Sophos Überblick Stefan Jantzer Sales Executive 09.03.2017
Über Sophos Quick Facts
Sophos Snapshot 1985 FOUNDED OXFORD, UK 534.9 IN BILLINGS (FY16) 2,700 EMPLOYEES (APPX.) HQ ABINGDON, UK 200,000+ CUSTOMERS 100M+ USERS 90+% BEST IN CLASS RENEWAL RATES 20,000+ CHANNEL PARTNERS OEM PARTNERS: KEY DEV CENTERS OFFICES
IT Security Trends und Herausforderungen
5
6
7
8
Top Security Trends Megatrends Cloud, Mobile and IaaS driving CASB, EMM, and data protection Public/Private Sector Encryption Tensions Apple/FBI, GDPR mandates, #nobackdoors IoT Expands Attack Surfaces Devices need protections at the network level Lack of Defender Coordination Analytics showing promise as it matures from novelty to utility C-level Spear Phishing ( Whaling ) Increasing attack professionalism requires better training and detection tools Paradox of Encryption Pervasive SSL inhibits network decryption, requiring collaboration with endpoints for content visibility Ransomware and Cryptoware A $325M business, demands NGEP solutions Common-mode Failures The Internet is built on common components, vulnerabilities must be mitigated before patching can occur Cybersecurity Skills Gap Enterprises increasingly cite a shortage of security professionals, driving the need for simplicity Risk-Based Approach to Security Enterprises are learning to quantify risk, and are beginning to match controls to attack surface 9
THREATS CONTROLS RISK BASED ROI Endpoint AV URL Filtering Security Automation / Risk Quantification User Behavior Analytics Deception Networks / DDW monitoring Email Security NextGen Firewall DLP Encryption CASB WAF Sandboxing NextGen EP Threat Intel SIEM THE 99% 1% Off the shelf Exploit Kits COMPLEXITY Executable Malware Doc / Script Malware Data Leakage Injection Attacks Targeted Phishing Bespoke Malware 0days Long dwell Campaigns Insider movement PTH, Skeleton Key, Golden Ticket Critical Infrastructure / Nation-State Attacks Supply Chain Integrity Compromises
RISK BASED ROI Endpoint AV URL Filtering Security Automation / Risk Quantification User Behavior Analytics Deception Networks / DDW monitoring Email Security NextGen Firewall Simple Encryption WAF Sandboxing CASB NextGen EP THE 99% Complete System Threat Intel SIEM 1% THREATS CONTROLS Off the shelf Exploit Kits COMPLEXITY Executable Malware Doc / Script Malware Data Leakage TIME Injection Attacks Targeted Phishing Bespoke Malware 0days Long dwell Campaigns Insider movement PTH, Skeleton Key, Golden Ticket Critical Infrastructure / Nation-State Attacks Supply Chain Integrity Compromises
Expanding Attack Surface Increasing Number of Mobile Devices and Size of Internet of Things Solutions Market Phones and Ultramobiles (bn) ($bn) 13-18 CAGR: 4.7% 13-20 CAGR: 13% Source: Gartner Source: IDC, Worldwide and Regional Internet of Things 2014 2020 Forecast Update by Technology Split, #252330, Nov 2014 With a Number of Operating Systems Driving Rapid Growth in Internet (IP) Usage ( 000 exabytes per month) 13-18 CAGR: 20.8% Source: Cisco Increasing Number of Potential Areas of Attack
IT Challenges Was sind die größten Herausforderungen auf die Ihre IT-Abteilung trifft? Aufrechterhaltung der Sicherheit und Compliance Mangel an Leuten / Ressourcen um alles zu erledigen was gefordert wird Mangelndes Budget Anwendungen/OS patchen und updaten Betreuung einer großen Bandbreite an Geräten Verwaltung von Benutzern über vereilte Standorte % of respondents who answered 1 or 2 Source: Spiceworks Community Survey
Das Zeitalter personalisierter Malware 300,000 75% SophosLabs receives and analyzes 300,000 previously unseen files each day. 75% of the malicious files we detect are found only within a single organization. Source: SophosLabs
Sophos Portfolio
Sophos Synchronized Security Platform Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere 16
Enduser Security Überblick
Sophos Enduser Security Strategy Innovate to Enhance and Expand Existing Business and Enter Exciting Adjacent Growth Opportunities Signature-less Next-Gen Protection Across Windows, Mac, Linux and Android Secure the (Mobile) Device Secure phones and tablets like any other endpoint Secure the Servers Protection optimized for servers (physical, virtual and IaaS) Next Gen Encryption Encrypt Everything, All the time, Everywhere Hacker-Proof Encryption Highlights Schrodinger Exploit Prevention Secure BYOD IaaS (AWS / Azure) CryptoGuard Root Cause Analytics Application Reputation Synchronized security 18
