Presentation on theme: "Sophos Security and Data Protection"— Presentation transcript:
1Sophos Security and Data Protection Overviewby: Mun Foong, Che – Channel Manager
2Michael E Porter Professor at Harvard Business School A leading authority on company strategy and the competitiveness of nations and regionsSix-time winner of the McKinsey Award for the best Harvard Business ReviewHarvard Business School's program for newly appointed CEOs of multibillion dollar corporations‘Father of the Modern Strategy’
3Sophos – A Leading Security Vendor Globally Security experts innovating for 23 yearsFocused on sophisticated management capabilities for the enterprise customerProtecting over 70,000 customers and 100 million end-user in nearly 150 countriesRevenue in 08/09 of US$270m with 27% year- on-year growth19,000 new customers worldwide during FY Over half of newly-acquired Sophos customers were Symantec and McAfee displacements.Providing real-time threat analysis and live updates 24 hours a day3
4About Sophos Privately held since inception in 1985 Sophos and Utimaco combined in 20081500+ Employees, more than 600 people in R&DSolid revenue growth, profitableDedicated focus on businesses
5Global PresenceAsian Offices in Singapore, Hong Kong, Philippines, China, Taiwan,Indonesia , Malaysia with Representation in Thailand
7SophosLabs knows threats better than anyone Search enginesSpam TrapsHoney PotsCustomers (WS1000)Other vendorsReputation dataSpamAnalysisMalwareAnalysisBehaviorAnalysisExploitAnalysisReputationAnalysisWebAnalysisApplicationAnalysisSydneyOxfordBostonVancouverSophosLabs™ is a global network of highly skilled analysts with 20 years' experience in protecting businesses from known and emerging threats. Focused on rapidly evolving threats like viruses, spam, phishing, spyware and other malware, SophosLabs provides both proactive and rapid solutions for all Sophos customers. Our global network of threat analysis centres ensures Sophos is able to respond to new threats without compromise, achieving the highest levels of customer satisfaction and protection in the industry. Award-winning research, detection and disinfectionSophosLabs expertise is instrumental in helping our products to achieve internationally recognised virus detection and removal certification from such organizations as ICSA Labs, West Coast Labs, and Virus Bulletin. Latest technology from SophosLabsIn the same way that the criminals are using a combination of spammers, website hackers and virus writers together to avoid detection, SophosLabs are using analysts with a combination of spam experience, web experience and malware experience to increase detection rates. All analysts are trained for nine months before they can operate unsupervised.New threats tend to shadow the working day; that is, they follow the sun from Asia across Europe and Africa and on to the Americas. The strategic positioning of SophosLabs in Asia- Pacific, Europe and the east and west coasts of North America, means that these centers can have updated protection created and deployed before the working day even begins in many regions.Build 1Spam and malware are created by cybercriminals and released into the wild where they are detected by a number of sources: customers running SAV, honey pots, other vendors or people ing The spam and malware are then analyzed and a virus identity file (IDE) created to resolve the malware or a spam signature released to block the spam. The IDEs and signatures is then published and downloaded by customers running Sophos products, providing up-to-date protection.SophosLabs analyzes tens of thousands of pieces of code every month. By code we are referring to computer applications, files, attachments and suspected malware. These come in from a number of sources, in particular: customers running Sophos Anti-Virus, other vendors or honey pots. They are automatically processed, held securely so that they can be prioritized and assigned to an analyst.Suspected malware files are firstly executed in a safe environment called “Mentor”. This is done to see how they behave and the effects that they have. The data from this provides detailed information that helps analysts to create the signature IDE. As part of this process the malware is compared to a database of known malware gleaned from 20 years experience in combating threats, called Genie, short for the genealogy database. This comparison allows the analyst to determine if the malware belongs to a family of malware that the Labs have already seen, speeding up the Signature development process by capitalizing on work that has already been done before.The code being analyzed is automatically categorized in three ways:Green – non malicious code with no actions requiredAmber – potentially harmful to businesses if used inappropriately. These are added to our list of potentially unwanted applicationsRed - malicious code for which an IDE must be writtenThe IDE is then tested on the relevant operating systems to ensure there are no harmful side effects and then published to Sophos customers.SophosLabs partner with a major search engine who continually scan the