1. Sophos Security and Data Protection
Overview
by: Mun Foong, Che – Channel Manager

2. Michael E Porter Professor at Harvard Business School
A leading authority on company strategy and the competitiveness of nations and regions
Six-time winner of the McKinsey Award for the best Harvard Business Review
Harvard Business School's program for newly appointed CEOs of multibillion dollar corporations
‘Father of the Modern Strategy’

3. Sophos – A Leading Security Vendor Globally
Security experts innovating for 23 years
Focused on sophisticated management capabilities for the enterprise customer
Protecting over 70,000 customers and 100 million end-user in nearly 150 countries
Revenue in 08/09 of US$270m with 27% year- on-year growth
19,000 new customers worldwide during FY Over half of newly-acquired Sophos customers were Symantec and McAfee displacements.
Providing real-time threat analysis and live updates 24 hours a day 3

4. About Sophos Privately held since inception in 1985
Sophos and Utimaco combined in 2008
1500+ Employees, more than 600 people in R&D
Solid revenue growth, profitable
Dedicated focus on businesses

5. Global Presence
Asian Offices in Singapore, Hong Kong, Philippines, China, Taiwan,
Indonesia , Malaysia with Representation in Thailand

7. SophosLabs knows threats better than anyone
Search engines
Spam Traps
Honey Pots
Customers (WS1000)
Other vendors
Reputation data
Spam
Analysis
Malware
Analysis
Behavior
Analysis
Exploit
Analysis
Reputation
Analysis
Web
Analysis
Application
Analysis
Sydney
Oxford
Boston
Vancouver
SophosLabs™ is a global network of highly skilled analysts with 20 years' experience in protecting businesses from known and emerging threats. Focused on rapidly evolving threats like viruses, spam, phishing, spyware and other malware, SophosLabs provides both proactive and rapid solutions for all Sophos customers. Our global network of threat analysis centres ensures Sophos is able to respond to new threats without compromise, achieving the highest levels of customer satisfaction and protection in the industry. Award-winning research, detection and disinfection
SophosLabs expertise is instrumental in helping our products to achieve internationally recognised virus detection and removal certification from such organizations as ICSA Labs, West Coast Labs, and Virus Bulletin. Latest technology from SophosLabs
In the same way that the criminals are using a combination of spammers, website hackers and virus writers together to avoid detection, SophosLabs are using analysts with a combination of spam experience, web experience and malware experience to increase detection rates. All analysts are trained for nine months before they can operate unsupervised.
New threats tend to shadow the working day; that is, they follow the sun from Asia across Europe and Africa and on to the Americas. The strategic positioning of SophosLabs in Asia- Pacific, Europe and the east and west coasts of North America, means that these centers can have updated protection created and deployed before the working day even begins in many regions.
Build 1
Spam and malware are created by cybercriminals and released into the wild where they are detected by a number of sources: customers running SAV, honey pots, other vendors or people ing The spam and malware are then analyzed and a virus identity file (IDE) created to resolve the malware or a spam signature released to block the spam. The IDEs and signatures is then published and downloaded by customers running Sophos products, providing up-to-date protection.
SophosLabs analyzes tens of thousands of pieces of code every month. By code we are referring to computer applications, files, attachments and suspected malware. These come in from a number of sources, in particular: customers running Sophos Anti-Virus, other vendors or honey pots. They are automatically processed, held securely so that they can be prioritized and assigned to an analyst.
Suspected malware files are firstly executed in a safe environment called “Mentor”. This is done to see how they behave and the effects that they have. The data from this provides detailed information that helps analysts to create the signature IDE. As part of this process the malware is compared to a database of known malware gleaned from 20 years experience in combating threats, called Genie, short for the genealogy database. This comparison allows the analyst to determine if the malware belongs to a family of malware that the Labs have already seen, speeding up the Signature development process by capitalizing on work that has already been done before.
