Sophos XG Firewall IP Partners ICT Systems & Services www.ippartners.gr
XG Firewall Overview
Today s top firewall problems What IT managers say about their existing firewall Firewall Satisfaction Survey (Spiceworks 2017) Top Concerns My Firewall makes it difficult to find information does not isolate infected systems makes it difficult to configure is missing features doesn't alert me to threats Visibility Protection Complexity doesn't identify risky users or apps
Sophos XG Firewall Unrivalled Security, Simplicity, and Insight Complete Protection Synchronized security Simpler to Manage Instant Insights Firewall & Wireless Web, Apps, APT Email and WAF Security Heartbeat Identify & Isolate APTs Dynamic app ID Streamlined workflows Unified policies Policy templates Control center User & App Risk On-box reporting 4
XG Firewall Unrivalled Security, Simplicity, and Insight 1. Complete Protection More-in-one protection than any other firewall Advanced Threat Protection from the latest botnets and APTs Next-generation Network, IPS, wireless, web, and app control Optional email anti-spam, DLP, encryption and full-featured WAF 2. Synchronized Security Automated threat protection and response Industry-first synchronizing IT security products to share telemetry Security Heartbeat can automatically respond and isolate compromised systems Unknown App Identification enables the firewall to identify unknown traffic 3. Simpler to Manage XG Firewall makes managing advanced protection simple Unified policy and rule management brings everything together in one place Enterprise-grade web policy is powerful, flexible and easy Business application templates simplify setup & guide best-practices 4. Instant Insights Unprecedented insights into user and network activity Control center surfaces critical information using traffic-light style indicators User and application risk indicators identify issues before they become problems Extensive on-box reporting included at no-extra charge provides even deeper insights 5
XG Firewall Ecosystem Sophos Firewall OS (SF-OS) New Firewall Operating System and Software Platform (available on Azure) XG Series Appliances Identical to SG Series except come preloaded with SF-OS Synchronized Security Integration with Sophos Endpoints for enhanced protection & response Migration Tools Enabling an easy migration from UTM 9 to SF-OS Sophos Firewall Manager (SFM) Full-featured on-premise Centralized Management Sophos Central Firewall Manager (CFM) Centralized Firewall Management in the Cloud (for partners only initially coming to Central soon!) Sophos iview Reporting Updated on-premise Centralized Reporting
XG Firewall s Unique Innovations 7
What makes XG Firewall Unique Innovative features you just can t get anywhere else Synchronized Security Links Endpoints and Firewall to share telemetry and status Enables features like Security Heartbeat & Real-time App ID Unified Firewall Rules and Policies All firewall rules on one screen with snap-in user-based policies Policy templates simplify protecting business applications Enterprise-grade Secure Web Gateway Powerful top-down inheritance based web policy model Easy and intuitive to build sophisticated user and group based policies User and Application Risk Assessment Automatically identifies high risk users and applications on the network Identifies potential issues before they become real problems No-compromise Deployment and Central Management The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure) Comprehensive centralized management and reporting made simple 8
Synchronized Security Admin UTM/Next-Gen Firewall Security Heartbeat Endpoint/Next-Gen Endpoint RED Heartbeat Firewall detects traffic from Endpoint! 9
Unified Firewall Rules and Policies Making management easier All firewall rules in one place User, Network, Business Applications Powerful filtering options By rule type, zone, status or ID At a glance indicators Type, source, destination, users, service, traffic status, heartbeat, QoS, and natural language description 10
Policy Templates Custom tailored templates enable easy & proper protection for common business apps 11
Enterprise-grade Secure Web Gateway Powerful tools for building sophisticated user and group based web policies Top-down inheritance policy model Makes building sophisticated policies easy and intuitive. The same kind of SWG usually found only in dedicated enterprise products. Pre-defined policy templates Out-of-the-box policies for included for workplace, CIPA compliance, and more Powerful customization Custom define users/groups, activities (URLs, categories, file types), allowed action, and time-of-day and day-of-week constraints 12
User Risk Assessment Automatically identifying top risk users on the network Automatically identifying top risk users on the network before they become a problem 13
App Risk Assessment Automatically identifying top application risks and overall app risk Risk: Low A few high risk applications and users are operating on the network continue to monitor the situation carefully Risk: High Take action and setup an application control policy before data loss, abuse, or illegal activity become a real problem 14
Deployment flexibility without compromise Flexible deployment options optimized for today s business XG Series Hardware Full range of hardware appliances with wireless AP and RED add-ons Multi-core processors, solid-state storage, generous RAM Industry-leading performance at all price points Miercom tested Virtual/Software Vmware, Hyper-V, Citrix XEN, KVM Flexibility regarding resource assignment and high availability Compatible with all x86 hardware IaaS Available in Microsoft Azure Marketplace Up and running in minutes with preconfigured VM Pay-as-you-go or BYOL 15
