![Page 1: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/1.jpg)
Sophos XG FirewallThe next thing in next-gen
Chris McCormackNSG Product Marketing
November, 2016
![Page 2: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/2.jpg)
2
What we’ll cover…
Today’s Top Problems with Existing FirewallsSophos XG Firewall
What’s NewLive Demo
What’s Next
![Page 3: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/3.jpg)
Today’s top firewall problemsCompounded by trends in network security
Poor performance
Poor value
Too complex
Insufficient security & control
Insufficient visibility
Top complaints with existing Firewalls (2016*) Network Security Trends
Enormous amounts of data collectedMore than any IT manager can consume
More sophisticated threatsEvasive, targeted, zero-day threats
Increasing number of solutionsToo many features, too many products
$Spiralling costs of securityMore solutions competing for similar budget
Unprecedented network demandsCloud, IaaS, vanishing perimeter, BYOD
*Sophos commissioned a survey of mid-market IT managers on Spiceworks
![Page 4: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/4.jpg)
4
Sophos XG FirewallSolving today’s top problems with existing Firewalls
Central ManagementSimpler to manage Instant visibility Synchronized security Top performance Streamlined workflows Unified policies Policy templates
Control center User & App Risk On-box reporting
Linking firewall & EP Security Heartbeat™ Dynamic app ID
Industry-leading HW FastPath optimization High-performance proxy
Full-featured & consistent Cloud or on-premise Free for partners
Complete protection Firewall & Wireless Web, Apps, APT Email and WAF
![Page 5: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/5.jpg)
XG Firewall’s Unique Innovations
5
![Page 6: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/6.jpg)
6
What makes XG Firewall UniqueInnovative features you just can’t get anywhere else
Synchronized Security
• Links Endpoints and Firewall to share telemetry and status
• Enables features like Security Heartbeat™ & Real-time App ID
Unified Firewall Rules and Policies
• All firewall rules on one screen with snap-in user-based policies
• Policy templates simplify protecting business applications
Enterprise-grade Secure Web Gateway
• Powerful top-down inheritance based web policy model
• Easy and intuitive to build sophisticated user and group based policies
User and Application Risk Assessment
• Automatically identifies high risk users and applications on the network
• Identifies potential issues before they become real problems
No-compromise Deployment and Central Management
• The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure)
• Comprehensive centralized management and reporting made simple
![Page 7: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/7.jpg)
7
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™
RED HeartbeatFirewall detects traffic from Endpoint
!
![Page 8: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/8.jpg)
8
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat
MISSING HeartbeatFirewall detects traffic from Endpoint
?
![Page 9: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/9.jpg)
9
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Destination Heartbeat™
GREEN Heartbeat
!RED HeartbeatConnections to/from the compromised system are blocked
Endpoint attempts to connect to compromised system
![Page 10: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/10.jpg)
10
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App Identification
GREEN HeartbeatFirewall detects unknown traffic from Endpoint
Firewall requests context from endpoint
Application information is exchanged
![Page 11: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/11.jpg)
11
Unified Firewall Rules and PoliciesMaking management easier
All firewall rules in one place
User, Network, Business Applications
Powerful filtering options
By rule type, zone, status or ID
At a glance indicators
Type, source, destination, users, service,traffic status, heartbeat, QoS, and naturallanguage description
![Page 12: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/12.jpg)
12
Policy TemplatesCustom tailored templates enable easy & proper protection for common business apps
![Page 13: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/13.jpg)
13
Enterprise-grade Secure Web GatewayPowerful tools for building sophisticated user and group based web policies
Top-down inheritance policy model
Makes building sophisticated policies easyand intuitive. The same kind of SWG usuallyfound only in dedicated enterprise products.
Pre-defined policy templates
Out-of-the-box policies for included for workplace, CIPA compliance, and more
Powerful customization
Custom define users/groups, activities(URLs, categories, file types), allowed action,and time-of-day and day-of-week constraints
![Page 14: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/14.jpg)
14
User Risk AssessmentAutomatically identifying top risk users on the network
Automatically identifying top risk userson the network – before they become aproblem
![Page 15: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/15.jpg)
15
App Risk AssessmentAutomatically identifying top application risks and overall app risk
Risk: LowA few high risk applications and users are operating on the network – continue to monitor the situation carefully
Risk: HighTake action and setup an application control policy before data loss, abuse, or illegal activity become a real problem
![Page 16: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/16.jpg)
16
Deployment flexibility without compromise
XG Series HardwareFull range of hardware appliances with wireless AP and RED add-onsMulti-core processors, solid-state storage, generous RAMIndustry-leading performance at all price points – Miercom tested
Virtual/Software
Vmware, Hyper-V, Citrix XEN, KVMFlexibility regarding resource assignment and high availabilityCompatible with all x86 hardware
IaaS
Available in Microsoft Azure MarketplaceUp and running in minutes with preconfigured VMPay-as-you-go or BYOL
Flexible deployment options optimized for today’s business
![Page 17: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/17.jpg)
17
XG Firewall – How to buy Deployment, Licensing and Pricing
Firewall & VPN Wireless
Network Protection
Web & AppProtection
EmailProtection
Web ServerProtection
XG Series Appliances
Software/Virtual
IaaS
Base License
Total Bundle or À la carte
Deployment Choices
NGFW Bundle
![Page 18: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/18.jpg)
XG FirewallHow XG does user policy better
18
![Page 19: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/19.jpg)
19
Layer-8 User Identity and Awareness made simpleCovers all areas of the Firewall. Consolidated. Easy to Manage
IPS QoS Web Apps Routing
![Page 20: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/20.jpg)
20
Powerful user/group policy enforcement made simpleSimply snap-in your sophisticated user and group based polices to a single firewall rule
Define your user/group web enforcement policy Snap-it-in to your desired firewall rule
![Page 21: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/21.jpg)
21
Sophos Transparent Authentication Suite (STAS)Making user identity transparent and reliable. Single-Sign-On (SSO) made easy
MicrosoftActive Directory
Server
STASCollector & Agent
No client required on devices for SSO!
