Sophos Überblick
Stefan JantzerSales Executive
09.03.2017
Über Sophos – Quick Facts
Sophos Snapshot
1985FOUNDEDOXFORD, UK
534.9IN BILLINGS(FY16)
2,700EMPLOYEES(APPX.)
200,000+CUSTOMERS
100M+USERS
HQABINGDON, UK
90+%BEST IN CLASSRENEWAL RATES
20,000+CHANNEL PARTNERS
OEM PARTNERS:
KEY DEVCENTERS
OFFICES
IT Security Trends und Herausforderungen
5
6
7
8
MegatrendsCloud, Mobile and IaaS driving CASB, EMM, and data protection
Top Security Trends
Paradox of EncryptionPervasive SSL inhibits network decryption, requiring collaboration with endpoints for content visibility
Public/Private Sector Encryption TensionsApple/FBI, GDPR mandates, #nobackdoors
Ransomware and CryptowareA $325M “business”, demands NGEP solutions
IoT Expands Attack SurfacesDevices need protections at the network level
Common-mode FailuresThe Internet is built on common components, vulnerabilities must be mitigated before patching can occur
Lack of Defender CoordinationAnalytics showing promise as it matures from novelty to utility
Cybersecurity Skills GapEnterprises increasingly cite a shortage of security professionals, driving the need for simplicity
C-level Spear Phishing (“Whaling”)Increasing attack professionalism requires better training and detection tools
Risk-Based Approach to SecurityEnterprises are learning to quantify risk, and are beginning to match controls to attack surface
9
THE 99%
Off the shelf
Exploit Kits
ExecutableMalware
Doc / ScriptMalware
DataLeakage
THR
EATS
0days
Long dwellCampaigns
InjectionAttacks
TargetedPhishing
BespokeMalware
SIEM
Threat Intel
CO
NTR
OLS Endpoint AV URL Filtering
Email SecurityWAF
Encryption
CASB
NextGen FirewallSandboxing
NextGenEP
DLP
User Behavior Analytics
Security Automation / Risk
Quantification
1%
Critical Infrastructure / Nation-State Attacks
Supply Chain Integrity Compromises
Insider movementPTH, Skeleton Key,
Golden Ticket
Deception Networks / DDW monitoring
COMPLEXITY
RISK BASED ROI
TIME
User Behavior Analytics
Security Automation / Risk
Quantification
1%
Critical Infrastructure / Nation-State Attacks
Supply Chain Integrity Compromises
Insider movementPTH, Skeleton Key,
Golden Ticket
Deception Networks / DDW monitoring
Off the shelf
Exploit Kits
ExecutableMalware
Doc / ScriptMalware
SIEM
DataLeakage
Threat Intel
THR
EATS
CO
NTR
OLS Endpoint AV
THE 99%
URL Filtering
Email SecurityWAF
Encryption
CASB
NextGen Firewall
0days
Long dwellCampaigns
InjectionAttacks
TargetedPhishing
BespokeMalware
SandboxingNextGen
EP
COMPLEXITY
RISK BASED ROI
CompleteSimple System
Expanding Attack Surface
Increasing Number of Potential Areas of Attack
Increasing Number of Mobile Devices… …and Size of Internet of Things Solutions Market…
($bn)
…With a Number of Operating Systems… …Driving Rapid Growth in Internet (IP) Usage
(‘000 exabytes per month)
Source: Gartner Source: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014
Source: Cisco
Phones and Ultramobiles(bn) 13-18 CAGR:
4.7% 13-20 CAGR: 13%
13-18 CAGR: 20.8%
IT Challenges
Aufrechterhaltung der Sicherheitund Compliance
Mangel an Leuten / Ressourcen um alles zu erledigen was gefordert wird
Mangelndes Budget
Anwendungen/OS patchenund updaten
Betreuung einer großenBandbreite an Geräten
Verwaltung von Benutzernüber vereilte Standorte
% of respondents who answered 1 or 2
Was sind die größten Herausforderungen auf die Ihre IT-Abteilung trifft?
