Microsoft Sophos

Posted on  by admin
Intercept x sophos
  1. Microsoft Sophos Security
  2. Sophos Free Antivirus For Windows
Sophos
TypePrivate
IndustryComputer software
Founded1985; 36 years ago
Founder
HeadquartersAbingdon, England
Key people
ProductsSecurity software
ServicesComputer security
Revenue$640.7 million (2018)[1]
US$46.9 million (2018)[1]
US$66.3 million (2018)[1]
OwnerThoma Bravo
Number of employees
3,319 (2018)[1]
Websitesophos.com

Sophos Group plc is a British security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to 100- to 5,000-seat organizations. While not a primary focus, Sophos also protects home users, through free and paid antivirus solutions (Sophos Home/Home Premium) intended to demonstrate product functionality. It was listed on the London Stock Exchange until it was acquired by Thoma Bravo in February 2020.

Sophos Anti-Virus A new problem with Windows Live Mail began after installing Sophos Endpoint and Security. When trying to send outgoing messages WLM shuts down and goes through automatic restart.

Microsoft has great write ups on exploits and zero-days when they are announced and it uses intel from O365 to enhance security measures. Did not trial new Sophos stuff, cannot comment. 1 - Open the Sophos Home application and click on My Activity or Manage Devices button 2 -If applicable, enter your Sophos Home account email and password 3- If desired, check the box for “Allow the current user on this computer to access your dashboard without signing in”.

History[edit]

Sophos was founded by Jan Hruska and Peter Lammer and began producing its first antivirus and encryption products in 1985.[2] During the late 1980s and into the 1990s, Sophos primarily developed and sold a range of security technologies in the UK, including encryption tools available for most users (private or business). In the late 1990s, Sophos concentrated its efforts on the development and sale of antivirus technology, and embarked on a program of international expansion.[3]

In 2003, Sophos acquired ActiveState, a North American software company that developed anti-spam software. At that time viruses were being spread primarily through email spam and this allowed Sophos to produce a combined anti-spam and antivirus solution.[4] In 2006, Peter Gyenes and Steve Munford were named chairman and CEO of Sophos, respectively. Jan Hruska and Peter Lammer remain as members of the board of directors.[5] In 2010, the majority interest of Sophos was sold to Apax.[6] In 2010, Nick Bray, formerly Group CFO at Micro Focus International, was named CFO of Sophos.[7]

In 2011, Utimaco Safeware AG (acquired by Sophos in 2008–9) were accused of supplying data monitoring and tracking software to partners that have sold to governments such as Syria: Sophos issued a statement of apology and confirmed that they had suspended their relationship with the partners in question and launched an investigation.[8][9] In 2012, Kris Hagerman, formerly CEO at Corel Corporation, was named CEO of Sophos and joined the company's board. Former CEO Steve Munford became non-executive chairman of the board.[10] In February 2014, Sophos announced that it had acquired Cyberoam Technologies, a provider of network security products.[11] In June 2015, Sophos announced plans to raise $US100 million on the London Stock Exchange.[12] Sophos was floated on the FTSE in September 2015.[13]

On 14 October 2019 Sophos announced that Thoma Bravo, a US-based private equity firm, made an offer to acquire Sophos for US$7.40 per share, representing an enterprise value of approximately $3.9 billion. The board of directors of Sophos stated their intention to unanimously recommend the offer to the company's shareholders.[14] On 2 March 2020 Sophos announced the completion of the acquisition.[15]

Acquisitions and partnerships[edit]

From September 2003 to February 2006, Sophos served as the parent company of ActiveState, a developer of programming tools for dynamic programming languages: in February 2006, ActiveState became an independent company when it was sold to Vancouver-based venture capitalist firm Pender Financial.[16] In 2007, Sophos acquired ENDFORCE, a company based in Ohio, United States, which developed and sold security policy compliance and Network Access Control (NAC) software.[17][18] In November 2016, Sophos acquired Barricade, a pioneering start-up with a powerful behavior-based analytics engine built on machine learning techniques,[19] to strengthen synchronized security capabilities and next-generation network and endpoint protection. In February 2017, Sophos acquired Invincea, a software company that provides malware threat detection, prevention, and pre-breach forensic intelligence.[20][21][22]

In March 2020, Thoma Bravo acquired Sophos for $3.9 billion.[23]

See also[edit]

References[edit]

