Synchronized Security

(1)

Justinas Valentukevicius

Channel Account Executive, Baltics

Synchronized Security

(2)

(3)

Sophos Snapshot

• Founded 1985 in Oxford, UK

• Appx. $400 million in FY13 billings

• Appx. 2,200 employees

• Over 220,000 customers

• Over 100 million users

• HQ in Oxford, UK and Boston, MA

• Best in class renewal rates (90+%)

• 20,000+ channel partners

• OEM Partners: Cisco, IBM, Juniper,

Citrix, Lenovo, Rackspace

• Key development centers: Abingdon,

UK; Vancouver, BC; Karlsruhe,

Germany; Linz, Austria; Budapest,

Hungary; Ahmedabad, India

(4)

Sophos Historical Timeline

1985

Founded in Abingdon

(Oxford), UK

Peter Lammer c.1985 Jan Hruska c.1985

Acquired

ActiveState

2003

Awarded 3 Queen’s Awards for Enterprise, Innovation and

Acquired

Cyberoam

Acquired

Majority

interest sold

to Apax

Acquired

Astaro

2011

2012

2014

2010

Acquired

Utimaco

Safeware AG

2008

1988

First checksum-based

1989

First

signature-1991

Supplied security software to UK forces in 1st Gulf War

1996

US HQ Voted best small/medium sized company in UK

(5)

Sophos Major Global Sites

San Francisco

Bay Area

Vancouver

Canada

Boston

MA

Oxford

UK

Budapest

Hungary

Singapore

Sydney

Australia

Manila

Philippines

Tokyo

Japan

Linz

Austria

Karlsruhe

Germany

Wiesbaden

Germany

Dortmund

Germany

10 50 50 60 155 30 165 100 425 65 40 30 240

150 Others

The World

2,200

Total

Sophos Employees

Paris

France 50

Aachen

Germany 95

Munich

Germany 40

Ahmedabad

India 550

(6)

Sophos Partners (OEM and Alliances)

Companies that OEM Sophos Security Technology

(7)

Threat Volume

0 10 000 000 20 000 000 30 000 000 40 000 000 50 000 000 60 000 000 70 000 000 80 000 000 19 84 19 85 19 86 19 87 19 88 19 89 19 90 19 91 19 92 19 93 1 9 9 4 19 95 19 96 19 97 19 98 19 99 20 00 2 0 0 1 20 02 20 03 20 04 20 05 20 06 20 07 20 08 20 09 20 10 20 11 20 12 Total Malware

250,000

previously unseen files

received each day

within SophosLabs

(8)

Increasing Attacker Sophistication

Zero-day Vulnerabilities

Adobe Reader 5-30

Source: Forbes

Price of Zero-day attacks in various applications or operating systems ($ ‘000) Mac OSX 20-50 Android 30-60 Flash / Java 40-100 MSFT Word 50-100 Windows 60-120 Firefox / Safari 60-150 Chrome / IE 80-200 IOS 100-250

Increasing Volume of Zero-day Vulnerabilities

8

14

23 24

2011 2012 2013 2014

Zero-day vulnerabilities discovered per year

Source: Symantec

(9)

Sony Pictures • Hackers gained access to *all* company data, from unreleased movies to sensitive emails.

…Impact Mid-Market Equally High Profile Enterprise Breaches…

Target • 110 million records stolen.

Adobe • 150,000,000 passwords stolen.

Home Depot • 56 million credit cards and 53 million email addresses stolen.

UPS Store • Malware on PoS systems in 24 US states left

customers at risk of identity theft and credit card fraud.

LaCie • Online store infiltrated, exposing customer credit card numbers and contact information.

Swansea Police Dept. • CryptoLocker police to pay cybercriminals to decrypt department files.

Racing Post • SQL injection attack led to leaking 677,335 user accounts for this sports betting website.

Signature Systems • Criminals installed malware and then stole the card data of the restaurants’ customers.

Park N Fly • Website compromise exposed customer card number, name , billing address, card expiration, CVV code.

