aws enterprise summit london 2015 | sophos - using aws to transform security
TRANSCRIPT
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Bill LucchiniSenior Vice President and General ManagerCloud Security
Using AWS to Transform Security
Sophos at a Glance
1985FOUNDEDOXFORD, UK
$450MIN FY15 BILLING(APPX.)
2,500EMPLOYEES(APPX.)
200,000+CUSTOMERS
100M+USERS
HQOXFORD, UK
90+%BEST IN CLASSRENEWAL RATES
15,000+CHANNEL PARTNERS
LARGEST TECH IPO
in history on the London Stock Exchange
SOPHSTOCK
~£1.15BMARKET CAP
Our Strategy
Security only Focus on mid-market enterprises
Complete security made simple Integrated next-generation endpoint and network security
Managed and delivered through the cloud ‘Channel First’ sales model
To be the best in the world at delivering complete IT security tomid-‐market enterprises and the channel that serves them
Mission
Strategy
Synchronized Security
Network Security
§ Next Gen Firewall, Unified Threat Management
§ Secure Wifi§ Web Gateway§ Email Security
§ Endpoint § Mobile§ Server § Encryption
SOPHOS LABS
SecurityHeartbeat
Enduser Security
Sophos Cloud
Avon & WiltshireMental Health Partnership NHS Trust
Providing services at dozens of locations and increasingly, in patient homesLarge mobile workforce dealing with confidential patient information• Uses Sophos Cloud to manage Endpoint protection
• No need for workers to connect to their network
• Remote workers always up to date
• Simple to manage
How Sophos Uses AWSExample: Sophos Labs
SophosLabs– Live Protection Via the Cloud
SophosLabsActive Protection
Malware Data
Website URL Database
HIPS Rules
Reputation Data
MaliciousURLs
Spam Campaign
s
Sensitive Data Types
Application Categories
Device Data
Mobile Application Reputation
Anonymizing Proxies
Application Patches
Network Servers Devices
Web
NextGen FW
Web App FW Wifi
Smartphone/Tablet
Workstation/Laptop
Data
Correlated IntelligenceReputation DataContent Classification
File
Web
100,000,000Endpoints/ Network
Devices
400,000Transactions per Second
Before Amazon Web Services
Forced to build expertise in:
• Hardware• Procurement• Data Centre Management
…none of which our customers value
Sophos Live ProtectionProcessing 400,000 transactions per second
CloudFormation
CloudTrail
CloudWatch
Availability Zone
AWS Region
Route 53
Auto Scaling group
Availability Zone
Availability Zone CloudWatchLogs
DynamoDB DynamoDB Streams ElastiCache
SQSS3Availability Zone
AWS Region
Auto Scaling group
Availability Zone
Availability Zone
DynamoDB DynamoDB Streams ElastiCache
Availability Zone
AWS Region
Auto Scaling group
Availability Zone
Availability Zone
Logs
DynamoDB
DynamoDB DynamoDB Streams Elasticache
Auto Scaling group –worker nodes
Availability Zone Availability Zone
DynamoDBDynamoDB
SophosLabsActive Protection
SQS
S3
Monitoring and Scaling
CloudWatchUse custom application metricsSophos Labs logs with metric filters identifies errors and alerts
Auto-ScalingDriven by CloudWatch
Logic Monitor Monitoring platform was customized to track CloudWatch metrics
CloudTrailSecurity alerts into ELK stack
Example: One service in one region
• Traffic SpikesTypical peak traffic is 25x greater than low points (50M/5 mins)
• Auto-scalingInstances vary from 4 to 38 currently
Sophos Cloud Web Gateway: Big Data Analytics Problem
Global Network Optimized for Mobile Workforce
Lightweight Endpoint Agent• Proxies data traffic to a Sophos Gateway• Dynamically chooses the best performing gateway• Knows what traffic not to proxy based on policy
Globally distributed gateways• Analyze each packet for threats• Apply corporate policies • Aggregate data for real-time analytics
Central Management through Sophos Cloud
Globally Distributed Gateways
How do we do it?
Network Security
§ Next Gen Firewall, Unified Threat Management
§ Secure Wifi§ Web Gateway§ Email Security
§ Endpoint § Mobile§ Server § Encryption
SOPHOS LABS
SecurityHeartbeat
Enduser Security
Sophos Cloud
Powered by Amazon Web Services
Sophos: Better Security Made Simple
Thank you!