Sophos

White papers

Sophos experts and leading industry analysts have published a series of white papers addressing and discussing anti-virus and anti-spam issues as well as other related topics. Find out more about the problem of viruses, Trojans, spyware, spam and worms in the white papers published below.

Download the white paper NAC 2.0: A new model for a more secure future

New pressures from a constantly changing threat environment and an increasingly mobile workforce are highlighting the shortcomings of earlier versions of NAC. This white paper describes how the emerging NAC 2.0 model will offer more finely controlled network access, an increased agility of response, and a better focus on network, desktop, and security operations.

Download the white paper Stopping data leakage: Exploiting your existing security investment

As attitudes to work and information continue to evolve away from those of the past, organizations are become more aware of the acute need to control the information that flows into, through and out of their networks. This paper demonstrates the need for a high-profile acceptable use policy to prevent data leakage, gives practical guidance on how to use current investments in IT security technologies at the gateway and endpoint to support this policy, and describes where new investment should realistically be made.

Download the white paper The enemy within: how student browsing puts K-12 schools at risk

Computer literate K-12 students regularly use anonymizing proxies to bypass their school's web filters to access pornography, social networking, and other blocked websites. This is a major security flaw as most networks are now infected via the web, and it has serious legal ramifications for schools in terms of non-compliance with state and federal laws. However, reputation and real-time detection can automatically identify and block anonymizing proxies. This paper discusses the risks of students bypassing web filters and the technologies that schools can use to combat them.

Download the white paper NAC at the endpoint: control your network through device compliance

Protecting IT networks used to be a straightforward case of encircling computers and servers with a firewall and ensuring that all traffic passed through just one gateway. However, the increase in mobile workers, numbers and type of device and the amount of non-employees requiring network access, has led to a dissolving of that network perimeter. Access requests can come from anyone and anywhere, which is why organizations are turning to network access control (NAC) technologies. This paper discusses why NAC is important and how it should be implemented on the endpoint for maximum protection.

Download the white paper MarketScope for Network Access Control, 2008

About half of the vendors in the network access control market are startup companies, most of which will grow in 2008. Starting in 2009, the overall market will begin to consolidate, as established network and security vendors embed and enhance NAC functions into their products. This report assessed vendors on the following criteria: market understanding, marketing strategy, sales strategy, offering (product) strategy, overall viability (business unit, financial, strategy, organization) and sales execution and pricing.

Download the white paper Effective email policies: why enforcing proper use is critical to security

The unmonitored and unguarded use of email by employees poses a multitude of risks to organizations. The distribution of inappropriate or offensive content, malicious emails, and the risks of data leakage all threaten working environments, IT resources and an organization's reputation. A comprehensive, transparent and enforceable email acceptable use policy (AUP), combined with robust email security solutions, dramatically reduces exposure to these risks. This paper provides practical guidance on developing and enforcing an email AUP that meets the combined requirements of an organization's IT, HR and legal departments.

Download the white paper Defending the email infrastructure: Why email requires comprehensive protection

With organizations facing a growing number of threats and an increasingly regulated business environment, ensuring security and compliance across the email infrastructure is paramount. The complexity of this challenge requires a comprehensive solution. To block attacks and enforce acceptable use of email, organizations need to deploy integrated protection at the email gateway, on the email server and on all endpoint computers. This paper explores the threats facing email infrastructures, illustrating the need for multi-layered security.

Download the white paper Effective web policies: ensuring staff productivity and legal compliance

Employees increasingly expect to use the internet at work for their own personal use in return for longer hours, taking work home with them and interrupting vacations. This has a number of security, productivity, bandwidth and legal ramifications that require organizations to create and implement a web usage policy that is backed up by effective web filtering tools. This paper discusses how to create a policy that balances an organization's need for protection against an individual's expectations.

Download the white paper Assessing endpoint security solutions: why detection rates aren’t enough

Evaluating the performance of competing endpoint security products is a time-consuming and daunting task. Independent competitive comparisons, performance benchmarks, and detection certifications cover different solutions and criteria and provide conflicting results. This paper highlights the pitfalls of simply looking at virus detection rates and gives the six critical questions businesses need to ask to ensure successful protection now and in the future.

