1
Vincent VanbiervlietSenior Sales Engineer
Securing with SophosSophos Security Day – 25/11/2014
22
SafeGuard Enterprise 7.0What’s New
3
What’s New in SafeGuard Enterprise 7.0
• Enhancements on Windows
Windows 8.1 August Update (f.k.a 8.1-2014) supported
BL management improvements
File Tracking for Cloud Storage targets
LSH user enrollment enforcement
Backend performance improvements in large DB environments
Support of new tokens/smartcards (KBA will be updated for release)
• Enhancements on OS X• File encryption enhancements – original mount points hidden
• File encryption performance improvements
4
BL - Support for Password Protector
• Passwords as an additional authentication mechanism
4
5
BL - Support for Password Protector
• "Auto-Unlock" as a way to automatically protect and unlock NON-boot volumes without requiring a user interaction at all.
• Implements support for the BitLocker hardware test, which is initiated before encryption of the boot volume starts. This improves the user experience, as scenarios where the user gets locked out from the system are avoided.
• Allow the user to explicitly postpone BitLocker encryptionwhen, e.g., a new password is requested.
5
6
LSH user enrollment enforcement
• User are now "remembered" to answer their questions in 3 stages
• Stage 1: Baloon tooltip in tray icon every hour, change to stage 2 on next calendar day
• Stage 2: Additionally to stage 1 behavior LSH will be started every logon and unlock and users can postpone, change to stage 3 after 2 days
• Stage 3: Additionally to stage 2 behavior (except the tooltip) the LSH dialog will be started every 60 min (users can postpone it)
6
7
Mac – File Encryption enhancements
• „Real“ enforcement of file encryption (original folders are hidden to users and replaced by SGN secured folders)
• No changes in workflows anymore
Users can work with the secured folder as usual
Secured folders are stored on the same place where the original folders were)
Real pathes (e.g. documents) can be used in Terminal now
• Support of additional AV engines
7
8
Mac - SGN 6.1 File Encryption
8
SGN 6.1!!!
9
Mac - File Encryption enhancements
9
1010
Sophos Cloud
11
Sophos Security.
Cloud Simplicity.
The same trusted endpoint protection, now available in the cloud. Instant deployment, instant security, instant satisfaction.
12
Updates, upgrades
and reporting
Sophos Cloud - Cloud-managed Security
Admin(Anywhere)
Sophos Cloud
Roaming worker
Home worker
HQ office worker
Remote office worker
13
Business Key Needs Sophos Cloud
Easy to ImplementAs a small business owner I typically have to “do it all” and don’t have time to become a security expert. It’s critical that this solution is quick to implement.
From Need to Solution in Minutes• Sign up online and deploy endpoints right from
the cloud• No server to implement
Easy to Manage, Maintenance freeOnce we’re running, make it simple for me to stay protected and, when I need to take action, make it easy.
Manage Anywhere with Auto Updates• Per user policy and reporting• Automatic upgrades
Ideal for Businesses
Cost EffectiveMy budget is tight so the price has to be competitive.
Economical• Per user license – add users as you grow• Licensing flexibility
• Annual, Multi-year• No equipment procurement or maintenance costs
Effective Protection Everywhere I need to ensure remote and roaming users are protected the same way as office users
Best in Class Protection Everywhere• Automatic threat and policy updates• Built-in best practices; fewer clicks to better
protection
14
Sophos Cloud v3 – Key Capabilities
-Releases November 18 2014-
Windows server protection (standard)
Automatic exclusions, enhanced exclusion capabilities, device based policy
Existing EP customer automatically extended a 25% server allocation (license)
Evaluation license support Customer of EP or Server can always try the other regardless of whether
customer is licensed for it
15
Cloud Server Protection (Standard)
Easy to configure and manage
• Automatically identifies and adapts to your server environment
• Automatic exclusions
Fast Performance
• Low performance impact that won’t slow down your servers
Great Protection
• Anti-malware, HIPS, Live Protection, Web Security
16
Cloud Server Protection (Standard)
How is it different from Endpoint Protection?
