cybersecurity made simple. · 2011 2012 2013 acquired utimaco safeware ag 1988 2008 first...
TRANSCRIPT
Cybersecurity made simple.
Branko PujićSales Engineering
May 16th, 2019
About Sophos - snapshot
1985FOUNDEDOXFORD, UK
770.0IN BILLINGS(FY16)
3,500EMPLOYEES(APPX.)
327,000+CUSTOMERS
100M+USERS
HQABINGDON, UK
90+%BEST IN CLASSRENEWAL RATES
45,000 +CHANNEL PARTNERS
OEM PARTNERS:
KEY DEVCENTERS
OFFICES
Sophos evolution
1985
Founded in Abingdon (Oxford), UK
Peter Lammer c1985
Jan Hruskac1985
Divested non-core Cyber business
Acquired DIALOGS
Acquired Astaro
2011 2012 2013
Acquired UtimacoSafeware AG
20081988
First checksum-
based antivirus software
1989
First signature-based antivirus software
1996
US presence established in Boston
Voted best small/medium sized company in UK
Acquired ENDFORCE
2014
Acquired Cyberoam
Acquired Mojave
Networks
AcquiredBarricade
IPO London Stock Exchange
Launched Synchronized Security
2007 2015
Acquired Surfright
2017
AcquiredInvincea
2016
AcquiredPhishThreat
AcquiredReflexion
2019
AcquiredAvid Secure
AcquiredDarkBytes
Global references
Our World today
Security?Real life Virtual life
Digital transformation
FamilyCommunicationSocialEntertainmentEducationBusinessValues
FrameworkStandards
ToolsBest practices
CommunicationSocialEntertainment Artificial IntelligenceEducationBusinessValues
Cyber security threats
andchallenges
Traditional security threats
andchallenges
CrimeTerrorismEspionageWarfare
Cloud, Mobile, IaaS
High Impact Trends
Paradox of Encryption
Rise of the Machines Ransomware and Cryptoware
IoT Expands Attack Surfaces State Sponsored Weapons Cross Borders
Emerging Defender Coordination Cybersecurity Skills Gap
Phishing and Social Engineering Persist DevOps Transformation
Cybercrime evolution
DIGITAL GRAFFITI (Melissa, CodeRed worm)
EARLY COMMERCIALIZATION (Loveletter, Pump & Dump email)
EFFICIENT ECOSYSTEMS (Mpack, Conficker)
AUTOMATION (Asprox botnet, Blackhole, Zeus)
INDUSTRIALIZATION (RIG Exploit Kit, Neutrino Exploit Kit)
INTEGRATED BUSINESS MODEL (WannaCry, Locky, CryptoLocker)
Today
54% OF ORGS HIT BY RANSOMWARE
*Source: State of Endpoint Protection Study 2018
Threats
38%21%
33%
5%
Advanced Malware
Active Adversary
Ransomware
Cryptojacking
3%
GenericMalware
4639 41505286 5186
7937
6487 6446
14647
16517
2010 2011 2012 2013 2014 2015 2016 2017 2018
Software Vulnerabilities Reported By Year
?
Unreported?
Some incidents…
Lack of Threat and Security Visibility
45%of network traffic cannot be
identified, preventing detection of malicious or
unwanted apps
Attacks GettingMore Coordinated
83%of IT managers agree that
malware threats have become harder to stop over the last
year
Manual Incident Response
3.3 HRSIs average time it takes to identify and fix a security
incident
The Cybersecurity challenges
Challenges in Covering the Security Basics
Server
Endpoint Mobile
User
Firewall
Wi-Fi
Web
Lack of IntegrationProducts are unaware of each other and lack any shared intelligence unless the IT team tackles the time-consuming and costly task of implementing a SIEM.
Separate Management SystemsEach product needs to be separately managed which increases time and resources requirements as well as the likelihood of misconfiguration.
Slow and Complex Learning CurvesIT managers faced with hundreds of pages of installation, configuration, and user guides to read, and when something goes wrong, support teams that don’t work together.
Increased RiskLower SecurityHigher Cost
Investment
Risk
Trade off
How to respond?
