along with your credentials. In short, your 2FA codes and credentials will all be stored in the same place, meaning you don’t have to download different apps to access them. One password manager that provides users with the ability to generate and store 2FA codes is Keeper Password Manager.

How to Set Up Two-Factor Codes in Keeper

Keeper Password Manager is the password manager that offers the ability to generate and store 2FA codes in your password vault. Here’s how to set up 2FA codes when using Keeper:

1. Log into your Keeper Vault.
2. Locate the record for which you want to generate and store a 2FA code.
3. Click on the record.
4. In the record, click the edit button on the top right corner that looks like a pencil.
5. Click where it says “Add Two-Factor Code.”
6. From here, you’ll have the option to scan a QR code or enter the code given to you manually.
7. Log into the account for which you want to set up a 2FA code.
8. Find the option to enable two-factor authentication in your security settings (this will vary from account to account).
9. If using Keeper on your phone, scan the QR code displayed during the setup process. If using Keeper on desktop, upload a screenshot of the QR code or manually enter the code provided.

Once you’ve set up the 2FA code in the associated record, your credentials and 2FA code will autofill when you log into your account. Having your 2FA code autofill not only saves you time but also ensures that you’re receiving your 2FA code securely since everything stored in your Keeper Vault is encrypted. Generating and storing your 2FA codes in Keeper takes away the risk of threat actors being able to intercept them.

If you don’t already have a password manager, you can start a free 30-day trial of Keeper Password Manager to see just how secure and convenient it is to store and generate your 2FA codes.

Source: Keeper Security

G2 just released their Fall 2023 Reports, and Sophos is the only cybersecurity provider named a Leader across the G2 Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software and Managed Detection and Response (MDR). Additionally, G2 users also rated Sophos the #1 overall MDR and Firewall solutions.

Independent Sophos customer validation

G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform. In G2’s Fall 2023 Reports, Sophos was a named an Overall Leader in five categories, as well as a Leader in 10 individual market segment Grids:

• Endpoint Protection Suites: Overall, Enterprise, Mid-Market, and Small Business Grids
• EDR: Overall, and Mid-Market Grids
• XDR: Overall and Mid-Market Grids
• Firewall: Overall, Enterprise, Mid-Market, and Small Business Grids
• MDR: Overall, Enterprise, and Mid-Market Grids

We are honored that our services and products have been recognized by our customers and thank them for putting their trust in us.

Delivering defense in depth for today’s businesses

As adversaries have become more sophisticated and elusive, defenders should implement a defense-in-depth strategy that includes protection, detection, and response at every point along the attack chain to cover their entire environment. This layered approach should be inclusive of endpoint, network, email, and cloud security, as well as threat hunting and remediation services by security experts.

The fact that IT and security professionals recognize Sophos as the Leader across these key categories is validation that Sophos delivers the best and most comprehensive set of products and services required for modern day cybersecurity.

Uniquely, all Sophos customers are protected by Sophos X-Ops, a joint task force that brings together deep expertise across the attack environment from frontline threat hunters and incident responders to deep malware and AI specialists. Together they provide unparalleled insights into how threats are built, delivered, and operate in real time. Armed with this deep understanding, Sophos is able to build innovative, powerful, and effective defenses against even the most advanced threats.

Additional Sophos customer and analyst validation

Alongside our G2 recognition, Sophos solutions are widely recognized by customers and the analyst community, including:

Sophos Endpoint

• Named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 13th consecutive time

Sophos Extended Detection and Response (XDR)

• Recognized as the #1 overall leader in the Omdia Universe for Comprehensive Extended Detection and Response (XDR)

Sophos Firewall

• Named a 2022 Gartner® Customers’ Choice™ for Network Firewalls with a 4.7/5 rating on Gartner Peer Insights
• Recognized as a Strong Performer on the Forrester Wave

Sophos Managed Detection and Response (MDR)

• Named a 2023 Gartner® Customers’ Choice™ for Managed Detection and Response Services with a 4.8/5 rating on Gartner Peer Insights
• Top performer in the 2022 MITRE Engenuity ATT&CK Evaluation for Managed Services

Elevate your cyber defenses with Sophos

As the G2 ratings illustrate, Sophos provides unparalleled breadth and depth of protection. Our world-leading endpoint, network, email, cloud, and security operations solutions defend over 550,000 organizations from advanced cyberthreats, including ransomware.