Download the white paper Protecting against tomorrow’s threats today – proactive security from SophosLabs

Today's cybercriminals are constantly looking for new vulnerabilities to exploit, they use fast-changing, low-profile threats to infect and hijack computers across the business network. This paper describes how SophosLabs uses its global visibility and 24/7 research operations to facilitate powerful integration of expertise, automation and technology to provide the proactive protection and rapid response that businesses need.

Download the white paper Safe and productive browsing in a dangerous web world: the challenge for business

A brand new infected webpage is discovered every 14 seconds, but most businesses are unprotected against today's modern web-based malware. This paper highlights the six top tricks used by hackers and describes the three pillars of protection organizations need to safeguard their systems and resources.

Download the white paper Sophos security threat report 2008

The report examines the threat landscape over the previous twelve months, and predicts emerging cybercrime trends for 2008. In 2007, organised criminal gangs extended their efforts beyond Windows, looking to Mac and other operating systems for new targets. Attacks using wireless connectivity and mobile devices and accusations of state-sponsored cybercrime have also increased. Find out more about the past year's events and Sophos's predictions for the next 12 months.

Download the white paper Who's Got the NAC? - Best Practices in Protecting Network Access

For many would-be network access control (NAC) adopters, what NAC is or is supposed to be is unclear. However, the companies who are successfully protecting their network aren't confused - they also have more demanding views as to what they think a NAC solution should provide. This report aims to further the market's understanding of NAC - its function and capabilities - as seen through the eyes of those organizations that are getting the best results in protecting their network access.

Download the white paper Liberating the inbox: How to make email safe and productive again

With spam levels breaking records every day, the quintessential business tool - email - has simultaneously become a major liability. With inboxes overrun with more and more unwanted email that threatens business productivity, regulatory compliance, and network security, organizations are having to look at what is being mailed in, out and around their network, at the gateway, at the mail server and at the endpoint. This paper focuses on the threat posed by unwanted emails that make it through to the inbox, explains the impact these threats have on organizations, and demonstrates what needs to be done in response to make email safe and productive.

Download the white paper Sophos security threat report: Update July 2007

This security threat report update descibes the ongoing changes in the threat landscape and the challenges they present to organizations. Includes discussion of web threats, email and spam, endpoint security and Windows and non-Windows threats, as well as reviewing specific recent threats and related legal action.

Download the white paper Managed appliances: security solutions that do more

Traditional appliances that promise to meet the challenge of letting the IT administrator do more with constrained resources and less time have turned out to be at best only partial solutions. This paper highlights how truly managed appliances free up time while providing improved security, visibility and peace of mind. It explains how they enable efficient security management by reducing daily administration, enhancing the user experience, and offering proactive support.

Download the white paper Spyware: Securing gateway and endpoint against data theft

The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation loss and exposure to potential litigation. This paper examines how spyware infiltrates and affects organizations and describes how to protect against it.

Download the white paper Security and control: The smarter approach to malware and compliance

The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior.

Download the white paper Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like Instant Messaging, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. This paper looks at why it is important to control such applications, discusses the various approaches, and highlights how integrating this functionality into malware protection is the simplest and most cost-effective solution.

Download the white paper Sophos security threat report 2007

Cybercriminals continue to invent increasingly cunning ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. Our latest security threat report describes the latest threats, highlights their growing complexity and looks at what the likely trends are for 2007.

Download the white paper Windows Vista: Is it secure enough for business?

Five years after the release of Windows XP, Microsoft's primary stated goal with Windows Vista has been to reduce security vulnerabilities and overall susceptibility to malware and other threats. This paper assesses how far the new features measure up to Microsoft's aspirations for its new desktop operating system and provides an insight into the level of protection they provide to business users.

Download the white paper Maximizing security and performance for web browsing: the challenge for business

Spyware, viruses, and other unwanted or unauthorized applications easily infiltrate enterprise networks via web browsing. This paper defines the requirements for effective, manageable security that protects organizations from infection and legal risk, while also meeting end user demands for performance and accessibility.

