Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

Transcription

1

2 Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2

3 Endpoint Security has reached a Tipping Point Attacks are from within the perimeter, delivered using software exploits Ransomware reaches $1.2B in damages Lack of Threat Intelligence after a Breach

4 Driving the Paradigm Shift to Next-Generation ADVANCED MALWARE LIMITED VISIBILITY ZERO DAY EXPLOITS

5 The Evolution of Sophos Endpoint Security From Anti-Malware to Anti-Exploit to Next-Generation Exposure Prevention Pre-Exec Analytics File Scanning Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Signatures Known Malware Malware Bits Signatureless Behavior Analytics Runtime Behavior Technique Identification TRADITIONAL MALWARE ADVANCED THREATS

6 ! MALICIOUS URLS UNAUTHORIZED APPS REMOVABLE MEDIA EXECUTABLE FILES MS FILES & PDF RANSOMWARE PREVENTION EXPLOIT PREVENTION ADVANCED CLEAN INCIDENT RESPONSE 90% OFDATABREACHES ARE FROM EXPLOITS KITS >90% OF EXPLOIT ATTEMPTS USE KNOWN VULNERABILITIES AND YET MORE THAN 60% OF IT STAFF LACK INCIDENT RESPONSE SKILLS BEFORE IT REACHES DEVICE PREVENT BEFORE IT RUNS ON DEVICE DETECT RESPOND NEXT GENERATION ENDPOINT

7

8 Introducing Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT Friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean

9 Optional Demo

10

11 ANTI-RANSOMWARE

12 CryptoGuard - Intercepting Ransomware Monitor file access Attack detected Rollback initiated Forensic visibility If suspicious file changes are detected, file copies are created Malicious process is stopped and we investigate the process history Original files restored Malicious files removed User message Admin alert Root cause analysis details available

13 ROOT CAUSE ANALYSIS

14 Root-Cause Analytics Understanding the Who, What, When, Where, Why and How What Happened? Root Cause Analysis Automatic the process / threat / registry level 90 Days of historical reporting Detailed Visual representation of what other assets have been touched What is at Risk? Compromised Assets Comprehensive list of business documents, executables, libraries and files Any adjacent device (i.e., mobile) or network resources which may be at risk Future Prevention Security Posture Recommendations based on historical security risks Provides steps to prevent future attacks Rich reporting of Compliance status

15 Sophos confidential 15

16 16

17 ANTI-EXPLOIT

18 Intercepting Exploits 10 s of new malware subtechniques every year?

19 Intercepting Exploits Exploit Prevention 10 s of new malware subtechniques every year Monitors processes for attempted use of exploit techniques e.g. Buffer overflow, code injection, stack pivot and others Blocks when technique is attempted Malware is prevented from leveraging vulnerabilities?

20 SOPHOS CENTRAL

21 A Single, Synchronized Security Platform Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Web Endpoint/Next-Gen Endpoint Mobile Server Encryption 21

22 Sophos Central: Admin Dashboard User-Centric Unified Powerful Simple Fast 22

23 DEPLOYMENT OPTIONS

24 Deployment Options SOPHOS INTERCEPT X Sophos Central Endpoint Advanced Antivirus and endpoint solutions from other vendors 24

25 TO SUM UP

26 Taking Your Endpoints To The Next-Generation ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY 26

27 Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT Friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean

28

29