Presentation is loading. Please wait.

Presentation is loading. Please wait.

Synchronized Security Revolutionizing Advanced Threat Protection

Published byWinifred Ward Modified over 8 years ago

Similar presentations

Presentation on theme: "Synchronized Security Revolutionizing Advanced Threat Protection"— Presentation transcript:

1 Synchronized Security Revolutionizing Advanced Threat Protection
Lars Putteneers Sales Engineer

2 What we’re going to cover
What’s the problem? It’s time for a security revolution How it works Synchronized Security Your path to synchronized Security

3 What’s the problem?

4 Threat Landscape

5 Increasing attacks, increasing sophistication
Attack surface exponentially larger Laptops/Desktops Phones/Tablets Virtual servers/desktops Cloud servers/storage Threats more sophisticated Attacks are more coordinated than defenses

6 Security industry 2D view
Each product FW, AV, Dev control, App Control, Mobile – has a unique way of looking at the network. You are looking at it from a sideview, not a top-down 3D view. This is just the nature of the beast. FW just looks at the network. If it’s designed to let port 80 through, I craft my malware to use port 80. We’re left with competent products, but only a 2D view (un-integrated).

7 It’s time for a security revolution

8 Generations of security
Point Products Anti-virus IPS Firewall Sandbox Layers Bundles Suites UTM EMM Synchronized Security Security Heartbeat™

9 Synchronized Security
CORPORATE DATA WINDOWS PHONE Comprehensive protection Prevent Malware Detect Compromises Remediate Threats Investigate Issues Encrypt Data iOS MAC WINDOWS Endpoint security used to be about stopping malware from infecting Windows PCs on the network. Now it has to evolve to not only prevent malware, but also detect machines that are already compromised and help remediate detected threats on a variety of workstation and mobile platforms. Endpoint security also has to include a focus on the data, ensuring it is encrypted and accessible only to authorized users regardless of where the data lives. ANDROID LINUX

10 Integration at a different level
Synchronized Security Alternative Management SIEM Enduser Network Endpoint Mgmt NW Mgmt Endpoint Network System-level intelligence Automated correlation Faster decision-making Accelerated Threat Discovery Automated Incident Response Simple unified management Resource intensive Manual correlation Dependent upon human analysis Manual Threat/Incident response Extra products Endpoint/Network unaware of each other

11 Synchronized Security
Sophos Cloud Security must be comprehensive The capabilities required to fully satisfy customer need SOPHOS LABS Next Gen Enduser Security Next Gen Network Security Security can be made simple Platform, deployment, licensing, user experience Security is more effective as a system New possibilities through technology cooperation heartbeat Synchronized Security Integrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection.

12 How it works

13 3 pillars of advanced threat protection
Security Heartbeat™ Accelerated Threat Discovery Active Source Identification Automated Incident Response Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeat™ pulses real-time information on suspicious behaviors By device identification reduces time taken to manually identify infected or at risk device or host by IP address alone Compromised endpoints are isolated by the firewall automatically, while the endpoint terminates and removes malicious software. Faster, better decisions Quicker, easier investigation Reduced threat impact

14 System Initialization
Sophos Cloud Registration NGEP & NGFW register with Sophos Cloud which sends certificate/sec info to both SOPHOS LABS Next Gen Enduser Security Next Gen Network Security Connection Endpoints initiate connection to the trusted Firewall Validation Firewall and Endpoints check sec info sent to them by Cloud to verify they are valid heartbeat Support of multiple locations Endpoints can establish connection to Firewalls at any customer’s location as the Sophos Cloud registry can be shared among all Galileo-enabled Firewalls

15 Accelerated Threat Discovery
Sophos Cloud Security Heartbeat A few bytes of information are shared every 15 seconds from Endpoint to Network SOPHOS LABS Next Gen Enduser Security Next Gen Network Security Events Upon discovery, security information like Malware, PUA is shared between Endpoints and Network Health Endpoint sends Red, Yellow, Green health status to Network heartbeat VPN support Galileo supports endpoints connected within the local network as well as those connected via VPN as long as they are connecting to the Firewall.

16 Active Source Identification
Sophos Cloud Security Heartbeat Positively identifying the machine. Associating the IP address with a particular Endpoint SOPHOS LABS Next Gen Enduser Security Next Gen Network Security Advanced Attack If Network Firewall detects an advanced attack but can’t determine source, it requests details from endpoints Source Identification Endpoint sends details of machine name, user, process, and IP address heartbeat

17 Automated Incident Response
Sophos Cloud Green Endpoints have full access to internal applications and data as well as internet SOPHOS LABS Next Gen Enduser Security Next Gen Network Security Yellow Affected endpoints can be isolated from internal/sensitive applications and data while maintaining access to internet Red Affected endpoints are isolated from the network and have no access to internal systems or external internet heartbeat Defaults and customization There are no default policies based on health status so admins can customize responses as needed. We are developing a best practices guide to assist customers in recommended policy setup.

