Please don’t tell me it’s Window’s Defender!

windows defender

Cyber-attacks happen and are increasing in frequency. Certain sectors are naturally susceptible to these attacks; banking, government, healthcare, and energy sectors will always be targets due to the nature of what they do. But did you know that the Education sector is also very high up the list?

Around 20% of all educational institutions have been specifically targeted by cyber criminals, and a MASSIVE 83% of UK schools had experienced at least one cyber security incident. There are many other scary statistics that can be quoted, and you would think that with this information being readily available for review, schools and other institutions would take cyber security seriously; you would think wrong.

 

It’s just not good enough

Here at Planet IT, we have many dealings with the education sector, whether that be providing fully managed support, running security health checks or just the facilitating the procurement of specific classroom hardware, we have seen how vulnerable a lot of school environments are. We talk to schools daily and something that keeps coming up is the widespread use of Microsoft Windows Defender as the sole endpoint security solution. Something else that keeps being apparent on most calls we join is that the on-site IT team are too busy being reactive and fighting fires to spend the time being proactive and looking at the bigger picture.

Microsoft Windows Defender is a consumer-grade antivirus that is native to Windows 10 and comes preconfigured. There is an anti-ransomware element to it, but the testing we have done in the past shows that it is not capable of detecting most live ransomware threats:

education Vulnerabilities Found

So, what should you do?

Well, you should start with an industry-leading endpoint / server security solution such as Sophos Intercept X Advanced which will detect ANY Ransomware attack using the CryptoGuard element (this detects any file encryption attempts and rolls them back using Windows Shadow Copy if any encryption has started by the time it is stopped). This combined with the award-winning Endpoint Protection / Server Protection means that your endpoints and servers would enjoy a very high level of cyber security protection.

With any good security solution should come a good EDR product. EDR stands for Endpoint Detection & Response. This provides additional reporting and threat mitigation tools for your environment.

 

But does this really happen?

A real-world example that I have seen first-hand – we have a large private school as a customer. They were hit by ransomware which took down some critical file servers AND compromised the backups. With Sophos Intercept X Advanced with XDR (Sophos’ EDR offering), we were able to see that not only did Windows Defender not stop the ransomware from running but didn’t even detect it as a threat.

Also, with the recent Log4j vulnerabilities, and further back the Hafnium vulnerability, XDR was a requirement to investigate customers’ environments to easily check if they were open to attack due to these vulnerabilities. With Hafnium, XDR could report what hosts were vulnerable but also if they had been compromised and the location of the remote consoles that had been deployed by the bad actors. We at Planet IT saw at least 2 instances of Microsoft Exchange servers that had been compromised, and our job was made easier with XDR.

 

What if my team just don’t have the time to manage XDR.

The downside of adding XDR to Sophos Intercept X Advanced is that you need the resources to respond and investigate detected threats. Sure, Sophos Intercept X Advanced will of course detect and block any threats it comes across, but any advanced solution like this requires the time to configure and monitor to ensure you get the value from the product.

This is where MTR comes in; MTR (or Managed Threat Response) is a managed SOC (Security Operations Centre) provided by Sophos themselves, and will give 24/7 threat detection and activity reporting among many other benefits that are essential for any security conscious educational institution. With the Sophos MTR service, you can focus your time on ensuring your local infrastructure is running well safe in the knowledge that your Sophos environment is being looked after competently.

Planet IT recommends Sophos Intercept X Advanced with XDR and MTR Standard as the minimum level of protection for any educational institution.

Why the move to an OPEX budget model in education might be driving your business manager up the wall

Education OPEX Budget

For the longest time IT in education has been on a hamster wheel of improvements tied to the yearly capital bids cycle. IT managers rush to get improvement plans and strategy budgets in for their cut off, knowing all too well that 50%+ will be dropped before they even make it to governors. The other 50% won’t make it through the process.

This capital expense programme is built from the necessities of the past. IT infrastructure had typically been the second most expensive item on a schools books after the building itself. No school, college or academy in the past could afford to stretch it’s upgrades over the operational spend of the business unless they committed to long terms lease agreements or payment plans. While good intentioned, these plans often leave the organisation dragging upgrade cycles to 5 years plus rather than their natural 3 years.

