Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sophos Network Security

Similar presentations


Presentation on theme: "Sophos Network Security"— Presentation transcript:

1 Sophos Network Security
Michal Hebeda Presales Engineer

2 Agenda Sophos UTM – Unified Threat Management Sophos TMG replacement
Sophos XG – Next Generation Firewall Question & Answers

3 How to choose? Buy your favorite Sophos Firewall Platform
Both are amazing platforms UTM 9 XG Firewall How can you do this? Well, we just want you to sell your favorite Sophos Firewall platform… whether you feel more comfortable selling UTM 9 or XG Firewall in any given opportunity, is up to you... Both are amazing platforms. UTM 9 is a great trusted platform that you and everyone else is intimately familiar with, we have a new relaase coming out immanently that we;ll talk more about in a minute, and you’ll be thrilled to know that it represents a fantastic and rewarding cross-sell opportunity for you with integrated support for our new Sandstorm sandboxing technology. XG Firewall will also make sense for you in some obvious situations like anywhere there’s a Cloud Endpoint cross-sell opportunity that can take advantage of the Security Heartbeat. It’s an innovative platform with lots of new capabilities, but we understand many partners are still getting up to speed on this platform and waiting until the next major release before fully embracing it, which is completely understandable. Trusted platform Intimate familiarity New release with UTM 9.4 Sandstorm Innovative platform New features and capabilities Major new release coming v16 Security Heartbeat

4 SG Series XG Series SG Series vs XG Series with UTM 9 with SF-OS
But before we dive into the new hardware, I want to take a moment to remind everyone that when selling UTM 9, you’re selling SG Series… they come pre-installed with UTM 9. There’s no need to get the XG Series appliances... Those are identical hardware but come pre-installed with XG Firewall firmware and as some of you have found out, it’s not possible to re-image these to run UTM 9, so just make sure you order the right hardware for the job. There’s nothing new or special about the letters XG other than the firmware that comes factory installed. Identical Hardware Different Firmware

5 Sophos UTM

6 Our all-in-one approach
Complete Network Protection Complete , web & network protection integrated Endpoint and Mobile integration Networking features for high availability and load balancing VPN & wireless extensions Central, browser-based management & reporting of all applications Through the Sophos UTM family, we are able to provide an integrated complete solution for , web and network security. The browser-based management interface allows for easy configuration of all functions with just a few mouse-clicks - also without vast knowledge of technical IT know-how. The Sophos UTM Manager (SUM) enables a central establishment and overview for larger and more wide-spread installations of up to hundreds of Sophos UTMs. Sophos UTM provides the same functions on all appliance models: hardware, software and virtual, allowing for more flexible deployment scenarios. The Gateways are supported by tools which help extend your functionality for smooth daily business operations: Sophos RED offers complete and centrally administered VPN connectivity and UTM security for remote offices and can be configured in minutes - without the need of local IT personnel. With Sophos Wireless Protection, you are able to easily connect our Access Point devices with your UTMs security features. Sophos VPN Clients provide mobile employees with secure and easy to administer remote access to the corporate network. The Sophos UTM Smart Installer (SUSI) is a bootable USB device, with which you are able to easily install the latest version of UTM software. Networking features such as high-availability (HA), clustering, server and WAN link balancing provide constant reliability and scalability for your deployment, usually available only to enterprise solutions. Endpoint Protection offers the chance to use the UTM as a central controller for AV and Device Control on Endpoints. Software Appliance Flexible Deployment Virtual Appliance © Astaro 2008