web as part of their indexing activities. During this process, web sites are also scanned for malicious code so the search engine is seeing the web through the eyes of SophosLabs. Any sites found to be harboring malicious code are identified and blocklisted. Sophos customers running the web appliance are protected from these sites and if the URL’s of these sites appear in spam, the spam will also be identified and blocked. Approximately 20 thousand infected URL’s are uncovered everyday in this process.The way Sophos has developed SophsoLabs capability is a competitive advantage in a number of way:Release from a single location – many vendors only have one dedicated location that can release official signature updates for customers. For example, Manilla with Trend, Aylesbury with McAfee, Moscow with Kaspersky, California with Symantec, Madrid with Panda, etc.Lack of local visibility - some vendors only have lab in one location worldwide, or even if vendors claim to have labs in multiple locations, some of them are only for "research purposes only". They are not equipped to address the needs of local customers and also regionally targeted campaign.Quality of protection - some vendors do not go through a stringent quality assurance process, or don't have a test team with strong capabilities, and result in removing and re-releasing signatures from time to time. Kaspersky is a good example.Time to protect - a lot of vendors are slow to respond by releasing updates, maybe because of lack of global malware visibility, or they do not have an effective quality control process.Platform dependent - a lot of vendors' signatures are platform dependent, meaning that more than one file has to be created for signatures by platforms. This may further delay protection, and may also get different results by platforms.Some technology bytes and more about SophosLabs:Discover how the expertise and systems in SophosLabs give businesses the rapid, reliable protection they need in our white paperSophos ZombieAlert Service provides your organization with an immediate warning if spammers have hijacked computers on your network to send spam or launch Denial-of-Service attacks. Sophos PhishAlert Service provides fast, near real-time alerts of phishing campaigns, so you can take steps to shut down the imitation website and protect your customers.Many people ask if we hire virus writers to work in the labs, it would seem natural. But the simple is answer is no, we do not and have never hired virus writers. The skill set required to be an analyst is much higher than that required to be a virus writer. Virus writers write malicious code that may or may not work, it is released untested and can have intended and unintended consequences for PC’s. Analysts do know how to decode the virus, but they also write the antidote to the virus, the virus identity file (IDE), which provides detection and disinfection for the malware in question. This IDE needs to be tested, as any new software program does, to ensure that there are no unintended consequences when installing it. Whereas a virus writer may write a virus for one operating system vulnerability, Sophos analysts are trained to detect and disinfect across the entire aspect of many operating systems. If you want someone to put out a fire you call a firefighter, not an arsonist! The arsonist may be able to start a fire, but he is not trained to put it out safely and effectively.Blocking by reputationSmallest, fastest signatures
8Sophos Security and Data Protection Security that frees organizations to focus on their businessComplete protection for less investmentSimplified security enables your businessTrusted expertise and proven solutions
9Complete Protection Anti-malware Proactive threat protection with a single engine across endpoint, and webDLPControlling devices, applications and the use of /web prevents the inadvertent and deliberate leakage of informationEncryptionSecuring data on computers and removable storage devices as well as in communicationComplianceEnsuring computers meet the required internal security policiesManaging internet acceptable use policy
10Comprehensive security and control Sophos offers a comprehensive solution that controls malware, spam, data leakage prevention and which allows you to manage legitimate applications, configuration and user behavior.Our protection has four components:Endpoint protection. This includes anti-malware, firewall, application control and protection against any code, file or system processes that are acting suspiciously, and buffer overflow attacks (HIPS). Security and Control gets more powerful when it starts controlling which legitimate and potentially unwanted applications can run, which websites can be visited, and other user behaviors. Uniquely, Sophos integrates application control into its endpoint solution, giving control over use of unauthorized software like VoIP, IM, P2P and games from within the same standard policy setting capability as anti-malware.Information security. This includes functions such as Device Control, Data Leakage Prevention and Encryption. It makes sure that confidential