Whether you’re looking to upgrade your firewall, enhance your endpoint defenses, streamline and accelerate your threat investigations, or add 24/7 human-led threat detection and response, we can help.

Our solutions are tremendous on their own – and even better together. Customers running both Sophos Intercept X Endpoint and Sophos Firewall consistently report that they are able to double the efficiency of their IT/cybersecurity team and realize a reduction of up to 85% in the number of security incidents that require investigation. With Sophos you can build a long-term security strategy with confidence. Wherever you start, and whatever your goals, Sophos can help you enjoy superior cybersecurity outcomes.

For more information on our services and products, speak to your Sophos partner or representative and visit our website.

Source: Sophos

Sophos Intercept X has been named a Customers’ Choice in the 2023 Gartner® Peer Insights™ Voice of the Customer report for Endpoint Protection Platforms.

Sophos earned a 4.8/5.0 rating in the report based on 451 verified reviews – no other vendor had a higher rating. Additionally, Sophos was recognized as the only Customers’ Choice vendor in the Education segment, and is also the only vendor named a Customers’ Choice across all industry segments in the report.

Access the full report here.

This latest recognition makes Sophos the only vendor to be named a Customers’ Choice in Endpoint Protection Platforms, Managed Detection and Response (MDR) Services, Network Firewalls, and Mobile Threat Defense in 2023 – a testament to Sophos’ ability to deliver a comprehensive, end-to-end cybersecurity platform protecting all facets of an organization.

Here are some examples of what customers had to say:

Prevent Breaches, Ransomware and Data Loss with Sophos Endpoint

Sophos Intercept X Endpoint works for you and with you, adapting your defenses in response to an attack. As threats increase in volume, complexity and impact, Sophos delivers better security outcomes for real-world organizations. To learn more, visit our website or speak to your Sophos partner or representative today.

Source: Sophos

In today’s digital world where organizations conduct the majority of their daily business and operations online, concerns about data privacy loom large. Customers are becoming more skeptical of how companies use their data, and governments and regulatory bodies are increasingly stepping in to regulate data collection. Consequently, the data privacy landscape is rapidly evolving, with industry and geographical data protection standards increasingly coming to the fore.

While the United States has the National Institute of Standards and Technology (NIST) Guide to Protecting the Confidentiality of Personally Identifiable Information, the European Union relies on the General Data Protection Regulation (GDPR) to protect personally identifiable information (PII) and consumer privacy. More region-wise laws and regulations, such as the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), are also coming into effect every year. There are industry regulations as well, like the Health Insurance Portability and Accountability Act (HIPAA) for the health sector and the Payment Card Industry Data Security Standard (PCI DSS) for the finance sector, that make the regulatory world more convoluted.

As businesses strive to successfully navigate this ever-evolving, complex data protection regulation landscape, this presents a unique opportunity for managed service providers (MSPs). By providing data compliance services for businesses, MSPs can offer better value for their customers and generate a new and future-proof revenue stream. However, given the complexity and breadth of the regulatory compliance market, it’s not an easy ask.

MSPs often struggle to provide profitable data compliance services to customers due to various reasons, such as the high costs involved in implementing data compliance services, complexity of the compliance solutions and lack of skilled professionals. While these challenges restrict many MSPs from entering the compliance market, the MSPs that already offer compliance services often do so by thinning their margins or even operating at a loss. That’s where the integration of Datto Workplace with Compliance Manager GRC can be a game changer.

Secure collaboration solution meets simplified compliance management

Purpose-built for MSPs, Datto Workplace is one of the most secure and efficient enterprise file sync and share (EFSS) platform available in the market today. The platform enables users to access their files and collaborate securely from anywhere, on any device. By integrating with Compliance Manager GRC — a compliance management software — Datto Workplace now offers easy-to-use and robust data compliance features that can help MSPs create a new revenue stream or expand the margins on their existing data compliance services.