7 Deployment models Flexible options for deployment Cloud Software
Virtual Hardware

8 Hardware Licensing TOTAL PROTECT = FULLGUARD + SG APPLIANCE + SUPPORT
1. Choose your protection subscription (1-3 year terms) 2. Choose your Add-Ons (Sold Separately) 3. Choose your appliance based on capacity 4. Choose your support level Essential Firewall (Free) Network Protection ($) Web Protection ($) Protection ($) Wireless Protection ($) Web Server Protection ($) SUM (Free) iView ($) RED ($) APs ($) Endpoints ($) UTM Standard UTM Premium For our smallest customers we offer BasicGuard – a FullGuard ‘lite’ subscription available with SG 105 and SG 115 models After you have chosen your platform you can add subscriptions whenever needed. Every UTM comes with a free Essential Firewall license which provides fundamental security features activated for the protection of company networks. This basis can be flexibly extended through optional subscriptions for Network, Web, Mail, Webserver and Wireless Protection and also for Endpoint Protection. Buying all subscriptions in one single Full Guard bundle provides complete security at a very attractive price. FullGuard TOTAL PROTECT = FULLGUARD + SG APPLIANCE + SUPPORT

9 Software/Virtual Licensing
Choose your protection subscription (pricing by # IP addresses and term) 2. Choose your Add-Ons (Sold Separately) 3. Choose your support level Essential Firewall (Free) Network Protection ($) Web Protection ($) Protection ($) Wireless Protection ($) Web Server Protection ($) SUM (Free) iView ($) RED ($) APs ($) Endpoints ($) UTM Standard (Free) UTM Premium ($) After you have chosen your platform you can add subscriptions whenever needed. Every UTM comes with a free Essential Firewall license which provides fundamental security features activated for the protection of company networks. This basis can be flexibly extended through optional subscriptions for Network, Web, Mail, Webserver and Wireless Protection and also for Endpoint Protection. Buying all subscriptions in one single Full Guard bundle provides complete security at a very attractive price. FullGuard

10 Fullguard promo – till With Fullguard or Fullguard Plus 3 years order Discount 100% on HW SG series Save 2x Fullguard for 3 years is cheaper than 3 times 1 year Hardware for free

11 SG Series Appliance Portfolio
Desktop Rack 1U Rack 2U Hardware Appliance SG 105 / 115 SG 125 / 135 SG 210 / 230 SG 310 / 330 SG 430 / 450 SG 550 SG 650 Category Small Desktop Medium Midrange 1U Large High-end 2U Network Ports (standard) 4 8 6 6 & 2 SFP 8 (FleXi Port) FleXi Port Expansion Bays n/a 1 2 3 Redundancy 2 SSD (RAID) & 2nd hot-swap power optional (SG 450 only) 2 hot-swap SSD (RAID) 2 hot-swap power supplies Software Runs on dedicated Intel compatible PCs and servers and within virtual environments like VMware, Citrix, Hyper-V, KVM and other virtual environments

12 Modular Security features
Enterprise-class security for small and mid-market organizations Device Control AntiVirus Web-in-Endpoint Endpoint Protection Wireless Controller for Access Points Multi-Zone (SSID) support Hotspot Support Wireless Protection Network Protection Intrusion Prevention (IPS) Client & Site-to-Site VPN Quality of Service (QoS) Advanced Threat Prot. (ATP) Stateful Firewall Object based rules User self-service portal Essential Firewall Reverse Proxy Web Application Firewall Antivirus Web Server Protection URL Filtering Policies Web Threat Protection Application Control Web Protection For every Sophos UTM, a free Essential Firewall license is available. This license provides the base functionality with fundamental security features activated for the protection of company networks. This basis can also be flexibly extended through optional subscriptions for Sophos Network, Web, Mail, Web Application and Wireless Security. Many providers of UTM solutions list in their datasheets a large number of functions. Often enough however, certain product features are only rudimentarily implemented. For example, some manufacturers talk about spam protection when they only employ a single mechanism such as RBL lists. Effective spam protection is only reached however through a combination of different techniques, which are specialized in recognizing certain spam methodology. Enterprise solutions and Sophos UTM solutions work in this way. Anti Spam & Phishing Dual Virus Protection DLP & Encryption Mail Protection © Astaro 2008