How Sophos protects on the Endpoint Where the malware is intercepted EXPOSURE PREVENTION 80% malicious URL blocking, malicious web script detection download reputation PRE-EXECUTION ANALYTICS AND HEURISTICS 10% Generic matching using heuristics and component level rules TRADITIONAL MALWARE SIGNATURES 5% Signature match of malware or malware components (1-1) AND SOPHOS LABS NEVER STOPS INNOVATING AND ASSESSING NEW TECHNIQUES Methods and techniques vary depending on device type and operating system (Windows, Mac, Linux/Unix variants, Android, ios) RUN-TIME BEHAVIOR ANALYTICS 3% Behavior matching and runtime analytics EXPLOIT DETECTION 2% ADVANCED THREATS 19
Exploit Prevention and Next-Gen Endpoint Protection ANNUAL NEW MALWARE SAMPLES 100,000,000s ANNUAL KNOWN EXPLOITS (CVE S) 1,000s CUMULATIVE KNOWN EXPLOIT TECHNIQUES 24 20
Sophos Next-Gen Endpoint Next-Gen Advanced Exploit Prevention Exploit Cryptoguard Behavior Application Lockdown Whitelist Crowd Sourced Reputation Delivery Malicious Traffic Detection Behavior Synchronized Security Collaborate Root Cause Analysis Investigate Signatureless cleanup Clean Network Isolation Key Revoke/Restore Posture Prevent Detect Respond Surface Device Control App Control Web Control Exposure Web Protect DLP Emulation On Device Emulation Behavior HIPS/Behavior Monitoring Execute File Heuristics Signatures Remediate Quarantine Malware Removal Traditional 21
This 5% is the SCARY stuff }Where Malware Gets Stopped 80% 10% 5% 3% 2% Exposure Prevention Pre-Exec Analytics Signatures Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Known Malware Malware Bits Behavior Analytics Runtime Behavior Technique Identification Traditional Malware Advanced Threats Note: Each Model Standalone is 80-95% Effective
Sophos Intercept: A Completely New Approach Prevent Compromises o Unlike file scanning, Sophos Intercept reduces the attack surface by blocking all software entrances into your business that malware or hackers could exploit. Traditional Security Scanning code Attack surface infinite Look for code patterns against every file Sophos Endpoint Intercept Blocking entrances Attack surface of 24 techniques Look for bad behavior against 24 entrances o The result is increased protection with reduced resource usage. Better prevention of zero-day and ransomware attacks. Automate Incident Response o Proactive incident response tools which gather attack details and present them in a straightforward way that doesn t require a security expert to understand
Next-gen Endpoint: Root Cause Analytics 25
Mobile Strategy: Manage, Secure + Protect Data An Endpoint Is an Endpoint Is an Endpoint 26
Unified Endpoint Management Management across laptop, tablet, smartphone o Security o Communications o Networking o Reporting 27
Today s Mobile Devices Are Full Computers Content creation, consumption Creating, processing, reading and sharing of data. From any location. Storing and sharing Data in the Cloud, hosted applications, collaboration tools Network access Accessing business data, network services, applications Web surfing Using web based applications, research, storing data in the cloud. Email, calendar, contacts Sending and receiving messages. Creating, reading, and accepting meetings. Contacting people via text or verbally. 28
Mobile Security 29
Enduser Security Group Next-Gen Firewall UTM Cloud Intelligence Centralized Policy Management Endpoint Wireless Analytics Next-Gen Endpoint Web Mobile Email File Encryption Disk Encryption Server
Server Lockdown Whitelisting = default-deny Stops known and unknown threats Ensures only authorized applications can run without the complexity! One-click deployment Automatic trust rules (managed by Sophos) Simple licensing Server Advanced
Two Types of Encryption: Both Are Needed FULL DISK ENCRYPTION FILE ENCRYPTION Protects against device theft or loss Secures data even if system is hacked or compromised Secures data even if exfiltrated Helps to protect against insider threats Secures sensitive email Secures data stored in the cloud Secures data stored on mobile devices and elsewhere 32
Synchronized Encryption: A New Paradigm in Data Protection Encrypt Everything, Everywhere, Automatically Synchronized with Endpoint Protection By 2019, 25% of security spend will be driven by EU data protection regulation and privacy concerns. - IDC User Integrity App Integrity System Integrity 33
Network Security Group (NSG)
UTM/Firewalls: Two Platforms with Competitive Advantage SG UTM Trusted platform getting stronger XG Firewall New platform for an exciting future Solid, stable platform customers and partners know and love Sophos Sandstorm in v9.4 WAF and VPN enhancements in v9.5 Future-proofed and ready for SF-OS whenever customers/partners choose Combined platform with the best features of SG UTM 9 and Cyberoam Feature superset of Sophos SG UTM Simplified user experience Comprehensive central management solution on-prem and in the cloud Enhanced Synchronized Security 35
