Switch to a Better Firewall – 5 reasons your next firewall should be from Sophos

Sophos Keeps it Simple – Sophos’ UTM firewall’s simple, intuitive user interface(UI) is designed for you. It lets you quickly protect your network and users. And it makes day-to-day management tasks easy.

Lightening Speed – Sophos have engineered their UTM firewall to deliver outstanding performance. They built it using Intel multi-core technology, solid- state drives, and accelerated in-memory content scanning.

One Box Solution- With Sophos you’ll get all-in-one protection. They offer the latest next-gen firewall protection you need plus features you can’t get anywhere else – including mobile, web, endpoint,email encryption and DLP. No extra hardware. No extra cost. Choose what you want to deploy.

Built-in Reporting – Every appliance comes equipped with a hard drive or a social-state disk, giving you comprehensive on-box reporting that you can access in seconds. See what’s happening on your network in real-time and quickly access historical data.

Industry Leader – As a Gartner Magic Quadrant Leader for UTM. Mobile Data Protection and Endpoint, Sophos are at the forefront of the security industry. Sophos’ global network of threat experts, work around the clock, every single day, detecting, analysing and blocking new threats.

For more information please email: Kate.Frackelton@VirtueTechnologies.co.uk or call 01695 731 233

Microsoft Patch Tuesday release Update (MS14-066) – Rated as Critical

There have been many security flaws identified in SSL in recent o365tile2_122336
months and microsoft have just released a patch for another one.

The Facts

It’s for a vulnerability in the schannel component which is present in all Windows systems. Schannel implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols.

Traffic is sanity-checked by schannel but there is a flaw in this process which can allow specially-crafted packets through. This can allow an attacker to run arbitrary code on any system offering TLS/SSL, potentially taking control of the system.

IIS servers are clearly at risk but your machine can also be vulnerable if you accept encrypted traffic. Microsoft were not aware of any successful attacks using this vulnerability at the time their advisory was drafted, but as it has now been made public there will obviously be vigorous attempts in certain quarters to take advantage of it.

What We Recommend

This vulnerability is limited to Windows devices only and there is no risk to any of our Sophos Security Gateways. The vulnerability should be taken seriously but we perceive the risk to you to be minimal, however we recommend you, just to be on the safe side, to install the latest updates available from Microsoft as soon as possible on all windows systems, particularly web and e-mail servers.

Upcoming features in Sophos UTM enhances and further simplifies security in schools

One of the most important aspects of a schools internet service is it’s security. Advanced threat protection and customisable web filtering should be a given with any security solution,  but unless your able to deploy that security in the school across any device, and with a minimal amount of effort, it quickly becomes ineffective, leading to breaches in security.

At Virtue, simplicity is our mantra – you have complete control over all the security features you need in one place, with none of the complexity. To strengthen and simplify the security of our internet solutions we’ll be delivering the following enhancements to the Unified Threat Management (UTM) Appliances installed as part of our internet solution.

Transparent Single Sign-on

All the possibilities the internet provides makes it difficult to ensure end users exercise great judgement about where they are browsing, hence we deploy filtering in our schools –  this can be as simple as blocking the seedier side of the internet, or limiting browsing to education-related content. However, the Sophos UTM makes it simple to enforce a range of different policies for different users. For example, you can manage what students can access whilst still enabling teachers and staff some leeway to make use of important sites.

These user-based web policies aren’t new, however, they have been known to come with headaches. During the planning stages, we discussed with customers their experiences and how they can be improved. The main issue that rang out was having to install a User Agent on all endpoints to enable enforced user-based policies. Therefore, Sophos engineers have come up with a truly simple solution: transparent single sign-on.

The transparent single sign-on works by transparently communicating with the browser to authenticate with the UTM in the background, without impacting the user. The browser sends the user’s AD credentials with the UTM recording the traffic and applying the right policy on a per user basis , with no extra software agents.

Device-Specific Authentication

Another challenge we’re seeing in our schools is enabling the safe use of mobile devices. Staff and students want to bring and use their own smartphones and tablets at school.

Whilst the Sophos UTM recognizes iOS, Mac, Blackberry, Android and a range of other device types unfortunately these devices can’t always make use of the same authentication protocols as PCs. Within a school, you may wish to ensure users go through a log in page before browsing to ensure security is maintained. Previously, the only option for this would be segregating various devices into different subnets, or even different Wi-Fi networks. However with BYOD rapidly becoming the norm, this approach was becoming outdated.

Upcoming changes to the UTM will analyse network streams and quickly tell what device it’s originating from. By recognising different fingerprints in the network stream, it can differentiate a Windows PC from an iPad or an Android device from a Mac. This can then be used to specify different authentication options for each device, without having to re-structure the network.

Transparent single sign-on and device-specific authentication are just two of the many features that help ensure the protection of your staff and students with our internet service. We’re currently testing the new functionality in our lab and as soon as that’s complete the service department will be in contact with all our customers to schedule the upgrades.

Virtue at the Sophos Security Council

sophos_logo_PA4_rgb

Virtue Technologies was yesterday invited to attend the Sophos Partner Security Council. Attendees included just a small handful of key partners with Sophos represented by the UK Channel Manager, VP Product Management and Senior VP and General Manager for Network Security.

Sophos arranged this event for two main reasons;

1. Sophos want to enable key partners to feedback  what we and  our customers want to see in future product releases or changes to existing products – it also gives us a chance to discuss any issues. The new acquisition of CyberRoam was discussed to provide some insight as to how the two companies and their products were going to merge.

2. Sophos then provided visibility of the product roadmaps for SophosCloud, Endpoint Security, Network Security (UTM) and MDM.

Keep an eye on our blog as there are some very interesting developments on the way…