<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:cf="https://www.futureplc.com/rss/content-flags"
>
    <channel>
                    <atom:link href="https://www.itpro.com/feeds/tag/security-appliances" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from ITPro in Security-appliances ]]></title>
                <link>https://www.itpro.com/tag/security-appliances</link>
        <description><![CDATA[ All the latest security-appliances content from the ITPro team ]]></description>
                                    <lastBuildDate>Fri, 18 Jul 2025 11:32:26 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Okta and Palo Alto Networks are teaming up to ‘fight AI with AI’ ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/okta-and-palo-alto-networks-are-teaming-up-to-fight-ai-with-ai</link>
                                                                            <description>
                            <![CDATA[ The expanded partnership aims to help shore up identity security as attackers increasingly target user credentials ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">esBUyogwUbKbo3ZHGZPP4k</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2WZnzTLX55czeRqpkNi363-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 18 Jul 2025 11:32:26 +0000</pubDate>                                                                                                                                <updated>Fri, 18 Jul 2025 11:32:47 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2WZnzTLX55czeRqpkNi363-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[LLM/AI jailbreaking concept image showing digitized human brain on mustard yellow background with pixelated parts of the brain flowing away.]]></media:description>                                                            <media:text><![CDATA[LLM/AI jailbreaking concept image showing digitized human brain on mustard yellow background with pixelated parts of the brain flowing away.]]></media:text>
                                <media:title type="plain"><![CDATA[LLM/AI jailbreaking concept image showing digitized human brain on mustard yellow background with pixelated parts of the brain flowing away.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2WZnzTLX55czeRqpkNi363-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Okta and Palo Alto Networks have announced an expanded partnership that aims to unify AI-driven security and deliver improved automated threat response.</p><p>The agreement sees the introduction of two new integrations, the first of which combines Okta Workforce Identity with Palo Alto Networks’ Prisma Access Browser to create a conditional access method that restricts access to SSO apps to the secure browser.</p><p>Identity Threat Protection with Okta AI is also being integrated with Palo Alto’s AI-powered Cortex SecOps platform, extending to Cortex XSIAM and Cortex XDR, to equip organizations with a unified view of identity risks across their entire attack surface.</p><p>As <a href="https://www.itpro.com/strategy/28181/what-is-ai">AI </a>continues to pose an increasing risk on user credentials, Stephen Lee, Okta’s VP of technology partnerships, said the integrations aim to help organizations incorporate identity into their infrastructure as part of a “fight AI with AI” approach.</p><p>"With Palo Alto Networks, Okta is proud to enhance the interoperability of our AI-powered platforms to prevent risks of <a href="https://www.itpro.com/business/business-strategy/engineering-firms-see-little-productivity-benefit-from-use-of-ai">siloed tools</a>, providing nearly 2000 joint customers with a comprehensive view of their security posture, context-aware access controls, and secure authentication to stay ahead of today’s threats," he explained.</p><h2 id="secure-access-threat-detection-gains">Secure access & threat detection gains</h2><p>By integrating Okta Workforce Identity with the Prisma Access Browser, enterprises can now implement an additional defense layer for web-based activity. </p><p>This, the duo explained, will enable employees to securely access corporate web applications and data through the browser regardless of whether a device is managed or non-managed.</p><p>Security teams will gain enhanced visibility and control over <a href="https://www.itpro.com/cloud/software-as-a-service-saas/362655/what-is-saas">SaaS </a>and web application use, while users will benefit from a secure, consistent, and speedy browsing experience.</p><p>Additionally, the new integration between Okta and Palo Alto’s Cortex XSIAM and Cortex XDR offerings introduces additional authentication for risky access and user activity. </p><p>The combined capabilities tackle threats through automated responses such as revoking user access, ending active sessions, and quarantining of endpoints.</p><h2 id="fresh-commitments-to-security">Fresh commitments to security</h2><p>Okta and Palo Alto Networks said the new integrations reinforce their shared commitment to driving zero trust adoption while ensuring secure and seamless access for hybrid workforces. </p><p>Joint customers will benefit from a “clear, integrated path” to confidently secure operations while simultaneously reducing costs and complexity.</p><p>"Our deep integrations with Okta ensure that our solutions are engineered to work together, making it easier for our customers to achieve higher levels of security and user experience,” commented Pamela Cyr, Palo Alto Networks’ VP of technical partnerships.</p><p>“These new integrations, from securing application access with Prisma Access Browser to providing unified protection against identity threats through our Cortex platform, empower organizations with comprehensive, AI-driven defense."</p><h3 class="article-body__section" id="section-more-from-channelpro"><span>MORE FROM CHANNELPRO</span></h3><ul><li><a href="https://www.itpro.com/business/business-strategy/msps-are-burned-out-and-overworked-as-tool-sprawl-and-it-complexity-grows-but-theres-light-on-the-horizon">MSPs are burned out and overworked as tool sprawl and IT complexity grows</a></li><li><a href="https://www.itpro.com/hardware/brother-uk-revamps-inkjet-lineup-to-drive-partner-opportunities">Brother UK revamps inkjet lineup to drive partner opportunities</a></li><li><a href="https://www.itpro.com/business/effective-data-and-cleo-expand-partnership-to-drive-supply-chain-integration-capabilities">Effective Data and Cleo expand partnership to drive supply chain integration capabilities</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Neglecting printer security is leaving you wide open to cyber attacks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/hardware/neglecting-printer-security-is-leaving-you-wide-open-to-cyber-attacks</link>
                                                                            <description>
                            <![CDATA[ Enterprises are ignoring printer security risks and failing to update, according to HP Wolf Security, leaving them vulnerable to cyber attacks. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rKyUXsgBPcAjxLaxh7Yup9</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mNU2DEGekMnJ4skBCMjCri-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 17 Jul 2025 09:34:08 +0000</pubDate>                                                                                                                                <updated>Thu, 17 Jul 2025 09:34:27 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Emma Woollacott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/aWfskavxoVSMDy6cDWtYmJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mNU2DEGekMnJ4skBCMjCri-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Man using a printer in an open plan office space while talking to colleague.]]></media:description>                                                            <media:text><![CDATA[Man using a printer in an open plan office space while talking to colleague.]]></media:text>
                                <media:title type="plain"><![CDATA[Man using a printer in an open plan office space while talking to colleague.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mNU2DEGekMnJ4skBCMjCri-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If you need another reason to hate <a href="https://www.itpro.com/hardware/367568/best-small-printers">printers</a>, you can add 'security risk' to the list.</p><p>A new study from <a href="https://www.itpro.com/security/365770/hp-unveils-new-unified-wolf-security-platform">HP Wolf Security</a> reveals that printer security is routinely neglected, with businesses failing to carry out firmware upgrades. </p><p>Only 36% of IT and security decision-makers apply <a href="https://www.itpro.com/hardware/368799/led-vs-laser-printers-what-is-better-for-business">printer</a> firmware updates promptly, even though IT teams spend an average of 3.5 hours per printer, per month managing security issues.</p><div class="product"><a data-dimension112="8c0f4bef-0471-42c5-90d4-126b476cbb32" data-action="Deal Block" data-label="30% off Keeper Security's Business Starter and Business plans" data-dimension48="30% off Keeper Security's Business Starter and Business plans" href="https://www.keepersecurity.com/en_GB/affiliate/business/" target="_blank" rel="nofollow"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:310px;"><p class="vanilla-image-block" style="padding-top:52.58%;"><img id="VVXzWjJJrXo7mwL5n5f4mf" name="Keeper Security logo.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/VVXzWjJJrXo7mwL5n5f4mf.png" mos="" align="middle" fullscreen="" width="310" height="163" attribution="" endorsement="" credit="" class=""></p></div></div></figure></a><p><a href="https://www.keepersecurity.com/en_GB/affiliate/business/" data-dimension112="8c0f4bef-0471-42c5-90d4-126b476cbb32" data-action="Deal Block" data-label="30% off Keeper Security's Business Starter and Business plans" data-dimension48="30% off Keeper Security's Business Starter and Business plans" data-dimension25=""><strong>30% off Keeper Security's Business Starter and Business plans</strong></a></p><p>Keeper Security is trusted and valued by thousands of businesses and millions of employees. Why not join them and protect your most important assets while taking advantage of this special offer?<a class="view-deal button" href="https://www.keepersecurity.com/en_GB/affiliate/business/" target="_blank" rel="nofollow" data-dimension112="8c0f4bef-0471-42c5-90d4-126b476cbb32" data-action="Deal Block" data-label="30% off Keeper Security's Business Starter and Business plans" data-dimension48="30% off Keeper Security's Business Starter and Business plans" data-dimension25="">View Deal</a></p></div><p>Steve Inch, global senior print security strategist at HP, said an often overlooked aspect of printer security is the fact they’re no longer just “harmless office fixtures”. </p><p>“They’re smart, <a href="https://www.itpro.com/mobile/mobile-phones/359826/smart-devices-more-than-doubled-in-us-homes-amid-covid-pandemic">connected devices</a> storing sensitive data,” he said. “With multi-year refresh cycles, unsecured printers create long-term vulnerabilities.”</p><p>"If compromised, attackers can harvest confidential information for extortion or sale,” Inch added. “The wrong choice can leave organizations blind to firmware attacks, tampering or intrusions, effectively laying out the welcome mat for attackers to access the wider network.”</p><h2 id="printer-security-is-becoming-a-nightmare">Printer security is becoming a nightmare</h2><p>Security gaps are appearing at every stage of the product lifecycle, researchers found, with only 38% of respondents saying procurement, IT, and security teams collaborate to define printer security standards.  </p><p>Six-in-ten believe this lack of cross-functional collaboration puts their organization at risk.  </p><p>Meanwhile, 42% said they don't involve IT or security teams in vendor presentations, with 54% failing to request technical documentation to validate security claims, and 55% failing to submit vendor responses to security teams for review.  </p><p>Nor do they check the printer’s integrity, with more than half saying they can't confirm whether the printer has been tampered with in the factory or in transit. </p><p>Moreover, once the printer does arrive, only 35% of IT decision makers said they could identify whether it was vulnerable based on newly published hardware or firmware vulnerabilities.  </p><p>Only 34% can track unauthorized hardware changes made by users or support teams while just 32% can detect security events linked to hardware-level attacks. </p><p>Another key security risk highlighted by the study centers around when printers reach end of life. A majority (86%) of respondents said data security is a barrier to reuse, resale, or recycling. </p><p>More than a third said they were uncertain whether printers can be fully and safely wiped. </p><p>Notably, a quarter of respondents said they play it safe by physically destroying printer storage drives, and one-in-ten destroy both the storage drives and the device itself. </p><h2 id="enterprises-need-to-get-their-act-in-order">Enterprises need to get their act in order</h2><p>HP Wolf Security said organisations need to foster closer collaborative ties between IT, security, and procurement teams on this front to bolster security and resilience. </p><p>This includes making sure they get security certificates for products and supply chain processes, the report noted. </p><p>Similarly, they should apply firmware updates promptly, use tools to streamline printer policy-based configuration compliance, and select printers with built-in secure erasure capabilities to enable safe recycling. </p><p>"By considering security at each stage of a printer’s lifecycle, organizations will not only improve the security and resilience of their endpoint infrastructure, but also benefit from better reliability, performance, and cost-efficiency over the lifetime of their fleets,” said Boris Balacheff, chief technologist for security research and innovation at HP.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/hardware/367568/best-small-printers">The best compact printers for your business in 2025</a></li><li><a href="https://www.itpro.com/hardware/printers/hps-ai-printer-push-continues-with-new-edge-capabilities-and-security-features">HP's AI printer push continues with new edge capabilities and security features</a></li><li><a href="https://www.itpro.com/hardware/367538/best-all-in-one-printers">The best all-in-one printers for your business in 2025</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XGS 116 review: A small and mighty appliance  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/369069/sophos-xgs-116-review-a-small-and-mighty-appliance</link>
                                                                            <description>
                            <![CDATA[ This clever and compact security gateway brings outstanding security and remote management features at a tempting price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xuJd28nDcP6VyU6mUE9svG</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tZYMk5tvV6bVaanXUYKxof-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 14 Sep 2022 10:34:02 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tZYMk5tvV6bVaanXUYKxof-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photograph of the Sophos XGS 116 ]]></media:description>                                                            <media:text><![CDATA[A photograph of the Sophos XGS 116 ]]></media:text>
                                <media:title type="plain"><![CDATA[A photograph of the Sophos XGS 116 ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tZYMk5tvV6bVaanXUYKxof-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Don’t be deceived by its modest dimensions: the Sophos XGS 116 is a security powerhouse. Aimed at busy SMBs and branch offices, this desktop appliance boasts a raw firewall throughput of 7,700Mbits/sec, and even with full threat protection enabled it keeps up a creditable 685Mbits/sec.</p><p>That’s largely thanks to Sophos’ dual-processor architecture. The Xstream Flow Processor provides a hardware acceleration layer that’s optimised for specific network tasks, ensuring the main AMD CPU doesn’t get bogged down.</p><p>Connection options abound. The rear panel presents eight Gigabit Ethernet ports – with PoE+ on the last one – plus one fibre port. While there’s no built-in modem, an expansion bay lets you add VDSL2 or 3G/4G modules, although Sophos’ Flexi network cards only work with larger rackmount models <a href="https://www.itpro.com/security/361926/sophos-xgs-3300-review-xstream-firewall-performance" data-original-url="https://www.itpro.com/security/361926/sophos-xgs-3300-review-xstream-firewall-performance">like the XGS 3300</a>.</p><p>The flexible licensing model allows you to choose which features you want, and there are plenty on offer. We’ve shown the price of a three-year Xstream subscription above, which enables the base firewall licence along with Xstream TLS 1.3 SSL inspection, deep packet inspection, network, web and <a href="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale" data-original-url="https://www.itpro.com/security/zero-day-exploit/360447/why-zero-day-exploits-are-surging-on-an-unprecedented-scale">zero-day protection</a> modules, central orchestration and enhanced 24/7 support. The email and web server protection modules are optional extras, each costing around £142 for a three-year licence.</p><p>Deployment is easy thanks to the appliance’s web console wizard, which guides you through the steps required to get secure internet access up and running. We chose routed mode as we wanted the appliance to provide all security functions; protection starts immediately, with the wizard enabling a standard set of firewall security policies including web filtering and <a href="https://www.itpro.com/malware/28153/whats-the-difference-between-antimalware-and-antivirus" data-original-url="https://www.itpro.com/malware/28153/whats-the-difference-between-antimalware-and-antivirus">anti-malware</a>.</p><p>Henceforth, the Control Center dashboard provides everything you need to know about network activity and security issues. Graphs provide a clear visual overview of web traffic and network attacks, plus blocked and allowed applications and web categories. The User and Device Insights section keeps track of activity in modules such as SSL inspection, advanced threat protection and zero-day protection, and clicking on an icon takes you directly to a more detailed report.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="XfftNW53zuzRxoF2mJAmNF" name="" alt="A screenshot of the Sophos XGS 116's control software" src="https://cdn.mos.cms.futurecdn.net/XfftNW53zuzRxoF2mJAmNF.jpg" mos="https://cdn.mos.cms.futurecdn.net/XfftNW53zuzRxoF2mJAmNF.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Remote management comes into play too, via <a href="https://www.itpro.com/security/endpoint-security/356634/sophos-central-endpoint-protection-review-because-youre-worth-it" data-original-url="https://www.itpro.com/security/endpoint-security/356634/sophos-central-endpoint-protection-review-because-youre-worth-it">the Sophos Central portal</a>. After we’d registered the appliance with our account, we were able to bring up live reports in a web browser, and to access the appliance’s Control Center console remotely for full configuration. </p><p><a href="https://www.itpro.com/security/357935/top-security-tips-for-employees-working-from-home" data-original-url="https://www.itpro.com/security/357935/top-security-tips-for-employees-working-from-home">Businesses with home workers</a> will love the Synchronised Security feature, which extends firewall protection to remote systems running <a href="https://www.itpro.com/security/endpoint-security/361685/sophos-intercept-x-advanced-review-ai-powered-protection" data-original-url="https://www.itpro.com/security/endpoint-security/361685/sophos-intercept-x-advanced-review-ai-powered-protection">the Sophos Intercept X endpoint agent</a>. A heartbeat service monitors and automatically isolates any that are compromised, while the application control feature detects unknown applications running on endpoints and pushes out firewall policies to secure them.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359101/sophos-xg-230-rev2-review-powerful-and-flexible" data-original-url="/security/unified-threat-management-utm/359101/sophos-xg-230-rev2-review-powerful-and-flexible">Sophos XG 230 Rev.2 review: Powerful and flexible</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one" data-original-url="/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one">Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/362948/watchguard-firebox-m290-review-stiff-security-at-a" data-original-url="/security/unified-threat-management-utm/362948/watchguard-firebox-m290-review-stiff-security-at-a">WatchGuard Firebox M290 review: Stiff security at a great price</a></p></div></div><p>All of this is controlled via policies that bring together firewall rules, service filters, schedules and specific settings for intrusion detection, email, applications and web filtering. That last feature is particularly impressive: the appliance comes with predefined settings to get you started, but you can choose to block or allow sites in over 90 categories. Application controls are equally extensive, with more than 3,500 predefined filters supplied, including 12 for Twitter and 73 for Facebook, so you can finely control social networking in the workplace.</p><p>A new filtering feature in the latest firmware also makes it easy to find specific rules within complex policies, and lets you reset traffic counters to zero with a click – a big improvement on the previous release, which required a reboot.</p><p>All told, the XGS 116 delivers strong gateway security measures at a great price. It has the power to cope with high demand, and the integration with Sophos’ endpoint security software will appeal to businesses that want to extend their protection to home workers.</p><h2 id="sophos-xgs-116-specifications">Sophos XGS 116 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >1U desktop chassis </td></tr><tr><td  ><strong>CPU</strong></td><td  >2.1GHz quad-core AMD RX-421ND CPU</td></tr><tr><td  ><strong>Memory</strong></td><td  >4GB DDR4</td></tr><tr><td  ><strong>Storage included</strong></td><td  >64GB SATA SSD</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x GbE ports (PoE+ on port 8), SFP GbE</td></tr><tr><td  ><strong>Other ports</strong></td><td  >RJ45/micro-USB COM ports, USB 3, USB 2, expansion slot</td></tr><tr><td  ><strong>Management</strong></td><td  >Sophos Control Center</td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >320 x 213 x 44mm</td></tr><tr><td  ><strong>Weight</strong></td><td  >2.2kg</td></tr><tr><td  ><strong>Warranty</strong></td><td  >1yr standard hardware warranty</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox M290 review: Stiff security at a great price ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/362948/watchguard-firebox-m290-review-stiff-security-at-a</link>
                                                                            <description>
                            <![CDATA[ The Firebox M290 delivers an incredible range of gateway security measures priced right for SMBs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vWXWuY1hpBmPdAtnmuvCSn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Mx5kTTg444dfDWEBdbGFEB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 23 Feb 2022 10:07:41 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Mx5kTTg444dfDWEBdbGFEB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photograph of the WatchGuard Firebox M290]]></media:description>                                                            <media:text><![CDATA[A photograph of the WatchGuard Firebox M290]]></media:text>
                                <media:title type="plain"><![CDATA[A photograph of the WatchGuard Firebox M290]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Mx5kTTg444dfDWEBdbGFEB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>WatchGuard’s latest M-series rackmount security appliances have a sharp focus on value and are designed to offer SMBs and mid-sized companies affordable enterprise-level gateway security. Stepping up as the entry point of the family, the Firebox M290 on review certainly hits this target: the price we’ve shown includes the appliance and a 3-year Total Security Suite (TSS) subscription which enables every feature WatchGuard has to offer.</p><p>Clothed in <a href="https://www.itpro.com/security/unified-threat-management-utm/357252/watchguard-firebox-t20-w-review-superb-all-in-one" data-original-url="https://www.itpro.com/security/unified-threat-management-utm/357252/watchguard-firebox-t20-w-review-superb-all-in-one">Watchguard’s customary fire engine-red chassis</a>, this 1U rack appliance targets businesses with up to 75 users and boasts a high raw firewall throughput of 5.8Gbits/sec, dropping to 1.18Gbits/sec with all UTM services enabled. With <a href="https://www.itpro.com/security/361390/https-based-attacks-soar-over-300" data-original-url="https://www.itpro.com/security/361390/https-based-attacks-soar-over-300">the bulk of malware now being delivered over HTTPS-encrypted connections</a>, the M290 has the horsepower to handle these inspection overheads, as it’s powered by a quad-core NXP LX1046A CPU partnered by 4GB of DDR4 system memory.</p><p>Network connections look good too, and the M290 presents eight Gigabit ports which can be used for WAN, LAN or DMZ duties. There’s room for even more via the expansion slot at the front, which supports an optional module with four copper or fibre Gigabit ports, or dual 10GbE SFP+.</p><p>On top of this, WatchGuard also offers a 4-port multi-Gigabit module with PoE+, but while you can use it in the M290, this appliance doesn’t support the required optional 54V power supply, so its PoE+ services will be disabled. If you want this functionality, you’ll have to opt for the M590 or the M690, as these are the only ones which fully support this module.</p><h2 id="watchguard-firebox-m290-review-security-features">WatchGuard Firebox M290 review: Security features</h2><p>WatchGuard offers two Firebox licence schemes so you could save some cash with the Basic Security Suite subscription. Available for one or three year periods and costing £2,077 exc VAT for the latter, this activates gateway antivirus (GAV), antispam, web filtering, HTTPS inspection, IPS, application controls, WatchGuard’s RED (reputation enabled defence) cloud-based URL filtering and secure <a href="https://www.itpro.com/software-defined-wide-area-network-sd-wan/33346/what-is-sd-wan" data-original-url="https://www.itpro.com/software-defined-wide-area-network-sd-wan/33346/what-is-sd-wan">software defined WAN (SD-WAN)</a> services. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="smy6A2u88PEUDWVoZccH3N" name="" alt="A screenshot of the WatchGuard Firebox M290's web console" src="https://cdn.mos.cms.futurecdn.net/smy6A2u88PEUDWVoZccH3N.jpg" mos="https://cdn.mos.cms.futurecdn.net/smy6A2u88PEUDWVoZccH3N.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>A TSS subscription includes all these features, but additionally augments them with WatchGuard’s advanced persistent threat (APT) blocker, plus its Threat Detection and Response (TDR) service with a 75 host sensor licence included. Malware protection is beefed up with IntelligentAV which uses the Cylance AI-based engine to scan files such as <a href="https://www.itpro.com/software/microsoft-office/362184/microsoft-disables-vba-macros-in-office-by-default" data-original-url="https://www.itpro.com/software/microsoft-office/362184/microsoft-disables-vba-macros-in-office-by-default">Office documents</a>, Windows portable executables and PDFs after they’ve passed through the GAV scanner.</p><p>WatchGuard’s DNSWatch service also monitors client DNS requests and blocks access to known malicious domains. Remote monitoring and management via the WatchGuard Cloud portal is enabled across all subscriptions and TSS increases the log retention to 30 days.</p><h2 id="watchguard-firebox-m290-review-management-choices">WatchGuard Firebox M290 review: Management choices</h2><p>Management choices are impressive - you can monitor and configure the M290 using its local web console and run WatchGuard’s free System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. </p><p>Next up is WatchGuard’s free Dimension software which is virtualized on a Hyper-V or VMware host. This provides a separate web console for viewing appliance utilisation, an executive dashboard, policy activity graphs and a global threat map, and enabling the optional Dimension Command feature brings Firebox management into play.</p><p>We think WatchGuard’s Cloud is a better choice than Dimension, as it provides all the same features without the need for a host system. You have two choices: you can keep local management enabled and set the appliance to send its logs to the cloud for monitoring and reporting, or disable local management and move it all into the cloud.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="WnojsUjWvkaVjBQZ6HzkMW" name="" alt="A screenshot of the WatchGuard Firebox M290's config dashboards" src="https://cdn.mos.cms.futurecdn.net/WnojsUjWvkaVjBQZ6HzkMW.jpg" mos="https://cdn.mos.cms.futurecdn.net/WnojsUjWvkaVjBQZ6HzkMW.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-m290-review-cloud-deployment">WatchGuard Firebox M290 review: Cloud deployment</h2><p>Initial deployment is swift, as the appliance’s web console provides a quick start wizard which runs through enabling <a href="https://www.itpro.com/security/firewalls/355328/how-to-build-your-own-firewall-with-pfsense" data-original-url="https://www.itpro.com/security/firewalls/355328/how-to-build-your-own-firewall-with-pfsense">firewall-protected internet access</a> and applying a base set of security policies. We had already registered the serial number of the M290 with our cloud support account so it grabbed our TSS feature key and applied it for us.</p><p>From our WatchGuard Cloud portal, we could see the appliance was available for allocation and selecting this offered two options: local management with cloud reporting and full cloud management. Initially, we chose the former and after a few minutes, a wealth of information from the M290’s activity logs started appearing in our portal including detailed views of traffic, web and application activity, all security services and the most active clients.</p><p>Swapping to full cloud management required the M290 to be deallocated, returned to our inventory and reallocated with this option selected. After running through WAN port setup and applying a new administrative password, the M290 disabled local management and only provided options to view its status, upgrade the OS and load the cloud portal.</p><h2 id="watchguard-firebox-m290-review-cloud-security-settings">WatchGuard Firebox M290 review: Cloud security settings</h2><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/361926/sophos-xgs-3300-review-xstream-firewall-performance" data-original-url="/security/361926/sophos-xgs-3300-review-xstream-firewall-performance">Sophos XGS 3300 review: Xstream firewall performance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security" data-original-url="/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security">Zyxel USG Flex 100 review: Flexible gateway security</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one" data-original-url="/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one">Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box</a></p></div></div><p>Configuring the M290 from the cloud portal is even easier than using its local web interface, as all security settings are accessed from a single web page. For content scanning, we could enable GAV and choose an action when a virus is detected, activate IntelligentAV with one click and set APT to drop traffic for high, medium and low threat levels.</p><p>Antispam uses policies for incoming SMTP, IMAP or POP3 traffic with options to allow, deny or tag suspect messages. The content filtering section provides access to the WebBlocker service which offers 130 URL categories that can be allowed, blocked or set to display a warning page to users. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="v9NuHn7peNG8Bp89c9QXkB" name="" alt="A screenshot of the WatchGuard Firebox M290's threat map" src="https://cdn.mos.cms.futurecdn.net/v9NuHn7peNG8Bp89c9QXkB.jpg" mos="https://cdn.mos.cms.futurecdn.net/v9NuHn7peNG8Bp89c9QXkB.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>WebBlocker actions are applied with firewall rules and are also used to manage the application control service. This presents nearly 1,300 predefined app signatures, including 12 sub-categories for all Facebook activities, making it easy to block or control its use in the workplace.</p><h2 id="watchguard-firebox-m290-review-verdict">WatchGuard Firebox M290 review: Verdict</h2><p>The Firebox M290 is an attractive choice for SMBs; it combines a superb range of security measures and delivers them at a sensible price. We found it easy to deploy and configure, with WatchGuard’s Cloud portal providing excellent remote management and monitoring features.</p><h2 id="watchguard-firebox-m290-specifications">WatchGuard Firebox M290 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >1U rack</td></tr><tr><td  ><strong>CPU</strong></td><td  >Quad-core NXP LX1046A</td></tr><tr><td  ><strong>Memory</strong></td><td  >4GB ECC DDR4</td></tr><tr><td  ><strong>Storage</strong></td><td  >128GB M.2 SATA SSD</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x Gigabit</td></tr><tr><td  ><strong>Expansion</strong></td><td  >1 x module bay</td></tr><tr><td  ><strong>Other ports</strong></td><td  >2 x USB 2, RJ-45 serial</td></tr><tr><td  ><strong>Power</strong></td><td  >Internal 65W PSU</td></tr><tr><td  ><strong>Management</strong></td><td  >Web browser, WatchGuard WSM/Dimension/Command/Cloud</td></tr><tr><td  ><strong>Warranty</strong></td><td  >Included in subscription</td></tr><tr><td  ><strong>Optional modules</strong></td><td  >2 x 10GbE SFP+, £711; 4 x 1GbE copper, £466 (all exc VAT)</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XGS 3300 review: Xstream firewall performance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/361926/sophos-xgs-3300-review-xstream-firewall-performance</link>
                                                                            <description>
                            <![CDATA[ A powerful firewall appliance combining hardware acceleration with a vast array of security measures ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">quuVhh2nhrxwNSbsRa38bH</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/wXAB7QBQsrXsWCXuyqv4qM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 07 Jan 2022 11:18:44 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/wXAB7QBQsrXsWCXuyqv4qM-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photograph of the Sophos XGS 3300]]></media:description>                                                            <media:text><![CDATA[A photograph of the Sophos XGS 3300]]></media:text>