Sophos UTM Network Protection Wireless Protection Wireless Controller for Access Points Multi-Zone (SSID) support Hotspot Support Intrusion Prevention (IPS) Client & Site-to-Site VPN Quality of Service (QoS) Advanced Threat Prot. (ATP) Essential Firewall Stateful Firewall Object based rules User self-service portal Web Protection URL Filtering Policies Web Threat Protection Application Control Web Server Protection Reverse Proxy Web Application Firewall Antivirus Sandstorm Protection Cloud Sandboxing Zero-day evasive threat protection Mail Protection Anti Spam & Phishing Dual Virus Protection DLP & Encryption
Sophos UTM Modular Licensing FullGuard Plus & TotalProtect Plus Network Firewall Web Protection Web Server Protection Sandstorm Protection Endpoint Protection Network Protection Wireless Protection Email Protection FullGuard & TotalProtect
XG Firewall The next-thing in next-gen Heartbeat Sophos Firewall OS (SF-OS) New Firewall Operating System and Software Platform Proven Appliances Identical to SG Series except come preloaded with SF-OS Security Heartbeat Support for Security Heartbeat with Sophos Cloud Endpoints Migration Tools Enabling an easy migration from UTM 9 to SF-OS Sophos Firewall Manager (SFM) New on-premise Centralized Management Sophos Cloud Firewall Manager (CFM) Centralized Firewall Management in the Cloud (for partners only initially) Sophos iview Reporting Updated on-premise Centralized Reporting
Sophos XG Firewall: Simply solving common problems Difficult to identify and prioritize issues Complexity of policy creation and management Interactive dashboard instant data and drilldown Policy templates, easy to understand
All-new Control Center Surfaces important information System status Traffic Security heartbeat Advanced threats UTQ VPNs Risky users, apps, websites Policy activity Quick access to additional information and tools
Unified Policy Management Don t need to navigate multiple modules, or tabs to find polices All policies on one screen Users & Networking Business Applications Sort and Filter Tools Business App Policy Templates
Synchronized Security
Synchronized Security Linking network and endpoint security to deliver unparalleled protection by accelerating and automating threat discovery, analysis, and response.
No other company is close to delivering this type of synchronized and integrated communication between endpoint and network security products. Chris Christiansen, VP of Security Products, IDC
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Heartbeat Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Unknown App ID Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Synchronized Encryption Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Lateral Movement Protection Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Synchronized Phishing Protection Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Platform and Strategy Admin Manage All Sophos Products Self Service User Customizable Alerts Partner Management of Customer Installations Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Continuous Authentication Endpoint/Next-Gen Endpoint Mobile Server Encryption Cloud Intelligence Analytics Analyze data across all of Sophos products to create simple, actionable insights and automatic resolutions Sophos Labs 24x7x365, multi-continent operation URL Database Malware Identities File Look-up Genotypes Reputation Behavioural Rules APT Rules Apps Anti-Spam Data Control SophosID Patches Vulnerabilities Sandboxing API Everywhere
Synchronized Security Firewall can independently assess health of endpoint Missing Heartbeat Detection Identifying compromised endpoints and Isolating Suspect Endpoint XG Firewall 1. Firewall sees traffic and hears Security Heartbeat Firewall can independently assess health of endpoint 2. Heartbeat Disappears but Firewall still sees traffic 3. Firewall changes Endpoint Health to DO NOT TRUST and applies RED health security policy
How do Hackers Covertly spread? Using Lateral Movement
Lateral Movement Detection and Prevention Lateral movement prevention Lateral movement detection Brute force password crack Spray attack multiple logins Disable security Firewall spots missing heartbeat
It s Time to Synchronize Security Next-Gen Firewall UTM Cloud Intelligence Centralized Policy Management Endpoint Wireless Analytics Next-Gen Endpoint Web Mobile Email File Encryption Disk Encryption Server
56