296 Views

Why Did Finite Technologies Choose Sophos As Our Partner For Security Solutions.

Sophos offers a comprehensive suite of security tools that cater to various aspects of an organization’s infrastructure, including endpoint security, email security, firewall protection, wireless security, cloud security, and LAN switching. The company’s robust solutions employ advanced features and cutting-edge technology, such as AI and machine learning, to deliver a superior level of protection.

  1. Sophos Endpoint Security
  2. Sophos Email Security
  3. Sophos Firewall
  4. Sophos Wireless Security
  5. Sophos Cloud Security
  6. Sophos LAN Switching

The following discussion provides detail on each of these security components.

Sophos Endpoint Security: Sophos Intercept X is a next-generation endpoint protection solution that defends against malware, exploits, and ransomware. It features deep learning technology, Exploit Prevention, CryptoGuard (anti-ransomware), and Root Cause Analysis, providing comprehensive protection and quick threat response.

Endpoint Security Features:

Deep Learning Technology: Harnessing the power of artificial intelligence and machine learning, Sophos Intercept X can identify and block unknown threats, even zero-day attacks.

Exploit Prevention: By detecting and blocking exploit techniques, Sophos Intercept X prevents attackers from exploiting vulnerabilities in software applications.

CryptoGuard: This anti-ransomware feature detects and blocks the unauthorized encryption of files, safeguarding data from ransomware attacks.

Root Cause Analysis: Sophos Intercept X provides a detailed analysis of security incidents, enabling IT administrators to quickly remediate threats and prevent future attacks.

Sophos Email Security: Sophos Email Security protects organizations from email-borne threats such as malware, ransomware, phishing, and spear-phishing attacks. Advanced features include AI and machine learning for threat detection, URL and attachment sandboxing, anti-phishing and impersonation protection, data loss prevention, spam filtering, and greylisting.

Email Security Features:

Advanced Threat Protection: Sophos Email Security uses AI and machine learning to detect and block known and unknown malware, ransomware, and targeted attacks in real-time.

Anti-Phishing and Impersonation Protection: Sophos employs advanced techniques to identify and block phishing emails, and includes impersonation protection to block emails attempting to impersonate trusted senders.

URL and Attachment Sandboxing: Sophos Email Security scans and analyzes links and attachments in a secure sandbox environment, preventing malicious content from being inadvertently downloaded or accessed by users.

Data Loss Prevention (DLP): Customizable policies help organizations protect sensitive information from being accidentally or maliciously shared via email.

Sophos Firewall: The Sophos XG Firewall is a Unified Threat Management (UTM) solution that consolidates various security features in a single appliance, simplifying deployment, management, and monitoring. Key features include deep packet inspection, intrusion prevention system (IPS), web filtering, application control, VPN support, and centralized management through Sophos Central.

Firewall Features:

Deep Packet Inspection: Sophos XG Firewall examines the content and context of network packets, enabling granular control over applications and reducing the risk of intrusion.

Intrusion Prevention System (IPS): Sophos XG Firewall’s IPS feature detects and blocks malicious network traffic, preventing cybercriminals from gaining access to the organization’s network.

Web Filtering: By filtering and categorizing web traffic, Sophos XG Firewall blocks access to malicious or inappropriate websites, improving network security and productivity.

Application Control: Sophos XG Firewall allows administrators to control the use of applications on the network, ensuring that only authorized software is used, and reducing the attack surface.

Sophos Wireless Security: Sophos Wireless offers secure and reliable wireless connectivity with centralized management through Sophos Central. It provides advanced features such as automatic rogue AP detection, customizable guest access, and scalable architecture.

Wireless Security Features:

Centralized Management: Sophos Wireless is integrated with Sophos Central, allowing organizations to manage and monitor their wireless networks alongside other Sophos solutions from a single, user-friendly console.

Rogue AP Detection: Sophos Wireless automatically detects and isolates unauthorized access points, protecting the network from potential intruders.

Customizable Guest Access: Sophos Wireless enables organizations to create secure, customizable guest Wi-Fi access with customizable captive portals, authentication options, and usage limits.

Scalable Architecture: Sophos Wireless supports both cloud-managed and on-premises options, providing flexibility and scalability to cater to the specific needs of different organizations.

Sophos Cloud Security: Sophos provides robust cloud security solutions to protect cloud environments, applications, and data. Sophos Cloud Optix offers visibility into cloud infrastructure, detects and remediates misconfigurations, and protects against cloud-based threats.

Cloud Security Features:

Cloud Infrastructure Visibility: Sophos Cloud Optix enables organizations to gain visibility into their cloud infrastructure across multiple cloud providers, ensuring consistent security and compliance.

