Posts

Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test Report

FortiClient receives third-straight recommended rating in the NSS Labs AEP Group Test, offering powerful and cost-effective solution for safeguarding the growing number of endpoint devices.

John Maddison, executive vice president of products and solutions, Fortinet

“Endpoint devices and applications play an increasingly important role in business and networking strategies. Endpoint security solutions need to coordinate closely with the network and other security components, enabling them to share telemetry, correlate intelligence and quickly address increasingly sophisticated threats as part of an automated and coordinated response. Fortinet is pleased to have received our third-straight Recommended rating by NSS Labs for FortiClient along with the many we have received for our other Security Fabric components as we remain committed to third-party testing validations.”

News Summary

Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, today announced its results from NSS Labs’ 2019 Advanced Endpoint Protection (AEP) Group Test. NSS Labs’ AEP report provides the industry’s most comprehensive test results for security effectiveness and total cost of ownership for endpoint security solutions protecting today’s increasingly intelligent and hyperconnected endpoint devices.

In this year’s test, which included 19 endpoint security vendors, Fortinet’s FortiClient demonstrated a 100% block rate of exploits, unknown threats and HTTP malware, with zero false positives. It also demonstrated high effectiveness in detecting malicious malware across multiple vectors, including email, web, and USB (for offline threats), and was proven resistant to all evasion techniques. As a result, FortiClient has received NSS Labs’ coveted ‘Recommended’ rating for the third straight year with low TCO.

  • As a robust advanced endpoint protection solution, FortiClient effectively detects and blocks threats such as malware, exploits and malicious scripts. FortiClient also provides effective vulnerability scanning and flexible patching options to help users and organizations maintain security hygiene and reduce their attack surface.
  • FortiClient also integrates with FortiSandbox and FortiGate to further identify and respond to unknown, advanced and targeted threats, creating a single, unified security strategy that can seamlessly extend out highly mobile endpoint devices to correlate threat intelligence, extend visibility, and block threats before they reach the enterprise network.
  • Fortinet’s FortiClient Fabric Agent can also be deployed as an essential and integral component of the Fortinet Security Fabric, delivering endpoint visibility, network access control and automated threat response.

FortiClient AEP Test Report Highlights

  • 100 percent block rate on exploits
  • 100 percent block rate for web-borne malware
  • 100 percent detection rate for evasions
  • Zero false positives

Supporting NSS Labs Quote

“NSS Labs focuses on empowering enterprises to make informed decisions based on independent real-world testing results. We applaud Fortinet’s years of consistent commitment to third-party testing. Fortinet’s Recommended rating in our 2019 AEP Group Test makes them a strategic option for any business looking to strengthen their endpoint security strategy.”  Vikram Phatak, CEO of NSS Labs

Cisco: Well Positioned For The Future

Cisco operates a formidable tech and network enterprise.

The company offers investors strong growth opportunities, substantial ROI, and a stable tech business.

Although moderately priced, I’ll wait on the sidelines for a more enticing buying opportunity.

Cisco Systems (CSCO) operates a formidable technology enterprise with vast operations across networking, hardware, and service industries. The stock provides investors with substantial dividends, buybacks, and continued share price appreciation. Despite CSCO being a decades-old tech company, the business is readjusting itself toward lucrative tech segments and will ultimately reap the benefits of a continuously expanding “Internet Of Things” industry. This article delineates my bullish investment thesis on CSCO, discussing the company’s business, growth trajectory, financials, and current valuation.

Investment Thesis

With digital technologies being integrated into every facet of everyday existence, digital network and technology companies are well positioned to capitalize on increasing technological integration. After languishing for over a decade after the 2000 tech bubble, CSCO has demonstrated a business resurgence over the past couple of years as the company transitioned to a recurring revenue generation model and diversified its product offerings beyond traditional hardware items. CSCO displays a number of growth and business developments that reinforce a promising outlook. CSCO’s recurring revenue model, penetration into high growth tech segments, and formidable shareholder rewards remain key motivations for investment.

