Synchronized Security: Outsmart Hackers by Coordinating Your Defenses Seth Geftic Endpoint Security Group November 2 nd, 2017
What could you do in two hours? What could an attacker do in two hours?
Attacks Are Increasingly Unique Attack complexity Expanding attack surface Uncoordinated defenses 46% Organizations believe they have a problematic shortage of cybersecurity skills ESG Group Lack of resources 3
What if we could simplify security and unify our defences?
Benefits of an Integrated System Simplify IT management Increase visibility across environment Reduce risk of threats spreading Respond faster to potential security incidents Maximize IT team by leveraging automation Achieve better ROI from security investments
then something happened which unleashed the power of our imagination. We learned to talk. Pink Floyd, Keep Talking Introducing Synchronized Security
Proven Technology in Key Areas Gartner Magic Quadrant UNIFIED THREAT MANAGEMENT Gartner Magic Quadrant ENDPOINT PROTECTION The Forrester Wave TM ENDPOINT ENCRYPTION Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August, 2016 Magic Quadrant for Endpoint Protection Platforms, Eric Ouellet, Ian McShane, Avivah Litan 30 January, 2017 The Forrester Wave: Endpoint Encryption, Chris Sherman, 16 Jan 2015
Sophos Synchronized Security Real-time intelligence sharing between your endpoints and firewall No other company is close to delivering this type of communication between endpoint and network security products. Chris Christianson, Vice President of Security Programs, IDC
Synchronized Security Benefits Unparalleled Protection Best-of-breed products packed with next-gen technology actively work together to detect and prevent advanced attacks like ransomware and botnets. Automated Incident Response Security information is shared and acted on automatically across the system, isolating infected endpoints before the threat can spread and slashing incident response time by 99.9%. Real-time Insight and Control See - and control - what's happening in real-time for simpler, better IT security management. 9
Sophos Security Heartbeat Next-Gen Firewall Wireless Security Heartbeat Next-Gen Endpoint Mobile Web Server Email Sophos Central Encryption 10
Synchronized Security In Action
Automated Incident Response Before Synchronized Security Minimum 2 hours to identify user, process, machine and wider impact Often days, weeks After Synchronized Security Automatic isolation of endpoints at threat identification < 8 seconds Results of testing by Analyst ESG
Sharing Information. Automating Response.! Endpoint communicates to Sophos Central Network access Firewall isolates returned endpoint Endpoint automatically cleans up malware Endpoint detects and blocks malware Endpoint communicates to Sophos Central Encryption Encryption keys keysrevoked restored Heartbeat changes status changes back to GREEN to RED A%b_ My @hhj* Secret (+ Data
It only took 2 minutes to find out that everything was under control. Sophos XG Firewall detected the threat and Security Heartbeat allowed the infected host to be immediately identified, isolated and cleaned up. Instead of going into fire drill mode, we were able relax and finish our lunch. DJ Anderson, CTO, IronCloud 14
Attacker s Predicament Leaves Sophos Security alone Disable Sophos Security Disable Heartbeat Sophos sees everything they do, Intercept X blocks attack Red health sent through Heartbeat, Firewall isolates endpoint FW detects missing Heartbeat, Firewall isolates endpoint 15
Lateral Movement Detection and Prevention XG Firewall Security Heartbeat Endpoints Internet Servers Credential Theft Attempt Detected By Intercept X
Lateral Movement Detection and Prevention Internet XG Firewall Security Heartbeat Endpoints Servers Detection and Isolation
Lateral Movement Detection and Prevention Internet XG Firewall Security Heartbeat Endpoints Servers Detection and Isolation Endpoint Stonewalling
Lateral Movement Detection and Prevention Security Heartbeat Internet XG Firewall Security Heartbeat Endpoints Servers Detection and Isolation Wireless Heartbeat
Real-time Insight and Control Infrastructure visibility Machine, Process, User Threat chain visibility Security Heartbeat Active Threat ID Root Cause Analysis 20
Sophos Synchronized App Control A breakthrough in network visibility and control What Firewalls See Today What XG Firewall Sees 21
An Elegant Solution Synchronized App Control 1 2 Unknown Application XG Firewall sees app traffic that does not match a signature Endpoint Shares App Info Sophos Endpoint passes app name, path and even category to XG Firewall for classification XG Firewall Internet Security Heartbeat Synchronized App Control Sophos Endpoints 3 Application is Classified & Controlled Automatically categorize and control where possible or admin can manually set category or policy to apply. Sophos is the only vendor to offer this level of app visibility & control
Synchronized Security In Action 99% Reduction in incident response time ~2,500 Organizations w/ Security Heartbeat 423 Avg. users per customer ~42K Encrypted devices w/ Security Heartbeat Firewall Web Wireless Email Sophos Central Server Encryption Mobile Endpoint ~5K Firewalls w/ Security Heartbeat 2 Avg. firewalls per customer ~40K Servers w/ Security Heartbeat 22 Avg. servers per customer 450K+ Endpoints w/ Security Heartbeat 188 Avg. endpoints per customer As of March 2017
Customer Quotes The time we save is equivalent to at least one part-time person that s huge. Gus Garcia, Sr. Project Manager, Diocese of Brooklyn Synchronized Security was able to respond in real-time to the ever-more aggressive threats. Igor Bovio, IT Manager, Mirato Synchronized Security allows us to identify the cause and origin of threats and blocks the spread of these threats within the network. Oscar Macchi, CTO, MedicAir We like Synchronized Security because it prevents a single infection from spreading to the rest of the network. Robert Glinski, IT Security, North Sydney Council Synchronized Security has prevented hundreds of exploits from infecting the systems. Derrick Morse, Pine Cove Synchronized Security is the reason I bought Sophos and went with XG Firewalls. CNS Healthcare
The Future of Synchronized Security
Sophos Security Heartbeat Now Coming Soon Next-Gen Firewall Wireless Security Heartbeat Next-Gen Endpoint Mobile Web Server Email Sophos Central Encryption 26