Misconfiguration Detection and Remediation: Sophos Cloud Optix detects and helps remediate misconfigurations in cloud infrastructure, reducing the risk of data breaches and unauthorized access.

Cloud Threat Protection: Sophos Cloud Optix identifies and protects against cloud-based threats, such as account compromise, insider threats, and lateral movement.

Compliance Monitoring: Sophos Cloud Optix continuously monitors cloud environments for compliance with industry standards and regulations, helping organizations maintain compliance and avoid potential fines.

Sophos LAN Switching: Sophos XG Firewall integrates with Sophos switches, providing a complete network security solution that simplifies network management and enhances security.

LAN Switching Features:

Centralized Management: Sophos switches can be managed directly from the Sophos XG Firewall or Sophos Central, enabling organizations to control their entire network from a single interface.

Seamless Integration: Sophos switches are designed to integrate seamlessly with Sophos XG Firewall, providing enhanced security through synchronized security intelligence sharing.

Network Segmentation: Sophos switches support VLANs, allowing organizations to segment their networks for better control and enhanced security.

Quality of Service (QoS): Sophos switches support QoS features that prioritize network traffic, ensuring optimal performance for critical applications and services.

In summary, Sophos offers a comprehensive suite of advanced security tools designed to protect organizations from a wide range of threats across their infrastructure. The company’s innovative technologies, such as AI and machine learning, synchronized security, and user-friendly management console, make Sophos an excellent choice for cybersecurity.

278 Views

Choosing the Right Managed Service Provider: A Sales Perspective

Introduction

In today’s rapidly evolving digital landscape, businesses are increasingly relying on Managed Service Providers (MSPs) to handle their IT needs. MSPs offer an array of services, including network management, cybersecurity, data backup, and cloud computing. When selecting an MSP, businesses must consider several factors to ensure they are partnering with the right provider. This article offers a sales perspective on how to choose the best MSP for your organization.

Understand Your Business Needs

Before approaching an MSP, evaluate your organization’s unique IT requirements. Identify the specific services you need, the level of support necessary, and your budgetary constraints. When discussing your needs with potential MSPs, clearly articulate your expectations and ask how their services align with your requirements.

Research MSPs in the Market

Invest time in researching the MSP market to familiarize yourself with potential providers. Gather recommendations from industry peers, read online reviews, and consult trade publications. Shortlist MSPs that cater to your industry or have expertise in your niche.

Evaluate Technical Expertise and Experience

Look for MSPs with strong technical expertise in the areas most crucial to your organization. Assess their certifications, technology partnerships, and years of experience in the industry. Ask for case studies or client testimonials to verify their track record of success.

Analyze Service Offerings

Not all MSPs provide the same suite of services. Assess each potential provider’s offerings to ensure they align with your needs. In addition to standard services, consider the provider’s ability to offer specialized or custom solutions.

Assess Scalability

As your business grows, your IT needs may change. Choose an MSP that can scale their services to meet your evolving requirements. Discuss the provider’s approach to adapting their services and inquire about additional services they may offer as your organization expands.

Review Service Level Agreements (SLAs)

SLAs establish the level of service you can expect from your MSP, outlining performance metrics and uptime guarantees. Review potential MSPs’ SLAs to ensure they meet your expectations for responsiveness and support quality.

Prioritize Security and Compliance

Cybersecurity should be a top concern when selecting an MSP. Investigate the provider’s security measures, policies, and protocols to ensure they meet industry standards. Additionally, inquire about their approach to regulatory compliance if your organization operates in a regulated industry.

Evaluate Communication and Support

Effective communication is vital to maintaining a successful MSP partnership. Assess potential providers’ communication processes and responsiveness to requests. Determine if they offer 24/7 support and consider the methods they use to provide assistance, such as phone, email, or chat.

Compare Pricing Models

MSPs use various pricing models, such as per-device, per-user, or flat-rate pricing. Evaluate the pricing structure of potential providers to find one that best fits your budget and offers a clear understanding of costs.

Trust Your Instincts

Trust your instincts when evaluating MSPs. Look for a provider with a proven track record and a team you feel comfortable working with. Establishing a strong partnership with your MSP can lead to long-term success and growth for your organization.

