1) Does the solution employ Foundational Techniques (traditional), modern techniques (next-gen), or even a combination of both?

Solutions that have been around for a while, and rely on foundational techniques, are very effective against known threats. The issue is the inability for foundational techniques to effectively address unknown threats. As solutions have become more effective at combating known threats, hackers adapt at a rapid rate. This means it’s imperative to employ a next-gen solution that can respond to threats it has never encountered before, and also utilize proven foundational tactics.

Foundational Techniques include signature-based detection of known malware, application lockdown to prevent malicious behaviors of applications, behavioral monitoring/host intrusion prevention system to protect computers from unidentified viruses and suspicious behavior, web protection for URL lookup and blocking of known malicious websites, web control for endpoint web filtering, and data loss prevention to prevent the last stages of attacks that initially go unnoticed.

Next-gen techniques are the other piece of the puzzle, giving you machine learning to detect both known and unknown malware without relying on signatures, anti-exploit technology to prevent attackers from using the tools and techniques they rely on in their attack chains, ransomware-specific solutions to prevent the malicious encryption of data, technology designed to prevent the theft of authentication passwords, privilege escalation, process protection to prevent the use of techniques like code cave and AtomBombing, endpoint detection and response for providing detailed information when hunting down evasive threats, and incident response/synchronized security to automatically respond to incidents and communicate with other security tools.

2) How does the solution detect unknown threats. Does it have machine learning capabilities?

Malware includes both known and never-before-seen threats. While it’s easy to address a known issue, it’s obviously another thing to fight a problem you don’t even know exists. It’s no surprise that many solutions struggle to detect unknown malware threats. It’s highly important to find a solution that fights unknown threats because they are far more common than known threats. SophosLabs reports seeing approximately 400,000 pieces of unknown malware each day. The way you address unknown threats is to utilize machine learning.

3) If the solution does claim to utilize machine learning, what type of machine learning is used?

There are multiple methods of machine learning, including deep learning neural networks, Random Forest, Bayesian, and Clustering. Whatever the method, machine learning engines should be built to detect known and unknown malware, without relying on signatures. The advantage of machine learning is that it can detect malware that has never been seen before. You should be sure to evaluate the malware detection rate, false positive rate, and performance impact of any machine learning-based solution you consider.

4) What technology is deployed to prevent exploit-based and file-less attacks?

Not all attacks rely on malware. Exploit-based attacks take advantage of software bugs and vulnerabilities in order to gain access and control of your devices. Weaponized documents and malicious code hidden in legitimate programs and websites are common techniques used in these attacks. Other techniques include man-in-the-browser attacks, in which malware is used to infect a browser so attackers can view and manipulate traffic, and using web traffic for malicious purposes. It is important to determine what capabilities your solution has for preventing such attacks.

5) Is the solution specifically designed to stop ransomware?

Ransomware is an extremely common threat. There are two primary types of ransomware, file encryptors, which encrypt the victim’s files and holds them for ransom, and disk encryptors, which locks up their entire hard drive, or wipes it completely. Some solutions are specifically designed to prevent the malicious encryption of data by ransomware. Ransomware-specific solutions are also usually able to remediate impacted files.

6) Does the solution’s creator have third-party results that validate their approach?

Many endpoint security solution vendors make big claims about their products. It’s important that you can validate their claims and compare them to other solutions via a third-party evaluator. Some resources include MRG Effitas and their 360 Degree Assessment & Certification report, Gartner Magic Quadrant for Endpoint Protection Platforms, The Forrester Wave for Endpoint Security Suites, ESG Labs reviews, and AV Comparatives Business Security Test, among others.

7) Can the solution ask detailed threat hunting and IT security operations questions?

Are you able to ask questions about what has happened in the past and what is happening now on your endpoints so you can detect active adversaries and maintain security hygiene? Some questions you may want to ask include:

• Are Processes trying to make a network connection with non-standard ports?
• Which devices have known vulnerabilities, unknown services, or unauthorized browser extensions?
• What is the scope and impact of security incidents?
• Have any attacks gone unnoticed?
• Are there any indicators of compromise across the network?
• Are we able to prioritize events for further investigation?
• Will we be able to accurately report on our organization’s security posture at any given moment?

8) What visibility is provided into attacks and can the solution respond automatically.

At a minimum, your endpoint security solution should provide insight into the incidents that occur to help you avoid future incidents. Ideally though, they would automatically respond to issues without the need for analysis or manual intervention.

As cyber threats continue to grow in complexity and volume, it’s more important than ever to have an effective endpoint security solution in place. We recommend Sophos Intercept X, an endpoint security solution that combines the best of traditional and next-gen techniques for security that is proven to be effective. Sophos Intercept X is top-rated by dozens of third-party evaluators. Les Olson Company is your source for IT Services in Utah and Las Vegas. Our team of network security experts can help your business get the right solution in place.

Intercept X Third Party Test Results and Top Analyst Reports:

• Leader: 2018 Endpoint Security Wave

[/cz_title]

Why Intercept X?