Historically, CSCO has exhibited a significant revenue concentration in hardware-related sales including routers, switches, and other network hardware products. For over 30 years, CSCO experienced steadily increasing revenues from its hardware product lines; however, the advent of new competitors such as Artista Networks and changing enterprise demands caused CSCO to readjust its product offerings toward more software and service-related products. As a result, CSCO’s portfolio readjusted to a 43% weighting in service/software offerings and 57% weighting in key network hardware products. Although hardware items still account for a large portion of operating revenues, CSCO has significantly diversified its product portfolio over the past number of years. CSCO’s broadened revenue diversification better positions the company for success by reducing cyclical exposure to the hardware sales segment, enabling recurring service revenues, increasing profit margins, and offsetting market share erosion in CSCO’s hardware segment. The company offers businesses a single source for all their networking and cloud systems.

ChartData by YCharts
ChartData by YCharts
Chart

Mirai Variant Goes After Enterprise Systems

The newest Mirai variant is targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs used by enterprises.

Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January.

Palo Alto Network’s Unit 42 researchers said that the newest variant of Mirai is notably different because it is targeting enterprise-focused devices as opposed to vulnerable consumer IoT devices; namely, it has been targeting WePresent WiPG-1000 Wireless Presentation systems and LG Supersign TVs.

Both these devices are intended for use by businesses, researchers said.

For the LG Supersign TVs, the LG SuperSignEZ CMS, which many of the TVs have built in, is prone to the remote code execution attack due to an improper parameter handling (CVE-2018-17173), according to an advisory. For the WePresent WiPG-1000, the variant is targeting a command-injection vulnerability.

WePresent and LG did not respond to comments from Threatpost on the vulnerabilities in the devices.

In addition to these commercial devices, the variant is also targeting various embedded hardware like routers (including Linksys E1500/E2500 routers and ZTE ZXV10 H108L routers), network storage devices, NVRs and IP cameras (Netgear ReadyNAS Surveillance 1.4.3-16 and NUUO NVRMini devices), and using numerous exploits against them.

The variant contains a total of 27 exploits – 11 of which are new to Mirai, researchers said.

“These new features afford the botnet a large attack surface. In particular, targeting enterprise links also grants it access to larger bandwidth, ultimately resulting in greater firepower for the botnet for DDoS attacks,” researchers said in a Monday post. They added, “The previous instance where we observed the botnet targeting enterprise vulnerabilities was with the incorporation of exploits against Apache Struts and SonicWall.”

Mirai is best known for being used in a massive, unprecedented DDoS attack that compromised more than 300,000 IoT devices to take down major websites in 2016.

In addition to using fresh exploits, the Mirai variant is also continuing to mount brute-force attacks against devices, this time with new default credentials added to its arsenal.

Upon further inspection of the variant, researchers said they found certain “unusual default credentials for brute force” that they haven’t come across until now, including: admin:huigu309, root:huigu309, CRAFTSPERSON:ALC#FGU and root:videoflow.

mirai botnet variant

Once the devices are compromised, the malware fetches the Mirai payload for the variant and the device is added to the botnet — which ultimately can be used to send out HTTP flood DDoS attacks.

The variant’s shell script payload is still live, and interestingly is hosted at a compromised website for an “electronic security, integration and alarm monitoring business in Colombia, researchers said.

“IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute-force, or both,” researchers said. “In addition, targeting enterprise vulnerabilities allows them access to links with potentially larger bandwidth than consumer device links, affording them greater firepower for DDoS attacks.”

Variants of Mirai continue to pop up as cybercriminals tap into a growing rate of vulnerable Internet of Things devices. In April 2018 a variant of the Mirai botnet was used to launch a series of distributed denial of service campaigns against financial sector businesses; while this past September researchers discovered new variants for the infamous Mirai and Gafgyt IoT botnets targeting well-known vulnerabilities in Apache Struts and SonicWall.

