Cybersecurity made simple.

Branko PujićSales Engineering

May 16th, 2019

About Sophos - snapshot

1985FOUNDEDOXFORD, UK

770.0IN BILLINGS(FY16)

3,500EMPLOYEES(APPX.)

327,000+CUSTOMERS

100M+USERS

HQABINGDON, UK

90+%BEST IN CLASSRENEWAL RATES

45,000 +CHANNEL PARTNERS

OEM PARTNERS:

KEY DEVCENTERS

OFFICES

Sophos evolution

1985

Founded in Abingdon (Oxford), UK

Peter Lammer c1985

Jan Hruskac1985

Divested non-core Cyber business

Acquired DIALOGS

Acquired Astaro

2011 2012 2013

Acquired UtimacoSafeware AG

20081988

First checksum-

based antivirus software

1989

First signature-based antivirus software

1996

US presence established in Boston

Voted best small/medium sized company in UK

Acquired ENDFORCE

2014

Acquired Cyberoam

Acquired Mojave

Networks

AcquiredBarricade

IPO London Stock Exchange

Launched Synchronized Security

2007 2015

Acquired Surfright

2017

AcquiredInvincea

2016

AcquiredPhishThreat

AcquiredReflexion

2019

AcquiredAvid Secure

AcquiredDarkBytes

Global references

Our World today

Security?Real life Virtual life

Digital transformation

FamilyCommunicationSocialEntertainmentEducationBusinessValues

FrameworkStandards

ToolsBest practices

CommunicationSocialEntertainment Artificial IntelligenceEducationBusinessValues

Cyber security threats

andchallenges

Traditional security threats

andchallenges

CrimeTerrorismEspionageWarfare

Cloud, Mobile, IaaS

High Impact Trends

Paradox of Encryption

Rise of the Machines Ransomware and Cryptoware

IoT Expands Attack Surfaces State Sponsored Weapons Cross Borders

Emerging Defender Coordination Cybersecurity Skills Gap

Phishing and Social Engineering Persist DevOps Transformation

Cybercrime evolution

DIGITAL GRAFFITI (Melissa, CodeRed worm)

EARLY COMMERCIALIZATION (Loveletter, Pump & Dump email)

EFFICIENT ECOSYSTEMS (Mpack, Conficker)

AUTOMATION (Asprox botnet, Blackhole, Zeus)

INDUSTRIALIZATION (RIG Exploit Kit, Neutrino Exploit Kit)

INTEGRATED BUSINESS MODEL (WannaCry, Locky, CryptoLocker)

Today

54% OF ORGS HIT BY RANSOMWARE

*Source: State of Endpoint Protection Study 2018

Threats

38%21%

33%

5%

Advanced Malware

Active Adversary

Ransomware

Cryptojacking

3%

GenericMalware

4639 41505286 5186

7937

6487 6446

14647

16517

2010 2011 2012 2013 2014 2015 2016 2017 2018

Software Vulnerabilities Reported By Year

?

Unreported?

Some incidents…

Lack of Threat and Security Visibility

45%of network traffic cannot be

identified, preventing detection of malicious or

unwanted apps

Attacks GettingMore Coordinated

83%of IT managers agree that

malware threats have become harder to stop over the last

year

Manual Incident Response

3.3 HRSIs average time it takes to identify and fix a security

incident

The Cybersecurity challenges

Challenges in Covering the Security Basics

Server

Endpoint Mobile

Email

User

Firewall

Wi-Fi

Web

Lack of IntegrationProducts are unaware of each other and lack any shared intelligence unless the IT team tackles the time-consuming and costly task of implementing a SIEM.

Separate Management SystemsEach product needs to be separately managed which increases time and resources requirements as well as the likelihood of misconfiguration.

Slow and Complex Learning CurvesIT managers faced with hundreds of pages of installation, configuration, and user guides to read, and when something goes wrong, support teams that don’t work together.

Increased RiskLower SecurityHigher Cost

Investment

Risk

Trade off

How to respond?

Discover Instant Insight Automated Respond

Unified Management

Lack of Threat and Security Visibility

45%of network traffic cannot be

identified, preventing detection of malicious or

unwanted apps

Attacks GettingMore Coordinated

83%of IT managers agree that

malware threats have become harder to stop over the last

year

Manual Incident Response

3.3 HRSIs average time it takes to identify and fix a security

incident

Sophos portfolio

MQ Leader in Network and EndpointMAGIC QUADRANT for UNIFIED THREAT MANAGEMENT

MAGIC QUADRANT for ENDPOINT PROTECTION PLATFORMS

Magic Quadrant for Endpoint Protection Platforms,

Ian McShane, Avivah Litan, Eric Ouellet, Prajeet Bhajanka; 24 January, 2018

Magic Quadrant for Unified Threat Management,Rajpreet Kaur, Claudio Neiva, 20 September, 2018

Cybersecurity as a System

Cloud Intelligence

Sophos Labs

Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions

| 24x7x365, multi-continent operation |Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation | Behavioral Rules | APT Rules | App Identities | Anti-Spam | DLP | SophosID | Sandboxing | API Everywhere