data stays in the hands of those who need to see it and offers a second level of defence.Compliance and system management. This ensures that the physical and information assets an organization has are compliant with your security policies and with any regulatory requirements that apply to your business. Network Access Control ensures that you know who or what is accessing your network, and ensures that all managed and unmanaged computers whether in the office or not are compliant with your policy, and are quarantined, remediated or blocked until they are.Gateway security. This sits at the edge of your network and is based around your web and use. It ensures that the things coming into and out of your network are legitimate.Sitting at the center is SophosLabs, our worldwide network of threat analysis centers, that provides regular updates and the latest pre-packaged intelligence to all of our hardware and software solutions, ensuring protection against fast-moving and zero-day threats. We’ll talk more about SophosLabs in greater detail in slide 11We also ensure you do not need to spend time interacting with or updating your security solution by including as much automation as possible. Where your interaction is required we take the shortest and simplest approach, making sure you get things done fast. We want you to spend time focusing your efforts on solving issues, rather than expending effort trying to find out what and where the issue might be. At-a-glance dashboards, remote monitoring and automation of day-to-day management tasks free you to tackle issues rather than maintain the system.This circle helps to illustrate how Sophos delivers integrated security and control at every vulnerable point to defeat today's and tomorrow's threats. Integrated agents, management and policies ensure that the endpoint, gateway and web browsing are fully covered by far-reaching proactive protection, and negate the need for adding ever more point products.Getting endpoint protection , information security and compliance from one vendor simplifies your security strategy, support requirements, and will go a long way to ensuring you get more for the price of your AV budget.
11Simplified Management Reduces administrationIntuitive management provides dashboard view of security statusNew policies and functionality can quickly be deployed across the estateManaged appliances automate day-to-day administration of the gatewayAutomatic, frequent, zero-effort updatesEnsure complianceSophisticated data leakage prevention across endpoint, , webCertified encryption technologies secures sensitive informationCentralized encryption policy management enforces company wideAnonymizing proxy blocking ensures acceptable internet useEase of SwitchingThe integrated third party security software removal tool makes deployment easyManaged appliances deploy easily offering immediate results
12Switch or Upgrade? Switching to Sophos Upgrading to Symantec Install Sophos Enterprise Console on the same server or parallel system (so you are still protected as you switch).Uninstall the Reporting Server if you have it installed.Deploy Sophos Endpoint Security and Data Protection to clients - automatically if you use Active Directory or using the wizard. Our integrated tool will ensure Symantec AntiVirus will be automatically removed.Use Symantec System Center to configure settings for the management server and clients that prepare them for migration. These settings changes consist of: disabling scheduled scans, modifying Quarantine purge options, deleting histories, disabling LiveUpdate, disabling roaming, unlocking server groups, and disabling Tamper Protection.Uninstall Symantec System Center.Install the Symantec Endpoint Protection Manager.Migrate your legacy clients and servers.Migrate legacy client or server that was used to protect the computer running Symantec System Center.Source: migration information on
13Trusted Solutions Low impact Minimizes impact on system performance of users machinesSeamless user experience of internet surfingSupportTechnical Support provided by in-house expertsPre-packaged intelligence from SophosLabsProvenRecognized as an industry leaderAward winning products and technologies
14Gartner Magic Quadrant for EPP Handout MasterGartner Magic Quadrant for EPPGartner recognizes key strengths:Strong reputation for support and service from customers and the channelGood balance of management simplicity without sacrificing depth of controlMulti-platform management from a single consoleImproved data protection capability with Utimaco acquisitionImproved malware detectionNAC embedded in the agent
15Gartner Magic Quadrant for EPP Handout MasterGartner Magic Quadrant for EPP“Buyers that prefer a broad,comprehensive EPP suite with simplified management capabilities should consider Sophos.”Gartner, Magic Quadrant for Endpoint Protection Platforms 2009
16Gartner Magic Quadrant for EPP Handout MasterGartner Magic Quadrant for EPP“Buyers that prefer a broad,comprehensive EPP suite with simplified management capabilities should consider Sophos.”Gartner, Magic Quadrant for Endpoint Protection Platforms 2009