  1. ^ abcd'Annual Report 2018'(PDF). Sophos. Retrieved 20 March 2019.
  2. ^'Sophos: the early years'. Naked Security.
  3. ^'Exterminator Tools'. Windows IT Pro. 15 November 1999. Retrieved 24 April 2017.
  4. ^'Sophos acquires anti-spam specialist ActiveState'. www.sophos.com. Retrieved 3 January 2016.
  5. ^'Sophos Management Team Global Leaders in IT Security'. sophos.com.
  6. ^'Apax Partners to acquire majority stake in Sophos'.
  7. ^'Board of Directors'.
  8. ^'The Bureau Investigates article'. Archived from the original on 4 December 2011.
  9. ^'Statement from Sophos on Recent Media Reports'.
  10. ^'Sophos Board of Directors webpage'.
  11. ^'Sophos Acquires Cyberoam to Boost Layered Defense Portfolio'. Infosecurity Magazine.
  12. ^'Sophos Plans $100 Million London IPO'.
  13. ^'Sophos joins the UK's top public companies in the FTSE 250'.
  14. ^'Sophos founders exit before Thoma Bravo sale'. Global Capital. 5 December 2019. Retrieved 25 February 2020.
  15. ^'Sophos opens new chapter with take-private acquisition'.
  16. ^'ActiveState Acquired by Employees and Pender Financial Group; Company Renews Focus on Tools and Solutions for Dynamic Languages'. Business Wire. 22 February 2006. Retrieved 24 April 2017.
  17. ^'Sophos buys Endforce for network access control'. Network World. 11 January 2007. Retrieved 24 April 2017.
  18. ^Wauters, Robin. 'Sophos beefs up on online security, acquires Dutch security software firm SurfRight for $31.8 million'. Retrieved 2 August 2016.
  19. ^https://www.sophos.com/en-us/press-office/press-releases/2016/11/sophos-acquires-security-analytics-start-up-in-ireland.aspx
  20. ^'Sophos Adds Advanced Machine Learning to Its Next-Generation Endpoint Protection Portfolio with Acquisition of Invincea'. Sophos. 8 February 2017. Retrieved 11 February 2017.
  21. ^'Sophos grows anti-malware ensemble with Invincea'. Sophos. 8 February 2017. Retrieved 11 February 2017. One may ask, if you already have great next-generation technology, why do you need Invincea’s technology?...Think of Invincea as the superhero that takes our ensemble to the next level – the entity that adds neural network-based machine learning to the team.
  22. ^'Sophos to Acquire Invincea to Add Industry Leading Machine Learning to its Next Generation Endpoint Protection Portfolio'. Invincea. 8 February 2017. Retrieved 11 February 2017.
  23. ^'Thoma Bravo completes $3.9B Sophos acquisition'. TechCrunch. Retrieved 7 April 2020.

External links[edit]

Retrieved from 'https://en.wikipedia.org/w/index.php?title=Sophos&oldid=1014829104'

Inspiration for this post was taken from: https://rieskaniemi.com/azuremfa-nps-extension-with-sophos-utm-firewall/

Some of the things that I’ve seen at work, is that Sophos UTM VPN users are using one token for Sophos SSLVPN and another for ex. Office 365 services. Both tokens can be in Microsoft Authenticator, but only the one that Office 365 is using, can do the “pop-up”, letting the user easy sign-in, like this:

Pro

Nonetheless it’s easier for the IT dept. (and the user!) to maintain only one token solution 🙂

Here is the auth flow for Azure MFA with NPS Extension:

Nice isn’t it 😉

So how to fix?

Microsoft Sophos

We setup Sophos UTM for RADIUS validation for SSLVPN and UserPortal access, and if you use the built-in OTP solution, disable that 🙂

Microsoft Sophos

To get started:

  • If you do not have MFA enabled for your Office 365/Azure AD account’s you can enable it through following link: https://aka.ms/mfasetup
  • And of course you need to have set Azure AD Connect to get your on-premise talking with Azure, I will not go into the details with this here, as I assume this is already setup and working 🙂

Let’s go:

  1. Install the Network Policy Server (NPS) role on your member server or domain controller. Refering to the Network Policy Server Best Practices, then you will find this “To optimize NPS authentication and authorization response times and minimize network traffic, install NPS on a domain controller.” So we will go ahead and place this on the domain controller, but remember it’s also possible to do it on a domain joined member server!
    Press “Next” and the installation begins:
  2. After installation has ended, go and join the NPS to the Active Directory, right-click NPS (Local):
  3. Download and install the NPS Extension for Azure MFA here:
    https://www.microsoft.com/en-us/download/details.aspx?id=54688Note: As i did try this on a server with already setup NPS, it failed with the other mechanisms, because of this:
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#control-radius-clients-that-require-mfa

    Control RADIUS clients that require MFA

    Once you enable MFA for a RADIUS client using the NPS extension, all authentications for this client are required to perform MFA. If you want to enable MFA for some RADIUS clients but not others, you can configure two NPS servers and install the extension on only one of them.

    Configure RADIUS clients that you want to require MFA to send requests to the NPS server configured with the extension, and other RADIUS clients to the NPS server not configured with the extension.”

    So the “workround” is to run the MFA for the Sophos on a seprate NPS instance ?

  4. After it’s installed, go and follow the configure is like it’s stated here (Find TenantID and run Powershell script):
    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#azure-active-directory
  5. Go and configure your radius Client, here it’s the UTM:


    Remember the secret, we need it later on 🙂

  6. Create a “Connection request policy”:

    See above the NAS Identifier, it’s “ssl”, it’s taken from this scheme:


    Found here: https://community.sophos.com/kb/en-us/116144

    Just set like above, and the rest of the settings, just leave them to their defaults 🙂

  7. Now create a “Network Policy”
    Add a domain group, that shall have this access, to simplify, here I have choose domainDomain Users
    Now the EAP types, UTM does only support PAP, as far as I have tested:


    You will get a warning telling you that you have choosen unencrypted auth (locally – not on the Internet!), just press OK.
    Just left the rest to their default’s and save the policy.

  8. Now to create a firewall rule:
  9. Now to setup the UTM for this:

    Add new Authentication server:

    Remember to choose RADIUS:


    Fill in as your environment matches:

    Type in the secret you wrote down earlier and create a host object for your NPS, also remember to change the timeout from 3 to 15 secs!

    You can now test is the authentication through NPS and Azure MFA is working, change NAS-Identifier to “ssl” type in a users username (e.mail adress) and password, and your phone should pop-up with Microsoft Authenticator 🙂

  10. Now to grant the RADIUS users access to SSL-VPN

    Just add the built-in object “Radius Users” to your SSL-VPN profile:

  11. Now login to the User Portal and download a VPN client (You cannot use the old ones, if you already had thoose installed)
  12. Now connect through VPN, type in your full email in username and your password, then wait for MS Authenticator to pop-up, accept the token and you are logged into VPN 🙂

Microsoft Sophos Security

Sources:

Sophos Free Antivirus For Windows

Related Posts