The network perimeter barely exists in 2021, and that means extending network security beyond the traditional edge. Aaron Chen and Shane Davis with Sophos join us to discuss the networking needs of businesses in 2021, including remote access security and visibility, performance in the face of increasing security demands, and more. How can they address those needs? We talk about the latest technologies introduced by Sophos, including XDR (extended detection & response), the XGS firewall series, and Xstream protection (including the special second Xstream processor included in XGS firewalls).
In headlines, we discuss some cybersecurity actions by the U.S. government, both against Russia and on the homefront. Then, we hear about a survey that shows business owners are ready to pony up for ransomware attacks. And finally, we talk about a nuclear cyber attack blamed on a North Korean group.
How to listen
Listen to Ping – A Firewalls.com Podcast using the player above…
Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.
Learn even more about network security through our blog, which features new content every week, and our knowledge hub.
New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at email@example.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!
Sophos has long been known for creating holistic network security solutions that work across devices to provide broad views of network security posture. We have talked about the boons of Synchronized Security with Sophos Security Heartbeat for years on this blog! Now that cross-device monitoring and high-powered AI security goes a step further with the introduction of XDR.
What is XDR?
XDR stands for Extended Detection and Response. This sounds similar to another industry technology: EDR, or Endpoint Detection and Response. But XDR takes the concept of Endpoint Detection & Response and extends it across multiple security layers. It brings together real-time network data and automated decision-making to provide advanced threat responses that stop attacks before they become a breach.
How is Sophos XDR different from other solutions?
Sophos Intercept X Advanced with XDR (formerly Intercept X Advanced with EDR) integrates email, cloud, mobile, and endpoint data across your network, pulling data from multiple sources across security layers and products to provide broad, high-level security determinations orchestrated by deep learning AI. XDR leverages data from endpoints, servers, firewalls, switches, and other security devices spread across your network and centralizes that intelligence in a single ecosystem.
This pitch may sound familiar to you if you’ve used SOAR (Security Orchestration, Automation, & Response) or SIEM (Security Information & Event Management) solutions. What SOAR and SIEM do is quite similar in function: collect large volumes of data from multiple sources, analyze events, and provide guided response recommendations. Where XDR shines and soars above preceding solutions lies in its ability to take action. Sophos XDR not only creates a roadmap of how admins should respond to an event but takes the initiative to apply those steps before a security incident can grow.
All in all, XDR goes beyond data gathering and helpful suggestions. Sophos XDR orchestrates responses and applies them across devices on a network.
How to get Sophos XDR
XDR found a home with Sophos as part of its Intercept X product suite, an advanced endpoint protection suite built to stop malware, ransomware, exploits, viruses, and zero-day threats. In previous years, Intercept X Advanced could be paired with EDR to automatically detect and prioritize threats. While Intercept X’s EDR capabilities suggest where and how network admins focus their attention, XDR is now fully closing the monitor-detect-respond decision-making loop.
Sophos Intercept X Advanced uses the latest machine learning technology to make security verdicts on unknown threats by comparing the behavior of potentially dangerous files or apps to the known behavior of currently understood threats.
3 Best Ransomware Protection Solutions for Business 2020
Once your network is infected, ransomware encrypts files on afflicted endpoints, making it impossible to read or open them. The best ransomware protection for small businesses proactively hunts down and eliminates even never-seen-before ransomware long before an employee ever gets a chance to fall for it. Here are a few key features you should seek when comparing the best ransomware protection services available in 2020:
Advanced email security
Regular threat intelligence updates
Want to avoid shelling out big bitcoin to get your small business’s data back under control? Get a ransomware security solution that does more than just look out for known ransomware signatures.
What is Ransomware Protection?
The best ransomware protection for businesses scans inbound and outbound traffic across your entire network,using artificial intelligence to monitor the behavior of files as they traverse and interact with other network resources. Ransomware protection solutions spot behavior that looks similar to malicious activity and further investigate it in nanoseconds. Faster than you can say mind palace, these solutions either allow or block file access based on that verdict.
What to Look for in a Ransomware Protection Service
The best ransomware protection systems include a cloud-based sandbox where suspicious files can be sent for disarmament or detonation. In other words, if your ransomware tool is even the least bit suspicious of a file, the system safely opens and inspects it without threatening your network health.
Additionally, the best ransomware services rely on artificial intelligence and machine learning to reach threat verdicts via behavior monitoring. This means that even if a strain of ransomware has never been seen by any other endpoint in the entire world, if it walks like ransomware, talks like ransomware, or displays any other tell-tale ransomware behavior, your ransomware protection should yank it aside for closer inspection. Traditional ransomware protection services fall back on known signatures that need to be constantly refreshed and can do nothing to stop zero-day threats.
