Agenda Why we need a new approach to endpoint security Introducing Sophos Intercept X Demonstration / Feature Walk Through Deployment Options Q & A 2
Endpoint Security has reached a Tipping Point Attacks are from within the perimeter, delivered using software exploits Ransomware reaches $1.2B in damages Lack of Threat Intelligence after a Breach
Driving the Paradigm Shift to Next-Generation ADVANCED MALWARE LIMITED VISIBILITY ZERO DAY EXPLOITS
The Evolution of Sophos Endpoint Security From Anti-Malware to Anti-Exploit to Next-Generation Exposure Prevention Pre-Exec Analytics File Scanning Run-Time Exploit Detection URL Blocking Web Scripts Download Rep Generic Matching Heuristics Core Rules Signatures Known Malware Malware Bits Signatureless Behavior Analytics Runtime Behavior Technique Identification TRADITIONAL MALWARE ADVANCED THREATS
! MALICIOUS URLS UNAUTHORIZED APPS REMOVABLE MEDIA EXECUTABLE FILES MS FILES & PDF RANSOMWARE PREVENTION EXPLOIT PREVENTION ADVANCED CLEAN INCIDENT RESPONSE 90% OFDATABREACHES ARE FROM EXPLOITS KITS >90% OF EXPLOIT ATTEMPTS USE KNOWN VULNERABILITIES AND YET MORE THAN 60% OF IT STAFF LACK INCIDENT RESPONSE SKILLS BEFORE IT REACHES DEVICE PREVENT BEFORE IT RUNS ON DEVICE DETECT RESPOND NEXT GENERATION ENDPOINT
Introducing Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT Friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean
Optional Demo
ANTI-RANSOMWARE
CryptoGuard - Intercepting Ransomware Monitor file access Attack detected Rollback initiated Forensic visibility If suspicious file changes are detected, file copies are created Malicious process is stopped and we investigate the process history Original files restored Malicious files removed User message Admin alert Root cause analysis details available
ROOT CAUSE ANALYSIS
Root-Cause Analytics Understanding the Who, What, When, Where, Why and How What Happened? Root Cause Analysis Automatic report @ the process / threat / registry level 90 Days of historical reporting Detailed Visual representation of what other assets have been touched What is at Risk? Compromised Assets Comprehensive list of business documents, executables, libraries and files Any adjacent device (i.e., mobile) or network resources which may be at risk Future Prevention Security Posture Recommendations based on historical security risks Provides steps to prevent future attacks Rich reporting of Compliance status
Sophos confidential 15
16
ANTI-EXPLOIT
Intercepting Exploits 10 s of new malware subtechniques every year?
Intercepting Exploits Exploit Prevention 10 s of new malware subtechniques every year Monitors processes for attempted use of exploit techniques e.g. Buffer overflow, code injection, stack pivot and others Blocks when technique is attempted Malware is prevented from leveraging vulnerabilities?
SOPHOS CENTRAL
A Single, Synchronized Security Platform Sophos Central In Cloud On Prem UTM/Next-Gen Firewall Wireless Email Web Endpoint/Next-Gen Endpoint Mobile Server Encryption 21
Sophos Central: Admin Dashboard User-Centric Unified Powerful Simple Fast 22
DEPLOYMENT OPTIONS
Deployment Options SOPHOS INTERCEPT X Sophos Central Endpoint Advanced Antivirus and endpoint solutions from other vendors 24
TO SUM UP
Taking Your Endpoints To The Next-Generation ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY 26
Sophos Intercept X Anti-Ransomware Anti-Exploit Root-Cause Analysis Detect Next-Gen Threats Stops Malicious Encryption Behavior Based Conviction Automatically Reverts Affected Files Identifies source of Attack Prevent Exploit Techniques Signatureless Exploit Prevention Protects Patient-Zero / Zero-Day Blocks Memory-Resident Attacks Tiny Footprint & Low False Positives Automated Incident Response IT Friendly Incident Response Process Threat Chain Visualization Prescriptive Remediation Guidance Advanced Malware Clean ADVANCED MALWARE ZERO DAY EXPLOITS LIMITED VISIBILITY Prevent Ransomware Attacks Roll-Back Changes Attack Chain Analysis No User/Performance Impact No File Scanning No Signatures Faster Incident Response Root-Cause Visualization Forensic Strength Clean