What's cooking at Sophos - an introduction to Synchronized Security
32
1 Vincent Vanbiervliet Product Manager Synchronized Security Revolutionizing Advanced Threat Protection
-
Upload
sophos-benelux -
Category
Education
-
view
746 -
download
0
Transcript of What's cooking at Sophos - an introduction to Synchronized Security
1
Vincent VanbiervlietProduct Manager
Synchronized SecurityRevolutionizing Advanced Threat Protection
2
What we’re going to cover
• What’s the problem?• It’s time for a security revolution• How it works• Synchronized Security 2015-2016• Your path to synchronized Security
33
What’s the problem?
4
Threat Landscape
5
Increasing attacks, increasing sophistication
Attack surface exponentially larger
Laptops/DesktopsPhones/Tablets
Virtual servers/desktopsCloud servers/storage
Threats more sophisticated
Attacks are more coordinated than defenses
6
Security industry 2D view
77
It’s time for a security revolution
8
Generations of security
Point Products
Anti-virus
IPS
Firewall
Sandbox
Layers
Bundles
Suites
UTM
EMM
Synchronized Security
Security Heartbeat™
9
Comprehensive protection • Prevent Malware• Detect Compromises• Remediate Threats• Investigate Issues • Encrypt Data
MAC
ANDROID
WINDOWS
iOS
CORPORATEDATA
WINDOWSPHONE
LINUX
Synchronized Security
10
Integration at a different levelSynchronized Security Alternative
• System-level intelligence• Automated correlation• Faster decision-making• Accelerated Threat Discovery• Automated Incident Response• Simple unified management
• Resource intensive• Manual correlation• Dependent upon human analysis• Manual Threat/Incident response• Extra products• Endpoint/Network unaware of
each other
Management
Enduser Network
SIEM
Endpoint Mgmt NW Mgmt
Endpoint Network
11
Synchronized Security
Security must be comprehensiveThe capabilities required to fully satisfy customer need
Security can be made simplePlatform, deployment, licensing, user experience
Security is more effective as a systemNew possibilities through technology cooperation
Synchronized SecurityIntegrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection.
SOPHOS LABS
Sophos Cloud
Next Gen Network Security
Next Gen Enduser Security
heartbeat
1212
How it works
13
3 pillars of advanced threat protection
By device identification reduces time taken to manually identify infected or at risk device or host
by IP address alone
Compromised endpoints are isolated by the firewall
automatically, while the endpoint terminates and
removes malicious software.
Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeat™ pulses real-time information on suspicious
behaviors
Security Heartbeat™
Accelerated Threat Discovery
Active Source Identification
Automated Incident Response
Faster, better decisions Quicker, easier investigation Reduced threat impact
14
System Initialization
RegistrationNGEP & NGFW register with Sophos Cloud which sends certificate/sec info to both
ConnectionEndpoints initiate connection to the trusted Firewall
ValidationFirewall and Endpoints check sec info sent to them by Cloud to verify they are valid
SOPHOS LABS
Sophos Cloud
Next Gen Network Security
Next Gen Enduser Security
heartbeat
Support of multiple locationsEndpoints can establish connection to Firewalls at any customer’s location as the Sophos Cloud registry can be shared among all Galileo-enabled Firewalls
15
Accelerated Threat Discovery
Security HeartbeatA few bytes of information are shared every 15 seconds from Endpoint to Network
EventsUpon discovery, security information like Malware, PUA is shared between Endpoints and Network
HealthEndpoint sends Red, Yellow, Green health status to Network
SOPHOS LABS
Sophos Cloud
Next Gen Network Security
Next Gen Enduser Security
heartbeat
VPN supportGalileo supports endpoints connected within the local network as well as those connected via VPN as long as they are connecting to the Firewall.
16
Active Source Identification
Security HeartbeatPositively identifying the machine. Associating the IP address with a particular Endpoint
Advanced AttackIf Network Firewall detects an advanced attack but can’t determine source, it requests details from endpoints
Source IdentificationEndpoint sends details of machine name, user, process, and IP address
SOPHOS LABS
Sophos Cloud
Next Gen Network Security
Next Gen Enduser Security
heartbeat
17
Automated Incident Response
GreenEndpoints have full access to internal applications and data as well as internet
YellowAffected endpoints can be isolated from internal/sensitive applications and data while maintaining access to internet
RedAffected endpoints are isolated from the network and have no access to internal systems or external internet
SOPHOS LABS
Sophos Cloud
Next Gen Network Security
Next Gen Enduser Security
heartbeat
Defaults and customizationThere are no default policies based on health status so admins can customize responses as needed. We are developing a best practices guide to assist customers in recommended policy setup.
