sophos day belgium - what's cooking in sophos' network security group?
TRANSCRIPT
Sophos XG FirewallThe next thing in next-gen
Chris McCormackNSG Product Marketing
November, 2016
2
What we’ll cover…
Today’s Top Problems with Existing FirewallsSophos XG Firewall
What’s NewLive Demo
What’s Next
Today’s top firewall problemsCompounded by trends in network security
Poor performance
Poor value
Too complex
Insufficient security & control
Insufficient visibility
Top complaints with existing Firewalls (2016*) Network Security Trends
Enormous amounts of data collectedMore than any IT manager can consume
More sophisticated threatsEvasive, targeted, zero-day threats
Increasing number of solutionsToo many features, too many products
$Spiralling costs of securityMore solutions competing for similar budget
Unprecedented network demandsCloud, IaaS, vanishing perimeter, BYOD
*Sophos commissioned a survey of mid-market IT managers on Spiceworks
4
Sophos XG FirewallSolving today’s top problems with existing Firewalls
Central ManagementSimpler to manage Instant visibility Synchronized security Top performance Streamlined workflows Unified policies Policy templates
Control center User & App Risk On-box reporting
Linking firewall & EP Security Heartbeat™ Dynamic app ID
Industry-leading HW FastPath optimization High-performance proxy
Full-featured & consistent Cloud or on-premise Free for partners
Complete protection Firewall & Wireless Web, Apps, APT Email and WAF
XG Firewall’s Unique Innovations
5
6
What makes XG Firewall UniqueInnovative features you just can’t get anywhere else
Synchronized Security
• Links Endpoints and Firewall to share telemetry and status
• Enables features like Security Heartbeat™ & Real-time App ID
Unified Firewall Rules and Policies
• All firewall rules on one screen with snap-in user-based policies
• Policy templates simplify protecting business applications
Enterprise-grade Secure Web Gateway
• Powerful top-down inheritance based web policy model
• Easy and intuitive to build sophisticated user and group based policies
User and Application Risk Assessment
• Automatically identifies high risk users and applications on the network
• Identifies potential issues before they become real problems
No-compromise Deployment and Central Management
• The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure)
• Comprehensive centralized management and reporting made simple
7
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™
RED HeartbeatFirewall detects traffic from Endpoint
!
8
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat
MISSING HeartbeatFirewall detects traffic from Endpoint
?
9
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Destination Heartbeat™
GREEN Heartbeat
!RED HeartbeatConnections to/from the compromised system are blocked
Endpoint attempts to connect to compromised system
10
Synchronized Security
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App Identification
GREEN HeartbeatFirewall detects unknown traffic from Endpoint
Firewall requests context from endpoint
Application information is exchanged
11
Unified Firewall Rules and PoliciesMaking management easier
All firewall rules in one place
User, Network, Business Applications
Powerful filtering options
By rule type, zone, status or ID
At a glance indicators
Type, source, destination, users, service,traffic status, heartbeat, QoS, and naturallanguage description
12
Policy TemplatesCustom tailored templates enable easy & proper protection for common business apps
13
Enterprise-grade Secure Web GatewayPowerful tools for building sophisticated user and group based web policies
Top-down inheritance policy model
Makes building sophisticated policies easyand intuitive. The same kind of SWG usuallyfound only in dedicated enterprise products.
Pre-defined policy templates
Out-of-the-box policies for included for workplace, CIPA compliance, and more
Powerful customization
Custom define users/groups, activities(URLs, categories, file types), allowed action,and time-of-day and day-of-week constraints
14
User Risk AssessmentAutomatically identifying top risk users on the network
Automatically identifying top risk userson the network – before they become aproblem
15
App Risk AssessmentAutomatically identifying top application risks and overall app risk
Risk: LowA few high risk applications and users are operating on the network – continue to monitor the situation carefully
Risk: HighTake action and setup an application control policy before data loss, abuse, or illegal activity become a real problem
16
Deployment flexibility without compromise
XG Series HardwareFull range of hardware appliances with wireless AP and RED add-onsMulti-core processors, solid-state storage, generous RAMIndustry-leading performance at all price points – Miercom tested
Virtual/Software
Vmware, Hyper-V, Citrix XEN, KVMFlexibility regarding resource assignment and high availabilityCompatible with all x86 hardware
IaaS
Available in Microsoft Azure MarketplaceUp and running in minutes with preconfigured VMPay-as-you-go or BYOL
Flexible deployment options optimized for today’s business
17
XG Firewall – How to buy Deployment, Licensing and Pricing
Firewall & VPN Wireless
Network Protection
Web & AppProtection
EmailProtection
Web ServerProtection
XG Series Appliances
Software/Virtual
IaaS
Base License
Total Bundle or À la carte
Deployment Choices
NGFW Bundle
XG FirewallHow XG does user policy better
18
19
Layer-8 User Identity and Awareness made simpleCovers all areas of the Firewall. Consolidated. Easy to Manage
IPS QoS Web Apps Routing
20
Powerful user/group policy enforcement made simpleSimply snap-in your sophisticated user and group based polices to a single firewall rule
Define your user/group web enforcement policy Snap-it-in to your desired firewall rule
21
Sophos Transparent Authentication Suite (STAS)Making user identity transparent and reliable. Single-Sign-On (SSO) made easy
MicrosoftActive Directory
Server
STASCollector & Agent
No client required on devices for SSO!
