Chat with us, powered by LiveChat

Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Next-Gen Endpoint Protection – Explained

by

What should you expect from a next-gen endpoint protection solution?

From Sophos Blogs

Everyone knows that traditional antivirus isn’t enough to stop today’s advanced threats, so endpoint security vendors are hoping you’ll consider their “next-gen” solutions. But what exactly does “next-gen” mean, and what capabilities should you expect?

At Sophos, we believe next-gen endpoint protection means an integrated system of technologies that protect against all stages of an attack:

1. Prevention: Stopping malware before it can execute.
2. Detection: Identifying quickly when malware is deployed.
3. Response: Taking action instantly when malware is detected.

Let’s take a quick look at the capabilities your endpoint protection needs to counter threats at each stage.

1. Prevention: The defensive front line

Prevention focuses on stopping malware from ever reaching the device in the first place. Prevention capabilities can be broken down into exposure prevention and pre-execution defense.

Exposure prevention:
– Web protection – can you block malicious webpages?
– Device control – which devices (e.g., USB drives) are allowed to access the endpoint?
– Download reputation – where does the file come from, do other machines in the organization use it?

Pre-execution defense:
– File analytics/HIPS – does a file contain code trying to modify the registry?
– Emulator – can you execute the file in a safe environment to test it?

2. Detection: Catching malware in the act

Detection uses a variety of methods to identify malware that has reached a device. A next-gen endpoint solution should have these run-time detection capabilities.

– Malicious traffic detection – are processes communicating with known threat locations (phoning home)?
– Memory scanning – is a file exhibiting behavior of known malware?
– Exploit detection – is the suspect process cataloging the memory of another process?

3. Response: Clean-up and analysis

Response capabilities should eliminate the malware and perform analysis to identify the entry point of the malware.

– Malware removal – can your endpoint solution remove the executable and other malware components?
– Root cause analysis – can it identify the malware’s origin to understand what was compromised?

Choosing a truly “next-gen” endpoint solution

Sophos experts have written a simple guide to explain why organizations like yours need next-gen endpoint protection. It also explains in straightforward terms the features that a next-gen endpoint solution should have, and how they keep your users and systems secure.

Download the free whitepaper, or sign up for a free 30-day trial of Sophos Next-Gen Endpoint Protection.

Designer Cyber Threats Increasing

by

ComputerWeekly.com – Warwick Ashford – May 4, 2016

Cyber attackers are crafting spam to deliver malware that uses vernacular, brands and payment methods for better cultural compatibility, Sophos researchers find

Cyber criminals are increasingly designing attacks for specific countries to trick victims into downloading malware, according to research by SophosLabs.

Analysis of data from millions of endpoints worldwide revealed a growing trend of crafting spam to deliver malware that uses vernacular, brands and payment methods for better cultural compatibility.

Ransomware disguised as an authentic email or notification, complete with local logos, is more believable, and therefore more financially rewarding to cyber criminals, the researchers said.

To be as effective as possible, scam emails are also impersonating local postal companies, tax and law enforcement agencies and utility firms through phony shipping notices, refunds, speeding tickets and electricity bills.

SophosLabs noted a rise in spam where the grammar was more often properly written and perfectly punctuated.

“You have to look harder to spot fake emails,” said Chester Wisniewski, senior security advisor at Sophos. “Being aware of the tactics used in your region is becoming an important aspect of security.”

Researchers also saw historic trends of different ransomware strains that targeted specific locations. Versions of CryptoWall predominantly hit victims in the US, UK, Canada, Australia, Germany and France; TorrentLocker attacked primarily the UK, Italy, Australia and Spain; and TeslaCrypt honed in on the UK, US, Canada, Singapore and Thailand.

The analysis also showed the level of malware infections and attacks per 1,000 Sophos endpoints for countries in the first three months of 2016, also known as threat exposure rates (TER). Although western economies were more highly targeted, they typically had a lower TER.

Countries ranked with the lowest TER included France at 5.2%, Canada at 4.6%, Australia at 4.1%, the US at 3% and the UK at 2.8%. Algeria at 30.7%, Bolivia at 20.3%, Pakistan at 19.9%, China at 18.5% and India at 16.9% were among the countries with the highest percentage of endpoints exposed to malware attacks.

“Even money laundering is localised to be more lucrative. Credit card processing can be risky for criminals, so they started using anonymous internet payment methods to extort money from ransomware victims,” said Wisniewski.

“We have seen cyber crooks using local online cash-equivalent cards and purchasing locations, such as prepaid Green Dot MoneyPak cards from Walgreens in the US, and Ukash, which is now paysafecard, from various retail outlets in the UK,” he said.

The concept of filtering out specific countries also emerged as a trend.

“Cyber criminals are programming attacks to avoid certain countries or keyboards with a particular language,” said Wisniewski. “This could be happening for many reasons. Maybe the crooks don’t want attacks anywhere near their launch point to better avoid detection. It could be national pride. Or perhaps there’s a conspiratorial undertone to create suspicion about a country by omitting it from an attack,” he said.

