Sophos today announced that it has won the coveted Vendor of the Year Award at the Secure Computing Magazine Awards 2012. The top award was announced at a gala dinner, held at the 11th annual AusCERT Information Security Conference on the Gold Coast, and the awards recognize outstanding work by professionals, organizations and products in the security industry.

The judging panel was comprised of Australian-based senior IT security experts, and the Vendor of the Year Award was presented to Sophos in recognition of its high level of customer satisfaction, constant innovation, influence on IT security strategy and its leading position in the endpoint and data protection market.

Sophos’ ongoing contribution to the IT security industry in Australia also contributed to its award win. Sophos has worked closely on many key security projects and initiatives, including the Department of Broadband, Communications and the Digital Economy, and Cybersecurity Awareness Week, where Sophos is an active supporter and committee member, running regional events, and working with local businesses.

Sophos also works with leading industry associations including the Australian Computer Society and the Internet Industry Association. Sophos has also recently become a member of the Australian Government’s National Standing Committee on Cloud Computing, advising on security issues and an Industry Code of Best Practice.

Rob Forsyth, director of Sophos Asia Pacific, has been involved with many of these projects along with key members of the Sophos team, working closely with industry and government groups to drive important security initiatives. “The Vendor of the Year Award validates the great work Sophos has done within this region, and we appreciate the recognition by SC Magazine and the panel of judges,� said Forsyth.

Sophos will continue its work in driving awareness around security issues, particularly on a local level, rallying the community and businesses to work together in ensuring Australians understand online safety. “I really do encourage the IT industry to get behind government and community efforts to make Australia safe online,� he continued. “The internet represents massive opportunities for education, and fair development across all social strata, but the risks to our community requires constant vigilance.�

posted on: Click Here to find out

In response to partner and customer demand, Sophos today introduced new Complete Security Suites; Web Protection, Data Protection and Complete Security. These suites offer Sophos partners the tools they need to help their clients address the evolving security challenges IT departments are facing due the consumerization of IT, the rise of advanced persistent threats, and an increase in malware.

“The evolution of Sophos technology and the new ‘Complete Security Suites’ represent a clear and forward-looking vision to manage the advanced multi-vectored threats businesses face,� said Robert Newburn, head of Information Security and Managed Services, Trustmarque. “Security never stands still and neither does Sophos. Through significant in-house development and tactical acquisitions they have built a compelling set of integrated technologies simplifying security management, driving down administration costs and offering customers a mature set of proven tools to protect the endpoint, mobile devices and Gateway.�

The Complete Security Suites combine key functions like endpoint, data and web and email protection, along with mobile device management and protection for Microsoft Exchange and SharePoint. The new offerings give partners a competitive edge in the industry—one vendor, one license, ease of management and deployment. And the array of market-leading solutions creates even more secure environments for their clients at a greater value.

“As a managed service provider, we are our clients’ IT departments, so keeping management costs down is critical to our business,� said Marcus Bearden, vice president of technology, Carceron “The centralized management of Sophos’ Complete Security Suites will reduce our administrative costs, thus reducing costs for our customers—a true win-win. Additionally, they will allow us to offer our clients a better value than an a la carte model while satisfying all their security needs.�

The Complete Security Suites will also shorten the sales cycle for Sophos partners as clients no longer have to evaluate individual solutions in order to solve each security challenge. Instead, they are able to offer solutions that work together—across all points—from a trusted provider.

“Our clients face an ever-changing variety of new security challenges. Since IT managers are already tasked with accomplishing more while using less resources, we need to provide solutions that quickly address all the different aspects of IT security,� said Stephen Merritt, software partner manager, SHI International. “Evaluating multiple security solutions is time consuming for both us and our customers, so the ability to present a single, dynamic and scalable bundle that meets all a customer’s security needs helps keep their focus on other initiatives within an environment they are confident is secure.�

“We recognize that partners are operating in a competitive environment, so they need tools that will help them meet their clients’ demands for stronger security systems,â€? said John Shaw, vice president product management Sophos. “We have built this complete security system for IT because IT teams shouldn’t have to spend time determining which of their point security products is at fault every time they have a problem, only to find that the problem is that the point products don’t work together. With our suites, customers know it’s always Sophos securing them, and they can be confident that they will be backed by both our industry-leading support and our excellent partners.â€?