What Qualifies Capture ATP as one of the Best Ransomware Protection Services in 2020?
SonicWallCapture Advanced Threat Protection (available as an add-on for all SonicWall TZ or NSa firewalls) is a powerful cloud-based sandbox with malware-analysis that can detect evasive threats. Capture ATP blocks suspicious files at the gateway until a verdict is rendered.
SonicWall combines multi-layer sandboxing, Real-Time Deep Memory Inspection, full system emulation, virtualization techniques, and more to detect more threats than any single-engine sandbox available in 2020. On top of that, the low false-positive rate means it won’t block the legitimate files you need to do business.
Sophos Intercept X Advanced with EDR
Highly-acclaimed malware detection engine driven by deep learning
Exploit prevention stops attackers from taking advantage of vulnerable software & apps
Root cause analysis visualizes where threats originate & how they move on the network
What Qualifies Sophos Intercept X Advanced with EDR as one of the Best Ransomware Protection Services in 2020?
Provides actionable intelligence via automation to detect & respond to advanced threats
HUGE accolades from third-party testers such as NSS Labs, BPS, & ICSA Labs
What Qualifies FortiEDR with FortiSandbox as one of the Best Ransomware Protection Services in 2020?
Fortinet’s EDR & FortiSandbox establish a two-step sandboxing approach centered around artificial intelligence. These services first compare at-risk files against known and emerging malware with static analysis. Then, second stage analysis uncovers the full attack lifecycle by detonating the cyber payload in a virtual, quarantined environment.
Detail analysis maps any uncovered malware to Mitre ATT&CK framework with powerful investigation tools to help admins better visualize security events.
Look for the best ransomware protection for your small business?
Give us a call at 866-957-2975 to find the perfect fit!
It seems like every week in 2020, we hear about another major ransomware attack. While volume continues to grow in recent years, more troubling is the fact that ransomware is getting more targeted. Why is this more troubling? Because of its more targeted nature, it’s also getting more effective. Many ransomware cells now study their targets to pinpoint weaknesses, then customize attacks to exploit them. Not only that, they select targets and set ransom amounts based on knowledge of what those victims can pay.
And one more troubling fact to keep you up at night: soft targets are particularly vulnerable. That is, bad actors are placing local governments, school systems, nonprofit organizations, and even healthcare providers in the crosshairs. So even if your business avoids attack, a successful breach of one of these targets has major effects on day to day life. Enough preamble though. If you made it this far, you know the situation is serious. Here are three ways to prepare to clapback, so an attack won’t stop you in your tracks.
Train Your Staff
Your employees can be either the point of entry or the first line of defense for a ransomware attack. The choice is yours. Among the most common ways for ransomware to infect your network is once again through phishing emails. If your network users don’t know what to look for, they may unsuspectingly click on an attachment that delivers the malicious payload. Simple training makes all the difference, sharing tips like:
Double-check the domain name that sent the email
Look for spelling errors as well as numbers replacing letters
Review the signature & legitimacy of the request
Hover over links – without clicking – to check where they lead
Don’t click on attachments unless you’re sure of the source
There are applications available to let you test your employees & reinforce training without the consequence being an actual breach. Check out Sophos Phish Threat and Barracuda PhishLine for a couple worthy examples. Oh and one other key piece of training? Teach your employees to report any suspicious contacts asking for a way into your network.
Layer Your Security
The best approach to network security in 2020 is a layered one. As we just noted, well-trained employees are one layer, but there are many others to consider. If you haven’t heard by now, it all starts with the firewall. Your firewall – operating the latest and greatest security services – should be the cornerstone of a protected network setup. A current generation firewall plus those security services protects against just about any threat that comes your way. Companies now commonly incorporate threat intelligence – both human and the artificial variety – plus machine learning into their security offerings. That means they’re on the cutting edge to recognize and stop ever evolving ransomware and malware varieties.
But with the workforce extended beyond the perimeter now more than ever, your security must do the same. That means endpoint protection and secure access to your network for remote employees are also musts. Endpoint protection not only gives you visibility into these remote devices, it also extends many of the same security services to them individually. Ensuring secure access via VPN then brings your teleworkers back under the security of your firewall and network setup. And the layering shouldn’t stop there. Ensure you have email security in place to filter out suspicious messages before they even reach the eyes of an employee. And segment your network so a breach of one device doesn’t extend throughout. This may sound like a lot, but bundling services is surprisingly reasonable, and security costs much less than a successful ransomware attack ever will.