At least 51% of data

breaches affect

organizations with

fewer than 10,000

employees

Unknown More than 100,000 10,001-100,000 1-100 101-1,000 22%

31%

7% 20%

11%

9%

Data Breaches by Company Size (# employees)

Source: Verizon data breach investigations report, 2013

(10)

… but Don’t Have Adequate Resources to Respond



Growing number and sophistication of security

threats



Increasing cost and exposure of "getting it

wrong"



Traditional, complex point solutions increase

cost and erode usability and manageability



Fragmented and constantly changing vendor

landscape is difficult to navigate and understand



Limited in-house IT security personnel and

expertise



Pressure on resources, budgets and time



Enterprise security issues without enterprise

class budgets

Large Enterprises Mid-Market Enterprises

500 - 999 Employees 100 - 499 Employees 1,000 - 4,999 Employees 20,000+ Employees 5,000 - 19,999 Employees

Average Number of People Dedicated to

IT Security

(11)

IT SECURITY MARKET

Mid-Market Focus with Value Proposition that

Resonates with Enterprises of All Sizes

SOPHOS CUSTOMER EXAMPLES

20%

57%

23%

Mid-Market 100 – 5,000 Employees SMB < 100 Employees Large > 5,000 Employees $4.9Bn 18% OF TOTAL $18.5Bn 69% OF TOTAL $3.5Bn 13% OF TOTAL % OF SOPHOS BILLINGS c. 22K ENTERPRISES c. 1M ENTERPRISES c. 64M ENTERPRISES

(12)

A Proven Market Leader

UTM Unified Threat Management SWG Secure Web Gateway SEG Secure Email Gateway ENF Enterprise Network Firewall EPP Endpoint Protection MDP Mobile Data Protection Client Sec/ Endpoint Wave “Leader” Endpoint Encryption “Champion” Endpoint Anti-Malware “Champion” Next Generation Firewall “Champion EMM Enterprise Mobility Management Endpoint Encryption “Leader”

(13)

Only Vendor Ranked as a Leader in Endpoint, UTM

and Encryption

PRESENT in 1 of these

Gartner Magic Quadrants

LEADER in 1 of these

Gartner Magic Quadrants

LEADER in 2 of these

Gartner Magic Quadrants

LEADER in all 3 of these

Gartner Magic Quadrants

Notes:

1. Figures refer to fiscal year 2015. Fiscal year-end March 31

2. In February 2015, FrontRange and Lumension announced they would merge and form HEAT Software, backed by Clearlake Capital Group

Endpoint, UTM and Encryption Represent [73]% of Sophos Billings

(1)

(14)

Unique Balance Between Endpoint and Network

45,1% 6,3% 89,2% 100,0% 100,0% 100,0% 100,0% 54,9% 100,0% 93,7% 100,0% 100,0% 100,0% 10,8% 100,0% ENDPOINT NETWORK

(15)

Complete Security…

Made Simple.

Network Servers End Users and Devices

Simple Deployment Simple Protection Simple Management

• On premise • Virtual • Cloud

• User self provision

• Active Protection – real-time protection powered by SophosLabs • Live lookups via the Cloud

• SophosLabsexperts tune the protection so you don’t have to Next Gen Firewall Anti-malware and IPS URL Filtering Network Access Control

Wireless VPN Anti-Spam Email Encryption

Anti-Malware Mobile Encryption

Patch Assessment Application Control Device Control Encryption for Cloud Endpoint Web Protection Anti-Malware Webserver Protection Virtualization Intuitive consoles: On Premise or From the Cloud Backed by expert support

Complete Security, Made Simple

App Control V-Shield

(16)

Sophos Labs

Using Big Data to Protect Information

HEADQUARTERS AT HOME ON THE MOVE

SAMPLES

TELEMETRY

HONEY POTS

HUMAN

DECISION

MAKING

AUTOMATED LEARNING

& AUTOMATION

BIG DATA

ANALYTICS

Dynamic & Static

S

OPHOS

L

ABS

(17)