XG Firewall How XG does user policy better 16
Layer-8 User Identity and Awareness made simple Covers all areas of the Firewall. Consolidated. Easy to Manage IPS QoS Web Apps Routing 17
Powerful user/group policy enforcement made simple Simply snap-in your sophisticated user and group based polices to a single firewall rule Define your user/group web enforcement policy Snap-it-in to your desired firewall rule 18
Sophos Transparent Authentication Suite (STAS) Making user identity transparent and reliable. Single-Sign-On (SSO) made easy XG Firewall Authentication Information Microsoft Active Directory Server STAS Collector & Agent No client required on devices for SSO! 19
What s New XG Firewall v16 & v16.5 20
Per-rule and Policy-based routing Enhanced Anti-Spam STAS GUI configuration Log Viewer Enhancements New Navigation New AP 15C and RED 15w support Synchronized Security App Identification Firewall-to-firewall RED tunnels Streamlined Firewall Rule Screen Support for 3rd party URL databases Two-Factor Authentication Google Apps Control 120! Over New Features SPX Email Encryption reply portal Email Per-Domain Routing and MTA Microsoft Azure Support Enhanced Control Center New User/Group Web Policy Support for 3rd party URL databases Enhanced Security Heartbeat Creative Commons SafeSearch Image Enforcement Missing Security Heartbeat Detection Clone firewall and other rules HA support for dynamic WAN interfaces Firewall domain name 21
XG Firewall v16 Continuing to build on the story Simplified User Experience Creating a more intuitive experience across all areas of the product from navigation to policy to logging & more New Protection Features Over 120 new features improving protection and flexibility across all areas of the firewall Added Synchronized Security Adding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility
Simplified User Experience New in XG Firewall v16: Easier Navigation Enhanced Control Center Widgets Streamlined Policy Setup Improved Logging and Troubleshooting Tools 23
Complete Protection New in XG Firewall v16: New Enterprise-Grade Secure Web Gateway Two-factor Authentication Email Enhancements (Routing, Policy Tools, MTA) Microsoft Azure Support 24
Synchronized Security New in XG Firewall v16 UTM/Next-Gen Firewall Missing Heartbeat Detection Identifying & isolating compromised endpoints Endpoint/Next-Gen Endpoint Destination Heartbeat Block access to compromised servers and endpoints Cloud Intelligence Unknown App Identification Insights and control over unknown app traffic 25
Synchronized Security Admin UTM/Next-Gen Firewall Unknown App Identification Endpoint/Next-Gen Endpoint GREEN Heartbeat Firewall detects unknown traffic from Endpoint Firewall requests context from endpoint Application information is exchanged 26
The adoption of cloud infrastructure and services is accelerating IaaS spending to grow 38.4% in 2016 Cloud is the fastest growing business at Microsoft (Azure, Office 365, CRM) All driven by immense benefits in pay-for-whatyou-use, convenience, flexibility, reliability and scalability
XG Firewall on Azure Consistent Experience Same easy user experience Familiar and consistent Primary Use-cases NGFW, WAF, IPS, SWG, VPN Easy deployment and simple licensing Deploy virtual machine in minutes from the Microsoft Azure Marketplace BYOL or Pay-as-you-go (hourly) licensing 28
XG Firewall Advanced Threat Protection 29
$ Evasion Techniques Delivery Methods Crippling Impact Financially Motivated Obfuscation Polymorphism Delayed Activity MS Office Files with Macros and PDF Documents via email and web IoT devices being Hacked Potential loss of all data with encryption Devastating DDoS attacks Ransoming access to your data or devices for significant sums of money
How advanced threats work Cyber Criminal 1. Infiltrate Hack systems remotely Email Attachments Compromised websites USB devices 2. Call Home Register Success Get Instructions or Encryption Key C & C Servers Your Network Target 4. Steal Data Upload sensitive or valuable data 5. Bot Attack Scan DDoS DNS Amplification Bruteforce Spam 3. Ransom Encrypt data and ransom access 31
Need Defense in Depth Complete Protection Gartner, Sophos and other experts agree Need Network Traffic Analysis o o o App, Web and Email Protection Advanced Threat Protection Malicious traffic detection and call-home Need Payload Analysis o Sandboxing Need Endpoint Behavior Analysis o Next-Gen Endpoint with Anti-exploit Need To Know Where to Look o Synchronized Security dramatically increases visibility Need Forensics o Root-cause analysis 32
Advanced Threat Protection in XG Firewall A full suite of technologies to protect against the latest zero-day threats Advanced Threat Protection Security Heartbeat Cloud Sand- Boxing Enterprise Web & Mail Protection Fullfeatured WAF Utilizing a multi-layer approach of DNS, IPS & URL filtering Providing immediate insight and automatic response to threats Identifying the latest zero-day threats like bots and ransomware With sophisticated policy tools and protection engines Able to provide reverse-proxy, auth offloading and server hardening
Sophos Sandstorm One of our fastest growing products Now Available on XG Firewall
Sophos Sandstorm Cloud-sandboxing available now Sophos Sandstorm Determine Behavior Hash? Suspect Control Report 35