                                <media:title type="plain"><![CDATA[A photograph of the Sophos XGS 3300]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/wXAB7QBQsrXsWCXuyqv4qM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The XGS family of security appliances represent a radical shift in direction for Sophos as they take over from <a href="https://www.itpro.com/security/unified-threat-management-utm/359101/sophos-xg-230-rev2-review-powerful-and-flexible" data-original-url="https://www.itpro.com/security/unified-threat-management-utm/359101/sophos-xg-230-rev2-review-powerful-and-flexible">the older XG models</a> and deliver a new dual processor architecture. Built around Xstream flow processors, they provide a hardware acceleration layer which Sophos reckons can realise a minimum two-fold performance boost over equivalent XG models by removing much of the workload from the main CPU.</p><p>This is no idle claim: the XGS 3300 we have on review boasts a massive firewall IMIX (internet mix) throughput of 24.5Gbits/sec, dropping to 13.4Gbits/sec with IPS enabled. By contrast, the XG 330 it replaces could only muster equivalent throughputs of 12.5Gbits/sec and 8.5Gbits/sec respectively.</p><p>Intel gets the elbow too, as the Xeon E3 v5 CPUs in the XG range have been replaced by <a href="https://www.itpro.com/hardware/361903/amd-unveils-ryzen-6000-laptop-processors-with-rdna2-graphics" data-original-url="https://www.itpro.com/hardware/361903/amd-unveils-ryzen-6000-laptop-processors-with-rdna2-graphics">AMD’s Ryzen</a> Embedded V1000 series, sporting a 3.35GHz quad-core V1780B SoC (System on Chip). This is partnered by 16GB of DDR4 memory while firmware, log and report storage is handled by an internal 240GB SATA SSD.</p><h2 id="sophos-xgs-3300-review-licensing-and-deployment">Sophos XGS 3300 review: Licensing and deployment</h2><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one" data-original-url="/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one">Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security" data-original-url="/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security">Fortinet FortiGate 60F: A fully-featured security appliance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security" data-original-url="/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security">Zyxel USG Flex 100 review: Flexible gateway security</a></p></div></div><p>Aimed at distributed edge deployments in large SMBs and mid-sized organisations, this 1U rack appliance presents eight copper and two SFP fibre Gigabit, plus dual SFP+ fibre 10GbE ports. It offers one Flexi expansion slot which accepts two-, four- and eight-port Gigabit and 10GbE modules, but be aware that it doesn’t support those from the older XG range.</p><p>Licensing has changed quite a bit too and you can customize features by choosing which protection modules you want. The Xstream bundle enables base firewall features including Xstream Network Flow FastPath along with TLS 1.3 and deep packet inspection, and adds the network, web and zero-day protection modules, central orchestration and enhanced 24/7 support. This doesn’t include the email and web server protection modules though, which are available as optional extras.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="KkVQKRwzCyTGU3eV9ecMnf" name="" alt="A screenshot of the Sophos XGS 3300 firewall reporting console" src="https://cdn.mos.cms.futurecdn.net/KkVQKRwzCyTGU3eV9ecMnf.jpg" mos="https://cdn.mos.cms.futurecdn.net/KkVQKRwzCyTGU3eV9ecMnf.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>A dedicated management port is provided and we found initial deployment via the browser-based quick-start wizard swift. After insisting we secured administrative access, it helped set up LAN and WAN port address assignments plus DHCP services and provide an email address for alerting.</p><p>We chose routed mode, as we wanted the appliance to provide all security functions including firewalling. Protection starts immediately, with a base set of firewall security policies created for you which enable web filtering and anti-malware.</p><h2 id="sophos-xgs-3300-review-management-services">Sophos XGS 3300 review: Management services</h2><p>The local web console opens with a very informative Control Center dashboard presenting a detailed overview of network activity, security issues, web traffic, detected network attacks plus blocked and allowed applications and web categories. The User and device Insights section is particularly useful as it provides active icons for functions such as zero-day protection. Clicking on these shows downloaded files that have been sent to the Sophos cloud sandbox for detonation and analysis to see whether they are safe to release.</p><p>If you have <a href="https://www.itpro.com/security/endpoint-security/356634/sophos-central-endpoint-protection-review-because-youre-worth-it" data-original-url="https://www.itpro.com/security/endpoint-security/356634/sophos-central-endpoint-protection-review-because-youre-worth-it">a Sophos Central account</a>, you can manage the firewall remotely as well. It’s dead easy, too; after registering the XGS 3300 with our cloud account, we were able to view live reports from the portal and configure it using exactly the same console as the local one.</p><p>Sophos Central has another trick up its sleeve, and its endpoint agents can be brought under the firewall’s control with the Synchronized Security feature. This uses a heartbeat service to monitor endpoints running the Intercept X agent and if any are compromised, a firewall policy with a minimum heartbeat setting isolates all systems in the same zone. </p><p>The SAC (synchronized application control) feature also works with this service, as it detects unknown applications and pushes out firewall policies to control them. Cloud apps get the same tough love: the dashboard insights section lists all those detected and you can classify each one as sanctioned or unsanctioned and apply a traffic shaping policy to control their use.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="6J6yYZ3BfuYZHC7ydWTjLo" name="" alt="A screenshot of the Sophos XGS 3300 Control Centre" src="https://cdn.mos.cms.futurecdn.net/6J6yYZ3BfuYZHC7ydWTjLo.jpg" mos="https://cdn.mos.cms.futurecdn.net/6J6yYZ3BfuYZHC7ydWTjLo.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="sophos-xgs-3300-review-security-and-reporting">Sophos XGS 3300 review: Security and reporting</h2><p>The XGS 3300 is highly versatile, and you can place its ports in different zones and apply custom security policies to each one. Policies contain firewall rules for sources and destinations, service filters, blocking actions and time schedules and you can apply custom policies for web filtering, IPS and application controls.</p><p>The new filtering option makes it easy to find a specific rule in the list and firewall rule traffic counters for selected policies can now be reset back to zero from the web console without having to reboot the appliance. You don’t need to change rule priorities in policies with drag and drop either, as they can be reordered directly from the policy drop down menu.</p><p>There are plenty more security features to play with; web filtering offers 86 URL categories to block or allow while application controls currently provide 3,532 predefined apps. If you want Facebook gone from the workplace, you’ll be pleased to know Sophos provides 73 app categories covering every possible social activity. </p><p>Reporting is a standard feature on all XGS models with the web console providing a wealth of information on all things security related. The reports option in the web console’s side menu loads a variety of dashboards and graphs showing detected threats, malware and web content filtering activities, offers reports for key compliance standards, and all their content can be exported in PDF, HTML and CSV formats.</p><h2 id="sophos-xgs-3300-review-verdict">Sophos XGS 3300 review: Verdict</h2><p>The XGS 3300 is easy to deploy, although the sheer range of security features may present new users with a steep learning curve for ongoing configuration. Sophos does provide copious online documentation and videos but it’s a lot to wade through and it still refers to the XG firewalls.</p><p>Overall though, the XGS 3300 is clearly a very powerful and well-endowed firewall appliance. The network ports and zones make it very versatile, the latest SFOS 18.5 software adds many features designed to ease management, and integration with Sophos Central allows it to extend its protection umbrella to remote workers.</p><h2 id="sophos-xgs-3300-specifications">Sophos XGS 3300 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >1U rack</td></tr><tr><td  ><strong>CPU</strong></td><td  >3.35GHz quad-core AMD Ryzen Embedded V1780B</td></tr><tr><td  ><strong>Memory</strong></td><td  >16GB DDR4</td></tr><tr><td  ><strong>Storage</strong></td><td  >240GB SATA SSD</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x Gigabit copper, 2 x Gigabit SFP, 2 x 10GbE SFP+</td></tr><tr><td  ><strong>Expansion</strong></td><td  >1 x Flexi module slot</td></tr><tr><td  ><strong>Other ports</strong></td><td  >2 x USB 3, 1 x USB 2, RJ45 MGMT, COM, micro-USB</td></tr><tr><td  ><strong>Power</strong></td><td  >Internal PSU, optional external redundant PSU</td></tr><tr><td  ><strong>Management</strong></td><td  >Web browser, Sophos Central</td></tr><tr><td  ><strong>Warranty</strong></td><td  >Included in subscription</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Ubiquiti Networks UniFi Dream Machine Pro review: All the security you need in one handy box ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/361559/ubiquiti-networks-unifi-dream-machine-pro-review-all-the-security-you-need-in-one</link>
                                                                            <description>
                            <![CDATA[ An affordable security gateway that can take care of a wide range of security needs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rekMV1YvPZm8wfEiT4sngC</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aA3UqZPtKiDCnx7nYQp6QC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Nov 2021 08:00:16 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aA3UqZPtKiDCnx7nYQp6QC-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Photo of the Ubiquiti Networks UniFi Dream Machine Pro]]></media:description>                                                            <media:text><![CDATA[Photo of the Ubiquiti Networks UniFi Dream Machine Pro]]></media:text>
                                <media:title type="plain"><![CDATA[Photo of the Ubiquiti Networks UniFi Dream Machine Pro]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aA3UqZPtKiDCnx7nYQp6QC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As an all-in-one security gateway, Ubiquiti’s UniFi Dream Machine Pro takes some beating. This sleek 1U rack appliance provides gateway, routing, VPN and firewall services, plus threat protection, deep packet inspection and wireless network management too, courtesy of the integrated UniFi Controller. Slot a hard disk into the front-facing bay and the appliance can even be used as a recording vault for UniFi IP surveillance cameras.</p><p>Connectivity is well covered, as the appliance incorporates a managed eight-port <a href="https://www.itpro.com/server-storage/network-switches/355660/choosing-the-right-ethernet-switch" data-original-url="https://www.itpro.com/server-storage/network-switches/355660/choosing-the-right-ethernet-switch">Gigabit Ethernet switch</a>, alongside a Gigabit WAN port and two 10GbE SFP+ high-performance fibre ports for LAN and WAN duties. And the UDM Pro is no lightweight when it comes to performance: Ubiquiti claims a high firewall throughput of 3.5Gbits/sec with IDP/IPS enabled – quite remarkable at this price point. It’s achieved thanks to a speedy 1.7GHz quad-core ARM CPU, partnered with a generous 4GB of DDR4 RAM and 16GB of flash storage.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity" data-original-url="/security/29068/is-your-company-taking-enough-accountability-on-cybersecurity">Is your company taking enough accountability on cyber security?</a></p></div></div><p>The one thing that’s notably missing is a built-in wireless access point: the <a href="https://www.itpro.com/hardware/routers/354803/ubiquiti-networks-unifi-dream-machine-review-a-dream-come-true" data-original-url="https://www.itpro.com/hardware/routers/354803/ubiquiti-networks-unifi-dream-machine-review-a-dream-come-true">desktop Dream Machine</a> includes its own AP, but that wouldn’t make a lot of sense in a metal rack cabinet. Power over Ethernet isn’t supported either, but you can combine the appliance with one of Ubiquiti’s affordable PoE switches; we used its USW-Pro-24-PoE model for testing.</p><p>Gateway installation is a cinch. After connecting the appliance’s WAN port to an internet line, we used the UniFi Network iOS app on an iPad to discover the Dream Machine over Bluetooth. The app’s quick-start wizard then linked it to our Ubiquiti cloud account and automatically installed the latest firmware.</p><p>From here on, you can use the UniFi web portal to access the Network and Protect apps. The Network page opens with a smart dashboard of graphs showing measured internet speeds, most active clients and applications, client device types and wireless experience scores. Everything you need to know about your networks is on hand, with a <a href="https://www.itpro.com/network-internet/31778/what-is-network-topology" data-original-url="https://www.itpro.com/network-internet/31778/what-is-network-topology">detailed topology view</a>, lists of all managed UniFi devices and connected clients, plus a complete breakdown of all traffic. The latter includes pie charts for web, media streaming, file sharing, network protocols and more, along with breakdowns of upstream and downstream traffic.</p><p>As for protection, <a href="https://www.itpro.com/network-internet/31914/what-is-network-intelligence" data-original-url="https://www.itpro.com/network-internet/31914/what-is-network-intelligence">deep packet inspection</a> is enabled by default; you can either activate passive IDS to alert you to intrusions, or use IDP to block them, choosing a detection sensitivity level and selecting the types of threats you want to be protected against. URL content filtering can be applied too, with separate settings for work or home environments.</p><p>We were also able to use the iOS app to add the USW PoE switch to our account, and were blown away by its clever <a href="https://www.itpro.com/technology/augmented-reality-ar/357592/why-ar-not-vr-is-the-next-big-thing-in-business" data-original-url="https://www.itpro.com/technology/augmented-reality-ar/357592/why-ar-not-vr-is-the-next-big-thing-in-business">augmented reality (AR) feature</a>: point your device camera at the ports and a live overlay immediately pops up, showing which ones are active and what’s connected to them.</p><p>For wireless testing we connected a set of UniFi nanoHD access points to the PoE switch and added them to our cloud account. Once online, they started broadcasting our <a href="https://www.itpro.com/broadband/30390/what-is-ssid" data-original-url="https://www.itpro.com/broadband/30390/what-is-ssid">predefined SSIDs</a> and guest networks, with details automatically appearing in the portal’s wireless experience graph.</p><p>Video surveillance is just as easy to set up. The appliance accepted our Seagate 10TB SATA drive without a murmur and instantly made it available for recording incoming video. After we’d added a UVC G4 Bullet IP camera to our account, we were able to view its live feed from the portal, enable smart detection and set up custom motion-detection events and recording actions.</p><p>The UniFi Dream Machine Pro is an impressive piece of kit to say the least, delivering an incredible range of easily managed features at an unbelievably low price. There are some great UTM appliances on the market, but the Ubiquiti simply does it all.</p><h2 id="ubiquiti-networks-unifi-dream-machine-pro-specifications">Ubiquiti Networks UniFi Dream Machine Pro specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >1U rack chassis </td></tr><tr><td  ><strong>CPU</strong></td><td  >1.7GHz quad-core ARM Cortex</td></tr><tr><td  ><strong>Memory</strong></td><td  >4GB DDR4</td></tr><tr><td  ><strong>Storage bays</strong></td><td  >1 x LFF/SFF hard disk bay</td></tr><tr><td  ><strong>Storage included</strong></td><td  >16GB eMMC</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x Gigabit Ethernet LAN, 2 x 10GbE SFP+, Gigabit Ethernet WAN</td></tr><tr><td  ><strong>Management</strong></td><td  >UniFi web portal</td></tr><tr><td  ><strong>Warranty</strong></td><td  >1yr RTB warranty</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Big zero-day flaw found in Palo Alto security appliance ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/internet-security/361520/big-zero-day-flaw-found-in-palo-alto-security-appliance</link>
                                                                            <description>
                            <![CDATA[ Vulnerability in GlobalProtect VPN could enable hackers to take control of the security system ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bSNGsxcGf6oGzQHCZcAanT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DxXuQ3xUxWNxZauCKsbyo7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 11 Nov 2021 17:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Cyber Attacks]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DxXuQ3xUxWNxZauCKsbyo7-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Palo Alto Networks sign at the Company headquarters in Silicon Valley]]></media:description>                                                            <media:text><![CDATA[Palo Alto Networks sign at the Company headquarters in Silicon Valley]]></media:text>
                                <media:title type="plain"><![CDATA[Palo Alto Networks sign at the Company headquarters in Silicon Valley]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DxXuQ3xUxWNxZauCKsbyo7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">Security</a> researchers have said that a zero-day flaw in a security appliance from Palo Alto Networks could affect around 10,000 servers running the product.</p><p>Researchers at cyber security firm Randori <a href="https://www.randori.com/blog/cve-2021-3064">said</a> that flaw, tracked as <a href="https://security.paloaltonetworks.com/CVE-2021-3064">CVE-2021-3064</a>, affected PAN firewalls using the GlobalProtect Portal <a href="https://www.itpro.com/security/27098/best-vpn-services" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">VPN</a> and allowed for unauthenticated remote code execution on vulnerable product installations.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/360561/palo-alto-networks-prisma-access-achieves-fedramp-authorization" data-original-url="/cloud/360561/palo-alto-networks-prisma-access-achieves-fedramp-authorization">Palo Alto Networks’ Prisma Access achieves FedRAMP authorization</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-security/358628/palo-alto-networks-to-acquire-bridgecrew-for-156-million" data-original-url="/cloud/cloud-security/358628/palo-alto-networks-to-acquire-bridgecrew-for-156-million">Palo Alto Networks to acquire Bridgecrew for $156 million</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/356826/infocyte-integrates-with-palo-alto-networks-cortex-xsoar" data-original-url="/security/cyber-security/356826/infocyte-integrates-with-palo-alto-networks-cortex-xsoar">Infocyte integrates with Palo Alto Networks Cortex XSOAR</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/355605/deloitte-announces-partnership-with-palo-alto-networks-to-extend-its" data-original-url="/security/cyber-security/355605/deloitte-announces-partnership-with-palo-alto-networks-to-extend-its">Deloitte partners with Palo Alto Networks to extend its cyber security services</a></p></div></div><p>They added that the problem affected multiple versions of PAN-OS 8.1 before 8.1.17. Researchers found numerous vulnerable instances exposed on internet-facing assets, more than <a href="https://www.shodan.io/search/facet?query=http.html%3A%22Global+Protect%22&facet=os">10,000 assets</a>. </p><p>“Our team was able to gain a shell on the affected target, access sensitive configuration data, extract credentials, and more. Once an attacker has control over the firewall, they will have visibility into the internal network and can proceed to move laterally,” said researchers.</p><p>Researchers developed a reliable working exploit and leveraged the capability as part of their red team products. The flaw was discovered over a year ago.</p><p>The bug is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. The problematic code is not reachable externally without using an <a href="https://www.itpro.com/network-internet/30416/http-vs-https-what-difference-does-it-make-to-security" data-original-url="https://www.itpro.com/network-internet/30416/http-vs-https-what-difference-does-it-make-to-security">HTTP</a>-smuggling technique, according to researchers.</p><p>They added that the exploitation of these together yields remote code execution under the privileges of the affected component on the firewall device. “The smuggling capability was not designated a CVE identifier as it is not considered a security boundary by the affected vendor,” added researchers.</p><p>An attacker must have network access to the device on the GlobalProtect service port (default port 443) to exploit this vulnerability. As the affected product is a VPN portal, this port is often accessible over the internet, said researchers.</p><p>Exploitation is difficult but possible on devices with ASLR enabled, which is the case in most hardware devices. On virtualized devices — VM-series firewalls — exploitation is significantly easier due to lack of ASLR and Randori expects public exploits will surface.</p><p>“Randori researchers have not exploited the buffer overflow to result in controlled code execution on certain hardware device versions with MIPS-based management plane CPUs due to their big-endian architecture, though the overflow is reachable on these devices and can be exploited to limit availability of services,” they added.</p><p>The company said to avoid enabling misuse of the flaw, it will withhold the technical details related to CVE-2021-3064 from public dissemination for 30 days after the publication of the blog post on the subject.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ SonicWall warns of imminent ransomware campaign on VPN hardware ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/network-internet/virtual-private-network-vpn/360268/sonicwall-warns-of-imminent-ransomware-campaign</link>
                                                                            <description>
                            <![CDATA[ Current and legacy secure VPN appliances under attack now ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pghvqkU67vp4U2Rh8Gv5BH</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5rZcC3qCa8q4Lvojrs6uNc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 16 Jul 2021 14:44:50 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Ransomware]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5rZcC3qCa8q4Lvojrs6uNc-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[VPN log in screen displayed on a computer screen]]></media:description>                                                            <media:text><![CDATA[VPN log in screen displayed on a computer screen]]></media:text>
                                <media:title type="plain"><![CDATA[VPN log in screen displayed on a computer screen]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5rZcC3qCa8q4Lvojrs6uNc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/security/28133/what-is-cyber-security" data-original-url="https://www.itpro.com/security/28133/what-is-cyber-security">Cyber security</a> company SonicWall has urged customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials.”</p><p>This week, the <a href="https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210">company issued a notice</a> saying customers who do not take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products could be at risk of an attack.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/web-browser/360070/opera-alternative-browser-for-chrome-os-vpn" data-original-url="/network-internet/web-browser/360070/opera-alternative-browser-for-chrome-os-vpn">Opera update adds free VPN, built-in ad blocker to ChromeOS browser</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/virtual-desktop/359286/virtual-cable-offers-vpn-free-remote-desktop-access" data-original-url="/software/virtual-desktop/359286/virtual-cable-offers-vpn-free-remote-desktop-access">Virtual Cable offers VPN-free remote desktop access</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/virtual-private-network-vpn/358624/zscaler-research-highlights-concerns-over-vpn" data-original-url="/network-internet/virtual-private-network-vpn/358624/zscaler-research-highlights-concerns-over-vpn">Executives have serious concerns over VPN security</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/hacking/359277/hackers-exploit-pulse-secure-vpn-flaws-in-sophisticated-global-campaign" data-original-url="/security/hacking/359277/hackers-exploit-pulse-secure-vpn-flaws-in-sophisticated-global-campaign">Hackers exploit Pulse Secure VPN flaws in sophisticated global campaign</a></p></div></div><p>The products in question are those running unpatched and end-of-life (EOL) 8.x firmware. SonicWall said researchers at security firm Mandiant informed SonicWall that threat actors were actively targeting models that are no longer supported.</p><p>“SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action,” said the company.</p><p>Since at least June, the attacks have been happening when cyber security firm Crowdstrike had <a href="https://www.crowdstrike.com/blog/how-ecrime-groups-leverage-sonicwall-vulnerability-cve-2019-7481">warned that attacks against devices were ongoing</a>. </p><p>“CrowdStrike Services incident response teams identified eCrime actors leveraging an older SonicWall VPN vulnerability, CVE-2019-7481, that affects Secure Remote Access (SRA) 4600 devices; the ability to leverage the vulnerability to affect SRA devices was previously undisclosed by SonicWall,” it said.</p><p>“CrowdStrike Intelligence researchers confirmed that CVE-2019-7481 affects SRA devices running the latest versions of 8.x and 9.x firmware, and that the latest versions of Secure Mobile Access (SMA) firmware do not mitigate the CVE for SRA devices.”</p><p>SonicWall told customers with end-of-life SMA and SRA devices running firmware 8.x to either update their firmware or disconnect their appliances.</p><p>“If your organization is using a legacy SRA appliance that is past end-of-life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation,” the company warned.</p><p>Andy Norton, European cyber risk officer at Armis, told <em>ITPro</em> that the immediate requirement for SonicWall customers is to profile their asset estate for SMA and SRA 100 devices and take appropriate isolation action until the patch can be applied or the devices can be retired from service. </p><p>“The Cybersecurity Infrastructure Agency, CISA, under the new "StopRansomware" campaign has just announced guidance to stop two bad practices that aid the spread of ransomware,” he said.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="TDddJPsRCmdrr35SdPri7g" name="TDddJPsRCmdrr35SdPri7g.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/TDddJPsRCmdrr35SdPri7g.jpg" mos="https://cdn.mos.cms.futurecdn.net/TDddJPsRCmdrr35SdPri7g.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>How to reduce the risk of phishing and ransomware</strong></p><p class="fancy-box__body-text">Top security concerns and tips for mitigation</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/360247/how-to-reduce-the-risk-of-phishing-and-ransomware" data-original-url="/security/ransomware/360247/how-to-reduce-the-risk-of-phishing-and-ransomware">FREE DOWNLOAD</a></p></div></div><p>“The first of which highlights that the use of unsupported (or end-of-life) <a href="https://www.itpro.com/software" data-original-url="https://www.itpro.com/software">software</a> in service of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety. This dangerous practice is especially egregious in internet-accessible technologies. This SonicWall announcement ticks the CISA box for 75% of the models that are under attack."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zyxel USG Flex 100 review: Flexible gateway security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security</link>
                                                                            <description>
                            <![CDATA[ Perfect for SMBs, with the promise of cloud management coming soon ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2iEisxXF2wHHfZ7rKgReK7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 15 Apr 2021 07:46:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Zyxel USG Flex 100]]></media:description>                                                            <media:text><![CDATA[The Zyxel USG Flex 100]]></media:text>
                                <media:title type="plain"><![CDATA[The Zyxel USG Flex 100]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Not all businesses require a complete UTM solution, and Zyxel’s USG Flex 100 is perfect for those that only want to pay for the <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> services they need. That makes it a good starting point for small organisations – and it’s also a natural upgrade for users of Zyxel’s older USG40 appliance, as you can transfer your licences across.</p><p>Performance-wise, it’s a decent step up from the USG40. The USG Flex 100 claims a raw firewall throughput rate of 900Mbits/sec and 360Mbits/sec with all UTM features active, representing speed boosts of 125% and 500% over the USG40. </p><p>The cost of entry is very low: the hardware on its own costs £309, and no subscription is needed for firewall and <a href="https://www.itpro.com/security/27098/best-vpn-services" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">VPN</a> services. The price we’ve shown above includes a year’s subscription to the full UTM security pack, which activates web filtering, application and email security, IPS, <a href="https://www.itpro.com/antivirus/28144/best-antivirus" data-original-url="https://www.itpro.com/antivirus/28144/best-antivirus">antivirus</a>, and Zyxel’s SecuReporter web-based analytics and reporting service. After the first year, you can license features individually or renew the full UTM licence for £160 per year.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/32107/how-to-choose-a-one-stop-business-security-package" data-original-url="/security/32107/how-to-choose-a-one-stop-business-security-package">How to choose a one-stop business security package</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security" data-original-url="/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security">Fortinet FortiGate 60F: A fully-featured security appliance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/unified-threat-management-utm/33933/sonicwall-tz300p-review-a-multi-site-marvel" data-original-url="/unified-threat-management-utm/33933/sonicwall-tz300p-review-a-multi-site-marvel">SonicWall TZ300P review: A multi-site marvel</a></p></div></div><p>The appliance is easy to set up: a web-based wizard guides you through changing the default admin password, enabling internet access, upgrading the firmware, registering the appliance to your myZyxel account, activating your security services, and enabling a default firewall policy. The SecuReporter service is also turned on at this point; since it stores data in the <a href="https://www.itpro.com/cloud" data-original-url="https://www.itpro.com/cloud">cloud</a>, you’re prompted to decide whether to include personal information such as email addresses and usernames.</p><p>Once you’re all set up, logging into the USG Flex 100 presents a highly informative web console, showing an overview of appliance usage and port statistics. The advanced threat-protection dashboard reports on any detected issues, with multiple views for the past seven days showing what each security service is up to, the top <a href="https://www.itpro.com/business-operations/productivity/355569/optimize-your-workflow-our-9-best-productivity-apps" data-original-url="https://www.itpro.com/business-operations/productivity/355569/optimize-your-workflow-our-9-best-productivity-apps">apps</a> and detected threats.</p><p>As usual, policies bring together settings for the Flex 100’s various modules. By default, all the LAN ports are subject to the same policies, but it’s the work of a moment to move a port into its own zone, with its own security settings.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kwXP2UEbPMvxyN6qsgoQ2Z" name="" alt="Zyxel USG Flex ports" src="https://cdn.mos.cms.futurecdn.net/kwXP2UEbPMvxyN6qsgoQ2Z.jpg" mos="https://cdn.mos.cms.futurecdn.net/kwXP2UEbPMvxyN6qsgoQ2Z.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>There’s plenty to configure: Zyxel’s Application Patrol service works with over 3,600 apps, which come tidily sorted into 32 categories for easier management. It’s particularly capable when it comes to managing Facebook usage in the workplace, with specific controls for a range of activities including logins, likes, follows, posts, and games.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="uZXV3vAfY2MsMRm4tSjJfE" name="uZXV3vAfY2MsMRm4tSjJfE.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/uZXV3vAfY2MsMRm4tSjJfE.png" mos="https://cdn.mos.cms.futurecdn.net/uZXV3vAfY2MsMRm4tSjJfE.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The business guide to ransomware</strong></p><p class="fancy-box__body-text">Everything you need to know to keep your company afloat</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/357745/the-business-guide-to-ransomware" data-original-url="/security/ransomware/357745/the-business-guide-to-ransomware">FREE DOWNLOAD</a></p></div></div><p>Web filtering is another strong feature, allowing you to browse 104 categories of site and decide whether to allow, block, or log access. <a href="https://www.itpro.com/security/phishing/358767/high-risk-email-security-threats-increased-by-32-last-year" data-original-url="https://www.itpro.com/security/phishing/358767/high-risk-email-security-threats-increased-by-32-last-year">Email security</a> is similarly simple to enforce, with options to drop spam messages or tag their subject line for ongoing processing.</p><p>The one feature that’s glaringly absent is cloud management: while Zyxel appliances can normally be managed from the company’s Nebula web portal, USG Flex models aren’t supported. That shouldn’t be a permanent limitation, though: Zyxel says it plans to add Nebula integration in the ZLD 5 firmware release.</p><p>Until then, the SecuReporter cloud portal is the next best thing, allowing you to access reports from multiple Flex firewalls via a single account. Its dashboards provide a wealth of information about web, app, and threat activity, while the Analyser page offers deeper insights into security issues and custom reports can be regularly generated and sent to multiple recipients.</p><p>Businesses that have an immediate need to extend protection to <a href="https://www.itpro.com/policy-legislation/data-protection/358666/four-tips-for-keeping-your-business-secure-during-mass" data-original-url="https://www.itpro.com/policy-legislation/data-protection/358666/four-tips-for-keeping-your-business-secure-during-mass">remote offices and homeworkers</a> might need to look elsewhere. However, for single-site organisations, the Zyxel USG Flex 100 is a great choice, giving you plenty of control over costs and features, plus classy reporting services. </p><h2 id="zyxel-usg-flex-100-specifications">Zyxel USG Flex 100 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Fanless desktop chassis</td></tr><tr><td  ><strong>Network</strong></td><td  >5 x Gigabit Ethernet (WAN, 4 x LAN, SFP) </td></tr><tr><td  ><strong>Other ports</strong></td><td  >USB 3, RJ-45 serial</td></tr><tr><td  ><strong>Management</strong></td><td  >Web browser management</td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >216 x 148 x 33mm</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Veritas Access Appliance with IBM Spectrum® Protect ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/infrastructure/server-storage/357917/veritas-access-appliance-with-ibm-spectrumr-protect</link>
                                                                            <description>
                            <![CDATA[ Backup, archive, and long-term retention solution ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6BEHp6kkMN6SdijexwSk2T</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9F5swB2WhMffzx5MjXGvfk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 27 Nov 2020 10:53:28 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9F5swB2WhMffzx5MjXGvfk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[How to protect your information with a secondary storage solution]]></media:description>                                                            <media:text><![CDATA[How to protect your information with a secondary storage solution]]></media:text>
                                <media:title type="plain"><![CDATA[How to protect your information with a secondary storage solution]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9F5swB2WhMffzx5MjXGvfk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="KYkCWZfKvhnbVaauBqZKQQ" name="" alt="Veritas logo" src="https://cdn.mos.cms.futurecdn.net/KYkCWZfKvhnbVaauBqZKQQ.png" mos="https://cdn.mos.cms.futurecdn.net/KYkCWZfKvhnbVaauBqZKQQ.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>This whitepaper provides a technical overview of Veritas Access Appliance as a secondary storage solution with IBM Spectrum Protect for backup, archival and long-term retention. It highlights the overall solution architecture components, integration flow, best practices, sizing guidance, and deployment of Access Appliance with IBM Spectrum Protect.</p><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="high" data-lazy-src="https://dennis.cvtr.io/forms/veritas-technologies-aug-oct-20-2?locale=1&p=false&wp=5532"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zoom starts rolling out end-to-end encryption for all users ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/357551/zoom-starts-rolling-out-end-to-end-encryption-for-all-users</link>
                                                                            <description>
                            <![CDATA[ A technical preview is available now, but Zoom has warned that it will block certain functions such as cloud recording and live transcription ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pxNHKszpJdSRKQpApQJXk9</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/5PeTnboopraV5pogNRtTmb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 27 Oct 2020 09:50:36 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Encryption]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Carly Page ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/haaytLZQLzJxCzMHFEeyiZ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/5PeTnboopraV5pogNRtTmb-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[ Zoom video conference app icon on a mobile device with silhouette of a padlock]]></media:description>                                                            <media:text><![CDATA[ Zoom video conference app icon on a mobile device with silhouette of a padlock]]></media:text>
                                <media:title type="plain"><![CDATA[ Zoom video conference app icon on a mobile device with silhouette of a padlock]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/5PeTnboopraV5pogNRtTmb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zoom has started rolling out <a href="https://www.itpro.com/security/innovation-at-work/24460/what-is-data-encryption" target="_blank" data-original-url="https://www.itpro.com/security/innovation-at-work/24460/what-is-data-encryption">end-to-end encryption</a> (E2EE) to both free and paying users. </p><p>E2EE is now available in technical preview on the <a href="https://www.itpro.com/software/355486/zoom-review-are-we-alone-now" target="_blank" data-original-url="https://www.itpro.com/software/355486/zoom-review-are-we-alone-now">Zoom</a> desktop client version for macOS and Windows, the Zoom Android app and Zoom Rooms, with the Zoom iOS app currently pending App Store approval. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/355486/zoom-review-are-we-alone-now" data-original-url="/software/355486/zoom-review-are-we-alone-now">Zoom review: Are we alone now?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/software/video-conferencing/355187/best-free-videoconferencing-software-zoom-vs-hangouts-vs-skype" data-original-url="/software/video-conferencing/355187/best-free-videoconferencing-software-zoom-vs-hangouts-vs-skype">Best free video conferencing software: Zoom vs Hangouts vs Skype</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash" data-original-url="/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash">Zoom kills Facebook integration after data transfer backlash</a></p></div></div><p>Zoom’s E2EE uses <a href="https://www.itpro.com/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh" target="_blank" data-original-url="https://www.itpro.com/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh">the same 256-bit AES-GCM encryption that secures Zoom meetings by default</a>. Account administrators can enable the feature in the web dashboard at an account, group, and user level, and participants must also enable the feature to join a meeting with end-to-end encryption.</p><p>When E2EE is enabled, nobody except each participant - not even Zoom’s meeting servers - has access to the encryption keys that are used to secure the meeting.</p><p>However, the company has warned that at least in the first stage of the four-phase rollout, E2EE will block certain Zoom functions, including cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.</p><p>“End-to-end encryption is another stride toward making Zoom the most secure communications platform in the world,” said Zoom CEO Eric S. Yuan.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="o3qCS6Ptz8EAHTnt2qj6aU" name="o3qCS6Ptz8EAHTnt2qj6aU.jpg" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/o3qCS6Ptz8EAHTnt2qj6aU.jpg" mos="https://cdn.mos.cms.futurecdn.net/o3qCS6Ptz8EAHTnt2qj6aU.jpg" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>A guide to becoming cloud-native smart and secure</strong></p><p class="fancy-box__body-text">The transcendence of cloud-native application development</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-management/357280/a-guide-to-becoming-cloud-native-smart-and-secure" data-original-url="/cloud/cloud-management/357280/a-guide-to-becoming-cloud-native-smart-and-secure">FREE DOWNLOAD</a></p></div></div><p>“This phase of our E2EE offering provides the same <a href="https://www.itpro.com/security" target="_blank" data-original-url="https://www.itpro.com/security">security</a> as existing end-to-end-encrypted messaging platforms, but with the video quality and scale that has made Zoom the communications solution of choice for hundreds of millions of people and the world’s largest enterprises.”</p><p>Phase 2 of the E2EE rollout is "tentatively roadmapped" for 2021, according to Zoom. </p><p>The rollout of end-to-end encryption comes five months after Zoom initially announced plans to add support for the security standard. However, at the time it said i<a href="https://www.itpro.com/software/video-conferencing/355850/zoom-to-strengthen-encryption-for-paid-accounts" target="_blank" data-original-url="https://www.itpro.com/software/video-conferencing/355850/zoom-to-strengthen-encryption-for-paid-accounts">t would only be available for businesses and institutions that pay for a premium Zoom subscription</a>. Following backlash from users and privacy activists, <a href="https://www.itpro.com/security/cyber-security/356104/mozilla-urges-zoom-to-encrypt-free-video-calls" target="_blank" data-original-url="https://www.itpro.com/security/cyber-security/356104/mozilla-urges-zoom-to-encrypt-free-video-calls">Zoom backtracked</a> two week's later and announced that it would make E2EE available to both free and paying users. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ DrayTek Vigor 2862 review: Price-conscious protection ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/354864/draytek-vigor-2862-review-price-conscious-protection</link>