17Gartner, Magic Quadrant for Mobile Data Protection Sep 2009 Gartner Magic Quadrant – Mobile Data ProtectionThrough its completed acquisition of Utimaco, Sophos has created a combined company that can challenge McAfee.The cultures of the companies were compatible ..and the new road map is impressive.Gartner, Magic Quadrant for Mobile Data Protection Sep 2009This slide is designed to help illustrate the trend towards financially driven malware. More slides that detail specific malware statistics can be found on the sales presentation one-stop shop.Evolution of threats from high- to low-profileMalware was originally about creating headlines and notoriety, so threats were noisy and visible. The writers intended to maximize the physical evidence of their efforts and would randomly hit anywhere that they could. To gain notoriety, the more systems that crashed, the better. More high-profile payload meant more headlines, which in turn boosted egos. There was no real target and the threat was random.Driven by criminals motivated by financial gainToday, the threat is very different. Malware is now big business for criminal gangs. So making a noise is certainly not a priority. The goal is to sneak in silently, steal money or data that could be valuable and leave the scene undisturbed – showing no signs of an offense having taken place. People do not necessarily realize that the stereotypical virus writer is no longer a teenager working alone in the basement, or that malware is unlikely to do something that they can see. Yesterday’s assumption “Nothing happened when I went to that website – so my PC must still be OK then” is still much in evidence – but the reality is very different. New threats are constantly evolving through exploitation of operating system vulnerabilities, network worms, blended spam and virus threats, phishing attacks, denial of service, and directory harvest attacks. Spammers and hackers are using more innovative techniques and virus writers are becoming more financially driven. Spam and virus writers are also joining forces to ensure delivery of spam messages across organisations. As the commercial profitability in creating malicious code increases, so too does the number of threats.Some statistics to illustrate the trendIn 2006, Sophos detected 41,536 new threats. Malware writers continued to find new ways of infecting computers and duping users into handing over confidential information throughout the year. There was a particular surge at the end of the year, with November seeing 7612 new threats – nearly four times November 2005’s number of Sophos expects the growth in malware to continue, with even more devious attempts to steal information for financial gain.Insufficiently protected computers are coming under attack in shorter timescales than ever before. Exploits, taking advantage of software flaws, can spread without human intervention. Internet worms like Zotob make use of vulnerabilities in the Windows operating system, infecting potentially hundreds of thousands of computers worldwide. Hackers are increasingly releasing malware before users have been able to apply the security patch from Microsoft, or even – in some instances – before a patch has been published. Sophos research shows that connecting an unprotected, unpatched computer running Windows XP (without SP2) to the internet leads to a 40% risk of infection from an internet worm within about 10 minutes, rising to a 94% chance after 60 minutes. There might not even be enough time to download and install security patches or firewalls, so computers must be protected before going online.In 2006 a family of malware called Stratio, also known as Stration or Warezov appeared. This mass-mailing worm saw major growth and over one thousand unique variants of it were spammed out in November.Even though viral attacks, such as those from Dref and Stratio worms, were widespread, and therefore appear in the list of top ten malware threats of 2006, they are, in fact, far outnumbered by Trojan attacks, which are spammed out in small targeted campaigns but in vast numbers.Throughout 2006 Trojans represented on average around 80% of malware detected throughout the year. This continued the trend of 2005 where Trojans outnumbered Windows worms every month, although the percentage of the threat then was only 62%.Sophos has a global network of tens of thousands of monitoring stations capturing data on the latest viruses spreading via . Although the proportion of infected detected by Sophos fell from 1 in 44 in 2005 to just 1 in 337 (0.3%) in 2006, there was nevertheless some high-profile malware dropping into users’ inboxes. Worms such as Mytob, Netsky and Sober spread widely via in 2006.1717
18Virus Bulletin RAP Average Quadrant Jun – Dec 09
19Sophos Security and Data Protection Endpoint Security and Data ProtectionSecurityandData ProtectionWeb Security and ControlAnti-virus, -spyware, -adwareApplication controlDevice controlFull disk encryptionNetwork access controlFirewallWide range of platform supportSpam, phishing, malwareSender Genotype reputation filterSXL real-time spam updatesContent controlSPX and TLS EncryptionHardware/software optionsReal-time malware scanningURL/reputation databaseContent controlAnonymizing proxy blockingHTTPS scanningDLP post controlManaged appliances