Source: Spiceworks Community Survey
Das Zeitalter personalisierter Malware
75%
75% of the malicious files we detect are found only within a single organization.
Source: SophosLabs
300,000
SophosLabs receives and analyzes 300,000 previously
unseen files each day.
Sophos Portfolio
Sophos Synchronized Security Platform
Sophos Central
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Endpoint/Next-Gen Endpoint
Mobile
Server
Encryption
UTM/Next-Gen Firewall
Wireless
Web
In Cloud On Prem
16
Enduser SecurityÜberblick
Sophos Enduser Security Strategy
Secure the (Mobile) Device
Secure phones and tablets like any other endpoint
Signature-less Next-Gen Protection
Across Windows, Mac, Linux and Android
Next Gen EncryptionEncrypt Everything, All the
time, EverywhereHacker-Proof Encryption
Secure the Servers Protection optimized for
servers (physical, virtual and IaaS)
Innovate to Enhance and Expand Existing Business and Enter Exciting Adjacent Growth Opportunities
Highlights
Schrodinger
Application Reputation
Secure BYOD
Root Cause Analytics
Exploit Prevention
CryptoGuard
IaaS (AWS / Azure)
Synchronized security
18
TRADITIONAL MALWARE
AND SOPHOS LABS NEVER STOPS INNOVATING AND ASSESSING NEW TECHNIQUESMethods and techniques vary depending on device type and operating system (Windows, Mac, Linux/Unix variants, Android, iOS)
ADVANCED THREATS
How Sophos protects on the EndpointWhere the malware is intercepted
19
EXPLOIT DETECTION
2%
RUN-TIME BEHAVIOR ANALYTICS3% Behavior matching and
runtime analytics
SIGNATURES5% Signature match of malware or
malware components (1-1)
PRE-EXECUTION ANALYTICS AND HEURISTICS10% Generic matching using heuristics and
component level rules
EXPOSURE PREVENTION80% malicious URL blocking, malicious web script detection
download reputation
Exploit Prevention and Next-Gen Endpoint Protection
ANNUAL NEW MALWARE
SAMPLES100,000,000s
ANNUAL KNOWN EXPLOITS (CVE’S) 1,000s
CUMULATIVE KNOWN EXPLOIT TECHNIQUES 24
20
Next-Gen
Detect
Device ControlApp ControlWeb Control
Surface ExecuteFile Heuristics
Signatures
Traditional
Root Cause Analysis
Network IsolationKey Revoke/Restore
PostureInvestigate Clean
Signaturelesscleanup
AdvancedExploit Prevention
Malicious Traffic Detection
BehaviorExploit
QuarantineMalware Removal
Remediate
Crowd Sourced Reputation
Delivery
Prevent
Whitelist
Application Lockdown
BehaviorHIPS/Behavior
Monitoring
Collaborate
Synchronized Security
EmulationOn Device Emulation
Respond
ExposureWeb Protect
DLP
Cryptoguard
Behavior
Sophos Next-Gen Endpoint
21
80% 10% 5%
Exposure Prevention
URL BlockingWeb Scripts
Download Rep
Pre-Exec Analytics
Generic MatchingHeuristicsCore Rules
Signatures
Known MalwareMalware Bits
3% 2%
Run-Time
Behavior AnalyticsRuntime Behavior
Exploit Detection
Technique Identification
Traditional Malware Advanced Threats
Where Malware Gets Stopped }
This 5% is the SCARY stuff
Note: Each Model Standalone is 80-95% Effective
Sophos Intercept: A Completely New Approach
• Prevent Compromiseso Unlike file scanning, Sophos Intercept reduces the attack surface by blocking all
software entrances into your business that malware or hackers could exploit.
o The result is increased protection with reduced resource usage. Better prevention of zero-day and ransomware attacks.
