Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Sophos Total Protect versus Full Guard

by

sophosUPDATED

One of the items that we get asked often is what is the difference between the Sophos Total Protect and the Sophos Full Guard, both provide the next generation in Unified Threat Management, but there is a difference.

The Sophos Total Protect is specifically for those organizations that are purchasing Sophos appliance for the first time, or want to migrate from a software installation to the applianced product. Total protect includes the appliance, the five security subscriptions and 24 x 7 support (premium support), and a very competitive price point.

Full Guard is what you would be renewing if your purchased Total Protect previously or if you are purchasing the software only version of the Sophos UTM.

In addition to the Total Protect and Full Guard, Sophos has added in new packages:

Total Protect Plus - available for the software only, SG appliances and the XG appliances, so what does the plus refer to - it is the Sandstorm security subscription to detect suspicious payloads containing threats, malware and unwanted applications.

For the XG series only - Sophos offers the EnterpriseProtect, which bundles Network, Web and Enhanced Support

The security subscriptions included in both are Network Protection, Email Protection, Web Protection, Wireless Protection and Web Server Protection.

If you have any questions, please contact us at 866-431-8972 or [email protected]

 

 

Sophos SG Series UTM announced as Winner of Best UTM Solution in 2015 SC Awards

by

Sophos SG Series UTM solution fought off competition from Fortinet, Check Point and Barracuda at the SC Magazine Awards 2015

OXFORD, UK – 10th June, 2015 – Sophos is pleased to announce that its Sophos SG Series UTM appliances were recognised by a panel representing the audience of SC Magazine, as the winning solution in the Best UTM Solution category at the 2015 SC Magazine Awards Europe 2015. The announcement was made Tuesday, 2nd June, 2015 at the awards presentation held at The Ballroom,Grosvenor House on Park Lane, London.

“We are delighted that our SG Series UTM came out on top at the SC Magazine Awards. Winning this award is a real honor and just shows that the features and models we have been adding to our SG series, such as the new integrated wireless models, are making Sophos a real leader in the UTM Firewall market” said Chris Weeds, Director, Product Marketing, Sophos. “Our network security product team are rightly proud of this achievement, but credit also goes to our partners and customers, whose input and feedback helps us to continue to build great products.“

Sophos’ SG Series UTM was also recently awarded five stars by PC Pro Magazine, and added to their A-List.

Each year, hundreds of products are entered in the EXCELLENCE AWARDS: THREAT SOLUTIONS categories. Each product is judged by a panel representing a cross-section of SC Magazine readership, which is comprised of large, medium and small enterprises from all major vertical markets including financial services, healthcare, government, retail, education and other sectors. Entrants are narrowed down to a select group of finalists before undergoing a rigorous final judging process to determine the winner in each category.

Quote from Tony Morbin, Editor in Chief, SC Magazine UK

“It’s more important than ever to recognise the tireless efforts of the men and women across the globe who work to combat these threats and provide cyber-security. Sophos’ SG Series UTM is a significant achievement and one that shows Sophos’ dedication to innovation and protecting against the ever-changing threat landscape,” said Tony Morbin, Editor in Chief, SC Magazine.

Read more ->

Employees are weak link in company cyber attacks

by

Mark Burnette, For The Tennessean 11:11 p.m. CDT April 29, 2015

Today’s companies face a truly daunting task when trying to protect their computer systems and sensitive data from compromise. Attackers are better coordinated and more sophisticated than ever before, and their tools are easier to obtain and use.

While there are many security issues for businesses to be concerned about (some of which are covered in other installments of this series), an all-too-common problem at companies of all sizes is attacks directed at the computer users themselves. The vulnerable users are workers in the company who have user accounts and passwords and use desktops, laptops, tablets and other devices to interact with a company’s data and network. Hackers and other bad guys target these users because they have access to sensitive data and systems, their account passwords are typically easy to guess or crack, and they are often willing to open a malicious file, click on an emailed link or even willingly type their password into a bogus site.

Protecting your company against end-user attacks requires a two-pronged approach: 1) train your users to help them be more aware of how end-user security attacks occur and 2) configure your systems to make it harder for the bad guys to successfully get in if a user slips up. Here’s a list of steps you should take:
•Keep up to date with security patches provided by software vendors for end-user machines. In addition to operating system patches, be sure to patch application software such as Adobe, Java and web browsers, as older versions of those tools have well-known vulnerabilities that are frequent vectors of attack.