Avoiding Companies with Limited Technical Expertise

While many MSPs may have impressive sales pitches, it’s essential to look beyond the sales talk and ensure the provider has the technical expertise to deliver on their promises. Here are some tips on how to avoid companies that are more sales-driven and have limited technical capabilities:

a. Ask for Technical Details

When engaging with a potential MSP, ask them to explain the technical aspects of their service offerings. A provider with strong technical expertise should be able to discuss the technologies they use, their implementation processes, and how they troubleshoot issues.

b. Request a Technical Contact

Ask to speak with a technical contact within the MSP’s organization. This will give you the opportunity to ask detailed questions about their infrastructure, security measures, and other technical aspects. A reluctance to provide a technical contact may indicate a lack of in-depth expertise.

c. Investigate Training and Development

Inquire about the MSP’s commitment to ongoing training and development for their technical staff. A provider that values technical expertise will prioritize continuous learning and ensure their team stays up-to-date with the latest industry advancements.

d. Inquire About a Proof of Concept (PoC) or Trial

Consider asking potential MSPs for a Proof of Concept (PoC) or a trial period to assess their technical capabilities firsthand. This will allow you to experience the MSP’s services and evaluate their proficiency in addressing your IT needs.

e. Check References

Always request and check client references. Speaking with the MSP’s current and former clients can provide valuable insight into the provider’s technical expertise and the quality of their service.

f. Trust Your Instincts

As mentioned earlier, trust your instincts when evaluating MSPs. If something doesn’t seem right or you feel like the sales team is overselling their capabilities, it might be best to look for another provider with a more transparent and reliable approach.

By following these tips, you can identify MSPs with strong technical expertise and avoid those that are more focused on sales than delivering quality IT services. This will help ensure that your organization partners with a provider capable of supporting your IT needs both now and in the future.

Conclusion

Choosing the right managed service provider is crucial for your business’s IT needs. By understanding your requirements, researching the market, evaluating technical expertise, and considering factors like scalability, security, and support, you can find the ideal MSP to support your organization’s growth and success.

1062 Views

Patch Android! July 2019 update fixes 9 critical flaws

Depending on when users receive it, this week?s Android July 2019 patch update will fix 33 security vulnerabilities, including 9 marked critical, and 24 marked high.

If you own a Google Pixel device, that will be within a day or two, leaving everybody else on the 2019-07-01 and 2019-07-05 patch levels (what these dates mean is explained here) running Android 7, 8 or 9 to wait anything from weeks to months to catch up.

As usual, July?s batch of fixes covers flaws in significant parts of Android, including system, framework, library, and Qualcomm?s numerous components, including closed-source software.

However, as has been the case for some months, it?s the media framework that provides a disproportionate amount of the patching action in the form of three remote code execution (RCE) bugs marked critical.

These are CVE-2019-2107, CVE-2019-2106 (affecting Android 7 and 8), and CVE-2019-2109 (which only affects Android 9).

Another RCE critical is CVE-2019-2111 in the Android system, with the remaining critical flaws all connected to Qualcomm?s closed-source components.

In contrast to Microsoft?s Patch Tuesday, Google rarely offers much detail on individual flaws during the initial patch release, restricting itself to the following generalisation:

The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.

Google is able to be this vague primarily because:

We have had no reports of active customer exploitation or abuse of these newly reported issues.

Anyone interested in knowing a bit more about these should check the flaw CVEs on the US National Vulnerability Database (NVD) in a week or two when more information is added on each vulnerability.

Alternatively, vendors publish their own advisories which often feature more device-specific information ? see the July 2019 update advisories for Samsung, Nokia, Motorola, LG, and Huawei.

Huawei

If you own a Huawei device, these should receive this month?s update without issue. As for updates after August?s, the company is due to make an announcement soon (users can find more information on Huawei?s website).

Depending on the version of Android, a device?s patch level (2019-07-01 or 2019-07-05) can be determined in Settings > About phone > Android security patch level. For Android 9 it?s Settings > System > Advanced > System updates.

808 Views

Miami police body cam videos up for sale on the darkweb

This can?t be a good day for Miami police.

We?ve known for a while that many webcams are a security train wreck, and that doesn?t change just because a police officer straps one on.

Now, unsurprisingly, police body cam footage has been found sloshing around online.

It?s not just that about a terabyte of videos from Miami Police Department body cams was leaked and stored in unprotected, internet-facing databases, according to the security outfit that found them. It?s that they were leaked and then sold, according to Jason Tate, CEO of Black Alchemy Solutions Group, who told The Register that his team had found the footage listed for sale on the darkweb.

Tate first tweeted about the discovery on Saturday, including a sample video, which has since been removed.

Tate said that the data is coming from five different cloud service providers. Besides Miami Police, there?s video leaking from city police departments ?all over the US?, he said.

It seems these 5 providers have city contracts all over.

Known security SNAFUs

Last August, a security researcher ? Josh Mitchell, a consultant at security firm Nuix ? analyzed bodycams from five vendors that sell to US law enforcement agencies. He spotted vulnerabilities in several popular brands that could place an attacker in control of a camera and tamper with its video.

