Tag: sophos intercept x

Ransomware Attack Clapback: How to Prepare if You’re Targeted

By Andrew Harmon

Posted On October 9, 2020

Ransomware Attack Clapback: How to Prepare if You’re Targeted
barracuda backup intercept x phishing Ransomware Sophos sophos intercept x

Ransomware Attack 2020: Why Prepare

It seems like every week in 2020, we hear about another major ransomware attack. While volume continues to grow in recent years, more troubling is the fact that ransomware is getting more targeted. Why is this more troubling? Because of its more targeted nature, it’s also getting more effective. Many ransomware cells now study their targets to pinpoint weaknesses, then customize attacks to exploit them. Not only that, they select targets and set ransom amounts based on knowledge of what those victims can pay.

And one more troubling fact to keep you up at night: soft targets are particularly vulnerable. That is, bad actors are placing local governments, school systems, nonprofit organizations, and even healthcare providers in the crosshairs. So even if your business avoids attack, a successful breach of one of these targets has major effects on day to day life. Enough preamble though. If you made it this far, you know the situation is serious. Here are three ways to prepare to clapback, so an attack won’t stop you in your tracks.

Train Your Staff

Your employees can be either the point of entry or the first line of defense for a ransomware attack. The choice is yours. Among the most common ways for ransomware to infect your network is once again through phishing emails. If your network users don’t know what to look for, they may unsuspectingly click on an attachment that delivers the malicious payload. Simple training makes all the difference, sharing tips like:

  • Double-check the domain name that sent the email
  • Look for spelling errors as well as numbers replacing letters
  • Review the signature & legitimacy of the request
  • Hover over links – without clicking – to check where they lead
  • Don’t click on attachments unless you’re sure of the source

There are applications available to let you test your employees & reinforce training without the consequence being an actual breach. Check out Sophos Phish Threat and Barracuda PhishLine for a couple worthy examples. Oh and one other key piece of training? Teach your employees to report any suspicious contacts asking for a way into your network.

Layer Your Security

The best approach to network security in 2020 is a layered one. As we just noted, well-trained employees are one layer, but there are many others to consider. If you haven’t heard by now, it all starts with the firewall. Your firewall – operating the latest and greatest security services – should be the cornerstone of a protected network setup. A current generation firewall plus those security services protects against just about any threat that comes your way. Companies now commonly incorporate threat intelligence – both human and the artificial variety – plus machine learning into their security offerings. That means they’re on the cutting edge to recognize and stop ever evolving ransomware and malware varieties.

But with the workforce extended beyond the perimeter now more than ever, your security must do the same. That means endpoint protection and secure access to your network for remote employees are also musts. Endpoint protection not only gives you visibility into these remote devices, it also extends many of the same security services to them individually. Ensuring secure access via VPN then brings your teleworkers back under the security of your firewall and network setup. And the layering shouldn’t stop there. Ensure you have email security in place to filter out suspicious messages before they even reach the eyes of an employee. And segment your network so a breach of one device doesn’t extend throughout. This may sound like a lot, but bundling services is surprisingly reasonable, and security costs much less than a successful ransomware attack ever will.

Backup So You Can Rollback

This could easily fall under the layers above, but when it comes to a ransomware attack, backup deserves a spotlight all its own. If you are successfully breached and your files encrypted, the smart money isn’t on paying the ransom, it’s on rolling back. Regular backups of your data allow you to get right back to work with minimal interruption, even if a ransomware attack occurs. A Sophos survey of 5,000 IT managers found more than half of firms whose data was encrypted by ransomware restored it through backups. Why is that? There are no guarantees when you pay the ransom. Plus, you don’t really want to support a criminal enterprise. And on a more practical note, Sophos also found that paying the ransom resulted in twice the remediation costs of restoring data from backups. Even if the ransomware cell you’re working with gives you the encryption key when you pay up, you still have to dedicate time and effort to restoration. So why not just have the restoration already available in house. Learn about Barracuda Backup and Sophos Intercept X with CryptoGuard for a couple of options to ensure you’re not caught flat-footed when a ransomware attack comes.

What is EDR? Automated endpoint detection & real-time response to threats

By Andrew Harmon

Posted On April 23, 2020

What is EDR? Automated endpoint detection & real-time response to threats
capture client edr fortiedr fortinet SonicWALL Sophos sophos intercept x

To continue our recent theme of decoding abbreviations, EDR means Endpoint Detection & Response, and that means that the age of AI is upgrading networks. This automated, real-time endpoint solution ensures that end users can work securely no matter where in the world they’re located in relation to a firewall.