Sophos Central

Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations

In Cloud On Prem

Next-Gen Endpoint

Mobile

Server

Encryption

Next-Gen Firewall

Wireless

Email

Web

Synchronized security

The Evolution of Synchronized Security

EndpointMobileEncryptionServerWeb Wireless Email SophosCentral

Firewall

DiscoverContinuous discovery of devices,

networks, apps, data, and workloads

IdentifyWho wants access to my environment

AnalyzeCorrelation and analysis of events,

behaviors to the norm

RespondAutomated creation and enforcement

17

Deep Learning

Machine Learning vs. Deep LearningD

EEP

LEA

RN

ING

Interconnected Layers of Neurons, Each Identifying More Complex Features

INPUT OUTPUT

OUTPUT

MA

CH

INE

LEA

RN

ING

Decision Tree

INPUT

Random Forest

OUTPUTINPUT

Sophos Central Platform andSecurity Management

Section Owner: Marty Ward

Sophos Central

Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations

In Cloud On Prem

Synchronized Security Platform

Cloud Intelligence

Sophos Labs

Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions

| 24x7x365, multi-continent operation |URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere

Endpoint/Next-Gen EndpointNext-Gen Firewall

Wireless Mobile

Server

Encryption

Email

Web

5

Cloud Workload Protection | Cloud-ready for AWS, Azure, and Google Cloud with AI-based Avid Insight platform

Allows partners to manage multiple customer installations

Endpoint Protection

Email Security

Web Gateway

Server Protection

Encryption

Mobile Protection

Wireless Allows users to access email, mobile, and encryption features

Sophos Central

Partner Dashboard

Admin

Self Service

Firewall Management

Endpoint Security

Predictive SecurityHarness The Power of Data Science to Protect Against Future Attacks

WITH EDR

Predictive Security

TRU

E P

OSI

TIV

E R

ATE

(TP

R)

1/100 1/1

0%

10

0%

Up

Is B

est

10-6 10-010-4 10-2

1/10,0001/1,000,000

Perfect Security

FALSE POSITIVE RATE (FPR)Left Is Best

Traditional Security

Machine Learning

Sophos

50

%

Sophos Intercept X: Intelligent EDR

DataCorrelated, Contextualized,

and Organized

InsightsHumanized, Prioritized,

and Actionable

ExploreSearch, Investigate, and

Hunt

IT Generalists

Analysts, IR, and SoC

Specialists and Products

CybersecurityExperts-in-a-Box

AI Expert Insights

• EDR Starts with the Strongest ProtectionStop Breaches before they Start

• Add Expertise, Not Headcount“Experts in a Box”

• Guided Incident ResponseRespond with the Click of the Button

Intercept X EDR

Sophos Mobile

The only UEM solution that integrates natively in a leading endpoint security platform

Manage and secure traditional and mobile endpoints in the same console

Network Security

Section Owner: Marty Ward

Next-Gen XG Firewall

✓Visual dashboard & rich on-box reporting✓ Identify risky users and suspicious payloads ✓ Identify unknown cloud & evasive apps✓Discovery of Cloud Applications

1. Exposes Hidden Risks 2. Blocks Unknown Threats✓ Full suite of protection – easy to manage✓Deep learning✓ Top performing IPS Engine✓ Synchronized App Control

Sandstorm Deep Threat Prevention

3. Automatically Responds to Incidents

✓Unique Security Heartbeat™✓ Integrates EP Health into rules✓Automatically isolate infected systems

What Firewalls See Today What XG Firewall Sees

All firewalls today depend on static application signatures to identify apps. But those don’t work for most custom, obscure, evasive, or any apps using generic HTTP or HTTPS. You can’t control what you can’t see.

XG Firewall utilizes Synchronized Security to automatically identify, classify, and control all unknown applications. Easily blocking the apps you don’t want and prioritizing the ones you do.

Synchronized App Control & Discovery of Cloud ApplicationsA breakthrough in network visibility and control

33%of customers have discovered

up to 100 new applications

67%of customers have discovered

>100 new applications

Strategic Product Priorities

FIREWALLENDPOINT CENTRAL SYNC SEC

Continuous quality improvements to drive excellent customer experience

v17 + : Enhance v17 and progress

strategy to drive step-function improvement in

performance, security

Intercept X:Continue to advance threat

detection through deep learning, introduce ML-

enhanced EDR

Sophos Central:Natively manage XG firewall, use APIs to create extensible

security platform

Evolution:The evolution of

synchronized security, with AI-driven analytics and

adaptive security

Sophos Labs – Staying Ahead of the Threat Landscape

Deep ExpertiseAcross the threat landscape, attack surface area and product location (endpoint, network, cloud)

Threat IntelligenceReal-time data feeds to power Sophos products and commercial partners

Full Portfolio of TechnologiesExtensive array of techniques, processes and systems

built over 30 years

Continuous InnovationUnceasing development of micro and macro threat protection strategies, tools, techniques

INDUSTRY VALIDATION