Banking is an example of how cyber criminals are using location-based malware to be more prosperous. The Sophos research revealed historically how Trojans and malware used to infiltrate banks and financial institutions converges on specific regions.

Brazilian banker Trojans and variants pinpoint Brazil, and Dridex is predominant in the US and Germany, for example, while Trustezeb is most prevalent in German-speaking countries, Yebot is popular in Hong Kong and Japan, and Zbot is found mostly in the US, UK, Canada, Germany, Australia, Italy, Spain and Japan.

“There is an entire cottage industry of uniquely crafted Trojans just targeting banks in Brazil,” said Wisniewski.

With cyber criminals having a deliberate hand in creating threats that look authentic and are specifically targeted, Sophos researchers said it is more difficult to recognise malicious spam.

Beware downloading some apps

by

Beware downloading some apps or risk “being spied on”

From 10 News
Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps on Android phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

Read the entire story

SnoopWall: Counterveillance Security for Network, Mobile and Apps

by

InsightSuccess
Today, smartphones carry your private data, which is the most convenient way of doing all online banking transactions smoothly, only when your data is completely protected from the bank’s network to your smartphone. Meanwhile those banks you are doing business with might not have enough network security protection in place, behind their corporate firewall.

SnoopWall is the world’s first counterveillance security company delivering a suite of network, mobile and app security products as well as cloud-based services, protecting all computing devices from prying eyes and new threats through patented cloaking technology.

SnoopWall secures mission critical and highly valuable confidential information behind firewalls and on mobile devices with next generation technology that detects and blocks all remote control, eavesdropping and spying. SnoopWall’s software products and hardware appliances are all made in the U.S.A.

Gary Miliefsky, Masterful Cyber Security Professional

Gary Miliefsky, founder and CEO of SnoopWall, is a consumer advocate and a cyber-security expert who frequently appears on ABC, CBS, NBC, Fox News, CNN and many other media outlets to share his expert opinion. He is a member of ISC2, CISSP® and Advisory Board of the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. He also advised the National Infrastructure Advisory Council (NIAC) which operates within the United State. DHS for the National Strategy to Secure Cyberspace. Gary is a Founding Member of the US Department of Homeland Security, served on the OVAL advisory board of MITRE and is a strong supporter of the CVE Program, plus he is a founding Board member of the National Information Security Group.

Subduing, the Biggest Challenge in Cyber Security

SnoopWall is growing rapidly, as their NetSHIELD appliances, MobileSHIELD endpoint agent and AppSHIELD SDK are critical to network and mobile security.

Firstly, SnoopWall’s NetSHIELD appliances solve internal network access control and dramatically reduce internal risk for a fraction of the cost of competition. SnoopWall’s MobileSHIELD endpoint agent solves the data leakage risks inherent in the BYOD dilemma, which is the second biggest problem in cyber security. And finally with their AppSHIELD SDK, they are protecting mobile banking, wallet and retail apps on smartphones from losing consumer information (PII) to cyber criminals. The market is very receptive, with their amazing network of channel partners and their phenomenal corporate team; SnoopWall is expanding their network throughout the globe through multi-tier distribution.

Most exploitation happens behind firewalls – either through malicious insiders, rogue devices, new forms of malware, trusted, yet infected employee owned equipment and SnoopWall’s NetSHIELD appliances as well as MobileSHIELD agents for the Bring Your Own Device (BYOD) dilemma continues to solve these problems for their customers.

Honest, Ethical, Passionate Information Security Team

Proudly, SnoopWall has customers around the globe who have not experienced a single breach since properly deploying their solutions. They have ‘INFOSEC professionals’ that care deeply for their customers and the protection of their networks and mobile devices. With this drive and passion, SnoopWall continues to build innovative, next generation security solutions that solve the worst problems in network security not resolved by firewalls and antivirus solutions, alone.

They would like to continue to grow and expand their international channels with the future possibility of being the worldwide market leader in network and mobile device security for small to medium sized enterprise (SME).

Sophos Position As Leader in Magic Quadrant – EPP

by

From ITWeb

Sophos LogoSophos has announced it was once again named a Leader in Gartner’s 2016 Magic Quadrant report for Endpoint Protection Platforms (EPP), a position the company has held since 2007.

In the report, Gartner identifies four primary stages in the security life cycle: Setting policy, prevention, detection and remediation, and evaluated EPP vendors based on whether the features their solutions offer address these four stages.

According to the report: “Most enterprise buyers are starting to look at EPP products that can address not only Windows, but a broad array of servers and clients. We evaluated a vendor’s ability to protect and manage a wide array of endpoints (such as Mac, iOS and Android devices), and to integrate those into the management console. Today, many large enterprise buyers are selecting a best-of-breed EMM (enterprise mobility management) capability; however, within the next two years, we expect the EPP market to subsume this function (which is already happening at the SME end of the market).”

Read the full article

For more information on Sophos Endpoint Protection – contact us