With EDR, your network defenses constantly scan for the kinds of elusive malware, ransomware, and zero day threats that signature-based detection platforms miss. And in the event a security incident occurs, advanced Endpoint Detection & Response platforms such as Sophos Intercept X Advanced with EDR or FortiEDR stop attacks even if the endpoint is compromised. Guided response lets administrators easily walk through the steps of an attack to see its root cause and isolate infected machines.

EDR’s machine learning systems deter, detect, disarm, dissect, deescalate, and do away with any cyber threats you can throw its way.

Why EDR works for small businesses

Survey after survey several years running have revealed two facts: a majority of small businesses find it difficult to hire qualified IT talent–especially talent focused on network security–and their budgets often struggle to accommodate the talent they do find. Automated endpoint detection and response monitored by 24-hour machine learning intelligence adds just the kind of cybersecurity expertise that SMBs need without a higher employee headcount.

Just like modern grocery stores have self-checkout lines and autoworkers now benefit from the assistance of robotics, automation enables small businesses to do more with less to get the job done. Farm out malware expertise and incident response to the bots!

Sophos Intercept X Advanced with EDR

Intercept X Advanced has been a longstanding go-to for network admins looking to add advanced protection to their networks in a comprehensive, integrated system. Sophos Intercept X Advanced now also consolidates that industry-leading protection and EDR into a single solution. Intercept X’s advanced malware prevention significantly eases the workload on the EDR component, allowing you to utilize more of the speed and performance you pay your Internet Service Provider for.

  • Minimize staffing by automating IT tasks usually done by skilled experts
  • Prioritize potential threats & automatically detect security incidents
  • Provide visibility into attack scope, root cause, impact, & network health
  • Hunt for indicators of compromise that may leave your network vulnerable

 

Fortinet FortiEDR

FortiEDR will be made available to order on May 4th and is already boasting some big benefits and features. An EDR solution purpose-built to detect potential threats, FortiEDR stops breaches in real time, and mitigate the damage of ransomware even on machines that have already been compromised. FortiEDR also extends security to IOT devices with the ability to protect everything from PCs to servers to point-of-sale systems and more.

  • Creates very small network footprint thanks to native cloud infrastructure
  • Enjoy automated EPP with orchestrated response across platforms
  • Stop file-based malware with Fortinet’s kernel-level Next Gen AV engine
  • Eliminate dwell time & reduce post-breach expenses

 

SonicWall Capture Client

Automated endpoint detection and response is integrated into SonicWall’s Capture Client, bringing together EDR, advanced threat protection, and integrated network security. With unique ransomware rollback capabilities and intuitive attack visualizations, Capture Client offers a comprehensive endpoint protection and EDR environment for any SonicWall network.

SonicWallEDR

  • Next-generation SentinelOne malware protection engine
  • Advanced threat protection with sandbox integration
  • Behavior-based scanning powered by machine learning
  • Unique attack rollback capabilities using Volume Shadow Copy Service
  • Install & manage trusted TLS certificates to leverage DPI-SSL

 

3 Things All Organizations Should Learn from the SophosLabs 2018 Malware Forecast

By Andrew Harmon

Posted On January 23, 2018

3 Things All Organizations Should Learn from the SophosLabs 2018 Malware Forecast
cybercriminals malware Ransomware Sophos sophos intercept x

WannaCry. NotPetya. KRACK. BadRabbit–with all the new friends we made in 2017, organizations have to wonder what the new year has in store in regards to cyber security. A meteoric rise in ransomware has the healthcare industry on its toes. Corporate email breach rates are soaring. Surely there must be someone that can help us make sense of it all!

Well, Sophos can. A few months ago SophosLabs released its 2018 Malware Forecast. In this week’s blog post, we’ll look at the data, the predictions, and what business owners should take away from the research. Ready to get secure and stay secure in 2018? Keep reading to learn how you can pull it off.

3 Key Points of the SophosLabs Malware Forecast

1. Ransomware-as-a-Service is the New Normal

The real boogeyman in the world of cyber security is no longer individual hackers, but the toolkits and custom code they distribute. The Dark Web is littered with DIY exploit kits and pre-built ransomware payloads just waiting to be aimed and fired, for a price. Any Joe Shmoe off the street can bring a hospital campus to a grinding halt, even if they can’t tell a secure socket from an electrical socket. Ransomware-as-a-Service is an all-inclusive heist-in-a-box that even low-tier baddies can use to separate your organization from its wallet.

