White papers
Sophos experts and leading industry analysts have published a series
of white papers addressing and discussing anti-virus and anti-spam
issues as well as other related topics. Find out more about the problem
of viruses, Trojans, spyware, spam and worms in the white papers
published below.
Evaluating the performance of competing endpoint security products is
a time-consuming and daunting task. Independent competitive comparisons,
performance benchmarks, and detection certifications cover different
solutions and criteria and provide conflicting results. This paper
highlights the pitfalls of simply looking at virus detection rates and
gives the six critical questions businesses need to ask to ensure
successful protection now and in the future.
Today's cybercriminals are constantly looking for new vulnerabilities
to exploit, they use fast-changing, low-profile threats to infect and
hijack computers across the business network. This paper describes how
SophosLabs uses its global visibility and 24/7 research operations to
facilitate powerful integration of expertise, automation and technology
to provide the proactive protection and rapid response that businesses
need.
A brand new infected webpage is discovered every 14 seconds, but most
businesses are unprotected against today's modern web-based malware.
This paper highlights the six top tricks used by hackers and describes
the three pillars of protection organizations need to safeguard their
systems and resources.
The report examines the threat landscape over the previous twelve
months, and predicts emerging cybercrime trends for 2008. In 2007,
organised criminal gangs extended their efforts beyond Windows, looking
to Mac and other operating systems for new targets. Attacks using
wireless connectivity and mobile devices and accusations of
state-sponsored cybercrime have also increased. Find out more about the
past year's events and Sophos's predictions for the next 12 months.
For many would-be network access control (NAC) adopters, what NAC is
or is supposed to be is unclear. However, the companies who are
successfully protecting their network aren't confused - they also have
more demanding views as to what they think a NAC solution should
provide. This report aims to further the market's understanding of NAC -
its function and capabilities - as seen through the eyes of those
organizations that are getting the best results in protecting their
network access.
With spam levels breaking records every day, the quintessential
business tool - email - has simultaneously become a major liability.
With inboxes overrun with more and more unwanted email that threatens
business productivity, regulatory compliance, and network security,
organizations are having to look at what is being mailed in, out and
around their network, at the gateway, at the mail server and at the
endpoint. This paper focuses on the threat posed by unwanted emails that
make it through to the inbox, explains the impact these threats have on
organizations, and demonstrates what needs to be done in response to
make email safe and productive.
This security threat report update descibes the ongoing changes in
the threat landscape and the challenges they present to organizations.
Includes discussion of web threats, email and spam, endpoint security
and Windows and non-Windows threats, as well as reviewing specific
recent threats and related legal action.
Traditional appliances that promise to meet the challenge of letting
the IT administrator do more with constrained resources and less time
have turned out to be at best only partial solutions. This paper
highlights how truly managed appliances free up time while providing
improved security, visibility and peace of mind. It explains how they
enable efficient security management by reducing daily administration,
enhancing the user experience, and offering proactive support.
Unauthorized endpoint computers pose significant security risks to
organizations. Where underlying network-based enforcement is available,
network access control (NAC) solutions provide detection and
implementation of security policies to minimize these risks. However, in
some environments the network cannot provide this enforcement.This paper
looks at how a complete NAC solution can protect the network from
unauthorized access from unknown computers or people with malicious
intent.
Enterprises must take a robust policy-driven approach to enforcing
security compliance in order to protect against network vulnerabilities
and meet regulatory requirements. This paper examines technology and
initiatives designed to capitalize on existing investments and prevent
any gaps in security.
The explosion in spyware has presented businesses with increasing
concerns about security issues, from data theft and network damage to
reputation loss and exposure to potential litigation. This paper
examines how spyware infiltrates and affects organizations and describes
how to protect against it.
The continuing evolution of malware threats combined with the demand
for increasingly flexible working practices is a significant challenge
to IT departments seeking to reduce help desk support and get better
value for money from their investment in security. This paper looks at
how organizations can benefit from a more integrated, policy-driven
approach to protecting the network at all levels and controlling both
user access and behavior.
Employees installing and using unauthorized applications like Instant
Messaging, VoIP, games and peer-to-peer file-sharing applications cause
many businesses serious concern. This paper looks at why it is important
to control such applications, discusses the various approaches, and
highlights how integrating this functionality into malware protection is
the simplest and most cost-effective solution.
