The next generation of IT security
âąAls PPTX, PDF herunterladenâą
0 gefĂ€llt mirâą1,187 views
John Shaw, VP of Product management at Sophos, introduced us to the world of Project Galileo. What is Sophos doing to bring Network Security and Endpoint security together? How do we make these two pillars of IT security work together?
Empfohlen
Weitere Àhnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (19)
Ăhnlich wie The next generation of IT security
Ăhnlich wie The next generation of IT security (20)
Mehr von Sophos Benelux
Mehr von Sophos Benelux (20)
KĂŒrzlich hochgeladen
KĂŒrzlich hochgeladen (20)
The next generation of IT security
- 1. 1 John Shaw, VP Product Management October 8th 2015 The next generation of security
- 2. 2 Advanced Persistent Threats âŠâŠ.
- 3. 3 Advanced Persistent Threats âŠâŠ.
- 4. 4 Toolkits put the advanced techniques quickly in the hands of the bad guys âŠ
- 5. 5 So itâs not just an issue for the big companies Sophos Confidential Note: Source PWC 2015 Information security breaches survey, UK 1. Large organizations and SMBs consist of enterprises with >250 employees and 1-249 employees respectively 63% of UK small/medium businesses know they were infected by malware in the past year. 38% of UK small/medium businesses know they were attacked by an unauthorized outsider 74% of UK small/medium businesses had a security incident last year 42.8m global security incidents from 9,700 companies surveyed, up 66%
- 6. 6 âAntivirus is deadâ âConventional antivirus software is an outmoded way of protecting computers against malware.â The perception of endpoint security âThe current anti-virus method of detecting and blocking known samples is no longer effective.â âAntivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their money buying it.â
- 7. 7 Many security companies tend to push one technology â Maslowâs hammer
- 8. 8 Remediation Removes detected malware automatically; Encrypts data and controls network access to prevent damage from running malware Prevention Correlates threat indicators to block web and application exploits, dangerous URLs, potentially unwanted apps and malicious code Detection Analyzes software behavior and network traffic in real time, alerting you to hidden threats that can be missed by traditional AV technology Sophos Next Generation Endpoint Protection
- 9. 9 Typical attack vector User visits a compromised site or views a malicious ad on a site Browser is silently redirected to a server running an exploit kit Malicious code and/or doc exploits vulnerabilities in OS or application Malware is downloaded/installed onto the computer Initial exposure Redirect chain Exploit Infection Command and control via indirection Payloads â data theft, CPU, ransomware ⊠Payload
- 10. 10 How Sophos Next Gen Endpoint protects User visits a compromised site or views a malicious ad on a site Browser is silently redirected to a server running an exploit kit Malicious code and/or doc exploits vulnerabilities in OS or application Malware is downloaded/installed onto the computer Initial exposure Redirect chain Exploit Infection Web Control. Block bad URLs Reputation. Block low reputation sources Block known bad URLs Block malicious redirect code Exploit prevention (JavaScript, PDF, Office, Flash, etc.) Pre-execution emulation Heuristic analysis Live Protection (known malware) Payload Malicious Traffic Detection File Encryption Threat Analysis Center (2016)Command and control via indirection Payloads â data theft, CPU, ransomware âŠ
- 11. 11 Sophos Labs is big data analytics 150,000 Malware files added to âLive Protectionâ Cloud daily as a quick detection response 50% Of our detections are based on 19 malware identities. 3 million Spam email messages per day seen by our 80 spam feeds across 20 countries 600 million âLive Protectionâ file lookup events added to Hadoop clusters for analysis every day 1 million Suspicious URLs seen and analyzed each day from 70 sources 350,000 Previously unseen files received each day within SophosLabs, 3 every second! Confidential : The following roadmap is intended to outline Sophosâs general product direction. It is intended for information purposes only and does not and shall not form part of any contract. The roadmap is not a commitment to deliver any product, version, feature, update, upgrade, code, material or otherwise (collectively referred to âFunctionalityâ), and should not be relied upon when making purchasing decisions. The ongoing development, release and timing of any Functionality or otherwise, remains entirely at the discretion of Sophos.
- 12. 12 Evolution of security Point Products Anti-virus IPS Firewall Sandbox Layers Bundles Suites UTM EMM Synchronized Security Project Galileo Sophos Heartbeat
- 13. 13 A single connected security system that links intelligence from the network and endpoint to make faster and smarter decisions Project Galileo - A Revolution in Protection SOPHOS HEARTBEAT NEXT-GEN ENDUSER SECURITY SOPHOS CLOUD NEXT-GEN NETWORK SECURITY SOPHOSLABS Automated Response Network policies to automatically isolate or limit the access for compromised systems until they are cleaned up Accelerated Discovery Endpoint MTD and Network ATP features combine to rapidly spot infected hosts across your entire estate Positive Identification by enabling network and endpoint to communicate intelligence context
- 14. 14 3 pillars of advanced threat protection By device identification reduces time taken to manually identify infected or at risk device or host by IP address alone Compromised endpoints are isolated by the firewall automatically, while the endpoint terminates and removes malicious software. Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeatâą pulses real- time information on suspicious behaviors Sophos Heartbeat Accelerated Discovery Positive Identification Automated Response Faster, better decisions Quicker, easier investigation Reduced threat impact
- 15. 15 SOPHOS SYSTEM PROTECTOR Sophos Cloud Heartbeat in action â advanced threat detection heartbeat SOPHOS FIREWALL OPERATING SYSTEM Application Tracking Threat Engine Application Control Reputation Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Web Protection IoC Collector Live Protection Heartbeat Web Filtering Intrusion Prevention System Routing Email Security Heartbeat Selective Sandbox Application Control Data Loss Prevention ATP Detection Proxy Threat Engine Isolate subnet and WAN access Block/remove malware Identify & clean other infected systems User | System | File Compromise Firewall
- 17. 17 Encryption is a also a threat protection technology Endpoint Protection Data Protection
- 19. 1919 Mobile
- 20. 20 Tale of Two Endpoints PC Management Mobile Device Management
- 21. 21 N Protect my company data not my usersâ endpoints Your device, our data
- 22. 22 N EMM of the future is all about security â on all devices Next gen end user protection Secure MYOD ⊠User registers a device Company adds access to data, and security Stop threats Protect data Protect identity
- 23. 23 Project Galileo(1) Integrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection Sophos Delivers Next Generation Threat Protection Security must be comprehensive The capabilities required to fully satisfy customer need Security can be made simple Platform, deployment, licensing, user experience Security is more effective as a system New possibilities through technology cooperation Note: 1. Project Galileo is currently under development and is planned to be released later in CY2015 Next Gen Enduser Security Next Gen Network Security Sophos Cloud heartbeat SOPHOS LABS
Hinweis der Redaktion
- Add more?
- If everything is encrypted, what is important? Protecting access to the key. Only something that is trustworthy should have access to the key material, and therefore plain text data.
- Click 1: Everythingâs ok scenario Trusted Device + Trusted User + Trusted Process = Access to plain text data Click 2: Process isnât trusted (i.e. We donât trust Internet Explorer) Click 3: A different user signs in, or a user who is not trusted. Click 4: Device is compromised. No access to data. Keys are shredded.