Backup So You Can Rollback
This could easily fall under the layers above, but when it comes to a ransomware attack, backup deserves a spotlight all its own. If you are successfully breached and your files encrypted, the smart money isn’t on paying the ransom, it’s on rolling back. Regular backups of your data allow you to get right back to work with minimal interruption, even if a ransomware attack occurs. A Sophos survey of 5,000 IT managers found more than half of firms whose data was encrypted by ransomware restored it through backups. Why is that? There are no guarantees when you pay the ransom. Plus, you don’t really want to support a criminal enterprise. And on a more practical note, Sophos also found that paying the ransom resulted in twice the remediation costs of restoring data from backups. Even if the ransomware cell you’re working with gives you the encryption key when you pay up, you still have to dedicate time and effort to restoration. So why not just have the restoration already available in house. Learn about Barracuda Backup and Sophos Intercept X with CryptoGuard for a couple of options to ensure you’re not caught flat-footed when a ransomware attack comes.
Best Endpoint Security of 2020 for Your Small Business
Finding the best endpoint security for your network needs can be a challenge. There are dozens of options, all supporting a myriad of advanced security features and integrations that may be impossible to navigate unless you’re an expert. Each vendor offers a unique set of services with strengths and weaknesses that will ultimately determine whether your users stay safe or not. The best endpoint security may vary from organization to organization, but here are our top picks for the best endpoint security options available in 2020.
What is Endpoint Security?
Endpoint security, end user security, endpoint protection—while the name can be flexible, its necessity for a secure network is not. Endpoint security software protects small businesses & enterprises by guarding connected devices against malware and other advanced cyberattacks. Modern endpoint security integrates with appliances and applications you already use to provide edge protection as employees and guests access your network.
Encrypted malware, ransomware, and business email compromise can spell disaster for small businesses. That’s why the ability to monitor end user activity in real time – as well as make decisions to quarantine and isolate individual machines – can mean the difference between a small, contained incident and a catastrophic breach.
In 2020, endpoint security platforms now incorporate Endpoint Detection & Response capabilities powered by AI. Guided response, rich reporting, and root cause analysis are all top-shelf features that organizations should seek in a quality endpoint security service.
What does Endpoint Security include?
The best endpoint security goes beyond the basics. Traditionally, end user protection included passive endpoint scans combined with basic antivirus capabilities. However, in 2020, the best endpoint security blow the basics out of the water with multiple advanced security features:
Continuous monitoring of files, applications, & connected devices
Automated incident detection and isolation of infected machines
Web content filtering to safeguard productivity and network usage
Auto-provisioning based on user group, OS, location, or time of day
Real-time threat intelligence updates from a pedigreed threat research team
The threat landscape is always evolving. That means your end user protection must stand up to threats never-before-seen by the network security ecosystem. The ability to recognize zero day exploits based on machine learning and behavioral analysis is essential for organizations to stay secure in 2020.
What is the Best Endpoint Protection of 2020?
Here are our top picks for the best Endpoint Protection for small businesses in 2020:
SonicWall teams up with SentinelOne to deliver a heuristic endpoint protection suite with the unique capability to mirror Microsoft shadow copies for post-infection rollbacks. This eliminates the need for manual restoration after a ransomware attack and lets admins rest easy knowing they can always restore endpoints to their pre-infection state. In addition, round-the-clock behavioral monitoring eliminates the need for scheduled system scans. In short, this minimizes network resource hogging and safeguards user productivity.
Detects elusive memory techniques used in exploits like buffer overflows
What makes Fortinet FortiClient unique?
Fortinet FortiClient end user protection services simplify remote user experience with built-in user provisioning, auto-connect, and an “always-up” VPN. FortiClient works perfectly in tandem with all Fortinet devices and services on your network through the Fortinet Security Fabric. According to NSS Labs 2019 Advanced Endpoint test, FortiClient blocked 100% of malware including extremely elusive threats.
Automatically detects, prioritizes, & investigates potential threats using AI
Leverages deep learning analysis to analyze malware in extreme detail
Out-of-the-box SQL queries categorized by use case
Live Response provides users command line access to endpoints & servers
Quickly search up to 90 days of current & historical on-disk data
What makes Sophos Intercept X Advanced with EDR unique?
