Pine Cove Pulse

Sophos Intercept X stops Ransomware

Posted by Dan Russell

Sophos Intercept X Overview from Sophos on Vimeo.

We are excited for the upcoming launch of Sophos Intercept X, a next generation of endpoint protection for today’s threats.  Intercept X is Sophos’ new signatureless anti-exploit, anti-ransomware, and anti-hacker technology that includes enhanced reporting and visibility (root-cause analytics) as well as advanced malware cleanup.  All of this managed from Sophos Central.

Ransomware has been a hot topic in the Cyber Security world for several years now, costing businesses and organizations hundreds of millions every year.  With the release of Sophos Intercept X, you can stop Ransomware right in its tracks.  As part of Intercept X, Ransomware protection (Cryptoguard) is built in to stop Ransomware attacks as soon as they are detected and roll back any files to their original state if them become encrypted.  

Along with Cryptoguard, Intercept X also has many other exciting and new technologies that include anti-exploit technology that blocks zero-day threats without needing to scan files or the need of signatures/definitions the way it was traditionally done.  Sophos Intercept X also includes deep-cleaning technology, which can track down spyware that traditional Anti-Virus misses and cleans up deeply embedded malware to make remediation extremely simple.   With all this, Sophos has added forensic reporting that traces attacks back to their origin and pinpoints addition infection points while cleaning up the malware and providing guidance for strengthening your organizations security posture.

 Whether you’re a business or school, Sophos Intercept X is a must have add-on to your current Anti-Virus solution.  Regardless of whether you are a Sophos Endpoint customer already, or use a 3rd party Anti-Virus solution, Sophos Intercept X can be installed alongside existing endpoint protection solutions to give you ultimate protection – all with minimal impact to system performance.  Watch the video below to get a first hand look at Intercept X’s Cryptoguard technology in action. 

Watch the Technical Demo:

 
 
 
 
 
 
 
0:19
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Topics: security

Ransomware today: How to protect against Locky and friends.

Posted by Brandon Vancleeve

 videolearning3

Missed the Webinar: Ransomware today: How to protect against Locky and friends.

 
 
 
Wistia video thumbnail
 
 
 
 
54:59
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Here are some key insights:

Ransomware has become one of the most widespread and damaging threats that internet users face.
Since CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and exploit kits, extorting money from all types of organizations.
Today, Locky ransomware is wreaking havoc with at least 400,000 machines affected worldwide.

What you will learn in the video above:

  • What’s behind this current wave of ransomware
  • Anatomy of a ransomware attack
  • The latest ransomware to rear its ugly head: CryptoWall, Locky, TorrentLocker, CTB-Locker
  • Practical steps to protect your organization from ransomware threats

 
Want a one-on-one demo? Contact Pine Cove Consulting

Topics: security

New ‘Locky’ Ransomware Virus Spreading Rapidly

Posted by Dan Russell

locked-background.jpg

At Pine Cove we are creating awareness about a cyber threat that is spreading like wild fire.  This blog isn’t intended to scare you, but rather create awareness.  By now I’m sure you have all heard of “Crypto Locker” which was pretty popular a few years ago where someone would click on a link and accidentally download the executable and it would encrypt their files and any mapped drives they had access to.  The only way to recover was to either restore from a backup, or pay the ransom (Sometimes up to $1,000) to get the key from the hacker to un-encrypt the files.

This new variation called “Locky”, takes things to a whole new level.  It was just released last week and stats show that it hit around 60,000 PC’s in the first 24 hours and doubling and tripling daily.  Locky works in a similar fashion where a user clicks on a Word Document received via email titled “Invoice”.  When a user clicks on it, it will tell them they need to enable Macros, once that is clicked the infection begins.  Where this variant differs from the old Cryto Locker is this one spreads.  It will reach out into  your network and any computer it sees, whether its Windows, Mac, or Linux and encrypt the files on it and shared drives.  Similar to Crypto Locker, you either have to pay a ransom to get these files back, or recover from backup and clean up all the infected machines it has spread to.