• Automate Incident Responseo Proactive incident response tools which gather attack details and present them in a
straightforward way that doesn’t require a security expert to understand
Sophos Endpoint Intercept• Blocking entrances• Attack surface of 24 techniques• Look for bad behavior against 24
entrances
Traditional Security• Scanning code• Attack surface infinite• Look for code patterns against
every file
Next-gen Endpoint: Root Cause Analytics
25
Mobile Strategy: Manage, Secure + Protect DataAn Endpoint Is an Endpoint Is an Endpoint
26
Unified Endpoint Management
27
• Management across laptop, tablet, smartphoneo Security
o Communications
o Networking
o Reporting
Today’s Mobile Devices Are Full Computers
28
Content creation, consumptionCreating, processing, reading and sharing of data. From any location.
Email, calendar, contactsSending and receiving messages. Creating, reading, and accepting meetings. Contacting people via text or verbally.
Web surfing Using web based applications, research, storing data in the cloud.
Storing and sharing Data in the Cloud, hosted applications, collaboration tools
Network access Accessing business data, network services, applications
Mobile Security
29
Enduser Security Group
Analytics
Next-Gen Firewall
Wireless
Web
Disk Encryption
UTM
File Encryption
Endpoint
Next-Gen Endpoint
Server
Cloud Intelligence
Centralized Policy Management
Mobile
• Whitelisting = default-deny
• Stops known and unknown threats
• Ensures only authorized applications can run
…without the complexity! One-click deployment Automatic trust rules (managed by Sophos) Simple licensing – Server Advanced
Server Lockdown
Two Types of Encryption: Both Are Needed
FULL DISK ENCRYPTION FILE ENCRYPTION
Protects against device theft or loss
Secures data stored in the cloud
Secures data even if exfiltrated
Secures sensitive email
Secures data even if system is hacked or compromised
Helps to protect against insider threats
Secures data stored on mobile devices and elsewhere32
Synchronized Encryption: A New Paradigm in Data Protection
User Integrity App Integrity System Integrity
Encrypt Everything, Everywhere, Automatically
Synchronized with Endpoint Protection
“By 2019, 25% of security spend will be driven by EU data protection regulation
and privacy concerns.”- IDC
33
Network Security Group (NSG)
UTM/Firewalls: Two Platforms with Competitive Advantage
Trusted platform getting stronger
New platform for an exciting future
SG UTM XG Firewall
• Combined platform with the best features of SG UTM 9 and Cyberoam
• Feature superset of Sophos SG UTM
• Simplified user experience
• Comprehensive central management solution on-prem and in the cloud
• Enhanced Synchronized Security
• Solid, stable platform customers and
partners know and love
• Sophos Sandstorm in v9.4
• WAF and VPN enhancements in v9.5
• Future-proofed and ready for SF-OS
whenever customers/partners choose
35
Network
Protection
• Intrusion Prevention (IPS)
• Client & Site-to-Site VPN
• Quality of Service (QoS)
• Advanced Threat Prot. (ATP)
Cloud Sandboxing
Zero-day evasive
threat protection
Sandstorm
Protection
• Wireless Controller for
Access Points
• Multi-Zone (SSID)
support
• Hotspot Support
Wireless
Protection
• Anti Spam & Phishing
• Dual Virus Protection
• DLP & Encryption
Protection
• Reverse Proxy
• Web Application Firewall
• Antivirus
Web Server
Protection
• URL Filtering Policies
• Web Threat Protection
• Application Control
Web
Protection
• Stateful Firewall
• Object based rules
• User self-service portal
Essential
Firewall
Sophos UTM
FullGuard & TotalProtect
NetworkFirewall
Web Protection
Web ServerProtection
NetworkProtection
WirelessProtection
EmailProtection
SandstormProtection
EndpointProtection
Sophos UTM Modular LicensingFullGuard Plus & TotalProtect Plus
XG Firewall – The next-thing in next-gen
Sophos Firewall OS (SF-OS)New Firewall Operating System
and Software Platform
Proven AppliancesIdentical to SG Series exceptcome preloaded with SF-OS
Migration ToolsEnabling an easy migration from
UTM 9 to SF-OS
Sophos Firewall Manager (SFM)New on-premise Centralized Management
Sophos Cloud Firewall Manager (CFM)Centralized Firewall Management in the Cloud