With all the changes that 2020 and 2021 have brought, this model has to change, and the main reason for that is the cloud.

The Time For The Cloud Is Now

Now this is not some fantasy of a cloud lead future. This is the reality of a world leaving behind the need for a private datacentre or server room and pushing for the convenience, security and integrity of managed public cloud.

This however leaves a challenge for all of those who are in financial roles in educational establishments. The model of spend once, wait 5 years before investing again, will not and cannot continue to work. Modern IT is mostly based around the per month or per usage model. Think Microsoft 365 and Azure, one is based on your user count or usage count per month and the other is based on the real-world usage of the last 30 days.

 

education servers

But we used to spread the cost..?

Now on legacy, I will grant that you could have purchased Microsoft services on a campus agreement. However, that is asking you to look into your magic 8 ball and hope you guess the right amount of usage for the next 12 months and then pre purchase Azure credits to cover that. This is a massively inefficient approach and misses the key benefit of cloud services – flexibility.

In a real world example you would expect an educational providers usage on a cloud based IaaS (Infrastructure as a service) to look something like:
• September – December (Mild Usage)
• Jan – Mar (High Usage)
• April – July (Diminishing usage as students slowly drop off timetable)
• then late July – Aug (Very low usage)
Now if you are paying for this upfront you need to work out what your average monthly spend should be and then try and guess how much you need to cover this.

This just won’t work, you will either hit your campus agreement renewal needing to pay overages or hit the renewal with hundreds if not thousands of wasted pounds. With Monthly flexible billing you don’t have this issue, you get a bill for what you actually use, now if it’s a critical system you can reserve the instance and gain some savings, but you have the flexibility.

 

This is a new approach for us. How best to do it?

Back to the question in hand and how does your organisation cover these costs?
Well to start with, your business manager needs to change how IT is funded in the budget. Moving the value that would have been placed on an infrastructure refresh into operational spend. They then need to find a way to increase this pot by 5-15% a year to cover cost increases. Now there is still a need for the capital bid, but these should be used for laptops, switches and firewalls and not servers and server licensing. With this shift IT becomes less of a burden as the spend is predictable and you are not looking at £500k investments every 5 years, but instead £80k a year spend on cloud services.

education budget
I often get asked how we work with our education customers to move to the cloud and for me the approach is simple; it’s about understanding. So many business managers have endured years of the CAPEX process and are used to the funding model. What our job is as technical professionals is to illustrate the savings in cooling, powers, facilitates and security that a move to the operational model brings and then work from there to deliver the best experience for the organisation.

If you are an IT manager today about to enter capital bids season, then think like this; bid for the money for your big server replacement but don’t propose legacy equipment and designs. Engage with Planet IT and we can support you in submitting a CAPEX to OPEX bid a support your move to the cloud.

 

Need more help to get it right?

2022 will be the year that most businesses make a major jump to the cloud. Don’t allow your educational establishment to be left behind and looking for answers, we have successfully worked with a large number of educational providers over the last 18 years to modernise and improve their IT for the better, we can do that for you too.

If you want to talk to one of our educational team about how we can help you with your capital bids or moving to the cloud, then please call 01235 433900 or you can email architecture@planet-it.net or if you would like to speak to me directly you can reach out to me via DM or at james.dell@planet-it.net.

Education in Focus: Biggest IT Refresh Year Ever

Education IT

There comes a point in the academic year where exams ramp up, teachers, lectures and support staff are focused on getting student’s through their end of year exams and keeping the momentum up until the summer break.

Meanwhile in the cool dark of the server room, the IT Support teams across all academic settings are preparing for the calm before the storm.

This year, while we may not be seeing exams like we previously would, the IT Teams in our educational establishments are preparing for their busiest summer refreshes ever. The woes of 2020 are behind us and the shift to classroom learning returning for 2021/22, the push is on to make the infrastructure improvements that were put off during COVID.

Saying all that, budgets are likely to also be tighter than ever. So how can IT teams get the absolute most out of their IT projects?