Server policy is set per machine (server) and not per user
The server policy allows you to control all the features (endpoint limits control over certain features)
Server has its own dashboard widget and report
Server has improved exclusions support and automatic exclusions
Server doesn’t have device control or web control
You can only install Server on server OS and you can only install Endpoint on desktop OS
17
Cloud Server Protection (Standard) - Exclusions
Variable Windows 2008 Windows 2003
Example Expansion Uses Environment Variables Expansion Uses Environment Variables
%allusersprofile% C:\ProgramData %allusersprofile% C:\Documents and Settings\All Users
%allusersprofile%
%appdata% C:\Users\*\AppData\Roaming %systemdrive% C:\Documents and Settings\*\Application Data
%systemdrive%
%commonprogramfiles% C:\Program Files\Common Files %commonprogramfiles% C:\Program Files\Common Files %commonprogramfiles%
%commonprogramfiles(x86)% C:\Program Files (x86)\Common Files
%commonprogramfiles(x86)% C:\Program Files (x86)\Common Files
%commonprogramfiles(x86)%
%localappdata% C:\Users\*\AppData\Local %userprofile% C:\Documents and Settings\*\Local Settings\Application Data
%userprofile%
%programdata% C:\ProgramData %programdata% C:\Documents and Settings\All Users\Application Data
%programdata%
%programfiles% C:\Program Files %programfiles% C:\Program Files %programfiles%
%programfiles(x86)% C:\Program Files (x86) %programfiles(x86)% C:\Program Files (x86) %programfiles(x86)%
%systemdrive% C: %systemdrive% C: %systemdrive%
%systemroot% C:\Windows %systemroot% C:\Windows %systemroot%
%temp% or %tmp% C:\Users\*\AppData\Local\Temp %systemdrive% C:\Documents and Settings\*\Local Settings\Temp
%systemdrive%
%userprofile% C:\Users\* %systemdrive% C:\Documents and Settings\* %systemdrive%
%windir% C:\Windows %windir% C:\Windows %windir%
%homedrive% NOT SUPPORTED %homedrive% (per-user) NOT SUPPORTED %homedrive% (per-user)
%homepath% NOT SUPPORTED %homepath% (per-user) NOT SUPPORTED %homepath% (per-user)
What variables are supported?
18
Cloud Server Protection (Standard) : Exclusions
Automatic Exclusions –
We will automatically apply exclusions based on the applications detected on the server
The feature is controlled from the policy
Detection will be handled via the registry and custom detection scripts
Sophos will provide a data feed with the exclusion rules, which will be updated regularly
We are starting with the Microsoft ones: Exchange, SQL and Active Directory domain controllers
We are the only ones doing this
19
20
Cloud Server Protection (Standard) – List View
21
Cloud Server Protection Standard: Detail View
Basic Server Info
Visibility to event history
22
Cloud Server Protection (Standard): Exclusions
Automatic exclusions!
24
Features and PackagingSophos Cloud Endpoint Protection Standard (CES)
Sophos Cloud EndpointProtectionAdvanced (CEA)
Sophos Cloud Mobile Control (CMC)
Sophos Cloud Enduser Protection (CUP)
Sophos Cloud Server ProtectionStandard (CSP)
Introduced v2 v2 v2 v2 v3
Anti-malware
Web Security
HIPS
Live protection
Device Control
Web Control
AD Sync
MDM
Policy type User-based User-based User-based User-based Server-based
Platform Windows, Mac Windows, Mac iOS, Android Windows, Mac,iOS, Android
WindowsServer
2525
Product Interface
26
26
27
27
28
28
29
User / Group Based Policy
30
30
31
Easy Reporting
3232
SMC 4.0 – Benefit Overview
33
What is SMC?
• For IT professionals that want to enable mobility, Sophos Mobile Control manages and secures mobile devices, content, and applications with a user-centric approach that delivers the simplest experience for users and administrators.
34
• Data Protection that Doesn’t End at the Office Door
• Integrated Security (Anti-malware, Web Filtering, UTM integration)
• User Centric (user based pricing and simple UI)
Core Benefits of SMC 4.0
!
35
Mobile Content Management Data Protection that Doesn’t End at the Office Door
• Mobile Encryption built into the SMC Console
• Ensures Secure Content Collaboration
• Only EMM vendor to offer individual File Encryption protected even “beyond the Cloud” with gated entry to each file
• Ensures that each document that is connected to the server remains secure
36
A glimpse into Secure Content Collaboration
37
Integrated AV (malware protection)
Integrated Security
38
39
Web Filtering
Integrated Security
X
40
Integrated Security
41
Network Access Control
Integrated Security
!