(for partners only initially)
Sophos iView ReportingUpdated on-premise Centralized Reporting
Security HeartbeatSupport for Security Heartbeatwith Sophos Cloud Endpoints
Heartbeat
Difficult to identify andprioritize issues
Interactive dashboard instant data and drilldown
Complexity of policy creation and management
Policy templates, easy to understand
Sophos XG Firewall: Simply solving common problems
All-new Control Center
• Surfaces important
information
• System status
• Traffic
• Security heartbeat
• Advanced threats
• UTQ
• VPNs
• Risky users, apps,
websites
• Policy activity
•Quick access to additional
information and tools
Unified Policy Management
•Don’t need to navigate multiple
modules, or tabs to find polices
• All policies on one screen
• Users & Networking
• Business Applications
• Sort and Filter Tools
• Business App Policy Templates
Synchronized Security
Synchronized Security
Linking network and endpoint security to deliver unparalleled protection by
accelerating and automatingthreat discovery, analysis, and response.
“No other company is close to delivering this type of synchronized and integrated communication between endpoint and
network security products.”
Chris Christiansen, VP of Security Products, IDC
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Sophos Central
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Synchronized Security Platform and Strategy
Endpoint/Next-Gen Endpoint
Mobile
Server
Encryption
UTM/Next-Gen Firewall
Wireless
Web
Sophos Central
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Mobile
Server
Encryption
Wireless
Web
In Cloud On Prem
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall
Synchronized Security Platform and Strategy
Heartbeat
Sophos Central
Cloud Intelligence
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Mobile
Server
Encryption
Wireless
Web
In Cloud On Prem
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall
Synchronized Security Platform and Strategy
Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Unknown App ID
Cloud Intelligence
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
UTM/Next-Gen Firewall
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Wireless
Web
Synchronized Security Platform and Strategy
Endpoint/Next-Gen Endpoint
Mobile
Server
Encryption
Sophos CentralIn Cloud On Prem
Synchronized Encryption
Encryption
Cloud Intelligence
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Sophos Central
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Web
In Cloud On Prem
Synchronized Security Platform and Strategy
UTM/Next-Gen Firewall
Wireless
Endpoint/Next-Gen Endpoint
Mobile
Server
Lateral Movement Protection
Mobile
Server
Wireless
Encryption
Cloud Intelligence
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Web
Synchronized Security Platform and Strategy
UTM/Next-Gen Firewall
Sophos CentralIn Cloud On Prem
Endpoint/Next-Gen Endpoint
Synchronized Phishing Protection
Server
Wireless
Encryption
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
Sophos Labs | 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Synchronized Security Platform and Strategy
UTM/Next-Gen Firewall
Sophos CentralIn Cloud On Prem
Endpoint/Next-Gen Endpoint
Mobile
Web
Cloud Intelligence
Continuous Authentication
Synchronized SecurityFirewall can independently assess health of endpoint
1. Firewall sees traffic and hears Security Heartbeat
2. Heartbeat Disappears but Firewall still sees traffic
Missing Heartbeat Detection
Suspect Endpoint XG Firewall
Identifying compromised endpoints and Isolating
Firewall can independently assess
health of endpoint
3. Firewall changes Endpoint Health to DO NOT TRUST and applies RED health security policy
How do Hackers Covertly spread?
Using Lateral Movement
Lateral Movement Detection and Prevention
Lateral movement detection• Brute force – password crack • Spray attack – multiple logins• Disable security – Firewall spots missing heartbeat
Lateral movement prevention
It’s Time to Synchronize Security
Analytics
Next-Gen Firewall
Wireless
Web
Disk Encryption
UTM
File Encryption
Endpoint
Next-Gen Endpoint
Mobile
Server
Cloud Intelligence
Centralized Policy Management
56