21Notes Master heading here Enter Date hereSophos confidential. Not for distribution or external discussion350,000 User LicenseSymantec Displacement60,000 User LicenseComputer Associates Displacement20,000 User LicenseSymantec Displacement22,300 User LicenseComputer Associates Displacement11,000 User LicenseSymantec Displacement100,000 User LicenseMcAfee Displacement5,000 User LicenseComputer Associates/Sybari Displacement1,400 User LicenseSymantec Displacement10,000 User LicenseMcAfee Displacement6,000 User LicenseSymantec Displacement15,000 User LicenseSymantec Displacement3,800 User LicenseMcAfee Displacement20,000 User LicenseSymantec Displacement6,000 User LicenseSymantec Displacement* General Electric Company (GE) (switch to Sophos from Symantec) recently completed an agreement to deploy SophosEndpoint Security and Control on up to 350,000 endpoints (laptops, desktops and servers) throughout the world and withinevery division of the company. Seeking to improve manageability and reduce costs which arise from managing multiplesolutions, GE will introduce Sophos Network Access Control (NAC) as well as Sophos Endpoint Security and Control.* Hilton International (renewal of UK , switch to Sophos from CA for US) was a long-time CA customer in North Americawhen in 2007 they purchased a four year Endpoint license. Through our offices in North America and Europe, we provide protectionfor over 60,000 desktops. Key to Hilton's decision to switch to Sophos was the wide platform coverage, intuitivemanagement console and the security and control vision of our endpoint roadmap.* Miami-Dade (switch to Sophos from McAfee) is the 4th largest school district in the US and was using McAfee for the last5 years to protect their 90,000 desktops and Exchange environment. In the words of Miami-Dade here is why they chose Sophos astheir preferred vendor: "Purchase of the Sophos Anti-Virus product offers the District several benefits over the outgoing solution:Coverage for all District computers ... Faster Detection of Threats, Better Performance from Computers, Faster Updates and SmallerUpdates... Simplified Console Has Shorter Learning Curve ... and Better Support"* Revlon, Inc. (switch to Sophos from Symantec) is a mass-market cosmetics brand, headquartered in New York City with circa6000 employees. In 2007, Revlon signed a five-year agreement with Sophos for Endpoint Security and Control plus NAC Advanced.Revlon was a former Symantec customer who wanted a solution that was intuitive, caused minimal overhead and provided the mostprotection on multiple platforms including all Windows, Linux, Mac and AIX.* Pixar Animation Studios (switch to Sophos from Symantec) switched from Symantec to Sophos Endpoint Security andControl for their 1400 PC's, Macs and Linux machines. This including their most sensitive production machines for rendering theiranimations. Paramount to the decision was the dependability of the engine on sensitive hardware, reputation for support, and ease ofreal-time management in a unified management console.Home Depot Supply, a 3 year deal in which we will be initially converting 20,000 endpoints from mostly Symantec and McAfee* Norwich Union, part of Aviva, (renewal with Sophos) the world’s fifth-largest insurance group recently further invested inSophos's technology for the endpoint to cover their 35,000 machines for a further period of five years. Alongside the Norwich Uniondeployment, Aviva has also implemented a global framework, which enables its international sites to switch easily to Sophos. Thiscould increase the number of Sophos protected machines to more than 70,000.Heinz Heinz has trusted Sophos to protect its desktop users and systems from malware and spam for many years. Heinz wanted to extend its IT security by deploying Sophos protection across thousands of employees throughout Europe, the Middle East and Asia-Pacific. The company needed to safeguard its users from malware attacks and unwanted content from all sources, and also protect against unauthorised application use.Sophos Web Security and Control was implemented at the web gateway because of its high degree of accuracy in blocking known and unknown threats. Heinz also started to use the application control capabilities offered by Sophos Endpoint Security and Control.Location EMEA headquarters, UKEnvironment 5000 users throughout EMEA5,000 User LicenseSymantec Displacement20,000 User LicenseMcAfee Displacement90,000 User LicenseMcAfee Displacement20,000 User LicenseSymantec DisplacementEnter Footer text here
22What’s new in Endpoint 9.0 Good afternoon / good morning. Thanks for joining this webcast today on the new release of our endpoint product.My name is....And with me today I have CP who is going to help me today show you what’s new in this version.We’re really excited about this new release as it delivers some great new functionality that enables you to do even more with your existing endpoint budget.