                                                                            <description>
                            <![CDATA[ A bargain for SMBs that want a solid mix of security measures and top-notch WAN redundancy options ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mnAUxEUWomHA3Bko6K2jNR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qUo3C4cB3ZWN7kyF9VDd5d-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 26 Feb 2020 16:01:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/qUo3C4cB3ZWN7kyF9VDd5d-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qUo3C4cB3ZWN7kyF9VDd5d-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>This unit may look like a regular router, but don’t be fooled - DrayTek’s Vigor 2862 is a bona fide security gateway, with optional remote management via the cloud-hosted VigorACS 2 service. </p><p>To be sure, it’s not as feature-packed as some chunkier, more expensive options. Notably, the Vigor 2862 doesn’t offer antivirus services, nor any sort of <a href="https://www.itpro.com/microsoft-azure/34048/microsoft-azure-review-competitive-cloud-pricing-takes-a-bite-out-of-aws" target="_blank" data-original-url="itpro.co.uk/security/34784/the-future-of-spam-is-scary">spam filtering</a>. You do, however, get a 400Mbits/sec SPI firewall, plus a good range of web-filtering and app-control options.</p><p>The Vigor 2862 will also make your day if you’re looking to provide <a href="https://www.itpro.com/agile-working/34343/now-is-the-time-to-embrace-remote-working" target="_blank" data-original-url="https://www.itpro.com/agile-working/34343/now-is-the-time-to-embrace-remote-working">secure connections for remote staff</a>, as it supports up to 32 concurrent IPsec VPN tunnels and 16 simultaneous SSL connections, via DrayTek’s free Smart VPN client for Windows, macOS, iOS and Android.</p><p>And while the appliance doesn’t have built-in wireless services, it does include DrayTek’s Central AP Management (CAM) feature for discovering and provisioning up to 20 <a href="https://www.itpro.com/wifi-hotspots/33924/draytek-vigorap-903-review-seamless-self-healing-mesh-wifi" target="_blank" data-original-url="https://www.itpro.com/wifi-hotspots/33924/draytek-vigorap-903-review-seamless-self-healing-mesh-wifi">DrayTek wireless APs</a> – and it can discover and centrally manage up to ten <a href="https://www.itpro.com/network-internet/34732/draytek-vigorswitch-p2280x-review-smart-and-switched-on" target="_blank" data-original-url="https://www.itpro.com/network-internet/34732/draytek-vigorswitch-p2280x-review-smart-and-switched-on">DrayTek VigorSwitch devices</a>.</p><p>We found installation was easy. The web console provides a quick-start wizard for changing the default admin password and configuring internet access, and additional wizards are provided for enabling DrayTek’s free DDNS service and <a href="https://www.itpro.com/networking/27210/do-i-need-a-vpn" target="_blank" data-original-url="https://www.itpro.com/networking/27210/do-i-need-a-vpn">setting up VPNs</a>. This latter task is a cinch, and VPN performance isn’t bad: testing with an external Windows 10 PC running the Smart VPN client, we saw file copies to a LAN system complete at a respectable 2.3MB/sec. Don’t get carried away with multiple SSL VPN connections, though, as during our tests we saw appliance CPU utilisation occasionally peaking as high as 88%.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tJfsjy3e6FdHCoCttSK8FG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/tJfsjy3e6FdHCoCttSK8FG.png" mos="https://cdn.mos.cms.futurecdn.net/tJfsjy3e6FdHCoCttSK8FG.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Configuring the firewall isn’t too complicated, either. It’s all based on filters, which manage your incoming and outgoing traffic. Each filter comprises up to seven rules, defining specific traffic types and directions, along with a load-balancing policy and QoS priorities. </p><p>Filters can also define behaviours for the app-control service – a free extra that we activated from our MyVigor account after registering the router. You can manage various protocols and decide what to do with remote-control, tunnelling, streaming and web connections, as well as setting policies for IM and P2P apps and social media sites. As a test, we created an enforcement rule for Facebook and added it to the firewall filter – after which users on our network instantly found they were unable to log into their accounts.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/34405/draytek-vigor-2620ln-review-never-lose-connection-again" data-original-url="/network-internet/34405/draytek-vigor-2620ln-review-never-lose-connection-again">DrayTek Vigor 2620Ln review: Never lose connection again</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/hardware/routers/354803/ubiquiti-networks-unifi-dream-machine-review-a-dream-come-true" data-original-url="/hardware/routers/354803/ubiquiti-networks-unifi-dream-machine-review-a-dream-come-true">Ubiquiti Networks UniFi Dream Machine review: A dream come true</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/network-internet/34066/draytek-vigorswitch-p2500-review-a-stand-out-switch" data-original-url="/network-internet/34066/draytek-vigorswitch-p2500-review-a-stand-out-switch">DrayTek VigorSwitch P2500 review: A stand-out switch</a></p></div></div><p>The Vigor 2862’s standard web-filtering provision is a rudimentary thing, based solely on keywords, but for just £38 a year you can upgrade to DrayTek’s much more powerful GlobalView service. This employs the Cyren web filter, which lets you decide whether to block or allow 64 different categories of site, and shows a warning message if users attempt to access a blocked page.</p><p>One last strength of the Vigor 2862 is its degree of WAN redundancy. Alongside a built-in ADSL2+/VDSL2 interface, the router features a pair of USB 2 ports that can both accept 3G/4G LTE USB modems, and one of its five Gigabit Ethernet ports can be used for a WAN link as well, for a total of four separate connections. It’s up to you whether you have these all active at the same time – in which case the router will perform load balancing across them – or whether you set specific ones as failover provisions. The new high-availability feature even allows you to deploy two routers in parallel, sharing a single virtual IP address, in either hot-standby or active-standby failover modes.</p><p>For the price, the DrayTek Vigor 2862 offers a remarkable range of security features. It might not have the grunt to cope with lots of simultaneous VPN connections, but its multitude of filtering and WAN options make it ideal for budget-conscious SMBs that need a secure and stable internet connection.</p><h2 id="draytek-vigor-2862-specifications">Draytek Vigor 2862 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Desktop/rackmount chassis</td></tr><tr><td  ><strong>Network</strong></td><td  >5 x Gigabit Ethernet (4 x LAN, 1 x LAN/WAN2), ADSL2+/VDSL2 interface </td></tr><tr><td  ><strong>Other ports</strong></td><td  >2 x USB 2 </td></tr><tr><td  ><strong>Management</strong></td><td  >Cloud-hosted VigorACS 2 </td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >241 x 166 x 44mm (WDH)</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XG 135w Rev. 3 review: The full package ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/354852/sophos-xg-135w-rev-3-review-the-full-package</link>
                                                                            <description>
                            <![CDATA[ Exceptional wired and wireless security, teamed up with great performance and remote management ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">itH3a62xTniDSAk1xRGJuo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CEpKWsVpdqZNShWy7etog4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 25 Feb 2020 10:45:04 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CEpKWsVpdqZNShWy7etog4-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CEpKWsVpdqZNShWy7etog4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Sophos’ newest SMB security appliance comes straight in at the top of the range. Taking performance to new heights, the XG 135w Rev. 3 quotes a huge raw firewall throughput of 8Gbits/sec, and a decent 1.2Gbits/sec with all security services enabled. </p><p>It’s not just fast, but versatile too. In addition to eight copper Gigabit Ethernet ports and one SFP fibre port, it presents dual-band 802.11ac wireless services, while an expansion slot allows you to add optional DSL, 3G/4G or Gigabit SFP cards – or a second Wi-Fi module. </p><p>Another strength is the price. The figure we’ve shown above includes a one-year TotalProtect Plus subscription, which covers the network, web, <a href="https://www.itpro.com/security/31891/how-to-make-your-email-hack-proof" target="_blank" data-original-url="https://www.itpro.com/security/31891/how-to-make-your-email-hack-proof">email</a> and web server protection modules, along with Sophos’ Sandstorm cloud sandbox and a FullGuard Plus support subscription. You don’t necessarily have to keep paying that, though: the cost of the base appliance includes a perpetual licence for firewall, VPN, authentication and secure wireless management services. </p><p>The browser-based installation wizard helps you hit the ground running, stepping you through the business of securing admin access, sorting out the LAN and WAN ports, creating main and guest wireless networks, installing the latest firmware and setting a base security policy so your users are protected from the outset.</p><p>You’re then taken to the main dashboard, which presents an informative overview of network activity and security issues, with graphs and charts detailing traffic statistics and blocked applications. Reporting options are excellent: Sophos’ iView platform provides a wealth of graphical information about security services, app and web activity, threats, mail usage and more.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="4J2Xq4jo8nu4sR5cpF4EbN" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/4J2Xq4jo8nu4sR5cpF4EbN.jpg" mos="https://cdn.mos.cms.futurecdn.net/4J2Xq4jo8nu4sR5cpF4EbN.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>If you need to divide your users into different security groups, that’s no problem. The appliance’s ports can be assigned to different zones, each with its own firewall rules and policies for web filtering, IPS and application controls. These are easy to set up, as the appliance comes with 91 predefined website categories and over 3,400 predefined app profiles, including 73 solely relating to Facebook activities.</p><p>For finer control, it’s also possible to apply identity-based rules to specific users and groups, including daily bandwidth restrictions and limits on daily, weekly, monthly and even yearly internet usage. Sophos provides a free Client Authentication Agent (CAA) for Windows, although you have to download the certificate from the appliance and import it on all workstations.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/354833/zyxel-nsg200-review-a-fine-spread-of-features" data-original-url="/security/unified-threat-management-utm/354833/zyxel-nsg200-review-a-fine-spread-of-features">Zyxel NSG200 review: A fine spread of features</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/354850/watchguard-firebox-t70-review-compact-but-capable" data-original-url="/security/unified-threat-management-utm/354850/watchguard-firebox-t70-review-compact-but-capable">WatchGuard Firebox T70 review: Compact but capable</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/enterprise-security/354772/the-it-pro-podcast-breaking-out-of-the-security-bubble" data-original-url="/security/enterprise-security/354772/the-it-pro-podcast-breaking-out-of-the-security-bubble">The IT Pro Podcast: Breaking out of the security bubble</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security" data-original-url="/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security">WatchGuard Firebox T35-Rugged review: Industrial-strength security</a></p></div></div><p>A third way to segment your protection is by using more than one wireless network: the appliance can broadcast up to eight SSIDs, each with its own <a href="https://www.itpro.com/security/innovation-at-work/24460/what-is-data-encryption" target="_blank" data-original-url="https://www.itpro.com/security/innovation-at-work/24460/what-is-data-encryption">encryption scheme</a>, <a href="https://www.itpro.com/network-access-control/30329/what-is-a-dhcp-server" target="_blank" data-original-url="https://www.itpro.com/network-access-control/30329/what-is-a-dhcp-server">DHCP</a>, client isolation and masking settings. Placing these <a href="https://www.itpro.com/broadband/30390/what-is-ssid" target="_blank" data-original-url="https://www.itpro.com/broadband/30390/what-is-ssid">SSIDs</a> in separate network zones lets you provision guest wireless access and apply firewall rules and security policies.</p><p>One last strength of the XG 135w Rev. 3 is that it’s fully manageable via the cloud. After we’d registered the appliance with the Sophos Central web portal, it presented exactly the same interface as the local console. It’s even possible to manage endpoints outside of your local network through Sophos’ Synchronised Security service. The dashboard shows all remote devices running the endpoint agent, and if any get compromised, you can automatically quarantine the network zone they’re located in. </p><p>The XG 135w Rev.3 impressed us mightily. It offers a good breadth of security features, yet is easy to set up, and to manage remotely – and it delivers great performance at a reasonable price.</p><h2 id="sophos-xg-135w-rev-3-specifications">Sophos XG 135w Rev. 3 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Desktop chassis</td></tr><tr><td  ><strong>CPU</strong></td><td  >2.2GHz quad-core Intel Atom C3558</td></tr><tr><td  ><strong>Memory</strong></td><td  >6GB DDR4</td></tr><tr><td  ><strong>Storage included</strong></td><td  >64GB SATA SSD</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x Gigabit Ethernet, 1 x Gigabit SFP, 2.4/5GHz 802.11ac wireless, 3x3 MIMO, 3 x external aerials</td></tr><tr><td  ><strong>Other ports</strong></td><td  >HDMI, 2 x USB 2, micro-USB, RJ-45 serial, expansion slot</td></tr><tr><td  ><strong>Management</strong></td><td  >Sophos Central web console, cloud</td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >320 x 212 x 44mm (WDH)</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T70 review: Compact but capable ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/354850/watchguard-firebox-t70-review-compact-but-capable</link>
                                                                            <description>
                            <![CDATA[ Top performance and a great set of security and management options ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uMp29zCd3ycihZo2ArkAYZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tCvv23s3pmRS8DVVawBJ5J-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 24 Feb 2020 16:24:21 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tCvv23s3pmRS8DVVawBJ5J-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tCvv23s3pmRS8DVVawBJ5J-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Gateway security often involves a performance trade-off, but WatchGuard’s Firebox T70 is designed for SMBs who aren’t willing to compromise. It’s the vendor’s first appliance built on an Intel CPU, which enables it to deliver high-speed <a href="https://www.itpro.com/network-internet/31914/what-is-network-intelligence" target="_blank" data-original-url="https://www.itpro.com/network-internet/31914/what-is-network-intelligence">deep packet inspection</a> of HTTPS traffic – something many rival appliances struggle with.</p><p>Indeed, the T70’s numbers are impressive across the board. It claims a raw firewall throughput of 4Gbits/sec, and a remarkable 1.1Gbits/sec with all UTM services enabled. You don’t have to pay a steep premium for this performance either: the appliance costs a competitive £2,366 exc VAT, including a one-year subscription to WatchGuard’s Total Security Suite.</p><p>That subscription unleashes a wealth of security measures. Along with the aforementioned DPI, you get gateway antivirus, anti-spam, web-content filtering, application controls, network discovery, IPS, data-loss prevention and an <a href="https://www.itpro.com/security/34594/apt-groups-exploiting-vpns-to-carry-out-cyber-attacks" target="_blank" data-original-url="https://www.itpro.com/security/34594/apt-groups-exploiting-vpns-to-carry-out-cyber-attacks">advanced persistent threat (APT)</a> blocker. Web security is bolstered by WatchGuard’s Reputation Enabled Defense service, and the included Gold Support provides a free remote setup session with a WatchGuard engineer. </p><p>To be honest, though, we had no problem getting set up on our own. The appliance’s web console took us through the initial setup procedure, which involved securing admin access, enabling firewall-protected internet access and applying a base set of security policies. </p><p>Additional wizards are then on hand to help you set up the various proxies that manage HTTP, HTTPS, FTP, SIP, POP3 and SMTP traffic. It’s notably easy to set up web-content filtering: WatchGuard offers 130 URL categories to choose from, and you can simply pick those you want to block. Similarly, the T70’s application control module can manage access to hundreds of predefined apps, so it’s a piece of cake to control what’s allowed in the workplace.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="NKnH6Gnn99NcwSPPuNrLe8" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/NKnH6Gnn99NcwSPPuNrLe8.jpg" mos="https://cdn.mos.cms.futurecdn.net/NKnH6Gnn99NcwSPPuNrLe8.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Gateway AV scanning is enabled on selected proxies too, and alongside basic malware detection, the IntelligentAV feature uses the Cylance AI-based engine to analyse files such as Office documents and PDFs. For anti-spam services, all you need to do is select whether you want to inspect SMTP, IMAP or POP3 traffic, and whether spam messages should be blocked or merely tagged. The APT service, meanwhile, generates hashes of inbound files and checks them with the Lastline cloud service to see if they match the signatures of any known threats. </p><p>Finally, that fast deep packet inspection feature we mentioned is enabled within the HTTPS proxy action. Here you just need to choose the domain names and WebBlocker categories you want it to inspect, then import the predefined proxy authority certificate to your computers. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security" data-original-url="/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security">WatchGuard Firebox T35-Rugged review: Industrial-strength security</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/354833/zyxel-nsg200-review-a-fine-spread-of-features" data-original-url="/security/unified-threat-management-utm/354833/zyxel-nsg200-review-a-fine-spread-of-features">Zyxel NSG200 review: A fine spread of features</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/32644/watchguard-firebox-m670-review-dazzling-value" data-original-url="/firewalls/32644/watchguard-firebox-m670-review-dazzling-value">WatchGuard Firebox M670 review: Dazzling value</a></p></div></div><p>One feature the T70 lacks is Wi-Fi services, but it can centrally manage <a href="https://www.itpro.com/security/32706/watchguard-ap325-review-perfect-networking-for-smbs" target="_blank" data-original-url="https://www.itpro.com/security/32706/watchguard-ap325-review-perfect-networking-for-smbs">other WatchGuard APs</a>, pushing out wireless settings and applying security policies to their traffic. It can even power your APs, as PoE+ is provided on the sixth and seventh Ethernet ports.</p><p>And the T70 is ideal for those who like the idea of multiple-choice management, as you can use either its local web console or WatchGuard’s Dimension management platform (which we run in a Hyper-V VM in our lab). It’s also possible to link the T70 to a WatchGuard Cloud account, allowing you to remotely check on security services, detected threats and appliance performance; proper cloud-based configuration isn’t supported, but it’s promised soon.</p><p>If you’re seeking tough perimeter security that won’t slow down your network, the Firebox T70 is a superb choice. It’s easy to deploy and manage, it’s loaded with features and it’s powerful enough to cope with high demand.</p><h2 id="watchguard-firebox-t70-specifications">WatchGuard Firebox T70 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Desktop chassis (fanless)</td></tr><tr><td  ><strong>CPU</strong></td><td  >1.6GHz Intel Celeron N3160 CPU</td></tr><tr><td  ><strong>Memory</strong></td><td  >2GB RAM</td></tr><tr><td  ><strong>Storage included</strong></td><td  >16GB SSD</td></tr><tr><td  ><strong>Network</strong></td><td  >8 x Gigabit Ethernet (PoE+ on ports 6 & 7)</td></tr><tr><td  ><strong>Other ports</strong></td><td  >2 x USB 2, RJ-45 serial port</td></tr><tr><td  ><strong>Management</strong></td><td  >Web, Dimension and cloud management</td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >233 x 206 x 48mm</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zyxel NSG200 review: A fine spread of features ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/354833/zyxel-nsg200-review-a-fine-spread-of-features</link>
                                                                            <description>
                            <![CDATA[ A fully featured appliance offering cloud management and zero-touch deployment at a knock-down price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7yArQyK1wgx2BfhwEsVFfe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pvwGAZThhwAGPsndMpEMfc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 21 Feb 2020 15:21:54 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pvwGAZThhwAGPsndMpEMfc-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pvwGAZThhwAGPsndMpEMfc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zyxel’s security appliances divide into two families: the USG models are designed for local administration, while the NSG range can be managed from anywhere in the world using <a href="https://www.itpro.com/network-internet/33885/zyxel-nebula-control-center-2019-review-takes-all-the-pain-out-of-networking" data-original-url="https://www.itpro.com/network-internet/33885/zyxel-nebula-control-center-2019-review-takes-all-the-pain-out-of-networking">Zyxel’s Nebula Control Center (NCC)</a> cloud platform.</p><p>The model we tested this month is the NSG200, which is aimed at small offices, and the price shown includes your first year’s subscription to Zyxel’s Nebula Security Pack. This enables IDP, application control, content filtering and <a href="https://www.itpro.com/antivirus/28144/best-antivirus" data-original-url="https://www.itpro.com/antivirus/28144/best-antivirus">antivirus</a> security services on the appliance, and also upgrades your access to the NCC console. The basic free service has limited features, including a logging limit of just seven days, but your Security Pack licence enables Nebula Professional, which gives you a full year’s worth of logging and adds other worthwhile features such as email alerts and auditing.</p><p>The web portal is easy to use, although you might find yourself wishing the main dashboard were more customisable; it provides an overview of your security and network status, but also dedicates space to details of Nebula-enabled wireless APs and switches – even if you don’t have any. Still, the new NCC console is already in beta, and this will let you choose which widgets you want to display on the dashboard, while also ditching the dark look in favour of a brighter colour scheme.</p><p>One big benefit of the NSG200’s cloud-based design is that it enables zero-touch deployment. Before you even unbox the appliance you can set up a top-level organisation in NCC, add sites below it and configure a security profile to be pushed to the device as soon as it’s added to a site. This can include antivirus and IDP services, and settings for the application control service – which Zyxel cutely calls “application patrol” – to manage access to over 3,000 apps, including Facebook and Twitter. There’s a web-content filtering service too, which lets you block access to any of 64 site categories. </p><p>All of this makes the NSG200 ideal for businesses with remote offices, as it means you can simply send the appliance to the desired location and it will automatically pick up all the appropriate settings as soon as it’s plugged in. The self-configuration process takes around five minutes, and once it’s up and running the NSG200 will also regularly check for firmware updates, and apply them either in the background or at nominated times. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vUKcxUYHbP95wRvVykoB9Z" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/vUKcxUYHbP95wRvVykoB9Z.jpg" mos="https://cdn.mos.cms.futurecdn.net/vUKcxUYHbP95wRvVykoB9Z.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>In fact, the most inconvenient part of setting up the NSG200 might be registering the appliance, as the web portal asks you to manually type in the unit’s MAC address and serial number. There’s an easier option, though: we simply used Zyxel’s iOS app to scan the QR code printed on the NSG200’s box. This captured the MAC address and all other required details, enabling us to add the appliance to an active site with a single tap.</p><p>As well as setting up security services, the NCC portal lets you configure the appliance’s two Gigabit WAN and five Gigabit LAN ports. If you have two internet connections, you can have both WAN ports active at the same time, and apply load balancing across them; the LAN sockets, meanwhile, can be divided into two groups, each with its own IP address and DHCP settings, and optional bandwidth limits applied to client IP address ranges and destinations. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/34682/zyxel-multy-plus-review-smb-friendly-mesh-wi-fi" data-original-url="/wifi-hotspots/34682/zyxel-multy-plus-review-smb-friendly-mesh-wi-fi">Zyxel Multy Plus review: SMB-friendly mesh Wi-Fi</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security" data-original-url="/security/cyber-security/354676/watchguard-firebox-t35-rugged-review-industrial-strength-security">WatchGuard Firebox T35-Rugged review: Industrial-strength security</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/32084/zyxel-usg60w-review-makes-deployment-a-breeze" data-original-url="/security/32084/zyxel-usg60w-review-makes-deployment-a-breeze">Zyxel USG60W review: Makes deployment a breeze</a></p></div></div><p>Custom firewall rules can be set too, including sources, destinations, protocols, actions and a time schedule, and captive portals can be presented to guest users, complete with custom logos and AUPs. </p><p>In short, the Nebula console offers all the management options you’re likely to need, and the NSG200 itself is temptingly priced. It works best when partnered with <a href="https://www.itpro.com/wifi-hotspots/32997/zyxel-nwa1302-ac-review-the-perfect-companion-for-cloud-managed-networking" data-original-url="https://www.itpro.com/wifi-hotspots/32997/zyxel-nwa1302-ac-review-the-perfect-companion-for-cloud-managed-networking">Zyxel’s Nebula-enabled wireless APs and switches</a>, but even on its own it provides a fine spread of security features for SMBs seeking a cloud-based gateway security solution.</p><h2 id="zyxel-nsg200-specifications">Zyxel NSG200 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Desktop/rackmount chassis</td></tr><tr><td  ><strong>CPU</strong></td><td  >Quad-core CPU </td></tr><tr><td  ><strong>Memory</strong></td><td  >1GB RAM</td></tr><tr><td  ><strong>Network</strong></td><td  >7 x Gigabit Ethernet (2 x WAN, 5 x LAN)</td></tr><tr><td  ><strong>Other ports</strong></td><td  >2 x USB 2, serial port </td></tr><tr><td  ><strong>Management</strong></td><td  >Nebula Cloud management </td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >300 x 178 x 44mm</td></tr><tr><td  ><strong>Weight</strong></td><td  >2kg</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T55-W review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/31228/watchguard-firebox-t55-w-review</link>
                                                                            <description>
                            <![CDATA[ A wealth of security measures at a knock-down price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pm1SiYvZpS2Vn9B9oWJ6xS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 Jun 2018 14:34:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Stepping in to the middle of WatchGuard's desktop security appliance family, the Firebox T55-W is equally at home protecting SMEs, remote workers or branch offices. Clothed in the classic bright red Firebox chassis, this desktop box delivers an impressive range of security measures and amalgamates them with integral 11ac dual-band wireless.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31197/watchguard-firebox-t15-review" data-original-url="/firewalls/31197/watchguard-firebox-t15-review">WatchGuard Firebox T15 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/30296/watchguard-ap420-review" data-original-url="/wifi-hotspots/30296/watchguard-ap420-review">WatchGuard AP420 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/30100/watchguard-firebox-m5600-review" data-original-url="/firewalls/30100/watchguard-firebox-m5600-review">WatchGuard Firebox M5600 review</a></p></div></div><p>It may be small but it's no lightweight for performance, with WatchGuard recommending it for up to 30 users and claiming a 1Gbits/sec raw firewall throughput and 523Mbits/sec with all UTM services enabled. It has five Gigabit ports for WAN, LAN and DMZ duties with PoE+ presented on the fourth LAN port.</p><p>The appliance doesn't give the wireless game away as its aerials are tucked away inside the chassis. Another useful wireless feature present on all Firebox appliances is their integral gateway controller which can centrally manage and provision WatchGuard's own APs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="mWTLADTFa2XG4nf2prXtMf" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/mWTLADTFa2XG4nf2prXtMf.png" mos="https://cdn.mos.cms.futurecdn.net/mWTLADTFa2XG4nf2prXtMf.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-security-features">WatchGuard Firebox T55-W: Security features</h2><p>Prices starting at 960 for the hardware, plus a one-year 24/7 support contract and all software updates. Where you go from here is up to you; suffice to say that WatchGuard offers plenty of choice.</p><p>A one-year Basic Security Suite subscription pushes the price to 1,293 and activates anti-virus, anti-spam, web filtering, HTTPS inspection, IPS, application controls and WatchGuard's reputation enabled defence. The price we've shown is for a three-year Total Security Suite subscription which adds WatchGuard's data leak prevention (DLP) and advanced persistent threat (APT) blocker service.</p><p>Along with a Gold 24/7 support contract, Total Security includes WatchGuard's RED (reputation enabled defence) service. Web access requests send the URL to WatchGuard's RED cloud servers where they assign a score and instruct the appliance to either allow or block it.</p><p>VPN services are extensive as the T55-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. Note that the new Access Portal feature which provisions secure, client-free VPN connections, is not supported on the Firebox 'T' models.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="5PAPHFqjnKMCi9HbXfQGzM" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/5PAPHFqjnKMCi9HbXfQGzM.png" mos="https://cdn.mos.cms.futurecdn.net/5PAPHFqjnKMCi9HbXfQGzM.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-installation-and-management">WatchGuard Firebox T55-W: Installation and management</h2><p>The T55-W is easy to deploy: the web console runs a wizard to secure the appliance and get Internet access running on an external port along with DHCP services on the first trusted LAN interface. Large distributed businesses will like WatchGuard's RapidDeploy cloud service as they can send new appliances to remote offices and have them receive a configuration file as soon as they are powered up.</p><p>The wizard defaults to the flexible mixed-mode routing which allows wired and wireless ports to be defined as separate interfaces. Configuring the remaining ports is a cinch as we defined them as external, trusted, optional or custom and added DHCP services on selected trusted ports.</p><p>WatchGuard's browser interface is well-designed and standard across all Firebox appliances. It opens with a tidy dashboard showing a breakdown of traffic for the top clients, web destinations, policies and applications with options to drill down for more detail on each entry.</p><p>Management choices are extensive, and you can load the WatchGuard System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. We run WatchGuard's Dimension as a VMware VM in the lab and after linking it to the T55-W, used it for viewing appliance utilisation plus an executive dashboard, global threat map and policy activity graphs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="BkeaLDSZ8Yaooxoff6CEbW" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/BkeaLDSZ8Yaooxoff6CEbW.png" mos="https://cdn.mos.cms.futurecdn.net/BkeaLDSZ8Yaooxoff6CEbW.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-rules-and-proxies">WatchGuard Firebox T55-W: Rules and proxies</h2><p>The T55-W uses proxies for all security services and there are plenty to choose as you have ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. Firewall rules are created for each proxy which define the interfaces they apply to and their actions - and WatchGuard provides wizards for all of them.</p><p>Highly granular web content filtering policies are possible where you choose from 130 Websense URL categories, enable blocking actions on the HTTP and HTTPS proxies, add exceptions and enable alerting. Anti-spam measures are just as easy to configure; you can select incoming SMTP, IMAP or POP3 traffic and block or tag spam messages.</p><p>Gateway AV scanning can be enabled on selected proxies, which you'll need running if you want to enable the APT service. This scans inbound files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.</p><p>We noticed that Dimension was reporting a total appliance memory usage of between 65-90% and WatchGuard advised us this is due to the demands of the new BitDefender AV engine. It can get close to the edge although we didn't encounter any performance issues during testing.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LPzbRidXQrhCuRYSQwJ8uS" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/LPzbRidXQrhCuRYSQwJ8uS.png" mos="https://cdn.mos.cms.futurecdn.net/LPzbRidXQrhCuRYSQwJ8uS.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-wireless-features">WatchGuard Firebox T55-W: Wireless features</h2><p>The T55-W can present up to three separate APs that act as DHCP relays or provide their own DHCP services. Along with all key encryption schemes, their SSIDs can be broadcast or hidden and you can apply client isolation so users on the same wireless network can't see each other.</p><p>Global wireless settings include 2.4GHz and 5GHz radio modes, a choice of channel widths and protection against the WPA/WPA2 KRACK vulnerability for unpatched wireless clients. Rogue AP detection can be enabled - but be careful when you schedule it as it will temporarily disable the appliance's APs while it's running.</p><p>If you want more APs, you can add any of WatchGuards's four available models and pair them with the appliance's wireless gateway controller. Once paired, you can assign SSIDs to their dual radios, enforce wireless security and apply custom firewall policies to the ports they are connected to.</p><h2 id="watchguard-firebox-t55-w-verdict">WatchGuard Firebox T55-W: Verdict</h2><p>The T55-W is a versatile security appliance that's well-suited to deployments in SMEs and enterprise branch or remote offices. For the price, it's offering a remarkable range of easily configured security features, all management components are inclusive and the icing on the on the cake is its integral wireless network services.</p><h2 id="verdict">Verdict</h2><p>SMEs that want tough gateway security, a good range of wireless services and a low price will find WatchGuard’s T55-W ticks all their boxes</p><p>Chassis: Desktop</p><p>Memory: 2GB RAM</p><p>Network: 5 x Gigabit (Port 4 with PoE)</p><p>Wireless: 2.4/5GHz 802.11ac</p><p>Other ports: 2 x USB 2, RJ-45 serial</p><p>Power: External PSU</p><p>Management: Web browser, WatchGuard Dimension/Command</p><p>Warranty: 3-year Gold 24/7 support</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XG 450 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/30411/sophos-xg-450-review</link>
                                                                            <description>