The code being analyzed is automatically categorized in three ways:
Green – non malicious code with no actions required
Amber – potentially harmful to businesses if used inappropriately. These are added to our list of potentially unwanted applications
Red - malicious code for which an IDE must be written
The IDE is then tested on the relevant operating systems to ensure there are no harmful side effects and then published to Sophos customers.
SophosLabs partner with a major search engine who continually scan the web as part of their indexing activities. During this process, web sites are also scanned for malicious code so the search engine is seeing the web through the eyes of SophosLabs. Any sites found to be harboring malicious code are identified and blocklisted. Sophos customers running the web appliance are protected from these sites and if the URL’s of these sites appear in spam, the spam will also be identified and blocked. Approximately 20 thousand infected URL’s are uncovered everyday in this process.
The way Sophos has developed SophsoLabs capability is a competitive advantage in a number of way:
Release from a single location – many vendors only have one dedicated location that can release official signature updates for customers. For example, Manilla with Trend, Aylesbury with McAfee, Moscow with Kaspersky, California with Symantec, Madrid with Panda, etc.
Lack of local visibility - some vendors only have lab in one location worldwide, or even if vendors claim to have labs in multiple locations, some of them are only for "research purposes only". They are not equipped to address the needs of local customers and also regionally targeted campaign.
Quality of protection - some vendors do not go through a stringent quality assurance process, or don't have a test team with strong capabilities, and result in removing and re-releasing signatures from time to time. Kaspersky is a good example.
Time to protect - a lot of vendors are slow to respond by releasing updates, maybe because of lack of global malware visibility, or they do not have an effective quality control process.
Platform dependent - a lot of vendors' signatures are platform dependent, meaning that more than one file has to be created for signatures by platforms. This may further delay protection, and may also get different results by platforms.
Some technology bytes and more about SophosLabs:
Discover how the expertise and systems in SophosLabs give businesses the rapid, reliable protection they need in our white paper
Sophos ZombieAlert Service provides your organization with an immediate warning if spammers have hijacked computers on your network to send spam or launch Denial-of-Service attacks. Sophos PhishAlert Service provides fast, near real-time alerts of phishing campaigns, so you can take steps to shut down the imitation website and protect your customers.
Many people ask if we hire virus writers to work in the labs, it would seem natural. But the simple is answer is no, we do not and have never hired virus writers. The skill set required to be an analyst is much higher than that required to be a virus writer. Virus writers write malicious code that may or may not work, it is released untested and can have intended and unintended consequences for PC’s. Analysts do know how to decode the virus, but they also write the antidote to the virus, the virus identity file (IDE), which provides detection and disinfection for the malware in question. This IDE needs to be tested, as any new software program does, to ensure that there are no unintended consequences when installing it. Whereas a virus writer may write a virus for one operating system vulnerability, Sophos analysts are trained to detect and disinfect across the entire aspect of many operating systems. If you want someone to put out a fire you call a firefighter, not an arsonist! The arsonist may be able to start a fire, but he is not trained to put it out safely and effectively.
Blocking by reputation
Smallest, fastest signatures

