Sophos Corporate Overview - Bunsieck & Partner GmbH · Sophos UTM. FullGuard & TotalProtect Network...

Sophos Überblick

Stefan JantzerSales Executive

09.03.2017

Über Sophos – Quick Facts

Sophos Snapshot

1985FOUNDEDOXFORD, UK

534.9IN BILLINGS(FY16)

2,700EMPLOYEES(APPX.)

200,000+CUSTOMERS

100M+USERS

HQABINGDON, UK

90+%BEST IN CLASSRENEWAL RATES

20,000+CHANNEL PARTNERS

OEM PARTNERS:

KEY DEVCENTERS

OFFICES

IT Security Trends und Herausforderungen

5

6

7

8

MegatrendsCloud, Mobile and IaaS driving CASB, EMM, and data protection

Top Security Trends

Paradox of EncryptionPervasive SSL inhibits network decryption, requiring collaboration with endpoints for content visibility

Public/Private Sector Encryption TensionsApple/FBI, GDPR mandates, #nobackdoors

Ransomware and CryptowareA $325M “business”, demands NGEP solutions

IoT Expands Attack SurfacesDevices need protections at the network level

Common-mode FailuresThe Internet is built on common components, vulnerabilities must be mitigated before patching can occur

Lack of Defender CoordinationAnalytics showing promise as it matures from novelty to utility

Cybersecurity Skills GapEnterprises increasingly cite a shortage of security professionals, driving the need for simplicity

C-level Spear Phishing (“Whaling”)Increasing attack professionalism requires better training and detection tools

Risk-Based Approach to SecurityEnterprises are learning to quantify risk, and are beginning to match controls to attack surface

9

THE 99%

Off the shelf

Exploit Kits

ExecutableMalware

Doc / ScriptMalware

DataLeakage

THR

EATS

0days

Long dwellCampaigns

InjectionAttacks

TargetedPhishing

BespokeMalware

SIEM

Threat Intel

CO

NTR

OLS Endpoint AV URL Filtering

Email SecurityWAF

Encryption

CASB

NextGen FirewallSandboxing

NextGenEP

DLP

User Behavior Analytics

Security Automation / Risk

Quantification

1%

Critical Infrastructure / Nation-State Attacks

Supply Chain Integrity Compromises

Insider movementPTH, Skeleton Key,

Golden Ticket

Deception Networks / DDW monitoring

COMPLEXITY

RISK BASED ROI

TIME

User Behavior Analytics

Security Automation / Risk

Quantification

1%

Critical Infrastructure / Nation-State Attacks

Supply Chain Integrity Compromises

Insider movementPTH, Skeleton Key,

Golden Ticket

Deception Networks / DDW monitoring

Off the shelf

Exploit Kits

ExecutableMalware

Doc / ScriptMalware

SIEM

DataLeakage

Threat Intel

THR

EATS

CO

NTR

OLS Endpoint AV

THE 99%

URL Filtering

Email SecurityWAF

Encryption

CASB

NextGen Firewall

0days

Long dwellCampaigns

InjectionAttacks

TargetedPhishing

BespokeMalware

SandboxingNextGen

EP

COMPLEXITY

RISK BASED ROI

CompleteSimple System

Expanding Attack Surface

Increasing Number of Potential Areas of Attack

Increasing Number of Mobile Devices… …and Size of Internet of Things Solutions Market…

($bn)

…With a Number of Operating Systems… …Driving Rapid Growth in Internet (IP) Usage

(‘000 exabytes per month)

Source: Gartner Source: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014

Source: Cisco

Phones and Ultramobiles(bn) 13-18 CAGR:

4.7% 13-20 CAGR: 13%

13-18 CAGR: 20.8%

IT Challenges

Aufrechterhaltung der Sicherheitund Compliance

Mangel an Leuten / Ressourcen um alles zu erledigen was gefordert wird

Mangelndes Budget

Anwendungen/OS patchenund updaten

Betreuung einer großenBandbreite an Geräten

Verwaltung von Benutzernüber vereilte Standorte

% of respondents who answered 1 or 2

Was sind die größten Herausforderungen auf die Ihre IT-Abteilung trifft?