23Endpoint Security and Control 9.0 Enhancements cover:ManagementSecurityData ProtectionThere are three key areas that we have focussed on for this launch.ManagementSecurityAnd most importantly, Data ProtectionSo let’s take a look at each of those areas in turn.
25Management enhancements Role based administration:4 default role levels (admin, sys admin, help desk and guest)authenticated via Windows groupscustomizable control over policies and actionsdevolve sub-estate managementComputer based reports (compliance - protection status over time)User based reports (application, device and data control policies)Reports can be scheduled and ed automaticallyEvent viewer provides quick mechanism to analyse eventsBrand new updating technologyRBAMany IT teams would like to be able to share the work around so not all management rests on one person’s shoulders. Role based administration enables this to happen and in version 9 we’ve integrated it into the enterprise console – providing 4 default roles to get you started, but you can easily create your own roles if you need.For example you could assign rights to the technical help desk to fix problems and clean-up malware.In the same way, the responsibility for management of specific areas of the network – say locations or departments – can now be delegated. This saves admin time and enables them to retain overall control of security policy.ReportingIn version 9 we’ve introduced new standard reports predominantly focussed on compliance.For instance, you can report on the number of computers that have been out of compliance with a particular policy for a given period of time.Report customisation is easy too – you can just select the things you want to report on, such as adware and potentially unwanted applications.And with this new release, reports can be scheduled to run at specific times and then be automatically ed - straight to the people that need them.Event viewerWe’ve made it even easier to see critical events by providing an dedicated area on the dashboard that shows a rolling 7 day average of events.This new way of presenting the information means you can simply monitor the recent activity and be automatically notified if anything out of the ordinary happens.UpdatingThe release of version 9 includes a brand new updating technology called the Sophos Update ManagerUnlike EM Library, the new product, the Sophos Update Manager, is fully integrated into the Enterprise Console making it much easier for administrators to configure and manage updating.So Chris, can you show us what all this looks like?
27Security enhancements Firewall location awareness – rule sets for on and off LANDNS or default gateway used to define locationFirewall training – report only mode in console, alert on learningCombined client GUI and system tray icon (firewall + SAV)Configurable rootkit detection/blockingContinued HIPS rules enhancementsSupports Windows 7!FirewallWith today’s threats, firewalls are increasingly important, and we’re making ours easier to set up and deploy with this new release. Standard policies can be created in a few simple steps with the new wizard, and for those admins that know exactly what they want, there’s an advanced policy editor.We’re also providing Location Awareness that allows you to configure two new profiles – in and out of the office – meaning that wherever people are, you can be sure that they’re getting the right security.Also, firewall policies can now be run in an “alert only” mode allowing you to monitor what’s going on and refine policies, so when the policies are rolled out, you can be sure that better security won’t get in the way of the end-users.Combined agentThis release sees our AV and the Firewall clients and system tray icons combined. You now get a single client, called the Endpoint Security and Control agent that covers AV, HIPS, application, device and data control, the firewall and updating, further reducing the impact on your end user’s computers.HIPS enhancementsThe release of version 9 introduces two new key features: New “Gene Caching” technology means a much lower management overhead for you. It shares information between our runtime HIPS technology and our Behavioural Genotypes enabling us to make even better decisions on whether a file is malicious or not.And we’re also adding new rules to help prevent more zero day attacks. One such rule monitors files being copied to removable devices, and will prevent previously unknown worms such as Conficker.Windows 7Finally, the great news is that if you are looking at deploying Windows 7 when it ships later this month, you can be safe in the knowledge that you’ll be able to protect those machines with Sophos, as we recently passed their certification tests.So Chris, back over to you – can you give us all a walkthrough of this new areas?
28Integrating DLPSo let’s now take a look at what we’re delivering for data protection.As I said earlier this area is a key focus for the launch and certainly something that we strongly believe is a real game changer in the market.