8. Sophos Security and Data Protection
Security that frees organizations to focus on their business
Complete protection for less investment
Simplified security enables your business
Trusted expertise and proven solutions

9. Complete Protection Anti-malware
Proactive threat protection with a single engine across endpoint, and web
DLP
Controlling devices, applications and the use of /web prevents the inadvertent and deliberate leakage of information
Encryption
Securing data on computers and removable storage devices as well as in communication
Compliance
Ensuring computers meet the required internal security policies
Managing internet acceptable use policy

10. Comprehensive security and control
Sophos offers a comprehensive solution that controls malware, spam, data leakage prevention and which allows you to manage legitimate applications, configuration and user behavior.
Our protection has four components:
Endpoint protection. This includes anti-malware, firewall, application control and protection against any code, file or system processes that are acting suspiciously, and buffer overflow attacks (HIPS). Security and Control gets more powerful when it starts controlling which legitimate and potentially unwanted applications can run, which websites can be visited, and other user behaviors. Uniquely, Sophos integrates application control into its endpoint solution, giving control over use of unauthorized software like VoIP, IM, P2P and games from within the same standard policy setting capability as anti-malware.
Information security. This includes functions such as Device Control, Data Leakage Prevention and Encryption. It makes sure that confidential data stays in the hands of those who need to see it and offers a second level of defence.
Compliance and system management. This ensures that the physical and information assets an organization has are compliant with your security policies and with any regulatory requirements that apply to your business. Network Access Control ensures that you know who or what is accessing your network, and ensures that all managed and unmanaged computers whether in the office or not are compliant with your policy, and are quarantined, remediated or blocked until they are.
Gateway security. This sits at the edge of your network and is based around your web and use. It ensures that the things coming into and out of your network are legitimate.
Sitting at the center is SophosLabs, our worldwide network of threat analysis centers, that provides regular updates and the latest pre-packaged intelligence to all of our hardware and software solutions, ensuring protection against fast-moving and zero-day threats. We’ll talk more about SophosLabs in greater detail in slide 11
We also ensure you do not need to spend time interacting with or updating your security solution by including as much automation as possible. Where your interaction is required we take the shortest and simplest approach, making sure you get things done fast. We want you to spend time focusing your efforts on solving issues, rather than expending effort trying to find out what and where the issue might be. At-a-glance dashboards, remote monitoring and automation of day-to-day management tasks free you to tackle issues rather than maintain the system.
This circle helps to illustrate how Sophos delivers integrated security and control at every vulnerable point to defeat today's and tomorrow's threats. Integrated agents, management and policies ensure that the endpoint, gateway and web browsing are fully covered by far-reaching proactive protection, and negate the need for adding ever more point products.
Getting endpoint protection , information security and compliance from one vendor simplifies your security strategy, support requirements, and will go a long way to ensuring you get more for the price of your AV budget.

11. Simplified Management
Reduces administration
Intuitive management provides dashboard view of security status
New policies and functionality can quickly be deployed across the estate
Managed appliances automate day-to-day administration of the gateway
Automatic, frequent, zero-effort updates
Ensure compliance
Sophisticated data leakage prevention across endpoint, , web
Certified encryption technologies secures sensitive information
Centralized encryption policy management enforces company wide
Anonymizing proxy blocking ensures acceptable internet use
Ease of Switching
The integrated third party security software removal tool makes deployment easy
Managed appliances deploy easily offering immediate results

12. Switch or Upgrade? Switching to Sophos Upgrading to Symantec
Install Sophos Enterprise Console on the same server or parallel system (so you are still protected as you switch).
Uninstall the Reporting Server if you have it installed.
Deploy Sophos Endpoint Security and Data Protection to clients - automatically if you use Active Directory or using the wizard. Our integrated tool will ensure Symantec AntiVirus will be automatically removed.
Use Symantec System Center to configure settings for the management server and clients that prepare them for migration. These settings changes consist of: disabling scheduled scans, modifying Quarantine purge options, deleting histories, disabling LiveUpdate, disabling roaming, unlocking server groups, and disabling Tamper Protection.
Uninstall Symantec System Center.
Install the Symantec Endpoint Protection Manager.
Migrate your legacy clients and servers.
Migrate legacy client or server that was used to protect the computer running Symantec System Center.
Source: migration information on

13. Trusted Solutions Low impact
Minimizes impact on system performance of users machines
Seamless user experience of internet surfing
Support
Technical Support provided by in-house experts
Pre-packaged intelligence from SophosLabs
Proven
Recognized as an industry leader
Award winning products and technologies

14. Gartner Magic Quadrant for EPP
Handout Master
Gartner Magic Quadrant for EPP
Gartner recognizes key strengths:
Strong reputation for support and service from customers and the channel
Good balance of management simplicity without sacrificing depth of control
Multi-platform management from a single console
Improved data protection capability with Utimaco acquisition
Improved malware detection
NAC embedded in the agent

15. Gartner Magic Quadrant for EPP
Handout Master
Gartner Magic Quadrant for EPP
“Buyers that prefer a broad,
comprehensive EPP suite with simplified management capabilities should consider Sophos.”
Gartner, Magic Quadrant for Endpoint Protection Platforms 2009

16. Gartner Magic Quadrant for EPP
Handout Master
Gartner Magic Quadrant for EPP
“Buyers that prefer a broad,
comprehensive EPP suite with simplified management capabilities should consider Sophos.”
Gartner, Magic Quadrant for Endpoint Protection Platforms 2009