Don’t miss our free live Threatpost webinar, “Exploring the Top 15 Most Common Vulnerabilities with HackerOne and GitHub,” on Wed., Mar 20, at 2:00 p.m. ET.

Vulnerability experts Michiel Prins, co-founder of webinar sponsor HackerOne, and Greg Ose, GitHub’s application security engineering manager, will join Threatpost editor Tom Spring to discuss what vulnerability types are most common in today’s software, and what kind of impact they would have on organizations if exploited.

AI Could Improve Your Next Meeting in Cisco Webex

The screen on the wall wakes up as you enter. “Hi,” it says. It calls you by name.  “I see in your calendar that you have a meeting that starts in five minutes—want to join now?”

“Not yet,” you say. You need to talk to someone first. “OK, Webex, call Susan.”

There are 199 “Susan’s” in your company directory, but the system seems to know which one you mean. “Susan Lee?” It asks. “Yep!” you say. It connects you. You talk with Susan and say goodbye.

“Your meeting starts in two minutes—want to join now?” the screen asks. “Sure!” you say. “Let’s do it.” Three people you’ve never met are in the meeting when you join. Each person’s name and title appear on the screen just below her face. You glance at your laptop just as the system serves up a profile for each of them.
If you’re one of the 300 million people who use the Cisco Webex® platform every month, you won’t have to imagine this. You will experience it soon. We call it Cognitive Collaboration, and our new research indicates nine out of ten people are pounding the table to use it. See it in action here.

Bringing Context and Intelligence to Meetings
On the Webex design team we’re always thinking of how we can make meetings better. Sure, you need great sound and video and screen sharing. But technology can do so much more. It can be like that great assistant who not only takes care of the technical stuff but also slips you useful notes in the middle of the conversation. This context and intelligence helps you build stronger relationships, have better conversations with customers and make smarter, faster decisions.

For us, this isn’t about bolting on a few gimmicky AI-powered features. It’s a mindset.  We know Webex can remove tedious tasks, help you get and stay engaged and make life at work easier. Just imagine how these new features could improve your work day.

  • People Insights gives you professional profiles about the people you’re meeting—in real time. Keep in mind we use context and intelligence to serve these up—so even if you’re meeting someone with a common name like John Smith we will give you the right John Smith. (Try looking him up with a simple web search and you’ll get lots of useless information on lots of wrong John Smiths! And if you happen to be meeting with a different John Smith later in the day, Webex will know that too.)And these aren’t static, one-dimensional profiles. We scour the Web for publicly available information to create a living, breathing profile of the people and companies you care about, and we keep these up to date with the latest news. (You also get to see your profile that is visible to others, and if something shows up that you don’t like, you can always edit it.) This is available as a trial now, with general availability slated for June.
  • Webex Assistant is what is behind two of the new features in the example above. The assistant’s new Proactive Join lets you walk into the room and be asked if you want to join your meeting. To accomplish this, we first needed to know who you are (which we do thanks to an innovation called intelligent proximity). Then we needed to be able to peek into the calendar to see what’s next. And Webex Assistant’s new First Match let Webex know you probably were trying to call Susan Lee. It feels a lot like magic—it looks at the people in your own organization (via the company directory) and scans your Webex Teams spaces to see who you talk to most to make its best guess. In early field trials, Webex gave customers its top three guesses. But its top pick proved right so often that customers asked us to just serve up the first match. You can even use it to add someone to a call already underway.Webex Assistant, along with First Match technology, is generally available now across the entire Webex Room Series. Proactive Join is available on a limited basis now and will be generally available in June.
  • Facial recognition is what is attaches those name/title labels to the three people you never met before in our example. We’ve said before that video is “better than being there,” and that certainly holds true here.  Remote people need not guess who’s who in that big conference room filled with new faces. This will be available in June.

 

“Cognitive Collaboration is a game changer for Cisco customers across all industries,” said Amy Chang, SVP and GM, Collaboration Technology Group, Cisco. “When we enable people to collaborate from wherever they are in a way that’s intuitive, easy and smart, we make their work and life experiences better and more productive.”