13 Individual user portal
Simple management Simple management is one of the most important aspects for an all-in-one security solution. Esepcially designed for the requirements of small and middle sized companies, all features can be easily used without much technical security know-how. For this reason, every function can be configured via an intuitive browser-based user interface in many different languages. The intuitive dashboard provides a quick overview about the current status of the Gateway, for example the resources used, active connections and recognized malware. The UserPortal allows every user to see their individual mail log, manage their own spam quarantine or install their own VPN Client configuration with a single mouse click. This saves the administrator much time. Extensive log data, which is stored in a local database, allows the generation of many easy to read reports. Especially in their own user friendliness, many of today's UTM solutions come up short. Intuitive Dashboard Individual user portal Extensive reporting © Astaro 2008

14 High availability (Active/Passive)
deactivated Master Internet Status & config synchronization Sophos UTM Protection makes it easy to keep your inboxes clear of viruses and spam. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives. We give you handy management tools to make life easier for you and your users. And we let you secure that leaves your business with encryption options.

15 High availability (Active/Active)
High Availbility Active / Active Master (balancing) Slave Cluster nodes Sophos UTM Protection makes it easy to keep your inboxes clear of viruses and spam. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives. We give you handy management tools to make life easier for you and your users. And we let you secure that leaves your business with encryption options. Scalability Fully meshed Fully meshed LAN

16 Overview Other devices and software… Access Points
RED (Remote Ethernet Device) In addition to the Sophos UTM itself, there are additional devices and software that can be used with it: The Sophos RED, Remote Ethernet Device, provides plug and play layer 2 VPNs for small branches and acts like a virtual Ethernet cable back to the main office Sophos wireless access points provide centrally managed, plug and play secure Wi-Fi Sophos’ SSL and IPsec VPN clients for remote access The Sophos UTM Manager software, SUM, provides central management of multiple UTM appliances Sophos Firewall Manager VPN Clients

17 Sophos RED Simple, plug & play branch office security
Securely connect remote locations Completely configuration free Flexible deployment options Same protection for all offices Fully encrypted traffic Centrally managed No added licenses or maintenance Tunnel compression for RED RED 50 Sophos RED offers you a centrally managed appliance that makes it easy and affordable to connect branch offices back to your headquarters and keep their Internet access secure. - No local IT knowledge is required at the remote site - There are no maintenance and no recurring costs for branch offices - They can plug&play UTM security direct from your head office - You only need one global security policy

18 Sophos RED – how to deploy
RED Provisioning Service 3. RED device deployment 1. Cconfigure RED device 2. Configuration save 5. Sign in using RED ID 6. Configuration download Main office Branch office Internet Enable RED Management on the UTM and add the RED using its unique ID The UTM will register itself with the RED Provisioning Service using TCP 3400 & UDP 3400/3410 If registration fails use the RedAlert.exe to check connectivity to the RED Provisioning Service: Ensure the correct public IP/hostname for the UTM is in the UTM hostname field The UTM will send the configuration to be stored on the RED Provisioning Service with the RED ID Deploy the RED in the branch office by connecting it to an Internet router and power The RED will get a local IP address from DHCP The RED requires DHCP to provide an IP address and route to the Internet If there is no DHCP, the RED will try a 3G/UMTS connection. If there is no connection or no 3G stick it will reboot If there is no DHCP and no 3G, the RED will try default static network configuration of: IP: /24 GW: If this does not work it will fail back to DHCP Ensure it can connect to the RED Provisioning Service and use the RedAlert.exe tool again if required The RED will connect to the RED Provisioning Service and sends its unique ID to download the configuration data using TCP 3400 The RED will receive its configuration from the provisioning server. At this point the RED will usually have to update its firmware A firmware update is indicated by all the LEDs flashing. Do not unplug the RED while it is updating The RED will create a tunnel to the UTM using TCP/UDP If this fails: Check configuration of IP/hostname for the UTM Check DHCP server to see if RED has received an IP address Try to ping the RED on the WAN port Interface of router connected to RED WAN port is down Deactivate authentication mechanisms on the interface of the router connected to the RED WAN port 7. Setup Layer 2 Tunnel RED 4. Obtain local IP (DHCP) Internet Router UTM