•Provide spam filtering for every machine, with sensitivity controls turned up. One of the most common tactics attackers use to make initial entry into a company’s network is enticing end users to click on a spam email link that installs malware. While this won’t stop every phishing attempt, if you can filter out even one, that is one fewer opportunity for an unsuspecting user to click a bad link.

•Remove local administrator rights from end-user machines. Local administrator rights give a user more power to make changes to a computer, and if an attacker gains control of a machine with those rights, damage to the network can be much more significant.

•Make sure there is up-to-date anti-virus/malware protection installed on every machine.

•Require IT personnel to use different passwords when they work on servers. Even IT administrators can fall victim to email phishing attacks when they are working on their own computer. If they click on a bad link while logged in as an administrator, attackers can gain big-time access to your network using their privileged credentials.

•Develop a security awareness program for all personnel to help them understand their responsibilities when using a company computer system and/or handling sensitive data. This training should also teach users how to create good passwords (ones that are easy to remember, but difficult to guess).

•And perhaps most importantly, require “two-factor authentication” for users logging on to the network from a remote location. That means that a password alone is not enough to gain access; another form of authentication is needed. That could take the form of such things as a fingerprint, a token (a physical device that generates a code that is entered on the machine) or a digital certificate. If two-factor authentication is in place, an attacker who successfully captures a user’s access credentials still won’t be able to remotely connect to the network without the second factor (the token).

Taking all these measures will not completely eliminate the possibility of a successful attack, but it will greatly reduce your exposure to this common attack path, which just might make a potential attacker move on to a more vulnerable target.
Mark Burnette is a partner in the Security and Risk Services practice at LBMC, the largest regional accounting and financial services family of companies based in Tennessee, with offices in Brentwood, Chattanooga and Knoxville.

Sophos UTM Earns Common Criteria EAL4+ Certification

by

In April 2015, Sophos UTM v9 earned the Common Criteria (ISO 15408) certification under the German Common Criteria Evaluation and Certification Scheme by the German Federal Office for Information Security BSI (Bundesamt für Sicherheit in der Informationstechnik). As soon as we receive the certificate it will be available for download under the following link: https://www.sophos.com/en-us/support/knowledgebase/117713.aspx.

Version Details

The certificate with the identification number BSI-DSZ-CC-0942 applies to the product Sophos UTM v9 Packet Filter Version 1.000, which is the firewall component of the UTM security solution Sophos UTM v9 and was delivered with Sophos UTM 9.305. The certification is based on the Common Criteria Version 3.1 Revision 4 for the security level EAL4+ and was accompanied by the accredited testing laboratory SRC (Security Research & Consulting GmbH) situated in Bonn, Germany.

What is Common Criteria?

Common Criteria is a standard for evaluating the security features and capabilities of information technology products and is accepted by many countries around the globe. The highest internationally, mutually recognized certification level EAL4+ requires an inspection of the development site, as well as close scrutiny of the complete source code by independent experts. The certification process also includes flaw remediation, which evaluates Sophos’ processes for supporting Sophos UTM with future security and maintenance updates.

The IT Security Certificate warrants to customers, especially to those within the government sector, that security requirements are properly implemented and that the processes used meet recognized standards. One particular benefit of a Common Criteria certification is its compliance with various purchasing policies (e.g., NSTISSP #11 in the U.S.), mandating that federal departments and agencies shall acquire, for use on national security systems, only those information technology products that have been validated according to Common Criteria.

Cyber Attacks On US Companies in 2014

by

By

The spate of recent data breaches at big-name companies such as JPMorgan Chase, Home Depot, and Target raises questions about the effectiveness of the private sector’s information security. According to FBI Director James Comey, “There are two kinds of big companies in the United States. There are those who’ve been hacked…and those who don’t know they’ve been hacked.”

A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.

This paper lists known cyber attacks on private U.S. companies since the beginning of 2014. (A companion paper discussed cyber breaches in the federal government.) By its very nature, a list of this sort is incomplete. The scope of many attacks is not fully known. For example, in July, the U.S. Computer Emergency Readiness Team issued an advisory that more than 1,000 U.S. businesses have been affected by the Backoff malware, which targets point-of-sale (POS) systems used by most retail industries. These attacks targeted administrative and customer data and, in some cases, financial data.

Read Full Article - >

Cyber Attacks Article