 

 

Additional Resources

– Watch Amy Chang’s Enterprise Connect keynote tomorrow (March 20) live streamed on Cisco.com at 10 am eastern. Sign up here for a reminder.

– Did you know that Webex is home base for more than 125Bn meeting minutes each year? Take 60 seconds to learn more about the reach of Cisco Collaboration by watching this video.

Customer and Partner Quotes

Jeff Lemmer, VP and CIO, Ford Motor Company
“At Ford, we’re always looking for new ways to support our vision of frictionless collaboration and building stronger teams. Tools and solutions that speed decision-making help employees deliver value for our business and customers, and we’re excited to explore how cognitive collaboration could help us accelerate.”

 


Nemo Verbist, Group Executive for Customer Experience and Digital Workplace, Dimension Data
“Cisco’s Cognitive Collaboration will enable our customers and their teams to simplify the meeting experience. As a global Cisco partner and leading provider of modern collaboration services, we’re excited to see how new capabilities like People Insights and facial recognition will improve the collaborative experience for our customers and ultimately support great customer experience.”

Cisco (NASDAQ: CSCO) is the worldwide technology leader that has been making the Internet work since 1984. Our people, products, and partners help society securely connect and seize tomorrow’s digital opportunity today. Discover more at newsroom.cisco.com and follow us on Twitter at @Cisco.

 

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. A listing of Cisco’s trademarks can be found at www.cisco.com/go/trademarks.

Availability Disclaimer: Many of the products and features described herein remain in varying stages of development and will be offered on a when-and-if-available basis. These products and features are subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

Juniper Networks’ Security Acceleration Card Targets 5G Firewall Performance

Juniper Networks rolled out a new security acceleration card for its next-generation firewalls that will help service providers, cloud providers, and enterprises meet performance and security demands of multi-cloud, 5G, and IoT.

“Customers are seeing a really explosive growth in the need to support greater traffic in the form of streaming media mobile devices or IoT devices, not to mention the new requirements that mobile providers need for 5G networks,” said Amy James, senior director of security product marketing at Juniper Networks.

The SPC3 service processing card can provide up to an 11-fold performance boost to Juniper’s SRX5000 line of firewalls compared to the earlier version, the company claims. It is also more efficient and uses less power than the previous generation.

“Additionally, it’s a very modular design so these cards can be added without service interruptions,” James said.

Juniper’s Security Refresh

Juniper has been updating its security portfolio over the past couple years, and the new card is a key component of the security platform, James said. “We designed this based on customer input and what their emerging needs are — specifically on the 5G side mobile operators need this kind of performance and capacity.”

The company also recently added capabilities to the platform that automate policy management and include one-touch mitigation to respond to threats. Plus, Juniper more tightly integrated the analytics and remediation technology it acquired from Cyphort last year as part of a move to unify security products and capabilities into a single platform.

So far the refresh seems to be slowly paying off — at least on the security side of Juniper’s business. Despite posting disappointing quarterly results late last month, Juniper’s security business reached $79.5 million in revenue during the second quarter of 2018, growing 16 percent year over year and representing a third consecutive quarter of year-over-year growth.

Juniper Networks Expands Networking Simplicity Through Support of SONiC

Company broadens commitment to open programmability with support of Software for Open Networking in the Cloud (SONiC)

SUNNYVALE, Calif., March 14, 2019 (GLOBE NEWSWIRE) — Juniper Networks (NYSE:JNPR), an industry leader in automated, scalable and secure networks, today announced native integration of Juniper’s platforms with Software for Open Networking in the Cloud (SONiC), which was developed and contributed to the Open Compute Project (OCP) Foundation by Microsoft. This integration will give cloud providers a simplified and automated switch management platform, enhanced by the rich routing and deep telemetry innovations valued by customers.

Introduced by Microsoft in 2016, SONiC is a breakthrough for network switch operations and management. A uniquely extensible platform with a large and growing ecosystem of hardware and software partners, SONiC offers centralized management of switching platforms and various software components.