Mitchell found that the lack of security in the police bodycams included broadcasting of unencrypted, sensitive information about the device that could enable an attacker with a high-powered directional antenna to snoop on devices and gather information including their make, model, and unique ID. That information could lead to police getting stalked, since an attacker could track an officer?s location or to even suss out when multiple police officers are coordinating a raid, Mitchell told a DefCon audience at the time.

Mitchell also found that some cameras include their own Wi-Fi access points but don?t secure them properly. An intruder could connect to one of these devices, view its files and even download them, he warned. In many cases, the cameras relied on default login credentials that an attacker could easily bypass. This could lead to attackers tampering with evidence by replacing it with convincing deepfake footage. (That?s just one example of why the US Defense Advanced Research Projects Agency (DARPA) has been studying the problem of detecting deepfakes.)

Tate is well aware of the potential for evidence tampering. When somebody on Twitter pointed out that the footage and its associated metadata are ?largely public records,? he said he knows that. That doesn?t mean it won?t lead to problems in evidence integrity, though, he said:

Miami Police Department must have felt the same way, since it looks like the department?s admins removed the videos from public access after Tate notified them about his findings. But it was publicly accessible for at least a number of days, he told The Register. That gave ample opportunity for hackers to copy videos from the databases and potentially sell them.

A spokesperson for Miami PD told The Register that the department is still looking into the claims and wouldn?t comment until it completed its review.

873 Views

Georgia’s court system hit by ransomware NEWS JULY 5, 2019

Georgia?s court system has been hit with may be the fourth Ryuk ransomware strike against state and local agencies in the past month and a half.

At the time of publishing this article, the site was still down.

According to Atlanta?s Channel 11 News, officials confirmed on Monday that at least part of the court system?s network had been knocked offline by a ransomware attack.

Details about the extent of the damage haven?t been publicly disclosed, but officials say it?s much less severe than the attack against Atlanta that destroyed years of police dashcam video last year, as well as freezing systems. Six days after it was hit, Atlanta was still rescheduling court dates, police and other employees were still writing out reports by hand, and residents couldn?t go online to pay their water bills or parking tickets.

The earlier attack against Atlanta involved SamSam ransomware ? a high-profile ransomware that was typically used in targeted attacks where cybercriminals break into a victim?s network and launch ransomware manually, to cause maximum damage and disruption.

The crooks demanded what was then roughly $52,000 worth of bitcoin. That paled in comparison to the $2.6 million worth of emergency contracts the city initiated to claw back its systems, and to the six figure ransoms demanded in similar targeted attacks by other gangs.

The nature of this latest attack on Georgia?s court system hasn?t yet been determined. Authorities said the extortionists? note didn?t specify a specific ransom amount or demands. Although the attack doesn?t appear to be as crippling as the SamSam one from last year, they took the court network offline to stay on the safe side, authorities said.

While little details were available as of Tuesday afternoon, there?s a hint that the Georgia assault might involve Ryuk ransomware.

On Tuesday afternoon, Ars Technica?s Sean Gallagher tweeted a followup to his writeup of the Georgia attack, saying that he?d heard back from the Georgia Administrative Office of Courts. He was told that while the malware hasn?t yet been identified, it left a message with contact information for ransom operators, which is ?consistent with Ryuk and other targeted ransomware,? Gallagher said.

As Naked Security?s Mark Stockley detailed back in December, Ryuk ? a relatively new strain of targeted ransomware ? ascended just as SamSam?s influence began to diminish in August 2018.

If so, it might be the fourth Ryuk attack against state and local agencies since May. The first three were against Florida cities, though it?s not entirely clear whether Ryuk was involved in the attack against Riviera Beach. At any rate, the cities that have fallen prey to some sort of ransomware in the past few weeks are:

  • Riviera Beach, Florida, which agreed to pay attackers over $600,000 three weeks after its systems were crippled.
  • Lake City, Florida, which was hit on 10 June by Ryuk ransomware, apparently delivered via Emotet. Lake City officials agreed to pay a ransom of about $490,000 in Bitcoin.
  • Key Biscayne, Florida, which last week also got clobbered by an Emotet-delivered Ryuk attack. The city reportedly hasn?t yet decided if it?s going to pay the ransom.

On Monday, after its insurer had agreed to pay most of that $490K ransom, Lake City?s Joe Helfenberg confirmed that the city had fired its IT director, Brian Hawkins.

What to do?

For information about how targeted ransomware attacks work and how to defeat them, check out the SophosLabs 2019 Threat Report.

The bottom line is: if all else fails, you?ll wish you had comprehensive backups, and that they aren?t accessible to attackers who?ve compromised your network. Modern ransomware attacks don?t just encrypt data, they encrypt parts of the computer operating system too, so your backup plan needs to account for how you will restore entire machines, not just data.