To help we have put together 5 top tips for smashing your summer projects in 2021

Plan Early

When it comes to any form of IT project the further ahead you are planning the better chance of success you have, so start early!

Engage vendors and technology partners. Test the market and understand your options. If you are looking 6 months ahead of where you need to be, then when do you have to make the choice on the technology or the vendors you are going to use? Be armed with all the information you need so you can overcome the challenges the project throws at you.

School ITHave a contingency plan

As you begin to plan your project, look at the what if’s…

For example, if you are replacing a server infrastructure, what happens if the new servers fail? Or before you have moved the data, if the old servers fail, do you have a backup? Have you tested it?

By implementing a rock-solid contingency plan you are positioning yourselves in such a way that you can overcome whatever challenges come your way.

Choose a partner you can trust

Remember you are not in this alone.

Whatever the chosen project you are undertaking there are partners who will help you achieve the goals of your organisation. However not all partners are equal. Not all partners have the same approach.

Find a partner who has the certifications and accreditations with the vendors you want to work with, i.e Dell Gold Partner or Microsoft Gold Partner with certified engineers. Don’t settle for “the local firm” as 9 times out of 10 they will get out of their depth very quickly. They’ll can end up making the challenges of delivering IT in education much worse.

So, pick a partner you can trust, and you know when you’re up against it, will have your back!

Only choose best of breed technology and don’t settle for last generation.

Lots of companies see education as an opportunity to move stock which the corporate world no longer wants – for example, servers which are now end of sale or software which has been pushed into its last few operational years.

You should never settle for anything other than the best in breed technology for your establishment. If budgets constrain that, reduce the scope of the project or limit the technology used. Don’t settle for old, refurbished or reconditioned equipment just to hit a financial goal. In the long term, you will pay the price when the equipment cannot be serviced and needs replacing before the business has got the full value from the solution.

Maximise gains using operations leasing

When making purchases in education, you have a great opportunity to access low cost or even free finance offerings for all of your large purchases. So, leverage these deals to extend your budget.

Limit the capex spend and get the best solution you can and prevent the project delays of stretching upgrades over 2-3 years which really need to be done today.

Using these top tips, your organisations should be able to avoid the pitfalls of so many education providers in the past and make sure you take step in the right direction when making your upgrade this summer.

Just remember you are not alone. At Planet IT we have a team of specialists who can not only support you with the decision making and selection of new equipment, but can support with the role out, implementations and upgrades to your systems.

If you want to talk to one of our educational team about how we can help you with your summer projects then please call 01235 433900 or you can email architecture@planet-it.net or if you would like to speak to me directly you can reach out to me via DM or at james.dell@planet-it.net.

 

4 Steps to the Perfect Backup Plan

World Backup Day

Today is World Backup Day, for many it’s a day to be celebrated, but for just as many, it’s a stark reminder of the dark omen that is an uncertain backup environment or plan.

We all know the basics of backup right? The things we all want to achieve

  • Retention
  • Redundancy
  • Recovery

I could happily go on for far longer than any of you would care to read on each of these topics!

Today however, I want to talk about the practical elements of making sure your backups and overall disaster recovery plan are the best they can be. Starting with some basic questions.

  • Are you backing up your whole environment?
  • Are you running your backups daily?
  • Are your backups retained for the right amount of time?
  • Do you take backups off-site?
  • Are your backup sets fully automated?
  • Are your backup jobs encrypted?
  • If you have cloud resources (Microsoft 365, Azure, AWS) are these backed up?
Back up servers

In an ideal world, you would want each of the above to be a confident and resounding YES! However, this is not always the case – we often hear the ill-fated “I don’t know”.

So, what can we do to be certain on the above and confidently rest knowing our backups will be there for us should the worst occur?

Step 1 – Check the List 

Firstly, I would start by checking your infrastructure or approach your IT Team to get the answers to the above questions. Understand that if the answer to any of them is no, in this first step, it’s less important to know why, just to understand the position you are currently in. Once you’ve established that, let’s move on to step 2.