Native integration with SONiC underscores Juniper’s continued commitment to open programmability, complete disaggregation and expanding key offerings to support cloud-first enterprises. Specifically, the integration will offer cloud and service provider customers:

  • Open programmability: Allows for the rapid integration, agility and flexibility necessary for enterprise end users looking to swiftly adapt to market changes.
  • Disaggregation: Highly modular architecture decouples integrated components and software, thereby offering customers the ultimate freedom of choice and flexibility.
  • Automation: Network operations have always been a tedious and repetitive process. Combining the power of open programmability and disaggregation, Juniper streamlines network diagnostics, automates complex workflows and optimizes network infrastructure operation.
  • Broad ecosystem: Native SONiC integration will provide the broad networking community and cloud providers with the latest routing, switching and analytics solutions from Juniper.

The integration with SONiC demonstrates Juniper’s ongoing commitment to innovate in cloud data center networking, as the company constantly improves its roadmap to deliver best-in-class solutions.

Supporting Quotes
“At Juniper Networks, we recognize how important open programmability is to our customers, already evidenced in our support of OpenConfig, Open/R and P4. To continue this support, we’re excited to announce the native integration of Juniper’s platforms with SONiC to offer hyperscale data center customers another option in data center architecture.”
– Manoj Leelanivas, Chief Product Officer, Juniper Networks

“The integration of Juniper’s platforms with SONiC shows the company’s commitment to open networking and is an important step in our mission to revolutionize networking for today and into the future. Customers will be able to take advantage of this simplified and automated switch management platform, enhanced by rich routing and deep telemetry innovations.”

New Comodo Cybersecurity Services Respond to Mounting SMB Cyberattacks

Comodo Cybersecurity, a global leader in threat intelligence and malware cyberdefense, today introduced new managed security services in response to mounting cyberattacks on small and medium-sized businesses (SMBs) as well as state and local government and education organizations (SLEDs).

A staggering 58 percent of all malware attack victims are categorized as small businesses, according to the Verizon 2018 DBIR. In 2017, more than half of all SMB’s experienced a ransomware attack, and the cost due to damage, theft or disruption caused by cyberattacks exceeded $1,000,000 for the average SMB, according to Ponemon Research.

Comodo cWatch MDR is a Managed Detection and Response cybersecurity solution designed to serve SMBs and SLEDs. It addresses the onslaught of SMB-directed cyber threats with enterprise-class Defense-in-Depth (DiD) cybersecurity for organizations that couldn’t afford, or support, these advanced capabilities. Comodo cWatch MDR includes SIEM (Security Information and Event Management) and SOCaaS (Security Operations Center-as-a-Service), and provides cybersecurity on local networks, on the web and in the cloud.

DiD entails cyberdefense across multiple IT security domains, layering security controls throughout IT systems – a best practice for combating increasingly sophisticated cyberattacks. The comprehensive nature of DiD and need for integration have traditionally put DiD out of reach of mid-market organizations and even of some enterprises due to needs for specialized staffing, support for complex infrastructure, costly integration of multi-vendor solutions, high license counts and frequent updates and upgrades. With Comodo cWatch MDR, SMB organizations can obtain DiD-as a-Service, either directly or through their preferred Managed Service Provider (MSP), making such comprehensive security attainable and sustainable.

“Ransomware and other crippling attacks no longer target only large enterprises. Mid-sized organizations have been largely left to fend for themselves against this kind of advanced threat, until now,” noted Carlos Solari, Comodo VP of Cybersecurity Services and Compliance. “Comodo cWatch MDR brings SMBs an affordable and highly capable defense-in-depth solution, bridging key gaps in the cybersecurity stack around complexity, staffing and compliance.”

In preparing to launch, Comodo worked closely with analysts Tony Palmer and Jack Poller at research firm ESG, whose testing revealed that “Comodo cWatch MDR enables organizations to quickly deploy and integrate a turnkey SOC for DiD protection of critical assets – endpoints, networks, websites and cloud resources – unifying those different pieces under a common control framework.”