XG Firewall
AuthenticationInformation
![Page 22: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/22.jpg)
XG Firewall v16
22
![Page 23: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/23.jpg)
23
HA support for dynamic WAN interfaces
Per-rule and Policy-based routing
Google Apps Control
Microsoft Azure SupportTwo-Factor Authentication
Support for 3rd party URL databases
New NavigationNew AP 15C and RED 15w support
Enhanced Anti-Spam
STAS GUI configuration
Synchronized SecurityApp Identification
Streamlined FirewallRule Screen
Firewall-to-firewall RED tunnels
Clone firewall and other rules
Log Viewer EnhancementsEnhanced Control Center
Email Per-DomainRouting and MTA
SPX Email Encryption reply portal
Support for 3rd party URL databases
New User/GroupWeb Policy
Creative Commons SafeSearchImage Enforcement
Enhanced Security Heartbeat
Firewall domain name
Missing SecurityHeartbeat Detection
120!Over…
New Features
![Page 24: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/24.jpg)
XG Firewall v16: Key Focus AreasUser ExperienceCreating a more intuitive experience across all areas of the product from navigation to policy to logging & more
New FeaturesOver 120 new features including the 35 most-wanted features from UTM 9 across web, email, 2FA & more
Synchronized SecurityAdding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility
![Page 25: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/25.jpg)
25
Headline EnhancementsNew (more familiar) NavRedesigned SWG-style Web PolicyEmail Enhancements (MTA)Logging and TroubleshootingTwo-factor authenticationSynchronized Security
Missing HeartbeatReal-time app visibilityDestination Heartbeat
Microsoft Azure Support
![Page 26: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/26.jpg)
26
Live Demo
![Page 27: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/27.jpg)
27
What’s Next
![Page 28: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/28.jpg)
SFM/CFM for v16
28
Entering beta soon
Full-Featured
Manage all firewall features
Monitoring, alerting, role-based admin
Easy Time Savers
Policy templates make enrollment quick
Firmware update management
Deployment Flexibility
On-Prem (Hardware, Software, Virtual)
Free in the cloud for Partners
Cloud coming for customers in v17
![Page 29: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/29.jpg)
29
Sophos SandstormCloud-sandboxing – coming to XG Firewall in v16.5 (December)
Suspect Control Report
Sophos Sandstorm
Hash ?
Determine Behavior
![Page 30: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/30.jpg)
30
How Effective is It?
10-20
One university that deployed Sandstorm blocked over 400 new macro variants in the first few weeks. Very delighted with the simplicity and effectiveness of Sophos Sandstorm.
Daily detonated files per customer
0.4-1.8Daily malware detected per customer
![Page 31: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/31.jpg)
Sophos Central
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation | URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Synchronized Security Coming in XG Firewall v17
31
Mobile
Server
Wireless
WebEncryption
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App ControlDynamically identifying & controlling applications
Heartbeat in SFOS TAP ModeEnhancing EP security and intelligence from the side
![Page 32: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/32.jpg)
32
![Page 33: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/33.jpg)
33
![Page 34: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/34.jpg)
34
XG Firewall on Sophos Central
•Full-featured multi-device•On-prem or cloud (partners)
•Single device and HA clusters•Zero-touch and alerting
•Simple groups & multi-device•API Support
Sophos FirewallManager
Sophos CentralSingle Device
Sophos CentralMulti-Device
Q4Q1 Q2 Q3CY 2017
![Page 35: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/35.jpg)
Why Customers Choose Sophosfor their next firewall
35
![Page 36: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/36.jpg)
36
Why customers are choosing Sophosfor their next firewall
1. Simpler to manageWe make advanced next-gen protection easier to manage than any other firewall product, making it easier to ensure proper protection.
2. Instant insightsWe include extensive rich on-box reporting at no extra charge and unique insights into risks and activity.
3. Complete protectionWe provide more-in-one appliance than any other vendor.
4. Top PerformanceOur firewall delivers industry leading performance at every price point.
5. Trusted industry leaderSophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.
![Page 37: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/37.jpg)
37
A Leader in Unified Threat Management
• Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant – and has retained this position for 5 consecutive publications
• Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year
• Gartner’s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors
• In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind
This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose .All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.
Gartner Magic QuadrantUNIFIED THREAT MANAGEMENT
Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016
![Page 38: Sophos Day Belgium - What's cooking in Sophos' Network Security Group?](https://reader035.vdocument.in/reader035/viewer/2022062400/5877432c1a28ab342e8b7499/html5/thumbnails/38.jpg)