                            <![CDATA[ The XG 450 delivers tough and affordable enterprise security to mid-sized businesses ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Vwz18Y4peRDeud5vT9PB5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8b2w6MogyjxznQsDMkDEFU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 29 Jan 2018 16:18:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Antivirus]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/8b2w6MogyjxznQsDMkDEFU-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8b2w6MogyjxznQsDMkDEFU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Sophos has been busy expanding its security appliance offerings and its latest XG Firewall family now has a solution for every business environment, ranging from the smallest of offices right up to enterprises. On review we have the new XG 450 Rev. 2 which sits at the top of Sophos' mid-sized office portfolio and looks to offer an impressive range of security measures for a comparatively modest outlay.</p><p>Features have been improved with Sophos' SAC (synchronized application control) designed to catch those apps that other solutions leave behind. All the 1U rack models now have two fail-safe bypass ports and also support Sophos' FleXi port expansion modules.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security-appliances/28712/watchguard-firebox-t30-w-review" data-original-url="/security-appliances/28712/watchguard-firebox-t30-w-review">WatchGuard Firebox T30-W review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/29572/kerio-control-ng300w-review" data-original-url="/security/29572/kerio-control-ng300w-review">Kerio Control NG300W review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/30100/watchguard-firebox-m5600-review" data-original-url="/firewalls/30100/watchguard-firebox-m5600-review">WatchGuard Firebox M5600 review</a></p></div></div><p>The XG 450 comes with eight Gigabit and two 10GbE SFP+ ports as standard and has two expansion bays. Sophos offers optional FleXi modules with eight copper or fibre Gigabit, quad 10GbE copper or fibre and dual 40GbE QSFP+ ports.</p><p>There's plenty of power on tap too, with the XG 450 claiming a raw firewall throughput of 50Gbits/sec. Enable the IPS features and this drops to 10Gbits/sec - still very respectable as this price point.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="MJ9xzvYwMM6bRkE8AjyHge" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/MJ9xzvYwMM6bRkE8AjyHge.png" mos="https://cdn.mos.cms.futurecdn.net/MJ9xzvYwMM6bRkE8AjyHge.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="sophos-xg-450-review-options-and-deployment">Sophos XG 450 review: Options and deployment</h2><p>The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license, to which you can add a selection of subscription-based security features. The price we've shown is for a 3-year Enterprise Protect Plus and Enhanced Support agreement which costs 9,686 per year.</p><p>Along with the network and web protection modules, this activates the Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats such as ransomware. Go for the Enterprise Protect Full subscription and you'll get everything activated including email and web server protection.</p><p>Deployment is swift; we pointed a web browser at the appliance and followed the quick start wizard. This helped secure administrative access, set up LAN and WAN port address assignments and DHCP services, add an email address for alerting and choose the operation mode.</p><p>We plumped for routed mode, as we wanted the XG 450 to provide all security functions including firewalling. The appliance starts protection immediately, and the wizard created base security policies which activated web filtering for common unwanted categories and anti-malware scanning.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Aamp8cmEgP8a6eMbcFAHN3" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Aamp8cmEgP8a6eMbcFAHN3.png" mos="https://cdn.mos.cms.futurecdn.net/Aamp8cmEgP8a6eMbcFAHN3.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="sophos-xg-450-review-security-policies">Sophos XG 450 review: Security policies</h2><p>The web console dashboard offers an overview of all network activity and security issues, web traffic graphs and bar charts for blocked and allowed applications, plus detected network attacks. Our only issue is the Traffic Insight section frequently failed to update itself, requiring the page to be regularly refreshed.</p><p>After grouping the appliance's ports into zones, we applied firewall rules to source and destination zones along with associated networks and hosts. Other network objects include service filters, blocking actions and time schedules which can be applied within each rule.</p><p>It's worth setting up policies for web filtering, IPS and application controls first as these are referenced in your firewall rules. They are easy to create from the Protect section of the web console with web filtering offering over 90 categories and application controls providing over 3,000 predefined apps.</p><p>Sophos' identity-based security allows you to apply more versatile policies to users and groups which include data transfer limitations on uploads and downloads, and limits on daily, weekly, monthly and yearly usage. Clients authenticating to an external directory server will be automatically logged in while others can use the free Client Authentication Agent (CAA).</p><p>The appliance stores versions for Windows, Linux and Macs while free mobile apps are available for Android and iOS devices. We had no problems with the Windows CAA as it automatically found the appliance and once users had logged in, they appeared in the web console as live.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="s7SD6kk2qYTYdFeMwaVp5M" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/s7SD6kk2qYTYdFeMwaVp5M.png" mos="https://cdn.mos.cms.futurecdn.net/s7SD6kk2qYTYdFeMwaVp5M.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="sophos-xg-450-review-heartbeat-and-red">Sophos XG 450 review: Heartbeat and RED</h2><p>The Heartbeat features extends the firewall's reach into the cloud as it interacts with the Sophos Central Endpoint Protection service. It requires an Advanced license and after logging the XG 450 into our cloud account, all endpoint activity data was sent to the appliance which showed status icons in its home page.</p><p>Heartbeat alert conditions can be linked to firewall policies so if any endpoints detect threats, you can isolate all systems in the same zone. The SAC feature works in tandem with Heartbeat where it detects unknown applications running on Sophos Central endpoints and applies firewall policies to control them.</p><p>Business with lots of remote sites will like the RED (remote Ethernet device) option. Sophos offers three RED appliances (including one with wireless) and once you've entered the firewall's details, just ship them to the remote sites and they'll automatically create an encrypted connection with it and extend its protection.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="iU78pEQviV9hdY6GQzT8ZN" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/iU78pEQviV9hdY6GQzT8ZN.png" mos="https://cdn.mos.cms.futurecdn.net/iU78pEQviV9hdY6GQzT8ZN.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="sophos-xg-450-review-reporting">Sophos XG 450 review: Reporting</h2><p>Value looks even better as the appliance has an embedded syslog server which collects all logs and provides an impressive range of reports. Don't forget to enable firewall traffic logging in your rules; with this enabled, we could keep a close eye on firewall, virus, web content filtering and spam activity.</p><p>From the security dashboard, we could monitor all threats or select displays for web filtering, spam activity, intrusion attacks and much more. You can click on any graph to drill down for more detailed traffic information and Sophos includes compliance reports for all key data protection regulations.</p><h2 id="sophos-xg-450-review-verdict">Sophos XG 450 review: Verdict</h2><p>Along with its remarkably swift deployment, we were impressed with the depth of security features offered by the XG 450. Sophos has succeeded in seamlessly integrating everything together in a well-specified appliance that offers great performance at a sensible price.</p><h2 id="verdict-2">Verdict</h2><p>A good choice for larger businesses, the XG 450 is a high-performing security appliance that’s packed with features and has plenty of room to grow with demand</p><p>Chassis: 1U rack</p><p>CPU: 3.6GHz E3-1275 v5 Xeon</p><p>Memory: 16GB DDR4</p><p>Storage: 2 x 250GB Adata SFF SATA SSDs (mirrored)</p><p>Network: 8 x Gigabit, 2 x 10-Gigabit SFP+</p><p>Expansion: 2 x FleXi module slots</p><p>Power: Hot-plug 300W PSU (max 2)</p><p>Local ports: USB 3, HDMI, RJ-45 console</p><p>Management: Web browser</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The IT Pro Product of the Year Awards ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/hardware/30187/the-it-pro-product-of-the-year-awards</link>
                                                                            <description>
                            <![CDATA[ It's been a banner year for tech hardware - here's our picks of 2017's best kit ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">c4uFJwY2gS2ZcmNnykHDYn</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QeFbRdgJV87377ZBAZeWYa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 27 Dec 2017 09:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Servers &amp; Storage]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Adam Shepherd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/3n2BoLAtRj8Z5eRfxtwyK8.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/QeFbRdgJV87377ZBAZeWYa-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QeFbRdgJV87377ZBAZeWYa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>2017 has been an excellent year for technology and hardware. Consumers have been wowed by the likes of the Samsung Galaxy S8 and a list of redesigned Apple products, while businesses have been able to take advantage of unparalleled processing power thanks to servers from companies like HPE and Dell.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/laptops/23742/best-laptops" data-original-url="/laptops/23742/best-laptops">Best business laptops 2023: Top business notebooks from Acer, Asus, Dell, Apple and more</a> Best printers 2021: For all your printing, scanning and copying needs <a data-analytics-id="inline-link" href="https://www.itpro.com/nas/27920/best-nas-drives" data-original-url="/nas/27920/best-nas-drives">Best NAS drives 2023: Which network storage appliance is right for you?</a></p></div></div><p>With such a wealth to choose from, it's hard to pick which products have been most impressive, but with some careful thought, we've sifted through the year's launches to bring you <em>IT Pro</em>'s top products of the year.</p><h2 id="best-laptop">Best laptop</h2><h3 class="article-body__section" id="section-winner-apple-macbook-pro"><span>Winner - Apple MacBook Pro</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="idVCUVSfFLz6sYzJZCyjDA" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/idVCUVSfFLz6sYzJZCyjDA.jpg" mos="https://cdn.mos.cms.futurecdn.net/idVCUVSfFLz6sYzJZCyjDA.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Apple's top-end MacBook models are widely regarded as the gold standard in business-class notebooks, and with good reason. Combining a sleek and stylish design with nigh-unbeatable performance thanks to 2017's upgraded Kaby Lake model, the MacBook Pro is an absolute powerhouse for everyone from developers to designers.</p><p>It's not entirely without problems - we wish Apple had included a couple of ports besides Thunderbolt 3, for example, and the Touch Bar version has some battery life problems - but features like the ultra-shallow keyboard and mammoth trackpad set it apart from its competition.</p><h3 class="article-body__section" id="section-highly-commended-lenovo-thinkpad-x1-carbon"><span>Highly commended - Lenovo ThinkPad X1 Carbon</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Q74qmiyUDrygURBUWxAHQG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Q74qmiyUDrygURBUWxAHQG.jpg" mos="https://cdn.mos.cms.futurecdn.net/Q74qmiyUDrygURBUWxAHQG.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Another heavyweight in the enterprise hardware space, Lenovo's venerable ThinkPad range has a sterling pedigree. The ThinkPad X1 Carbon is sturdy, reliable and well-suited to tasks of all stripes, with a truly excellent keyboard and finely-tuned features for businesses.</p><h2 id="best-tablet">Best tablet</h2><h3 class="article-body__section" id="section-winner-apple-ipad-pro"><span>Winner - Apple iPad Pro</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Ra7D9QjPARHKy5EKEYW6j7" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Ra7D9QjPARHKy5EKEYW6j7.jpg" mos="https://cdn.mos.cms.futurecdn.net/Ra7D9QjPARHKy5EKEYW6j7.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Apple has thoroughly dominated the tablet computing category this year - and not just because it's been one of the only companies to release a premium tablet. The company's devices have been sophisticated, powerful and portable, and the iPad Pro is the perfect combination of all three.</p><p>The Apple Pencil support made it an excellent choice for designers and artists, but now that Apple has introduced a file manager and a suite of proper multi-tasking capabilities, the iPad Pro can genuinely be considered as a laptop replacement. Showcasing the very best of Apple's design abilities, both the 10.5in and 12.9in iPad Pro models are the pinnacle of tablet design.</p><h3 class="article-body__section" id="section-highly-commended-apple-ipad"><span>Highly commended - Apple iPad</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="MDxqjfe34GksjkbzJDsrrD" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/MDxqjfe34GksjkbzJDsrrD.jpg" mos="https://cdn.mos.cms.futurecdn.net/MDxqjfe34GksjkbzJDsrrD.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>If you can't quite bear to part with the 620 starting price of the iPad Pro, Apple's entry-level iPad makes a handy compromise. While it doesn't have the full range of productivity features seen on the Pro range, the basic iPad is still sleek and speedy enough for day-to-day use.</p><h2 id="best-2-in-1">Best 2-in-1</h2><h3 class="article-body__section" id="section-winner-microsoft-surface-pro"><span>Winner - Microsoft Surface Pro</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="thcWpDcMFz2a43kWpMnHJ5" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/thcWpDcMFz2a43kWpMnHJ5.jpg" mos="https://cdn.mos.cms.futurecdn.net/thcWpDcMFz2a43kWpMnHJ5.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>One look at how many companies have aped the design of Microsoft's flagship convertible should give you a good indication of how popular the Surface Pro is. The kickstand design is elegant and intuitive, and the keyboard is one of the most satisfying typing experiences we've had, whilst also being amazingly thin and light.</p><p>There's no compromise on components, either; the 12.3in screen is pin-sharp and absolutely gorgeous to boot, and one of Intel's seventh-generation processors provides a serious amount of oomph. Forget compromise; this 2-in-1 does everything a laptop can, and then some.</p><h3 class="article-body__section" id="section-highly-commended-hp-elite-x2-folio"><span>Highly commended - HP Elite X2 Folio</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Tz2BoSVeRJp2RCrSju8hdX" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Tz2BoSVeRJp2RCrSju8hdX.jpg" mos="https://cdn.mos.cms.futurecdn.net/Tz2BoSVeRJp2RCrSju8hdX.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>While it's definitely borrowing some design inspiration from the Surface Pro, the HP Elite X2 Folio brings a few things to the table that Microsoft's device doesn't. It's user-upgradeable, for example, which could end up saving corporate IT departments a whole heap of time and money in the long term.</p><h2 id="best-chromebook">Best Chromebook</h2><h3 class="article-body__section" id="section-winner-google-pixelbook"><span>Winner - Google Pixelbook</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="yfiP2YjubPyHjjL2yLKNZg" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/yfiP2YjubPyHjjL2yLKNZg.jpg" mos="https://cdn.mos.cms.futurecdn.net/yfiP2YjubPyHjjL2yLKNZg.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Chromebooks aren't just cheap and cheerful laptops for schools, and Google's out to prove it with the Pixelbook. A razor-thin body and eye-catching design is backed up by surprisingly powerful internal hardware and all the AI-powered software features you'd expect from a flagship Google product.</p><p>What's more, improvements to Chrome OS and the ability to run Android apps mean that the Pixelbook is (very nearly) as versatile and capable as a standard Windows laptop. It's expensive, but it's liable to inspire serious notebook envy wherever you go.</p><h3 class="article-body__section" id="section-highly-commended-hp-chromebook-13"><span>Highly commended - HP Chromebook 13</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="5jcW737jHA8XKrzoJBdzV8" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/5jcW737jHA8XKrzoJBdzV8.jpg" mos="https://cdn.mos.cms.futurecdn.net/5jcW737jHA8XKrzoJBdzV8.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>At around 600, the HP Chromebook 13 is much more affordable than the pricey Pixelbook, without making too much of a compromise on design or performance. Like most Chromebooks, it'll struggle with seriously heavy-duty workloads, but for general tasks, this lightweight machine should perform very well indeed.</p><h2 id="best-smartphone">Best smartphone</h2><h3 class="article-body__section" id="section-winner-samsung-galaxy-s8"><span>Winner - Samsung Galaxy S8</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ZDtSfgNpthsRePkU65hntj" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/ZDtSfgNpthsRePkU65hntj.jpg" mos="https://cdn.mos.cms.futurecdn.net/ZDtSfgNpthsRePkU65hntj.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>2017 has been a truly excellent year for smartphones, and the Samsung Galaxy S8 has been firmly leading the charge. The first major smartphone out of the gate with an edge-to-edge OLED display, the S8 set an example followed by companies like OnePlus, Honor and even Apple.</p><p>Combine this with one of the best smartphone cameras we've ever seen, super-quick internals and a very capable battery life, and it all adds up to a device that's very attractive indeed. Move over, iPhone; there's a new king in town.</p><h3 class="article-body__section" id="section-highly-commended-google-pixel-2"><span>Highly commended - Google Pixel 2</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8qP7jrKQH9Vj78rPJhZmbJ" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/8qP7jrKQH9Vj78rPJhZmbJ.jpg" mos="https://cdn.mos.cms.futurecdn.net/8qP7jrKQH9Vj78rPJhZmbJ.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The follow up to last year's surprise hit, the Google Pixel 2 is a deeply impressive piece of technology powered by intelligent AI features and smart UI design. Its real selling-point is an absolutely world-class camera, which has yet to be beaten by any other smartphone. Were it not for a slightly underwhelming screen, the Pixel 2 would be topping our list this year.</p><h2 id="best-1u-server">Best 1U server</h2><h3 class="article-body__section" id="section-winner-dell-emc-poweredge-r640"><span>Winner - Dell EMC PowerEdge R640</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="dn5eXQpMn3vhXCRT3Vp2M5" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/dn5eXQpMn3vhXCRT3Vp2M5.jpg" mos="https://cdn.mos.cms.futurecdn.net/dn5eXQpMn3vhXCRT3Vp2M5.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The Dell EMC PowerEdge R640 is part of the company's recently-launched 14th generation of servers, and Dell has pulled out all the stops to cram this space-efficient 1U rack server full of storage and power. Not only does it have full support for Intel's Xeon Scalable processors, it's also got some mightily impressive storage options.</p><p>On top of that, Dell's iDRAC9 management console is a smash hit, offering a comprehensive overview of operational information, security-centric features and outstanding remote management and administration capabilities. It's every bit the equal of HPE's superb iLO5 controller.</p><h3 class="article-body__section" id="section-highly-commended-lenovo-thinksystem-sr630"><span>Highly commended - Lenovo ThinkSystem SR630</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="n2gV57rtESMUMYFihe8cXQ" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/n2gV57rtESMUMYFihe8cXQ.jpg" mos="https://cdn.mos.cms.futurecdn.net/n2gV57rtESMUMYFihe8cXQ.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Expansion potential is the name of the game here, with Lenovo's ThinkSystem SR630 offering plenty of internal space for further upgrades, despite a compact 1U form factor, and Xeon Scalable processor support for improved performance. More importantly, the XClarity Controller will make remote management a breeze.</p><h2 id="best-2u-server">Best 2U server</h2><h3 class="article-body__section" id="section-winner-dell-emc-poweredge-r740xd"><span>Winner - Dell EMC PowerEdge R740xd</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kK2UicLktuE9h2gfLBHmUc" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/kK2UicLktuE9h2gfLBHmUc.jpg" mos="https://cdn.mos.cms.futurecdn.net/kK2UicLktuE9h2gfLBHmUc.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The first server in Dell EMC's 14th-generation PowerEdge line, the PowerEdge R740xd is an excellent example of what customers can expect from the company now that the merger between Dell and EMC has been completed. Remote management capabilities have been improved, and EMC's expertise has been put to use with a superb array of storage features.</p><p>It's also a powerful showcase of Intel's relatively new enterprise-grade Skylake-SP Xeon processors. The R740xd supports the whole family, all the way up to Intel's 28-core Platinum Xeon monster, and its sheer processing power is tough to beat. Blue-chip vendors, take note: this is how it's done.</p><h3 class="article-body__section" id="section-highly-commended-hpe-proliant-dl380-gen10"><span>Highly commended - HPE ProLiant DL380 Gen10</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="GjHmDZ99XfLjvTwGtXmdkG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/GjHmDZ99XfLjvTwGtXmdkG.jpg" mos="https://cdn.mos.cms.futurecdn.net/GjHmDZ99XfLjvTwGtXmdkG.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Like the PowerEdge, HPE's tenth-generation flagship 2U server features Xeon Scalable processor support and extensive storage options. It's an improvement over the previous iteration in just about every way, and it's got the huge room for expansion too, making it a great option for growing businesses.</p><h2 id="best-tower-server">Best tower server</h2><h3 class="article-body__section" id="section-winner-hpe-proliant-ml110-gen10"><span>Winner - HPE ProLiant ML110 Gen10</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vA6QxEtDJZRd59K3VAsk3F" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/vA6QxEtDJZRd59K3VAsk3F.jpg" mos="https://cdn.mos.cms.futurecdn.net/vA6QxEtDJZRd59K3VAsk3F.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Smaller businesses on a tighter budget may think that cutting-edge Xeon Scalable servers are out of their reach, but not anymore. The 10th-generation update to HPE's ProLiant ML110 tower server brings SMBs excellent performance coupled with generous expansion options.</p><p>It also comes with HPE's outstanding iLO5 management controller, providing plenty of remote management, monitoring, and security features. For smaller organisations that want a heavyweight server without the top-end price tag, this is an excellent choice.</p><h3 class="article-body__section" id="section-highly-commended-fujitsu-server-primergy-tx1320-m3"><span>Highly commended - Fujitsu Server Primergy TX1320 M3</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Z5pyixZFwS5PqgLYr7fq28" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Z5pyixZFwS5PqgLYr7fq28.jpg" mos="https://cdn.mos.cms.futurecdn.net/Z5pyixZFwS5PqgLYr7fq28.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>If you're tight on space, Fujitsu's smallest-ever tower server will be right up your street. Not only that, but it's also great value. Combine that with beefy Xeon processors and heaps of clever design features to make the most of the limited internal space, and you've got a very capable package.</p><h2 id="best-security-appliance">Best security appliance</h2><h3 class="article-body__section" id="section-winner-watchguard-firebox-t70"><span>Winner - WatchGuard Firebox T70</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vuk636HRsMABkByQmBWuZS" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/vuk636HRsMABkByQmBWuZS.jpg" mos="https://cdn.mos.cms.futurecdn.net/vuk636HRsMABkByQmBWuZS.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The biggest thing that the WatchGuard Firebox T70 has going for it is its virtually unbeatable price. Not only is it extremely competitive, it's also one of the highest-performing desktop appliances we've ever seen, with 4GBits/sec firewall throughput.</p><p>It's bundled with a year's subscription to WatchGuard's enterprise-class software suite too, including anti-spam, anti-virus and web-content filtering, as well as a Gold-level support subscription. Lastly, it has top-notch monitoring features for ultimate peace of mind.</p><h3 class="article-body__section" id="section-highly-commended-kerio-control-ng300w"><span>Highly commended - Kerio Control NG300W</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="NWSFWbMqSg5bwHBw9As9p7" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/NWSFWbMqSg5bwHBw9As9p7.jpg" mos="https://cdn.mos.cms.futurecdn.net/NWSFWbMqSg5bwHBw9As9p7.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The Kerio Control NG300W is one sturdy UTM appliance, with four Gigabit Ethernet ports, a 2.4GHz Intel Atom CPU, and an inbuilt heatsink. It doesn't fall down on security features either, offering a comprehensive and well-rounded package. The only absence is anti-spam features, but otherwise, it's an excellent security appliance.</p><h2 id="best-storage-array">Best storage array</h2><h3 class="article-body__section" id="section-winner-hpe-msa-2052-storage"><span>Winner - HPE MSA 2052 Storage</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="5DH4wCKgowofATjkHDjEfH" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/5DH4wCKgowofATjkHDjEfH.jpg" mos="https://cdn.mos.cms.futurecdn.net/5DH4wCKgowofATjkHDjEfH.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>HPE has raised the bar with its 5th-gen MSA 2052 storage appliance, doubling the performance of an already-excellent array whilst keeping it at the same wallet-friendly price as its predecessor.</p><p>Performance is accordingly excellent, and it's twinned with a load of powerful features to make virtualisation, deployment, and recovery as easy as possible. Considering that it includes HPE's full suite of data tiering capabilities as well, it's a steal.</p><h3 class="article-body__section" id="section-highly-commended-broadberry-cyberstore-224s-wss-rack"><span>Highly commended - Broadberry CyberStore 224S-WSS rack</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tDaDpLDfQt5fcAD9bF9kfT" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/tDaDpLDfQt5fcAD9bF9kfT.jpg" mos="https://cdn.mos.cms.futurecdn.net/tDaDpLDfQt5fcAD9bF9kfT.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Despite going up against titans like HPE, Dell EMC, and Fujitsu, Broadberry was first out of the gate with a Windows Storage Server 2016 appliance - and for a very attractive price, too. On top of that, the Broadberry CyberServe 224S-WSS comes with 26 hot-swap SFF drive bays, heaps of network connection options, twin Intel Xeon E5-2620 v4 processors and 64GB of RAM.</p><h2 id="best-nas-drive">Best NAS drive</h2><h3 class="article-body__section" id="section-winner-qnap-ts-1685-desktop"><span>Winner - Qnap TS-1685 desktop</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="9w5SEW2GW3EZMgN9NnXykD" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/9w5SEW2GW3EZMgN9NnXykD.jpg" mos="https://cdn.mos.cms.futurecdn.net/9w5SEW2GW3EZMgN9NnXykD.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>For those that want high-volume desktop storage capabilities, it's hard to beat Qnap's TS-1685. Not only does it feature 16 hot-swap drive bays, it's also got blazing network performance thanks to its four 10GbE Ethernet ports, and support for expansion via additional PCIe cards.</p><p>You'll be hard-pressed to match its performance in terms of disk read and write speeds as well. Add in a whole heap of backup and storage features, and the TS-1685 is a superb addition to any small office setup.</p><h3 class="article-body__section" id="section-highly-commended-netgear-readynas-rn426"><span>Highly commended - Netgear ReadyNAS RN426</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="bTp24Usvd3L9nkaimKxZsF" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/bTp24Usvd3L9nkaimKxZsF.jpg" mos="https://cdn.mos.cms.futurecdn.net/bTp24Usvd3L9nkaimKxZsF.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Data protection is top of the priority list for this SMB-friendly NAS drive. Backup performance is excellent, with cloud sharing, disaster recovery and snapshot features aplenty. It's also nice and hardy, thanks to its rock-solid steel construction.</p><h2 id="best-printer">Best printer</h2><h3 class="article-body__section" id="section-winner-xerox-versalink-c400dn"><span>Winner - Xerox VersaLink C400DN</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="6M9mwbo25Dq9aMMiwWFRj4" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/6M9mwbo25Dq9aMMiwWFRj4.jpg" mos="https://cdn.mos.cms.futurecdn.net/6M9mwbo25Dq9aMMiwWFRj4.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The first thing that's likely to attract SMBs Xerox's VersaLink C400DN is the low price, but one of the most useful features is the large variety of onboard apps available for it, including heaps of cloud and network printing tools. It's also one of the rare printers that supports wired and wireless networking simultaneously.</p><p>Print quality is absolutely superb, delivering razor-sharp and detail-packed pictures and documents at exceptional speeds. As if that wasn't enough Xerox offers a lifetime on-site warranty - all you have to do is buy a toner pack in the last 60 days of your warranty period, and the company will renew it for another year. Can't say fairer than that.</p><h3 class="article-body__section" id="section-highly-commended-brother-mfc-l8900cdw-mfp"><span>Highly commended - Brother MFC-L8900CDW MFP</span></h3><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="bFAAbR22AnSonyGoezk4Do" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/bFAAbR22AnSonyGoezk4Do.jpg" mos="https://cdn.mos.cms.futurecdn.net/bFAAbR22AnSonyGoezk4Do.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Although its initial purchase price isn't as attractive as some of its rivals, this A4 laser printer makes up for it with a battery of excellent cloud and security features, combined with speedy, high-quality prints. Running costs are reasonable, too, so TCO shouldn't be a problem later down the line.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IT contractor guilty of interfering with US Army database ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/29545/it-contractor-guilty-of-interfering-with-us-army-database</link>
                                                                            <description>
                            <![CDATA[ The disgruntled ex-employee now faces a decade in prison and expensive fines ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">48QbLaQ6aaAn2gxZEX4Ufq</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EzXC4maJyLCYvcpD9JWmmT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 22 Sep 2017 14:57:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Hannah Simms ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EzXC4maJyLCYvcpD9JWmmT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Army tank]]></media:description>                                                            <media:text><![CDATA[Army tank]]></media:text>
                                <media:title type="plain"><![CDATA[Army tank]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EzXC4maJyLCYvcpD9JWmmT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Mittesh Das, an IT contractor, has been found guilty by a jury in North Carolina for planting a "logic bomb" within the US military system with the intent to cause damage to a computer used for facilitating national security in November 2014.</p><p>Das, who used to control part of the US Army Database that managed the payroll systems, was replaced in 2014 when the contract was given to another company. It was after this incident that he initiated the destructive coding which was scheduled to go off just days after he left.</p><p>His "bomb" affected almost 200,000 US Army reservists as it delayed paychecks for an average 17 days and prevented the mobilisation of the US Army in December 2014.</p><p>The US Army Criminal Investigation Command (CID) investigated servers in Fort Bragg shortly after the incident which lead to his arrest in April 2016. Although the extensive damage was eventually fixed, according to the US Department of Justice, the labour costs for the US Army totalled $2.6 million.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/26255/syrian-electronic-army-put-at-top-of-fbis-most-wanted-list" data-original-url="/security/26255/syrian-electronic-army-put-at-top-of-fbis-most-wanted-list">Syrian Electronic Army put at top of FBI's Most Wanted list</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/90774/fbi-swoop-at-us-hacker-convention" data-original-url="/90774/fbi-swoop-at-us-hacker-convention">FBI swoop at US hacker convention</a></p></div></div><p>The court document states that Das "knowingly caused the transmission of a program, information, code, and command" and that in doing so, "intentionally caused damage without authorisation to protected computers, which would and did cause damage affecting a computer used by and for an entity of the United States Government in furtherance of national defence and national security". </p><p>Daniel Andrews, director of the CID, warns against these cyber crimes, stating that they "will do everything in our power to help bring to justice those who attempt to sabotage or disrupt US Army operations in the defense of our nation". </p><p>Das will be sentenced on January 9 and faces up to 10 years in prison and fines up to $250,000.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T30-W review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security-appliances/28712/watchguard-firebox-t30-w-review</link>
                                                                            <description>
                            <![CDATA[ Affordable and packed to the gills with gateway security measures – a top choice for SMBs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bGBoghmj6RaUpKTokBJfeP</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/DYJhKrfjfMLvHM3VqHmPWh-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 May 2017 10:33:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/DYJhKrfjfMLvHM3VqHmPWh-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/DYJhKrfjfMLvHM3VqHmPWh-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>SMEs that want an on-premises network security solution will find WatchGuard's Firebox T30-W a great choice that won't be beaten for features and value. This tomato-red desktop box delivers every gateway security service they could possibly need and the icing on the cake is its integral wireless 11ac dual-band AP and wireless gateway controller for WatchGuard's own APs.</p><p>Prices start at only 942 which gets you the appliance and a one-year Security Suite subscription. This activates anti-virus, anti-spam, web content filtering, IPS, HTTPS inspection, application controls and WatchGuard's reputation enabled defence.</p><p>A one-year Total Security Suite subscription costs 1,323 and adds Watchguard's data leak prevention (DLP) and advanced persistent threat (APT) blocker services. Don't worry about deployment either as both suites includes a free remote setup and configuration session with a WatchGuard in-house engineer.</p><p>There's more, as WatchGuard's latest FireWare software adds geolocation, which allows traffic to or from specific countries to be blocked. The new threat detection and response (TDR) cloud subscription service uses locally installed host sensors to collect forensics data and provide policy-based endpoint protection for Windows servers and desktops.</p><p>The T30-W has five Gigabit ports for LAN, WAN and DMZ duties with the fourth LAN port PoE enabled. Performance looks good too, as the appliance claims top firewall and UTM throughputs of 620Mbits/sec and 135Mbits/sec.</p><p>Installation is swift, as the appliance's web browser wizard handed us secure internet access in five minutes. It also enabled the mixed routing mode where all ports appear as separate interfaces allowing different security policies to be applied to network segments.</p><p>WatchGuard uses proxies to control various traffic types and includes ones for HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP. These are also much easier to set up now, as wizards guided us through configuring each proxy and applying actions.</p><p>For web content filtering, we chose from over 120 URL categories, added blocking actions for HTTP and HTTPS traffic and let the wizard create a firewall rule for our new policy. Gateway anti-virus is enforced simply by enabling it on selected proxies while the spamBlocker anti-spam measures use POP3 proxy actions to transparently scan traffic and tag qualifying emails as spam, suspect and bulk.</p><p>The spamBlocker service doesn't provide quarantining services so we needed to create email client rules to decide how to handle tagged messages. We could also scan traffic inbound to an internal mail server with an SMTP proxy action set to use the server's IP address.</p><p>The geolocation feature provides a global real-time map showing where traffic is emanating from or going to and blocking it is swift as you just click on the country area to turn it red. Controlling app usage doesn't get any easier either as the appliance has entries for over 1,800 including all popular social networks.</p><p>VPN services are excellent as the T30-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. For mobile IPsec VPNs, the appliance creates a configuration file which provides quick setup of Watchguard's Windows, iOS and Android clients as well as the Shrew Soft VPN client.</p><p>Value gets even better as, unlike some appliance vendors, WatchGuard doesn't sting you for reporting software. On-appliance reporting includes the handy FireWatch feature and we use WatchGuard's free Dimension software on our VMware host to monitor and report on multiple Fireboxes.</p><p>Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard's Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security-appliances/28138/watchguard-firebox-t70-review" data-original-url="/security-appliances/28138/watchguard-firebox-t70-review">WatchGuard Firebox T70 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/unified-threat-management/25376/watchguard-firebox-m300-review" data-original-url="/unified-threat-management/25376/watchguard-firebox-m300-review">Watchguard Firebox M300 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/26371/watchguard-firebox-t30-review" data-original-url="/firewalls/26371/watchguard-firebox-t30-review">WatchGuard Firebox T30 review</a></p></div></div><h2 id="verdict-3">Verdict</h2><p>Small and medium-sized businesses looking for seriously strong network protection at an affordable price will find WatchGuard’s Firebox T30-W ticks all the boxes. It has all the best security features, can be customized to suit and is very easy to deploy.</p><p>Desktop chassis; 1GB RAM; 5 x Gigabit (PoE on LAN port 4); 2 x USB 2, RJ-45 serial port, external PSU; web browser and Dimension management</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T70 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security-appliances/28138/watchguard-firebox-t70-review</link>
