White Papers

Sophos White Papers

Sophos experts and leading industry analysts have published a series of white papers addressing and discussing anti-virus and anti-spam issues as well as other related topics. Find out more about the problem of viruses, Trojans, spyware, spam and worms in the white papers published below.

question mark  24/7 Sophos Support

Online  -  Support Knowledgebase
Telephone  -  888.767.4679
Email  -  supportus@sophos.com

Sophos gold partner

Sophos security threat report 2010

New computing platforms also emerged last year, and shortly thereafter fell victim to cybercriminal activities. What was lost was once again found in 2009, as old hacking techniques re-emerged as means to penetrate data protection. By understanding the problems that have arisen in the past, perhaps internet users can craft themselves a better, safer future.

arrow  Download the .pdf

Return to top

Sophos security threat report 2009

Predicting the future in such a rapidly evolving environment is near impossible. One only needs to count the rate at which new malware appears today compared to five years ago to see how quickly the threat has become more serious. Read our security threat report to read about the malware trends we predict will be at the forefront in 2009.

arrow  Download the .pdf

Return to top

Sophos security threat report 2008

The report examines the threat landscape over the previous twelve months, and predicts emerging cybercrime trends for 2008. In 2007, organised criminal gangs extended their efforts beyond Windows, looking to Mac and other operating systems for new targets. Attacks using wireless connectivity and mobile devices and accusations of state-sponsored cybercrime have also increased. Find out more about the past year's events and Sophos's predictions for the next 12 months.

arrow  Download the .pdf

Return to top

Who's Got the NAC? - Best Practices in Protecting Network Access

For many would-be network access control (NAC) adopters, what NAC is or is supposed to be is unclear. However, the companies who are successfully protecting their network aren't confused - they also have more demanding views as to what they think a NAC solution should provide. This report aims to further the market's understanding of NAC - its function and capabilities - as seen through the eyes of those organizations that are getting the best results in protecting their network access.

arrow  Download the .pdf

Return to top

Liberating the inbox: How to make email safe and productive again

With spam levels breaking records every day, the quintessential business tool - email - has simultaneously become a major liability. With inboxes overrun with more and more unwanted email that threatens business productivity, regulatory compliance, and network security, organizations are having to look at what is being mailed in, out and around their network, at the gateway, at the mail server and at the endpoint. This paper focuses on the threat posed by unwanted emails that make it through to the inbox, explains the impact these threats have on organizations, and demonstrates what needs to be done in response to make email safe and productive.

arrow  Download the .pdf

Return to top

Sophos security threat report: Update July 2007

This security threat report update descibes the ongoing changes in the threat landscape and the challenges they present to organizations. Includes discussion of web threats, email and spam, endpoint security and Windows and non-Windows threats, as well as reviewing specific recent threats and related legal action.

arrow  Download the .pdf

Return to top

Managed appliances: security solutions that do more

Traditional appliances that promise to meet the challenge of letting the IT administrator do more with constrained resources and less time have turned out to be at best only partial solutions. This paper highlights how truly managed appliances free up time while providing improved security, visibility and peace of mind. It explains how they enable efficient security management by reducing daily administration, enhancing the user experience, and offering proactive support.

arrow  Download the .pdf

Return to top

NAC: Managing unauthorized computers

Unauthorized endpoint computers pose significant security risks to organizations. Where underlying network-based enforcement is available, network access control (NAC) solutions provide detection and implementation of security policies to minimize these risks. However, in some environments the network cannot provide this enforcement.This paper looks at how a complete NAC solution can protect the network from unauthorized access from unknown computers or people with malicious intent.

arrow  Download the .pdf

Return to top

NAC: Bridging the network security gap

Enterprises must take a robust policy-driven approach to enforcing security compliance in order to protect against network vulnerabilities and meet regulatory requirements. This paper examines technology and initiatives designed to capitalize on existing investments and prevent any gaps in security.

arrow  Download the .pdf

Return to top

Spyware: Securing gateway and endpoint against data theft

The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation loss and exposure to potential litigation. This paper examines how spyware infiltrates and affects organizations and describes how to protect against it.

arrow  Download the .pdf

Return to top

Security and control: The smarter approach to malware and compliance

The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior.

arrow  Download the .pdf

Return to top

Unauthorized applications: Taking back control

Employees installing and using unauthorized applications like Instant Messaging, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. This paper looks at why it is important to control such applications, discusses the various approaches, and highlights how integrating this functionality into malware protection is the simplest and most cost-effective solution.

arrow  Download the .pdf

Return to top

Sophos security threat report 2007

Cybercriminals continue to invent increasingly cunning ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. Our latest security threat report describes the latest threats, highlights their growing complexity and looks at what the likely trends are for 2007.

arrow  Download the .pdf

Return to top

Windows Vista: Is it secure enough for business?