Other analysts concur with this positive assessment. “Organizations of all kinds, particularly large enterprises, report being overwhelmed by the large number of alerts and threats and smaller organizations are not immune,” said Fernando Montenegro, 451 Research senior industry analyst. “To address this problem, we see increasing interest in service approaches that aim to deliver enterprise class cybersecurity, including defense-in-depth, to small and medium businesses. Comodo’s combination of MDR and SOC-as-a-Service fits into this category.”

A New Paradigm for Incident Handling

The traditional MDR model generates an overwhelming volume of events and a cascade of false positives, consuming all available security analyst time and attention. The situation is worsened by the need to manage disparate, often incompatible technologies from different vendors, limiting the value of event analysis and response. Solutions intended to lighten the load for security practitioners end up generating noise and alert fatigue, masking key events and increasing the likelihood of those events turning into costly incidents.

Comodo cWatch MDR adopts a different approach, automating repetitive and low-level analyst activities, freeing security practitioners to focus on value-added activities — intelligence-led prevention (threat hunting), discovery of vulnerabilities and design flaws, security prioritization and gap remediation. Comodo cWatch MDR Security Orchestration Automation and Response (SOAR) capabilities result in less time spent on post-incident forensics by enabling defense-in-depth protections.

To meet the challenge of bringing DiD to all types of organizations, Comodo cWatch MDR offers the following capabilities:

  • 24x7x365 fully managed cybersecurity platform
  • SOCaaS with global SIEM and SOAR
  • Incident detection and response for network, cloud, web and endpoints
  • Fully integrated DiD as recommended by the National Institute of Standards (NIST) SP 800-53 R5 security controls and ISO 27001 security clauses

 

Comodo cWatch MDR and the Channel

“Comodo cWatch MDR responds to requirements from Comodo channel partners, especially MSPs,” added Rebecca Myrick, Comodo VP of Channel Sales. “Our DiD offering, delivered as a SaaS, fits perfectly into the MSP go-to-market and is a good match for their mid-market customer profile.”

SMB organizations and MSPs will look to Comodo cWatch MDR for:

  • Reduced cybersecurity Capex from delivering DiD-as-a-Service versus a mix of on-premise hardware and software
  • Optimized Opex from reduced staffing requirements and consolidation of diverse DiD components and vendor subscriptions
  • Preemptive versus reactive cybersecurity
  • Fully integrated DiD as called for by NIST

Cisco Patches Critical ‘Default Password’ Bug

Vulnerability allows adversaries to access monitoring system used for gathering info on operating systems and hardware.

Cisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating systems and hardware.

The disclosure is part of a Cisco Security Advisory and patch (CVE-2019-1723) issued Wednesday. The vulnerability is rated critical, with a CVSS rating of 9.8.

Affected is the Cisco Common Service Platform Collector (CSPC), a tool used for discovering and collecting information from the Cisco devices installed on a network. The flaw includes a default, static password that can be accessed remotely by an unauthenticated adversary. Cisco stresses, that access to CSPC does not grant administrator privileges to an attacker.

“The vulnerability exists because the affected software has a user account with a default, static password,” Cisco wrote. “An attacker could exploit this vulnerability by remotely connecting to the affected system using this account. A successful exploit could allow the attacker to log in to the CSPC using the default account.”

The CSPC tool is used extensively by Cisco service offerings such as Smart Net Total Care (SmartNet), Partner Support Service (PSS) and Business Critical Services. Data gathered by CSPC includes inventory reports, product alerts, configuration best practices, technical service coverage and lifecycle information for both the hardware and operating system software.

Vulnerable are Cisco CSPC releases 2.7.2 through 2.7.4.5 and all releases of 2.8.x prior to 2.8.1.2. Cisco said it is unaware of a public exploit of the vulnerability.