                                                                            <description>
                            <![CDATA[ With top performance and features, the Firebox T70 is an enterprise-class security appliance at an SMB price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sDqTiLFvSESNnZe8PJ6zh4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/rZwKtuV9xWDN5NFMJh83CP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 16 Feb 2017 11:52:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/rZwKtuV9xWDN5NFMJh83CP-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/rZwKtuV9xWDN5NFMJh83CP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>WatchGuard's Firebox T70 could be the perfect security solution for bandwidth-hungry workforces, thanks to the highest performance we've seen in a desktop appliance. This desktop box claims a remarkable 4Gbits/sec raw firewall throughput; even with all UTM services enabled, it can still handle more than 1Gbit/sec.</p><p>Even better, this exceptional performance comes at a very reasonable price: the appliance costs only 2,178 exc VAT, with a one-year subscription to WatchGuard's Total Security Suite. That compares favourably to the competition: SonicWALL's NSA 3600, for example, has a lower 3.4Gbits/sec raw firewall throughput, and the hardware alone costs over three grand.</p><p>The Total Security Suite lives up to its name, too. It activates WatchGuard's web-content filtering features, plus application controls, anti-spam, gateway antivirus, network discovery, IPS, reputation-enabled defence, data loss prevention (DLP) and an advanced persistent threat (APT) blocker. A Gold Support subscription is included as well.</p><p>The T70 isn't lacking in the hardware department, either. It sports eight Gigabit ports for LAN, WAN and DMZ duties - and the sixth and seventh LAN ports are PoE-enabled, so you can easily add wireless APs or IP cameras.</p><p>When it came to deployment, the network discovery tool automatically scanned our lab network, and after around 30 minutes presented us with a list of all systems. Any new systems that we subsequently placed on the network appeared in the list after a few seconds. Our only niggle is that the OS identification isn't perfect: a Windows Server 2012 R2 system was wrongly identified as running Windows 8 or 8.1.</p><p>Setting up firewall-protected internet access took less than five minutes, thanks to a helpful wizard. Traffic is handled by a variety of different dedicated proxies - including HTTP, HTTPS, FTP, SIP, POP3 and SMTP - and these too can be configured with wizards. Web content filtering is thus reduced to a three-step process: we were able to choose from over 120 URL categories and applied HTTP and HTTPS filtering, and on completion a new firewall rule was generated for us.</p><p>Gateway antivirus and WatchGuard's spamBlocker services are just as easy to set up. For the latter, you can apply actions to tag dodgy emails as spam, suspect or bulk. Once gateway AV is enabled, you can use the APT blocker service that transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to see if they're known malware.</p><p>A nice touch in the web console is the padlock symbol at the top of each screen to prevent accidental changes. This must be unlocked by clicking on it before the appliance will accept any configuration changes.</p><p>The T70 doesn't have integral wireless services, but it can manage WatchGuard's own APs. We paired an AP200 with the T70 and were able to assign SSIDs to its dual radios, enforce client isolation for guest networks, and choose which security services to apply to wireless traffic.</p><p>The T70 can also help maintain mobile security by querying the OS of connected Android and iOS devices and blocking access if they don't meet a minimum requirement. We tested this using an iPad loaded with the FireClient app: initially, the T70 blocked it for non-compliance, but we quickly realised that this was because only iOS 8 and 9 are accepted by default. As soon as we added iOS 10 in the policy, we were good to go.</p><p>One final feature worth noting is the Dimension monitoring system. This provides a wealth of information, including an executive dashboard, global threat maps and security service graphs. Businesses with multiple Fireboxes can take advantage of the Dimension Command feature - included in the Total Security Suite - which centralises appliance management in one place, as well as adding tabs for mobile devices and wireless APs.</p><p>High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/22933/watchguard-firebox-t10-review" data-original-url="/security/22933/watchguard-firebox-t10-review">WatchGuard Firebox T10 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/26371/watchguard-firebox-t30-review" data-original-url="/firewalls/26371/watchguard-firebox-t30-review">WatchGuard Firebox T30 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/unified-threat-management/25376/watchguard-firebox-m300-review" data-original-url="/unified-threat-management/25376/watchguard-firebox-m300-review">Watchguard Firebox M300 review</a></p></div></div><p><strong><em>This review originally appeared in PC Pro issue 268.</em></strong></p><h2 id="verdict-4">Verdict</h2><p>High-performing UTM appliances usually come with a price premium, so the Firebox T70 stands well apart from the crowd. It offers SMBs a wealth of security measures, teamed with a super set of remote-management tools, at an extremely competitive price.</p><p>Desktop chassis</p><p>2GB RAM</p><p>8 x Gigabit Ethernet (PoE on ports 6 & 7)</p><p>2 x USB 2</p><p>RJ-45 serial port</p><p>External PSU</p><p>Web browser management</p><p>Options: Appliance with 3yr Total Security Suite, £3,977 exc VAT</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Russia investigates Microsoft for 'abusing antivirus dominance' ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/antivirus/27562/russia-investigates-microsoft-for-abusing-antivirus-dominance</link>
                                                                            <description>
                            <![CDATA[ Kaspersky: Windows 10 deletes rivals' antivirus apps and installs Windows Defender ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7WDhijdDjagPj8BceZnvwu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iBN5XN9Pa9q83iPiUcp8ni-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 14 Nov 2016 14:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Antivirus]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Ingrid Fadelli ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iBN5XN9Pa9q83iPiUcp8ni-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Sign]]></media:description>                                                            <media:text><![CDATA[Microsoft Sign]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Sign]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iBN5XN9Pa9q83iPiUcp8ni-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Kaspersky has accused Microsoft of promoting its own antivirus products over those belonging to rivals.</p><p>Russia's Federal Antimonopoly Service (FAS) is currently investigating the claim, with Kaspersky complaining that Microsoft is "using its dominating position in the market of operating systems to create competitive advantages for its own product."</p><p>The product in question is Microsoft's Windows Defender antivirus, which competes with some products offered by Kaspersky Labs.</p><p>In a <a href="https://eugene.kaspersky.com/2016/11/10/thats-it-ive-had-enough" target="_blank">blog post</a>, Kaspersky CEO Eugene Kaspersky said he'd "had enough", accusing the Windows 10 operating system of uninstalling incompatible antivirus apps and replacing them with Microsoft ones.</p><p>He wrote: "When you upgrade to Windows 10, Microsoft automatically and without any warning deactivates all 'incompatible' security software and in its place installs... you guessed it - its own Defender antivirus. But what did it expect when independent developers were given all of one week before the release of the new version of the OS to make their software compatible?</p><p>"Even if software did manage to be compatible according to the initial check before the upgrade, weird things tended to happen and Defender would still take over."</p><p>Kaspersky also said that when users have compatible protection already installed, Defender shoots an "alarming window", stating that it is switched off as the user has another antivirus installed.</p><p>"There's a big juicy Defender 'Turn on' button too. Of course, many users will be inclined to press this button: 'well, it's from Microsoft - the people who make the OS; must be good; no harm in turning it on for sure'," reads the blog post.</p><p>However, clicking on this button would also deactivate a user's existing antivirus, without any direct notification.</p><p>In addition to this, Kaspersky claims Microsoft limited the possibility for independent security developers to warn users about a product's expiring licence by burying such notifications.</p><p>According to the CEO, Windows 10 would only be allowed to have one or two antiviruses installed (two only in the case in which one of these is Defender).</p><p>Kaspersky said: "The trend is clear: Microsoft is gradually squeezing independent developers out of the Windows ecosystem if it has its own application for this or that purpose."</p><p>In September, Russia had also announced it would start replacing some Microsoft products with local software.</p><p>Russia's deputy head of the FAS, Anatoly Golomolzin, said in a <a href="http://en.fas.gov.ru/press-center/news/detail.html?id=47756" target="_blank">statement</a>: "Since Microsoft itself develops antivirus software - Windows Defender that switches on automatically if third-party software fails to adapt to Windows 10 in due time, such actions lead to unreasonable advantages for Microsoft on the software market. Our task is to ensure equal conditions for all participants on this market."</p><p>A Microsoft spokesperson commented: "Microsoft Russia and Kaspersky Lab have a long history of cooperation in different areas. Microsoft is committed to work in full compliance with Russian law. The company hasn't received an official notification from FAS. As soon as we get it, we will review it carefully." </p><p><strong>This article was originally published at 11.55am on 14 November. It was subsequently updated with Microsoft's comment at 2pm the same day.</strong></p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/windows-xp-windows-7-migration/20272/microsoft-vs-windows-xp" data-original-url="/operating-systems/windows-xp-windows-7-migration/20272/microsoft-vs-windows-xp">Microsoft vs Windows XP</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/operating-systems/23212/windows-10-release-first-take" data-original-url="/operating-systems/23212/windows-10-release-first-take">Windows 10 release: First take</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/networking/27555/russia-has-officially-banned-linkedin" data-original-url="/networking/27555/russia-has-officially-banned-linkedin">Russia has officially banned LinkedIn</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ EU-funded project calls on advanced authentication tech to stamp out student cheats ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/desktop-software/26335/eu-funded-project-calls-on-advanced-authentication-tech-to-stamp-out-student</link>
                                                                            <description>
                            <![CDATA[ Behavioural biometrics software is a capable of identifying users from keyboard strokes ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rfKbH1YQFRKKMrsCapQ13n</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qZBigH5tvnCwcpAuByckU8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 Apr 2016 12:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hacking]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Aaron Lee ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qZBigH5tvnCwcpAuByckU8-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacking on keyboard]]></media:description>                                                            <media:text><![CDATA[Hacking on keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Hacking on keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qZBigH5tvnCwcpAuByckU8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>An EU-funded to project to identify and end students cheating in exams and coursework will make use of new identity validation software capable of telling the difference between users based on their typing habits.</p><p>Watchful Software, headquartered in New York, is providing its TypeWatch keystroke dynamics technology to the Adaptive Trust-based e-assessment System for Learning (TeSLA) project.</p><p>"What we've developed is a way to do keystroke dynamics as a way to understand who the user interacting with the computer is, anywhere, just by the way that user types. It's kind of like a biometrics, but without the hardware, or a need to have an analysis of the face or even a fingerprint," Rui Melo Biscaia, founder and director of Watchful Software told <em>IT Pro</em>.</p><p>Watchful's software uses an algorithm to discern who a user is based on behavioural biometrics, and requires less than Twitter's 140-character limit in order to verify the user.</p><p>The technology is not dependent on language, meaning it can be used by cultures that use non-English characters. And its maker told IT Pro that does not store data inputted by users.</p><p>"The reason we were brought into the TeSLA consortium is because of just [this]: the technology, the know-how, that we've used to develop our own brand product that we're now going to use in this learning management system," said Melo Biscaia.</p><p>Earlier this year, a <em><a href="http://www.independent.co.uk/student/news/uk-universities-in-plagiarism-epidemic-as-almost-50000-students-caught-cheating-over-last-3-years-a6796021.html">The Times</a></em> investigation of 129 UK universities found that more than 50,000 university students were caught cheating in the last three years, including a high number of foreign students.</p><p>The aim of the TeSLA project is to develop a free-of-charge e-assessment system capable of detecting when someone other than the registered student is attempting to complete an online exams or assessment to be used in schools, higher education institutions and vocational training centres across Europe.</p><p>The 7 million project is being led by Universitat Oberta de Catalunya (UOC), and a consortium of 17 other organisations from across Europe. The three-year pilot project will be tested on over 14,000 students and teachers across the continent from 10 different universities, including the Open University in the UK.</p><p>The advanced identity validation systems it uses will in include Watchful's TypeWatch, as well a mix of voice and facial recognition biometrics from other technology vendors.</p><p>If the trial is success, a commercial version of the TeSLA e-assessment system to be sold globally.</p><p>Melo Biscaia admitted that Watchful's software, which is still in its early stage of development, is not 100 per cent "bulletproof" for instance, broken or faulty keyboards can skew the initial typing samples the algorithm takes. But he did say it has many practical commercial applications, particularly in bolstering security systems.</p><p>"TypeWatch, or the keystroke dynamics that we've developed, is not a replacement for multifactor authentication. The way we see it is an identity validation mechanism that works on top, and after, multifactor authentication," Melo Biscaia added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Check Point wants to protect SMBs from cyber attacks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security-appliances/25990/check-point-wants-to-protect-smbs-from-cyber-attacks</link>
                                                                            <description>
                            <![CDATA[ New appliances will offer 'enterprise grade' security for smaller businesses ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kANSyRYivG2WRgxitdt7mG</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ZSQapeHZDZqw7zUufMYMBH-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 04 Feb 2016 13:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/ZSQapeHZDZqw7zUufMYMBH-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ZSQapeHZDZqw7zUufMYMBH-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Check Point has launched a new range of security appliances that it claims can offer SMBs enterprise-grade protection against sophisticated cyber attacks.</p><p>The Check Point 700 Series includes two appliance models, the 730 and 750, that come with a firewall, VPN, anti-bot, intrusion prevention, anti-virus, anti-spam, application control, URL filtering, and the ability to enable security monitoring out of the box.</p><p>There is also the option to equip them with 802.11ac Wi-Fi, with VDSL connectivity coming later in the year.</p><p>The company claims that while 90 per cent of businesses globally are SMBs, they "have typically seen limited options for affordable, robust security solutions".</p><p>The built-in features of the 700 Series, the company said, help provide offices with up to 100 employees with protection against sophisticated, incremental, difficult to detect network attacks while still being easy to run and maintain, thanks to a web-based management platform.</p><p>Check Point 730 and 750 also promise to maintain fast internet speeds, with up to 4Gbps firewall throughput traffic and up to 200Mbps when all threat prevention functions are activated.</p><p>"Cybercriminals are not only employing increasingly sophisticated means of stealing data - they are also increasingly targeting the entrepreneurial spirit of small-business IT," said Gabi Reish, vice president of product management at Check Point.</p><p>"The new Check Point 700 Series appliances provide an enterprise-grade solution that meets the agility and evolving needs of the small business," he added.</p><p>The Check Point 730 and 750 appliances cost 350 and 550 respectively before tax or the addition of any additional features.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Dell SonicWall TZ600 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security-appliances/25175/dell-sonicwall-tz600-review</link>
                                                                            <description>
                            <![CDATA[ Bursting with security features at a price affordable for SMBs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dvX5WGxRiNHFe7Qwki8Fhc</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CZAq5u9SRnVaMFpvUsv72b-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 19 Aug 2015 14:24:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Wifi and Hotspots]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CZAq5u9SRnVaMFpvUsv72b-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CZAq5u9SRnVaMFpvUsv72b-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Dell's new SonicWall TZ family of network security appliances aims to deliver the security SMBs and remote offices are crying out for at a price they can afford. This sixth generation model claims a big boost in performance over its predecessors and brings sophisticated wireless management into the fold as well.</p><p>The flagship TZ600 on review looks up to the job as this compact desktop box has ten Gigabit ports for LAN, WAN, DMZ and WLAN duties. Recommended for up to 70 users, it comes with 1GB of memory while processing power is served up by a quad-core 1.4GHz MIPS64 Octeon processor. </p><p>The appliance costs just over a grand with a one-year TotalSecure subscription increasing this to a still very reasonable 1,499 ex VAT. This enables Dell's Intrusion Prevention System (IPS), gateway anti-virus and anti-spyware, web content filtering and Dell SonicWALL's application intelligence and control.</p><p>Anti-spam is optional with a 1-year subscription costing an extra 400. The TZ600 comes with the wireless management feature enabled as standard and can handle up to 24 SonicPoint access points including the latest 802.11ac models.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3zbG3GcRWj6dRchAHWJzZJ" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/3zbG3GcRWj6dRchAHWJzZJ.png" mos="https://cdn.mos.cms.futurecdn.net/3zbG3GcRWj6dRchAHWJzZJ.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Port zones makes light work of applying security policies to multiple users</em></p><h2 id="dell-sonicwall-tz600-swift-setup">Dell SonicWall TZ600: swift setup</h2><p>We found deployment simple as the web console's quick start wizard sets up the first LAN port and a WAN port for Internet access and applies a security policy to the default zone. Zoning makes the TZ600 very versatile as you can place selected ports in different zones and apply a single security policy quickly to all the members of a particular zone.</p><p>Selecting a security type for each zone also determines what traffic can pass through it. All LAN ports are trusted but the WAN port is untrusted, so no traffic will be allowed to pass from it to another zone unless a firewall rule permits it.</p><p>Usefully, as you create zones, the appliance automatically sets up new firewall rules for them. The various security services are applied to zones with a couple of clicks, so we could quickly enable IPS and gateway AV on the WAN zone.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ydnTVDRQfzJAsvVXD4BJFo" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/ydnTVDRQfzJAsvVXD4BJFo.png" mos="https://cdn.mos.cms.futurecdn.net/ydnTVDRQfzJAsvVXD4BJFo.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>We could keep a close eye on traffic flows with the Real-Time Monitor</em></p><h2 id="dell-sonicwall-tz600-feature-details">Dell SonicWall TZ600: feature details</h2><p>The TZ600 gets the benefit of Dell SonicWALL's Reassembly-Free Deep Packet Inspection (RFDPI) which is designed to identify and control applications without any significant hits on performance. For web filtering, we enabled the Content Filter Service (CFS) but you can add the optional Websense Enterprise premium cloud service.</p><p>We can't see the point in splashing out for Websense Enterprise though, as the CFS performed well with very few web sites slipping past it. We created multiple content filtering profiles from the 60 available URL categories and assigned each policy to different zones.</p><p>The TZ600's App Controls are a winner as they manage a wide range of applications such as FTP transfers or HTTP requests and apply actions such as blocking or limiting bandwidth. The Advanced App Controls are even better as these use signature IDs to identify specific activities.</p><p>It provides over 1,500 signatures that can spot activities such as Facebook likes, pokes or posts so you can block, log or allow them. Signature action policies can be applied to selected groups of users, IP addresses or even only SonicPoint access points and linked to a daily time schedule.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8wzQfsFuDjyiSS7D2X8K5k" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/8wzQfsFuDjyiSS7D2X8K5k.png" mos="https://cdn.mos.cms.futurecdn.net/8wzQfsFuDjyiSS7D2X8K5k.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>The TZ600's wireless provisioning features are a cut above the rest</em></p><h2 id="dell-sonicwall-tz600-wireless-control">Dell SonicWall TZ600: wireless control</h2><p>Wireless management features are impressive and we tested these using a SonicPoint ACi dual-band access point. Before connecting it to the TZ600, we created a bunch of wireless provisioning profiles that defined settings for each radio, security and so on.</p><p>When we connected the AP, the TZ600 recognised it as an ACi model and automatically applied the correct profile to it. The upshot was we had secure, dual-band wireless services up and available in minutes.</p><p>We used a dedicated WLAN port zone so were able to quickly apply custom security policies to it such as web content filtering, IPS and gateway AV. The WLAN zone wireless guest settings include permitting or denying inter-guest communications, redirecting users to an external web site for authentication and blocking wireless traffic deemed to be coming from non-SonicPoint APs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3qeRbbQCxFNMcgTE65AYGS" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/3qeRbbQCxFNMcgTE65AYGS.png" mos="https://cdn.mos.cms.futurecdn.net/3qeRbbQCxFNMcgTE65AYGS.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>IxLoad shows performance dropping substantially when we enabled the gateway AV and anti-spyware services</em></p><h2 id="dell-sonicwall-tz600-performance-test-results">Dell SonicWall TZ600: performance test results</h2><p>For real world performance testing, we connected the TZ600 to our lab's Ixia Xcellon-Ultra NP load modules via eight of the TZ600's Ethernet ports. Using the IxLoad control software, we created four client/server streams each requesting 1MB web pages.</p><p>With no security services enabled on the WAN, we saw IxLoad report a steady HTTP throughput of 1.3Gbits/sec. This was very close to the claimed 1.5Gbits/sec and we're sure with five client/server streams, we'd have achieved this.</p><p>With IPS enabled on the WAN zone, throughput dropped to nearly 1Gbits/sec again, very close to the claimed figure. However, we found the gateway AV service very demanding as throughput dropped to 385Mbits/sec and with the anti-spyware enabled as well, speed fell further to a steady 300Mbits/sec 200Mbits/sec less than claimed.</p><p>We doubt if we could have achieved any more as the appliance's processor was maxed out during the last test. We could also see from its web console that the TZ600 only uses three of the four processor cores for traffic handling with the other one set aside for management processes.</p><h2 id="dell-sonicwall-tz600-conclusions">Dell SonicWall TZ600: conclusions</h2><p>Apart from the subpar gateway AV performance, our only other moan is that reporting tools aren't included as standard, but as chargeable options. These problems aside, the TZ600 impressed us with its superb range of security measures, top-notch wireless management features and affordable price.</p><h2 id="verdict-5">Verdict</h2><p>For the price, the TZ600 has a superb set of security measures and tops them off with great wireless provisioning tools</p><p><strong>Chassis</strong>: Desktop</p><p><strong>Processor</strong>: 1.4GHz quad-core MIPS64 Octeon</p><p><strong>Memory</strong>: 1GB RAM</p><p><strong>Network</strong>: 10 x Gigabit Ethernet</p><p><strong>Power</strong>: External power supply</p><p><strong>Ports</strong>: 2 x USB, RJ-45 console</p><p><strong>Management</strong>: Web browser</p><p><strong>Options</strong>: Anti-spam, £400 per year; Analyzer reporting software, £152 (all ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ TechUK helps cyber security firms mitigate export risks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security-appliances/23611/techuk-helps-cyber-security-firms-mitigate-export-risks</link>
                                                                            <description>
                            <![CDATA[ Trade body guidance aims to stop cyber security products falling into wrong hands ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xs8dVuWAfoYQLggzjHat1H</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sXjwE3fyKUXREN2jnpYZRk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 26 Nov 2014 16:31:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sXjwE3fyKUXREN2jnpYZRk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cybercrime]]></media:description>                                                            <media:text><![CDATA[Cybercrime]]></media:text>
                                <media:title type="plain"><![CDATA[Cybercrime]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sXjwE3fyKUXREN2jnpYZRk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Trade body techUK has published the first industry guidance aimed at helping cyber security firms assess the risks of exporting products and services.</p><p><a href="http://www.techuk.org/images/CGP_Docs/Assessing_Cyber_Security_Export_Risks_website_FINAL_3.pdf" target="_blank"><em>Assessing Cyber Security Export Risks</em></a>' is designed to help companies identify and manage the risks of exporting, covering due diligence processes, human rights risks and national security dangers.</p><p>TechUK warned that such products could end up being bought by criminals who could use them to undermine UK security.</p><p>Ruth Davis, head of cyber, justice and emergency services at techUK, said: "We need to prevent them falling into the wrong hands, leading to human rights abuses or the undermining of UK national security.</p><p>"Businesses have a responsibility to protect human rights and uphold national security. We want British companies to take the lead on protecting human rights and driving innovation in cyber security.</p><p>"The advice in this document is designed to help companies reduce reputational risk and to have confidence in the deals they make."</p><p>The Government wants to boost UK exports of cyber security products, after the National Audit Office (NAO) found the National Cyber Security Programme was failing to deliver economic benefits for UK businesses.</p><p>A NAO report in September found progress in encouraging more exports of cyber products was slow, yet the Government aims to make it a 2 billion market by 2016.</p><p>TechUK has published the guidance with the Institute of Human Rights and Business and on behalf of the <a href="https://www.itpro.com/security" target="_blank" data-original-url="https://www.itpro.com/security/19678/infosec-2013-government-outlines-uk-cyber-security-growth-vision">Cyber Growth Partnership</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ BBM Protected messaging feature unveiled by BlackBerry  ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/22496/bbm-protected-messaging-feature-unveiled-by-blackberry</link>
                                                                            <description>
                            <![CDATA[ Phone maker touts FIPS 140-2 crypto for super secret messages as it renews focus on enterprise ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">6sKT7jzWh5onWcyX55Cb1U</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ggytmWjXi7kngBrcRuynG3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 17 Jun 2014 08:29:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ggytmWjXi7kngBrcRuynG3-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ggytmWjXi7kngBrcRuynG3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>BlackBerry has beefed up the security of its BlackBerry Messenger service in a bid to shore up its enterprise business.</p><p>The firm announced its new BBM Protected secure messaging feature, within its eBBM suite, is now available to enterprise customers.</p><p>BlackBerry said the first product in the eBBM Suite, which was announced earlier this year, is being delivered ahead of schedule. BBM Protected will work within the standard BBM app.</p><p>The mobile messaging app uses FIPS 140-2 cryptographic library-enabled messaging not only between users within the same organisations but also between organisations that also use BBM Protected. They do not need to be on the same BES server and no federation between servers is required.</p><p>A Triple DES 168-bit BBM scrambling key encrypts messages on the sender's smartphone, and is used to authenticate and decrypt messages on the recipient's phone. </p><p>Jeff Gadway, head of product and brand marketing for BBM, said BBM Protected adds an additional layer of encryption to the existing BBM security model.</p><p>"The first time that two BBM Protected users go to establish a chat, they will be required to share a secret passphrase to authenticate their identities and generate the BBM Protected encryption key used to secure their chat," he said.</p><p>According to the firm's <a href="http://uk.blackberry.com/business/products-services/e-bbm.html">website</a>, BBM Protected is added as an IT policy through the BES console. "There's no new hardware to purchase, no new servers to install, and no BlackBerry smartphone OS updates required. And with IT policy amalgamation, you can quickly add BBM Protected to existing IT policies," the firm said.</p><p>Business users with BlackBerry smartphones running BBOS 6.0 or later or BlackBerry 10 in Regulated mode can use the app now with versions of BBM Protected for BlackBerry 10 smartphones via BlackBerry Balance. Support for iOS and Android devices will come later this year.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cisco berates US government over router tampering ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/22263/cisco-berates-us-government-over-router-tampering</link>
                                                                            <description>
                            <![CDATA[ US undermining goals of free communication ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dJKFayYfGD8yqiesZog991</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CafQrf23bp4hEf3WfndzgY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 15 May 2014 13:22:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hacking]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CafQrf23bp4hEf3WfndzgY-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacking]]></media:description>                                                            <media:text><![CDATA[Hacking]]></media:text>
                                <media:title type="plain"><![CDATA[Hacking]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CafQrf23bp4hEf3WfndzgY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cisco's legal counsel has blasted the US government over accusations the NSA has been tampering with communications equipment.</p><p>The spy agency has reportedly been <a href="https://www.itpro.com/public-sector/22233/nsa-intercepted-international-shipments-of-computer-hardware" target="_blank" data-original-url="https://www.itpro.com/public-sector/22233/nsa-intercepted-international-shipments-of-computer-hardware">intercepting shipments of routers, switches and servers</a> in order to hide their surveillance equipment.</p><p>Writing in a <a href="http://blogs.cisco.com/news/internet-security-necessary-for-global-technology-economy">blog post</a>, Cisco's legal counsel Mark Chandler said that the actions of the US government have overreached, "undermining the goals of free communication".</p><div><blockquote><p>We expect our government to value and respect this trust.</p></blockquote></div><p>"Confidence in the open, global internet has brought enormous economic benefits to the United States and to billions around the world," said Chandler.</p><p>"This confidence has been eroded by revelations of government surveillance, by efforts of the US government to force US companies to provide access to communications of non-US citizens even when that violates the privacy laws of countries where US companies do business, and allegations that governments exploit rather than report security vulnerabilities in products."</p><p>Chandler said that it was Cisco's policy and practice not to work with any government, the US included, to weaken its products.</p><p>"When we learn of a security vulnerability, we respond by validating it, informing our customers, and fixing it.</p><p>"We react the same when we find that a customer's security has been impacted by external forces, regardless of what country or form of government or how that security breach occurred. We offer customers robust tools to defend their environments against attack, and detect attacks when they are happening. By doing these things, we have built and maintained our customers' trust.</p><p>"We expect our government to value and respect this trust."</p><p>Last December, <a href="https://www.reformgovernmentsurveillance.com">eight technology companies expressed concern</a> to US President Barack Obama and Congress that the US government's surveillance efforts as revealed by Snowden were harmful.</p><p>Chandler said that the revelations over hardware tampering were damaging and his firm should not expect the government to act in this manner.</p><p>"We comply with US laws, like those of many other countries, which limit exports to certain customers and destinations," said Chandler.</p><p>"We ought to be able to count on the government to then not interfere with the lawful delivery of our products in the form in which we have manufactured them. To do otherwise, and to violate legitimate privacy rights of individuals and institutions around the world, undermines confidence in our industry."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ BlackBerry 10 cleared for use by US government agencies ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/644005/blackberry-10-cleared-for-use-by-us-government-agencies</link>
                                                                            <description>
