Sophos waters down claims it was protecting the NHS from attacks
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
May 15, 2017
We noticed today that Sophos has updated its website to in fact water down a few claims that it was protecting the NHS from cyber-attacks following Friday's catastrophic WannaCrypt web security outbreak.
Some anonymous posters commented that the "NHS is totally protected with Sophos". They added that "Sophos understands the security needs of the NHS after the weekend scrub-up".
Internet security observers, including former staffer Graham Cluley, noticed the recent change in attitude.
Sophos didn't publish a definition update until 18:25 London time Friday, hours after a huge security attack that forced several hospitals to postpone scheduled treatments and appointments in scores of NHS Trusts.
If enabled, the Sophos Live Protection functionality could detect the WannaCrypt ransomware earlier than that, and that's troubling.
To be sure, signature updates aren't the only layer of internet security in modern anti-malware software but this only raises further questions about why Sophos's technology didn't pick up an attack based on a known exploit patched by Microsoft in March 2017.
Sophos has been talking a lot about building better anti-ransomware defences over recent weeks, most particularly following its Invincea acquisition back in February.
In April, the company launched its anti-ransomware CryptoGuard technology, a paid add-on to its Sophos server protection products.
We asked Sophos to comment on what seemingly went wrong with its security defences but we've yet to hear back.
Sophos says that customers using Sophos Intercept X or Exploit Prevention (EXP) "were protected proactively against Friday's ransomware behavior from the very first instance".
It added: "Sophos Endpoint Protection already detected some variants of the WannaCry ransomware. We added further detection at 15.58 UTC on Friday May 12 for various samples in the new attack that we missed.
"This was a complex set of executables and various exploits which took some time to analyze. We also thoroughly tested all identity and rule updates before releasing them to our customers. The 17.25 UTC time in the KBA on our website is the time by which all our customers should have been updated. We are in the process of updating this wording in the KBA to be clearer," the company asserted.
Source: Sophos Internet Security.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.