Intercept X and XG Firewall provide a powerful defense To block advanced threats like ransomware and botnets! and together Intercept X and XG Firewall can automatically respond to threats for you saving you time and preventing further incidents 36
Sophos Sandstorm Visibility
Sophos Sandstorm Detailed Historical Reporting 38
Synchronized Security Admin UTM/Next-Gen Firewall Security Heartbeat Endpoint/Next-Gen Endpoint RED Heartbeat Firewall detects traffic from Endpoint! 39
Synchronized Security Admin UTM/Next-Gen Firewall Missing Heartbeat Endpoint/Next-Gen Endpoint MISSING Heartbeat Firewall detects traffic from Endpoint? 40
Synchronized Security Admin UTM/Next-Gen Firewall Destination Heartbeat Endpoint/Next-Gen Endpoint RED Heartbeat Connections to/from the compromised system are blocked! GREEN Heartbeat Endpoint attempts to connect to compromised system 41
How XG Firewall and Intercept X can protect Cyber Criminal 1. Infiltrate Hack systems remotely Email Attachments Compromised websites USB devices 2. Call Home Register Success Get Instructions or Encryption Key C & C Servers Your Network Target 4. Steal Data Upload sensitive or valuable data 5. Bot Attack Scan DDoS DNS Amplification Bruteforce Spam XG Firewall Protects devices and servers from being hacked & infiltrated Blocks compromised websites Catches spam and phishing Sandboxes suspicious files (to catch bots and ransomware) 3. Ransom Encrypt data and ransom access Intercept X Detects and stops ransomware & exploits XG Firewall Detects bots and ransomware attempting to call home Automatically responds and isolates infected systems Prevents data exfiltration Prevents bots and threats moving laterally across network segments 42
Central Management made Simple 43
Central Management: Sophos Firewall Manager Full-featured centralized management for multiple firewalls Multiple monitoring views Instant visibility into network status Flexible grouping and organization Policy templates make deploying new firewalls fast and simple Push, pull, replicate policies Ensures consistent protection Configure individual devices Consistent UI/workflow with on-box Deployment options 3 hardware models Virtual/Software
Central Reporting: Sophos iview Reporting Consolidated centralized reporting Consolidated reporting across devices Support for SF-OS, UTM9, CyberoamOS Flexible grouping and organization Compliance reporting HIPPA, PCI-DSS, GLBA, SOX, Backup and long-term data storage Deployment options Virtual/Software
Why Customers Choose Sophos for their next firewall 46
Why customers are choosing Sophos for their next firewall 1. Complete protection We provide more-in-one appliance than any other vendor with synchronized security that automates response to incidents. 2. Simpler to manage We make enterprise-grade protection easier to manage than any other firewall product, saving time and ensuring proper protection. 3. Instant insights We surface just what s important with unique insights into user and app risk as well as rich on-box reporting at no extra charge 4. Top Performance Our firewall delivers industry leading performance at every price point. 5. Trusted industry leader Sophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years. 47
The XG Firewall Advantage Sophos XG Firewall CheckPoint NGFW WatchGuard Firebox Fortinet FortiGate FastPath Packet Optimization Dual AV Engines SonicWALL NSA Intrusion Prevention System Cisco Meraki Next-Gen Firewall and ATP Synchronized Security UTM & Deployment Application Control (partial) Web Protection and Control + User and App Risk Assessment & Visibility (partial) HTTPS Filtering Advanced Threat Protection Sandboxing Identify Compromised Host, User, & Process Compromised System Isolation Unknown Application Identification Full-Featured Web Application Firewall +1Box +1Box Email AV, AS, Encryption & DLP +1Box +1Box +1Box +1Box +1Box Full Historical Reporting +1Box +1Box +1Box +1Box Plug-and-Play Remote Office Security (RED) Flexible Deployment (HW, SW, VM, IaaS) No SW/IaaS No SW No SW/IaaS HW only
A Leader in Unified Threat Management Gartner Magic Quadrant UNIFIED THREAT MANAGEMENT Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant and has retained this position for 5 consecutive publications Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year Gartner s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016 This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. All statements in this report attributable to Gartner represent Sophos interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice. 49
Only Vendor Positioned as Leader in Endpoint Protection and UTM Gartner Magic Quadrant ENDPOINT PROTECTION Gartner Magic Quadrant UNIFIED THREAT MANAGEMENT Source: Gartner (February 2016) Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Eric Ouellet, 1 February 2016 Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016 These graphics are published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner documents are available upon request from Sophos. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. All statements in this report attributable to Gartner represent Sophos interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.
XG Firewall How to buy Deployment, Licensing and Optional Add-ons Deployment Choices Base License Options XG Series Appliances Software/ Virtual Firewall & VPN Wireless TotalProtect Plus EnterpriseProtect (NGFW) Sophos Firewall Manager & iview RED Devices Network Protection Web & App Protection IaaS Wireless APs Email Protection Sandstorm Protection Web Server Protection 51