For additional information on the new Complete Security Suites, please visit: http://www.sophos.com/en-us/products/complete.aspx.

posted on: Click Here to find out

According to the recent report from Gartner, Inc, “Market Share Analysis: Unified Threat Management (SMB Multifunction Firewalls), Worldwide, 2012,� published on March 28, 2012, Sophos grew its UTM market share by more than 35 percent from 2010 to 2011.

According to Gartner, the overall unified threat management market grew from an estimated $972 million in 2010 to $1.16 billion in 2011, with four-year compound annual growth of 20.7 percent.

Sophos’ growth illustrates the success of its ability to extend its UTM capabilities to a wide range of technologies, such as next-generation firewalls to enable application control, Remote Ethernet Devices to cost effectively secure remote branch offices, or wireless access points to secure wireless connectivity, all of which is managed through a single interface.

“The breadth of our UTM solutions’ capabilities is central to our complete security strategy—protecting networks, endpoint and data at every level of IT infrastructure,â€? said Christian Pijoulat, vice president of Sophos for Western Europe. “The tight integration of capabilities also allows our customers to deploy complete security capabilities while reducing management burden and total cost of ownership. Increasing such benefits for our customers is a primary focus, and we will soon launch new security suites that are not only cost effective, but also include industry-first security features.â€?

In March 2012, Sophos was positioned in the “Leaders� quadrant of Gartner, Inc’s 2012 Magic Quadrant for Unified Threat Management.

About the Magic Quadrant

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

posted on: Click Here to find out

A Sophos on-stand survey* of 214 visitors to Infosecurity Europe – 24-26 April 2012 – has revealed that, out of more than 200 respondents, nearly half (45 percent) use consumer cloud services, such as Dropbox, for work purposes – indicating a growing demand for cloud services in the workplace. However, in the same survey, 64 percent thought that these sorts of consumer cloud services present potential security issues, demonstrating that, while people understand the security risks these services can present, there is a general failure by businesses to control their use.

Other findings from the research included:

• Nearly a third (32 percent) of respondents said that they were allowed to use personal mobile devices for work, but there was no control imposed by the IT department
• Nearly half (49 percent) of respondents said that wireless networks in their place of work were protected but only by a single or small number of passwords

“Businesses need to recognize the huge demand there is for cloud services such as Dropbox and take a proactive approach to incorporating these into security policies,� said Chris Pace, product specialist at Sophos. “Storing, sharing and exchanging files in the cloud for business purposes is seeing a rapid adoption due to the convenience and additional storage capacity it offers to employees. What businesses need to remember however, is that this additional way of dealing with information inherently poses additional security vulnerabilities that need to be addressed before valuable data is compromised.�

“There are some basic limitations of a digital ‘do-it-yourself’ approach. The main concern is that, because the infrastructure of consumer-orientated solutions like Dropbox doesn’t support enterprise-grade requirements, many businesses are currently just handing control to the user, leaving it to them to make a judgement on the risk they are posing to corporate data,â€? argued Pace. “Simple precautions such as web-based policies using URL filtering, application controls that can be applied to cloud products, and data encryption that provides a layer of security across the board, should be introduced as standard if companies wish to reap the benefits of cloud, while mitigating security risks.â€?

Sophos has produced a whitepaper, ‘Fixing Your Dropbox Problem’, offering advice to businesses on the issue.

Pace concluded “the survey also shows that wireless security is an issue. Everyone wants to use it because it’s flexible and easy, allowing laptop users to connect anywhere in the office. But wireless solutions are inherently complex. Instead of businesses setting up a standard wireless router that connects to the internet, with everyone using the same or a limited number of keys, they should be looking for ways to integrate wifi into their existing network security, giving them both better value and control.

*Poll conducted on the Sophos stand at Infosecurity Europe 2012 24-26 April 2012 of 214 people

posted on: Click Here to find out

02 May 2012

Sophos Welcomes Partners to its Global Partner Connections Conferences

Sophoswill welcome hundreds of partners to its global Partner Connections Conferences—to be held this year in Barcelona, Las Vegas and Pattaya, Thailand. Partners will have an opportunity to learn about the latest innovations in complete security and connect with both their peers and Sophos leaders.