On Wednesday, Cisco also alerted customers to two high-rated vulnerabilities. One is related to the Cisco Email Security Appliances (CVE-2018-15460) and the other (CVE-2018-0389) Cisco Small Business SPA514G IP Phones.

With the Cisco Email Security Appliances, the security advisory warns that the vulnerability is tied to the devices’ implementation of Session Initiation Protocol processing. The vulnerability allows “remote attacker to cause an affected device to become unresponsive, resulting in a denial of service condition,” Cisco wrote.

Cisco said it will not patch or issue a workaround for the email appliance. It explained that the SPA514G IP Phones have reached end-of-life and therefore will not receive an update. It also stressed that similar IP-based phone (SPA51x, SPA51x and SPA52x) are not affected.

cisco asyncos vulnerability

The second bug, found in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances, leaves impacted systems open to denial of service attacks.

“[The flaw] could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device,” Cisco wrote.

Cisco said the vulnerability is “due to improper filtering of email messages that contain references to whitelisted URLs.” It said an attacker could exploit the flaw by sending a malicious email message that contains a large number of whitelisted URLs. “A successful exploit could allow the attacker to cause a sustained DoS condition that could force the affected device to stop scanning and forwarding email messages,” it wrote.

Cisco has released a software update and workaround instructions for impacted instances of Cisco AsyncOS Software for Cisco Email Security Appliances.

Intercept X Achieves Highest Scores in NSS Labs 2019 Advanced Endpoint Protection (AEP) Group Test

Sophos supports the advancement of independent testing methodologies and collaboration between testing labs, vendors, and customers.

Sophos is a strong advocate for thorough independent testing of cybersecurity products to help customers choose what’s right for their environment and for vendors to improve the protection in their technology.

In the 2019 AEP Group Test published by NSS Labs today, our next-gen endpoint solution Intercept X was recognized as having the highest security effectiveness and the most efficient TCO (total cost of ownership) of the 19 endpoint security products tested. In this 2019 AEP Group Test by NSS Labs, we are pleased to see our technology outperform all other products, supporting what our own internal tests and numerous independent reviews have confirmed since the product first launched.

While these results confirm what we already know (it’s great to get high praise) we encourage every business to evaluate the effectiveness of a solution using multiple independent data points and carry out an assessment of its ability to work within their environment. We are confident that we have developed the most effective products but realize every business is unique just like independent testing reports.

Great strides are being made to level the playing fields in cybersecurity testing. Sophos encouragestesting to be fair, rigorous, transparent, and collaborative, and it should seek to replicate the threat environment as it exists for customers, not just in lab conditions. Testing labs need to work with vendors to configure environments correctly, vendors should make it easy for their products to be scrutinized, and testing labs should engage end users to specify the features to be reviewed.

As a supporter of the anti-malware testing standards and Board member of AMTSO, Sophos CTO Joe Levy recognizes that while third party cybersecurity tests are not yet perfect, they still have plenty of value.

Measuring cybersecurity product effectiveness is unimaginably complex. With threats and attack techniques increasing and evolving at an ever-accelerating rate, testing houses need to make extraordinary investments in their laboratories if they are to produce meaningful and rigorous measurements of cybersecurity product effectiveness. But just like all cybersecurity products are not equal, not all testing houses are equal and this remains somewhat opaque to the consumers of their reports, particularly when there is insufficient transparency around methodologies or execution details. Competent independent testing labs provide a great service to vendors and buyers, and are critical to the cybersecurity ecosystem to drive higher standards of protection for all.

We’re happy to continue to see our products succeed in third party testing and receive awards, and we encourage you to explore the details of the testing reports at www.sophos.com.

watch gard firewall security

WatchGuard Expands Secure Wi-Fi Portfolio with 802.11ac Wave 2 Access Point for Midsize Enterprises

Complete with WatchGuard Wi-Fi Cloud, new access point offers fast, reliable, secure Wi-Fi and location analytics for restaurants, medical offices, retail branches and distributed enterprise offices.