19 Sophos RED – specification

20 Sophos Access Points Portfolio
New AP 15C (Support with UTM 9.4 only) AP 15 AP 15C AP 55 AP 55C AP 100 AP 100C AP 100X Deployment Desktop/wall Ceiling Outdoor wall-mount SOHO Larger offices, high density Ceiling-mounted for larger offices Enterprise dual-band/dual-radio Maximum throughput 300 Mbps 867 Mbps Mbps 1.3 Gbps Mbps Multiple SSIDs 8 8 per radio (16 in total) Tech. Specification Supported WLAN Standards 2.4 GHz 2.4 GHz or 5 GHz 2.4 and 5 GHz Number of radios 1 2 MIMO capabilities 2x2:2 3x3:3 The Sophos Access Point portfolio also gains a new member of the family, the AP 15 gets a ceiling mound model with similar specs to the desktop AP 15 however, this new AP offers the choice of either 2.4GHz or 5GHz operation for it’s single radio. As with the RED 15w, the AP 15C will be supported first in UTM 9.4 and will come to XG Firewall in a future update to SF-OS.

21 Available as a Software/Virtual ISO
Sophos iView Dedicated Reporting Appliance for Centralized Reporting Added Visbility Increased depth and breadth of reporting Over 1000 built-in reports and views Compliance reporting: HIPAA, PCI DSS, GLBA, SOX Fully customizable reports & views with extensive drill-down capabilities Consolidated Reporting Centralized reporting across multiple UTMs Works out-of-the-box with all Sophos UTMs Single centralized view of all network activity Great for larger organizations and MSPs Security Intelligence Identify issues before they become problems Rich dashboard and detailed traffic reports offer intelligent insights Easily monitor suspect users or traffic anomalies Quickly identify attacks on your network Log Management Backup and long-term log storage Automated backups of all UTM logs for long-term storage Eliminates reporting gaps if replacing/upgrading a UTM Quick access and retrieval of historical data for audits and forensics For those of you that may not know… Sophos iView is our first product collaboration with Cyberoam. This is a product that we’ve worked with them on bringing to the sophos UTM product line as an add-on that extends and enhances our on-box reporting. It will be sold as a virtual appliance only with licensing including support and based on term and storage needs. It will work out of the box with Sophos UTMs and offers a number of great features that will appeal to many organizations such as… Added visibility, adding a bunch of additional reports and views, including reporting that meets compliance requirements for standards like HIPAA, PCI, and a few others. It also offers a lot of additional views and customization options that will appeal to the nerdy IT admin. Another key benefit it provides is consolidated reporting across multiple UTMs which will be huge for MSPs and larger organizations with more than one UTM. It also provides some good insights into traffic trends that may allow admins to identify problem users or attacks on their network And it provides great log management for backup and long-term storage so if a UTM needs to be replaced all the historical reporting is not lost and makes retrieval easy for audits or forensics It’s a great new addition to the UTM line up, particularly for customers wanting more breadth and depth of reporting, those who need to meet compliance requirements, or those managing networks with multiple UTMs. It’s coming at the end of Sept. Available as a Software/Virtual ISO

22 Sophos UTM Manager (SUM) – No Charge
Centralized Management of Multiple UTMs Multi-tenant Real-time monitoring Aggregated reporting Inventory management Device maintenance Configuration templates Access management New automated licensing Included at no extra charge! Available as a Software/Virtual ISO

23 Elevated Threat Protection made Simple
Sophos Sandstorm Elevated Threat Protection made Simple New breach detection platform Powerful cloud-based next generation sandbox Targeted attack protection, visibility and analysis Detects , blocks and responds to evasive threats Sophos UTM is one of our first products to benefit So what does Sophos Sandstorm bring to the table? It… <read bullets> Ultimately Sophos Sandstorm will be integrated into several Sophos products and platforms, but Sophos UTM is one of the first, which just reinforces our commitment to this platform.

