sophos next-generation enduser protection
Post on 24-Jul-2015
169 Views
Preview:
TRANSCRIPT
1
Giovanni GiovannelliSales Engineergiovanni.giovannelli@sophos.com
Next-GenerationEnduser Protection
2
Next-Gen Enduser ProtectionIntegration of innovative endpoint, mobile and encryption technologies to deliver better, simpler to manage security for enduser devices and data.
GalileoConnecting our next-gen network, server and enduser products to each other and to Sophos Cloud so the entire organization is better protected—simply.
What’s the difference between Next-Gen Enduser Protection and Galileo?
33
The pitch
4
Increasing attacks, increasing sophistication
Attack surface exponentially larger
Laptops/DesktopsPhones/Tablets
Virtual servers/desktops
Threats more sophisticated
Attacks are more coordinated than defenses
5
Today’s security approach is falling behind
INCOMPLETEAlways one more thing to deploy and manage
COMPLICATEDToo hard to configure, too much to monitor
INEFFECTIVENot keeping up with advanced threats
6
Result: Compromises are growing
63,497 security incidents in 2013
1,367 confirmed data breaches
Affected segmentsBanking, Credit,
Financial Hospitality Government, Military Utilities Retail and other
business
Source: Verizon Data Breach Investigations Report 2014
7
What we believe
Security must be comprehensiveThe capabilities required to fully satisfy customer needs
Security can be made simplePlatform, deployment, licensing, user experience
Security is more effective as a systemNew possibilities through technology cooperation
8
Project Galileo
Sophos Confidential
Next-GenNetwork Security
Next-GenServer
Protection
Next-GenEnduserProtection
Technology integration that enables complete, simple-to-manage security that works effectively as a system.
9
The Endpoint Has Changed
Corporate Perimeter
VPN
Corporate Perimeter
Cloud Services
10
“Prevention is ideal, but detection is a must.”
Endpoint Security Needs to Change
Prevent Malware
Data
Prevent MalwareDetect CompromisesRemediate Threats
Encrypt Data
11
Next-Generation Enduser Protection
Policy & Management
Endpoint
Mobile EncryptionTH
REAT
INTE
LLIG
ENCE
SophosCloud
SOPHOSLABS
BIG DATA
AUTOMATION
LEVERAGEDEXPERTISE
Compromise Detection
& Response
12
Innovative Endpoint Security is Key to NGEUPIt used to be that files got infected. Now systems get infected.
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
MaliciousTraffic
Detection
SOPHOS SYSTEM PROTECTOR
Web Protection
Live Protection
AppTracking
Device Control
13
Why Malicious Traffic Detection?
10011001011111011010100101011110100
Command and Control Traffic
Without MTD: No visibility into compromised systems communicating with attackers
MTD-like features on the firewall: Detection of a compromised system on the network; no remediation or info about the infection
MTD in the endpoint: Detection on or off network, detailed info about the compromised system, potential remediation
14
How Malicious Traffic Detection WorksSo
phos
Labs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
Admin alerted
App terminated
Malicious traffic detected
i Compromise
User | System | File
MTD rules
15
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
MaliciousTraffic
Detection
SOPHOS SYSTEM PROTECTOR
Web Protection
Live Protection
AppTracking
Device Control
Example: Stopping a new variant of Cryptowall
1. User runs something they shouldn’t. It adds a new application to the startup folder.
2. The application runs and injects itself into explorer.exe.3. Explorer.exe tries to fetch an encryption key from C&C.4. Threat removed, admin alerted.5. Malware and threat indicators shared with SophosLabs.
16
Soph
osLa
bs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation MTD rules Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
GalileoHeartbeat
Firewall
EMAILTHREATEVENT
RECEIVER
Web Filtering
Intrusion Prevention
System
App Control
ATP Detection
SelectiveSandbox
Threat Engine
ROUTINGCOMPROMISE
DETECTOR
Galileo: Network + Endpoint = ATP
PROXY
Data Loss Protection
THREATEVENT
COLLECTOR
Tracking
Threat Engine
Application Control
Application Reputation
EmulatorHIPS/
Runtime Protection
Malicious Traffic
Detection
DEVICE & FILEENCRYPTION
SOPHOS SYSTEM
PROTECTOR
DEVICECONTROL
THREATEVENT
COLLECTOR
Web Filtering
Live Protection
i Compromise
User | System | File
• Isolate Subnet and WAN Access• Lockdown Local Network Access• Block Suspected Source• Remove File Encryption Keys
INDICATOR OF COMPROMISE
TRACKING
17
GalileoHeartbeat
Tracking
Threat Engine
Application Control
Application Reputation
EmulatorHIPS/
Runtime Protection
Malicious Traffic
Detection
DEVICE & FILEENCRYPTION
SOPHOS SYSTEM
PROTECTOR
DEVICECONTROL
THREATEVENT
COLLECTOR
Web Filtering
Live Protection
INDICATOR OF COMPROMISE
TRACKING
Firewall
EMAILTHREATEVENT
RECEIVER
Web Filtering
Intrusion Prevention
System
App Control
ATP Detection
SelectiveSandbox
Threat Engine
ROUTINGCOMPROMISE
DETECTOR
Galileo: Endpoint Heart Attack
PROXY
Data Loss Protection
THREATEVENT
COLLECTOR
i Compromise
User | System | File
X
• Lockdown Local Network Access• Remove File Encryption Keys
Soph
osLa
bs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation MTD rules Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
18© Sophos Ltd. All rights reserved.
top related