4 steps to optimal endpoint settings
DESCRIPTION
Sophos Professional services reviews how to optimally configure your Sophos Endpoint Product. This slide deck covers: • Anti-virus policy live protection • Anti-virus policy web protection • Data control policy options to track files and removable storage • Web control multi-browser inappropriate filtering and full web controlTRANSCRIPT
![Page 1: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/1.jpg)
SOPHOSSophos EP Policy Webinar
02/12/2013
Presenter:
Tom Farrell
Sophos Professional Services
Topics:
Policies and demonstrations of Anti-Virus Live Protection. Policies and demonstrations of Anti-Virus Web Protection. Policies and demonstrations of Data Control. Policies and demonstrations of Web Control.
![Page 2: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/2.jpg)
Live protection
Sophos has two primary types of file checking technologies
OnAccess LiveProtection
![Page 3: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/3.jpg)
Live protection
OnAccess examines files as they are “accessed” As they are Written As they are Read As they are Renamed
![Page 4: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/4.jpg)
Live protection
OnAccess uses onboard virus detection database 4.5 million identities. “VDL”
![Page 5: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/5.jpg)
Live protection
Live Protection, is cloud based technology. Live Protection releases are immediate. Using Sophos SXL DNS transport lookup.
![Page 6: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/6.jpg)
Live protection
![Page 7: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/7.jpg)
Live protection
Additional events can trigger Live checks Buffer Overflows Host intrusion protection events
Suspicious files Suspicious behavior Malicious file events
![Page 8: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/8.jpg)
Live protection
Live protection demonstrations
![Page 9: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/9.jpg)
Detection events & CleanupBest practice
Not recommended
![Page 10: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/10.jpg)
Web protection
Web Protection There are two features to Web Protection.
Block access to malicious websites. Download scanning
![Page 11: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/11.jpg)
Web protection
Block access to malicious websites Uses WinSock 2 API layered service provider (LSP) LSP is a DLL that is inserted into the TCP/IP stack, once
registered it can examine network traffic. With Sophos this is browser traffic for reputation and content.
![Page 12: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/12.jpg)
Web protection
Download scanning Performs scans of temporary internet files. Can rely on On-Access configuration or can operate
independent of On-Access settings.
![Page 13: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/13.jpg)
Web protection
Web Protection transport similar to Live protection. Very fast checksum based queries. Transport using DNS/SXL. SXL response defines content type:
Malicious Adult / Sexual Crime / Violence, etc...
![Page 14: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/14.jpg)
Web protection
Web Protection demo
![Page 15: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/15.jpg)
Data Leakage Prevention
Tracks moving data. Data source can be local HD and network volumes. Rules can be content expression based and or file matching. Destinations include:
Removable storage Browsers Instant messenger Email clients
![Page 16: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/16.jpg)
Data Leakage Prevention
Managing DLP events Actions that can be applied
Allow and log Block and log Allow on user acceptance and log
All events are centrally reported and reports can be built using the Enterprise Console “EventViewer”
![Page 17: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/17.jpg)
Data Leakage Prevention
DLP use cases Good people doing dumb things. Bad people doing bad things. The enemy within.
![Page 18: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/18.jpg)
DLP demonstration
![Page 19: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/19.jpg)
Web control
• There are two types: Inappropriate Full web control
![Page 20: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/20.jpg)
Web control
Both use Winsock 2 LSP Uses WinSock 2 API layered service provider (LSP) LSP is a DLL that is inserted into the TCP/IP stack, once
registered it can examine browser based network traffic for reputation and content.
![Page 21: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/21.jpg)
Web control
Inappropriate filtering uses built in 14 categories of controls.
Control can be of Allow, Block or Warn.
![Page 22: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/22.jpg)
Inappropriate Web control
![Page 23: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/23.jpg)
Web control
Web Control client events can be accessed through the Enterprise Console event viewer.
![Page 24: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/24.jpg)
Web control
Full Web Control requires Sophos Web Appliance physical or virtual.
![Page 25: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/25.jpg)
Full Web Control
![Page 26: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/26.jpg)
Sophos Web Appliance
![Page 27: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/27.jpg)
Web control
Key benefits of full web control Greater control than just the built in 14 categories Centrally store and report on users ENTIRE internet
history, not just the violations. Web control policies extend out of the office without
any special network configurations using “live connect”
![Page 28: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/28.jpg)
Web Control Demo
![Page 29: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/29.jpg)
Getting started & getting help
Documentation and resources http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx http://www.sophos.com/en-us/support/professional-services.aspx
Contacting support http://www.sophos.com/en-us/support/contact-support.aspx [email protected] 1-888-767-4679
![Page 30: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/30.jpg)
Sophos Professional Services
• Sophos PS is the global team that…• Enables ‘best practice’ adoption of Sophos solutions
• Optimizes your security posture to your needs
• Our experience..• Over 3500 engagements every year
• Hundreds of thousands of endpoints every year
• Engagements with a few endpoints to 50k+ endpoints
• Tom Farrell• Most senior PS engineer in North America
Who are we, who am I
![Page 31: 4 Steps to Optimal Endpoint Settings](https://reader034.vdocuments.us/reader034/viewer/2022051412/54bce9244a79592c608b4597/html5/thumbnails/31.jpg)
31
US and Canada 1-866-866-2802
UK and Worldwide + 44 1235 55 9933
nakedsecurity.sophos.com
Staying ahead of the curveStaying ahead of the curve
facebook.com/securitybysophos
twitter.com/Sophos_News
Sophos on Google+
linkedin.com/company/sophos