Step 2 – Check the Kit 

Once you have a firm understanding of your overall backup integrity, it’s time to push past the smoke and mirrors and figure out exactly what you are working with. Check your storage, check your software and make sure it isn’t letting you down. There are so many options available in today’s market, but a quick search of your products and the competition should help you understand if you need to make any changes.

Step 3 – Make your Plan

At this point, you’re either happily relishing in confidence… or you’re not.

If you’re not… bear with me, I promise, we’ve just ripped off the worst of the band-aids and from here… the only way is up. When making your plan, it’s important to work out what you need first, what you want second and then figure out the cost implications (if any) your business will need to work towards. Everyone loves a good deal (or better, a free deal!) but sometimes investment is required to ensure you have the right infrastructure for your plan. When making your plan, make sure you are referencing the list from Step 1 and work out the following:

  • How long do I want to keep my backups?
  • What is my off-site storage plan?
  • Do I have Cloud Resources that need to be backed up?
  • How efficient do I want my backups to be?
  • How long can I afford to be offline in the event of a disaster?
  • How much data can I afford to lose in the event of a disaster?

The answers to these questions will help you to understand how much storage you need, whether you need a cloud or second-site storage plan, if you need high performance equipment and your Recovery Point/Time Objectives. Know that even if the plan is loose, it’s more than you had at Step 1 and it will help you enormously when collaborating with your teams, suppliers and peers to achieve the best outcome.

disaster recovery plan

Step 4 – Reach Out 

At this point, we’ve gone from scratching our heads, to having a clear understanding of the potential issues, a goal to aim for and a plan to get there. Now it’s time to reach out.

Speak to your team and your suppliers and get them on board with your plan. From this point forward, you’re taking control of your backup & disaster recovery plan. You’ve worked out what you want to achieve and you’re making it happen. That, or you were happy from Step 1 – either way, grab a coffee and your favourite lockdown biscuit, you’ve earned it!

Remember, if you ever have any questions, just ask. I, or one of the team here at Planet IT, are always happy to be used as a sounding board and can offer our expertise for your specific situation.

Feel free to reach out to me via LinkedIn or email me at michael.davey@planet-it.net.

HAFNIUM and Exchange Vulnerabilities – What To Do Now…

Hafnium Attack

There has been lots of noise in the press and on social media about the HAFNIUM threat actors and the current vulnerability that has been detected in all current versions of Exchange on premise.

If you haven’t read up on the attack and the risks you can do so here;

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2021-patch-tuesday-fixes-82-flaws-2-zero-days/

https://www.kaspersky.co.uk/blog/exchange-vulnerabilities/22385/

https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/

These articles have been leaving a lot of IT managers and CTO running around looking for solutions. They need a way to quickly patch up the servers and cover over a hole that has been there since at least last November, when as far as the first reported case of an attack using this vulnerability. However, what do you need to be doing next?

We all know that Microsoft issued patches on a non-standard update to Windows or a (out-of-band) update. For those out of the know, this means this Hafnium vulnerability is bad! Microsoft rarely break their patch cycle but when they do as with the SMB vulnerabilities with WannaCry. When they do it means you need to be act fast.

By the time these latest OoB updates where released, Microsoft made it clear that these attacks where already happening, which means for some of you who are readying this article thinking you are safe because you ran the patch, you may not be.

The four most dangerous vulnerabilities already being exploited allow attacks to pull off a three stage attack on compromised systems.

The attack chain is simple;
  1. First, access a compromised Exchange server (one missing the patch) this can even be an Exchange Management point for Office 365, it doesn’t need to be a full running system.
  2. Then they create a Web shell for remote server access
  3. They then use this to harvest data from the network and systems associated with this Exchange server, essential using it like an open front door.

So how do you protect against the Hafnium threat?

This is where you need to be looking at having a product in place as your antivirus/antimalware which uses EDR or XDR technology and has up to date behaviour and exploit prevention and detection.

Watch out for the following detections

  • Exploit.Win32.CVE-2021-26857.gen
  • HEUR:Exploit.Win32.CVE-2021-26857.a
  • HEUR:Trojan.ASP.Webshell.gen
  • HEUR:Backdoor.ASP.WebShell.gen
  • UDS:DangerousObject.Multi.Generic

So what should you do next?