Cybercriminals continue to invent increasingly cunning ways to
exploit human and computer vulnerabilities to steal and extort money
from computer users and companies. Our latest security threat report
describes the latest threats, highlights their growing complexity and
looks at what the likely trends are for 2007.
Five years after the release of Windows XP, Microsoft's primary
stated goal with Windows Vista has been to reduce security
vulnerabilities and overall susceptibility to malware and other threats.
This paper assesses how far the new features measure up to Microsoft's
aspirations for its new desktop operating system and provides an insight
into the level of protection they provide to business users.
Spyware, viruses, and other unwanted or unauthorized applications
easily infiltrate enterprise networks via web browsing. This paper
defines the requirements for effective, manageable security that
protects organizations from infection and legal risk, while also meeting
end user demands for performance and accessibility.
Hijacked computers, or zombies, hide inside networks where they send
spam, steal company secrets, and enable other serious crimes. This paper
discusses how the threat has evolved, explains how zombie networks, or
botnets, are created and highlights how even organizations with reliable
gateway and endpoint protection are vulnerable to these email- and
web-borne threats.
Managing the desktops, laptops and servers at the endpoints of
corporate networks is an increasingly complex, time-consuming and
expensive task. This paper examines the issues of managing security
across the network, discusses the key criteria involved in choosing a
solution, and describes Sophos Endpoint Security.
Cybercriminals continue to invent new ways to exploit human and
computer vulnerabilities to steal and extort money from computer users
and companies. This update to our annual security threat management
report looks at how the threat landscape has changed in the first six
months of 2006 and what the likely trends are for the rest of the year.
Faced with the growing volume and complexity of threats at the email
gateway, organizations are looking for security solutions that offer
better protection. The availability, expertise, and productivity of IT
resources must be balanced against budgets, flexibility, and control.
This paper helps IT administrators make an informed decision by
comparing software solutions, appliances, and managed services, and
looks briefly at the choices offered by Sophos.
The challenge for organizations today is to stay ahead of the
increasingly interconnected threat from rapidly spreading viruses and
spam campaigns, phishing scams, spyware, and other threats. The
expertise and systems in SophosLabs™ give businesses the reliable
protection they need across all threat types.
Increased connectivity in and out of the office has radically changed
the task of securing an organization's systems and data. Client
firewalls - often referred to as "personal" firewalls - are now an
essential part of corporate endpoint security. This white paper
describes what a personal firewall is, why it is important, and how it
differs from a gateway firewall.
Linux is expanding rapidly beyond its traditional base of
enthusiasts, finding rising popularity as a server platform for
corporations. This paper highlights the threat to businesses caused by
the interaction of unprotected Linux computers with Windows and other
platforms. The paper also discusses the vulnerability of mixed IT
environments to the range of increasingly complex threats.
There is a common and flawed belief that computers running on
non-Windows platforms do not need anti-virus protection.This paper
investigates the real threat to non-Windows computers, the risk of them
concealing and distributing Windows viruses, and the implications of the
growing popularity of non-Windows operating systems. The effect of
compliance legislation on protection requirements is also highlighted.
Viruses have become sophisticated tools in the hands of
cybercriminals. The effect of a virus attack on a small business, which
does not have the resources to focus on network security, can be
catastrophic. This paper describes the evolving threat, provides best
practice security advice, and explains how Sophos small business
solutions provide small businesses with reliable, integrated protection.
The growth in malware has continued unabated during the 20 years
since Sophos entered the computer security industry. Take a look at the
history of viruses and spam, how collaboration between virus writers and
spammers is impacting enterprises, and how SophosLabs™ provides
continuous protection against evolving threats.
Discover the top ten malware threats of 2005, the latest trends in
the world of malware, and how organized criminals are working more
closely together to infect computers than ever before.
This paper explains the online fraud known as phishing, examining how
it threatens businesses and looking at the dramatic rise in the number
of attacks over recent years. Phishing methods and tricks are described
and ways of protecting computers and networks from phishing attacks are
discussed.
The increasingly complex nature of today's fast-moving threats
radically changes the criteria for defense and demands an integrated,
multi-tier approach to threat management. Cross-threat expertise and
technology in SophosLabs™ makes Sophos uniquely able to respond to this
challenge.
This platform paper highlights the more prevalent Linux viruses and
the specific Sophos products developed for the Linux environment.