Source: Spiceworks Community Survey

Das Zeitalter personalisierter Malware

75%

75% of the malicious files we detect are found only within a single organization.

Source: SophosLabs

300,000

SophosLabs receives and analyzes 300,000 previously

unseen files each day.

Sophos Portfolio

Sophos Synchronized Security Platform

Sophos Central

Cloud Intelligence

Sophos Labs

Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions

| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere

Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations

Endpoint/Next-Gen Endpoint

Mobile

Server

Encryption

UTM/Next-Gen Firewall

Wireless

Email

Web

In Cloud On Prem

16

Enduser SecurityÜberblick

Sophos Enduser Security Strategy

Secure the (Mobile) Device

Secure phones and tablets like any other endpoint

Signature-less Next-Gen Protection

Across Windows, Mac, Linux and Android

Next Gen EncryptionEncrypt Everything, All the

time, EverywhereHacker-Proof Encryption

Secure the Servers Protection optimized for

servers (physical, virtual and IaaS)

Innovate to Enhance and Expand Existing Business and Enter Exciting Adjacent Growth Opportunities

Highlights

Schrodinger

Application Reputation

Secure BYOD

Root Cause Analytics

Exploit Prevention

CryptoGuard

IaaS (AWS / Azure)

Synchronized security

18

TRADITIONAL MALWARE

AND SOPHOS LABS NEVER STOPS INNOVATING AND ASSESSING NEW TECHNIQUESMethods and techniques vary depending on device type and operating system (Windows, Mac, Linux/Unix variants, Android, iOS)

ADVANCED THREATS

How Sophos protects on the EndpointWhere the malware is intercepted

19

EXPLOIT DETECTION

2%

RUN-TIME BEHAVIOR ANALYTICS3% Behavior matching and

runtime analytics

SIGNATURES5% Signature match of malware or

malware components (1-1)

PRE-EXECUTION ANALYTICS AND HEURISTICS10% Generic matching using heuristics and

component level rules

EXPOSURE PREVENTION80% malicious URL blocking, malicious web script detection

download reputation

Exploit Prevention and Next-Gen Endpoint Protection

ANNUAL NEW MALWARE

SAMPLES100,000,000s

ANNUAL KNOWN EXPLOITS (CVE’S) 1,000s

CUMULATIVE KNOWN EXPLOIT TECHNIQUES 24

20

Next-Gen

Detect

Device ControlApp ControlWeb Control

Surface ExecuteFile Heuristics

Signatures

Traditional

Root Cause Analysis

Network IsolationKey Revoke/Restore

PostureInvestigate Clean

Signaturelesscleanup

AdvancedExploit Prevention

Malicious Traffic Detection

BehaviorExploit

QuarantineMalware Removal

Remediate

Crowd Sourced Reputation

Delivery

Prevent

Whitelist

Application Lockdown

BehaviorHIPS/Behavior

Monitoring

Collaborate

Synchronized Security

EmulationOn Device Emulation

Respond

ExposureWeb Protect

DLP

Cryptoguard

Behavior

Sophos Next-Gen Endpoint

21

80% 10% 5%

Exposure Prevention

URL BlockingWeb Scripts

Download Rep

Pre-Exec Analytics

Generic MatchingHeuristicsCore Rules

Signatures

Known MalwareMalware Bits

3% 2%

Run-Time

Behavior AnalyticsRuntime Behavior

Exploit Detection

Technique Identification

Traditional Malware Advanced Threats

Where Malware Gets Stopped }

This 5% is the SCARY stuff

Note: Each Model Standalone is 80-95% Effective

Sophos Intercept: A Completely New Approach

• Prevent Compromiseso Unlike file scanning, Sophos Intercept reduces the attack surface by blocking all

software entrances into your business that malware or hackers could exploit.

o The result is increased protection with reduced resource usage. Better prevention of zero-day and ransomware attacks.