Just how commodified has ransomware become? Well, why not watch the world’s first commercial for a ransomware toolkit?

What It Means for You

More attempts. More spam. More danger lurking around every corner. Sure, these DIY exploiters may not have the expertise or dedication that hackers of old once touted, but cyber crime in 2018 is a numbers game. Expect to see the total number of attempted attacks rise as ransomware-as-a-service kits multiply and the entry threshold for cyber criminals lowers.

2. Windows is Still Vulnerable

As the author of the report states, “the Windows threat landscape hasn’t changed much in the past year…” Realistically, that’s no better news than claiming the yapping dog next door hasn’t been barking much louder than usual. One important trend that SophosLabs reported was an increased concentration of attack payloads nested in Microsoft Office applications such as Word and Excel. Droppers like these execute macros inside Windows documents to deliver their payload, turning innocent-looking files into landmines. If anything, these improvements in the world of Office exploits translate into shorter attack time frames and more efficient exploits.

What It Means for You

Like years past, the most likely attack vector against your organization in 2018 will be an attachment in your inbox. However, expect phishing attempts that are more deceptive, more persuasive, and, should you fall victim, more unforgiving. Tag teamed with a blossoming ransomware-as-a-service sector and we can expect Windows exploits that are deployed more dynamically than ever. The turnaround time is shrinking between when new vulnerabilities are discovered and attack payloads being built to exploit them.

3. Cybercriminals As Opportunistic Hunters

The bad guys are wasting less of their time on targets that won’t pay up. That’s bad news for those of us that don’t have the luxury of choice. The healthcare, government, and education industries will have inescapable targets looming over their heads throughout 2018. Healthcare in particular is already attacked more frequently than any other sector. Each instance of ransomware attack is an experiment in which criminals are learning who will convert into a sale and which targets are least prepared.

What It Means for You

Cyber crime is a growing industry and like any budding industry, they are piecing together their target audience and exploring strategies to shorten their “sales funnel.” With ransomware, that’s accomplished by targeting critical infrastructure, medical records, and sensitive financial information. If your industry touches on those goalposts, you’ve probably made it onto the bad guys’ shortlist.

How Can I Prepare for 2018?

Adware, spyware, and viruses are all very much real and salient worries. But let’s not kid ourselves about who the big bad final boss is on this level: ransomware. Any industries that could find themselves staring down the barrel of a custom-design exploit kit should be preparing for that possibility by putting preventative measures in place. Step one is as easy as learning as much as possible about ransomware, so why not hop over to our article “Ransomware Warfare: How to Protect Your Files From Hostage Takers” to brush up on your safety basics?

Sophos Intercept X is a powerful weapon that most organizations should be adding to their arsenal. Intercept X is designed to run alongside any other endpoint applications on your system, so most network environments will welcome it. Intercept X is built to go toe-to-toe with zero day threats because Sophos analyzes threats based on behavior rather than known signature. Behavior-based scanning ensures that even if an attack has never been documented before, it’s still going to get the ax if it walks like ransomware, talks like ransomware, and smells like ransomware. In an era of bespoke and rapid-deployment ransomware, we can no longer rely on only fighting the enemies we’re familiar with.

However, the most impressive feature of Intercept X is its ability to literally roll back damage from ransomware that lands on your system. Even if ransomware makes it onto your network and manages to encrypt a few files, Intercept X will be able to shut the attack down, restore your files, and reverse the damage right before your eyes. In fact, you can watch it demonstrated in this one-minute video:

Remember, an organization is only as secure as its employees make it. Human error will occur. Honest mistakes happen. But if the worst happens, Intercept X will be there to clean up.

Learn more about Intercept X or take it for a FREE 30-day trial

3 Questions Every Small Business Owner Should Ask Before Building Their Own Network

By Andrew Harmon

Posted On December 15, 2017

3 Questions Every Small Business Owner Should Ask Before Building Their Own Network
AntiSpam configuration DIY faas firewall licenses firewalls professional services small business SMB sophos intercept x

You’re a small business owner with a lengthy laundry list of tasks and some DIY self-reliance. You can do your own research. You can learn. But cyber security is something that needs to be done and done right, so you’re not going to just charge into the fray. So, how hard is setting up a secure network, really?

The degree of difficulty can range from fairly straightforward to hair-pullingly complex. The specific goals and pain points of your organization will be driving factors in the type of hardware you purchase, the endpoint protection you run, and the shape of your network. This post is an ideal starting point for the fearless small business owner ready to ascend the cyber security summit. Here are three questions every small business owner should ask themselves before setting up their network.