42
Integrated Security
43
Integrated Security
4444
UTM Advantage (9.3)
45
IT Manager Survey on SpiceWorks
Top complaints about current firewalls
Profit
Poor performance
Poor value
Not easy to manage
Insufficient security & control
Insufficient reporting & visibility
46
Stronger Protection
Simply Securing Content
• Time quotas, tagging, and selective SSL scanning bolsters web protection
• SPX encryption user portal simplifies data protection
• WAF features improve our TMG replacement advanage
UTM Advantage 9.3Enhancing Protection – New Features:
Better Everywhere
Extending deployment flexibility
• Microsoft Hyper-V 2012 support• Remote assistance in a click with
customer-controlled secure access• Multiple Bridge Support
Smarter WiFi
Taking Secure WiFi to the next level
• Automated wireless optimization• New HTTPS and multi-tenancy hotspots• Support for new APs and
wireless appliances• Availabilty of SMS authentication*
47
Top 3 New Features in Web Protection
• Time quota policy - users can browse specified categories for a set period per day
• Site tagging – enables sites to be tagged and tags to be used in policies (e.g. “customer sites” or “research sites”)
• Selective HTTPS Scanning – automatically determines which encrypted connections to scan
Other Notable Features:
• Updated App Control engine – broader app coverage (1300 Apps) and enhanced ATP
• Performance Improvements – proxy optimizations resulting in 20% performance improvement and 75% memory reduction
• True File Type Detection – can block archives based on the files they contain
Enterprise level SWG features – poweful, flexible, simple
48
Time Quota PolicyPolicy: Select the categories and the time quota…
User Experience
Helpdesk
(Reset if needed)
49
Site TaggingTag sites to create unlimited custom categories
Use tags in policy just like other categories
50
Selective HTTPS ScanningOptimize performance and privacy by scanning only sites that pose a risk
51
Top 3 New Features in Email Protection
• SPX Self-Registration – provides a portal so users can register, recover, and reset their own SPX passwords
• SPX Reply Portal Support for Attachments – SPX replys can now support email attachments.
• Live Anti-Virus – implemented Sophos AV engine for email with added protection from malware in emails by doing cloud lookups on suspicious content and true-file-type detection
Simpler SPX Email Encryption and Better Email AV
52
SPX Self-Registration Portal
53
SPX Secure Reply with Attachments
54
Top 3 New Features in Web Server Protection
• Flexible Setup – allow/deny lists for IP ranges, wildcards for server farms, username prefix/suffix settings, support for custom WAF rules
• WAF Performance– Scan size limits and for customers only using a UTM for WAF, they can dial up the capacity of the WAF
• Persistent SSO – (coming a bit later) better user experience that doesn’t require them to re-enter credentials when accessing different MS applications
Improving our Advantage as a TMG Replacement…
55
Top 3 New Features in Wireless Protection
• Automated WiFi Optimization – extends automatic channel selection beyond startup to work ongoing in the background
• Hotspot Multi-tenancy and HTTPS – Allows one UTM to be used to service different hotspots and encrypt the portal page.
• SMS Authentication – (available as needed) allow users to request access to a hotspot on their phone and receive voucher via SMS
Taking Wireless Protection to the next level
56
Top 3 Better Everywhere Features
• Hyper-V 3.5 – adds support for Microsoft Hyper-V Server 2012 R2 including MS Integration Tools v3.5 which will add HA/LB to Hyper-V
• Remote Assistance In-a-Click – enables webadminaccess to the UTM by Sophos Support with the click of a single button
• Multi-Bridge Support – improves deployment options
Extending deployment flexibility
5757
iView
58
Added Visbility
Increased depth and breadth of reporting
• Over 1000 built-in reports and views• Compliance reporting: HIPAA, PCI DSS,
GLBA, SOX• Fully customizable reports & views
with extensive drill-down capabilities
Sophos iViewExtending Reporting – Key Features and Benefits:
Security Intelligence
Identify issues before they become problems
• Rich dashboard and detailed traffic reports offer intelligent insights
• Easily monitor suspect users or traffic anomalies
• Quickly identify attacks on your network
Consolidated Reporting
Centralized reporting across multiple UTMs
• Works out-of-the-box with all Sophos UTMs• Single centralized view of all network activity
• Great for larger organizationsand MSPs
Log Management
Backup and long-term log storage
• Automated backups of all UTM logs for long-term storage• Eliminates reporting gaps if replacing/upgrading a UTM
• Quick access and retrieval of historical data for audits and forensics
59
Easy setup - iView
60
Easy setup - UTM
61
Added Visibility
62
Compliance ReportingHelping customers meet key compliance reporting requirements
63
Consolidated ReportingReporting across multiple UTMs
64
Security and IntelligenceTraffic and threat trend reporting
65© Sophos Ltd. All rights reserved.