2. We are focused on protecting you
Threats Data
changing, everywhere,
still regulations
increasing growing
Users
everywhere,
using
everything
3
3. We do IT security
Because you’ve got enough to worry about
Security Without Active
Everywhere Complexity Protection
Wherever Quicker to Our unique
the user is, setup, approach for
what ever maintain and better
they use solve protection you
problems can actually
deploy
4
4. Active Protection
Our unique approach for better protection with less complexity
Endpoint Web Email Data Mobile Network
6. Endpoint Protection
Application
Exchange Control
Device Control
Server Protection
Anti-malware Access control
Intrusion Virtualization
prevention
Web
Firewall Protection
Encryption Data Control
Patch assessment
7. Today’s threats
Mainly come from the web
Target data, identities and cash
Exploit vulnerabilities
Often execute silently
In families of malware
Are produced on a massive scale
8. Anti-malware
A single engine to protect from all malware
Genotyping technology
Active Protection cloud technologies:
• Live url filter: Stops urls we know are bad instantly
• Live anti-virus: Checks in seconds to see if a suspicious file might be a real
threat
Fast and low impact scanning
Small updates, frequently applied
9. Intrusion Prevention
Behavioral detection
Suspicious file detection
Suspicious behavior detection
Buffer overflow detection
Rules created by Sophos via Active Protection
So reliable it’s on by default
10. Applications wrongly applied
Users trying to install and run unauthorized apps
Some apps are risky
Unwanted apps might use bandwidth
Version control isn’t easy
11. Application Control
Applications created and updated via Active Protection
Over 40 categories including:
• Online storage
• Browsers
• P2P File sharing
• Instant messaging
• Virtualization tools
• Remote access
• USB program launchers
12. Plugging the device gap
Devices can carry malware
They take data everywhere
If they’re lost can you be sure they’re secure?
People will plug them in anywhere
13. Device Control
Control devices connected to computers
Granular control of:
• Storage devices:
• Removable storage - USB keys, removable hard disks
• Optical / disk drives - CD / DVD / HD-DVD / Blu-ray
Network devices:
• Wi-Fi / Modems
• Bluetooth
• Infra-red
15. Virtualization
We protect virtual environments. At no extra cost
Our lighter-weight agent is better than other traditional Endpoint security
solutions
Stagger scanning for virtual machines
No compromise on protection
Citrix Reciever plugin
Developing Vmware vShield scanner
16. The web: where malware is at
A threat network
• The number one source of infection
• Legitimate sites are regularly infected
• Productivity filtering isn’t enough
• Many applications accessing the web
How people do web protection today
• Large scale deployments that focus on the gateway
• Backhauling traffic to appliances
• None or limited protection for users not connecting to the gateway
17. Web protection
Basic Endpoint
• Active Protection from malware and bad sites
• Works in any browser
Web Filtering in Endpoint
• Low-cost add-on integrated into the Endpoint/SEC
• Reduce surface area of attack from risky parts of the web (porn,
hate, p2p, etc.)
• Essential compliance and liability coverage for inappropriate sites
Web Protection Suite
• Complete protection everywhere users go with LiveConnect
• Full coverage of threats, compliance, productivity, liability, and
visibility
• Reduce investment & complexity in backhauling/VPN/Gateway HW
18. Inside LiveConnect
with Web Protection Suite
Enables full visibility and control
Policy and reporting synchronization
Immediate and automatic
Secure end-to-end encryption
19. Knowledge is power
How much is your data worth?
Compliance and it’s consequences
Balancing protection and productivity
Educating your people
20. Encryption
Industrial strength full disk encryption
Deployed and managed from your endpoint console
Fast initial encryption
Full password recovery options
21. Data Control
Fully integrated endpoint DLP solution
Designed to prevent accidental data loss
Monitor and enforce on all common data exit points
Train staff through use of desktop prompts
Data types provided from Sophos via Active Protection
Integrated with email protection
22. The problem with patching
No visibility of exposure level
• Have users installed vulnerable applications?