17. Gartner, Magic Quadrant for Mobile Data Protection Sep 2009
Gartner Magic Quadrant – Mobile Data Protection
Through its completed acquisition of Utimaco, Sophos has created a combined company that can challenge McAfee.
The cultures of the companies were compatible ..and the new road map is impressive.
Gartner, Magic Quadrant for Mobile Data Protection Sep 2009
This slide is designed to help illustrate the trend towards financially driven malware. More slides that detail specific malware statistics can be found on the sales presentation one-stop shop.
Evolution of threats from high- to low-profile
Malware was originally about creating headlines and notoriety, so threats were noisy and visible. The writers intended to maximize the physical evidence of their efforts and would randomly hit anywhere that they could. To gain notoriety, the more systems that crashed, the better. More high-profile payload meant more headlines, which in turn boosted egos. There was no real target and the threat was random.
Driven by criminals motivated by financial gain
Today, the threat is very different. Malware is now big business for criminal gangs. So making a noise is certainly not a priority. The goal is to sneak in silently, steal money or data that could be valuable and leave the scene undisturbed – showing no signs of an offense having taken place. People do not necessarily realize that the stereotypical virus writer is no longer a teenager working alone in the basement, or that malware is unlikely to do something that they can see. Yesterday’s assumption “Nothing happened when I went to that website – so my PC must still be OK then” is still much in evidence – but the reality is very different. New threats are constantly evolving through exploitation of operating system vulnerabilities, network worms, blended spam and virus threats, phishing attacks, denial of service, and directory harvest attacks. Spammers and hackers are using more innovative techniques and virus writers are becoming more financially driven. Spam and virus writers are also joining forces to ensure delivery of spam messages across organisations. As the commercial profitability in creating malicious code increases, so too does the number of threats.
Some statistics to illustrate the trend
In 2006, Sophos detected 41,536 new threats. Malware writers continued to find new ways of infecting computers and duping users into handing over confidential information throughout the year. There was a particular surge at the end of the year, with November seeing 7612 new threats – nearly four times November 2005’s number of Sophos expects the growth in malware to continue, with even more devious attempts to steal information for financial gain.
Insufficiently protected computers are coming under attack in shorter timescales than ever before. Exploits, taking advantage of software flaws, can spread without human intervention. Internet worms like Zotob make use of vulnerabilities in the Windows operating system, infecting potentially hundreds of thousands of computers worldwide. Hackers are increasingly releasing malware before users have been able to apply the security patch from Microsoft, or even – in some instances – before a patch has been published. Sophos research shows that connecting an unprotected, unpatched computer running Windows XP (without SP2) to the internet leads to a 40% risk of infection from an internet worm within about 10 minutes, rising to a 94% chance after 60 minutes. There might not even be enough time to download and install security patches or firewalls, so computers must be protected before going online.
In 2006 a family of malware called Stratio, also known as Stration or Warezov appeared. This mass-mailing worm saw major growth and over one thousand unique variants of it were spammed out in November.
Even though viral attacks, such as those from Dref and Stratio worms, were widespread, and therefore appear in the list of top ten malware threats of 2006, they are, in fact, far outnumbered by Trojan attacks, which are spammed out in small targeted campaigns but in vast numbers.
Throughout 2006 Trojans represented on average around 80% of malware detected throughout the year. This continued the trend of 2005 where Trojans outnumbered Windows worms every month, although the percentage of the threat then was only 62%.
Sophos has a global network of tens of thousands of monitoring stations capturing data on the latest viruses spreading via . Although the proportion of infected detected by Sophos fell from 1 in 44 in 2005 to just 1 in 337 (0.3%) in 2006, there was nevertheless some high-profile malware dropping into users’ inboxes. Worms such as Mytob, Netsky and Sober spread widely via in 2006. 17 17

18. Virus Bulletin RAP Average Quadrant Jun – Dec 09

19. Sophos Security and Data Protection
Endpoint Security and Data Protection
Security
and
Data Protection
Web Security and Control
Anti-virus, -spyware, -adware
Application control
Device control
Full disk encryption
Network access control
Firewall
Wide range of platform support
Spam, phishing, malware
Sender Genotype reputation filter
SXL real-time spam updates
Content control
SPX and TLS Encryption
Hardware/software options
Real-time malware scanning
URL/reputation database
Content control
Anonymizing proxy blocking
HTTPS scanning
DLP post control
Managed appliances

20. SAP (Germany) – 10,000 Servers
Key wins (Global)
Endpoint– 20,000 User
SAP (Germany) – 10,000 Servers
Endpoint (90,000 users)