Users often store sensitive data in working files to achieve their productivity goals. By identifying, tagging and summarizing those PII data, Datto Workplace’s PII scan and summary feature prevents that data from getting leaked and empowers the business (your client) to stay compliant. Powered by Compliance Manager GRC, this feature automatically scans files and folders for sensitive data and PII, like Social Security numbers (SSN), U.S. driving licenses, birth dates and Automated Clearing House (ACH) numbers. It then flags and tags the files containing PII to bring heightened security awareness and provides a detailed PII summary report.

Notably, this unique automated feature of the platform also helps you to reduce your technicians’ workloads by up to 50% and eliminates the need for compliance-specific skill sets. For instance, another way to identify PII data in files and folders is by using Microsoft 365’s innate feature. However, it’s a manual and cumbersome process that requires up to 51 custom search queries to be created and maintained, which should then be followed by manual search results tracking.

Offer data compliance services at a healthy margin

MSPs can get this feature at a predictable, low cost. Datto Workplace and Compliance Manager GRC have flat-fee subscription models with no hidden or surprise costs to shock you. You get an immediate return on investment with larger margins without any CAPEX investment.

Datto is the world’s largest vendor of proven, reliable and secure BCDR solutions for MSPs. Go the Datto way, offer cost-efficient data compliance services to your clients and take your MSP game to the next level.

Source: Datto

Sophos Email has everything you’ve come to expect from a world-class email security solution.

It leverages the most advanced threat intelligence, behavioral analysis, machine learning, and reputation analytics to keep malicious email from ever reaching your users’ inboxes.

But it doesn’t stop there: state of the art language processing, display name analysis, look-a-like domain checks, and post-delivery protection put a stop to benign-looking messages that later turn out to be malicious.

Add to that an entire suite of data loss prevention and encryption tools, Microsoft 365 integration, powerful message handling features, and shared threat intelligence with other Sophos products that enables you to identify previously unseen indicators of compromise and remove suspicious files across environments.

It’s a core pillar of our portfolio that extends visibility across Microsoft 365, cloud server workloads, endpoints, the network and more.

But we’re not slowing down one bit. In fact, we’ve recently accelerated Sophos Email development to include a host of new features and technologies.

On-demand clawback

Sophos Email post-delivery protection automatically removes messages containing attachments and URLs that are benign at the time of delivery but later become active and malicious.

With on-demand clawback, administrators can now manually remove any message from users’ inboxes with the click of a button in the Sophos Central admin console. No more wading through Microsoft Exchange or security consoles and having to run PowerShell scripts.

This feature is available to all customers running Microsoft 365 with post-delivery protection enabled. It’s a great tool for removing messages that might not be malicious but that may contain sensitive or confidential information.

The next evolution of our clawback capabilities will be our API and alerting into the Managed Detection and Response (MDR) Console, which is due out this quarter and will provide our MDR analysts with the ability to remove threats and stop active malicious email campaigns directly from their consoles.

Mail flow rules (MFR) tamper protection

Also for Microsoft 365 customers is our new mail flow rules tamper protection. Changes to mail flow rules can inadvertently break mail flow. This new feature alerts customers and provides one-click resolution, restoration, and correction to configurations and mail flow.

Google directory sync

Using Google Workspace instead? We’ve added directory synchronization features that make it a snap to keep your Workspace users and mailboxes up to date inside the Sophos Central console. No need for manual configuration or roundabout synchronization with Microsoft Azure first.

Admin access to end-user lists

And that’s not all. We’ve added a new and highly-requested feature: admin access to end user allow and block lists, complete with import, export, and the ability to search, add, and delete entries directly from within the Sophos Central console. This feature was one of the top customer and field requests over the last 18 months and will reduce support tickets while enhancing the experience for both admins and end users.

And there’s more!

I’m from South Louisiana, so we call this “lagniappe” (a little extra).

We’ve also added new smart banners for plain-text messages and messages that might be unscannable due to key-signing, password protection, or encryption. And coming in the Q3 timeframe, we’re adding the ability to control which languages and countries of origin are allowed to deliver email to inboxes.

And that’s just the beginning. Check out Sophos.com/Email for further enhancements or reach out to your Sophos rep with any questions.

