Sophos Next-Generation Enduser Protection
-
Upload
giovanni-giovannelli -
Category
Technology
-
view
169 -
download
4
Transcript of Sophos Next-Generation Enduser Protection
![Page 2: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/2.jpg)
2
Next-Gen Enduser ProtectionIntegration of innovative endpoint, mobile and encryption technologies to deliver better, simpler to manage security for enduser devices and data.
GalileoConnecting our next-gen network, server and enduser products to each other and to Sophos Cloud so the entire organization is better protected—simply.
What’s the difference between Next-Gen Enduser Protection and Galileo?
![Page 3: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/3.jpg)
33
The pitch
![Page 4: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/4.jpg)
4
Increasing attacks, increasing sophistication
Attack surface exponentially larger
Laptops/DesktopsPhones/Tablets
Virtual servers/desktops
Threats more sophisticated
Attacks are more coordinated than defenses
![Page 5: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/5.jpg)
5
Today’s security approach is falling behind
INCOMPLETEAlways one more thing to deploy and manage
COMPLICATEDToo hard to configure, too much to monitor
INEFFECTIVENot keeping up with advanced threats
![Page 6: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/6.jpg)
6
Result: Compromises are growing
63,497 security incidents in 2013
1,367 confirmed data breaches
Affected segmentsBanking, Credit,
Financial Hospitality Government, Military Utilities Retail and other
business
Source: Verizon Data Breach Investigations Report 2014
![Page 7: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/7.jpg)
7
What we believe
Security must be comprehensiveThe capabilities required to fully satisfy customer needs
Security can be made simplePlatform, deployment, licensing, user experience
Security is more effective as a systemNew possibilities through technology cooperation
![Page 8: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/8.jpg)
8
Project Galileo
Sophos Confidential
Next-GenNetwork Security
Next-GenServer
Protection
Next-GenEnduserProtection
Technology integration that enables complete, simple-to-manage security that works effectively as a system.
![Page 9: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/9.jpg)
9
The Endpoint Has Changed
Corporate Perimeter
VPN
Corporate Perimeter
Cloud Services
![Page 10: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/10.jpg)
10
“Prevention is ideal, but detection is a must.”
Endpoint Security Needs to Change
Prevent Malware
Data
Prevent MalwareDetect CompromisesRemediate Threats
Encrypt Data
![Page 11: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/11.jpg)
11
Next-Generation Enduser Protection
Policy & Management
Endpoint
Mobile EncryptionTH
REAT
INTE
LLIG
ENCE
SophosCloud
SOPHOSLABS
BIG DATA
AUTOMATION
LEVERAGEDEXPERTISE
Compromise Detection
& Response
![Page 12: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/12.jpg)
12
Innovative Endpoint Security is Key to NGEUPIt used to be that files got infected. Now systems get infected.
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
MaliciousTraffic
Detection
SOPHOS SYSTEM PROTECTOR
Web Protection
Live Protection
AppTracking
Device Control
![Page 13: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/13.jpg)
13
Why Malicious Traffic Detection?
10011001011111011010100101011110100
Command and Control Traffic
Without MTD: No visibility into compromised systems communicating with attackers
MTD-like features on the firewall: Detection of a compromised system on the network; no remediation or info about the infection
MTD in the endpoint: Detection on or off network, detailed info about the compromised system, potential remediation
![Page 14: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/14.jpg)
14
How Malicious Traffic Detection WorksSo
phos
Labs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
Admin alerted
App terminated
Malicious traffic detected
i Compromise
User | System | File
MTD rules
![Page 15: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/15.jpg)
15
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
MaliciousTraffic
Detection
SOPHOS SYSTEM PROTECTOR
Web Protection
Live Protection
AppTracking
Device Control
Example: Stopping a new variant of Cryptowall
1. User runs something they shouldn’t. It adds a new application to the startup folder.
2. The application runs and injects itself into explorer.exe.3. Explorer.exe tries to fetch an encryption key from C&C.4. Threat removed, admin alerted.5. Malware and threat indicators shared with SophosLabs.
![Page 16: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/16.jpg)
16
Soph
osLa
bs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation MTD rules Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
GalileoHeartbeat
Firewall
EMAILTHREATEVENT
RECEIVER
Web Filtering
Intrusion Prevention
System
App Control
ATP Detection
SelectiveSandbox
Threat Engine
ROUTINGCOMPROMISE
DETECTOR
Galileo: Network + Endpoint = ATP
PROXY
Data Loss Protection
THREATEVENT
COLLECTOR
Tracking
Threat Engine
Application Control
Application Reputation
EmulatorHIPS/
Runtime Protection
Malicious Traffic
Detection
DEVICE & FILEENCRYPTION
SOPHOS SYSTEM
PROTECTOR
DEVICECONTROL
THREATEVENT
COLLECTOR
Web Filtering
Live Protection
i Compromise
User | System | File
• Isolate Subnet and WAN Access• Lockdown Local Network Access• Block Suspected Source• Remove File Encryption Keys
INDICATOR OF COMPROMISE
TRACKING
![Page 17: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/17.jpg)
17
GalileoHeartbeat
Tracking
Threat Engine
Application Control
Application Reputation
EmulatorHIPS/
Runtime Protection
Malicious Traffic
Detection
DEVICE & FILEENCRYPTION
SOPHOS SYSTEM
PROTECTOR
DEVICECONTROL
THREATEVENT
COLLECTOR
Web Filtering
Live Protection
INDICATOR OF COMPROMISE
TRACKING
Firewall
EMAILTHREATEVENT
RECEIVER
Web Filtering
Intrusion Prevention
System
App Control
ATP Detection
SelectiveSandbox
Threat Engine
ROUTINGCOMPROMISE
DETECTOR
Galileo: Endpoint Heart Attack
PROXY
Data Loss Protection
THREATEVENT
COLLECTOR
i Compromise
User | System | File
X
• Lockdown Local Network Access• Remove File Encryption Keys
Soph
osLa
bs
URLdatabase
Malware Identities HIPS rulesGenotypesFile look-up Reputation MTD rules Apps SPAM
Data Control
Peripheral Types
Anon. proxies
Patches/ VulnerabilitiesWhitelist
![Page 18: Sophos Next-Generation Enduser Protection](https://reader031.fdocuments.us/reader031/viewer/2022032002/55b1b321bb61eb32378b45c5/html5/thumbnails/18.jpg)
18© Sophos Ltd. All rights reserved.