The three regional partner conferences begin in May:

• Europe: EMEA Partner Connections 2012: May 8th -10th in Barcelona
• North America: Partner Connections Conference: May 21st – 23rd in Las Vegas
• Asia/Pacific: July 11th – 13th in Pattaya

“Our partners are the driving force behind our success and the annual partner conferences are an opportunity for Sophos senior leaders and channel teams to interact directly with them,� said Mike McGuinness, senior vice president of worldwide sales and field operations, Sophos. “We’re excited to bring together our partners for these interactive events and to empower them with complete security solutions to further grow their businesses.�

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry’s lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs – a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

posted on: Click Here to find out

IT security and data protection company Sophos today announced that it has signed a distribution agreement with specialist Value Added Distributor Connector Systems to deliver its security products across New Zealand.

This is Sophos’s first direct distribution agreement in the ANZ region and further cements its commitment to developing and supporting the New Zealand market.

The new partnership will see Connector Systems distributing the entire range of Sophos solutions including Endpoint Security, Encryption and Data Loss Prevention (DLP), Web and Email Protection, Mobile Control and Sophos Network Security and Unified Threat Management (UTM).

Connector Systems will provide direct support to its local resellers with Sophos continuing to be the direct point of contact with local customers, providing them with ongoing technical support.
According to Stuart Fisher, Managing Director of Sophos Asia-Pacific, the partnership will boost Sophos’s offering in the New Zealand market.

“Sophos has selected Connector Systems because of its strong reputation in the New Zealand channel. With more than 30 years experience in distributing IT software solutions and over 1,000 active channel partners, we felt that the company’s presence on the ground and strong network would be the perfect fit for distributing Sophos’s products,� said Fisher. “Customers are demanding more sophisticated complete security solutions and our partnership with Connector Systems will enable Sophos to maximize this growing market.�

The agreement will allow Connector Systems and Sophos to work closely together to provide comprehensive customer support, greater flexibility and immediacy in terms of access to the local team, as well as delivering broader access to Sophos solutions than was previously possible in the region. Connector Systems will also be able to offer its customers a wider range of products and tailored solutions in line with its suite of complementary offerings.

In addition, Sophos will benefit from Connector Systems’ local presence, allowing Sophos better market reach and increased growth opportunities in the region.

Kevin Swainson, General Manager for Security and Telecommunications at Connector Systems said that the Sophos partnership fits very well with the company’s current roster of key partners.
“We couldn’t be more thrilled to welcome Sophos into our portfolio of ‘best of breed’ brands. The company is a highly regarded global vendor and recognized leader. We are excited about the opportunities that this provides to our resellers and partners to add a more in-depth solution to secure their customers’ networks,� said Swainson.

The distribution agreement will take effect this month with immediate benefits to resellers and customers.

posted on: Click Here to find out

A survey* of 584 UK public sector IT managers, performed by Sustainable Gov on behalf of Sophos, has revealed that the measures being introduced by the Government to improve data security are failing on a number of counts. Most notably, fines by the ICO are having little impact, with only five percent of public sector IT managers acting on data security policies due to fear of a fine. Furthermore, nearly half (44 percent) of respondents think that, while the obligation to protect data is clear, they are not given enough guidance on how to act on this obligation.

Other findings from the research include:

• 22% of respondents do not think the obligation to protect data is clear to businesses at all
• 48% of organizations only improve data security because there is a legal obligation to do so
• 42% of those surveyed cite classroom and webcast training to be the best way to educate staff on security and information assurance practices

The ICO’s fines have at least managed to raise the profile of data breaches in the public consciousness. However, the results of the survey point to the fact that businesses need more help to improve their data protection policies. Public sector organizations have come out as the worst offenders – for example, since the start of 2012 a Lancashire police force was fined, three councils: Croydon Council, Norfolk County Council and Cheshire East council, among others – but it is still not clear why the public sector is repeatedly failing to protect sensitive data.