                            <![CDATA[ BlackBerry maker's forthcoming device gets security thumbs up from US government. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rrbT7S3p5MEvaYqjUWHzy7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Ap3s9E3ZuSCmSQefhnaZRC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 08 Nov 2012 09:01:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Mobile Phones]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Ap3s9E3ZuSCmSQefhnaZRC-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Information security]]></media:description>                                                            <media:text><![CDATA[Information security]]></media:text>
                                <media:title type="plain"><![CDATA[Information security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Ap3s9E3ZuSCmSQefhnaZRC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Research In Motion (RIM) has bagged US government security clearance for its yet-to-be launched BlackBerry 10 platform that is expected to hit stores in the first quarter of 2013.</p><p>The company said its BlackBerry 10 platform has received the FIPS 140-2 certification, which would allow government agencies to deploy the devices, along with the new enterprise management platform to run them, as soon as the new smartphones are launched.</p><p>Achieving FIPS certification for a new platform, before launch, is quite remarkable.</p><p>RIM, a one-time pioneer in the smartphone industry, has seen its fortunes fade in recent years as rivals Apple and Samsung have eaten into its market share with faster and snazzier devices.</p><p>RIM's fate now depends almost entirely on the long-awaited line of so-called BB 10 devices.</p><p>Last month, the company said it had begun carrier tests on the new line of devices, which the company hopes will help turn its fortunes around.</p><p>The Waterloo, Ontario-based company said this is the first time BlackBerry products have been FIPS certified ahead of launch.</p><p>"Achieving FIPS certification for an entirely new platform in a very short period of time, and before launch, is quite remarkable," RIM's head of security certifications, David MacFarlane, said in a statement.</p><p>FIPS certification, which is given by the National Institute of Standards and Technology, is one of the minimum criteria that is required for products used by US government agencies and regulated industries that collect, store, transfer, and share sensitive information.</p><p>The stamp of approval gives confidence to security-conscious organisations - including some of RIM's top clients like US and Canadian government agencies - that the data stored on smartphones running BlackBerry 10 can be properly secured and encrypted.</p><p>RIM promises that BlackBerry 10 will deliver a better user experience, along with the ability to separately manage both corporate and personal data on the same device.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IBM builds on Q1 Labs acquisition with QRadar boost ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/639061/ibm-builds-on-q1-labs-acquisition-with-qradar-boost</link>
                                                                            <description>
                            <![CDATA[ Big Blue launches an updated version of the QRadar SIEM software it acquired after buying Q1 Labs last year. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">m4g1dJEWimoJfG9ReaQsPT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8vkXMYdayhYKW4WTxywuL6-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 22 Feb 2012 12:01:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/8vkXMYdayhYKW4WTxywuL6-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8vkXMYdayhYKW4WTxywuL6-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>IBM has issued the first major update of the security information and event management (SIEM) software it bought in its <a href="https://www.itpro.com/636514/ibm-agrees-to-acquire-q1-labs" target="_blank" data-original-url="https://www.itpro.com/636514/ibm-agrees-to-acquire-q1-labs">Q1 Labs acquisition</a>, claiming it is blowing the competition out of the water with the amount of data feeds it has collated.</p><p>Big Blue said the QRadar Security Intelligence Platform, built mainly of Q1 Labs sauce rather than IBM's own code, draws together 400 sources on threats giving IT pros a wider knowledge of dangers facing their networks.</p><p>IBM has hooked up its own X-Force threat feed to the <a href="https://www.itpro.com/636556/what-siems-to-be-the-problem" target="_blank" data-original-url="https://www.itpro.com/636556/what-siems-to-be-the-problem">SIEM</a> offering, which monitors 13 billion security events per day.</p><p>A host of other Big Blue offerings have been integrated into QRadar, including IBM Security Identity Manager and IBM Security Access Manager to mitigate the insider threat.</p><p>There are no vendors that can cover that breadth and that's really the value we bring.</p><p>Future integration modules are also being released for non-IBM products, including Symantec DLP, Websense Triton, Stonesoft, Stonegate and others.</p><p>"Essentially we support Symantec and McAfee and can extend to others. We don't support HP Arcsight," IBM told <em>IT Pro</em>.</p><p>Martin Borrett, director of the Institute of Advanced Security at IBM, said there had been a "wealth of excitement" around what Big Blue could do with Q1 Labs technology.</p><p>"We've been trying to figure out how IBM can take it to the next level, integrating our research and existing product line," Borrett told <em>IT Pro</em>.</p><p>"At this stage, apart from driving more scalability into the platform itself with new appliances, it's really about those flows in and out. We had all the insight from the X-Force but it just wasn't plugged into the platform in the way that it will be now. It's really about that crucial integration."</p><p>The release also marks another major moment for IBM in establishing itself as a major security services player.</p><p>However, it faces strong competition in the SIEM space, with Symantec already offering a well-respected product, HP running its Arcsight-based offerings and McAfee set to boost its presence in the market after <a href="https://www.itpro.com/636520/mcafee-to-buy-siem-provider-nitrosecurity" target="_blank" data-original-url="https://www.itpro.com/636520/mcafee-to-buy-siem-provider-nitrosecurity">acquiring Nitro Security</a>.</p><p>Borrett said IBM had "significant differentiation" in the market, thanks to the large number of sources QRadar can access and the insight it can get from the data.</p><p>"There are no vendors that can cover that breadth and that's really the value we bring," he claimed.</p><p>"The depth of the analytics we can get out of the Q1 platform I think is significantly stronger and better than our competition. Because of the context we can do it in... and the real-time capability [QRadar] is significantly better than the competition."</p><p>As for the SIEM market in general, with major players coming in and swamping the market, Borrett claimed there was still room for smaller players to partner with bigger vendors to supply more insight for bigger offerings.</p><p>"The important thing is that those capabilities integrate into these other platforms and into our platforms in particular," he added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Symantec: Disable your pcAnywhere software ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638524/symantec-disable-your-pcanywhere-software</link>
                                                                            <description>
                            <![CDATA[ The security giant advises users against running pcAnywhere until it has fixed vulnerabilities highlighted by a source code leak. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jX46q6ZYcjRopGiy6hq1zu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hcyxywth5vHt4zuGYsyTrL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 26 Jan 2012 13:42:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hcyxywth5vHt4zuGYsyTrL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacking]]></media:description>                                                            <media:text><![CDATA[Hacking]]></media:text>
                                <media:title type="plain"><![CDATA[Hacking]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hcyxywth5vHt4zuGYsyTrL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Symantec is telling IT departments to disable its remote access software solution pcAnywhere after a <a href="https://www.itpro.com/638362/symantec-2006-hack-leaked-source-code" target="_blank" data-original-url="https://www.itpro.com/638362/symantec-2006-hack-leaked-source-code">source code leak</a> meant the product faced an "increased security risk."</p><p>The security giant said it was reaching out to customers to warn them of additional dangers, after it admitted source code relating to various products was stolen.</p><p>Hacktivist group Anonymous had threatened to release Symantec source code earlier this month, leading the Norton provider to admit a breach in 2006 had compromised information.</p><p>Symantec recommends disabling the product until we release a final set of software updates.</p><p>Prior to today's revelation, Symantec had simply asked IT departments to ensure best practices with pcAnywhere use. The reviewed advice indicates the 2006 hack exposed more than initially thought.</p><p>"Symantec has taken an aggressive position to ensure pcAnywhere customers are protected. At this time, Symantec recommends disabling the product until we release a final set of software updates that resolve currently known vulnerability risks," a spokesperson said.</p><p>"For customers that require pcAnywhere for business critical purposes, it is recommended that customers understand the current risks, ensure pcAnywhere 12.5 is installed, apply all relevant patches as they are released, and follow general security best practices."</p><p>From the 2006 hack, affected products include old versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack), as well as pcAnywhere. Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 also inherited a very small amount of exposed code.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Barracuda Networks Spam and Virus Firewall 900 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638518/barracuda-networks-spam-and-virus-firewall-900-review</link>
                                                                            <description>
                            <![CDATA[ Barracuda’s Spam and Virus Firewall 900 claims an impressive anti-spam performance, but at a high price. In this exclusive review, Dave Mitchell finds out if its real world performance and messaging security features are worth digging deep for. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nQvUpVdx2RGq6ra3yv8hYz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 26 Jan 2012 11:52:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Servers &amp; Storage]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Barracuda Networks Spam and Virus Firewall 900]]></media:description>                                                            <media:text><![CDATA[Barracuda Networks Spam and Virus Firewall 900 image]]></media:text>
                                <media:title type="plain"><![CDATA[Barracuda Networks Spam and Virus Firewall 900 image]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure role="gallery"><figure><img src="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR.jpg" alt="Barracuda Networks Spam and Virus Firewall 900 image" /><figcaption>Barracuda Networks Spam and Virus Firewall 900 image</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/uGpRLoMxad4CG9gxvK3sU3.jpg" alt="Barracuda Networks Spam and Virus Firewall 900" /><figcaption>Barracuda Networks Spam and Virus Firewall 900</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/8r5ygZqbU7N9n3nmZWZ5sK.jpg" alt="Barracuda Networks Spam and Virus Firewall 900" /><figcaption>Barracuda Networks Spam and Virus Firewall 900</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/nWapiQd2eoXWUxKFSREh8H.jpg" alt="Barracuda Networks Spam and Virus Firewall 900" /><figcaption>Barracuda Networks Spam and Virus Firewall 900</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/S3jwM3QU6DVaB7yid3TrFh.jpg" alt="Barracuda Networks Spam and Virus Firewall 900" /><figcaption>Barracuda Networks Spam and Virus Firewall 900</figcaption></figure></figure><p>Barracuda's flagship products have always been its Spam and Virus Firewall appliances, and the latest <a href="http://www.barracudanetworks.com/ns/products/spam_specs.php">900 model</a> reviewed here is aimed firmly at the enterprise sector. It has impressive credentials too, as along with a high claimed spam detection rate, it's designed to handle between 15,000 and 30,000 email users and up to 5,000 mail domains.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="qGQiQdHyU43jnP2zKhjAkR" name="" alt="Barracuda Networks Spam and Virus Firewall 900 image" src="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR.jpg" mos="https://cdn.mos.cms.futurecdn.net/qGQiQdHyU43jnP2zKhjAkR.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Considering the price, the 900 appliance isn't that physically impressive, since this Supermicro-based 2U rack server sports a pair of 2.6GHz 6-core Opteron 2435 processors teamed up with a modest 8GB of DDR2 RAM. For storage, there are quartets of 150GB WD Enterprise and 500GB Seagate SATA II drives in hot-swap carriers.</p><p>These drives are linked to a simple Areca PCI-X RAID controller and each group is preconfigured as RAID-10 striped mirrors. The WD drives look after the OS and message log storage, while the Seagate array provides a quarantine store.</p><p>The appliance is best located in a server room, since its cooling fans are remarkably noisy. This does show its age, as Supermicro addressed overall noise levels on its entire server range some time ago and so more recent models are much quieter.</p><p>Prices start at 31,449 and for this you get the appliance and a one-year basic replacement warranty. Barracuda's <a href="http://www.barracudanetworks.ca/subscriptions.aspx">Energize Updates</a> service for anti-spam, anti-virus and other security updates adds a further 27,749 for a three-year subscription, while a three-year instant-replacement (next business day) warranty adds another 17,649. This brings the total price to a hefty 76,847.</p><p>Despite its size and performance credentials though, the 900 is just as easy to deploy as Barracuda's small business models. The process starts with a local monitor and keyboard configuration used to complete a simple setup routine that asks for an IP address, a gateway and DNS settings.</p><p>All further configuration is via the appliance's web interface, which opens with an informative status screen showing tables and graphs of hourly and daily inbound and outbound mail traffic. It's all colour-coded, so it's easy to see what mail is being allowed, blocked, tagged or quarantined.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="uGpRLoMxad4CG9gxvK3sU3" name="" alt="Barracuda Networks Spam and Virus Firewall 900" src="https://cdn.mos.cms.futurecdn.net/uGpRLoMxad4CG9gxvK3sU3.jpg" mos="https://cdn.mos.cms.futurecdn.net/uGpRLoMxad4CG9gxvK3sU3.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Barracuda Networks Spam and Virus Firewall 900 </span></figcaption></figure><p><em>Barracuda's web interface provides easy access to all security features and opens with a detailed graphical overview of inbound and outbound message activity.</em></p><p>Next, mail recipient domains and the addresses of the mail servers the appliance will be routing mail for are added. Incoming mail must also be routed to the appliance and this can be achieved with a firewall port-forwarding rule, or by changing the DNS MX record.</p><p>For inbound mail, Barracuda uses an impressive arsenal of spam detection tools which include Bayesian algorithms, real-time blacklists, reverse DNS lookups, IP reputation analysis, fingerprinting, content filtering, keyword blocking and intent analysis. These are used to derive a score for each message and determine whether suspect messages are blocked, quarantined or tagged.</p><p>The Energize Update subscription seems high, but this does also include free access to Barracuda's Cloud Protection Layer (CPL). This can reduce local traffic by applying pre-filters to incoming mail, so spam and mail-borne viruses are stopped before they even get to the local network.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="S3jwM3QU6DVaB7yid3TrFh" name="" alt="Barracuda Networks Spam and Virus Firewall 900" src="https://cdn.mos.cms.futurecdn.net/S3jwM3QU6DVaB7yid3TrFh.jpg" mos="https://cdn.mos.cms.futurecdn.net/S3jwM3QU6DVaB7yid3TrFh.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Barracuda Networks Spam and Virus Firewall 900 </span></figcaption></figure><p><em>You can tweak the spam detection scoring system but we found it worked very well on the default values.</em></p><p>Rather than use bogus or old samples of harvested spam to test detection rates, we opted to set up the appliance to scan incoming mail in a totally live environment. This is a far more realistic test of the appliance's detection techniques, since it has to handle new and emerging threats in real time.</p><p>We left the spam scores and actions at their default settings and configured our Outlook clients to move any tagged messages into a separate folder. The appliance's message log was monitored during the test and, on completion, was exported into a spreadsheet for further analysis.</p><p>We left the appliance filtering live mail for nearly three weeks, where it handled over 6,250 inbound messages 1,447 of which were spam or carried an infected payload. Only 13 spam messages were missed, which equates to an impressive detection rate of 99.1%. The Barracuda returned a very low false positive detection rate too, with only four messages incorrectly identified as spam and seven out of 22 incorrectly labeled as possible spam.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="nWapiQd2eoXWUxKFSREh8H" name="" alt="Barracuda Networks Spam and Virus Firewall 900" src="https://cdn.mos.cms.futurecdn.net/nWapiQd2eoXWUxKFSREh8H.jpg" mos="https://cdn.mos.cms.futurecdn.net/nWapiQd2eoXWUxKFSREh8H.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Barracuda Networks Spam and Virus Firewall 900 </span></figcaption></figure><p><em>The Energize Update subscription gives you free access to Barracuda's cloud based spam filtering service and the portal can be used to manage multiple systems.</em></p><p>Plenty more filtering features are provided, and custom content filters can be applied to inbound and outbound mail. A list of keywords and patterns can also be created and, if detected in the body, header, subject or attachment of a message, it can be blocked, tagged, whitelisted or quarantined.</p><p>For outbound mail, the filters can also be used to look out for business sensitive keywords and the appliance can then automatically encrypt the message before it leaves the building. Further checks can be applied to attachments, with options to look out for executable files, Microsoft Office documents and PDFs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="8r5ygZqbU7N9n3nmZWZ5sK" name="" alt="Barracuda Networks Spam and Virus Firewall 900" src="https://cdn.mos.cms.futurecdn.net/8r5ygZqbU7N9n3nmZWZ5sK.jpg" mos="https://cdn.mos.cms.futurecdn.net/8r5ygZqbU7N9n3nmZWZ5sK.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Barracuda Networks Spam and Virus Firewall 900 </span></figcaption></figure><p><em>Keyword and pattern searches can be applied to the message body, subject and header for inbound and outbound mail.</em></p><p>It's also possible to automatically block or quarantine messages with password-protected archived file attachments, but the pattern matching lists for credit card and social security numbers are of limited use in the UK, since they're US-specific.</p><p>Anti-virus protection can also be extended to Microsoft Exchange servers, as Barracuda offers the necessary free agent, along with an Outlook plug-in that allows users to classify messages from their Desktop and request that selected outbound mail be encrypted.</p><p>Given the high total cost for three years' use, Barracuda's Spam and Virus Firewall 900 hardly represents fantastic value, but this does need to be balanced against the facts that it is very easy to deploy, offers an impressive range of message security functions and, above all else, delivers an impeccable real-world performance.</p><h2 id="verdict-6">Verdict</h2><p>Barracuda’s anti-spam appliances have always impressed us with their top-notch detection rates and the 900 model is no exception. It delivered a very high score out of the box in our real-world tests, and it was easy to deploy and configure. The hardware itself could be more up to date considering the price, but its performance and features can’t be faulted.</p><p>Chassis: 2U rack</p><p>CPU: 2x 2.6GHz AMD Opteron 2435</p><p>Memory: 8GB DDR2</p><p>Storage: 4x 150GB WD Enterprise SATA II SFF, 4x 500GB Seagate Barracuda SATA II LFF</p><p>RAID controller: Areca ARC-1120 PCI-X card with 256MB cache/BBU</p><p>Array support: Two RAID-10 arrays preconfigured</p><p>Network: 2x Gigabit</p><p>Ports: 2x USB, VGA</p><p>Management: Web browser</p><p>Warranty: One-year standard replacement</p><p>Options: Three-year Energize updates, £27,749; 3-year instant replacement, £17,649 (all ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Symantec: 2006 hack leaked source code ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638362/symantec-2006-hack-leaked-source-code</link>
                                                                            <description>
                            <![CDATA[ The security giant publicly discloses a breach of its network - almost six years after it took place. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qU6exyWiZVLDfjQmC7DH3U</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/pbWp4R9pMmFPAfL4vpZLT7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 18 Jan 2012 10:41:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/pbWp4R9pMmFPAfL4vpZLT7-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Symantec]]></media:description>                                                            <media:text><![CDATA[Symantec]]></media:text>
                                <media:title type="plain"><![CDATA[Symantec]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/pbWp4R9pMmFPAfL4vpZLT7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/636499/symantec-unveils-dlp-for-ipad" target="_blank" data-original-url="https://www.itpro.com/636499/symantec-unveils-dlp-for-ipad">Symantec</a> has backtracked on how source code relating to its products was leaked, revealing its own network was hacked in 2006.</p><p>The revelation came after hacktivist group Anonymous claimed it was going to release the full source code of Symantec's flagship Norton anti-virus software.</p><p>The security giant said it believed the data acquired by hackers came after a hack in 2006, although it could not confirm to <em>IT Pro</em> how the break-in took place.</p><p>Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks.</p><p>Earlier this month, Symantec confirmed <a href="https://www.itpro.com/638173/symantec-confirms-product-source-code-theft" target="_blank" data-original-url="https://www.itpro.com/638173/symantec-confirms-product-source-code-theft">some source code relating to older enterprise products had been stolen</a>. At the time, it claimed Norton products were unaffected and its own network had not been breached.</p><p>Hackers calling themselves The Lords of Dharmaraja threatened to publish the information online, saying they acquired the information from the Indian military.</p><p>From the 2006 hack, affected products include old versions of Norton Antivirus Corporate Edition, Norton Internet Security, Norton SystemWorks (Norton Utilities and Norton GoBack) and its remote access software solution pcAnywhere.</p><p>Symantec Endpoint Protection (SEP) 11.0 and Symantec AntiVirus 10.2 inherited a very small amount of exposed code, the company said. There are no indications customers data has been stolen, it added.</p><p>"Due to the age of the exposed source code, except as specifically noted below, Symantec customers - including those running Norton products - should not be in any increased danger of cyber attacks resulting from this incident," a spokesperson said.</p><p>"Customers of Symantec's pcAnywhere product may face a slightly increased security risk as a result of this exposure if they do not follow general best practices. Symantec is currently in the process of reaching out to our pcAnywhere customers to make them aware of the situation and to provide remediation steps to maintain the protection of their devices and information. Since 2006, Symantec has instituted a number of policies and procedures to prevent a similar incident from occurring."</p><p>Symantec said businesses do not need to take any additional steps to protect themselves as a result of the hack. The company recommended customers ensure their software is up to date.</p><p>For any IT departments still concerned about the source code leak, Symantec has set up an <a href="http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims" target="_blank">advice page here</a>.</p><p>Symantec did not disclose the 2006 hack publicly at the time, meaning it has taken between five and six years for the breach for the security firm to reveal what happened, or that the company did not know source code had gone missing back then.</p><p>RSA was heavily criticised for not immediately publicly disclosing a breach last year, when information relating to its SecurID product was compromised.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New Mac malware spikes in 2011 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638347/new-mac-malware-spikes-in-2011</link>
                                                                            <description>
                            <![CDATA[ F-Secure finds new Mac malware spikes in 2011, when compared to other years at least. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aHENyTQYJt1Wxxk74uc9db</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/KbeM9oL8CyNCQSEQPZAofT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 17 Jan 2012 14:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/KbeM9oL8CyNCQSEQPZAofT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Mac]]></media:description>                                                            <media:text><![CDATA[Mac]]></media:text>
                                <media:title type="plain"><![CDATA[Mac]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/KbeM9oL8CyNCQSEQPZAofT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Pieces of fresh Mac malware increased significantly in 2011, further debunking the myth that cyber criminals are not turning their attention to Apple machines.</p><p>There were 58 new Mac threats between April and December 2011, F-Secure analysis found.</p><p>"That's nothing when compared to Windows malware - but it's definitely something when compared to the number of Mac threats seen prior to 2011," F-Secure said in a <a href="http://www.f-secure.com/weblog/archives/00002300.html" target="_blank">blog post</a>.</p><p>Most of the new Mac threats were Trojan-downloaders, with 29 appearing over the nine month period.</p><p>Backdoors came in second on 15, with Trojans and rogue AV taking seven each.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="nKWGetfYhrVbkFpzb4qRFH" name="" alt="Mac malware" src="https://cdn.mos.cms.futurecdn.net/nKWGetfYhrVbkFpzb4qRFH.png" mos="https://cdn.mos.cms.futurecdn.net/nKWGetfYhrVbkFpzb4qRFH.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>"Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist 'bubble economies' that have produced new threats in fits and starts," F-Secure added.</p><p>"We expect more of the same for 2012."</p><p>Security professionals believe Mac malware will increase again this year, as awareness amongst users is growing.</p><p>"Fortunately enough, it seems that Mac users are now more aware that Mac is not immune to malware attacks and they are increasingly using antivirus programs, hindering cyber-crooks," said Luis Corrons, technical director of PandaLabs, in a <a href="http://pandalabs.pandasecurity.com/2012-security-trends" target="_blank">blog post</a>.</p><p>"The number of malware specimens for Mac will continue to grow in 2012, although much less than for PCs."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Amazon-owned retailer Zappos.com hacked ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638323/amazon-owned-retailer-zapposcom-hacked</link>
                                                                            <description>
                            <![CDATA[ Up to 24 million customers are affected in one of the bigger hacks of the past 12 months. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kNnWK13z3sGCZFmv5kS3rk</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kPdffTJubJ6i6c7rkeinhb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 16 Jan 2012 16:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kPdffTJubJ6i6c7rkeinhb-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacker]]></media:description>                                                            <media:text><![CDATA[Hacker]]></media:text>
                                <media:title type="plain"><![CDATA[Hacker]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kPdffTJubJ6i6c7rkeinhb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Amazon-owned clothing retailer Zappos.com has been hacked, with up to 24 million customers affected.</p><p>The company has been forced to reset customer passwords after names, email addresses, billing and shipping addresses as well as the last four digits of credit card numbers were compromised.</p><p>Password hashes were also taken in what appears to be the biggest public data breach of 2012 thus far.</p><p>We have made the hard decision to temporarily turn off our phones...</p><p>The database storing customers' critical credit card data has not been accessed, however.</p><p>Non-US customers are currently blocked from accessing Zappos.com's statement on the company blog, but an email explaining the breach is circulating the web.</p><p>"We were recently the victim of a cyber attack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," said Tony Hsieh, CEO of Zappos.com, in an email to employees.</p><p>"We are cooperating with law enforcement to undergo an exhaustive investigation.</p><p>"We have made the hard decision to temporarily turn off our phones and direct customers to contact us by email because our phone systems simply aren't capable of handling so much volume."</p><p>The email sent to users outlined what data may have been stolen, alongside details about how to gain a new password.</p><p>"We also recommend that you change your password on any other web site where you use the same or a similar password. As always, please remember that Zappos.com will never ask you for personal or account information in an e-mail," the email read.</p><p>Graham Cluley, senior technology consultant at Sophos, said it was an "ugly situation" for Zappos.com.</p><p>"One imagines that the decision to block access to the blog entry is to prevent it becoming overloaded with traffic - but, seriously, how hard is it to host an important message like this on another trusted site?" he added, in a <a href="http://nakedsecurity.sophos.com/2012/01/16/zappos-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29" target="_blank">blog post</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Kensington BungeeAir Power Wireless Security Tether for iPhone review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638320/kensington-bungeeair-power-wireless-security-tether-for-iphone-review</link>
                                                                            <description>
                            <![CDATA[ A wireless case and keyfob combination that sounds an alert if an iPhone 4 strays out of reach. But is it just another gimmick or a viable business accessory? Jennifer Scott aims to find out in this review. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rkjT2ExKcQ8eVQWU51TMvV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 16 Jan 2012 15:17:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jennifer Scott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Kensington BungeeAir Power Wireless Security Tether for iPhone]]></media:description>                                                            <media:text><![CDATA[Kensington BungeeAir Power Wireless Security Tether for iPhone]]></media:text>
                                <media:title type="plain"><![CDATA[Kensington BungeeAir Power Wireless Security Tether for iPhone]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure role="gallery"><figure><img src="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7.jpg" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" /><figcaption>Kensington BungeeAir Power Wireless Security Tether for iPhone</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/7EU53gXwvpcRTemSKSVDS4.jpg" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" /><figcaption>Kensington BungeeAir Power Wireless Security Tether for iPhone</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/bcqYmVB4x2Z8BhE32armsC.jpg" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" /><figcaption>Kensington BungeeAir Power Wireless Security Tether for iPhone</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/MkSUYj5LUtvdHWE4EExM3e.jpg" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" /><figcaption>Kensington BungeeAir Power Wireless Security Tether for iPhone</figcaption></figure></figure><p>Protecting the contents of a lost or stolen iPhone is all well and good, but it's obviously better not to part company with it the first place</p><p>Apple beefed up security in the <a href="https://www.itpro.com/636907/apple-ios-5-review" target="_blank" data-original-url="https://www.itpro.com/636907/apple-ios-5-review">last major release of iOS</a> to make the iPhone more appealing to business users who deal with sensitive data, but strong passwords and secure encryption are only one line of defence.</p><p>Protecting the contents of a lost or stolen iPhone is all well and good, but it's obviously better not to part company with the device in the first place and that's just what the Kensington BungeeAir Power Wireless Security Tether is designed to ensure.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="YSUPnXsP9GChxfM6dLGuC7" name="" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" src="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7.jpg" mos="https://cdn.mos.cms.futurecdn.net/YSUPnXsP9GChxfM6dLGuC7.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The <a href="http://www.kensington.com/kensington/us/us/p/1718/K39291US/bungeeair%E2%84%A2-power-wireless-security-tether%E2%84%A2-for-iphone.aspx" target="_blank">BungeeAir Power Wireless Security Tether</a> is a two-part set-up that consists of an <a href="https://www.itpro.com/636808/apple-iphone-4s-review" target="_blank" data-original-url="https://www.itpro.com/636808/apple-iphone-4s-review">iPhone 4</a> case and an electronic fob, which attaches to a keying.</p><p>Wireless proximity alerts</p><p>The two are wirelessly paired and if the fob is taken beyond a certain range of the encased iPhone or vice versa an alarm sounds and the iPhone screen is locked. The idea is that this prevents an iPhone being left behind or from being moved without the owner's knowledge assuming the owner has remembered to bring the fob with them in the first place, of course.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="MkSUYj5LUtvdHWE4EExM3e" name="" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" src="https://cdn.mos.cms.futurecdn.net/MkSUYj5LUtvdHWE4EExM3e.jpg" mos="https://cdn.mos.cms.futurecdn.net/MkSUYj5LUtvdHWE4EExM3e.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Kensington BungeeAir Power Wireless Security Tether for iPhone </span></figcaption></figure><p>The case component is matte black and clips around the iPhone, covering all four sides and the back. External volume buttons press through to the ones on the iPhone itself, but there's a cut-out to access the ringer silence switch and a microUSB port in the base rather than a Dock connector. So, this isn't a case that's suitable for use with certain iPhone accessories.</p><p>The BungeeAir Power Wireless Security Tether fob is powered by two long-lasting watch batteries, but the case doesn't draw power from the iPhone itself it has a built-in battery of its own.</p><p>This does make the case rather bulky at its bottom end and it adds 70g to its weight, but it does serve a handy extra purpose - press the button on its back and it packs sufficient juice to recharge an empty iPhone battery by about 50 per cent.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="bcqYmVB4x2Z8BhE32armsC" name="" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" src="https://cdn.mos.cms.futurecdn.net/bcqYmVB4x2Z8BhE32armsC.jpg" mos="https://cdn.mos.cms.futurecdn.net/bcqYmVB4x2Z8BhE32armsC.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Kensington BungeeAir Power Wireless Security Tether for iPhone </span></figcaption></figure><p>Kensington provides a <a href="http://itunes.apple.com/gb/app/bungeeair/id444268457?mt=8" target="_blank">free app</a> (via the iTunes App Store) for configuring the wireless tether and this includes a short video to explain its operation, but set-up is sufficiently simple to make this unnecessary.</p><p>Simple app-based configuration</p><p>The app has a simple arm/disarm' toggle for setting the proximity alarm, but this must be set in conjunction with the physical activation switch on the fob. There's also a "Find my key" option that manually triggers the fob's alert, which is useful for people who tend to lose their keys more often than their smartphone.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="7EU53gXwvpcRTemSKSVDS4" name="" alt="Kensington BungeeAir Power Wireless Security Tether for iPhone" src="https://cdn.mos.cms.futurecdn.net/7EU53gXwvpcRTemSKSVDS4.jpg" mos="https://cdn.mos.cms.futurecdn.net/7EU53gXwvpcRTemSKSVDS4.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Kensington BungeeAir Power Wireless Security Tether for iPhone </span></figcaption></figure><p>Conversely, the fob also has a button that manually triggers the app's alert, which is useful for finding an iPhone when it isn't where you thought it was. Both the fob and app will also sound an alert if someone tries to remove the BungeeAir Power Wireless Security Tether case, while a silence' switch on the fob is handy when nipping out of tether range for a moment although leaving the iPhone unattended and unsecured defeats the object somewhat.</p><p>It works well too, although the credit card-size stand that clips to the back of the case to act as a desktop prop seems a little pointless not least since it's just one more thing to remember to carry.</p><p>Watch the video below to see the Kensington BungeeAir Power Wireless Security Tether in action.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/-21qCJsGnpg" allowfullscreen></iframe></div></div><h2 id="verdict-7">Verdict</h2><p>Kensington’s Bungee Air Power Wireless Security Tether is a simple way to add an extra layer of security to an iPhone 4, whether it’s for people seriously concerned about who might have their hands on their smartphone, or just for forgetful types. The extra bulk added by the case will cause problems for some accessories and anyone who prefers to see the sleek lines of the naked gadget, but the extra battery power it provides should make it tolerable.</p><p>Dimensions: 133.3 x 64.3 x 17.1mm Weight: 70g</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft and Adobe plan busy January patch days ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638197/microsoft-and-adobe-plan-busy-january-patch-days</link>