Sophos Intercept X goes far beyond traditional antivirus with its comprehensive endpoint protection that utilizes deep learning to defend against a wide range of cybersecurity threats. That’s why Sophos consistently blocks more malware and exploits than other solution in independent, third-party testing.[/cz_title][cz_gap height=”25px”]

• Advanced Endpoint Detection and Response
• Anti-ransomware protection
• Deep Learning Technology
• Exploit Prevention
• Active Adversary Mitigation

Les Olson Company is your source for expert IT Services in Utah and Las Vegas. Let us help you find the right Endpoint Security Solution to protect your organization’s network, devices, and data.[/cz_title][cz_gap height=”60px”]

Have you heard of Cloud Snooper?

Sophos, a leader in next-gen cybersecurity, recently published a report on this new and sophisticated attack. According to their report, Cloud Snooper uses a unique combination of techniques to evade detection, allowing malware on servers to communicate freely with its command and control servers (C2) through firewalls that would normally prevent these types of communications. The detailed SophosLabs report deconstructs the TTPs (tactics, techniques, and procedures) used in the attack, which they suspect was the work of an advanced actor – possibly nation-state sponsored.

The tactics, techniques, and procedures used in the Cloud Snooper attack include a rootkit circumventing firewalls, a technique to gain access to servers disguised as normal traffic, and a backdoor payload that shares malicious code between both windows and Linux operating systems. This approach is known, but very uncommon. Though each TTP has been seen previously in other attacks by skilled cyber-attackers, they have not been seen in combination.

So how does this affect your business?

Sophos expects that this combination of TTPs will “trickle down” and become more commonplace throughout the cybercriminal hierarchy, becoming the blueprint for future firewall attacks.

Sergei Shevchenko, Threat Research Manager at SophosLabs, said “This is the first time we have seen an attack formula that combines a bypassing technique with a multi-platform payload, targeting both Windows and Linux systems. IT security teams and network administrators need to be diligent about patching all external-facing services to prevent attackers from evading cloud and firewall security policies. IT security teams also need to protect against multi-platform attacks. Until now, Windows-based assets have been the typical target, but attackers are more frequently considering Linux because cloud services have become popular hunting grounds. It’s a matter of time before more cybercriminals adopt these techniques.”

If you’re a business owner or manager, now is the time to talk to your IT security team about their plans to respond to this potential threat. If you are responsible for your organization’s network security, here’s some advice for defending against Cloud Snooper and similar attacks:

• Create a full inventory of all devices connected to the network, and update all security software used on these devices.
• Ensure all external-facing services are fully patched. Cloud hosting services often provide firewall security, but this should not be substitute for an organization’s own cloud security measures.
• Check and double check all cloud configurations. User misconfiguration and lack of visibility are the top causes of attacks in the cloud.
• Enable multi-factor authentication on any security dashboards or control panels used internally to prevent attackers from disabling security products during an attack.
• Remember, there is no single silver bullet for security, and a layered, defense-in-depth, next generation security model that includes components designed specifically to protect data and networks in the cloud (like Sophos Intercept X for Server) is an essential best practice.

If you need help hardening your network against cyber threats, our expert IT team is here to help. We can work with you and even your existing IT security team to make any necessary changes so your network is prepared for the worst.

This article is based on the February 25, 2020 Sophos Press Release.[/cz_title]

Les Olson Company is a Microsoft Office 365 and Sophos Central provider

Request a consultation and let us help you work more efficiently and securely, with these two solutions that work hand in hand.[/cz_title]

Although Les Olson Company has only been partnered with Sophos a short time, this award is a reflection of their Sophos expertise and commitment to offering their customers the best in next-gen network and endpoint protection. The award was presented to members of Les Olson Company’s Managed IT executive team in April 2017 at the Partner Conference held in Las Vegas, Nevada at Caesars Palace.

John Keenan,Regional VP of Sales at Sophos, said, “It is always a great pleasure to be able to meet our partners face to face at these events as they play a crucial role in our success as a business. It’s a fantastic opportunity to gather feedback, to hear our partners’ validation of our strategy across the endpoint and network and to see it helping to make their businesses a success. I am delighted Les Olson Company has won the award for Partner of the Year, Americas. They have had a fantastic year and it’s very well deserved.”

 

John Huston, Les Olson Company’s Managed I.T. Sales Manager said, “Sophos not only creates fantastic IT security products, they are a true partner focused on helping Les Olson Company do the best job for our customers. With the state of the art Ransomware fighting product called Intercept X, their amazing XG firewalls, Central device encryption, Central endpoint protection, and Sophos Central,  Les Olson Company has the protections in place to ensure our customers have their security needs met. This synchronized security platform is designed to work together to isolate attacks and secure important company data and systems. I couldn’t be more excited about the Sophos product and partnership.”

About Les Olson Company

Les Olson Company has always been on the cutting edge of technology throughout their over 60 year history. With the evolution of the copier from a stand-alone unit to a networked-connected multi-functional tool, Les Olson Company organically progressed into a leading provider of Managed I.T. Services.

Today, virtually anything that communicates with a network can now be monitored and managed through Les Olson Company’s expert team through their award-winning Managed I.T. Services program. Les Olson Company strives to be a partner to all of their clients, offering the best in office technology, including security solutions.

About Sophos

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, their award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs – a global network of threat intelligence centers.[/cz_title]