• No results found

Simple security is better security Or: How complexity became the biggest security threat

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Simple security is better security Or: How complexity became the biggest security threat"

Copied!
38
0
0

Loading.... (view fulltext now)

Download now ( 38 Page )

Full text

(1)
(2)

What do they have in common?

(3)

Security is HARD!

Components of good security

1. Careful planning

2. User education

3. Choosing the right tools

(4)
(5)

0 1 3 8 50 ,0 10,0 20,0 30,0 40,0 50,0 60,0

Sophos’ core customers

(6)
(7)

Protect My Data Go Wireless Users Are Everywhere What About Securing My Servers? Downtime Unacceptable “Console Proliferation” & “Agent Pollution” Transition to the Cloud Regulations & Compliance Help Desk Queries New Attack Surfaces (Android, iOS) 250,000 New Polymorphic Threats Affect Everyone Macs Are No Longer Immune

Not Just A “Big Company”

Problem

(8)
(9)

UTM overview

-

(10)

Security, Made Simple

Security…

Made Simple.

Security technologies

Simple Deployment Simple Protection Simple Management

• Hardware • Software • Virtual • Cloud

• Active Protection – real-time protection powered by SophosLabs

• Live lookups via the Cloud

• SophosLabs experts tune the protection so you don’t have to

Next Gen Firewall URL Filtering Wireless VPN Anti-Spam Email Encryption Endpoint Web Protection Webserver Protection Intuitive consoles Centralised management Backed by expert support

Anti-malware

(11)

Sophos UTM – a truly simple firewall

Complete Security in a single solution

(12)

Network firewall - the first line of defense

• Any computer connected to the internet is at risk

• A computer outside a firewall can be attacked and compromised within minutes

• Hardware firewalls can be complex to configure

(13)

Network firewall

• Easy management with object-based rules

• Stateful packet inspection

• NAT and Masquerading

• Dynamic (OSPF, BGP) and static routing

• Bridging and multicast routing

• IPv6 Support

• Amazon Virtual Private Cloud Connector

• Easy tunneling with Windows Remote Access (PPTP & L2TP)

(14)

Network protection - detect and stop threats

• Firewalls only deal in ports, addresses and protocols

• Malicious network traffic can still come through allowed ports

• You want to get the best from your web connection

• You need a way to let remote workers and offices connect

• You need protection from today’s most advanced threats

(15)

Network protection

• Intrusion prevention system

• Site-to-site VPN (IPsec and SSL)

• IPsec and SSL Client VPN (Cisco supported*)

• HTML 5 VPN portal

• WAN link balancing

• High Availability (active/passive and active/active)

• Advanced Threat Protection

Botnet/Command-and control detection

Cloud-based selective sandbox (requires Web Protection)

(16)

Wireless Protection -WiFi should be easy

• Separate wireless management solutions can be expensive

• Many built in wireless hardware doesn’t give complete coverage

• Configuring wireless networks in remote offices can be a hassle

• Guest and visitor access can be complex

(17)

Wireless Protection

• Central management

• Plug & play deployment

• Connect access points anywhere

• Easy hotspot configuration with full customization

• Wireless repeating and bridging (AP50)

• Fully customizable login pages and vouchers with QR code support

• Support for two-factor authentication

(18)

• Same Intel platform • 3 x 3 MIMO, one radio • Being introduced as Rev.2 • Integrated SSD

• Can also add external APs

An industry first!

UTM + integrated 802.11ac Wi-Fi

SG 125w and SG 135w

beat DELL’s new TZ appliances…

Dell claims:

• Fastest small deep packet inspection firewall • SSL inspection eliminates encrypted threats • Integrated 802.11ac wireless controller

Sophos facts:

(19)

Email Protection - Still a risk

• Over 98% of all email is spam

• Many spam emails combine links to infected websites

• Phishing attacks are on the rise

• Data protection is a key concern for businesses

• Email encryption not easy to use

(20)

Email protection

• Filter spam and stop malware

• Let users manage their own quarantined items

• Detects phishing URLs in emails

• Supports S/MIME and OpenPGP for encryption

• Simple SPX encryption requiring no infrastructure

• DLP for automatic policy-based encryption and filtering

(21)

Email protection

• Recipient self registration for easier password management and improved confidentiality

Encrypting emails via SPX

2. UTM sends a registration request to

the recipient

3. The recipient opens the request and browses to the

(22)

Web Protection - Why worry about the web?