29Device Control enhancements Dedicated device control policyPolicy exceptions for individual instance or model typesAbility to control modems as a device typeNetwork bridging preventionGranular control of:Storage devices:Removable storage - USB keys, removable hard disksOptical / disk drives - CD / DVD / HD-DVD / Blu-rayNetwork devicesWi-Fi / ModemsBluetoothInfra-redFirstly device control.This has become an important part of a data protection strategy to stop employees taking data off the network. We first introduced it into Sophos Anti-Virus back in June 2008 as part of the Application Control policy but in Endpoint 9 it has its own dedicated policy!Granular controlYou can now set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. You can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure.Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.Preventing bridgingAnd you can now prevent network bridging to stop a computer being connected to a two networks at once – for example, the corporate network by a cable and to another network wirelessly.You can automatically turn off a computer’s wireless interface if it is connected to the corporate network via a network cable and then re-enabled when the cable is removed.
30Rich DLP functionality that is simple to manage TOP SECRETFirst fully integrated endpoint DLP solutionOne agentOne license (Endpoint Security and Control)Monitor and enforce on all common data exit pointsRemovable storage / optical mediaRead only mode for storageInternet applications (web browser, client, IM client)Designed to prevent accidental data lossTrain staff through use of desktop promptsEvents audited and available for review within SECAnd now for the game changing piece... Version 9 is the first fully integrated endpoint DLP solution on the market, with a single agent delivering both malware and data protection.Implementing a DLP solution can be a complex and costly task for IT managers, but we address this like no other vendor by integrating data control into the endpoint agent.Our new integrated data control functionality is designed to prevent accidental leakage of personally identifiable information (PII) to minimise an organisation’s risk of breaching data security compliance legislation.Covering all exitsThe agent monitors all the common ways users can move data off the network: removable storage devices, CD/DVD/Floppy drives and Internet enabled applications such as web browser, clients and even instant messagingSimplifying identificationSophosLabs remove the need for complex, time consuming creation of sensitive data lists by delivering an extensive library of global definitions which can be used out-of-the-box.These lists cover things like social security numbers, credit card numbers and postal addresses. All files transferred will be scanned and checked against the data control policy.Acting on breachesThere are a number of options open to the administrator if the agent detects that sensitive information is being moved. Firstly, the transfer can be allowed and simply be reported back to the Enterprise Console. Secondly, the transfer can be blocked.The third option is to check with the user and give them the ability to authorise the transfer.This can be can be used to train users that the data they are transferring may breach a company policy without actually preventing them from carrying out their work.The end users decision is audited and can be reviewed at a later date.Again, back to you Chris. Can you show us how this great new functionality can be set up and configured?
31Recent UpdatesI just want to briefly touch on a couple of recent non-Windows launches from Sophos which you may or may not be aware of.
32Non-Windows releases SAV for Mac 7.0 SAV for UNIX 7.0 Supports Mac OS X 10.6New user interfaceScheduled scanningSAV for UNIX 7.0Central monitoring and reporting via Enterprise ConsoleSolaris 9/10 on SPARC and Intel, HP-UX 11i (Itanium)Firstly our Anti-virus for Mac release. There has been significant coverage of the eagerly awaited launch from Apple of their new operating system, 10.6 otherwise known as Snow Leopard.I’m delighted to say that our latest anti-virus for Mac release, version 7, supports Snow Leopard.In addition, we upgraded the user interface for our product and it now has much more of an Apple look and feel.Finally, we’ve also added in the ability for you to schedule scanning for specific times.Secondly our anti-virus for UNIX release. We’ve actually been releasing this over a number of drops, each one adding central management additional UNIX platforms.Within Enterprise Console, you can now manage Solaris 9/10 on SPARC and Intel, plus HP-UX on Itanium – all alongside your Windows, Mac and Linux computers.
34Download available now No license cost upgrade for customers with following:Endpoint Security and ControlEndpoint Security and Data Protectionhttps://secure.sophos.com/support/updatesWith all this great new functionality and also the new updating mechanism, we strongly advise you read the upgrade guides before you go ahead with deploying the new version across your estate.
35Summary Key new features Data loss prevention at the endpoint Control of access to devices, ports and data from a unified clientFirewall enhancements: location awareness, centralized learningAnti-virus protection / HIPS enhancementsIntegrated and extended role based administrationImproved updating/package management, replacing EM LibraryExtended reporting – status, scheduled