Introducing Sophos Cloud Web Gateway

Sophos Cloud Web GatewayToday we’re pleased to announce the release of Sophos Cloud Web Gateway – the easy-to-deploy, easy-to-trial web security solution you’ve been searching for.

Sophos Cloud has experienced exponential revenue growth – in fact it’s by far the fastest growing Sophos product set. Already, it includes simple and effective endpoint, mobile and server solutions delivered from the cloud. Now it’s time for our Secure Web Gateway (SWG) to go to the cloud.

You may remember late last year Sophos acquired Mojave Networks. Since then, the Sophos and Mojave development teams have joined forces to integrate this great technology into Sophos Cloud. The result is enterprise-class web protection, features and reporting – all with Sophos Cloud simplicity.

Continue reading

Stamp out snowshoe spam with Delay Queue in Sophos Email Appliance 3.9

Delay QueueWe’re pleased to announce version 3.9 of the Sophos Email Appliance (SEA). This update features Sophos Delay Queue technology – a sophisticated enhancement that increases spam detection by as much as 4% and blocks snowshoe spam.

Snowshoe spam is a type of unsolicited bulk email that spreads the load of a campaign over a large number IP addresses and domains in short busts, much like how snowshoes distribute your weight as you walk on snow.

Snowshoe spam campaigns only run for a few minutes at a time. This technique has proved to be a challenge for traditional anti-spam approaches of content analysis and IP reputation-based systems.

Continue reading

Sophos products are not at risk from the latest OpenSSL bug

nsgYou may have seen the OpenSSL team announced, on Monday 2015-07-06, that it had a “high severity” update coming out in three days’ time. The update was published Thursday 2015-07-09.

The good news is no Sophos products are at risk from this bug. Only the current pre-release Beta version of Sophos Management Communication System (MCS 3.0.0 Beta), a component used by Sophos Cloud and UTM Endpoint products, includes an affected version of OpenSSL. However, MCS does not use the relevant part of the OpenSSL code for certificate verification, so cannot fall foul of the bug. Nevertheless, we expect to update MCS 3 Beta with the latest OpenSSL version by mid-August 2015.

All other Sophos product families either don’t use OpenSSL at all, or use one of the unaffected versions.

Continue reading

How more joined-up security thinking could save billions in data breach costs

coordinated-security-150A new study from the Centre for Economics and Business Research (CEBR) has found that data breaches are costing UK businesses £34 billion a year. The report suggests this is made up of £18 billion in lost revenue and £16 billion in added security measures after breaches have occurred.

It’s the same the world over. According to a 2015 Ponemon Institute study commissioned by IBM, the global average cost of a data breach to an organization has reached $3.8 million – on average, $154 for every single compromised record. It’s significantly higher in the US and Germany, where the costs are $217 and $211 per compromised record, respectively. These are quite staggering figures.

Now, it’s not uncommon for companies who sell cybersecurity services like IBM and Sophos to talk big numbers like this. After all, clearly we think it’s good to see businesses are investing in doing something about this problem. But you do have to wonder if those billions are being spent effectively. As leaders in the security industry, we have a crucial role to play to ensure they are. We need to deal with the growing complexity of threats without introducing more complex solutions, and cost.

Continue reading

How the University of San Carlos secures 2 campuses, 2,500 employees, and 27,000 students

university-san-carlosServing over 27,000 students and 2,500 faculty and employees, the University of San Carlos (USC) in Cebu City, Philippines, is the premier university in Cebu and one of the top 10 leading universities in the country.

As USC continued to expand with more users and devices connected to the network, bandwidth consumption became an issue – resulting in decreasing security of its network, as many security features could not be turned on.

With a staff of just nine people, the USC IT team found itself overwhelmed by security incidents, including the hacking of the university’s website from time to time. USC needed a robust yet simple-to-manage and resource-friendly security solution to meet its requirements.

Continue reading