Download - The next generation of IT security
1
John Shaw, VP Product ManagementOctober 8th 2015
The next generation of security
2
Advanced Persistent Threats …….
3
Advanced Persistent Threats …….
4
Toolkits put the advanced techniques quickly in the hands of the bad guys …
5
So it’s not just an issue for the big companies
Sophos Confidential
R: 228G: 98B: 0
R: 0G: 84B: 144
R: 127G: 127B: 127
Note: Source PWC 2015 Information security breaches survey, UK1. Large organizations and SMBs consist of enterprises with >250 employees and 1-249 employees respectively
63% of UK small/medium businesses know they were infected by malware in the past year.
38%of UK small/medium businesses know they were attacked by an unauthorized outsider
74% of UK small/medium businesses had a security incident last year
42.8m global security incidents from 9,700 companies surveyed, up 66%
6
“Antivirus is dead”
“Conventional antivirus software is an outmoded way of protecting computers
against malware.”
The perception of endpoint security
“The current anti-virus method of detecting and blocking known samples is
no longer effective.”
“Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their
money buying it.”
7
Many security companies tend to push one technology – Maslow’s hammer
8
RemediationRemoves detected malware automatically; Encrypts data and controls
network access to prevent damage from running malware
PreventionCorrelates threat indicators to block web and application exploits, dangerous URLs, potentially unwanted apps and malicious code
DetectionAnalyzes software behavior and network traffic in real time, alerting
you to hidden threats that can be missed by traditional AV technology
Sophos Next Generation Endpoint Protection
9
Typical attack vector
User visits a compromised site or views a malicious ad on a site
Browser is silently redirected to a server running an exploit kit
Malicious code and/or doc exploits vulnerabilities in OS or application
Malware is downloaded/installed onto the computer
Initial exposure
Redirect chain
Exploit
Infection
Command and control via indirectionPayloads – data theft, CPU, ransomware …
Payload
10
How Sophos Next Gen Endpoint protects
User visits a compromised site or views a malicious ad on a site
Browser is silently redirected to a server running an exploit kit
Malicious code and/or doc exploits vulnerabilities in OS or application
Malware is downloaded/installed onto the computer
Initial exposure
Redirect chain
Exploit
Infection
Web Control. Block bad URLsReputation. Block low reputation sources
Block known bad URLsBlock malicious redirect code
Exploit prevention (JavaScript, PDF, Office, Flash, etc.)
Pre-execution emulationHeuristic analysisLive Protection (known malware)
Payload Malicious Traffic DetectionFile EncryptionThreat Analysis Center (2016) Command and control via indirection
Payloads – data theft, CPU, ransomware …
11
Sophos Labs is big data analytics
150,000Malware files added to “Live Protection” Cloud daily as a quick detection response
50%Of our detections are based on 19 malware identities.
3 millionSpam email messages per day seen by our 80 spam feeds across 20 countries
600million
“Live Protection” file lookup events added to Hadoop clusters for analysis every day
1 millionSuspicious URLs seen and analyzed each day from 70 sources
350,000Previously unseen files received each day within SophosLabs, 3 every second!
Confidential : The following roadmap is intended to outline Sophos’s general product direction. It is intended for information purposes only and does not and shall not form part of any contract. The roadmap is not a commitment to deliver any product, version, feature, update, upgrade, code, material or otherwise (collectively referred to “Functionality”), and should not be relied upon when making purchasing decisions. The ongoing development, release and timing of any Functionality or otherwise, remains entirely at the discretion of Sophos.
12
Evolution of security
Point Products
Anti-virus
IPS
Firewall
Sandbox
Layers
Bundles
Suites
UTM
EMM
Synchronized Security
Project Galileo
Sophos Heartbeat
13
A single connected security system that links intelligence from the network and endpoint to make faster and smarter decisions
Project Galileo - A Revolution in Protection
SOPHOS HEARTBEAT
NEXT-GENENDUSER SECURITY
SOPHOS CLOUD
NEXT-GENNETWORK SECURITY
SOPHOSLABS
Automated ResponseNetwork policies to automatically isolate or limit the access for compromised systems
until they are cleaned up
Accelerated DiscoveryEndpoint MTD and Network ATP features
combine to rapidly spot infected hosts across your entire estate
Positive Identificationby enabling network and endpoint to
communicate intelligence context
14
3 pillars of advanced threat protection
By device identification reduces time taken to manually identify infected or at risk device or host
by IP address alone
Compromised endpoints are isolated by the firewall
automatically, while the endpoint terminates and
removes malicious software.
Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeat™ pulses real-time information on suspicious
behaviors
Sophos Heartbeat
Accelerated Discovery
Positive Identification
Automated Response
Faster, better decisions Quicker, easier investigation Reduced threat impact
15
SOPHOS SYSTEMPROTECTOR
Sophos Cloud
Heartbeat in action – advanced threat detection
heartbeat
SOPHOS FIREWALLOPERATING SYSTEM
ApplicationTracking
Threat Engine
Application Control Reputation
EmulatorHIPS/
Runtime Protection
DeviceControl
MaliciousTraffic
Detection
Web Protection
IoCCollector
Live Protection
Heartbeat
Web Filtering
IntrusionPrevention
SystemRouting Email
Security
Heartbeat
SelectiveSandbox
ApplicationControl
Data LossPrevention
ATPDetectionProxy
ThreatEngine
Isolate subnet and WAN accessBlock/remove malwareIdentify & clean other infected systems
User | System | File
Compromise
Firewall
1616
Protecting data
17
Encryption is a also a threat protection technology
EndpointProtection
DataProtection
18
Reactive to Integrity
1919
Mobile
20
Tale of Two Endpoints
PC Management Mobile Device Management
21
N
Protect my company data not my users’ endpoints
Your device, our
data
22
N
EMM of the future is all about security – on all devices
Next gen end user protection Secure MYOD …
User registers a deviceCompany adds access to data, and security
Stop threats
Protect data
Protect identity
23
Project Galileo (1) Integrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection
Sophos Delivers Next Generation Threat Protection
Security must be comprehensiveThe capabilities required to fully satisfy customer need
Security can be made simplePlatform, deployment, licensing, user experience
Security is more effective as a systemNew possibilities through technology cooperation
Note:1. Project Galileo is currently under development and is planned to be released later in CY2015
Next Gen Enduser Security
Next Gen Network Security
Sophos Cloud
heartbeat
SOPHOS LABS