Synchronized Security Revolutionizing Advanced Threat Protection Per Söderqvist Sales Engineer Nordics and Baltics 1
A Proven Market Leader Endpoint Encryption Leader UTM Unified Threat Management EPP Endpoint Protection Client Sec/ Endpoint Wave Leader SWG Secure Web Gateway MDP Mobile Data Protection Endpoint Encryption Champion SEG Secure Email Gateway EMM Enterprise Mobility Management Endpoint Anti- Malware Champion ENF Enterprise Network Firewall Next Generation Firewall Champion 2
350 000 Malware discovered every day for Windows 25 000 Malware discovered every day for Mac 2000 Malware discovered every day for Android 30 000 Number websites found every day that spreads Malware *Source: Sophos Labs 3
Where We Are Going What We Believe Security must be comprehensive The capabilities required to fully satisfy customer need ~ Project Galileo ~ Technology Integration that Enables Context-Aware Security Next Gen Network Security Security can be made simple Platform, deployment, licensing, user experience Cloud Managed Security is more effective as a system New possibilities through technology cooperation Next Gen Endpoint Next Gen Endpoint Every Endpoint is an Endpoint Advanced Threat Protection in EP Encryption Everywhere Project Galileo Network Security v10: user-based policy, web + app control Off-box reporting New network security MSP offering Heartbeat monitoring (Galileo) Server Lockdown Whitelisting File Reputation Application Reputation Project Galileo Sophos Cloud Encryption Server Freemium Project Galileo 4
Sophos Endpoint Protection 5
Endpoint in Cloud Updates, Upgrades and Reporting Sophos Cloud Sophos Cloud Management Update Caching Intranet Alternate Cache Server 6
Sophos Cloud Web Gateway SSL HTTP Proxy Raw TCP Proxy IPSec VPN Email ActiveSync, IMAP, SMTP 7
Cloud E-Mail Aquisition of Reflexion Will become Sophos Cloud E-Mail Security in the next months Only available through partners Email Encryption: Pre-defined Subject Matter Lexicons Completely Transparent to End- Users Ad hoc encryption and custom rules Email Continuity: 60-day Rolling Archive Send/Receive Email During Local Outage Recover Message(s) to Inbox Email Archiving: Compliance Archive ediscovery to Respond to Legal Requests Disaster Recovery/Email Continuity Email Security: AntiSpam and Anti Virus Automatic Spooling for 10-days Outbound Email Protection 8
Security 1. On-access scanning - Signatures 2. Web protection With Reputation Filtering 3. Live protection 4. HIPS Behavior analyst. 5. MTD - Malicious Traffic Detection 9
SophosLabs URL database Malware Identities Whitelist File look-up Genotypes Reputation HIPS rules MTD rules Apps SPAM Data Control Anon. proxies Patches/ Vulnerabilities Peripheral Types Malicious traffic detected App terminated Admin alerted i Compromise User System File 10
Sophos NGFW 11
Leading Threat Protection RED for Distributed Networks Secure Wi-Fi & Access Points Web Protection Technologies Next Gen Endpoint Unified Management Project Compromise Detection Copernicus and Response Heartbeat Layer 8 User Identity Policies Leading Application Control Accelerated Packet Filtering iview Logging & Reporting Next Gen Network Layer 8 User- Centric Policy Model Cloud console manageme nt /reporting Deep Application control, coverage and visibility Intelligent scanning to accelerate performanc e Runs on SG Series Hardware Unrivalled User Experience Architecture Platform Modular Open Source Flexible migration with tools Hardware, Virtual and Cloud Deployment 12
UI design that improves the daily workflow More friendly, inviting, and useful Fresh New User Experience A fresh ground-up design approach to user interface, navigation, and data presentation that s engaging and useful 13
User-centric firewall policy model Flexible user-centric approach from licensing to deployment 14
Sophos RED 15
Sophos RED Securely connect remote locations Completely configuration free Same protection for all offices Fully encrypted traffic Basically it s like having a really long ethernet cable Layer 2 tunnel like a leased line, but without the hassle 16
How RED works RED Provisioning Service: red.sophos.com 3. Deploy RED device 1. Configure RED device Remote Office Central Office Internet 7. Establish Layer 2 Tunnel RED 4. Receive local IP (DHCP) Internet Router UTM 17
Red operation modes Standard/Unified Standard/Split Transparent/Split 18
RED models RED15 RED50 5x 1 Gbit/s RJ45 Network Connectivity 5 x 1 Gbit/s RJ45 Failover configuration 2 nd UTM Hostname Failover configuration RJ45 Console Serial Console RJ45 Console 150 Mbit/s Throughput 360 Mbit/s 19
Security 1. IPS Intrusion Prevention system 2. Web protection Combined with Live Protection 3. ATP Advanced Threat protection 4. Email protection 5. Selective Sandboxing 20
Next Generation Threat Detection Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine SOPHOS SYSTEM PROTECTOR Security Heartbeat heartbeat Security Heartbeat SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection Compromise User System File Isolate subnet and WAN access Block/remove malware Identify & clean other infected systems 21
Sophos Encryption 22
Forrester Wave 2015 23
Combining Threat & Data Protection Validate process trust when data/files are accessed Trusted = plain text data Untrusted = encrypted data Anti-virus evaluates running processes for trust Known virus/malware? Good reputation? Etc. Sophos Anti-virus Sophos Encryption 24
SophosLabs i Compromise User System File Sophos Cloud Admin alerted. Threat blocked, and can identify other compromised machines and block file Application Control Application Tracking Application Reputation Web Filtering Device Control DEVICE & FILE ENCRYPTION CONTEXT ENGINE INDICATOR OF COMPROMISE COLLECTOR INDICATOR OF NETWORK COMPROMISE DATA COMPROMISE DETECTION ANALYTICS Threat Engine Live Protection Emulator Runtime Protection APT Detection URL database Malware Identities Whitelist File look-up Genotypes Reputation HIPS rules APT rules Apps SPAM Data Control Annon. proxies Patches/ Vulnerabilities Peripheral Types 25
Partner Dashboard 26
27
28
SFM Multi-device monitor 29
STAC Sophos Threat Analytics Center 30