24 How it works Sophos Sandstorm Determine Behavior Suspect Control
Cloud Determine Behavior HASH How does it work? First of all, if the file contains known malware or bad URLs it will be blocked by the threat protection engine. Then if it’s a suspicious file like a PDF with active content, a hash is generated from the file and sent to Sandstorm to see if this file has been seen before. If it has, a decision can be rendered to allow or block it right away. If it hasn’t been seen before the file is sent up to Sandstorm for analysis. There it will be detonated and monitored for a few minutes, during which time the user sees a patience screen in their browser keeping them appraised of what’s going on. Once a decision is made, the file is either blocked or allowed accordingly and a report generated. Suspect Control Report

25 Advanced Sandboxing made Simple
Enabling Sandboxing Then enabling it is as simple as selecting the option to use it in Web or filtering

26 Advanced sandboxing made Simple
Monitoring Activity The admin can monitor Sandstorm activity to see how the solution is peforming… including the number of suspicious files detected, those excluded by policy, those that were determined malicious and those that were cleaned or sent for further analysis.

27 Advanced sandboxing made Simple
User Patience Page End users who download content that requires sandboxing will see a patience screen appear while the file is analyzed in Sandstorm. The whole process can take a few minutes, but it’s well worth the wait for suspicious content. When the analysis is finished and the file is determined safe, the user can access the file.

28 Advanced sandboxing made Simple
Detailed visibility There’s a full history of all the analysis done by Sandstorm with complete details on the result of each file analyzed.

29 Advanced sandboxing made Simple
Detailed visibility There’s a full history of all the analysis done by Sandstorm with complete details on the result of each file analyzed.

30 How Sophos Sandstorm Rises Above the Competition
Simple Easy to try – sign up easily for a free trial in MyUTM Easy to deploy – simply activate the policy Easy to manage – all from within the UTM console – no special staff required Effective Blocks evasive threats - detects threats designed to evade sandboxes that other solutions miss Effective control – simple, efficient policy control Visible protection – granular incident based reports anyone can understand Cloud-based Rapid deployment - instant protection with no hardware to deploy or appliance upgrade needed Minimal impact on performance – all processing done in cloud Collective intelligence – benefit from all customer threat analysis Sophos Sandstorm offers a number of compelling advantages over competitors sandboxing solutions. It’s simpler than any other sandboxing solution out there, it’s very effective, and it’s cloud based with one of the benefits being that all customers instantly gain the benefits of any analysis being done on any other customer’s suspicous files, ultimately providing better, faster protection.

31 Elevated Threat Protection made Simple
Sophos Sandstorm Elevated Threat Protection made Simple Enterprise-grade protection without the enterprise price-tag or complexity! But best of all, Sandstorm is super affordable for small and medium sized businesses to deploy in their environments. They don’t need specialized infrastructure or staff. It really is enterprise-grade protection without the enterprise price tag or complexity.

32 TMG replacement

33 TMG replacement

34 TMG replacement

35 TMG replacement

36 TMG replacement Next steps: Visit www.sophos.com/TMG
TMG replacement guide available TMG replacement administrators guide available

37 Sophos XG

38 XG Firewall – The next-thing in next-gen
Heartbeat Coming Soon! Sophos Firewall OS (SF-OS) New Firewall Operating System and Software Platform Proven Appliances Identical to SG Series except come preloaded with SF-OS Security Heartbeat Support for Security Heartbeat with Sophos Cloud Endpoints Migration Tools Enabling an easy migration from UTM 9 to SF-OS Sophos Firewall Manager (SFM) New on-premise Centralized Management Sophos Central Firewall Manager (CFM) Centralized Firewall Management in the Cloud (for partners only initially) Sophos iView Reporting Updated on-premise Centralized Reporting

39 Familiar Deployment Options: Software, Virtual, Hardware
Similar Deployment Options to UTM 9 Software Bring your own hardware Compatible with Intel x86 platforms Virtual Vmware, Hyper-V, Citrix XEN, KVM Flexibility regarding resource assignment and high availability Great for demos, testing XG Series Hardware Full range of hardware appliances Same as SG Series – come pre-installed with SF-OS SG Series are upgradable to SF-OS Deployment options with XG Firewall should be familiar. Like UTM 9, the XG Firewall offers industry leading deployment flexibility as a software, virtual or hardware appliance. In fact, XG Series supports all the same deployment options as the UTM 9 product with the exception of Amazon Web Services… <advance> AWS and Azure cloud support will follow in a subsequent release of XG firewall. Amazon Web Services (AWS) and Azure Support Coming Soon!