Five years after the release of Windows XP, Microsoft's primary stated goal with Windows Vista has been to reduce security vulnerabilities and overall susceptibility to malware and other threats. This paper assesses how far the new features measure up to Microsoft's aspirations for its new desktop operating system and provides an insight into the level of protection they provide to business users.

arrow  Download the .pdf

Return to top

Maximizing security and performance for web browsing: the challenge for business

Spyware, viruses, and other unwanted or unauthorized applications easily infiltrate enterprise networks via web browsing. This paper defines the requirements for effective, manageable security that protects organizations from infection and legal risk, while also meeting end user demands for performance and accessibility.

arrow  Download the .pdf

Return to top

Stopping zombies, botnets and other email- and web-borne threats

Hijacked computers, or zombies, hide inside networks where they send spam, steal company secrets, and enable other serious crimes. This paper discusses how the threat has evolved, explains how zombie networks, or botnets, are created and highlights how even organizations with reliable gateway and endpoint protection are vulnerable to these email- and web-borne threats.

arrow  Download the .pdf

Return to top

Cutting the cost and complexity of managing endpoint security

Managing the desktops, laptops and servers at the endpoints of corporate networks is an increasingly complex, time-consuming and expensive task. This paper examines the issues of managing security across the network, discusses the key criteria involved in choosing a solution, and describes Sophos Endpoint Security.

arrow  Download the .pdf

Return to top

Sophos Security Management Report July 2006

Cybercriminals continue to invent new ways to exploit human and computer vulnerabilities to steal and extort money from computer users and companies. This update to our annual security threat management report looks at how the threat landscape has changed in the first six months of 2006 and what the likely trends are for the rest of the year.

arrow  Download the .pdf

Return to top

Buying criteria for email security - what's right for you?

Faced with the growing volume and complexity of threats at the email gateway, organizations are looking for security solutions that offer better protection. The availability, expertise, and productivity of IT resources must be balanced against budgets, flexibility, and control. This paper helps IT administrators make an informed decision by comparing software solutions, appliances, and managed services, and looks briefly at the choices offered by Sophos.

arrow  Download the .pdf

Return to top

Defending networks against rapidly evolving threats

The challenge for organizations today is to stay ahead of the increasingly interconnected threat from rapidly spreading viruses and spam campaigns, phishing scams, spyware, and other threats. The expertise and systems in SophosLabs™ give businesses the reliable protection they need across all threat types.

arrow  Download the .pdf

Return to top

An introduction to client firewalls

Increased connectivity in and out of the office has radically changed the task of securing an organization's systems and data. Client firewalls - often referred to as "personal" firewalls - are now an essential part of corporate endpoint security. This white paper describes what a personal firewall is, why it is important, and how it differs from a gateway firewall.

arrow  Download the .pdf

Return to top

Why Linux threats mean business

Linux is expanding rapidly beyond its traditional base of enthusiasts, finding rising popularity as a server platform for corporations. This paper highlights the threat to businesses caused by the interaction of unprotected Linux computers with Windows and other platforms. The paper also discusses the vulnerability of mixed IT environments to the range of increasingly complex threats.

arrow  Download the .pdf

Return to top

Virus protection isn't just a Windows issue

There is a common and flawed belief that computers running on non-Windows platforms do not need anti-virus protection.This paper investigates the real threat to non-Windows computers, the risk of them concealing and distributing Windows viruses, and the implications of the growing popularity of non-Windows operating systems. The effect of compliance legislation on protection requirements is also highlighted.

arrow  Download the .pdf

Return to top

Protecting small and growing businesses

Viruses have become sophisticated tools in the hands of cybercriminals. The effect of a virus attack on a small business, which does not have the resources to focus on network security, can be catastrophic. This paper describes the evolving threat, provides best practice security advice, and explains how Sophos small business solutions provide small businesses with reliable, integrated protection.

arrow  Download the .pdf

Return to top

The growing scale of the threat problem

The growth in malware has continued unabated during the 20 years since Sophos entered the computer security industry. Take a look at the history of viruses and spam, how collaboration between virus writers and spammers is impacting enterprises, and how SophosLabs™ provides continuous protection against evolving threats.

arrow  Download the .pdf

Return to top

Sophos Security Threat Management Report 2005

Discover the top ten malware threats of 2005, the latest trends in the world of malware, and how organized criminals are working more closely together to infect computers than ever before.

arrow  Download the .pdf

Return to top

Phishing and the threat to corporate networks

This paper explains the online fraud known as phishing, examining how it threatens businesses and looking at the dramatic rise in the number of attacks over recent years. Phishing methods and tricks are described and ways of protecting computers and networks from phishing attacks are discussed.

arrow  Download the .pdf

Return to top

Mind the gap: the integrated multi-tier solution to malicious content

The increasingly complex nature of today's fast-moving threats radically changes the criteria for defense and demands an integrated, multi-tier approach to threat management. Cross-threat expertise and technology in SophosLabs™ makes Sophos uniquely able to respond to this challenge.

arrow  Download the .pdf

Return to top

Linux: virus risks and protection

This platform paper highlights the more prevalent Linux viruses and the specific Sophos products developed for the Linux environment.

arrow  Download the .pdf

Return to top