As Microsoft has already released an update to fix all these vulnerabilities, we strongly recommend updating Exchange Servers as soon as possible, Microsoft have even gone as far as releasing a quick install roll up which should work for most Exchange servers. For more complex deployments like DAG’s, then Planet IT can support you with this process.

You then need to focus on your defence strategy on detection lateral movements and data exfiltration to the internet. For this we recommend that you pay special attention to outgoing traffic to detect cybercriminal connections.

As always you should ensure that you are backing-up regularly and make sure you can quickly access it in an emergency, if you have questions on this then Michael Davey – Michael.Davey@planet-it.net and his Back Up Services team will be more than happy to help.

Make sure you have an Endpoint Detection and Response product in place. If you don’t reach out to your Planet IT account manager who can provide you with details of what is available and works with your security landscape.

Finally make sure you are using a reliable endpoint security solution such as Kaspersky or Sophos that has included in it Exploit Prevention, Behaviour Detection, a Remediation engine. It would also be beneficial to ensure that your product has a Vulnerability and Patch Management capabilities.

If you would like to discuss with myself or any of the cyber security team at Planet IT about how you can better protect you business, should that be with new technology, strategies or even better back ups you can reach us using the contact details below;

Contact me at – LinkedIn Message James Dell or Email : james.dell@planet-it.net

Call 01235 433900 or Email : enquires@planet-it.net

Education in Focus: Cyber Attacks on the rise while protection remains behind other industries

Education Cyber Attack

2020 was far from an easy year for the education sector, with the strains of COVID-19, the forced move to remote learning and the constant moving goals of exams, assessments and certifications looming over the industry. IT improvements and IT budgets were shifted from infrastructure and enhancements to purchasing laptops and enabling learning over video. These changes have had a dramatic impact on all educational organisations. Unfortunately, we are starting to see the repercussions of this, with several educational organisations being hit by cyber-attacks.

Another Attack

This week we have seen the latest attack on the University of Northampton, this is unfortunately just another in a long line of victims of the last few years.

As many of you who have read my articles are aware, I have a long history in the education sector, working across schools, academies, and colleges. From this, I have a very first-hand experience of how budgeting works in education. I know its effect on the choices that we make when it comes to selecting solutions and ultimately protecting educational establishments.

When I read stories like the one about the University of Northampton, it churns my stomach. This is because I know that the ladies and gentlemen who work in the IT teams of these organisations will have been doing everything they could to protect the system. However, they are always constrained by the limits they have finically and with their current technology stack. Having personally experienced several attacks first-hand, the IT Team usually takes the brunt of the fallout from these events. In truth, it’s business management and senior management, who’s lack of understanding, allows these incidents to happen.

university cyber security

The real-world cost of an attack

When these kinds of cyber attacks in education occur, we all see the headlines and the public outcry about the fact these threat actors get into and disrupt educational organisations. What is very rarely discussed is the organisation’s cost.

The cost itself is not just that of recovering from the breach. Depending on what equipment has been affected and what can be recovered, the cost anywhere from £10,000 to £500,000!

However, on top of this, you have to add the cost of staff not working. The organisation not being able to deliver teaching and learning can easily cost an organisation over £50,000 a week.

We then have to consider the cost of the damage to the organisation’s reputation and any fines that may come in from the ICO if data has been lost. These costs can total into millions.

The worst part of all of this is that insurance will not always cover these costs if you have the wrong cover type. In a real-world example, we are aware of a case where an educational organisation had a total cost of an outbreak at £2.5 Million, this figure should be enough to make your senior management sit up and pay attention.

Where to start…

The question then is, how do we get our educational sector partners to a position where they can protect their data, deliver teaching and learning and ultimately avoid cyber attacks in education?

The answer is about prioritising spending and focusing on ensuring that a security landscape is in place that covers all bases and protects against all foreseeable attack vectors. We start this with solid anti-virus and anti-ransomware technology. Endpoint protection must be paired with a robust Endpoint Detection and Response product (EDR) or an Extended Detection and Response product (XDR). These technologies will give you a strong endpoint protection roster.