Source: Sophos

Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced it has been named a Customers’ Choice for Managed Detection and Response (MDR) in the inaugural Gartner® Voice of the Customer Peer Insights™ report. Sophos received an overall customer rating of 4.8/5, based on 261 reviews, as of May 31 2023, with verified customer reviews praising the service.

The report highlights that Sophos was one of the vendors to receive the highest “Willingness to Recommend” score at 97%, and was also named Customers’ Choice for MDR in the Midsize Enterprise segment, which Gartner ranges between $50 million to $1 billion.

“Regardless of their size and target market, organizations are in the cross-hairs of cyberattackers and need constant 24/7 monitoring, threat detection and response as part of their cybersecurity strategy. The overwhelmingly positive response in the new Gartner Peer Insights report is, in our opinion, indiciative of the trust our customers have in us and the quality of our human-led threat detection and response expertise,” said Rob Harrison, vice president of product management at Sophos. “Our customers’ response also demonstrates the value of our MDR service’s unique ability to integrate and manage existing multi-vendor security environments in a range of markets, including larger, mid-market enterprises.”

Select Sophos MDR customer quotes from the report include:

• “Having Sophos support their own endpoint, firewall, and email security products with their own staff’s MDR service has taken our confidence in their critical responses to a new level,” said an IT manager in the manufacturing industry
• “Stop working so hard. Let Sophos MDR do it,” said a director of IT in the software industry
• “Knowing we have a team watching our organization 24/7/365 gives comfort,” said a manager of cybersecurity and government, risk and compliance in the manufacturing industry

Sophos MDR is the most widely used MDR offering with more than 17,000 customers across all industries, and is the most reviewed MDR solution on other Gartner Peer Insights and G2 reports. It is the only MDR service that can be delivered across end users’ existing third-party security deployments as well as Sophos offerings. Sophos recently launched Sophos MDR for Microsoft Defender, a fully-managed offering that provides the industry’s most robust threat response capabilities for organizations using Microsoft Security. The solution adds a critical layer of 24/7 protection across the Microsoft Security suite of endpoint, SIEM, identity, cloud, and other solutions to safeguard against data breaches, ransomware and other active adversary cyberattacks.

Vendors placed in the upper-right quadrant meet or exceed both the market average Overall Experience and the market average User Interest and Adoption.

A complimentary copy of the Gartner Peer Insights Voice of the Customer: MDR Services report is available for additional information.

Source: Sophos

There are many different types of phishing scams, but email remains the most common of them all. Responding to a sender, clicking on a link, or downloading a file that may not be trustworthy can lead to data corruption, leaked confidential information, and infected devices or networks.

Read the tips below or scroll down to view the full infographic.

Here is how to avoid becoming a phishing victim:

1.INSPECT THE SENDER’S EMAIL ADDRESS

Phishing involves using email addresses that contain suspicious elements to target victims, even sometimes spoofing a well-known site or brand. Be on the lookout for changed or added words or characters, as well as misspelled words within a domain name.

2.EXAMINE THE MESSAGE’S GREETING AND TONE

Be wary of emails that utilize a generic greeting and an urgent tone. Phishing emails target many people at once and implore the recipient to take immediate action, usually without a personalized opening line.

3.LOOK FOR VERIFIABLE SENDER CONTACT INFORMATION

Avoid responding to emails that don’t contain any return contact information for the sender, such as a phone number, email address, or office location.

4.DON’T SEND SENSITIVE INFORMATION VIA EMAIL

Even if the email has an urgent tone, never divulge confidential information in reply to an email. Cyber criminals leverage social engineering techniques to obtain personal data like names, addresses, banking information, and more that can be used for fraudulent activity.

5.AVOID CLICKING ON UNEXPECTED LINKS

Don’t click on links that come from unfamiliar email senders or organizations. You may be redirected to a website or start a download that can compromise your data or infect your device.

6.AVOID OPENING UNTRUSTWORTHY EMAIL ATTACHMENTS

Avoid opening email attachments from untrustworthy senders or simply to satisfy your curiosity. Suspicious attachments can be carriers of malware and ransomware payloads that can corrupt your data and harm your device.

7.INSTALL A PHISHING FILTER FOR YOUR EMAIL CLIENT

Ensure that you have a phishing filter that works with your desktop email software of choice. You can also install one for use in your browser. While it won’t keep out all phishing messages, it will greatly reduce the number of attempts that show up in your inbox.

