Yesterday, in conjunction with launching their cloud based management platform Sophos central, representatives from Sophos travelled to Malaysia to talk about securing and safeguarding data.
Attended by Sales Director for ASEAN and Korea, Sumit Bansal, as well as APAC Technical Solutions Director, Justin Peters, they discussed about ransomwares, protecting data, encryption within network and Sophos’ synchronise strategy.
A channel focussed company, Sophos works with over 20,000 channel partners, and has more than 200,000 customers worldwide. Catering mainly for mid-market enterprise with up to 5000 employees, they aim to provide simple to deploy security solutions.
Sumit explained that security solutions should be able to detect, investigate and remediate threats. However, with a lack of skills and understanding, it is often difficult for companies to make decisions on where to invest their security.
Justin explains that “We can’t just think about stopping the threats coming in, we need to understand how to identify when and how we’re exposed and how we react to it.”
Justin added that there’s often a blanket misconception that Apple products do not get malware attacks. However, he warns that there are increasingly more variants to cyber-attacks and with the enablement of IoT, there are more attack surfaces available as there are more platforms that transfer data across different devices.
“Encryption is not only used to secure our data – it is also used by cybercriminals to extort money. As we seen in a lot of cases in ASEAN, ransomware and cryptoware has been prevalent recently. There’s not enough skills in the industry, the rate that it progresses makes it very hard for an individual IT person or a small team to keep up to date with these challenges.”
Most ransomware requests transactions to be made through Bitcoin, making it difficult to track. Although in most cases, the encryption key is given after payment, there has been instances where organisations are not as lucky. Justin told us that almost all attacks are about money. The amount of ransom requested usually corresponds to the size of an organisation and their available funds. Comparatively, very rare instances were there attacks out of pure malicious intent or for information grabbing.
With the recent hype of Pokemon Go, both Justin and Sumit sees an increase in cyber-criminal activities. By luring users in regions with no access to install an app in the pretence of allowing users to play the game, users jailbreak their phones, which in turn gains them access to perform malicious attacks.
Justin analyses that most security weakness in companies are due to inadequate backup strategies, updates not implemented quickly enough, giving dangerous amount of user access, lack of user security training and knowledge, security systems not correctly implemented and conflicting priorities between productivity and security.
Sumit notes that in ASEAN, most companies are mid-level entreprise, and they don’t always have a dedicated IT team with the necessary know how. “A lot of these businesses adopt hybrid solutions. This means it’s more important to have automated security solutions to safeguard your data. With majority of the businesses with less than 5000 employees, it is essential for a security solution to be comprehensive and simple to manage.”
Sophos Central is an integrated management platform that enables multiple security products to work together, allowing more efficient business management for Sophos partners. The platform has three core components: Sophos Central – Admin, Sophos Central – Partner and Sophos Central – Self Service. These components allow IT admins to manage all products in one console including endpoint, server, mobile and web; while partners can manage licensing, identify and track cross-sell or up-sell opportunities as well as remotely manage end-user products, without needing to travel to the customer site. Sophos Central – Self Service will be launching later this year, will enable end-users within an organisation to manage quarantined email, self-service device provisioning (BYOD), as well the secure configuration of wireless access points and hotspots.
Sophos’ solutions allows communication between the network and the endpoint (devices), which allows accelerated threat discovery, and active source identification, preventing 95%of attacks before it hits crucial data files. Compatible across various operating systems, encryption will ensure content is secure even if the system is breached. They pride in safeguarding many companies hosting on cloud platforms such as AWS and has offerings on the AWS marketplace for over 5 years.
Justin emphasises that it is not enough just to have security measures in place. “Having encryption and firewalls is not a replacement for backup, but it does minimises the effect. It’s still important to have your data backed up offline. It is also important to identify weaknesses in the system in the event of an attack, and remediate it.”
Justin and Sumit both explained that while signature based anti-malware clients are able to identify known attacks and block a significant amount of attacks, Sophos tracks file and package behaviours. Justin explains that there are less than 30 techniques to exploit vulnerabilities – with other more sophisticated attacks taking longer to evolve. He tells us that by detecting these techniques, it allows more attacks to be stopped.
According to Gartner, there are more than 6700 new vulnerabilities in 2015 – a 31% increase compared to 2014. A Forrester report also highlights that 80% breach from known vulnerabilities. White hat security states it takes 193 days on average to fix vulnerability after initial discovery - which Justin notes, is precious time for businesses.
Recent years sees more inventive ways for cyber-criminals to access databases through other access points. While Justin warns that putting all the systems together on the same network without proper segmentation is “asking for trouble”, he notes that Sophos systems detects unusual traffics internally and prevents data from being communicated back out, reducing cases of lateral movements of malware.
While there is an increase in cloud adoption within ASEAN countries, the trend is still slow and one of the major concerns of many companies are security related. Justin thinks it’s due to skill shortages and lack of knowledge in the industry. However, he notes that’s not an ASEAN problem, but rather globally, humans are unable to keep up with the speed in which technologies are evolving.
“We are learning as we evolve. With more and more companies going to cloud, the approach needs to change, and it’s a learning curve. There is also another challenge that local language support is not always available, meaning there is less access for people in these regions. However, companies are quick to embrace benefits, and often, people will embrace technology even before they fully understand it.”
They both agree that Sophos central allows for a more transparent way of managing security without a steep learning curve for the end users.
0 Comment Log in or register to post comments