Download the white paper Stopping zombies, botnets and other email- and web-borne threats

Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This paper discusses how the threat has evolved, explains how zombie networks, or botnets, are created and highlights how even organizations with reliable gateway and endpoint protection are vulnerable to these email- and web-borne threats.

Download the white paper Cutting the cost and complexity of managing endpoint security

Managing the desktops, laptops and servers at the endpoints of corporate networks is an increasingly complex, time-consuming and expensive task. This paper examines the issues of managing security across the network, discusses the key criteria involved in choosing a solution, and describes Sophos Endpoint Security.

Download the white paper Sophos Security Management Report July 2006

Cybercriminals continue to invent new ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. This update to our annual security threat management report looks at how the threat landscape has changed in the first six months of 2006 and what the likely trends are for the rest of the year.

Download the white paper Buying criteria for email security - what's right for you?

Faced with the growing volume and complexity of threats at the email gateway, organizations are looking for security solutions that offer better protection. The availability, expertise, and productivity of IT resources must be balanced against budgets, flexibility, and control. This paper helps IT administrators make an informed decision by comparing software solutions, appliances, and managed services, and looks briefly at the choices offered by Sophos.

Download the white paper Defending networks against rapidly evolving threats

The challenge for organizations today is to stay ahead of the increasingly interconnected threat from rapidly spreading viruses and spam campaigns, phishing scams, spyware, and other threats. The expertise and systems in SophosLabs™ give businesses the reliable protection they need across all threat types.

Download the white paper An introduction to client firewalls

Increased connectivity in and out of the office has radically changed the task of securing an organization's systems and data. Client firewalls - often referred to as "personal" firewalls - are now an essential part of corporate endpoint security. This white paper describes what a personal firewall is, why it is important, and how it differs from a gateway firewall.

Download the white paper Why Linux threats mean business

Linux is expanding rapidly beyond its traditional base of enthusiasts, finding rising popularity as a server platform for corporations. This paper highlights the threat to businesses caused by the interaction of unprotected Linux computers with Windows and other platforms. The paper also discusses the vulnerability of mixed IT environments to the range of increasingly complex threats.

Download the white paper Virus protection isn't just a Windows issue

There is a common and flawed belief that computers running on non-Windows platforms do not need anti-virus protection.This paper investigates the real threat to non-Windows computers, the risk of them concealing and distributing Windows viruses, and the implications of the growing popularity of non-Windows operating systems. The effect of compliance legislation on protection requirements is also highlighted.

Download the white paper Protecting small and growing businesses

Viruses have become sophisticated tools in the hands of cybercriminals. The effect of a virus attack on a small business, which does not have the resources to focus on network security, can be catastrophic. This paper describes the evolving threat, provides best practice security advice, and explains how Sophos small business solutions provide small businesses with reliable, integrated protection.

Download the white paper The growing scale of the threat problem

The growth in malware has continued unabated during the 20 years since Sophos entered the computer security industry. Take a look at the history of viruses and spam, how collaboration between virus writers and spammers is impacting enterprises, and how SophosLabs™ provides continuous protection against evolving threats.

Download the white paper Sophos Security Threat Management Report 2005

Discover the top ten malware threats of 2005, the latest trends in the world of malware, and how organized criminals are working more closely together to infect computers than ever before.

Download the white paper Phishing and the threat to corporate networks

This paper explains the online fraud known as phishing, examining how it threatens businesses and looking at the dramatic rise in the number of attacks over recent years. Phishing methods and tricks are described and ways of protecting computers and networks from phishing attacks are discussed.

Download the white paper Mind the gap: the integrated multi-tier solution to malicious content

The increasingly complex nature of today's fast-moving threats radically changes the criteria for defense and demands an integrated, multi-tier approach to threat management. Cross-threat expertise and technology in SophosLabs™ makes Sophos uniquely able to respond to this challenge.

Download the white paper Linux: virus risks and protection

This platform paper highlights the more prevalent Linux viruses and the specific Sophos products developed for the Linux environment.