• Have users disabled automatic updates?
• Is Microsoft WSUS/SCCM working correctly?
• Don’t know which patches to worry about!
Compliance audits become a real headache
Machines get compromised
• Gartner: 90% of situations where machines got compromised, a patch or
configuration change existed that could have prevented it!
23. Patch Assessment
1. We assess all the key exploited applications
• Checking for patches from 11 vendors
2. We accurately assess each endpoint
• Local scans on every managed endpoint
• Complex fingerprinting ensures patches accurately detected
• Centralized reporting of relevant missing patches
• Simple: no end-user interaction or messaging
3. We prioritize patches to make life easier
• Sophos rates patch criticality via Active Protection
• Sophos shows any malware associated with patches
• Creates a focus on the patches that really matter!
24. Spam, spam, spam and malware
Spam emails contain weblinks to malware
They might also carry viruses in them
Over 90% of the worlds email is spam
Nasty emails might be stored on your local
exchange servers too
25. Exchange Server protection
• Stop viruses and other threats in inbound, outbound and items inside
Microsoft Exchange
• Unique real-time Behavioral Genotype malware engine
• Live anti-spam via Active Protection stops 99%
• Gives instant visibility of status, email throughput, quarantine databases and
all policy rules from a single console
• Generate graphical management reports showing trends in email
throughput, protection level and issues needing action
26. Where’s the fire?
Open ports on PCs and Laptops are open doors to hackers
A computer without a firewall and connected to the internet is a target
Worms often target particular ports and protocols
Laptops can connect anywhere, you need different rules when they’re outside
your network
27. Client firewall
Location aware policies
Identifies apps by checksum
Rollout invisible to users
Interactive management alerts to create rules
Stealth mode prevents unauthorized network access by hackers
28. Who’s on my LAN?
Do your computers have all the right software installed?
You don’t know when guests are connecting computers and if they’re secure
If guests don’t use the same software you do then you don’t know if they’re OK
to connect
29. Access Control
Prevent security issues by assessing managed and unmanaged computers.
Detect and fix managed endpoint vulnerabilities
Ensure that any guest computers match your security requirements before
they access your network
Updated database of over 600 security applications
Prevent unauthorized computers from accessing the network
30. Complexity
Users may complain about PC performance
Does implementing a new feature mean a whole new rollout?
Can you see every platform you’ve deployed to?
How easy is it to perform common tasks or cleanup threats?
31. Deploy and manage
A single deployment wizard for all features
Single agent for:
• Anti malware
• HIPS
• Device Control
• Data Control
• Web protection
Widest platform support
Console built for usability
Stopping threats and protecting your data is what we do. And we believe our job is to do that comprehensively, without making your job more complicated. This is our mantra: Complete Security, Without Complexity, Active protection.What we do, How we do it, How we do it better.Complete security isabout taking care of yourprotection at every stagewithout it having to be complicated..
We don’t want using all this great technology to be difficult. That’s why we’re doing the hard work. A good example is our HIPs solution which gives you everything we know about how malicious files are constructed and behave and identifies them for you. You don’t have to construct a complex policy, you just tick a box to get it working. And our active protection is truly unified. Identifying and protecting against every type of threat and delivered to the engine that powers all of our products, whether at the endpoint, gateway or across the network.
That’s why we give you solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile. We protect them all. So your users and data are protected wherever they are and whatever they use.
We see websites that are either hosting malware or have been exploited by malware authors actually every 4.3 seconds. As websites become yet more complex and interactive and the potential for exploiting that complexity grows so the focus is shifting from email. We are also seeing still more organisation amongst cyber criminals as software exploits that can be targeted are sold and automated tools are available to trawl the web for those sites vulnerable to infection.