                                                                            <description>
                            <![CDATA[ IT departments will have a busy month of patching to kick off 2012. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9beNmYP7ETAjXFPvY6vp8f</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/GLDgJGdTbzMkJi2fhFXRf7-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 09 Jan 2012 11:12:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/GLDgJGdTbzMkJi2fhFXRf7-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Patch Tuesday]]></media:description>                                                            <media:text><![CDATA[Patch Tuesday]]></media:text>
                                <media:title type="plain"><![CDATA[Patch Tuesday]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/GLDgJGdTbzMkJi2fhFXRf7-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Both <a href="https://www.itpro.com/637990/microsoft-spots-malware-posing-as-police" target="_blank" data-original-url="https://www.itpro.com/637990/microsoft-spots-malware-posing-as-police">Microsoft</a> and <a href="https://www.itpro.com/637753/another-adobe-zero-day-strikes" target="_blank" data-original-url="https://www.itpro.com/637753/another-adobe-zero-day-strikes">Adobe</a> have welcomed the new year by announcing some notable patching days for IT departments to be aware of.</p><p>Microsoft usually keeps Patch Tuesdays quiet in January, but has issued <a href="http://technet.microsoft.com/en-us/security/bulletin/ms12-jan" target="_blank">seven security bulletins</a> for eight vulnerabilities.</p><p>One of those is a critical remote code execution vulnerability in Media Player, although for users of Windows 7 and Windows 2008 R2 its severity is downgraded to 'important.'</p><p>The remaining bulletins are ranked as important. One of those covers the <a href="https://www.itpro.com/636304/ssl-under-threat-as-flaw-exploited" target="_blank" data-original-url="https://www.itpro.com/636304/ssl-under-threat-as-flaw-exploited">BEAST SSL flaw</a> highlighted by researchers last year.</p><p>Next Tuesday it will be interesting to see, which exact Windows features are involved and how this vulnerability can be used by attackers.</p><p>Researchers found a way to exploit a long-known flaw in TLS (Transport Layer Security) that could have undermined the security credentials of the SSL cryptographic protocol and affected millions of sites. However, little emerged from the discovery.</p><p>"Bulletins three and five, while rated 'important' both involve Remote Code Execution, most likely through a specifically crafted input file to one of the Windows standard programs and should also be high on your list of bulletins to look at," recommended Wolfgang Kandek, CTO of Qualys.</p><p>"Bulletin two stands out as it is tagged as 'Security Feature Bypass,' which is a new category. Next Tuesday it will be interesting to see which exact Windows features are involved and how this vulnerability can be used by attackers."</p><p>Adobe will join Microsoft in issuing updates tomorrow (10 January). It will address critical flaws in Reader and Acrobat.</p><p>"These updates will include fixes for CVE-2011-2462 and CVE-2011-4369, previously addressed in Adobe Reader and Acrobat 9.x for Windows," Adobe said in its <a href="http://www.adobe.com/support/security/bulletins/apsb12-01.html" target="_blank">advisory</a>.</p><p>Oracle is also due to issue its quarterly security update on 17 January, making it a busy month of patching for IT managers.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Check Point 2210 Appliance review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638182/check-point-2210-appliance-review</link>
                                                                            <description>
                            <![CDATA[ Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">87jC2jCghLK7ibaLnR5DXF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Xhe9bNMhmJc49BJmF4jpfg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 06 Jan 2012 15:57:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Antivirus]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Xhe9bNMhmJc49BJmF4jpfg-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[The appliance’s web interface provides a quick start wizard to get the network ports configured.]]></media:description>                                                            <media:text><![CDATA[Check Point 2210 Appliance]]></media:text>
                                <media:title type="plain"><![CDATA[Check Point 2210 Appliance]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Xhe9bNMhmJc49BJmF4jpfg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure role="gallery"><figure><img src="https://cdn.mos.cms.futurecdn.net/Xhe9bNMhmJc49BJmF4jpfg.jpg" alt="Check Point 2210 Appliance" /><figcaption>Check Point 2210 Appliance</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/Tyae3KVqfvZQfvxhw4D4LS.jpg" alt="The appliance’s web interface provides a quick start wizard to get the network ports configured." /><figcaption>The appliance’s web interface provides a quick start wizard to get the network ports configured.</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/w27gLDdqM9SrmAAVCK3FZJ.png" alt="All further management is from the SmartDashboard utility and the software blades can be activated from the appliance’s Prope" /><figcaption>All further management is from the SmartDashboard utility and the software blades can be activated from the appliance’s Prope</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/obbmpNxqdH2Q5Qg8hMjHpV.jpg" alt="Check Point’s new AppWiki feature provides versatile web filtering and the anti-spam blade performs well with a little score " /><figcaption>Check Point’s new AppWiki feature provides versatile web filtering and the anti-spam blade performs well with a little score </figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/AqWwbsTUh7GoBPsQQV5wNQ.png" alt="The SmartEvent tool provides detailed real-time reporting on all security events and URL filtering, but the anti-spam blade i" /><figcaption>The SmartEvent tool provides detailed real-time reporting on all security events and URL filtering, but the anti-spam blade i</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/kJe6zjCAYpRL9hZGnJjth6.png" alt="SmartView Tracker and Monitor provide access to all firewall logs and real-time graphical views of appliance performance and " /><figcaption>SmartView Tracker and Monitor provide access to all firewall logs and real-time graphical views of appliance performance and </figcaption></figure></figure><p>Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.</p><p>Aimed at SMBs and remote office deployments, the new 2200 family of security appliances stand out as they are available with all the same software blades as Check Point's enterprise appliances. This makes them very easy to customise as you just pick the blade package that suits your current needs and upgrade as your needs change.</p><p>In this exclusive review we look at the 2210 model which comes with all ten security software blades. The list starts with Check Point's well respected SPI firewall and includes IPsec VPNs, clustering, identity awareness and mobile access security plus a one year subscription to IPS, application control, URL filtering, anti-virus and anti-spam.</p><p>Two extra blades are included as standard with all 2200 appliances - security policy management and logging. If you don't want all these features you can start with the entry-level 2205 model which costs around 2,300 and comes with the firewall, IPsec VPN, clustering, identity awareness and mobile access security blades.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Tyae3KVqfvZQfvxhw4D4LS" name="" alt="The appliance’s web interface provides a quick start wizard to get the network ports configured." src="https://cdn.mos.cms.futurecdn.net/Tyae3KVqfvZQfvxhw4D4LS.jpg" mos="https://cdn.mos.cms.futurecdn.net/Tyae3KVqfvZQfvxhw4D4LS.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">The appliance’s web interface provides a quick start wizard to get the network ports configured. </span></figcaption></figure><p>This compact appliance has six Gigabit Ethernet ports that can be configured for LAN, WAN or DMZ duties as required. It uses a small internal fan but, unlike <a href="https://www.itpro.com/637801/fortinet-fortigate-111c" data-original-url="https://www.itpro.com/637801/fortinet-fortigate-111c">Fortinet's noisy 111C appliance</a>, it's virtually silent.</p><p>Your first port of call is the appliance's web console which provides a handy wizard that runs through network configuration, setting up your internal and external ports and securing administrative access. The appliance has a 250GB hard disk and this can be used to store system images for backing up and restoring various configurations.</p><p>For all further security policy and blade management you download the SmartConsole software directly from the appliance. This installs a heap of management and monitoring utilities which includes the SmartDashboard for creating and deploying security policies.</p><p>A row of tabbed folders provides easy access to all the components. A network object is automatically created for the appliance and selecting it loads a properties window where you can activate each software blade.</p><p>All traffic is blocked by default so you need to create firewall rules which comprise source and destination objects, services, time schedules and logging options. Plenty of rule actions are possible as you can permit, deny or drop traffic and enforce user authentication.</p><p>Check Point has augmented its URL filtering services with a new AppWiki feature, so it doesn't just rely on traditional category databases. AppWiki makes the web filtering blade far more versatile as it provides a database of over 4,500 Web 2.0 apps, options for controlling specific Facebook activities and a list of nearly 250,000 social network widgets.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="obbmpNxqdH2Q5Qg8hMjHpV" name="" alt="Check Point’s new AppWiki feature provides versatile web filtering and the anti-spam blade performs well with a little score" src="https://cdn.mos.cms.futurecdn.net/obbmpNxqdH2Q5Qg8hMjHpV.jpg" mos="https://cdn.mos.cms.futurecdn.net/obbmpNxqdH2Q5Qg8hMjHpV.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Check Point’s new AppWiki feature provides versatile web filtering and the anti-spam blade performs well with a little score  </span></figcaption></figure><p>During testing we found this blade performed extremely well with very few web sites slipping past our filtering policies. For each policy you can block or allow access, request authentication and present warning web pages, redirect users or display a page informing them that an AUP is in place.</p><p>The anti-spam blade also performed well during testing with live mail as it returned a high detection rate of 98 per cent over a two week period. However, we had to tweak the confidence score for suspected spam as it was initially throwing up too many false positives.</p><p>The mobile access blade is a new feature and is designed to provide secure access for remote workers using PCs, laptops or mobile devices that want to access corporate resources. A wizard takes you through the process of creating SSL VPN portals, choosing which apps and resources are to be made available and picking an authentication method.</p><p>The identity awareness blade is also new and is used to link user names to systems, so security policies can be applied to user identities regardless of where they log in from. Setup is also wizard driven and you can define AD authentication and use captive portals for guest workers or visitors.</p><p>For monitoring and reporting, Check Point uses a central log server that all other appliances send their data to. For standalone deployments this means the appliance will be handling these duties as well.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kJe6zjCAYpRL9hZGnJjth6" name="" alt="SmartView Tracker and Monitor provide access to all firewall logs and real-time graphical views of appliance performance and" src="https://cdn.mos.cms.futurecdn.net/kJe6zjCAYpRL9hZGnJjth6.png" mos="https://cdn.mos.cms.futurecdn.net/kJe6zjCAYpRL9hZGnJjth6.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">SmartView Tracker and Monitor provide access to all firewall logs and real-time graphical views of appliance performance and  </span></figcaption></figure><p>The SmartView Monitor provides views of activities in real time with traffic graphs for areas such as the top services, destinations, sources and tunnels. Viewing the system counters allows you to keep an eye on processor and memory usage, firewall activity, packet size distributions and so on.</p><p>Policy activity for each security blade can be viewed from SmartEvent. The latest v75.20 version of SmartConsole provides a freshly designed interface which includes real time views, graphs and timelines so you can easily see threat trends and anomalies.</p><p>You can't view activity for the anti-spam blade in SmartEvent and will need to use the SmartReporter tool for this. SmartReporter provides an extensive selection of reports which can have a range of filters applied and be scheduled to run regularly and emailed to selected recipients.</p><p>We did come across some problems though, as the only available anti-spam report is hidden in the Express report section and can only look back over the previous 14 days. We also found some of the URL filtering reports wouldn't generate any data and suspect they still only work with Check Point's older legacy blade.</p><p>Check Point's new 2210 appliance has a lot of sophisticated security features for the price. They're not the easiest to deploy and manage, but Check Point's software blades are a great idea as they allow you to customise the appliance precisely to your requirements.</p><h2 id="verdict-8">Verdict</h2><p>Check Point’s SmartConsole management and monitoring tools are geared up towards handling multiple appliances and this makes the 2210 best suited to remote office deployment or offered as a managed security solution. SMBs will find the appliance offers a very impressive range of features that perform well for the price, but as a standalone product it’s not the easiest to deploy and manage.</p><p>Chassis: Desktop Memory: 2GB RAM Network: 6 x Gigabit Ethernet Storage: 250GB SATA hard disk Ports: 2 x USB2, RJ-45 console Management: Web browser, CLI, SmartConsole Software: SmartDashboard, SmartEvent, SmartProvisioning, SmartReporter, SmartUpdate, SmartView Monitor, SmartView Tracker</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Netgear ProSecure UTM9S review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638098/netgear-prosecure-utm9s-review</link>
                                                                            <description>
                            <![CDATA[ Netgear's new UTM9S has plenty of network security features for SMBs and some interesting expansion options too. In this review, Dave Mitchell finds out if it's the most versatile ProSecure appliance yet. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">68JdTx4bjB4TZZHDrnEqPi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/avB7cwJ7UejL9JzDafb8yJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 03 Jan 2012 12:07:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Antivirus]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/avB7cwJ7UejL9JzDafb8yJ-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Netgear ProSecure UTM9S]]></media:description>                                                            <media:text><![CDATA[The Netgear ProSecure UTM9S]]></media:text>
                                <media:title type="plain"><![CDATA[The Netgear ProSecure UTM9S]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/avB7cwJ7UejL9JzDafb8yJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Netgear's ProSecure UTM appliances have always been affordable gateway security solutions for cash-strapped SMBs. Its latest UTM9S is its first to have a pair of modular expansion slots and integration with the company's ReadyNAS storage appliances.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="wbG3rADo2Kumw874ByTnyV" name="" alt="ITPRO Recommended award" src="https://cdn.mos.cms.futurecdn.net/wbG3rADo2Kumw874ByTnyV.jpg" mos="https://cdn.mos.cms.futurecdn.net/wbG3rADo2Kumw874ByTnyV.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>This desktop box is positioned between the UTM5 and UTM10 appliances and has claimed throughputs of 130Mbit/s for its SPI firewall and 21Mbit/s with anti-virus (AV) scanning enabled. Netgear doesn't apply per-user licenses, but we reckon the UTM9S is good for at least fifteen users.</p><p>The UTM9S has the same software features as all the other UTM appliances which include an SPI firewall, IPS and support for IPsec and SSL VPN tunnels. Netgear's security partners need no introduction as you have Mailshell handling anti-spam, Sophos dealing with viruses and malware and Commtouch stepping up for URL category filtering.</p><p>The appliance has four Gigabit Ethernet ports for LAN duties and two more for WAN connections which can be placed in load balanced or failover teams. Traffic metering can also be enabled on any of the WAN ports including any expansion cards. This enforces monthly upstream and downstream limits in MB and either blocks all web traffic or allows only email when these thresholds have been breached.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="KkD2LrEzLX3wvN7QbkmLrQ" name="" alt="Installation gets off to a flying start with Netgear’s ten-step wizard helping to set the appliance up." src="https://cdn.mos.cms.futurecdn.net/KkD2LrEzLX3wvN7QbkmLrQ.png" mos="https://cdn.mos.cms.futurecdn.net/KkD2LrEzLX3wvN7QbkmLrQ.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The web browser's wizard had us up and running in minutes.</p><p>The UTM9S functions as a transparent gateway so installation is a cinch. For testing we dropped it between the lab network and our Internet link and the web browser's wizard had us up and running in minutes. The appliance is preconfigured with two firewall rules to look after inbound and outbound traffic. You can add custom firewall rules if you wish and apply bandwidth restriction and quality of service (QoS) profiles to selected services.</p><p>ReadyNAS integration requires an add-in to be installed on the storage appliance after which it can be used as a quarantine area and remote log store. Previously, if you powered off a UTM appliance all its logs and Flash-based graphs and statistics tables were lost.</p><p>Once powered back up, it checked the NVX and restored all graphs and tables to their current state. ProSecure UTM appliances can't quarantine mail and malware locally, but this new feature solves this problem neatly by offloading this task onto the NAS appliance.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ebaM5Qnm7EA4BsUJadv2wA" name="" alt="The UTM9S can be upgraded using the optional wireless and VDSL/ADSL2+ modules." src="https://cdn.mos.cms.futurecdn.net/ebaM5Qnm7EA4BsUJadv2wA.jpg" mos="https://cdn.mos.cms.futurecdn.net/ebaM5Qnm7EA4BsUJadv2wA.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The UTM9S can be upgraded using the optional wireless and VDSL/ADSL2+ modules.</p><p>The wireless module costs just 33 which is good value. It 802.11n in either the 2.4GHz or 5GHz bands. It doesn't support multiple SSIDs, but you can create a single profile with your chosen security and encryption settings, including MAC address filters.</p><p>The VDSL/ADSL2+ module is configured from the same tab in the web interface as the two Gigabit Ethernet WAN ports. Setup is simple as an auto-detect function sorts out most of the settings and you can use it as your primary WAN interface or link it with the Gigabit Ethernet ports for auto-rollover or load balancing.</p><p>Sophos' virus scanning can be applied to SMTP, POP3 and IMAP accounts and all updates are automated with checks as often as every fifteen minutes. HTTP, FTP and HTTPS traffic are also scanned and adding the latter as a standard feature makes the UTM9S even better value.</p><p>Anti-spam options include black and white lists and RBLs plus Mailshell's distributed spam analysis which has five sensitivity levels. For anti-spam testing, we left the appliance on its default setting filtering live mail for two weeks.</p><p>We configured the appliance to tag the subject line of suspect messages, but pass them through to our Outlook clients. Using rules to move tagged messages to separate folders we saw a decent spam detection rate of 97.2 percent with no false positives.</p><p>Negear provides basic IM and P2P app controls and these have been augmented with five extra services for blocking the iTunes Store, Rhapsody, QuickTime Player, RealPlayer and Winamp. You also get options for blocking other services including GoToMyPC remote control sessions.</p><p>The appliance supports a wide range of authentication methods and you can force users to login to the appliance before being allowed Internet access. A global web access policy is enforced, but this can be customised using exception rules assigned to selected domains on the appliance. Rules allow you to either block or allow specific web categories, applications or file extensions for a domain.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="wdfwnrow6xgLEeXVXBU4QY" name="" alt="The Flash-based reporting tools give a good overview of all activity and security threats." src="https://cdn.mos.cms.futurecdn.net/wdfwnrow6xgLEeXVXBU4QY.png" mos="https://cdn.mos.cms.futurecdn.net/wdfwnrow6xgLEeXVXBU4QY.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The monitoring section's Dashboard includes counters for all the new services as well as Flash-based real time threat and network traffic graphs.</p><p>The monitoring section's Dashboard includes counters for all the new services as well as Flash-based real time threat and network traffic graphs. These include counters showing the top detected threats for all security modules and you can generate HTML reports from the web interface and email them out.</p><p>The ProSecure UTM9S is excellent value thanks to its useful range of security features which performed well. The UTM9S is available with a one-year subscription for a very reasonable 307 ex VAT with a full three year subscription only pushing this up to 517 ex VAT.</p><p><a href="https://www.itpro.com/638098/netgear-prosecure-utm9s-review" target="_blank" data-original-url="https://www.itpro.com/638098/netgear-prosecure-utm9s-review">So what's our verdict?</a></p><h2 id="verdict-9">Verdict</h2><p>The ProSecure UTM9S is a good choice for small businesses that want a low-cost UTM appliance that doesn’t skimp on features. You will need a ReadyNAS appliance for the new logging and quarantining features, but the extra expansion modules make it very versatile and our lab tests show that its anti-spam performance is good.</p><p>Chassis: Desktop Memory: 512MB RAM Flash storage: 2GB Network: 6 x Gigabit Ethernet (4 x LAN, 2 x WAN) Expansion slots: two Anti-virus: Sophos Anti-spam: Mailshell URL filtering: Commtouch Management: Web browser Options: Wireless-N module, £33; VDSL/ADLS2+ module; £61 (all ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Shipping sector security awareness 'low to non-existent' ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/638005/shipping-sector-security-awareness-low-to-non-existent</link>
                                                                            <description>
                            <![CDATA[ ENISA urges EU member states to improve security awareness in the maritime sector. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">p5qsgbQcKGVszJBZjFVKaw</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/F6ZZkweLt7NoSzb3pLUWTB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 20 Dec 2011 15:50:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/F6ZZkweLt7NoSzb3pLUWTB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Shipping]]></media:description>                                                            <media:text><![CDATA[Shipping]]></media:text>
                                <media:title type="plain"><![CDATA[Shipping]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/F6ZZkweLt7NoSzb3pLUWTB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The European maritime sector has next to no idea about cyber <a href="https://www.itpro.com/637915/sticking-security-where-the-sun-dont-shine" target="_blank" data-original-url="https://www.itpro.com/637915/sticking-security-where-the-sun-dont-shine">security</a>, according to a <a href="http://www.enisa.europa.eu/act/res/other-areas/cyber-security-aspects-in-the-maritime-sector/cyber-security-aspects-in-the-maritime-sector-1" target="_blank">report</a> released by the European Network and Information Security Agency (ENISA).</p><p>The shipping industry, which carried 52 per cent of goods traffic in 2010, has "currently low to non-existent" awareness of cyber security needs and challenges, the report said.</p><p>This overall low awareness represents a concern as there is an increased dependency on ICT of all key players.</p><p>ENISA claimed the lack of understanding was evident at every layer of the industry, from government bodies to port authorities and maritime companies.</p><p>"This overall low awareness represents a concern as there is an increased dependency on ICT of all key players, processes and activities within the maritime sector," the report continued.</p><p>"Indicators of this dependency are the increasing number of ICT systems implementations in ports worldwide, and the continuous increase of volume and complexity of information and data exchanged."</p><p>ENISA considered the maritime sector to be one of Europe's critical infrastructure industries, saying the continent was " critically dependent" on the movement of cargo and passengers over sea.</p><p>Given critical infrastructure is a key target for cyber criminals, the body recommended European nations to boost awareness</p><p>"Member States should consider developing and implementing awareness raising campaigns targeting the maritime actors. In particular the provision of appropriate cyber security training to relevant actors (e.g. shipping companies, port authorities, etc.) would be highly recommended," ENISA's report read.</p><p>"Such awareness campaigns and training initiatives should target all relevant actors involved in the maritime sector, while their provision could be coordinated by relevant cyber security organisations."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Blue Coat agrees to be acquired for $1.3bn ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/637813/blue-coat-agrees-to-be-acquired-for-13bn</link>
                                                                            <description>
                            <![CDATA[ Blue Coat is sold to a private equity firm after a troubled year for the security and WAN optimisation company. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mhYpbzYKpSvh7e9gPzc3EZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VBTsueU6jSssCyLZB7H3RC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 12 Dec 2011 10:59:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VBTsueU6jSssCyLZB7H3RC-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Deal]]></media:description>                                                            <media:text><![CDATA[Deal]]></media:text>
                                <media:title type="plain"><![CDATA[Deal]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VBTsueU6jSssCyLZB7H3RC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Security and WAN optimisation provider Blue Coat Systems has agreed to be acquired for $1.3 billion (836 million).</p><p>The vendor's board has apporoved the acquisition by an investor group led by San Francisco-based private equity investment firm Thoma Bravo.</p><p>Blue Coat confirmed it would focus on its core areas of internet security and WAN optimisation.</p><p>"After an extensive evaluation of strategic alternatives with our independent advisors, the board has determined that the definitive agreement with Thoma Bravo provides an attractive all-cash valuation to our shareholders," said David Hanna, chairman of the board at Blue Coat.</p><p>"We look forward to completing the transaction under the terms of the agreement as expeditiously as possible."</p><p>Blue Coat has suffered from declining sales this year, as well as a stock drop of 41 per cent, <a href="http://www.reuters.com/article/2011/12/09/us-bluecoat-thomabravo-idUSTRE7B80QE20111209" target="_blank">Reuters</a> reported.</p><p>The company is also being probed by the US Commerce Department to see whether Blue Coat provided internet-blocking equipment to Syria something which would break a US trade embargo to the troubled nation.</p><p>Blue Coat said it was working with the US Government, claiming it believed its equipment had been transferred illegally to Syria.</p><p>WikiLeaks has also claimed Blue Coat technology was sold to Governments and subsequently used to prevent dissidents from organising protests online.</p><p>Blue Coat said its technologies were "being cast with all these things and that's not what our products do."</p><p>The company also replaced its CEO in August during a turbulent year.</p><p>Who's Thoma Bravo?</p><p>Thoma Bravo is one of the owners of Attachmate, the company that was <a href="https://www.itpro.com/628801/novell-acquired-by-attachmate-for-22-billion" target="_blank" data-original-url="https://www.itpro.com/628801/novell-acquired-by-attachmate-for-22-billion">bought from Novell last year for $2.2 billion</a>.</p><p>The company has some major investments in the tech sector. It claimed to have a strong interest in the security industry too.</p><p>"Blue Coat marks the continuation of Thoma Bravo's investment efforts in the security technology industry, and is the firm's fifth security technology platform investment," said Seth Boro, partner at Thoma Bravo .</p><p>The deal is expected to close in the first quarter of 2012.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The Cloud Summit security debate ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/637504/the-cloud-summit-security-debate</link>
                                                                            <description>
                            <![CDATA[ Our inaugural summit covers the most pertinent cloud security questions of today, including the Patriot Act and the quality of providers' infrastructure. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jR4fm4xnHFL7QdsAqxMTWt</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mAk2rTqVWJfrujssy8kFjT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 23 Nov 2011 09:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Breaches]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mAk2rTqVWJfrujssy8kFjT-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cloud Summit logo]]></media:description>                                                            <media:text><![CDATA[Cloud Summit logo]]></media:text>
                                <media:title type="plain"><![CDATA[Cloud Summit logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mAk2rTqVWJfrujssy8kFjT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The biggest issue preventing companies from moving to the cloud has always been security, yet there are many complications IT departments have to consider.</p><p>When <em>IT Pro</em> and sister title <em>Cloud Pro</em> brought together experts from across the field at our Cloud Summit to discuss the complexities of <a href="https://www.itpro.com/634597/nhs-heads-to-cloud-for-security" target="_blank" data-original-url="https://www.itpro.com/634597/nhs-heads-to-cloud-for-security">cloud security</a>, we got some solid answers.</p><p>One major contemporary concern is around the Patriot Act, which could allow US Government to go into cloud data centres to gain information, even if they're not on US soil.</p><p>You have to approach cloud providers as if they're insecure.</p><p>According to HP's UK & Ireland storage and server chief technology officer David Chalmers, however, HP will not open its doors in the UK to any US body enforcing the Patriot Act.</p><p>This was something that was echoed by Rackspace's vice president of technology Nigel Beighton, who said its UK datacentres would do the same.</p><p>So those relying on UK-based cloudy datacentres can fear not. But should people be worried about security of the providers' themselves?</p><p>"You have to approach cloud providers as if they're insecure," recommended Beighton, who quickly pointed out that didn't mean Rackspace was insecure.</p><p>He said it would be wiser to assume cloud solutions can't be trusted in order to ensure the information that businesses are putting up in the cloud is as secure as possible. Due to the risks involved, such an approach would also mean hybrid services are considered where necessary, according to Beighton.</p><p>Rik Ferguson, Trend Micro's director for security research, said businesses should approach vendors as if they were estate agents. He urged people to look into all the different options and pick the one that suits the customer's cloudy plans.</p><p>Businesses should be wary of complacency too, Ferguson said.</p><p>"Don't forget about the perimeter. The perimeter is still there, you just have to find where it is... To break through the cloud's perimeter, all you need is a credit card," he added, noting the importance of making cloud-based apps as secure as possible.</p><p>But what about when cloud providers' services are being used for malicious activity? Ferguson said it was certainly a possibility that users' services could be disrupted if law enforcement have to enter cloud datacentres and remove the hardware.</p><p>The providers themselves were a little stumped, but Beighton said they do checks on who is using their services. This includes checks on what kinds of credit cards are being used to buy cloud infrastructure and monitoring for spam. It was unclear, however, how vendors would comply with warrants to remove servers from datacentres and still ensure customers were unaffected.</p><p>There is a clear need for definite processes and standards for cloud security. Once these come into place, adoption will surely skyrocket.</p><p>Look out for the rest of our coverage from our Cloud Summit and the inaugural <em>IT Pro</em> awards this week.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The security old guard are under attack ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/636094/the-security-old-guard-are-under-attack</link>
                                                                            <description>