WatchGuard® Technologies, a global leader in network security, secure Wi-Fi and network intelligence, today unveiled a new secure, 802.11ac Wave 2 access point (AP), the latest in its family of secure Wi-Fi products. The AP125 offers major performance improvements over Wave 1 APs, giving midmarket and distributed enterprise organizations secure, enterprise-grade wireless network performance without the high cost associated with most Wave 2 APs. When APs are managed with WatchGuard Wi-Fi Cloud, businesses gain access to the industry’s most sophisticated and reliable Wireless Intrusion Prevention System (WIPS) technology. It also offers a powerful location-based analytics engine equipped with customizable reports for automated inbox delivery, guest engagement tools with social authentication, intelligent network visibility and troubleshooting, and a highly-scalable cloud-based management system.

“Simply put, Wave 1 APs can’t provide the level of security, network resource distribution or scalability and management that organizations need today, and most competing Wave 2 APs can’t automatically detect and prevent the six known Wi-Fi threat categories,” said Ryan Orsi, director of product management for Wi-Fi at WatchGuard. “This is extremely problematic for low-traffic environments like restaurants, medical offices, small K-12 schools that still require secure, high-performing Wi-Fi access to function. Our new indoor AP is designed specifically to meet these needs, offering industry-leading security through our patented WIPS technology, performance and scalability that can’t be beat, all at a price that’s accessible for organizations of any size.”

“When customers ask for Wi-Fi, they want to make an investment into a future-proof infrastructure with the best technology available,” said Jean-Pierre Schwickerath, head of IT, HILOTEC AG. “With the 2×2 Wave 2 AP125, we found the perfect match for these SMB requirements: it has a small footprint, a most attractive price, and easy installation, configuration and management of the whole network out of WatchGuard’s Wi-Fi Cloud. With this powerful little beast, we can deliver and guarantee a high quality Wi-Fi network, protected by WIPS, which will make the customer happy for many years to come.”

AP125 Product Details:

  • Designed for lower client density environments and equipped with 2×2 802.11ac Wave 2 Multi-User MIMO (MU-MIMO), the AP125 can now stream data to multiple devices simultaneously utilizing the network more effectively.
  • Outfitted with dual concurrent 5 GHz and 2.4 GHz band radios supporting 802.11a/n/ac Wave 2, 802.11b/g/n, 2 spatial streams, and data rates of up to 867 Mbps and 300 Mbps, respectively.
  • The AP125 can be managed using the Firebox Gateway Wireless Controller or via WatchGuard Wi-Fi Cloud.

 

AP125 and Trusted Wireless Environments:

WatchGuard is proud to deliver secure Wi-Fi products that organizations can use to build Trusted Wireless Environments. In doing so, companies can rest assured that they are protected by verified, comprehensive security that automatically detects and prevents the six known Wi-Fi threat categories, while enjoying the benefits of Wi-Fi networks with market-leading performance and scalable management.

What’s more, WatchGuard’s secure Wi-Fi products are compatible with most other Wi-Fi solutions, so companies can leverage them to deploy a WIPS overlay without ripping out and replacing every existing AP in their network. For more information about how managing the AP125 as a dedicated WIPS sensor, and how to build a Trusted Wireless Environment, click here.

To join the Trusted Wireless Environment movement and advocate for a global security standard for Wi-Fi, click here.

 

Additional Wi-Fi Cloud Features:

Unlock the rest of the power of the Wi-Fi Cloud and gain easy-to-customize, engaging captive portals with authentication options including Facebook, Twitter, SMS, email, and a powerful location-based analytics engine equipped with customizable reports for automated delivery to your inbox. With intelligent network visibility and troubleshooting features, IT professionals can now have the answer to one of their most challenging and frequently-asked questions: “Why is the Wi-Fi not working?”

The AP125 is available for purchase now through WatchGuard channel partners and resellers. List pricing for the AP125 ranges between $340 and $690 USD, based on the Wi-Fi package and number of years selected.