Question 1: What are my unique goals?

Network security solutions are not one size fits all. Small business owners should consider the unique challenges that face their industry, their location, and the specific needs of their business. While a powerful content filtering service may be a make-or-break factor for a school district, that same service may be irrelevant to a marketing agency that relies on unfettered access to content. Retailers face PCI compliance requirements in order to secure their POS systems, but a contracting business that rarely processes in-person transactions has little use for a PCI compliant buildout.

Outline the average workday in your office and list which aspects of network utilization are critical for optimizing productivity and reliability. If your organization requires nimble network performance, you may pursue a leaner, dynamic security solution that won’t be bogged down with excessive UTM applications. If your organization deploys mobile workers or operates a web of remote offices, you may want to focus your efforts on VPN tunnels, email security, and secure remote access.

These considerations ultimately influence your decisions regarding the size, brand, and throughput of the firewall you purchase. If you seek reliability and  beginner-friendly management, an appliance from SonicWall’s TZ Series could be a great fit. If you want to assign performance-heavy services, subscriptions, or apps on your network, you’ll find that a WatchGuard Firebox T Series appliance can handle the intense workload smoothly. And if you’re an adventurous early-adopter type that swept their school science fair multiple years running, you’ll have a ton of fun exploring the steeper learning curve and nuanced capabilities of a Sophos XG Firewall.

Question 2: What licenses, subscriptions, or services will run on my firewall?

If network security is a car, the new firewall box you just got in the mail is the chassis and engine of that car. You can put it in drive and go, but cars have come a long way since basic stop-and-go functionality. Consider your add-ons. While technically optional, you’re probably not going to stick with a car for long if it doesn’t have A/C, radio, ABS, seatbelts, power steering, or cupholders. You may not need or want all of these options, but most everyone will find a few they can’t go without.

Corporate email breaches and phishing represent some of the most aggressive threats in 2017 and that trend will only grow in 2018. Cloud-based sandbox environments guarding your inbox, such as SonicWall Capture ATP, may prove invaluable assets to protecting users. AntiSpam clients can mitigate the dangerous and endlessly irritating deluge of junk mail barraging mail servers. Sophos Intercept X is a powerful next-generation guard against ransomware and is designed to seamlessly supplement whatever hardware or security features you already run.

Your answers to Question 1 will help to develop comprehensive answers for this question. The unique needs of your organization dictate the number and types of security licenses you employ, so make sure to overturn every stone.

Mix and match. Bundle to save money. Test-drive some free trials. Your options are endless!

Question 3: Exactly how hard is configuring a firewall?

You’ve got a shortlist of firewall appliance options. You’ve got a pretty good idea of the licenses and security services you want to employ. Surely you’re nearing the peak of this massif, right? Unfortunately, the most complex step still awaits: configuration.

The infrastructure of your network will need to be diagrammed and implemented. NAT policies and rules must be put in place that instruct your firewall how to respond to various situations and stimuli. You will likely want to segregate the users on your network into smaller, more manageable user groups. Configuration is a complex process that requires plentiful considerations.

Firewalls.com provides some resources to the DIY network builder such as our manufacturer-specific training videos, YouTube tutorial library, and premium support if you get yourself in a pinch. Nonetheless, we still recommend leaving the details of configuration in the hands of a professional.

No matter what brand you roll with, Firewalls.com has in-house engineers dedicated to mastering each system and this is evidenced by a suite of certifications, awards, and reviews Firewalls.com has earned over the last two decades. After all, we are Firewalls-dot-freaking-com, so we’ve done this a time or two! You’re a small business owner who still has a lot of ground to cover. Why not consider having our expert team do the configuration for you while you get a head start on the next summit?

A small business owner stands at a mountain, looking over his secure network in the valleys below.

An Even Easier Option for the Small Business Owner

If you’ve asked yourself all three of these questions and feel empowered to secure your own network, congratulations! We’re rooting for you, you cunning small business owner, unafraid to confront new challenges.

If these questions raised some doubt, no problem. There are easier options. Firewall-as-a-Service is the perfect choice for a small business owner looking to deploy a secure network with as little muss and fuss as possible. Think of it like renting security layers: we’ll bring the firewall, the services, the configuration, and the expertise. Just show us where to plug in and we’ll lock down your network, mitigate threats, and minimize network downtime with a convenient, discreet deployment.