Then layered on top of this, you need to look at device encryption, which must be centrally managed. Then, on top of that, we need to pivot and look at the ingress points on your network, this being your email and your firewall. Both should be robust next-generation products that use both Unified threat management and a traditional stateful firewall approach.

school cyber security

And then there’s the human element

When we have tackled the technical delivery needed to secure the network, we need to look at your staff and the human firewall element of protection. From this regard, we should be looking at Phishing training, security awareness and data protection training.

When you have all these pieces in line and configured to best practice, then there is a good chance that you will mitigate most risks towards your organisation. Now, that doesn’t mean your senior management can wash their hands of cybersecurity. Proper cybersecurity protection is reviewed and maintained regularly, and this also means patching all your other IT systems; it’s a busy and full-on task to undertake. However, if you do it correctly, it’s advantageous knowing that you are keeping your learners, staff and visitors safe and protecting against the effects of a cyber-attack on the business, individuals and the wider community

If you would like to have a conversation about how we can review your security landscape and work with you to build a robust cybersecurity landscape for your organisation, then CLICK HERE to book a meeting with me, or you can email me at james.dell@planet-it.net and together we can work to align your organisation against the current and future risks.

Sophos MTR vs Security as a Service. What’s the difference?

sophos MTR vs Security

What is Sophos MTR?

Sophos MTR Standard or Managed Threat Response, provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully managed service. What that means is a dedicated team at Sophos will monitor your environment and act on any threat detections using the EDR technology that we are a massive fan of here at Planet.

IT is offered as an optional service add-on with Sophos Intercept X Advanced with EDR.

Sophos MTR Advanced goes one step further and will actively go looking for potential threats. It proactively improves your security by recommending configuration changes and reporting on vulnerabilities.

How does Planet IT’s Security as a Service (SECaaS) compare with Sophos MTR?

Let me start off by saying that Sophos MTR is a fantastic service, there is no denying that. But you do have options should you want this protection but want to explore different avenues.

Here at Planet IT, we offer an alternative service that will give you the peace of mind of MTR, while being more aware of the fact that many of you will have technologies outside of the Sophos stack.

Alongside this we know that for many of our customers the biggest risk is always the recovery and with Sophos MTR there is quite rightly an end to where Sophos can provide services. With SECaaS we stick with you and can support you to the bitter end.

I have compared the offerings of Sophos MTR with Planet IT’s Security as a Service (SECaaS) in the table below:

 

Feature Sophos MTR Planet IT SECaaS
24/7 support Office Hours
Dedicated Account Manager
Direct Call-In Support
Asset Discovery via Endpoints X
Enhanced Telemetry via Endpoints X
Activity Reporting Sophos Only All Security Vendors
Periodical Health Checks Sophos Only All Security Vendors
Vulnerability Scanning Sophos Only All Security Vendors
Firewall Support Sophos Only All Security Vendors
Completely mitigate through to completion Sophos Only All Security Vendors
Penetration Testing X
Windows Updates X
Phishing Training & Testing X
Email Protection X
Cyber Essentials / Plus X

 

Verdict

Sophos MTR is a great service if you are a large organisation with the requirement for 24/7 support and have the resources to afford it. If you have an internal IT team in place to work in collaboration with Sophos to completely remediate any threats, it really is a top solution.

However, as you can see above Planet IT’s SECaaS offering is more than sufficient to give you the peace of mind you need. We will work with you to recommend and provide the solutions right for your business and support you until any threat is mitigated, no matter what security products you use.

Add in our other services such as Windows Updates as a Service, Vulnerability Scanning (not just for Sophos products) / Penetration Testing and Cyber Essentials as a Service, you can rest assured that SECaaS will keep you safe and updated as much as possible!

About Adam Harrison

My name is Adam, and I am a security-focused Technical Architect. It is my job to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to!

If you want to talk to me about how Sophos Intercept X with EDR would fit into your business then please call 01235 433900 or you can reach out to me via DM or at architecture@planet-it.net

What are the benefits of Sophos Intercept X Advanced with EDR?

sophos edr

Over the last few months, you may have heard the word EDR (Endpoint Detection and Response) banded around when talking about security products, but what does EDR really mean for you and your business? In this article I am going to explore EDR and the tangible benefits that you would see from having this product in place.