21. Notes Master heading here
Enter Date here
Sophos confidential. Not for distribution or external discussion
350,000 User License
Symantec Displacement
60,000 User License
Computer Associates Displacement
20,000 User License
Symantec Displacement
22,300 User License
Computer Associates Displacement
11,000 User License
Symantec Displacement
100,000 User License
McAfee Displacement
5,000 User License
Computer Associates/Sybari Displacement
1,400 User License
Symantec Displacement
10,000 User License
McAfee Displacement
6,000 User License
Symantec Displacement
15,000 User License
Symantec Displacement
3,800 User License
McAfee Displacement
20,000 User License
Symantec Displacement
6,000 User License
Symantec Displacement
* General Electric Company (GE) (switch to Sophos from Symantec) recently completed an agreement to deploy Sophos
Endpoint Security and Control on up to 350,000 endpoints (laptops, desktops and servers) throughout the world and within
every division of the company. Seeking to improve manageability and reduce costs which arise from managing multiple
solutions, GE will introduce Sophos Network Access Control (NAC) as well as Sophos Endpoint Security and Control.
* Hilton International (renewal of UK , switch to Sophos from CA for US) was a long-time CA customer in North America
when in 2007 they purchased a four year Endpoint license. Through our offices in North America and Europe, we provide protection
for over 60,000 desktops. Key to Hilton's decision to switch to Sophos was the wide platform coverage, intuitive
management console and the security and control vision of our endpoint roadmap.
* Miami-Dade (switch to Sophos from McAfee) is the 4th largest school district in the US and was using McAfee for the last
5 years to protect their 90,000 desktops and Exchange environment. In the words of Miami-Dade here is why they chose Sophos as
their preferred vendor: "Purchase of the Sophos Anti-Virus product offers the District several benefits over the outgoing solution:
Coverage for all District computers ... Faster Detection of Threats, Better Performance from Computers, Faster Updates and Smaller
Updates... Simplified Console Has Shorter Learning Curve ... and Better Support"
* Revlon, Inc. (switch to Sophos from Symantec) is a mass-market cosmetics brand, headquartered in New York City with circa
6000 employees. In 2007, Revlon signed a five-year agreement with Sophos for Endpoint Security and Control plus NAC Advanced.
Revlon was a former Symantec customer who wanted a solution that was intuitive, caused minimal overhead and provided the most
protection on multiple platforms including all Windows, Linux, Mac and AIX.
* Pixar Animation Studios (switch to Sophos from Symantec) switched from Symantec to Sophos Endpoint Security and
Control for their 1400 PC's, Macs and Linux machines. This including their most sensitive production machines for rendering their
animations. Paramount to the decision was the dependability of the engine on sensitive hardware, reputation for support, and ease of
real-time management in a unified management console.
Home Depot Supply, a 3 year deal in which we will be initially converting 20,000 endpoints from mostly Symantec and McAfee
* Norwich Union, part of Aviva, (renewal with Sophos) the world’s fifth-largest insurance group recently further invested in
Sophos's technology for the endpoint to cover their 35,000 machines for a further period of five years. Alongside the Norwich Union
deployment, Aviva has also implemented a global framework, which enables its international sites to switch easily to Sophos. This
could increase the number of Sophos protected machines to more than 70,000.
Heinz Heinz has trusted Sophos to protect its desktop users and systems from malware and spam for many years. Heinz wanted to extend its IT security by deploying Sophos protection across thousands of employees throughout Europe, the Middle East and Asia-Pacific. The company needed to safeguard its users from malware attacks and unwanted content from all sources, and also protect against unauthorised application use.
Sophos Web Security and Control was implemented at the web gateway because of its high degree of accuracy in blocking known and unknown threats. Heinz also started to use the application control capabilities offered by Sophos Endpoint Security and Control.
Location EMEA headquarters, UK
Environment 5000 users throughout EMEA
5,000 User License
Symantec Displacement
20,000 User License
McAfee Displacement
90,000 User License
McAfee Displacement
20,000 User License
Symantec Displacement
Enter Footer text here

22. What’s new in Endpoint 9.0 Good afternoon / good morning.
Thanks for joining this webcast today on the new release of our endpoint product.
My name is....
And with me today I have CP who is going to help me today show you what’s new in this version.
We’re really excited about this new release as it delivers some great new functionality that enables you to do even more with your existing endpoint budget.