40 Security Heartbeat™ Advanced Threat Protection
Network and Endpoint working better together to revolutionize advanced threat protection Advanced Threat Protection Accelerated Discovery Endpoint and network protection combine to identify unknown threats faster. Active Identification Reduces time taken to identify infected or at risk device or host by IP address alone. Automated Response Compromised endpoints can be automatically isolated or restricted by firewall policies based on Heartbeat™ status. Suspect Endpoint XG Firewall 1. ATP detects and blocks suspect C&C connection 2. Context requested from Endpoint 3. Full information exchanged (user, process, etc.) 4. Admin notified about ATP event including context Heartbeat in Network Policies Endpoints Internet XG Firewall No Security issues Unwanted Application Compromised Automatically isolate systems with Red Heartbeat Set more restrictive policies for systems with Yellow Heartbeat Infected Server

41 XG 85 XG 105 XG 115 XG 125 XG 135 XG 210 XG 230 XG 310 XG 330 XG 430 XG 450 XG 550 XG 650 XG 750

42 Positioning for new models – XG 85(w)
XG 85/ XG 85w Introduced due to demand for lower cost model Same chassis as XG/SG 105/115 but no VGA port Some differences to other models: 8 GB Flash memory Does not support on-box reporting (use iView free option) No dual AV, Sophos only ‘w’ model 2 x 2:2 MIMO Who to target Price sensitive small office, retail, home office The XG 85w was introduced to help meet demand in some opportunities for a lower cost model. It shares the same chassis as the 105 and 115 but lacks a VGA port. Some other differences include a limited amount of storage, meaning that iView is required to do reporting from XG 85 devices. It also only supports single AV engine scanning… no dual engine scanning, and is 2x2 MIMO with Wireless N support up to 300Mbps. It’s really ideal for very price sensitive opportunities where a low cost device is required for multiple retail operations or very small offices or even home office use.

43 Positioning for new models – XG 750
Opens up additional enterprise opportunities 2U chassis 8 FleXi Port bays (1 x 8 GE copper included) – max 64 ports Hot swap SSDs, redundant power supplies and fans Different manufacturer, so different FleXi Ports Who to target Large enterprise, datacenters, MSPs The XG 750 sets a new bar for high-end firewall performance and features that will appeal to larger enterprise customers. It has a 2U chassis with 8 flexi-ports that means it can be equipped with up to 64 Gigabit ethernet ports. It also offers hot-swap redundancy for the SSD drives and power supplies.

44 Welcome to XG v16!

45 Synchronized Security
What’s new in v16… Key Focus Areas User Experience Feature Gaps Synchronized Security Addressing your top concerns across all areas of the product from navigation to policy to logging and more. Over 100 new features and closing 35 feature gaps with UTM 9 across web, , OTP, and many other areas. Adding new Synchronized Security Features to the arsenal to improve protection, enforcement, and reporting

46 Top New UX Features New Left Nav
Tabs for 2nd Level Nav Enhanced Control Center Widgets Redesigned Web Policy Direct access to live log viewer from any screen

47 New Firewall Network and Device Feature
Firewall Hostname Cloning of rules, objects, and policies Per-rule routing Policy routes Firewall-to-Firewall RED Tunnels Country filtering improvements Improved NAT Business Rule Creation

48 New Email Features Per domain routing Full MTA – store and forward
Enhanced anti-spam SPX Reply Portal

49 Security Heartbeat Analytics Next-Gen Firewall Wireless Web Email
Disk Encryption UTM File Encryption Endpoint Next-Gen Endpoint Mobile Server Cloud Intelligence Centralized Policy Management

50


Download ppt "Sophos Network Security"

Similar presentations


Ads by Google