John Shaw, VP of Product management at Sophos, introduced us to the world of Project Galileo. What is Sophos doing to bring Network Security and Endpoint security together? How do we make these two pillars of IT security work together?
4. 4
Toolkits put the advanced techniques quickly in
the hands of the bad guys âŠ
5. 5
So itâs not just an issue for the big companies
Sophos Confidential
Note: Source PWC 2015 Information security breaches survey, UK
1. Large organizations and SMBs consist of enterprises with >250 employees and 1-249 employees respectively
63% of UK small/medium businesses know they were infected by
malware in the past year.
38% of UK small/medium businesses know they were attacked by
an unauthorized outsider
74% of UK small/medium businesses had a security incident last
year
42.8m global security incidents from 9,700 companies surveyed, up
66%
6. 6
âAntivirus is deadâ
âConventional antivirus software is an
outmoded way of protecting computers
against malware.â
The perception of endpoint security
âThe current anti-virus method of
detecting and blocking known samples is
no longer effective.â
âAntivirus software is now so ineffective
at detecting new malware threats most
enterprises are probably wasting their
money buying it.â
8. 8
Remediation
Removes detected malware automatically; Encrypts data and controls
network access to prevent damage from running malware
Prevention
Correlates threat indicators to block web and application exploits,
dangerous URLs, potentially unwanted apps and malicious code
Detection
Analyzes software behavior and network traffic in real time, alerting
you to hidden threats that can be missed by traditional AV technology
Sophos Next Generation Endpoint Protection
9. 9
Typical attack vector
User visits a compromised site or
views a malicious ad on a site
Browser is silently redirected to a
server running an exploit kit
Malicious code and/or doc exploits
vulnerabilities in OS or application
Malware is downloaded/installed
onto the computer
Initial exposure
Redirect chain
Exploit
Infection
Command and control via indirection
Payloads â data theft, CPU, ransomware âŠ
Payload
10. 10
How Sophos Next Gen Endpoint protects
User visits a compromised site or
views a malicious ad on a site
Browser is silently redirected to a
server running an exploit kit
Malicious code and/or doc exploits
vulnerabilities in OS or application
Malware is downloaded/installed
onto the computer
Initial exposure
Redirect chain
Exploit
Infection
Web Control. Block bad URLs
Reputation. Block low
reputation sources
Block known bad URLs
Block malicious redirect code
Exploit prevention (JavaScript,
PDF, Office, Flash, etc.)
Pre-execution emulation
Heuristic analysis
Live Protection (known malware)
Payload
Malicious Traffic Detection
File Encryption
Threat Analysis Center (2016)Command and control via indirection
Payloads â data theft, CPU, ransomware âŠ
11. 11
Sophos Labs is big data analytics
150,000
Malware files added
to âLive Protectionâ
Cloud daily as a
quick detection
response
50%
Of our detections
are based on 19
malware identities.
3 million
Spam email
messages per day
seen by our 80
spam feeds across
20 countries
600
million
âLive Protectionâ
file lookup events
added to Hadoop
clusters for analysis
every day
1 million
Suspicious URLs
seen and analyzed
each day from 70
sources
350,000
Previously unseen
files received each
day within
SophosLabs, 3 every
second!
Confidential : The following roadmap is intended to outline Sophosâs general product direction. It is intended for information purposes only and does not and shall
not form part of any contract. The roadmap is not a commitment to deliver any product, version, feature, update, upgrade, code, material or otherwise
(collectively referred to âFunctionalityâ), and should not be relied upon when making purchasing decisions. The ongoing development, release and timing of any
Functionality or otherwise, remains entirely at the discretion of Sophos.
13. 13
A single connected security system that links intelligence from the
network and endpoint to make faster and smarter decisions
Project Galileo - A Revolution in Protection
SOPHOS HEARTBEAT
NEXT-GEN
ENDUSER SECURITY
SOPHOS CLOUD
NEXT-GEN
NETWORK SECURITY
SOPHOSLABS
Automated Response
Network policies to automatically isolate or
limit the access for compromised systems
until they are cleaned up
Accelerated Discovery
Endpoint MTD and Network ATP features
combine to rapidly spot infected hosts
across your entire estate
Positive Identification
by enabling network and endpoint to
communicate intelligence context
14. 14
3 pillars of advanced threat protection
By device identification reduces
time taken to manually identify
infected or at risk device or host
by IP address alone
Compromised endpoints are
isolated by the firewall
automatically, while the
endpoint terminates and
removes malicious software.
Endpoint and network
protection combine to identify
unknown threats faster. Sophos
Security Heartbeatâą pulses real-
time information on suspicious
behaviors
Sophos Heartbeat
Accelerated
Discovery
Positive
Identification
Automated
Response
Faster, better decisions Quicker, easier
investigation Reduced threat impact
15. 15
SOPHOS SYSTEM
PROTECTOR
Sophos Cloud
Heartbeat in action â advanced threat
detection
heartbeat
SOPHOS FIREWALL
OPERATING SYSTEM
Application
Tracking
Threat
Engine
Application
Control
Reputation
Emulator
HIPS/
Runtime
Protection
Device
Control
Malicious
Traffic
Detection
Web
Protection
IoC
Collector
Live
Protection
Heartbeat
Web
Filtering
Intrusion
Prevention
System
Routing
Email
Security
Heartbeat
Selective
Sandbox
Application
Control
Data Loss
Prevention
ATP
Detection
Proxy
Threat
Engine
Isolate subnet and WAN access
Block/remove malware
Identify & clean other infected systems
User | System | File
Compromise
Firewall
22. 22
N
EMM of the future is all about security â on all
devices
Next gen end user protection
Secure MYOD âŠ
User registers a device
Company adds access to data, and security
Stop
threats
Protect
data
Protect
identity
23. 23
Project Galileo(1)
Integrated, context-aware security
where Enduser and Network technology
share meaningful information to deliver
better protection
Sophos Delivers Next Generation Threat Protection
Security must be comprehensive
The capabilities required to fully satisfy
customer need
Security can be made simple
Platform, deployment, licensing, user
experience
Security is more effective as a system
New possibilities through technology
cooperation
Note:
1. Project Galileo is currently under development and is planned to be released later in CY2015
Next Gen
Enduser Security
Next Gen
Network Security
Sophos Cloud
heartbeat
SOPHOS LABS
Hinweis der Redaktion
Add more?
If everything is encrypted, what is important? Protecting access to the key. Only something that is trustworthy should have access to the key material, and therefore plain text data.
Click 1: Everythingâs ok scenario
Trusted Device + Trusted User + Trusted Process = Access to plain text data
Click 2: Process isnât trusted (i.e. We donât trust Internet Explorer)
Click 3: A different user signs in, or a user who is not trusted.
Click 4: Device is compromised. No access to data. Keys are shredded.