• Automate Incident Responseo Proactive incident response tools which gather attack details and present them in a

straightforward way that doesn’t require a security expert to understand

Sophos Endpoint Intercept• Blocking entrances• Attack surface of 24 techniques• Look for bad behavior against 24

entrances

Traditional Security• Scanning code• Attack surface infinite• Look for code patterns against

every file

Next-gen Endpoint: Root Cause Analytics

25

Mobile Strategy: Manage, Secure + Protect DataAn Endpoint Is an Endpoint Is an Endpoint

26

Unified Endpoint Management

27

• Management across laptop, tablet, smartphoneo Security

o Communications

o Networking

o Reporting

Today’s Mobile Devices Are Full Computers

28

Content creation, consumptionCreating, processing, reading and sharing of data. From any location.

Email, calendar, contactsSending and receiving messages. Creating, reading, and accepting meetings. Contacting people via text or verbally.

Web surfing Using web based applications, research, storing data in the cloud.

Storing and sharing Data in the Cloud, hosted applications, collaboration tools

Network access Accessing business data, network services, applications

Mobile Security

29

Enduser Security Group

Analytics

Next-Gen Firewall

Wireless

Web

Email

Disk Encryption

UTM

File Encryption

Endpoint

Next-Gen Endpoint

Server

Cloud Intelligence

Centralized Policy Management

Mobile

• Whitelisting = default-deny

• Stops known and unknown threats

• Ensures only authorized applications can run

…without the complexity! One-click deployment Automatic trust rules (managed by Sophos) Simple licensing – Server Advanced

Server Lockdown

Two Types of Encryption: Both Are Needed

FULL DISK ENCRYPTION FILE ENCRYPTION

Protects against device theft or loss

Secures data stored in the cloud

Secures data even if exfiltrated

Secures sensitive email

Secures data even if system is hacked or compromised

Helps to protect against insider threats

Secures data stored on mobile devices and elsewhere32

Synchronized Encryption: A New Paradigm in Data Protection

User Integrity App Integrity System Integrity

Encrypt Everything, Everywhere, Automatically

Synchronized with Endpoint Protection

“By 2019, 25% of security spend will be driven by EU data protection regulation

and privacy concerns.”- IDC

33

Network Security Group (NSG)

UTM/Firewalls: Two Platforms with Competitive Advantage

Trusted platform getting stronger

New platform for an exciting future

SG UTM XG Firewall

• Combined platform with the best features of SG UTM 9 and Cyberoam

• Feature superset of Sophos SG UTM

• Simplified user experience

• Comprehensive central management solution on-prem and in the cloud

• Enhanced Synchronized Security

• Solid, stable platform customers and

partners know and love

• Sophos Sandstorm in v9.4

• WAF and VPN enhancements in v9.5

• Future-proofed and ready for SF-OS

whenever customers/partners choose

35

Network

Protection

• Intrusion Prevention (IPS)

• Client & Site-to-Site VPN

• Quality of Service (QoS)

• Advanced Threat Prot. (ATP)

Cloud Sandboxing

Zero-day evasive

threat protection

Sandstorm

Protection

• Wireless Controller for

Access Points

• Multi-Zone (SSID)