Things you can do to try and prevent Locky:

  • Make End-Users/Employees aware
  • Disable Macros from being executed on a machine either by Group Policy or Machine by Machine
  • Make sure PC’s are patched with the latest security patches
  • For current Sophos Customers reading this:
  • We have made sure your Firewall is running IPS and ATP (Intrusion Prevention and Advanced Threat Protection)
  • We have turned on Country Blocking to block all Countries except “USA, Canada, US Virgin Islands”
  • We can create exceptions to single entities if there is a provider that needs accessed outside the U.S


Please let me know if you have any questions regarding any of this and I would be happy to discuss.  Again this is not to scare you, but to make you aware of the threat and spread the word to employees to be extremely cautious opening anything that might look suspicious.

We will keep everyone up to date as we know and find out more.

If You Need Help:
If you need help with identifying your current risk or adminstering any of these recommendations, please reach out to our team at sales@pinecc.com or call 800.432.0346 and our team of consultants can quickly advise.

Below is a link that provides more detail into the Locky Virus.
https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

Topics: security

Sophos Network Security Health Webinar

Posted by Tyler Wantulok

 videolearning3

Missed the Webinar on Sophos Network Security Health?

 

Here are some key insights:

1. Advanced Threats

Advanced threats are becoming more and more difficult to detect and keep at bay. Advanced threats steal information and communicate with a control system of hacker networks. Sometimes they don’t get detected for years after damage has already been done. Which is why we partnered with Sophos, one of the fastest growing security companies in the world. They’re just as dedicated as we are to making sure you are getting optimal protection at the right price.

We brought Paul Zindell back to talk about Unified Threat Management (UTM)

2. UTM has a multitude of features:

  • APT protection
  • Web server protection
  • Email encryption and DLP – most common place for threats
  • Cloud management
  • Endpoint desktop AV
  • WiFi management
  • App control and traffic shaping
  • Web filtering and policy
  • Branch office VPN
  • Mobile NAC

These are the most requested features by clients, and Sophos contains all of them in a unified platform. To see more, visit their website.

3. 3 different deployment models

  1. Hardware Appliances
  • Most common form of firewall
  • Sophos has 3 different UTM hardware appliances (small, medium and large) to match any business environment.
  1. Software or Virtual Firewall
  • Runs on any system- comes as ISO file.
  1. Amazon Webservices
  • If your services are hosted here, you are able to apply the license to this account.

4. Introduced new information: Project Copernicus

Project Copernicus is the next iteration of firewall interface, as well as integration with new endpoint work. Project Copernicus is a major component that supports the Sophos Product Strategy that security health must be comprehensive, made simple, and is more effective as a system.

Sophos is merging with the Asian firewall Cyberoam, for all of user firewalls to be managed entirely from a cloud-based system.

The project merges endpoint and networks for unified detection and response:

  • Redesigned interface that is easy to use

o   From evaluation, licensing, deployment and day-to-day management

  • Has comprehensive management

o   From features, on-premise and cloud, to dashboards and reports

  • Ties into project Galileo

o   Network, Enduser and cloud combine to deliver advanced protection


Some ways of how the new interface prevents threats:

  • Locks down machines, notifies administrator, and sends instructions for appropriate action
  • Access Control and Advanced Threat Protection work together for a comprehensive protection
  • Only company on the market that can do this advanced protection
  • The update will be compatible with all current SG models.

5. Project Copernicus interface features:

  • Dashboard that contains interface status, top applications that are running, quick actions
  • Protection features that can be turned on and off
  • Threat status
  • Customizable interfaces and multitask rules
  • Changing bandwidth for student networks – especially during testing
  • Customizable network and traffic protection
  • Adjustable rules for every type of protection
  • Updated advanced threat protection
  • Intrusion prevention and specified network protection
  • Ability to scan encrypted traffic
  • Web-filtering profiles and specific policies
  • App control and ability to block applications
  • Advanced email protection feature
  • Centrally managed wireless protection

Check out the first webinar of this series watch it here!

