Synchronized Security
Download
Report
Transcript Synchronized Security
Synchronized Security
Revolutionizing Advanced Threat Protection
Lars Putteneers
Sales Engineer
1
What we’re going to cover
•
•
•
•
•
What’s the problem?
It’s time for a security revolution
How it works
Synchronized Security 2015-2016
Your path to synchronized Security
2
What’s the problem?
3
Threat Landscape
4
Increasing attacks, increasing sophistication
Attack surface
exponentially larger
Laptops/Desktops
Phones/Tablets
Virtual servers/desktops
Cloud servers/storage
Threats more
sophisticated
Attacks are more
coordinated than defenses
5
Security industry 2D view
6
It’s time for a security
revolution
7
Generations of security
Point Products
Layers
Synchronized Security
Anti-virus
Bundles
IPS
Suites
Security
Heartbeat™
Firewall
UTM
Sandbox
EMM
8
Synchronized Security
CORPORATE
DATA
WINDOWS
PHONE
iOS
WINDOWS
Comprehensive protection
• Prevent Malware
• Detect Compromises
• Remediate Threats
• Investigate Issues
• Encrypt Data
MAC
ANDROID
LINUX
9
Integration at a different level
Synchronized Security
Alternative
SIEM
Management
Enduser
•
•
•
•
•
•
Network
System-level intelligence
Automated correlation
Faster decision-making
Accelerated Threat Discovery
Automated Incident Response
Simple unified management
•
•
•
•
•
•
Endpoint
Mgmt
NW Mgmt
Endpoint
Network
Resource intensive
Manual correlation
Dependent upon human analysis
Manual Threat/Incident response
Extra products
Endpoint/Network unaware of
each other
10
Synchronized Security
Sophos Cloud
Security must be comprehensive
The capabilities required to fully satisfy customer need
Security can be made simple
Platform, deployment, licensing, user experience
Next Gen
Network Security
Next Gen
Enduser Security
Security is more effective as a system
New possibilities through technology cooperation
heartbeat
Synchronized Security
Integrated, context-aware security where Enduser
and Network technology share meaningful
information to deliver better protection.
SOPHOS LABS
11
How it works
12
3 pillars of advanced threat protection
Security Heartbeat™
Accelerated Threat
Discovery
Active Source
Identification
Automated Incident
Response
Endpoint and network
protection combine to identify
unknown threats faster. Sophos
Security Heartbeat™ pulses realtime information on suspicious
behaviors
By device identification reduces
time taken to manually identify
infected or at risk device or host
by IP address alone
Compromised endpoints are
isolated by the firewall
automatically, while the
endpoint terminates and
removes malicious software.
Faster, better decisions
Quicker, easier
investigation
Reduced threat impact
13
System Initialization
Sophos Cloud
Registration
NGEP & NGFW register with Sophos Cloud which sends
certificate/sec info to both
Connection
Endpoints initiate connection to the trusted Firewall
Next Gen
Network Security
Next Gen
Enduser Security
Validation
Firewall and Endpoints check sec info sent to them by Cloud
to verify they are valid
heartbeat
Support of multiple locations
Endpoints can establish connection to Firewalls
at any customer’s location as the Sophos Cloud registry
can be shared among all Galileo-enabled Firewalls
SOPHOS LABS
14
Accelerated Threat Discovery
Sophos Cloud
Security Heartbeat
A few bytes of information are shared every 15
seconds from Endpoint to Network
Events
Upon discovery, security information like Malware,
PUA is shared between Endpoints and Network
Next Gen
Network Security
Next Gen
Enduser Security
Health
Endpoint sends Red, Yellow, Green health status to
Network
heartbeat
VPN support
Galileo supports endpoints connected within the local
network as well as those connected via VPN as long as
they are connecting to the Firewall.
SOPHOS LABS
15
Active Source Identification
Sophos Cloud
Security Heartbeat
Positively identifying the machine. Associating the IP
address with a particular Endpoint
Advanced Attack
If Network Firewall detects an advanced attack but
can’t determine source, it requests details from
endpoints
Next Gen
Network Security
Next Gen
Enduser Security
Source Identification
Endpoint sends details of machine name, user, process, and
IP address
heartbeat
SOPHOS LABS
16
Automated Incident Response
Sophos Cloud
Green
Endpoints have full access to internal applications and
data as well as internet
Yellow
Affected endpoints can be isolated from
internal/sensitive applications and data while
maintaining access to internet
Next Gen
Network Security
Next Gen
Enduser Security
Red
Affected endpoints are isolated from the network and have
no access to internal systems or external internet
heartbeat
Defaults and customization
There are no default policies based on health status so
admins can customize responses as needed. We are
developing a best practices guide to assist customers in
recommended policy setup.