23. Endpoint Security and Control 9.0
Enhancements cover:
Management
Security
Data Protection
There are three key areas that we have focussed on for this launch.
Management
Security
And most importantly, Data Protection
So let’s take a look at each of those areas in turn.

24. Making management even easier

25. Management enhancements
Role based administration:
4 default role levels (admin, sys admin, help desk and guest)
authenticated via Windows groups
customizable control over policies and actions
devolve sub-estate management
Computer based reports (compliance - protection status over time)
User based reports (application, device and data control policies)
Reports can be scheduled and ed automatically
Event viewer provides quick mechanism to analyse events
Brand new updating technology
RBA
Many IT teams would like to be able to share the work around so not all management rests on one person’s shoulders. Role based administration enables this to happen and in version 9 we’ve integrated it into the enterprise console – providing 4 default roles to get you started, but you can easily create your own roles if you need.
For example you could assign rights to the technical help desk to fix problems and clean-up malware.
In the same way, the responsibility for management of specific areas of the network – say locations or departments – can now be delegated. This saves admin time and enables them to retain overall control of security policy.
Reporting
In version 9 we’ve introduced new standard reports predominantly focussed on compliance.
For instance, you can report on the number of computers that have been out of compliance with a particular policy for a given period of time.
Report customisation is easy too – you can just select the things you want to report on, such as adware and potentially unwanted applications.
And with this new release, reports can be scheduled to run at specific times and then be automatically ed - straight to the people that need them.
Event viewer
We’ve made it even easier to see critical events by providing an dedicated area on the dashboard that shows a rolling 7 day average of events.
This new way of presenting the information means you can simply monitor the recent activity and be automatically notified if anything out of the ordinary happens.
Updating
The release of version 9 includes a brand new updating technology called the Sophos Update Manager
Unlike EM Library, the new product, the Sophos Update Manager, is fully integrated into the Enterprise Console making it much easier for administrators to configure and manage updating.
So Chris, can you show us what all this looks like?

26. Even better security

27. Security enhancements
Firewall location awareness – rule sets for on and off LAN
DNS or default gateway used to define location
Firewall training – report only mode in console, alert on learning
Combined client GUI and system tray icon (firewall + SAV)
Configurable rootkit detection/blocking
Continued HIPS rules enhancements
Supports Windows 7!
Firewall
With today’s threats, firewalls are increasingly important, and we’re making ours easier to set up and deploy with this new release. Standard policies can be created in a few simple steps with the new wizard, and for those admins that know exactly what they want, there’s an advanced policy editor.
We’re also providing Location Awareness that allows you to configure two new profiles – in and out of the office – meaning that wherever people are, you can be sure that they’re getting the right security.
Also, firewall policies can now be run in an “alert only” mode allowing you to monitor what’s going on and refine policies, so when the policies are rolled out, you can be sure that better security won’t get in the way of the end-users.
Combined agent
This release sees our AV and the Firewall clients and system tray icons combined. You now get a single client, called the Endpoint Security and Control agent that covers AV, HIPS, application, device and data control, the firewall and updating, further reducing the impact on your end user’s computers.
HIPS enhancements
The release of version 9 introduces two new key features:
 New “Gene Caching” technology means a much lower management overhead for you. It shares information between our runtime HIPS technology and our Behavioural Genotypes enabling us to make even better decisions on whether a file is malicious or not.
And we’re also adding new rules to help prevent more zero day attacks. One such rule monitors files being copied to removable devices, and will prevent previously unknown worms such as Conficker.
Windows 7
Finally, the great news is that if you are looking at deploying Windows 7 when it ships later this month, you can be safe in the knowledge that you’ll be able to protect those machines with Sophos, as we recently passed their certification tests.
So Chris, back over to you – can you give us all a walkthrough of this new areas?

28. Integrating DLP
So let’s now take a look at what we’re delivering for data protection.
As I said earlier this area is a key focus for the launch and certainly something that we strongly believe is a real game changer in the market.