What is EDR?

Sophos Intercept X Advanced with Endpoint Detection and Response (or EDR) is an award-winning security solution that is built upon the framework of the Sophos product that so many of you use and know.

One of the simplest ways to look at it is like a cake made up of three layers. You may already have two of these in place:

Endpoint Protection – traditional anti-virus that detects and blocks threats in real-time. This is the signature-based piece of the puzzle something that every business should already have even if it’s from another vendor. It is looking at what is happening and checking it off against a list of known attacks.

Intercept X – anti-ransomware protection. This comes in the form of AI and Machine Learning driven technology which knows what your device should look like if you are working as normal. When you’re not, it uses a technology called CryptoGuard and detects any encryption attempt, reversing any encryption that has already taken place. This is your backstop and a way to protect yourself from unwanted changes. This is a technology many of our customers have and saw the value in having after the WannaCry outbreak of 2015.

EDR (Endpoint Detection and Response) – This enhances the ability to analyse an attack and see what happened, whether the threat has spread to other devices and if any data has been lost. This is new and this is less about what is happening and stopping it and more about the validation of how safe you were following an attack. Now this may sound counter intuitive, if the product is protecting you, why would you need to know what happened in an attack? To answer that simply we need to look at GDPR and the requirement to report breaches.

These components combined provide you with the whole protection cake. You have the ability to protect your data (these are the sponge top and bottom made up of Endpoint Protection and Intercept X) and then you have the knowledge that if something happens you can clearly report on what took place (this is the jam filling that completes your cake). Protection like this is second to none when coming up against today’s attackers, in a threat landscape that is every changing.

Sophos Planet IT

How does it work?

Sophos Intercept X Advanced with EDR combines proven endpoint threat protection with the power of advanced machine learning to identify and block malicious processes. Intercept X uses AI that detects malware without relying on signatures and monitors system behaviour for any changes that could mean a malware attack. SophosLabs then provides the knowledge to back it up.

Take a targeted ransomware attack as an example. Bad actors will try to brute force their way into a externally facing RDP server. Once in they will drop an encryption package onto the system and start to encrypt files. Intercept X will detect the behaviour, CryptoGuard will stop the encryption and EDR will be able to fully report on the events chain (source, root cause, beacon, when it was detected and if it has been cleaned) providing complete analysis. Additionally, EDR customers will have access to a SophosLabs Threat Intelligence report that further aids you in your decision whether to allow the suspicious file or not.

How does this benefit you?

Sophos Intercept X Advanced with EDR will increase your security footprint without the need for additional resources to look after the solution. You can be safe in the knowledge that the solution you have chosen is the best in the business. With EDR you will have all the tools you need to make sure that any detected threat has been stopped in its tracks!

I’m sure you know that if there is a breach and data is compromised, the Information Commissioner’s Office (ICO) have to be informed. As a result of this, if your security solution is deemed to be inadequate you will be subject to a substantial fine! Throw GDPR into the mix and you have the potential to be in serious trouble. With Sophos Intercept X accompanied by EDR, not only will you have an industry-leading security product, but also EDR ensures all details are captured for reference later.

So, should you become a target you will be able to prove where exactly the threat has come from, where it has been and if it has been dealt with completely.

From a resourcing view, investigating all detected threats and tracing their actions to ensure nothing has been compromised is a full-time role; EDR does this automatically and comprehensively so you don’t have to. You can search through 90 days so even if you have only been made aware of a threat you can wind back the clock and quickly see how it was dealt with.

How good is Sophos compare to the competition?

As you can see, Sophos Intercept X with EDR is industry-leading when put up against the competition:

sophos comparison

Security as a Service (SECaaS)

Now sometimes it is all well and good having the tools yourself, but you may not have the inhouse skills or the time to make proper use of them, this is where our Security as a Service offering comes in – with SECaaS we will provide further peace of mind by monitoring your Sophos solution and remediating any alerts within an agreed timeframe. We will also provide you with periodical reports at an interval of your choosing showing the health status of your estate, complete with our recommendations to make sure you are as protected as you can be.