“The UK is seeing a severe disconnect in the expectations that the Government has for organizations to comply with data protection legislation, and the measures it has introduced to help them achieve this,� said Ollie Hart, head of public sector at Sophos. “The repetitive onslaught of ICO fines was a neon sign that something was amiss, yet this research shows us that organizations are still lacking guidance on how to protect sensitive data. If organizations are more thoroughly educated on the causes and outcomes of data breaches, perhaps we’ll be able to prevent them from happening in the first place, rather than simply reacting once it’s already too late.�

A number of simple measures can be taken to prevent data breaches, and the best solutions incorporate both education and technology. As a first point of call, employees need to understand the value of the data with which they are dealing. Second, technology solutions can be implemented to safeguard against human error, and ensure a basic level of security always exists. From encryption through to Data Loss Prevention (DLP) techniques, all help to better protect sensitive information.

“There is a danger that if fine after fine is given out by the ICO, the significance of the data breaches will be diminished. With the right education and technology in place, employees will begin to understand the impact of data loss, not only on the company, but also on the individuals whose information has been made public,� concluded Hart.

“The results of the survey are clear. Public leaders are calling for greater assistance on how they should manage and refine their data protection policies. Many ICO fines have been issued, but their purpose is often aggravating or misconstrued by those on the receiving end,� said Tim Holmes, Sustainable Gov.

“There is a growing acceptance that these fines are impeding the progress of an innate data protection culture. While the fines have often been successful at least in getting the message across, they are a decidedly blunt instrument, which can lead to conflict. Experts are therefore now calling for education to be prioritized instead, with strong policies set in place and all employees—from management level down—taught the benefits of keeping data secure and the risks of failing to act. A more self-regulating, holistic solution to the problem could then be forged.�

A whitepaper on the results of the survey can be found on the Sophos website: http://www.sophos.com/en-us/security-news-trends/whitepapers/data-protection-in-the-uk-public-sector.aspx.

posted on: Click Here to find out

Sophos today announced a partnership with Facebook to help protect users from links that lead to malware or malicious sites.

Facebook will use the website reputation service provided by SophosLabs, Sophos’s global network of research centers, along with their own security measures,  to help assess whether a largely distributed link is malicious.

When Facebook users click a link, Facbeook consults its database of malicious URLs to check the status of the link. Starting today, SophosLabs will be feeding malicious URL intelligence into this database. Facebook will inform Facebook users if the link they clicked on  is malicious, and users will be sent to a page that offers the choice to continue at their own risk, return to the previous screen, or obtain more information on why the link was flagged as suspicious. Mac users  will also be given the option to download the free Sophos Anti-Virus for Mac Home Edition from the Sophos Facebook Page as part of the Facebook AV Marketplace.

“We are pleased to begin partnering with Sophos to better protect our users both on and off of Facebook,â€? said Joe Sullivan, chief of security, Facebook. “We believe incorporating Sophos’s industry-leading computer security intelligence, and expertise, will help us provide even more security to those using Facebook.”

SophosLabs is a global network of highly skilled and thoroughly trained analysts renowned for protecting businesses from known and emerging threats, rapidly and immediately. SophosLabs’s expertise covers every area of network security—viruses, spyware, adware, intrusion, spam and malicious web pages. Innovative technologies such as Behavioral Genotype Protection and rapid signature updates are combined to stop new and unknown malware.

“For many hundreds of millions of people, Facebook has become the default forum for sharing and consuming opinions, news and personal content. Because content is typically posted by a trusted source – a friend – many users incorrectly assume links are safe. Scammers often take advantage of the trust relationship to fool users into clicking malicious links,� said Mark Harris, vice president, SophosLabs. “Our partnership with Facebook will educate users to make more informed decisions regarding what they click on and will help reduce the spread of malicious links.�

For more information on this Facebook service, please visit www.facebook.com/security. For more information about SophosLabs visit:http://www.sophos.com/en-us/about-us/company-profile/expertise.aspx .

posted on: Click Here to find out

New research released by Sophos has revealed a disturbingly high level of malware on Mac computers—with both Windows and Mac threats being discovered.

Sophos experts analyzed a snapshot of 100,000 Mac computers running its free anti-virus software, and discovered that one in five machines was found to be carrying one or more instances of Windows malware.

Although Windows malware on Macs will not cause symptoms (unless users also run Windows on their computer), it can still be spread to other computers.

Additionally, Sophos’s analysis shows that 2.7 percent (one in thirty six) of Macs were found to be carrying Mac OS X malware.

“Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered,” said Graham Cluley, senior technology consultant at Sophos. “Mac users need a wake-up call about the growing malware problem.â€?

The recent Flashback botnet, which inflicted more than 600,000 users, and fake anti-virus attacks, which scare users into handing over their credit card details, dominate the chart of Mac-based threats.

Top Mac OS X malware found on Mac computers (7-day snapshot of 100,000 Macs):

1. OSX/Flshplyr 75.1%
2. OSX/FakeAV 17.8%
3. OSX/RSPlug 5.5%
4. OSX/Jahlav 1.2%
5. Other 0.4%

“Mac malware can spread via USB stick, email attachments, website download, or even a silent drive-by installation where the user doesn’t realize their Mac’s security has been subverted,” continued Cluley. “Cybercriminals view Macs as a soft target, because their owners don’t typically run anti-virus software and are thought to have a higher level of disposable income than the typical Windows user. Mac users must protect their computers now or risk making the malware problem on Macs as big as the problem on PCs.”

One in five Macs users who downloaded and scanned their system found Windows malware on Mac computers:

Top Windows malware found on Mac computers (7-day snapshot of 100,000 Macs):

1. Mal/Bredo 12.2%
2. Mal/Phish 7.4%
3. Mal/FakeAV 3.8%
4. Troj/ObfJS 3.6%
5. Mal/ASFDldr 3.3%
6. Troj/Invo 3.0%
7. Troj/Wimad 2.6%
8. Mal/Iframe 1.5%
9. Mal/JavaGen 1.4%
10.Other 61.2%

Some of the malware discovered by Sophos on the 100,000 Mac computers sampled dates back to 2007, and would have been easily detected if the users had run an anti-virus product sooner. Bredo, a family of malicious programs sent out via spam, accounts for 12.2 percent of malware detected on Mac computers. The first Bredo variant was detected in 2009, and since then, countless variants have been released. Only last week, it was used in a malicious email campaign that purported to have attached a compromising picture of the recipient.

“The simple fact is that you can scan your Mac for infection from your armchair. The test is painless and free; you just download an anti-virus product and allow it to check your computer and protect it against infections in future,” explained Cluley.

Home users can join the millions of others who protect their computers by downloading a free version of Sophos Anti-Virus for Mac from: http://www.sophos.com/freemacav.

Further information about these malware findings on Macs can be found on Sophos’s Naked Security site at: http://nakedsecurity.sophos.com.

posted on: Click Here to find out

Sophos will showcase the latest in IT security at this year’s Infosecurity Europe 2012. Among the highlights, Sophos will launch new research carried out with Sustainable Gov into UK local government security practices. The complete security provider will also release new research into the level of malware on Mac computers.

As Sophos completes its integration of Astaro’s award-winning Unified Threat Management (UTM) offerings, the company will discuss how it is expanding the perimeter of protection to the endpoint, further strengthening its “protect everywhere” value proposition for customers.  Integrated UTM means having a single solution that further reduces the attack surface and plugs gaps that separate point solutions can create.

Visitors to the Sophos stand will hear about what’s new in network, mobile and endpoint security, and see Sophos’s complete security offering, including industry-first cloud encryption and integrated Endpoint and Gateway solutions.

Additional highlights include:

The money behind the malware

An in-depth look into the economics of the cybercrime underground, exploring the different players involved, how they make and transfer their ill-gotten gains to their lairs and what we can do to protect ourselves and thwart their attacks.  

Why most network security = sucktacular

A presentation showing some of the common network security failures and live demos of how the hackers exploit them.  See what the bad guys do and why many businesses are still dealing with 1990s-era security issues.

Anatomy of an Attack with malware demo

Back by popular demand.  What the bad guys are up to with live demos from the eyes of the hacker.  See their crime packs, data-stealing malware and web hacking tools in action and learn how to defend your networks.

Cyber threat landscape

Malware fighters from SophosLabs share an insider’s knowledge about the latest threats.  Which threats are most common and how do they work?  What threats are prevalent in the UK and the rest of the world?

Debunking security’s top 10 urban myths

With the rise in high-profile attacks, we are better educated than ever about the security mistakes organisations around the world are making, often due to outdated or incorrect application of IT security policy. This talk will explain the top 10 mistakes and the myths that inform them. 

posted on: Click Here to find out