SophosLabs–Protection Via the Cloud

Better, Real-time Protection Made Simple

SophosLabs

Active Protection Malware Data Website URL Database HIPS Rules Reputation Data Malicious URLs Spam Campaigns Sensitive Data Types Application Categories Device Data Mobile Application Reputation Anonymizing Proxies Application Patches

Network Servers Devices

Web Email Next_{Gen FW}

Web App FW Wifi Smartphone/ Tablet Workstation/ Laptop Data Correlated Intelligence Reputation Data Content Classification File Web Email

(18)

Discover Sophos

(19)

(20)

Project

Copernicus

+

(21)

Next Gen Network Security

 Leading Application

Control Capabilities

 “Layer 8” User Identity

Based Policies

 Leading Threat

Protection Capabilities

 Sophos RED for

Distributed Networks

 Secure Wi-Fi & Access

Points

 Web, Endpoint

and Mobile Protection

 iView Logging

& Reporting

 High Performance

Packet Filtering

Architecture Platform Modular Open Source

Common architectures

enable rapid integration

(22)

Setting a new benchmark for firewalls

Secured by Galileo

Network, Enduser and Cloud combine to deliver advanced protection

Simple to Use

From evaluation, licensing, deployment to day-to-day management

Project

Copernicus

Comprehensive Management

Every feature, on-premise and cloud,

dashboards and reports

(23)

Extensive UX Research and Design

More friendly, inviting, and useful

Fresh New

User Experience

•

A fresh ground-up design approach to user

interface, navigation, and data presentation that’s engaging and useful

(24)

Built-in Discovery

Learn-as-you-go with context-aware documentation and visual reminders

Contextual

Documentation

•

Provides documentation and visual cues directly in the navigation structure to remind users what that area of the product does

(25)

Built-in Policy Templates

For common business applications like Exchange/Mail, SharePoint, Lync, etc.

Business Application

Policy Templates

•

Provide access to business application servers or services quickly and easily

•

Common templates

include Exchange, SharePoint, Lync, and others TBD

(26)

Built for Real People

Plain language policy descriptions

Policy in Plain Language

•

System automatically generates plain-English description of the policy in real-time as options are selected.

(27)

(28)

Easy evaluation using Discover Mode and Bridge Mode

Two options to produce a comprehensive Security Audit Report

Protected Network Existing Firewall Discover Mode

Existing Switch Mirror Port

Discover Mode – TAP /Mirror

•No disruptive changes to the network

•Mirrors traffic through UTM/NGFW

•Monitor only, no enforcement

•Visibility (no enforcement) into:

•User Behavior

•User-App Risks & Usage

•Web Risks & Usage

•Intrusion Attacks & ATP

•Client Insights (Heartbeat), Virus, VPN coming post v1

Evaluation using Bridge Mode

• Offers extended reporting insight including Heartbeat

• Allows optional policy Bridge Mode

Security Audit Report

(29)

User Threat Quotient

Identifying potential security issues before they become problems

Risk Meter displays average threat

score for the selected user, and

compared to other users.

User Risk Analysis

•

Behavior-based analysis of

•

Web behavior

•

ATP triggers

•

Ranks users

•

Identifies top risks

•

Enables quick and easy

•

policy changes

•

Broad-based or

individual education

•

Targeted

intervention

User Risk Quotient Graph

(Low, Medium, High-risk)

(30)

Security Heartbeat

Network and Endpoint share heartbeat and context to work better together

Endpoints SG Firewall Server Internet Compliant Partially Compliant Non-Compliant Non-Compliant Non-compliant Endpoints blocked from network and identified

Partially-compliant Endpoints blocked from servers and identified

1. ATP detects and blocks suspect C&C connection 2. Context requested from Endpoint

Heartbeat & Context

•

Devices on the network share heartbeat and context

•

Firewall enforces access policy based on level of compliance

•

Firewall requests context from Endpoints in the event of suspicious network traffic

