What's New in Central? - March/April 2019

Howdy, folks! My oh my, things never seem to slow down in the world of Sophos Central. This post covers five awesome new features and products that have gone General Availability (our nerdy way of saying "released" or "you can buy dis").

I imagine this isn't your first "What's New in Central?" rodeo so I'll cut to the chase. Let me say it for you... SHOW ME WHAT YOU GOT!

(Feel free to click on any of the items above to jump straight to any item in particular.)

 

General Availability

By General Availability (GA), we mean that this functionality has been released and is ready for you to dive into and start using. Often, new products or features first start out as Early Access Programs (EAP) before they become Generally Available after we've had your insights and feedback, helping us deliver the best possible products.

Cloud Optix

Oh boy oh boy oh boy. This is a big one!

More and more businesses are making the move to the public cloud, using providers such as Amazon Web Services, Google Cloud, or Microsoft Azure (<- we support these). The days of having racks of servers in your office are coming to an end. But with moving your infrastructure to the cloud, that comes with a lot of risks and a whole bunch of complexity. How do you maintain oversight, insight, and control over infrastructure you can't touch?

We launched Sophos Cloud Optix to address these issues. You can be up and running in less than 10 minutes (srsly) all you need to do is provide us with an API key for your Azure, AWS, or Google Cloud environment. Immediately you'll be able to accurately see what you have running in the cloud at all times.

Boom. An instant network diagram showing you where traffic (and data!) is flowing in, out, and within your fluffy cloudy stuff.

Combined with the power of our AI (<3 SophosLabs) and automation capabilities, compliance, governance and security monitoring in the cloud has never been so easy.

From detection of suspicious traffic patterns on the network (i.e. a data breach in action), shared access keys to your cloud provider account, and data storage left open to the public internet and more (and more... and more...). All areas that can see a company hit the headlines for the wrong reasons. So many of the major data breaches that have hit the news in recent months have been due to something as simple as AWS S3 buckets, simply misconfigured by the admin that set them up. Cloud Optix has your back!

In an ever-changing, auto-scaling public cloud environment, automatically detecting changes to your cloud environments in real time is a life saver. Cloud Optix continuously monitors compliance, with custom or out-of-the box templates for standards such as SOC2, HIPAA and GDPR – with reports generated in seconds.

Do yourself a favour and hop on over to Sophos News and read all about this truly awesome new product. You won't be disappointed!

 

Intercept X EDR v1.1

EDR just levelled up and learned some new tricks along the way!

Modern attacks aren't just viruses or worms these days. More and more, SophosLabs are seeing attackers make use of built-in features of Windows to perform the majority of their attack. PowerShell, a scripting tool that's part of Windows, is heavily used by attackers to circumnavigate poor endpoint defenses. 

We've long had capabilities, as part of Intercept X, to detect and block these kinds of attacks but now, with EDR v1.1, you'll have insight into the command line arguments used to run PowerShell, who ran it, when, where, what process initiated it, and a fingerprint of that process (so you can do some hunting for it using our existing Threat Hunting feature in EDR or share intelligence with your allies).

There are plenty of more features to come as we work our way towards v2.0. For now, head on over to Sophos News where we've got a great video to explain more.

 

Smart Banners for Email

Let's face it. Users continue to struggle to identify a safe email from a risky one. Social engineering attacks ( continue to rise and email remains one of the most popular vectors cybercriminals use to initiate their attacks.

Sophos Email now has a Super Handy New Feature - an easy to understand, color-coded banner that we'll add to incoming emails to let you know whether it's trusted, unknown, or untrusted. In addition, we include a handy button to quickly add a sender to your personal "allow" or "block" lists.

Richard has put together a great post on our Community blog so head on over and learn more about this risk-reducing feature (Super Handy New Feature)!

 

Encryption for Email

Fresh out of our Early Access Program, our shiny encryption buffs for Sophos Email have been released. This is arguably the easiest email encryption solution out there, with an awesome portal for recipients to securely reply to your emails without any complex key exchange necessary.

I talked about this last month during the Early Access Program so feel free to read that, or jump on over to the Community blog where there's a bunch more detail including a great video!

 

Enhanced Alert Notification Settings

Last but absolutely not least is a huge overhaul and expansion of our alerting features in Sophos Central.

Every admin is different. Some admins want an alert for each and every event that happens in their network, some only want to know about specific types of events, some only care about specific devices that they are responsible for (my machines!). We heard your thoughts and feelings around alerts and we decided to completely revamp how we do alerts and give you all the flexibility you could possibly want.

 Not every admin needs to receive alerts (managers, you're welcome) so you can now easily flick on or off which admins will get any alerts at all.
 Sometimes you need alerts to go to an email address that isn't registered as an admin in Central (for instance a distribution list for a team or the inbox of a funky app that turns emails into dashboard events). Just add that email address and they'll start getting alerts!

Some types of events you might want to hear about immediately, some events maybe once a day or not at all.


With the new frequency feature, you can configure alert email frequency by the severity of the event, the type of product, or the category of the event itself.

Immediately, Hourly, Daily, Never. There's are your frequencies. For now at least. Use it and tell is your experience.

 If you're browsing through the alerts page and spot a type of event you want to be alerted for differently, you can set an exception right from the alert itself! (An act of love, we know :P)

And if you're not happy with all that amazing flexibility, you can create custom rules to use all the features above in different combinations, with different frequencies, for different admins or admin roles... You're in control of alerts now and we've given you a HUGE amount of flexibility here to ensure you can have the kinds of alerting you want.

Check out the documentation if you want to learn more.

 

 

Phew! We made it. Until next time... Th-Th-The, Th-Th-The, Th-Th... That's all, folks! As usual, I'll leave you with two fun facts:

  • The blob of toothpaste you put on your brush - that has a name! It's called a "nurdle". Not to be confused with a "nurgle" (something you really don't want to do - ask any Warhammer fan).
  • Hippopotamus' milk is pink. Don't ask me how I know. Don't.

 

@secbug