Live url filter: You can connect your computers to our constantly updated list of millions of infected websites, so your users can’t get to them — even when they're outside your gateway protection. And we keep it updated, adding around 40,000 new sites every day.Live antivirus: When one of your computers identifies a potentially suspicious file, we’ll instantly check it with our database. In seconds, we’ll tell the computer if that file relates to a real threat and block it. Sophos Live Anti-Virus is included in all of our Endpoint products and suites.
Behavioral detection: Tuned to detect variants, families (like the Storm worm) and large categories of malware (like encrypted malware), Genotype Protection guards against unknown malware by analyzing behavior before code executes. It uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, all without allowing the code to run. Our threat detection engine detects zero-day threats without the need for signature updates or separate HIPS software.Suspicious file detection: Where Behavioral Genotype Protection is tuned to detect only malicious files, suspicious file detection will identify files that are highly likely to be malicious, again doing this by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place. Suspicious behavior detection: This layer of detection watches all system processes for signs of active malware, such as suspicous writes to the registry, or file copy actions. It can be set to warn the administrator and/or block the process. Unlike other behavior-based detection systems, there is no need for the administrator to train or fine tune analysis, as SophosLabs experts do the fine tuning.Buffer overflow detection: A buffer overflow attack is reported when an attempt is made to exploit a running process using buffer overflow techniques. This detection system will catch attacks targeting security vulnerabilities in both operating system software and applications.
We help you control the applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. With Sophos, you can monitor and control what your employees are installing without interfering with their work.
You need to control applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. Monitor and control what your employees are installing without interfering with their work. Traditional approachOften requires additional component or agent to be deployedIT admins have to build rules or create identities for applications - updating these when new versions are released and keeping on top of the latest application trendsThe process of creating detection and configuring policy is often time consuming, and difficult to stay on top. This impacts the effectiveness of the feature. How we do it better with Active ProtectionWe don’t just give you a tool to manage applications that asks you to keep it up to date. Instead: Our labs experts create application detection for you and actively maintain the list of applications. If a new version of Skype or peer to peer file sharing software appears you are automatically protected.We’ve built application control into our antivirus engine, so you don’t have to deploy or manage a separate product. You simply set policies for the whole company or specific groups to block or allow particular applications.
Granular controlAdmins can set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. They can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure.Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.Preventing bridgingComputers can be connected to two networks at once acting as a bridge between the two – the corporate network by a cable and to another network wirelessly.To stop data from travelling between the two networks, putting data security at risk, the wireless interface can automatically be turned off if a computer is connected to the corporate network via a network cable and then re-enabled when the cable is removed.
Sophos Endpoint Security protects your data in a virtual environment—simpler and more secureWhen you virtualize, you save money. You reduce the hardware you have to buy and manage, you save on power to run the hardware and you save time trying to keep all your computers in line with corporate standards.But in today's changing threat environment, businesses moving toward virtualization of servers and desktops can't afford to leave security by the wayside. As new security threats emerge, your business needs to stay on the cutting edge of technology.You also need to balance your security with performance to keep your business running smoothly.Protection or performance—you shouldn't have to chooseSome security products treat virtualization security differently, making you choose between performance and protection.New protection models designed to scan multiple virtual machines from a single point have promise. But this technology is still in its infancy. As security experts, we've studied the pros and cons of central scanning and we're taking a measured approach to developing this technology.Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
30% of customers have no web filtering (Gartner)The voice of the customer:Hitachi has an issue with roaming laptops each week being bring brought into IT because they have been infected with malware through the web; the cost to the organization is significant because during the time required to remove malware, the "road warriors" are without machines and unproductive.-Current technology sucks. Lots of promises, largely ineffective. I’m still getting infected.-Same goes for protecting users everywhere – it’s a pain in the ass, costing me a lot in time, effort and hard $. It’s also complex. -I’m under pressure from compliance comittees, regulations, duty of care, etc. to control productivity and data leakage through these diverse apps which blend productive use with time wasting and inappropriate content- I want something better
What it does: Connects endpoints to the central web appliance.It provides immediate policy updates:Apply policy in appliance as usual – same console for onsite and offsite endpoints. Policy changes are immediately sync’d to Endpoints everywhereAnd Instant activity reporting: Endpoint sends activity updates continuouslyOnly available with the full solutionSecure end to end encryption – we don’t see the traffic… only facilitate the connection.