1818
Synchronized Security 2015
19
Comprehensive Next-Gen Endpoint
SOPHOS SYSTEMPROTECTOR
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
Security Heartbeat™
20
Comprehensive Next-Gen Network
SOPHOS FIREWALLOPERATING SYSTEM
Web Filtering
IntrusionPrevention
SystemRouting
EmailSecurit
y
SecurityHeartbeat
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Firewall
21
SOPHOS SYSTEMPROTECTOR
Sophos Cloud
Next Generation Threat Detection
heartbeat
SOPHOS FIREWALLOPERATING SYSTEM
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
SecurityHeartbeat™
Web Filtering
IntrusionPrevention
SystemRouting Email
Security
SecurityHeartbeat™
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Isolate subnet and WAN accessBlock/remove malwareIdentify & clean other infected systems
User | System | File
Compromise
Firewall
2222
Synchronized Security 2016
23
SOPHOS SYSTEMPROTECTOR
Sophos Cloud
Improved Threat Detection
heartbeat
SOPHOS FIREWALLOPERATING SYSTEM
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
SecurityHeartbeat™
Web Filtering
IntrusionPrevention
SystemRouting Email
Security
SecurityHeartbeat™
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Lockdown local network accessRemove file encryption keysTerminate/remove malwareIdentify & clean other infected systems
User | System | File
Compromise
Firewall
24
SOPHOS SYSTEMPROTECTOR
Sophos Cloud
Automated Protection of Endpoints
heartbeat
SOPHOS FIREWALLOPERATING SYSTEM
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
SecurityHeartbeat™
Web Filtering
IntrusionPrevention
SystemRouting Email
Security
SecurityHeartbeat™
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Discover unmanaged EndpointsCould it be managed?Self-service portal setupUser authenticationDistribute security profile
Win | Mac | Mobile
Endpoint
Firewall
25
SOPHOS SYSTEMPROTECTOR
Sophos Cloud
Detect and Remediate Compromises
heartbeat
SOPHOS FIREWALLOPERATING SYSTEM
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
SecurityHeartbeat™
Web Filtering
IntrusionPrevention
SystemRouting Email
Security
SecurityHeartbeat™
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Identify compromiseDetect sourceAssess impactBlock/remove malwareIdentify & clean other infected systems
User | System | File
Compromise
Firewall
2626
Your path to Synchronized Security
27
NEXT-GENENDUSER SECURITY
NEXT-GENNETWORK SECURITY
SOPHOS UTM
• NETWORK PROTECTIONMODULE
SOPHOS CLOUD ENDPOINT
• CLOUD ENDUSER PROTECTION
• CLOUD ENDPOINT ADVANCED
Endpoint and Network working together
• FULLGUARD LICENSE
• TOTALPROTECT BUNDLE
NEXT-GEN FIREWALL
• NETWORK PROTECTIONMODULE
• NEXT-GENGUARD LICENSE
• NEXT-GENPROTECT BUNDLE
28
Already using Sophos
* Cloud Endpoint requires Sophos Cloud Endpoint Protection Advanced or Sophos Cloud Enduser Protection subscriptions
3030
Conclusion
31
The Synchronized Security differenceSophos Competition
Synchronized Security Point Products
Simple Complex
Comprehensive Incomplete
Prevention, Detection, Investigation, Remediation, Encryption Prevention
Enduser, Network, Server, Mobile, Web, Email, Encryption Endpoint or Network
Automated Manual
Block the known, unknown, advanced, coordinated attacks Partial Prevention
32
Revolutionizing advanced threat protection
Synchronized Security
Accelerated Threat Discovery
Positive Source Identification
Automated Incident Response
Faster, better decisions Quicker, easier investigation Reduced threat impact
33© Sophos Ltd. All rights reserved.