Discover Instant Insight Automated Respond
Unified Management
Lack of Threat and Security Visibility
45%of network traffic cannot be
identified, preventing detection of malicious or
unwanted apps
Attacks GettingMore Coordinated
83%of IT managers agree that
malware threats have become harder to stop over the last
year
Manual Incident Response
3.3 HRSIs average time it takes to identify and fix a security
incident
Sophos portfolio
MQ Leader in Network and EndpointMAGIC QUADRANT for UNIFIED THREAT MANAGEMENT
MAGIC QUADRANT for ENDPOINT PROTECTION PLATFORMS
Magic Quadrant for Endpoint Protection Platforms,
Ian McShane, Avivah Litan, Eric Ouellet, Prajeet Bhajanka; 24 January, 2018
Magic Quadrant for Unified Threat Management,Rajpreet Kaur, Claudio Neiva, 20 September, 2018
Cybersecurity as a System
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation | Behavioral Rules | APT Rules | App Identities | Anti-Spam | DLP | SophosID | Sandboxing | API Everywhere
Sophos Central
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Next-Gen Endpoint
Mobile
Server
Encryption
Next-Gen Firewall
Wireless
Web
Synchronized security
The Evolution of Synchronized Security
EndpointMobileEncryptionServerWeb Wireless Email SophosCentral
Firewall
DiscoverContinuous discovery of devices,
networks, apps, data, and workloads
IdentifyWho wants access to my environment
AnalyzeCorrelation and analysis of events,
behaviors to the norm
RespondAutomated creation and enforcement
17
Deep Learning
Machine Learning vs. Deep LearningD
EEP
LEA
RN
ING
Interconnected Layers of Neurons, Each Identifying More Complex Features
INPUT OUTPUT
OUTPUT
MA
CH
INE
LEA
RN
ING
Decision Tree
INPUT
Random Forest
OUTPUTINPUT
Sophos Central Platform andSecurity Management
Section Owner: Marty Ward
Sophos Central
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Synchronized Security Platform
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Endpoint/Next-Gen EndpointNext-Gen Firewall
Wireless Mobile
Server
Encryption
Web
5
Cloud Workload Protection | Cloud-ready for AWS, Azure, and Google Cloud with AI-based Avid Insight platform
Allows partners to manage multiple customer installations
Endpoint Protection
Email Security
Web Gateway
Server Protection
Encryption
Mobile Protection
Wireless Allows users to access email, mobile, and encryption features
Sophos Central
Partner Dashboard
Admin
Self Service
Firewall Management
Endpoint Security
Predictive SecurityHarness The Power of Data Science to Protect Against Future Attacks
WITH EDR
Predictive Security
TRU
E P
OSI
TIV
E R
ATE
(TP
R)
1/100 1/1
0%
10
0%
Up
Is B
est
10-6 10-010-4 10-2
1/10,0001/1,000,000
Perfect Security
FALSE POSITIVE RATE (FPR)Left Is Best
Traditional Security
Machine Learning
Sophos
50
%
Sophos Intercept X: Intelligent EDR
DataCorrelated, Contextualized,
and Organized
InsightsHumanized, Prioritized,
and Actionable
ExploreSearch, Investigate, and
Hunt
IT Generalists
Analysts, IR, and SoC
Specialists and Products
CybersecurityExperts-in-a-Box
AI Expert Insights
• EDR Starts with the Strongest ProtectionStop Breaches before they Start
• Add Expertise, Not Headcount“Experts in a Box”
• Guided Incident ResponseRespond with the Click of the Button
Intercept X EDR
Sophos Mobile
The only UEM solution that integrates natively in a leading endpoint security platform
Manage and secure traditional and mobile endpoints in the same console
Network Security
Section Owner: Marty Ward
Next-Gen XG Firewall
✓Visual dashboard & rich on-box reporting✓ Identify risky users and suspicious payloads ✓ Identify unknown cloud & evasive apps✓Discovery of Cloud Applications
1. Exposes Hidden Risks 2. Blocks Unknown Threats✓ Full suite of protection – easy to manage✓Deep learning✓ Top performing IPS Engine✓ Synchronized App Control
Sandstorm Deep Threat Prevention
3. Automatically Responds to Incidents
✓Unique Security Heartbeat™✓ Integrates EP Health into rules✓Automatically isolate infected systems
What Firewalls See Today What XG Firewall Sees
All firewalls today depend on static application signatures to identify apps. But those don’t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS. You can’t control what you can’t see.
XG Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications. Easily blocking the apps you don’t want and prioritizing the ones you do.
Synchronized App Control & Discovery of Cloud ApplicationsA breakthrough in network visibility and control
33%of customers have discovered
up to 100 new applications
67%of customers have discovered
>100 new applications
Strategic Product Priorities
FIREWALLENDPOINT CENTRAL SYNC SEC
Continuous quality improvements to drive excellent customer experience
v17 + : Enhance v17 and progress
strategy to drive step-function improvement in
performance, security
Intercept X:Continue to advance threat
detection through deep learning, introduce ML-
enhanced EDR
Sophos Central:Natively manage XG firewall, use APIs to create extensible
security platform
Evolution:The evolution of
synchronized security, with AI-driven analytics and
adaptive security
Sophos Labs – Staying Ahead of the Threat Landscape
Deep ExpertiseAcross the threat landscape, attack surface area and product location (endpoint, network, cloud)
Threat IntelligenceReal-time data feeds to power Sophos products and commercial partners
Full Portfolio of TechnologiesExtensive array of techniques, processes and systems
built over 30 years
Continuous InnovationUnceasing development of micro and macro threat protection strategies, tools, techniques
INDUSTRY VALIDATION