What are your most important and sensitive company data assets? How do you protect them?What type of data security compliance regulations does your business have to comply with? Has your organization suffered a data breach or do you know of organizations that have suffered data breaches and become non-compliant as a result? How do you protect against such data breaches?How do you meet your compliance audit requirements currently? How do you ensure that the audits are comprehensive (i.e., covering mixed user/device environments)? How long does it take you to provide reports to management and auditors?Where do you feel your current vulnerabilities are? What plans and processes have you put in place to address these?What is your strategy for dealing with the growing problem of sensitive or confidential information being lost? Does your existing endpoint solution have both data control and data encryption capabilities? What challenges are you facing with implementing a solution that prevents data loss?What percentage of your users have laptops that they take out of the office? What would happen to your business if you had a major data loss incident?How do you protect against internal threats to the security of your data?
Data exit points are:Removable storage / optical mediaRead only mode for storageInternet applications (web browser, email client, IM client)
The main trouble with the typical approaches is that the IT admin is blind to the patched state of their endpoints and how vulnerable they really are....and the result is that endpoints get compromised. Remember, according to Gartner, 90% of those could be prevented!
Sophos helps, firstly by assessing patches for all the commonly exploited software applications, not just MicrosoftBack to the earlier point, Microsoft is now only up to a third of the problem, so supporting these other vendors is key to effectively reducing the threat surfaceSecondly, we accurately detect installed O/S and applications locally on each managed endpoint and only reports missing patches relevant to an endpoint.Our detections use complex fingerprinting methods to ensure we report any patches that are not fully installed – unlike some ..and, thirdly, we make life easy by presenting the Missing Patches prioritised using SophosLabs intelligence. Which enables customers to only worry about the relatively small subset (5-10%) of patches that stop actively exploited vulnerabilitiesThe SophosLabs rating process takes into consideration a number of factor, including the difficulty of the exploit and the existence and prevalence of the threats attacking it.
Sophos PureMessage for Microsoft Exchangeblocks spam, viruses, spyware and phishing. Scanning all inbound, outbound and internal email and Exchange message stores, it proactively protects against email-borne threats, and prevents confidential data being lost.
Sophos research shows that connecting an unprotected,unpatched computer running Windows XP (without SP2) tothe internet leads to a 40% risk of infection from an internetworm within about 10 minutes, rising to a 94% chance after60 minutes (see figure 11). There may not even be enoughtime to download and install security patches or firewalls, socomputers must be protected before going online.
Reduce impact with our quick scans that detect malware, adware, suspicious files and behavior, and unauthorized software—faster than any other major vendor, and now up to 15% faster than our last major upgradeGet the most effective threat protection with our built-in host intrusion prevention systems (HIPS), web-based script attack detection and Live Anti-Virus real-time lookups to SophosLabs’ reputation database Block access to websites hosting malicious code and inappropriate content Control the installation and use of removable storage devices and unauthorized applications like P2P and IM Automatically assess managed and guest computers for out-of-date security and patch status before they join your network Protect against accidental loss of sensitive information with a unique and simple approach to data control, that integrates scanning into the antivirus agent Watch single endpoint agentOne console simplifies it allGet instant visibility of security status for all Windows computers from the same console used to manage Mac, Linux, UNIX and virtualized computers Keep track of activity with computer and user based reports that can be scheduled to run and automatically emailed to specific recipients Reduce time required to deploy, manage and update security across all Windows computers and operating systems Automate protection with Active Directory synchronization; remove old security products automatically during deployment Get the latest protection with small, frequent protection updates from SophosLabs that are automatically distributed across your network—now up to 41% faster than our last major upgrade Protect all your Windows and operating systems from Windows 2000 to Windows 7
To find out more about us visit www.sophos.com, thanks for listening.