• Lack of control can impact productivity

• 85% of all malware comes from the web

• Web threats are invisible

• Targeted and controlling computers and stealing data

(23)

Web protection

• Gateway anti malware

• Transparent and proxy-based filtering

• URL Filtering both HTTP and HTTPS

• Web application control (NGFW)

• Interactive usage and user reporting

• Transparent user authentication with SSO for AD

• Transparent HTTPS filtering without certificate deployment

• Device-specific authentication

(24)

Web Protection

UTM v.9.3 Introduced more enterprise level features – powerful, flexible, simple

Site tagging – enables sites to be tagged and tags to be used

in policies (e.g. “customer sites” or “research sites”)

Time quota policy - users can browse specified categories for

a set period per day

Selective HTTPS Scanning – automatically determines which

(25)

Web Protection

Site tagging - Tag sites to create unlimited custom categories

(26)

Web Protection

Web Surfing Quotas Policy: Select the categories and the time quota…

User Experience

(27)

Web Protection

Site tagging - Tag sites to create unlimited custom categories

(28)

Web Protection

(29)

Endpoint Protection - Devices everywhere

• The anywhere network

• Accessing the web outside your protection

• Malware carried on USB sticks

• You need more than signature-based AV

(30)

Endpoint protection

• Endpoint anti-malware

• Live protection

• Device control

• Web in Endpoint

• Manage anywhere through our LiveConnect service

(31)

Web in Endpoint

Consistent protection everywhere

• Combines Gateway, Endpoint and Cloud

• Web in Endpoint set policy once to apply everywhere

• On or off the network, it doesn’t matter

Instant insight and visibility

• See user activity no matter where they are

• Activity from offsite endpoints is instantly available

No extra cost

With the following subscriptions:

(32)

Web Server Protection – Don’t make headlines

• More than 30,000 websites infected every day

• 80% of infected websites are legitimate

• Exploits will often redirect users to malicious sites

(33)

Web Server Protection

• Web application firewall

• Anti malware scanning

• Form hardening

• URL hardening

• Cookie protection

• SQL Injection and XSS filtering

• Reverse proxy authentication (offloading and delegation)

With Single Sign-On

• Best TMG replacement currently available

(34)

RED - Remote and branch offices made easy

• Remote offices often have no skilled IT staff on site

• As a result, they often have inferior security

• Central IT staff can’t always solve problems remotely • Easily become the weak spot in the network

(35)

Sophos RED

Simple, plug & play branch office security

• Securely connect remote locations

• Completely configuration free

• Same protection for all offices

• Fully encrypted traffic

• No hassle

New in UTM 9.2

(36)

Wi-Fi & VPN Configuration

Wi-Fi & VPN Access

(37)
(38)

References

Download now ( PDF - 38 Page - 2.88 MB )

Related documents

Byrne Teaching Writing Skills

This is similar to keeping records while playing a game. NIany activities involve keeping some kind of recorcl in the form of a list. For example, the pupils can be asked

"My way or the highway"? - A study of cooperation within the United Nations Security Council

There are theorists who claim that a multipolar system was formed after the end of the Cold War and not a unipolar one (Buzan, Hansen 2011, p. The theory I have chosen is based

T Series Sales

Oracle Enterprise Manager Ops Center allows Oracle VM Server for SPARC and Oracle Solaris to be deployed on x86-based systems. Refer to the Oracle VM Server for SPARC Sales

ABODE SERVICES. (A California Not-For-Profit Corporation) SINGLE AUDIT REPORT JUNE 30, 2014 AND JUNE 30, 2013

Management of Abode Services is responsible for establishing and maintaining effective internal control over compliance with the types of compliance requirements referred to above.

Trondheim. Sastamala. Helsingfors. Hamar Oslo. Tallinn. Solna. Göteborg. Åseda Riga. Köpenhamn. Amsterdam Reeuwijk. Karlsruhe. Wiener Neudorf.

Financial services are offered by the Financial Companies Group comprising Svea Ekonomi AB, the branches Svea Finans NUF in Norway, Svea Ekonomi AB in Finland, and the wholly

The Dope Game Activation Code [cheat] Download ->>> About This Game

It's a good game with some interesting mechanics but it can be a bit buggy and the end game gear is too expensive which can make it a bit grindy to get into the last few story

EXCERPTED FROM PASCO-HERNANDO COMMUNITY COLLEGE ACCOUNTABILITY STANDARDS AND MEASURES

The Fall 2000 cohort performance is displayed under the 2004 Year of Accountability Report column in the concluding two tables which summarize the performance of PHCC students

Physical Therapist Assistant

Application Review Process Used in Stage I of. Application