Sophos made a huge splash with the upgrade to its original Intercept X service. It sports big changes that included Endpoint Detection & Response (EDR) capabilities in addition to its already robust real-time, integrated endpoint platform. Intercept X Advanced combines powerful endpoint protection with endpoint detection driven by machine learning. This means most threats are squashed long before they can damage your network. Artificial intelligence assists with guided response. To save your small business even more, an important note: the objective of Sophos endpoint protection is to reduce the need for added IT employees by consolidating their roles into a single automated system.
Auto-provisioning of VPN settings based on Client VPN
Zero-touch deployment through a self-service web portal
Deploy policies & changes from the cloud across the entire network
What makes Cisco Meraki Systems Manager unique?
Cisco Meraki’s endpoint management solution supports a variety of platforms and operating systems, making Systems Manager a flexible option for most any deployment. Systems Manager offers cloud-based endpoint management tools that easily scale up to meet growth needs. By providing admins the ability to manage distributed deployments from anywhere in the world, Systems Manager is an endpoint security solution built for a highly mobile, highly distributed world.
Look for the best endpoint protection for your small business?
Give us a call at 866-957-2975 to find the perfect fit!
Hardcore fans of the Firewalls.com Blog (yes, we’re aware those don’t exist) may remember our Emotet malware article in March of last year, painting the banking trojan as the cybersecurity world’s biggest villain of 2019 and comparing him to the ever-evolving baddie, Ultron. With recovery costs surpassing a million dollars per incident, this feisty malware can wreak real havoc on small businesses and enterprises alike. A year has passed since that spotlight article, but Emotet is far from being ancient history. In fact, recent trends suggest that the Emotet problem may grow worse in 2020.
Security researchers at Nuspire discovered a huge resurgence in Emotet malware activity throughout Q4 of 2019 including 1,275 unique variants of the malware with 339,000 new strains discovered each week. To support this growth, Emotet has been diligently adding new features to its toolset, allowing for greater versatility in stealing credentials, spreading infection, and pilfering user data.
Same goal, new ways to reach them
We discuss a few of these new capabilities in Episode 13 of Ping: the Firewalls.com Podcast, specifically focusing on Emotet’s ability to scan wireless networks and infect connected devices. Added up with past strategies–spreading through email spam and lateral network movement–this advanced Trojan is proving ever more elusive to detect, identify, and prevent with every iteration.
When Emotet malware made a sharp resurgence in September of 2019, it often paired up with Ryuk ransomware, providing maximum damage to networks once attackers got their foot in the door. Cameos with TrickBot and BitPaymer also demonstrate that Emotet is willing to team up with fellow no-goodniks to cause even greater disaster after an infection.
Best practices to prevent Emotet malware
When it comes to malware, the greatest cure is prevention. Educating users, securing unmanaged devices, and shining a light on network blind spots are all strong preventative measures that can prevent an Emotet outbreak on your network. Focusing on email security training and Business Email Compromise with your staff arms them with the knowledge needed to sidestep Emotet’s widespread spam campaigns.
Sophos Intercept X Advanced with EDR (and other machine learning-powered endpoint protection platforms) monitor the evolving behavior of malware strains such as Emotet, comparing threat data from security sensors worldwide to compile real-time threat data to networks. Intercept X offers multiple layers of security, including detonation of executable files in a secure sandbox environment.
Much like the human heart keeps vital blood flowing from head to toe and everywhere in between in rhythmic fashion, the Security Heartbeat keeps all your Sophos products functioning on the same sheet of music. Why does Sophos use the term “heartbeat” to describe the cornerstone of its Synchronized Security? It seems simple enough. The Heartbeat pumps information between endpoints such as desktop and laptop computers, mobile phones and tablets, Sophos firewalls, and all other security products to form the Synchronized Security system.
You’ve probably heard of Security as a Service, also known as SaaS. Sophos has another abbreviation to remember: Cybersecurity as a System, or CaaS. The Security Heartbeat revolutionizes network security by allowing every component to talk to each other in the same language through the hub of Sophos Central, securely sharing information from each endpoint about your network health.
As we’ve noted before, Sophos puts an impressive suite of security hardware and software at your disposal, from XG Firewalls (which you can get free with a security subscription), to Intercept X Endpoint Protection, and a lot more in between. As an example, let’s spotlight a communication between an endpoint and firewall using the Security Heartbeat in a Synchronized Security system.
A Sophos Security Heartbeat Example
A laptop, running Sophos Endpoint virus and malware protection, identifies a malware attack. Sophos Endpoint uses the Security Heartbeat to let the XG firewall know that it’s been infected. The firewall immediately responds by isolating the laptop to prevent the malware from spreading across the network. In the meantime, Sophos Endpoint cleans up the affected device, then notifies the firewall when it’s back up and running smoothly.