XG Firewall
AuthenticationInformation
XG Firewall v16
22
23
HA support for dynamic WAN interfaces
Per-rule and Policy-based routing
Google Apps Control
Microsoft Azure SupportTwo-Factor Authentication
Support for 3rd party URL databases
New NavigationNew AP 15C and RED 15w support
Enhanced Anti-Spam
STAS GUI configuration
Synchronized SecurityApp Identification
Streamlined FirewallRule Screen
Firewall-to-firewall RED tunnels
Clone firewall and other rules
Log Viewer EnhancementsEnhanced Control Center
Email Per-DomainRouting and MTA
SPX Email Encryption reply portal
Support for 3rd party URL databases
New User/GroupWeb Policy
Creative Commons SafeSearchImage Enforcement
Enhanced Security Heartbeat
Firewall domain name
Missing SecurityHeartbeat Detection
120!Over…
New Features
XG Firewall v16: Key Focus AreasUser ExperienceCreating a more intuitive experience across all areas of the product from navigation to policy to logging & more
New FeaturesOver 120 new features including the 35 most-wanted features from UTM 9 across web, email, 2FA & more
Synchronized SecurityAdding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility
25
Headline EnhancementsNew (more familiar) NavRedesigned SWG-style Web PolicyEmail Enhancements (MTA)Logging and TroubleshootingTwo-factor authenticationSynchronized Security
Missing HeartbeatReal-time app visibilityDestination Heartbeat
Microsoft Azure Support
26
Live Demo
27
What’s Next
SFM/CFM for v16
28
Entering beta soon
Full-Featured
Manage all firewall features
Monitoring, alerting, role-based admin
Easy Time Savers
Policy templates make enrollment quick
Firmware update management
Deployment Flexibility
On-Prem (Hardware, Software, Virtual)
Free in the cloud for Partners
Cloud coming for customers in v17
29
Sophos SandstormCloud-sandboxing – coming to XG Firewall in v16.5 (December)
Suspect Control Report
Sophos Sandstorm
Hash ?
Determine Behavior
30
How Effective is It?
10-20
One university that deployed Sandstorm blocked over 400 new macro variants in the first few weeks. Very delighted with the simplicity and effectiveness of Sophos Sandstorm.
Daily detonated files per customer
0.4-1.8Daily malware detected per customer
Sophos Central
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation | URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Synchronized Security Coming in XG Firewall v17
31
Mobile
Server
Wireless
WebEncryption
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App ControlDynamically identifying & controlling applications
Heartbeat in SFOS TAP ModeEnhancing EP security and intelligence from the side
32
33
34
XG Firewall on Sophos Central
•Full-featured multi-device•On-prem or cloud (partners)
•Single device and HA clusters•Zero-touch and alerting
•Simple groups & multi-device•API Support
Sophos FirewallManager
Sophos CentralSingle Device
Sophos CentralMulti-Device
Q4Q1 Q2 Q3CY 2017
Why Customers Choose Sophosfor their next firewall
35
36
Why customers are choosing Sophosfor their next firewall
1. Simpler to manageWe make advanced next-gen protection easier to manage than any other firewall product, making it easier to ensure proper protection.
2. Instant insightsWe include extensive rich on-box reporting at no extra charge and unique insights into risks and activity.
3. Complete protectionWe provide more-in-one appliance than any other vendor.
4. Top PerformanceOur firewall delivers industry leading performance at every price point.
5. Trusted industry leaderSophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.
37
A Leader in Unified Threat Management
• Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant – and has retained this position for 5 consecutive publications
• Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year
• Gartner’s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors
• In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind
This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose .All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.
Gartner Magic QuadrantUNIFIED THREAT MANAGEMENT
Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016