                            <![CDATA[ As the security landscape shifts, security giants need to adapt. Otherwise the industry's minnows might take over. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iwjbipCmAt5CMuj3iQJscp</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/snEuRbQQxcJJmV3Zxyd3t8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 13 Sep 2011 15:48:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/snEuRbQQxcJJmV3Zxyd3t8-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/snEuRbQQxcJJmV3Zxyd3t8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>COMMENT Revolution has been a big theme of 2011. Not just in the political sphere, but in the tech world as well.</p><p>Indeed, the two became intertwined during the Arab spring, when social media was used as a key communications tool for the revolutionaries.</p><p>An insurrection of sorts looks set to take place in the security industry too. The two overlords of the market - Symantec and McAfee - are under attack.</p><p>Anti-virus is a hoax. The engines are not working.</p><p>The minnows of the industry are starting to get aggressive, especially in their comments about the old guard.</p><p>Over the past few months, a refrain has repeatedly crept up in conversations with these young up-starts: the old systems don't protect against new threats.</p><p>The mighty minnows</p><p>According to Nir Zuk, founder of Palo Alto Networks, traditional vendors are still selling the same engine used to detect threats that was created nearly two decades ago.</p><p>"Anti-virus is a hoax. The engines are not working," Zuk told <em>IT Pro</em>.</p><p>He believes traditional AV vendors are even wasting money on ensuring their products are the default choice on PCs sold directly to consumers. What's more, they don't even seem to be gaining any financial benefit from it, he claimed.</p><p>"That's something you will not see in their results," Zuk added. "The consensus is that they will never see their money back."</p><p>Another consensus amongst these security companies is that the old database, or signature-based system does not work as <a href="https://www.itpro.com/634951/is-the-security-industry-lying-about-malware-protection" target="_blank" data-original-url="https://www.itpro.com/634951/is-the-security-industry-lying-about-malware-protection">highlighted by M86 Security recently</a>.</p><p>They make a valid point you can't detect zero-day threats by referring back to a database of known malware. It's just not possible. For real protection, you need systems that can identify dodgy traffic or dangerous code in real-time, or close to real-time at least.</p><p>As attacks become more targeted and are able to bypass standard AV, it becomes clear the old systems do little to prevent serious breaches.</p><p>Of course, there are some histrionics on the behalf of these feisty new security companies. They need to make a name for themselves and lambasting the security giants of today's world won't do them much harm. Having said that, Zuk's firm is partnered with Symantec so take his comments with a punch of salt. On top of that, Palo Alto uses a database itself behind its appliances is a Webroot database. Make of that what you will.</p><p>Regardless, their comments about the flaws within the old systems are hard to deny.</p><p>The Symantec way</p><p>So what does Symantec have to say about others openly trashing the way it detects threats? Greg Day, who recently moved from McAfee to Symantec (saying his new role as EMEA CTO was "a breath of fresh air"), was convinced the claims against the number one security player were rubbish.</p><p>"The first thing is, Symantec is not purely signature dependent. We have in there signatures that we put to the client and we also make use of the cloud to gather real-time intelligence and apply smart controls in much the same kind of mentality that M86 do," Day said.</p><p>He pointed to Insight, which uses a wealth of information to determine whether a file is safe or not, such as looking at its provenance or whether it has a digital signature. That's still not a real-time model is it? Does it not still require old information to detect a potential threat?</p><p>"I agree it's not quite real-time because it's comparing with others in the cloud but I would say that it's probably real-time plus a few seconds," was Day's response.</p><p>"In many ways the thing you probably want to be most concerned about is something that is new and no one else has seen but I don't think you've got the time and effort involved to do that," Day added.</p><p>"At the end of the day, when you get the world's smartest threat and somebody has spent a lot of time and effort on it, even if it is picked up by anybody, what are they [the malware creators] going to do? They will keep tweaking and tweaking it until they think it will get through."</p><p>We need to start taking a more balanced view of accepting that people make mistakes, targeted attackers will at some point get in.</p><p>He admitted targeted attackers will be able to pierce defences and cause havoc. To deal with this, Day called for a focus on what to do after a break-in.</p><p>"The underlying trend here is that we spent decades building up great defensive techniques and actually I think we need to start taking a more balanced view of accepting that people make mistakes, targeted attackers will at some point get in and I think we have to start thinking about how we make security more bi-directional," Day added.</p><p>"If the user does click on the wrong thing, how do I put the controls in place that mean I have at least the forensics or the auditing to know what left and preferentially I can stop it going out of the door to start with."</p><p>Symantec doubters would have leapt on those comments, claiming security companies should be improving how they defend companies from attacks, not how to protect the information following a compromise.</p><p>Whatever you think of Symantec's DLP-focused approach though, it's clear the company recognises a shift in the threat landscape. It's just taking its own path towards change.</p><p>Yet Zuk is convinced such big companies can't adapt to the shift occurring in the sector, where targeted threats present the most significant problem. "Big companies cannot change to new markets," he continued. "There is no way they will adapt."</p><p>Of course, Zuk can't possibly be sure about that. Symantec, and others like McAfee, Trend Micro and Kaspersky, all have the financial clout to invest in either R&D or in an acquisition. They can adapt, they just need the foresight and willingness to do so.</p><p>In reality, the old guard will remain in the upper echelons of the industry for some time, whether they change their protection technologies to block zero-days outright, or they move to post-attack strategies and the DLP market.</p><p>The new guard</p><p>What's really exciting is the innovation and sheer gall of the new generation of security companies. They have potentially disruptive new pieces of technology at their disposal which really could upset the big players.</p><p>Furthermore, these minnows don't look like they will cave to pressure from their more powerful rivals. Like any company which wants to get big, Palo Alto is one of those that scoffs at acquisition attempts.</p><p>With that kind of attitude, and the fact that in only four years it is already supplying major banks across the world, Palo Alto is a company that looks sure to succeed. Contemporaries like M86 and cloud-based security firm <a href="https://www.itpro.com/634603/it-pro-start-up-tour-zscaler" target="_blank" data-original-url="https://www.itpro.com/634603/it-pro-start-up-tour-zscaler">Zscaler</a> look on the path to becoming bigger players as well.</p><p>And as for the IT guy, greater competition only means better products. In turn, that means a safer business. It's a win-win for them.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Netgear ProSecure UTM150 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/636043/netgear-prosecure-utm150</link>
                                                                            <description>
                            <![CDATA[ Netgear is better known for its network routers and switches than its security appliances. Karl Wright takes a look under the hood of the ProSecure UTM150 to see if the new unified threat management appliance is right for you. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">f6YqxmTFrxn9Ahz6pTF7PQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/fSB6JyZrXNUSjfbdri6ga9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 09 Sep 2011 13:44:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Unified Threat Management]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Karl Wright ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/fSB6JyZrXNUSjfbdri6ga9-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Using the content blocking options you can easily prevent all or only certain users from viewing particular categories of con]]></media:description>                                                            <media:text><![CDATA[The Netgear ProSecure UTM150]]></media:text>
                                <media:title type="plain"><![CDATA[The Netgear ProSecure UTM150]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/fSB6JyZrXNUSjfbdri6ga9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure role="gallery"><figure><img src="https://cdn.mos.cms.futurecdn.net/fSB6JyZrXNUSjfbdri6ga9.jpg" alt="The Netgear ProSecure UTM150" /><figcaption>The Netgear ProSecure UTM150</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/USNJbHeoTYmCE7mfGjTFz.jpg" alt="Using the content blocking options you can easily prevent all or only certain users from viewing particular categories of con" /><figcaption>Using the content blocking options you can easily prevent all or only certain users from viewing particular categories of con</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/aeV2GaeqaN3tBwdK3ad3tJ.jpg" alt="By segmenting devices on the LAN into groups, by IP address, it’s easy to apply different settings to different users, or gro" /><figcaption>By segmenting devices on the LAN into groups, by IP address, it’s easy to apply different settings to different users, or gro</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/xvufeq5teWCrNEDRZFGuH9.jpg" alt="The UTM handles https communications by inserting itself between the secure site and the client on your network, checking whe" /><figcaption>The UTM handles https communications by inserting itself between the secure site and the client on your network, checking whe</figcaption></figure></figure><p>The Netgear UTM 150 is a unified threat management device: an internet gateway, with a built-in stateful firewall and subscription web and email filtering. It sits between your broadband connection, or connections, and the internal network.</p><p>Set up is instantaneous; simply plug in your broadband device. The UTM150 has four WAN ports: so if one internet connection goes down, it switches immediately to a backup. Alternatively, you can configure it to load balance across all available bandwidth, helping to get the highest speeds and best return on investment from your broadband.</p><p>The firewall's basic configuration is to allow all outgoing connections, but only let incoming connections that have been requested by a client behind the firewall. You can easily customise this using the web interface, allowing or blocking specific services. We tried blocking and allowing a range of services, for the whole network, for certain device groups on the network and by schedule with perfect results every time.</p><p>Web- and email- and spam-filtering only works when you subscribe to the online filter services bundled with the product. A year's free subscription is included with the UTM, after that you pay $1062 (approximately 660) for a 1-year account and $2710 (approximately 1,685) for a 3-year account.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="USNJbHeoTYmCE7mfGjTFz" name="" alt="Using the content blocking options you can easily prevent all or only certain users from viewing particular categories of con" src="https://cdn.mos.cms.futurecdn.net/USNJbHeoTYmCE7mfGjTFz.jpg" mos="https://cdn.mos.cms.futurecdn.net/USNJbHeoTYmCE7mfGjTFz.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Using the content blocking options you can easily prevent all or only certain users from viewing particular categories of con </span></figcaption></figure><p>Content filtering worked well, but sometimes threw up false positives. It's easy enough to remedy using whitelists though.</p><p>URL filtering worked all the time, without any exception. Content filtering worked well, but sometimes threw up false positives. For instance, it classified an online human resources booking system as a "computers and technology" site, which was therefore blocked under the filtering scheme we had set up. Overall, however, the number of false positives was low, and it's easy to put a site on a whitelist if you want to make an exception for it but still keep your general rule.</p><p>Email antivirus filtering efficiently stripped out .exe and other suspicious files, as we'd specified, and scanned all outgoing messages without noticeably delaying their being sent. We did, however, have to remove the [MALWARE FREE] notice that the device, by default, adds to all outgoing mails it scans.</p><p>As well as being a switch, internet gateway and a security appliance, the UTM150 is also a VPN gateway, with support for both IPSEC and browser-based SSL VPNs. Setup is relatively easy, using the built-in VPN wizard. The SSL VPN is particularly useful, allowing users to access the local network from any computer with an internet connection and a browser, no client software required. We used the VPN to remotely access our network over the course of a week, working remotely with all the machines on our server accessing files and taking over some of the systems using Remote Desktop Connection. The VPN connection was reliable throughout.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aeV2GaeqaN3tBwdK3ad3tJ" name="" alt="By segmenting devices on the LAN into groups, by IP address, it’s easy to apply different settings to different users, or gro" src="https://cdn.mos.cms.futurecdn.net/aeV2GaeqaN3tBwdK3ad3tJ.jpg" mos="https://cdn.mos.cms.futurecdn.net/aeV2GaeqaN3tBwdK3ad3tJ.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">By segmenting devices on the LAN into groups, by IP address, it’s easy to apply different settings to different users, or gro </span></figcaption></figure><p>By segmenting devices on the LAN into groups, by IP address, it's easy to apply different settings to different users, or groups of users, on your network.</p><p>One of the things we liked most about the UTM150 was its flexibility. With it, you can block or allow access to content for everyone on your network or for certain groups only. In the Network Configuration screen, you simply arrange devices by IP address into groups. Then apply to each group the appropriate level of content filtering. You can also apply different schedules to different groups, for instance allowing a group of machines restricted access to the internet during the week. but unrestricted at the weekend. This level of specificity was very useful, making it possible to prevent some users on our network gaming and using certain websites except at the weekends.</p><p>We did have trouble with the appliance's handling of SSL certificates. Even when we had installed the UTM's root certificate in our client browsers and told the UTM to trust some of our test sites' certificates, we still had problems accessing the sites, with some content not displaying properly. There was no reason we could see for this and we couldn't find a way around it.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="xvufeq5teWCrNEDRZFGuH9" name="" alt="The UTM handles https communications by inserting itself between the secure site and the client on your network, checking whe" src="https://cdn.mos.cms.futurecdn.net/xvufeq5teWCrNEDRZFGuH9.jpg" mos="https://cdn.mos.cms.futurecdn.net/xvufeq5teWCrNEDRZFGuH9.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">The UTM handles https communications by inserting itself between the secure site and the client on your network, checking whe </span></figcaption></figure><p>Managing access to SSL sites can be time consuming.</p><p>Thankfully, the web interface itself is fairly well organised, so even when you can't remember where something is, you tend to find it fairly quickly because it's in the place you'd logically expect it to be. For larger networks there's also LDAP integration particularly useful for creating VPN users. You can also use the device's own database, but you need to make sure that you don't try and associate the same account with more than one function. For instance, if you have an IT admin who's also a VPN user, that person will need two user accounts.</p><p>Compared to a conventional router, the UTM150 is expensive. But for that price, you get the built-in switch, the firewall and the web and email filtering capabilities. Of course, you don't get integrated wireless. We used a Netgear WNAP320 wireless access point during our test. Given, however, the free bundling of the filtering services for the first year and the good price thereafter (a subscription to the Spamhaus spam blacklist alone costs around $370 a year) the UTM150 is still good value.</p><p><a href="https://www.itpro.com/636043/netgear-prosecure-utm150" target="_blank" data-original-url="https://www.itpro.com/636043/netgear-prosecure-utm150">So what's our verdict?</a></p><h2 id="verdict-10">Verdict</h2><p>It's not perfect, but the Netgear ProSecure UTM150 provides comprehensive cover against the security threats faced by most small business networks, giving you the tools you need to manage both your users and the risk that comes with exposing your systems to the internet.</p><p>Chassis: Desktop Performance: 400Mb/s firewall; 130Mb/s UTM Memory: 1GB RAM Network: 8 x Gigabit Ethernet (4 x WAN, 4 x LAN) Wireless: None Ports: 1 x USB2 Management: Web browser</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New Cisco email services to enhance security and management ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/634894/new-cisco-email-services-to-enhance-security-and-management</link>
                                                                            <description>
                            <![CDATA[ Cisco's new email services could put Exchange's laughable email recall and receipts features to shame. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uLKvbBacCqC4fqhTkEAXqM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LoFe7iGCxrVDbdsfLxNysb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 14 Jul 2011 05:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Email Providers]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Alan Lu ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LoFe7iGCxrVDbdsfLxNysb-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A Cisco IronPort appliance]]></media:description>                                                            <media:text><![CDATA[A Cisco IronPort appliance]]></media:text>
                                <media:title type="plain"><![CDATA[A Cisco IronPort appliance]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LoFe7iGCxrVDbdsfLxNysb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cisco has announced two new appliance-based email services that could help businesses handle compliance, management and security issues.</p><p>IronPort Outbreak Filters uses a combination of a malware-signature database and on-the-fly analytics to scan incoming emails to determine if any are spam or link to malicious payloads. Cisco claims the Filters can analyse not only text, but images, attachments, hidden code and scripts too.</p><p>If a user clicks on a link leading to a malware-infested webpage, the user will be redirected to a warning page instead.</p><p>Meanwhile, IronPort Business Class Email apparently includes extensive email security controls, such as recalling messages, message expiration and deciding who can forward an email and to whom. Depending on what other infrastructure their company has in place and what other services they use, Business Class Email users may also be able to use their email account user name and password to log into other services.</p><p>Administrators will also be able to enforce minimum levels of password complexity.</p><p>According to Soni Jiandani, Cisco's senior vice president of the Server Access and Virtualisation Technology Group, the IronPort services are examples of the benefits of proactive network-based security that customers can reply on instead of having to install and manage their own endpoint security checks.</p><p>Both Outbreak Filters and Business Class Email run on top of Cisco's existing range of C-series email security appliances which are available now.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ NHS heads to cloud for security? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/634597/nhs-heads-to-cloud-for-security</link>
                                                                            <description>
                            <![CDATA[ Details on an NHS deal with cloud security provider Zscaler are thin on the ground, but an agreement has been made. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wkm524BvgtQBEkjmHmXyc6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/oT5LffCzmc8BmWPHRVotua-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 30 Jun 2011 20:26:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Public Sector]]></category>
                                                    <category><![CDATA[Business]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/oT5LffCzmc8BmWPHRVotua-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[NHS]]></media:description>                                                            <media:text><![CDATA[NHS]]></media:text>
                                <media:title type="plain"><![CDATA[NHS]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/oT5LffCzmc8BmWPHRVotua-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The NHS has signed a deal with Zscaler a cloud-based security and bandwidth management company.</p><p>A document seen by <em>IT Pro</em> detailed a Zscaler webinar stating the NHS was a customer, even though no formal announcement has been made.</p><p>Zscaler's product offering sends all customer traffic through the cloud, analyses it and then allows organisations to add policies on both security and bandwidth management.</p><p>No further details on the contract have been officially released.</p><p>The service could feasibly run through the NHS N3 broadband network, which is provided by BT. The telecoms giant confirmed a deal was in place.</p><p>At the time of publication, however, neither Zscaler nor BT had provided further details on the NHS agreement or whether it would go through the N3 network.</p><p>N3 is one of the biggest virtual private networks in Europe. It is used to manage the NHS electronic booking service and the electronic transmission of prescriptions. Essentially, it handles plenty of important data, which evidently needs protection.</p><p>To date, 180 million prescription messages and 14 million bookings have been sent over N3.</p><p>The NHS contract represents a big win for Zscaler, which looks set to provide protection for 1.3 million users operating over N3. The company provides software-as-a-service (SaaS) security, running customers' traffic through over 40 of its data centres to protect against threats.</p><p>Its key protection areas include email, web security and data loss prevention. The last area will be important for the NHS, which has seen <a href="https://www.itpro.com/626353/nhs-trust-leaves-medical-data-at-bus-stop" target="_blank" data-original-url="https://www.itpro.com/626353/nhs-trust-leaves-medical-data-at-bus-stop">data leave its premises and go missing numerous times</a>.</p><p>The deal also instantiates the UK public sector shift to the cloud something the Coalition Government is keen to push, despite its <a href="https://www.itpro.com/633898/updated-government-g-cloud-is-dead-says-hp" target="_blank" data-original-url="https://www.itpro.com/633898/updated-government-g-cloud-is-dead-says-hp">reservations to talk specifically about the G-Cloud project</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LulzSec warns NHS of security flaws ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/634111/lulzsec-warns-nhs-of-security-flaws</link>
                                                                            <description>
                            <![CDATA[ The Department of Health is fairly relaxed even though LulzSec has managed to get hold of some admin passwords. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">eaYuPsNP5gE56sv4T4KJab</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Y3eBpDLXmc8HUGmw9gKm3Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 10 Jun 2011 11:14:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Y3eBpDLXmc8HUGmw9gKm3Z-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Y3eBpDLXmc8HUGmw9gKm3Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Hacking group LulzSec sent an email to the NHS this week warning the public body about flaws in its IT infrastructure.</p><p>LulzSec, which claimed to be behind a recent hit on Sony, said it had obtained passwords of IT administrators and emailed the NHS about what it took "months ago."</p><p>"While you aren't considered an enemy, your work is of course brilliant we did stumble upon several of your admin passwords," LulzSec said in the <a href="http://i.imgur.com/PQ6Xk.png" target="_blank">email</a>.</p><p>"We mean you no harm and only want to help you fix your tech issues."</p><p>The Department of Health (DoH) said the issue only affected "a very small number of website administrators," noting no patient information had been compromised.</p><p>"No national NHS information systems have been affected," a Department of Health spokesperson told the <em>BBC</em>.</p><p>"The Department has issued guidance to the local NHS about how to protect and secure all their information assets."</p><p>LulzSec, which calls itself a group of "pirate ninjas," has upset a number of corporations recently, in particular Sony, Nintendo and FBI affiliate Infragard.</p><p>In the latter case, LulzSec <a href="https://www.itpro.com/633967/nintendo-hit-by-lulzsec-hack" target="_blank" data-original-url="https://www.itpro.com/633967/nintendo-hit-by-lulzsec-hack">targeted one Infragard user in particular</a> Karim Hijazi, chief executive of private botnet monitoring service Unveillance.</p><p>LulzSec claimed Hijazi offered to pay the hacking collective "to eliminate his competitors through illegal hacking means" in return for its silence.</p><p>Hijazi said he had been threatened by LulzSec and asked to provide money and botnet information to the collective.</p><p>In a back and forth exchange between the two parties, LulzSec claimed it was attempting to do good, while Hijazi alleged the group was in it for extortion.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ World IPv6 Day: Why should you care? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/634054/world-ipv6-day-why-should-you-care</link>
                                                                            <description>
                            <![CDATA[ With World IPv6 Day fully underway, we look at why your business should take note. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2mBP1EJA8ax395YyxfxXFX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/d4ZYPnnZJMRTbURmBqeKWh-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Jun 2011 10:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Broadband]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                    <category><![CDATA[Internet]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/d4ZYPnnZJMRTbURmBqeKWh-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IPv6]]></media:description>                                                            <media:text><![CDATA[IPv6]]></media:text>
                                <media:title type="plain"><![CDATA[IPv6]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/d4ZYPnnZJMRTbURmBqeKWh-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>ANALYSIS Given the lukewarm response to panicky reports surrounding the need to switch from IPv4 to IPv6, it would come as no surprise if people didn't go mad for World IPv6 Day.</p><p>Today, however, could make a big impact and rightly so. Just the fact <a href="https://www.itpro.com/634048/tech-giants-join-in-world-ipv6-day" target="_blank" data-original-url="https://www.itpro.com/634048/tech-giants-join-in-world-ipv6-day">the likes of Google and Facebook are supporting the event</a> should be enough to inspire most aspiring businesses.</p><p>The fact is, there is more to the situation than simply <a href="https://www.itpro.com/633193/dual-stack-approach-needed-for-ipv4-and-ipv6" target="_blank" data-original-url="https://www.itpro.com/633193/dual-stack-approach-needed-for-ipv4-and-ipv6">IPv4 addresses running out</a>. If companies don't prepare themselves, they could be shooting themselves in the foot, leaving a wound which won't heal.</p><p>Security worries</p><p>One big worry is security and the central issue here is detection.</p><p>Cyber criminals could use IPv6 traffic to bypass firewalls and security appliances, some of which will not have been configured to pick up on IPv6.</p><p>Hackers have picked up on this already, preparing attacks on firms who haven't equipped their networks for the switch, according to Qing Li, chief scientist at Blue Coat Systems.</p><p>"One of the biggest problems today is attackers are leveraging IPv6 to circumvent security protections and security policies," Li told <em>IT PRO</em>.</p><p>"You really have to have the intelligent, security orientated appliances and solutions to be able to have the visibility and control to secure traffic."</p><p>Li recommended creating secure user policies and accelerating or optimising IPv6-enabled web content to deal with transitional problems.</p><p>The move to IPv6 could also cause problems for malware authors themselves.</p><p>Another annoyance for IT with IPv6 will be down to consumerisation. Each modern device entering a corporate network will come with a separate IPv6 address, rather than sharing one IPv4 address. This means IT departments will have to keep a closer eye on what those devices are doing.</p><p>Despite the concerns, however, the move to IPv6 could also cause problems for malware authors themselves.</p><p>"With the introduction of IPv6, the massive amount of possible addresses in a default subnet and additional software tweaks has created new challenges for malware authors and cyber criminals," Symantec said in a <a href="http://www.symantec.com/connect/blogs/brave-new-world-ipv6-day" target="_blank">blog post</a>.</p><p>"It is now unfeasible to perform brute force IPv6 address scans in order to profile a network or identify a possible attack vector in this way. IPv6 also mitigates a number of existing IPv4 attacks by design."</p><p>IPv6 comes with an added security protocol known as IPsec, which authenticates and encrypts data sent across an IP enabled network, Symantec noted.</p><p>Outside of this security boost with IPv6, companies stand to benefit from IPv6 in other ways.</p><p>When talking about the move to IPv6, the big message from tech giants has been around the need to support the growth of the internet. Of course, businesses should care about this if they want to continue making money out of customers across the internet.</p><p>"Ignoring the move from IPv4 to IPv6 will seriously hinder the growth of the internet, something companies of this stature should be only too aware of," said Melvyn Wray, senior vice president of product marketing in EMEA at global networking infrastructure provider Allied Telesis.</p><p>"A reluctance to accept the switchover could prevent UK businesses from benefiting from enhanced security features and communicating with their customers around the world, holding back the development of a new wave of connected devices something that is economically unviable in today's business environment."</p><p>Piers Daniell, managing director of business ISP Fluidata, urged companies to ensure their websites are compatible with both IPv4 and IPv6 to make sure they don't miss out on contact with customers. Daniell called on ISPs to help firms in enabling dual-stack capability.</p><p>"Even today most hardware shipped by ISPs to providers still doesn't cater for IPv6 or will only once a software patch is applied," he added.</p><p>"I am a great believer that if ISPs can assist adoption, it will speed up the development of new services, which would only be possible with IPv6. This will increase the UK's competitiveness on a global scale."</p><p>Another benefit of shifting over to IPv6 is the greater visibility of individual IP addresses something marketers could harness.</p><p>"With IPv6, for instance, organisations and marketers can immediately develop a more personal and direct relationship with the connected-device user - as all devices using IPv6 have unique publicly-visible IP addresses," noted Jeff Burdette, director of research and development at IP intelligence expert Digital Element.</p><p>"This differs from IPv4, which in a common deployment, can't necessarily distinguish whether one device or one hundred devices is accessing the website from a single IP address at any given moment."</p><p>So from security to marketing, there are clearly plenty of business benefits from the move over to IPv6.</p><p>Don't panic!</p><p>Whilst all of this may seem a little scary, a key message here is not to panic if you haven't started adapting your network already.</p><p>Even if you're not taking part in today's testing, use the event to kick-start processes on working out what needs to be done with IPv6. Then implement changes where necessary.</p><p>As we've seen with Google and Facebook, many tech firms have moved to support IPv6, so when it comes to relying on providers and other vendors, businesses shouldn't have too much to worry about.</p><p>"The internet is maturing and the protocols need to change to enable this," said Matt McCloskey, head of applications and services at Virgin Media Business.</p><p>"However, there's no need to panic; we've been expecting this for a long time and the necessary precautions have been taken to ensure a smooth switchover."</p><p>Whatever you do, don't leave it too late. Otherwise your network will be left as leaky as a sieve and as out of date as a floppy disk.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ RSA servers hacked as SecurID data stolen ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/632023/rsa-servers-hacked-as-securid-data-stolen</link>
                                                                            <description>
                            <![CDATA[ As RSA has its servers hacked, its two-factor authentication customers will no doubt be highly concerned. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5WEkBwNXsDeyBpfDTj9y2x</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Le3AMyBdaUncmXPKzQz8Je-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 18 Mar 2011 12:55:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Servers &amp; Storage]]></category>
                                                    <category><![CDATA[Infrastructure]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Le3AMyBdaUncmXPKzQz8Je-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Hacker]]></media:description>                                                            <media:text><![CDATA[Hacker]]></media:text>
                                <media:title type="plain"><![CDATA[Hacker]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Le3AMyBdaUncmXPKzQz8Je-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>RSA - the security arm of EMC - has admitted to having a number of its servers hacked, as data on its two-factor authentication product SecurID was compromised.</p><p>The firm warned the data could be used to "reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," and RSA urged customers to take immediate remedial action.</p><p>RSA executive chairman Art Coviello said the firm's security systems had been targeted by an "extremely sophisticated cyber attack."</p><p>It is believed the attack was in the Advanced Persistent Threat (APT) category, which may indicate a well-funded group of individuals were responsible.</p><p>APTs involve significant intelligence research and the use of numerous techniques to hack targets. They need serious investment to be carried out.</p><p>RSA is now in the process of informing customers about the dangers and how to strengthen SecurID implementations.</p><p>"We have no evidence that customer security related to other RSA products has been similarly impacted," Coviello said in an <a href="http://www.rsa.com/node.aspx?id=3872" target="_blank">open letter</a> to customers.</p><p>"We are also confident that no other EMC products were impacted by this attack. It is important to note that we do not believe that either customer or employee personally identifiable information was compromised as a result of this incident."</p><p>In an <a href="http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htm" target="_blank">advice note to customers</a>, RSA listed a number of recommendations for customers to follow, with the first point being to increase focus on security for social media applications and the use of them by anyone with access to critical networks.</p><p>RSA has a wide range of customers, ranging from high profile private companies to government bodies.</p><p>A sad day'</p><p>The breach will be damaging for RSA and it could take some time for the EMC division to recover, said SecurEnvoy co-founder Steve Watts.</p><p>Watts said it was a "sad day" to see a company with the reputation of RSA being hit by such a significant attack.</p><p>"Anyone with an RSA token doesn't know if they're going to be compromised. The industry is a bit concerned," Watts told <em>IT PRO</em>.</p><p>"This isn't just a bit of a marketing booboo, this is a major strategic issue. The problem is that it will take quite a long time to get over it."</p><p>If RSA has to initiate a recall of a large chunk of its tokens, then this would lump the firm with a costly logistical nightmare, Watts added.</p><p>"Is it going to be as extreme as changing every token that is sent out into the marketplace? Is it as far as to send out replacement tokens for every user? That's just beyond measure," Watts added.</p><p>Earlier this week, Jim Fulton, vice president at DigitalPersona, told <em>IT PRO</em> many <a href="https://www.itpro.com/security/encryption" target="_blank" data-original-url="https://www.itpro.com/631936/businesses-plagued-by-missing-encryption-keys">companies were struggling with token deployments</a> as it was.</p><p>"I've heard people say that if they could, they'd throw them underneath a lorry and crush them because they hate them so much," Fulton said.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Admins doubt employee security awareness ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/631912/admins-doubt-employee-security-awareness</link>
                                                                            <description>
                            <![CDATA[ IT administrators are not convinced by workers' understanding of corporate security policy. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">7uVxPSFdANFnwbGXA3PP2Y</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Uuka8fAFPXJLgCy5FXRVLf-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 15 Mar 2011 14:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Data Protection]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Uuka8fAFPXJLgCy5FXRVLf-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Data security]]></media:description>                                                            <media:text><![CDATA[Data security]]></media:text>
                                <media:title type="plain"><![CDATA[Data security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Uuka8fAFPXJLgCy5FXRVLf-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The majority of IT security administrators in the UK claimed workers had little understanding of data protection policies, according to a new report.</p><p>Over half of respondents to a Check Point and Ponemon Institute poll doubted the knowledge of employees in their companies when it came to corporate security policy.</p><p>Most respondents said managing policies by user, rather than ruling with an all-encompassing approach, was vital to improving security.</p><p>Of the 450 IT security administrators surveyed, 52 per cent said identity awareness efforts by organisations would help with such a strategy.</p><p>"Employees can play a big role in being a first line of defence, helping their company enforce stronger security measures and promoting more user awareness within the organisation," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute.</p><p>"Companies are constantly facing new and costly security risks from both internal and external sources that can jeopardise the business."</p><p>The recent <a href="https://www.itpro.com/631819/vodafone-website-infiltrated-by-cuts-campaigners" target="_blank" data-original-url="https://www.itpro.com/631819/vodafone-website-infiltrated-by-cuts-campaigners">hijacking of a Vodafone website</a>, where a blogger handed their password to a group campaigning against the communications giant, again highlighted the dangers of the insider threat.</p><p>Complexity</p><p>Another major issue amongst respondents was complexity, with 35 per cent naming it the most challenging issue they faced.</p><p>UK firms used security solutions from five or more different vendors, according to Check Point.</p><p>"To improve security in this day and age, organisations need to get a better understanding of their current environments and prioritise their short and long term initiatives," added Nick Lowe, head of Western Europe sales at Check Point.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>