A special thank you to Paul and the Sophos team for taking the time to talk with us and our clients. Want a one-on-one demo? Contact Pine Cove Consulting

Topics: security

Simple security is better security webinar.

Posted by Tyler Wantulok

Missed the Webinar on Sophos?

During this webinar we spoke with Paul Zindell, an engineer with Sophos, who gave us an overview of the software.  

If you don’t have time to watch the webinar, here are some takeaways:

A little about Sophos:

  • Founded in 1985
  • Currently outgrowing the market
  • Over, 200,000 customers and 100M users
  • 90th percentile in best in class renewal rates
  • Partnered with Cisco, IBM, Juniper, Lenovo, Citrix, and Rockspace
  • Exclusively focused on business security (no consumer products)
  • Only vendor in Gartner leadership quadrant – endpoint, data protection, UTM markets

Why we’re partnered with Sophos:

  • Partnered for 10 years focusing on antivirus
  • Simplified security – not only computer protection but network level of protection (content filtering, email)
  • Integrated technology – all forms of security on one platform

Sophos Complete Security

Network Security:

  • Next Gen Firewall- most robust and most tools
    o   Can be virtualized- don’t have to buy firewall
    o   Flexible
  • Anti-malware and IPS
  • URL tracking
  • Network access control
  • Wireless
  • VPN
  • Anti-spam
  • Email encryption

Server Security:

  • Anti-malware
  • Server lockdown
    o   Whitelisting technology - locks affected server down
Webserver protection:
  • Virtualization
  • App control
  • V-shield

End User and Device Security:

  • Very user-centric security
  • Anti-malware
  • Mobile
  • Encryption
  • Patch assessment
  • Application control
  • Device control
  • Encryption for cloud
  • Endpoint web protection

 
Sophos Cloud

Sophos cloud is a cloud-based platform, created so users can manage all security health offerings. It was built from the ground up, with 99.96% uptime. The cloud is functional for all end-users to manage security offline.

The Endpoint Agent- how Sophos is working on your devices:

Endpoint_agent_Sophos


Enduser and Network integration to protect against advanced threats:

Galileo_Enduser_Network_protect

  • Client is in constant communication with firewall
  • Firewall can quarantine advanced threats of malware
  • Encryption solution (safeguard) can remove file encryption keys locally from device
  • Terminates and removes malware
  • Identify and clean other infected systems

Why we recommend Sophos:

  1. They focus on research.
  • Sophos facilities do 24-hour a day research, looking for new malware and ways people break into networks
  • Global threat research labs
  1. Top-tier management.
    • Management of Sophos were top managers in highly renowned companies before turning to Sophos
  2. Most OEM antimalware engine.
  3. They are diverse.
    • From small business to large corporations, Sophos protection works for any business
  4. They offer 24/7 support
  5. One source for IT security health needs.
    • Network/UTM, Wireless, Anti-malware, web, email, mobile
  6. Simplified and cost-effective.
    • User licensing instead of computer for multiple device protection
    • Bundle options
  7. They are first-movers.
    • One of the only vendors in the world that integrates detection and enforcement across endpoint, mobile, network, wireless, and cloud
  8. Simplicity is key.
  • Easy protection from end-user’s perspective
  • Seamless to end-user
  • Administrator should understand the interface easily
     10. Sophos is Next-Generation Threat Protection
  • Security must be comprehensive
  • Security can be made simple
  • Security is more effective as a system
  • Integrated technology that keeps them ahead of the game in malware protection
  • Simplicity of management for end-users
  • Integrated technology

“If it’s complicated, it’s not useful.” – Paul Zindell (Sophos)


Check out the second Webinar in this series! Sophos Networking Security

New Call-to-action

Topics: security