18 Synchronized Security 2015

19 Comprehensive Next-Gen Endpoint
Application Control Application Tracking Reputation Web Protection IoC Collector SOPHOS SYSTEM PROTECTOR Security Heartbeat™ Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection

20 Comprehensive Next-Gen Network
Routing Security Web Filtering Intrusion Prevention System Firewall SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Security Heartbeat™ Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection

21 Next Generation Threat Detection
Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Security Web Filtering Intrusion Prevention System Firewall heartbeat SOPHOS SYSTEM PROTECTOR SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Security Heartbeat™ Security Heartbeat™ Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection User | System | File Compromise Isolate subnet and WAN access Block/remove malware Identify & clean other infected systems

22 Synchronized Security 2016

23 Improved Threat Detection
Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Security Web Filtering Intrusion Prevention System Firewall heartbeat SOPHOS SYSTEM PROTECTOR SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Security Heartbeat™ Security Heartbeat™ Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection User | System | File Compromise Lockdown local network access Remove file encryption keys Terminate/remove malware Identify & clean other infected systems

24 Automated Protection of Endpoints
Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Security Web Filtering Intrusion Prevention System Firewall heartbeat SOPHOS SYSTEM PROTECTOR SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Security Heartbeat™ Security Heartbeat™ Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection NGFW notes if EP is sending Heartbeat (if it is, it is definitely managed) If not, NGFW characterizes EP by inspecting traffic (e.g. is it a Windows, MAC, printer, IP phone, mobile device etc) NGFW queries Cloud EP management to ask two questions   1) Could it be managed (true for Windows, MAC, mobile; false for printer, IP phone etc) ?   2) Is it managed already (to cover the case we don't support Heartbeat on that platform yet) ? If the device is one which could be managed but isn't, NGFW redirects device to a Self Service portal defined by Administrator to become managed NGFW restricts network traffic from that device to that portal to protect customer network. Also an incentive for device owner to make device compliant. Portal authenticates user (username / password) Portal will present device dependent information e.g. will contain installers for Cloud EP (Windows, MAC), registration page for mobiles etc. Portal can also contain security profile information for that customer e.g. certificates to be installed to access customers WiFi and network resources Win | Mac | Mobile Endpoint Discover unmanaged Endpoints Could it be managed? Self-service portal setup User authentication Distribute security profile

25 Detect and Remediate Compromises
Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Security Web Filtering Intrusion Prevention System Firewall heartbeat SOPHOS SYSTEM PROTECTOR SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Security Heartbeat™ Security Heartbeat™ Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection User | System | File Compromise Identify compromise Detect source Assess impact Block/remove malware Identify & clean other infected systems

26 Your path to Synchronized Security

27 Endpoint and Network working together
NEXT-GEN ENDUSER SECURITY NEXT-GEN NETWORK SECURITY SOPHOS CLOUD ENDPOINT SOPHOS UTM NEXT-GEN FIREWALL CLOUD ENDUSER PROTECTION NETWORK PROTECTION MODULE NETWORK PROTECTION MODULE FULLGUARD LICENSE NEXT-GENGUARD LICENSE CLOUD ENDPOINT ADVANCED TOTALPROTECT BUNDLE NEXT-GENPROTECT BUNDLE

28 Already using Sophos * Cloud Endpoint requires Sophos Cloud Endpoint Protection Advanced or Sophos Cloud Enduser Protection subscriptions

29 Sophos Endpoint – Cloud managed Sophos Endpoint – SEC managed
Already using Sophos Sophos Endpoint – Cloud managed Sophos Endpoint – SEC managed Sophos Firewall user Deploy an XG Series Firewall If you have SG Series, upgrade to Sophos Firewall OS Switch to a Sophos Cloud-managed Endpoint option Deploy an XG Series Firewall If you have SG Series, upgrade to Sophos Firewall OS XG Series user Deploy Sophos Cloud- managed endpoint SG Series user In early 2016, upgrade to Sophos Firewall OS UTM Series user Refresh your firewall with an XG Series appliance Alternative slide option to slide 28 in case you prefer this version.

30 Conclusion

31 The Synchronized Security difference
Sophos Competition Synchronized Security Point Products Simple Complex Comprehensive Incomplete Prevention, Detection, Investigation, Remediation, Encryption Prevention Enduser, Network, Server, Mobile, Web, , Encryption Endpoint or Network Automated Manual Block the known, unknown, advanced, coordinated attacks Partial Prevention

32 Revolutionizing advanced threat protection
Synchronized Security Accelerated Threat Discovery Positive Source Identification Automated Incident Response Faster, better decisions Quicker, easier investigation Reduced threat impact

33

Download ppt "Synchronized Security Revolutionizing Advanced Threat Protection"

Similar presentations

The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.

Introducing Kaspersky OpenSpace TM Security Introducing Kaspersky ® OpenSpace TM Security Available February 15, 2007.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
IBM Security Network Protection (XGS)

IBM Security Network Protection (XGS)
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
Barracuda Load Balancer Server Availability and Scalability.

Barracuda Load Balancer Server Availability and Scalability.
[Name / Title] [Date] Effective Threat Protection Strategies.

[Name / Title] [Date] Effective Threat Protection Strategies.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Vantage Report 3.0 Product Sales Guide

Vantage Report 3.0 Product Sales Guide
Module 14: Configuring Server Security Compliance

Module 14: Configuring Server Security Compliance
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Similar presentations

Ads by Google