29. Device Control enhancements
Dedicated device control policy
Policy exceptions for individual instance or model types
Ability to control modems as a device type
Network bridging prevention
Granular control of:
Storage devices:
Removable storage - USB keys, removable hard disks
Optical / disk drives - CD / DVD / HD-DVD / Blu-ray
Network devices
Wi-Fi / Modems
Bluetooth
Infra-red
Firstly device control.
This has become an important part of a data protection strategy to stop employees taking data off the network. We first introduced it into Sophos Anti-Virus back in June 2008 as part of the Application Control policy but in Endpoint 9 it has its own dedicated policy!
Granular control
You can now set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. You can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure.
Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.
Preventing bridging
And you can now prevent network bridging to stop a computer being connected to a two networks at once – for example, the corporate network by a cable and to another network wirelessly.
You can automatically turn off a computer’s wireless interface if it is connected to the corporate network via a network cable and then re-enabled when the cable is removed.

30. Rich DLP functionality that is simple to manage
TOP SECRET
First fully integrated endpoint DLP solution
One agent
One license (Endpoint Security and Control)
Monitor and enforce on all common data exit points
Removable storage / optical media
Read only mode for storage
Internet applications (web browser, client, IM client)
Designed to prevent accidental data loss
Train staff through use of desktop prompts
Events audited and available for review within SEC
And now for the game changing piece... Version 9 is the first fully integrated endpoint DLP solution on the market, with a single agent delivering both malware and data protection.
Implementing a DLP solution can be a complex and costly task for IT managers, but we address this like no other vendor by integrating data control into the endpoint agent.
Our new integrated data control functionality is designed to prevent accidental leakage of personally identifiable information (PII) to minimise an organisation’s risk of breaching data security compliance legislation.
Covering all exits
The agent monitors all the common ways users can move data off the network: removable storage devices, CD/DVD/Floppy drives and Internet enabled applications such as web browser, clients and even instant messaging
Simplifying identification
SophosLabs remove the need for complex, time consuming creation of sensitive data lists by delivering an extensive library of global definitions which can be used out-of-the-box.
These lists cover things like social security numbers, credit card numbers and postal addresses. All files transferred will be scanned and checked against the data control policy.
Acting on breaches
There are a number of options open to the administrator if the agent detects that sensitive information is being moved. Firstly, the transfer can be allowed and simply be reported back to the Enterprise Console. Secondly, the transfer can be blocked.
The third option is to check with the user and give them the ability to authorise the transfer.
This can be can be used to train users that the data they are transferring may breach a company policy without actually preventing them from carrying out their work.
The end users decision is audited and can be reviewed at a later date.
Again, back to you Chris. Can you show us how this great new functionality can be set up and configured?

31. Recent Updates
I just want to briefly touch on a couple of recent non-Windows launches from Sophos which you may or may not be aware of.

32. Non-Windows releases SAV for Mac 7.0 SAV for UNIX 7.0
Supports Mac OS X 10.6
New user interface
Scheduled scanning
SAV for UNIX 7.0
Central monitoring and reporting via Enterprise Console
Solaris 9/10 on SPARC and Intel, HP-UX 11i (Itanium)
Firstly our Anti-virus for Mac release. There has been significant coverage of the eagerly awaited launch from Apple of their new operating system, 10.6 otherwise known as Snow Leopard.
I’m delighted to say that our latest anti-virus for Mac release, version 7, supports Snow Leopard.
In addition, we upgraded the user interface for our product and it now has much more of an Apple look and feel.
Finally, we’ve also added in the ability for you to schedule scanning for specific times.
Secondly our anti-virus for UNIX release. We’ve actually been releasing this over a number of drops, each one adding central management additional UNIX platforms.
Within Enterprise Console, you can now manage Solaris 9/10 on SPARC and Intel, plus HP-UX on Itanium – all alongside your Windows, Mac and Linux computers.

33. How do you get it?

34. Download available now
No license cost upgrade for customers with following:
Endpoint Security and Control
Endpoint Security and Data Protection
With all this great new functionality and also the new updating mechanism, we strongly advise you read the upgrade guides before you go ahead with deploying the new version across your estate.

35. Summary Key new features Data loss prevention at the endpoint
Control of access to devices, ports and data from a unified client
Firewall enhancements: location awareness, centralized learning
Anti-virus protection / HIPS enhancements
Integrated and extended role based administration
Improved updating/package management, replacing EM Library
Extended reporting – status, scheduled

36. Thank you! Any questions?