95% of data breaches are due to human error.

Source: Fortra

Sophos has released The State of Ransomware in Education 2023, an insightful report based on a survey of 400 IT/cybersecurity professionals across 14 countries working in education. The findings reveal the real-world ransomware experiences of the sector.

Rate of attack and data encryption

The education sector reported the highest rates of ransomware attacks of all the industries surveyed. 80% of lower education providers and 79% of higher education providers reported that they were hit by ransomware in the 2023 survey, up from 56% and 64%, respectively, in our 2022 survey. The 2023 rates of attack are more than double than reported in our 2021 survey, when 44% of education providers experienced a ransomware attack.

Data encryption in the education sector has continued to rise: the rate in lower education has gone up from 72% to 81% year over year. Higher education reported a 73% rate of data encryption, similar to the 74% reported the year before.

18% of attacks in lower education were stopped before the data was encrypted, down from 22% the year prior. Encouragingly, higher education reported an increase in the rate of attacks stopped before data encryption, up from 22% in the 2022 report to 25% in the 2023 report.

Of the lower education organizations that had data encrypted, 27% said their data was also stolen. This figure reached 35% in higher education, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.

Root causes of attacks

Compromised credentials (36%) and exploited vulnerabilities (29%) were the top two most common root causes of the most significant ransomware attacks in lower education. Emails (malicious emails or phishing) were the starting points for nearly one-third of the attacks (30%), suggesting that the sector is highly exposed to email-based threats.

In higher education, exploited vulnerabilities (40%) were the most common root cause of ransomware attacks, followed by compromised credentials at 37%. Together, they account for over three-quarters of ransomware attacks (77%) in higher education. Email-based attacks (malicious email or phishing) are a less common root cause but still drive almost one in five ransomware incidents (19%).

Data recovery and the propensity to pay the ransom

All higher education and 99% of lower education organizations got their encrypted data back, higher than the 97% cross-sector average.

73% in lower education used backups for data recovery, while almost half (47%) paid the ransom. Higher education was among the bottom three sectors globally for backup use, with only two-thirds (63%) reporting the use of backups for data recovery. The sector also reported one of the highest rates of ransom payments for data recovery at 56%.

While the cross-sector recovery costs increased year over year, in lower education, they have remained level ($1.59M in the 2023 report vs. $1.58M the in 2022 report). In higher education, recovery costs have dropped considerably from the $1.42M reported in the 2022 survey to just over $1 million in the 2023 survey, suggesting that as ransomware rates increase, higher education organizations are getting better at recovering from attacks and are able to do so at a lower cost.

Read the full report here.

Mitigating the ransomware risk

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

1. Strengthen defensive shields, including:

• Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
• Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
• 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider

1. Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
2. Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations

About the survey

Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 400 in the education sector: 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and including both public and private sector education providers. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

Source: Sophos

An elite team of incident response experts on standby to get you back to business quickly in the event of a breach.

I’m proud to share that, for the fifth consecutive year, BeyondTrust has been recognized as a Leader in the Gartner® Magic Quadrant™ for Privileged Access Management! This year, BeyondTrust was recognized as one of only three PAM Leaders and was also positioned highest in Ability to Execute.

In our opinion, this Gartner® recognition validates BeyondTrust’s dynamic market adaptation, powerful product features, and the earned trust placed in us by a substantial and contented customer base. We believe receiving recognition for five years running as a PAM Leader in the Gartner® Magic Quadrant™ also reflects our commitment to innovation, deep understanding of evolving market needs, and relentless dedication to our customers.

Gain complimentary access to the report and read it for yourself anytime here.

Read on for our view on key takeaways from the 2023 PAM MQ™.

Thank you for an Incredible Year—More Awaits in 2024

2023 has been a monumental year for BeyondTrust. We released significant new solutions and saw incredible customer and community growth. There are many trends and capabilities to consider, but you don’t need to go it alone. We’re pleased to provide access to the 2023 Gartner® Magic Quadrant™ for Privileged Access Management to help you evaluate solutions against your unique objectives and requirements. Download your complimentary copy of the report.

Source: BeyondTrust