Synchronised security is new key for protection against cyber threats: Sophos vice president

Hackers now use ransomware to block users' access to files until a "ransom" is paid to the attacker

In a digital world, new threats are emerging every day. Though computers, cloud-based applications, and the internet have made our daily lives easier, with our new reliance on this technology come new problems in the form of cybersecurity risks.
Harish Chib, vice president of Sophos for the Middle East and Africa, told Daily News Egypt that the company may have the solutions that clients need to protect themselves against cyber-attacks and data breaches. Sophos, a global company that deals with network and endpoint security technology, began producing antivirus and encryption products about 30 years ago.
How can businesses prevent cyber-attacks and data breaches?
Synchronised security is our approach to improved protection by automating and coordinating the response to detect threats across assets, while increasing operational efficiency by shedding light on the key components of a threat; thus, enabling investigations to be streamlined.
When the firewall detects malicious traffic, it notifies the endpoint. The endpoint then responds by identifying and scrutinising the suspect process, and in many instances, it can automatically terminate the process and remove the residual components of the infection.
This process of incident response traditionally requires months; however, with synchronised security, it can now be completed within seconds. With this approach, security is simple, comprehensive, and effective as a system.
Encryption is the last line of defence against data loss, and strong encryption can prevent online fraud and theft of financial and personal information.
Encryption can also be used to control access to information that is shared internally, as only those who have proper access will be able to receive the encryption key.
Encryption is valuable as it slows hackers down. For example, if hackers steal encrypted data, they would still have to search for the encryption keys over the course of a few days and, in this time, IT security teams have a higher chance of detecting suspicious activity.
Sophos recently launched Sophos SafeGuard Encryption 8, which is a new synchronised encryption solution that protects data against theft from malware, attackers, or accidental leaks. Organisations can now choose to adopt the best practice of "always-on" file-level encryption to protect data accessed from mobile devices, laptops, desktops, on-premises networks, and cloud-based file sharing applications.
What is ransomware and what should businesses do to protect themselves from it?
Ransomware is a form of malware that can wreak havoc on businesses by locking users out of their own files until a "ransom" is paid to the attacker.
With various ransomware strains such as CryptoWall, TorrentLocker, and TeslaCrypt in the marketplace, this malware is rapidly evolving.
Locky, the latest strain of ransomware, scrambles files and renames them. It then prompts the user to buy a decryption key at an exorbitant price.
IT teams need to understand that traditional security solutions are no longer effective in protecting against unknown variants of ransomware viruses. Signature-based methods to detect ransomware are simply unable to keep up.
In order for threats to be detected and remediated immediately, the network and endpoint should communicate in real-time while being synchronised across the entire threat surface. The Sophos synchronised security approach is the answer as it is an integrated, highly automated security system that is advanced, intelligent, and suitable for businesses of any size.
Without synchronised security, information system controls typically work on separate layers, placing enterprises' data and assets at risk, as there is no coordination between the endpoint and the network to react to threats.
Other measures to be considered include backing up files regularly, not enabling macros to open attachments that are sent via email, as this is how infections are spread, being cautious about unsolicited attachments, and refrain from opening them. Any ransomware that is not spread via document macros often relies on security bugs in popular applications, such as Office and Flash.
Sophos recently launched Sophos Intercept X, which stops zero-day malware, unknown exploit variants and stealth attacks, and includes an advanced anti-ransomware feature that can detect previously unknown ransomware.
Sophos Intercept X combines four critical security components: Signatureless Threat and Exploit Detection, CryptoGuard, Root Cause Analytics, and Sophos Clean.
The product can be installed and managed remotely through the Sophos Central cloud-based management console that allows administrators to control and configure settings, distribute licences, add new endpoints, and track all activity.
Some businesses say they have IT security policies in place but are then hit by malicious attacks. Why do you think this is?
It could be because these businesses have unfounded doubts or misleading information about the extent of IT security that is required for their business.
Cyber-attacks are also largely successful due to two key reasons: the adoption of sophisticated technology, and the security weaknesses in affected companies.
For example, skilful social engineering is employed to hide malicious code in programmes like Microsoft Office and JavaScript, which then prompts users to execute the installation routine of the ransomware. As for security weakness, there are several enterprises with inadequate backup strategies. Additionally, updates and patches for operating systems and applications are not implemented swiftly enough.
Another key gap is that security systems are not implemented or configured correctly due to inadequate network segmentation.
Tell us more about synchronised security.
For decades, the security industry has been treating network security and endpoint security as two completely different entities—this is like putting one security guard outside the building and another inside the building, but not allowing them to talk to each other.
Sophos is one of the only vendors in the industry that can deliver on this strategy. The programme is designed to help customers prevent, detect, and remediate advanced attacks across the IT infrastructure.
It leverages a direct and secure connection called the Sophos Security Heartbeat, which acts as one integrated system, providing real-time communications on threats, health, and security intelligence between the firewall and the endpoint protection.
With Security Heartbeat, an administrator now has visibility into how many devices have a "beating heart" (that is, are transmitting heartbeat information), and are also given a green, yellow, or red status. Red is when we've detected that an endpoint is compromised, and yellow is when we have determined that an endpoint is either not complying as usual or has flagged a suspicious process.
How does Sophos Central fare against the available cloud options in the market?
Sophos Central is a new integrated console that simplifies the administration of multiple Sophos products and enables more efficient business management for Sophos partners. Launched earlier this year, it offers centralised one-stop access for all partners, admins, and end-users.
The integrated security platform of Sophos Central has three core components: Sophos Central – Admin, which allows the IT administrator to manage all their Sophos products on one console, including endpoint, server, mobile, and web, with email and wireless management coming soon. Sophos Central – Partner allows partners to manage their Sophos licensing, identify, and track cross-sell or up-sell opportunities with easy-to-use reporting. This tool also enables a partner to remotely manage end-user products. Sophos Central – Self-Service, launching later this year, will enable end-users within an organisation to manage quarantined email, self-service device provisioning (BYOD), as well as the secure configuration of wireless access points and hotspots.
With Sophos Central, businesses can reduce their overall cost, enabling rapid growth without the need for more resources.
Now, Sophos Email is available on the Sophos Central management platform enabling customers and partners to manage their email protection solution alongside Sophos endpoint, mobile, web, and wireless security products from a unified, simple-to-use console.
According to a recent survey conducted by Sophos, businesses are shifting to cloud-based email for both infrastructure and security services, with 38% using it as their primary email platform and 43% using a cloud-based service for email security.
Sophos Email boosts security for cloud-based business email applications from leading providers, including Microsoft Office 365, Microsoft Exchange 2013, and Google Apps for Work.
Does Intercept X stop all ransomware or just certain types?
Sophos Intercept X can stop variants of ransomware, even those it has never seen before.
Does it work on Mac, PC, iPad, and mobile?
Intercept X has been designed for Windows to run on Windows 7 and above in both 32- and 64-bit modes.
How does this fit into the Sophos product portfolio?
Sophos Intercept X is an integral part of our endpoint protection portfolio. It can be managed alongside other Sophos products through the cloud-based management platform, Sophos Central. It is built on the same principles of being easy to use and manage, and bringing enterprise-grade security to every organisation—even those who do not have specialised IT security resources. Sophos Intercept X also leverages synchronised security direct intelligence sharing with other Sophos products for comprehensive protection that is better together.