•

Two products work better

together to provide enhanced protection and improve response times to incidents

Access Control

Advanced Threat Protection

Suspect

(31)

Discover Sophos

Project Galileo

(32)

(33)

• Simple

• Systematic

• Working in concert

• Relationship to nearby

objects

• Based on multiple points of

information

• Advances in technology

• Complex

• Myopic

• Independent of nearby

objects

• Assumptions based on

limited knowledge

• Best available technology at

the time

Sun-centric view of planetary revolution

Earth-centric view of planetary revolution

(34)

Increasing attacks, increasing sophistication

Attack surface

exponentially larger

Laptops/Desktops

Phones/Tablets

Virtual servers/desktops

Threats more

sophisticated

Attacks are more

coordinated than defenses

(35)

• Simple

• Systematic

• Working in concert

• Relationship to nearby

objects

• Based on multiple points of

information

• Advances in technology

• Complex

• Myopic

• Independent of nearby

objects

• Assumptions based on

limited knowledge

• Best available technology at

the time

System-centric view of security

Threat-centric view of security

(36)

Project Galileo

Next Gen Enduser Security Next Gen Network Security Sophos Cloud

heartbeat

SOPHOS LABS

Security must be comprehensive

The capabilities required to fully satisfy customer need

Security can be made simple

Platform, deployment, licensing, user experience

Security is more effective as a system

New possibilities through technology cooperation

Project Galileo

Integrated, context-aware security where Enduser and Network technology share meaningful

(37)

Galileo delivers comprehensive security

Prevent Malware

Detect Compromises

Remediate Threats

Investigate Issues

Encrypt Data

MAC ANDROID WINDOWS iOS CORPORATE DATA WINDOWS PHONE LINUX

(38)

(39)

SOPHOS SYSTEM

PROTECTOR

Sophos Cloud

Next Generation Threat Detection

heartbeat

SOPHOS FIREWALL

OPERATING SYSTEM

Application Tracking Threat Engine Application Control Reputation Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Web Protection IoC Collector Live Protection Galileo Heartbeat Web Filtering Intrusion Prevention System Routing _SecurityEmail

Galileo Heartbeat Selective Sandbox Application Control Data Loss Prevention ATP Detection Proxy Threat Engine

Isolate subnet and WAN access Block/remove malware

Identify & clean other infected systems

User | System | File

Compromise

(40)

SOPHOS SYSTEM

PROTECTOR

Sophos Cloud

Improved Threat Detection

heartbeat

SOPHOS FIREWALL

OPERATING SYSTEM

Lockdown local network access Remove file encryption keys Terminate/remove malware

Compromise

(41)

SOPHOS SYSTEM

PROTECTOR

Sophos Cloud

Automated Protection of Endpoints

heartbeat

SOPHOS FIREWALL

OPERATING SYSTEM

Discover unmanaged Endpoints Could it be managed?

Self-service portal setup User authentication Distribute security profile

Win | Mac | Mobile

Endpoint

(42)

Sophos Firewall

Operating System

Firewall Galileo Heartbeat Web Filtering Intrusion Prevention System Application Control ATP Detection Selective Sandbox Threat Engine Data Loss Prevention Email Security Routing Proxy

Sophos System Protector

Application Tracking Threat Engine Application Control Reputation Emulator HIPS/Runti me Protection Device Control Malicious Traffic Detection Galileo Heartbeat Web Protection IoC Collector Live Protection

Network Visibility & Control

i

App Info

Query if Top 10 bandwidth user

Query endpoint for App info

Identify other systems with

same app

(43)

Sophos Firewall

Operating System

Firewall Galileo Heartbeat Web Filtering Intrusion Prevention System Application Control ATP Detection Selective Sandbox Threat Engine Data Loss Prevention Email Security Routing Proxy

Sophos System Protector

Application Tracking Threat Engine Application Control Reputation Emulator HIPS/Runti me Protection Device Control Malicious Traffic Detection Galileo Heartbeat Web Protection IoC Collector Live Protection i