support

• Hotspot Support

Wireless

Protection

• Anti Spam & Phishing

• Dual Virus Protection

• DLP & Encryption

Mail

Protection

• Reverse Proxy

• Web Application Firewall

• Antivirus

Web Server

Protection

• URL Filtering Policies

• Web Threat Protection

• Application Control

Web

Protection

• Stateful Firewall

• Object based rules

• User self-service portal

Essential

Firewall

Sophos UTM

FullGuard & TotalProtect

NetworkFirewall

Web Protection

Web ServerProtection

NetworkProtection

WirelessProtection

EmailProtection

SandstormProtection

EndpointProtection

Sophos UTM Modular LicensingFullGuard Plus & TotalProtect Plus

XG Firewall – The next-thing in next-gen

Sophos Firewall OS (SF-OS)New Firewall Operating System

and Software Platform

Proven AppliancesIdentical to SG Series exceptcome preloaded with SF-OS

Migration ToolsEnabling an easy migration from

UTM 9 to SF-OS

Sophos Firewall Manager (SFM)New on-premise Centralized Management

Sophos Cloud Firewall Manager (CFM)Centralized Firewall Management in the Cloud

(for partners only initially)

Sophos iView ReportingUpdated on-premise Centralized Reporting

Security HeartbeatSupport for Security Heartbeatwith Sophos Cloud Endpoints

Heartbeat

Difficult to identify andprioritize issues

Interactive dashboard instant data and drilldown

Complexity of policy creation and management

Policy templates, easy to understand

Sophos XG Firewall: Simply solving common problems

All-new Control Center

• Surfaces important

information

• System status

• Traffic

• Security heartbeat

• Advanced threats

• UTQ

• VPNs

• Risky users, apps,

websites

• Policy activity

•Quick access to additional

information and tools

Unified Policy Management

•Don’t need to navigate multiple

modules, or tabs to find polices

• All policies on one screen

• Users & Networking

• Business Applications

• Sort and Filter Tools

• Business App Policy Templates



Linking network and endpoint security to deliver unparalleled protection by

accelerating and automatingthreat discovery, analysis, and response.

“No other company is close to delivering this type of synchronized and integrated communication between endpoint and

network security products.”

Chris Christiansen, VP of Security Products, IDC

Cloud Intelligence

Sophos Labs



Sophos Central


In Cloud On Prem

Synchronized Security Platform and Strategy


Mobile

Server

Encryption


Wireless

Email

Web

Sophos Central

Cloud Intelligence

Sophos Labs




Mobile

Server

Encryption

Wireless

Email

Web

In Cloud On Prem

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall


Heartbeat

Sophos Central

Cloud Intelligence



Mobile

Server

Encryption

Wireless

Email

Web

In Cloud On Prem

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall


Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere

Unknown App ID

Cloud Intelligence





Wireless

Email

Web



Mobile

Server

Encryption

Sophos CentralIn Cloud On Prem

Synchronized Encryption

Encryption

Cloud Intelligence



Sophos Central


Email

Web

In Cloud On Prem



Wireless


Mobile

Server

Lateral Movement Protection

Mobile

Server

Wireless

Encryption

Cloud Intelligence




Web



Email



Synchronized Phishing Protection

Server

Wireless

Encryption






Email



Mobile

Web

Cloud Intelligence

Continuous Authentication

Synchronized SecurityFirewall can independently assess health of endpoint

1. Firewall sees traffic and hears Security Heartbeat

2. Heartbeat Disappears but Firewall still sees traffic

Missing Heartbeat Detection

Suspect Endpoint XG Firewall

Identifying compromised endpoints and Isolating

Firewall can independently assess

health of endpoint

3. Firewall changes Endpoint Health to DO NOT TRUST and applies RED health security policy

How do Hackers Covertly spread?

Using Lateral Movement

Lateral Movement Detection and Prevention

Lateral movement detection• Brute force – password crack • Spray attack – multiple logins• Disable security – Firewall spots missing heartbeat

Lateral movement prevention

It’s Time to Synchronize Security

Analytics

Next-Gen Firewall

Wireless

Web

Email

Disk Encryption

UTM

File Encryption

Endpoint

Next-Gen Endpoint

Mobile

Server

Cloud Intelligence

Centralized Policy Management

56

Date post:	06-Oct-2019
Category:	Documents
Upload:	others
View:	6 times
Download:	0 times

Sophos Corporate Overview - Bunsieck & Partner GmbH · Sophos UTM. FullGuard & TotalProtect Network...

Documents