 

About Adam Harrison

My name is Adam, and I am a security-focused Technical Architect. It is my job to provide expert advice on security solutions and assist our customers with protecting their environment from viruses, ransomware, and other nasty attack vectors! My background is in Security as a Service, Infrastructure and Helpdesk Support; I keep myself up to date with the latest threats and security products, so you don’t have to!

If you want to talk to me about how Sophos Intercept X with EDR would fit into your business then please call 01235 433900 or you can reach out to me via DM or at architecture@planet-it.net

Help us educate 200 of Oxford’s most vulnerable schoolchildren

Educate 200

The students of The Oxford Academy, an 11-18 secondary comprehensive located between the Blackbird Leys and Littlemore estates in Oxford, are incredible young people. With support and hard work, they will be the entrepreneurs, artists, athletes and leaders of Oxford in the future. Unfortunately, for many of them they come up against incredibly difficult economic circumstances.

The Oxford AcademyNearly half the students at The Oxford Academy are disadvantaged and therefore receive free school meals; many other families narrowly miss out on the criteria. This is more than double the average in most schools in Oxfordshire. Thirty per cent of children in Blackbird Leys, Littlemore, Rose Hill and parts of Cowley live in poverty (Indices of Deprivation 2019), making the areas in the top 20 per cent of the of the most deprived areas in Britain.

For the students at The Oxford Academy, a lack of access to technology is a barrier to learning and success. This is all the more apparent now during this time of national lockdown. Some children have to share a single device with 3 or 4 other siblings, or with their parents who are now trying to work from home, and some of them are trying to do everything on their phone.

This is particularly close to us here at Planet IT. Our Founders Sean & Gavin attended the school when they were growing up in Blackbird Leys.

We are asking you for your help!

Sean and Gavin

To educate the 200 most vulnerable children, ask yourself, do you have a working laptop that you can spare? If you donate it, we will wipe and restore it, ready for a young student to learn.

What’s more, for every 2 laptops donated, we will buy a brand new Dell Chromebook to donate to the Oxford Academy.

Every laptop gives one more schoolchild at the Oxford Academy the opportunity to learn, be digitally literate and successful.

If you don’t have a laptop to donate, you can still help or even buy a new Chromebook using the School Trust’s Just giving page,

Please remember to mention The Oxford Academy Educate 200 when donating, as for the value of every 2 machines donated or cash donated, we will provide 1 more!

https://www.justgiving.com/campaign/RLTHomelearning

If you have a laptop to donate, please get in touch and be a part of offering pride, aspiration and opportunity to every member of our student community.

Call us on 01235 433900 to donate your laptop

Be Internet Safety Awesome … Start Them Young!

Internet Awesome

I, like many others, am currently home schooling. I have two gorgeous boys, but my god it’s tough working, especially with it just being the three of us…

In the muddled, jumbled up world of working and schooling, security (funnily enough) is still high up on my list. And something I thought I would share, to not only keep the small ones entertained, but also secure is a fantastic online tool that yours will love!

Interland is a game from Be Internet Awesome and Google. It helps make the most of the Internet, where kids need to be prepared to make smart decisions. It teaches the fundamentals of digital citizenship and safety so they can explore the online world with confidence.

Check it out HERE

Internet SafetyI mean, it’s an awesome training game by Google, hats off. And Eddie, the one with the Nerf gun in the pic, loved doing it. So, now, pride of place on the fridge sits this certificate. You can’t start them too young!

With the many different balls I need to juggle to try and keep ahead of the curve in security, ensuring the end user is tested and trained on their cyber security knowledge is key.

Something that is a little more for the grown-ups is the KnowBe4 training platform. The market leader in cybersecurity training. It has millions of training videos, tests, articles and advice… the list could go on.

And then there are the phishing campaigns….. All in one central portal, and easy enough to set-up yourself, or if you prefer some more guidance and assurance, we can do it for you.

Training is key to any company, please speak to me if you have any requirements – kelly.ilbery@planet-it.net

Looking for a technology partner?
Let’s talk

  • This field is for validation purposes and should be left unchanged.