SOPHOS LABS
17
Synchronized
Security 2015
18
Comprehensive Next-Gen Endpoint
Application Application
Web
IoC
Reputation
Control
Tracking
Protection Collector
Threat
Engine
SOPHOS SYSTEM
PROTECTOR
Security
Heartbeat™
Live
Protection
HIPS/
Runtime
Protection
Malicious
Traffic
Detection
Emulator
Device
Control
19
Comprehensive Next-Gen Network
Routing
Threat
Engine
Proxy
Email
Security
Web
Filtering
Intrusion
Prevention
System
SOPHOS FIREWALL
OPERATING SYSTEM
Selective
Sandbox
Application
Control
Data Loss
Prevention
Firewall
Security
Heartbeat™
ATP
Detection
20
Next Generation Threat Detection
Sophos Cloud
Application
Control
Application
Tracking
Reputation
Web
Protection
IoC
Collector
Routing
Email
Security
Web
Filtering
Intrusion
Prevention
System
Firewall
heartbeat
Threat
Engine
Live
Protection
SOPHOS SYSTEM
PROTECTOR
Security
Heartbeat™
Security
Heartbeat™
HIPS/
Runtime
Protection
Malicious
Traffic
Detection
Proxy
Emulator
Device
Control
Compromise
User | System | File
SOPHOS FIREWALL
OPERATING SYSTEM
Selective
Sandbox
Application
Control
Data Loss
Prevention
Threat
Engine
ATP
Detection
Isolate subnet and WAN access
Block/remove malware
Identify & clean other infected systems
21
Synchronized
Security 2016
22
Improved Threat Detection
Sophos Cloud
Application
Control
Application
Tracking
Reputation
Web
Protection
IoC
Collector
Routing
Email
Security
Web
Filtering
Intrusion
Prevention
System
Firewall
heartbeat
Threat
Engine
Live
Protection
SOPHOS SYSTEM
PROTECTOR
Security
Heartbeat™
Security
Heartbeat™
HIPS/
Runtime
Protection
Malicious
Traffic
Detection
Proxy
Emulator
Device
Control
Compromise
User | System | File
SOPHOS FIREWALL
OPERATING SYSTEM
Selective
Sandbox
Application
Control
Data Loss
Prevention
Threat
Engine
ATP
Detection
Lockdown local network access
Remove file encryption keys
Terminate/remove malware
Identify & clean other infected
systems
23
Automated Protection of Endpoints
Sophos Cloud
Application
Control
Application
Tracking
Reputation
Web
Protection
IoC
Collector
Routing
Email
Security
Web
Filtering
Intrusion
Prevention
System
Firewall
heartbeat
Threat
Engine
Live
Protection
SOPHOS SYSTEM
PROTECTOR
Security
Heartbeat™
Security
Heartbeat™
HIPS/
Runtime
Protection
Malicious
Traffic
Detection
Proxy
Emulator
Device
Control
Endpoint
Win | Mac | Mobile
SOPHOS FIREWALL
OPERATING SYSTEM
Selective
Sandbox
Application
Control
Data Loss
Prevention
Threat
Engine
ATP
Detection
Discover unmanaged Endpoints
Could it be managed?
Self-service portal setup
User authentication
Distribute security profile
24
Detect and Remediate Compromises
Sophos Cloud
Application
Control
Application
Tracking
Reputation
Web
Protection
IoC
Collector
Routing
Email
Security
Web
Filtering
Intrusion
Prevention
System
Firewall
heartbeat
Threat
Engine
Live
Protection
SOPHOS SYSTEM
PROTECTOR
Security
Heartbeat™
Security
Heartbeat™
HIPS/
Runtime
Protection
Malicious
Traffic
Detection
Proxy
Emulator
Device
Control
Compromise
User | System | File
SOPHOS FIREWALL
OPERATING SYSTEM
Selective
Sandbox
Application
Control
Data Loss
Prevention
Threat
Engine
ATP
Detection
Identify compromise
Detect source
Assess impact
Block/remove malware
Identify & clean other infected
systems
25
Your path to
Synchronized
Security
26
Endpoint and Network working together
NEXT-GEN
ENDUSER SECURITY
SOPHOS CLOUD ENDPOINT
• CLOUD ENDUSER
PROTECTION
• CLOUD ENDPOINT
ADVANCED
NEXT-GEN
NETWORK SECURITY
SOPHOS UTM
NEXT-GEN FIREWALL
• NETWORK PROTECTION
MODULE
• NETWORK PROTECTION
MODULE
• FULLGUARD LICENSE
• NEXT-GENGUARD
LICENSE
• TOTALPROTECT BUNDLE
• NEXT-GENPROTECT
BUNDLE
27
Already using Sophos
* Cloud Endpoint requires Sophos Cloud Endpoint Protection Advanced or Sophos Cloud Enduser Protection subscriptions
28
Conclusion
30
The Synchronized Security difference
Sophos
Competition
Synchronized Security
Point Products
Simple
Complex
Comprehensive
Incomplete
Prevention, Detection, Investigation,
Remediation, Encryption
Prevention
Enduser, Network, Server, Mobile,
Web, Email, Encryption
Endpoint or Network
Automated
Manual
Block the known, unknown,
advanced, coordinated attacks
Partial Prevention
31
Revolutionizing advanced threat protection
Synchronized Security
Accelerated Threat
Discovery
Positive Source
Identification
Automated Incident
Response
Faster, better decisions
Quicker, easier
investigation
Reduced threat impact
32
© Sophos Ltd. All rights reserved.
33