The firewall then restores the laptop to the network, and all is right with the world again. To ensure the mistake can be avoided in the future, Root Cause Analysis caps things off by generating a detailed report of the incident, allowing you to identify weak spots that need to be addressed to be even better prepared for the next attack.
Real-Time Integration for Truly Unified Threat Protection
The best part? All this happens within seconds. Without the Security Heartbeat, this same process could take hours to complete, leaving your network in a state of limbo. Instead of becoming a weeks long crisis, an attack like the one above is barely a blip on the radar, and your organization keeps running smoothly.
Through integrated CaaS coordinated by the Security Heartbeat, Sophos Synchronized Security allows your network to:
Discover – Identify Unknown Threats
Analyze – Get Instant Insights
Respond – Respond Automatically to Incidents
It Only Gets Easier
Another best part? You just need an XG Firewall to let the Security Heartbeat synchronize your security. You can add an XG firewall to your existing network or build your network security from scratch with an XG Firewall. Either way works! Get the XG Firewall that’s right for your network free by bundling it with a suite of next-gen security services.
Network threats are always lurking out there, evolving. Admins need a whole team to pick attack vectors off one-by-one. Sophos has built an all-pro squad in Intercept X, ensuring that even a Tom Brady-level hacker’s attempts to pass malware and ransomware onto your network fall short.
What is Sophos Intercept X? In short, it’s the 1970s Steel Curtain, the 1985 Chicago Bears, and the 2000 Baltimore Ravens defenses all rolled into one package that protects endpoints like those units protected the end zone. Each individual layer of Sophos protection is best in class, but it’s the combination–or team–of features that put Intercept X at the top of the power rankings.
Sophos offers multiple versions of Intercept X with features that only get better as you level-up. Let’s take a look at the different Intercept X plans that are available.
This standard level of endpoint security is the backbone of all Intercept X options–the locker room leader if you will. Intercept X includes Deep Learning Malware Detection and Exploit Prevention that shuts down penetration before it impacts your device. CryptoGuard protects your files against ransomware, while WipeGuard stops boot-record attacks. You’ll also get automated malware removal, Sophos Clean to do a secondary malware scan, and Sophos Security Heartbeat. All of this combines to allow all your Sophos products to communicate, diagnose, and respond to network incidents in seconds, just like the headsets that keep coaches, coordinators, and captains on the same page during the game. You can try Intercept X completely free, no credit card required, for 30 days.
Sophos Intercept X Advanced takes your skills to the next level. All the game-changing features of Intercept X come along for the ride and are joined by the comprehensive features of Sophos Central Endpoint Protection, creating an MVP pairing of protection. These added solutions include Web Security and Application Control, anti-malware file scanning & live protection, potentially unwanted application (PUA) blocking, data loss prevention, and runtime behavior analysis (HIPS).
Intercept X Advanced with EDR – (err XDR)
Taking Advanced a step further, Sophos’ latest addition to Intercept X adds EDR, which stands for Endpoint Detection and Response. (Update 2021: Actually now the latest is XDR – extended detection & response). EDR means you’ll get everything Intercept X Advanced has to offer, plus cross estate threat searching, guided investigations, EDR deep learning malware analysis, on-demand threat intelligence from the experts at Sophos Labs, forensic data export, and endpoint isolation. This is definitely the Rookie of the Year of endpoint protection.
You’re thinking bigger and Sophos has too. Intercept X Advanced for Server (Update 2021: Intercept X Advanced for Server also features XDR) prevents attacks from reaching the server, detects attacks before they run, and cleans up damage in case of a breach. This is Intercept X on a broader scale: not just the team, but the whole league. It includes the features outlines above, plus other server-based add-ons like application whitelisting, which locks down your server with one click, allowing only authorized applications to run and securing your server in safe state.
All of these options are managed through Sophos Central, a cloud-based console hosted by Sophos that allows you to configure all your products in one place, without the need for a separate management server. You can access Sophos Central anywhere, anytime.
At Firewalls.com, we can help you get your hands on Intercept X and turn the malware hail mary into a game-winning pick six for your organization. Whether you’re already running with Sophos or not, bring Intercept X onto your team to take your endpoint protection straight to the top. See how Synchronized Security, paired with the real-time scanning of the Sophos Security Heartbeat, can be your Most Valuable Player in 2019 (or 2021). Check out our Sophos Buyers Guide for more info!