3. At a glance: Network Security Group
The Network Security Group of Sophos
(formerly Astaro) is Europe’s market leader
for Unified Threat Management (UTM).
• The Astaro business was founded in
2000 and is since 2011 part of Sophos
• Constantly gaining market share
• Common Criteria and ICSA
certified products
• Received more than 120
product awards
• Approximately 65.000 installations
• Design and engineering
made in Germany
3
5. Internet threats on the increase
Crackers Botnets Spam Phishing Scam Hoax Viruses Spyware Gray ware
Intrusions Denial of Service Distributed Denial of Service Ping floods Eavesdropper Script
Kiddies Espionage Malware Root kits Adware P2P File sharing Trojans Spit Bots Backdoors
Buffer Overflows Hackers Malcode Bugs Key loggers Crime ware Pharming Competitors
Exploits
Identity theft DNS poisoning Snarf attacks Spam bots Spy bots Trap doors
War driving Ransomware ASCII bombs Bluesnarfing Worms Decrypting Reverse engineering
Phreaking Port Scanning
8
6. Network security solutions today
Cost Time Investment
Router
Firewall
IPS
SSL VPN Gateway
Email/Spam Filter
Anti Virus Filter
Web Filter
WAN Link Balancer
Load Balancer
Total:
9
7. Modern IT-Security challenges (1)
Protect internet communication with office computers and servers
Branch office
Internet
VPN
VPN
Roadwarrior
Central office
10
8. Modern IT-security challenges (2)
Protect communication with endpoints and endpoints itself
Branch office
Mobile user Internet
Roadwarrior
Central office
11
10. Our all-in-one approach
Complete protection for your network
Endpoint Security
& Mobile Control
Integration of
Networking features complete email, web
for high availability & network protection
and load balancing
Flexible Deployment
VPN & wireless Software Appliance Central, browser-based
extensions management & reporting
of all applications
Virtual Appliance
13
11. Security features
Enterprise-class security for small and mid-size businesses
Endpoint
Protection
Device Control
AntiVirus
Wireless Network
Protection optional Protection
• Wireless Controller for Essential • IPS incl. MAPP
Astaro Access Points Firewall • IPSec/SSL/RED VPN
• Multi-Zone (SSID) • WAN Link Balancing
support • Stateful Firewall • SSL Portal (HTML5)
• Captive Portal/Voucher • Network Address Translation
• PPTP/L2TP Remote Access
Web Server Web
Protection Protection
optional
• Reverse Proxy • URL Filter
• Web Application Firewall Mail • Antivirus & Antispyware
• Antivirus Protection • Application Control
• Anti Spam & Phishing
• Dual Virus Protection
• E-Mail Encryption
14
15. Branch Office Security - challenges
Businesses with many small branch offices need an easy and affordable way to
connect them back to the headquarter location and keep their Internet access secure.
18
16. Available solutions
Routers for private users
Low-end UTM appliances
MPLS and managed VPN services
19
17. Sophos RED
The easiest and most economic way to secure your branch offices in a few
minutes – without the need for technical personnel at the remote site!
20
19. Sophos Provisioning Service
3. Connect RED Device 1. Enter RED name & ID
Remote Office Central Office
5. Establish Tunnel
RED Internet Router
Sophos UTM
Ship the RED without configuration
20. Sophos RED 10
Technical information
• Solid steel chassis
• No moving parts
• 1 WAN port
• 4-Port LAN switch
• 1 USB 3G/UMTS modem port
• 30 Mbit/s VPN-throughput
• <7 Watt power consumption
• Unrestricted users
• No buttons, no GUI
23
22. Wireless networks – challenges
Businesses need an easy-to-use, secure and reliable possibility to integrate
wireless devices into their business networks.
25
23. Available solutions
Access points for private users
Low-end UTM appliances with integrated Wi-Fi
Enterprise wireless solutions
26
26. Hotspot aka Captive Portal
Secure Internet access for guests in companies, hotels & other typical hotspot areas
• Wireless and wired
• Operating-Modes
• Disclaimer-Page
• Password of the Day
• Vouchers with time/data quota
• Guest-Registration within the
Enduser-Portal
• Customization of the Portal-Site
• Part of the Wireless Subscription
#2 Feature Request on
http://feature.astaro.com
29
27. Sophos Access Points
AP 10 AP 30
• Up to 10 users • Up to 30 users
• 150 Mbit/s throughput • 300 Mbit/s throughput
• 1 x 10/100 Base TX • 1 x 10/100 Base TX
• IEEE 802.11 b/g/n • IEEE 802.11 b/g/n
• Power over Ethernet (IEEE 802.3af)
AP 50
• Up to 50 users AP 5
• Dual-band/dual-radio • Up to 7 users
• 2.4Ghz and 5GHz • USB Access Point
• IEEE 802.11 a/b/g/n • Wifi extension for RED10 rev.2/3
• 300 Mbit/s throughput
• PoE+ (IEEE 802.3at)
30
29. Application Control aka Next Generation Firewall
• Patterns for ~600 relevant applications
• Deep Layer-7 inspection for true application
identification (Next Generation Firewall)
• Unclassified application feedback
• Complete control to block, allow, shape, and prioritize
• Detailed real-time reporting and forensic history
• Graphical flow-monitor shows everything as it happens
30. Clientless SSL VPN
HTML 5 VPN Portal
• Browser based VPN without additional
software
• IE > v10, Firefox > v6, Google Chrome
• No Java / ActiveX or Flash!
• Applications:
• Remote Desktop
• VNC
• Telnet
• SSH
• Webapp (HTTP / HTTPS)
#1 Feature Request on http://feature.astaro.com
32. UTM Endpoint Protection
Always connected and up-to-date – everywhere
UTM 9.1
Live Connect Policies, Events,
Service Updates
Branch Office
Mobile User Policies, Events,
Updates Policies
Internet
Roadwarrior
Central Office
35
34. Sophos UTM 9 - Roadmap
2012 2013
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun
UTM 9.0 UTM 9.1 UTM 9.2
UTM 9.0 UTM 9.1 UTM 9.2
GUI in Sophos Design Extended Endpoint Protection Extended Endpoint Protection
SAV Integration • Web Filtering (policy sync.) • App.Ctrl (client/UTM comm.)
UTM Endpoint Protection • Client Firewall (policy sync.) • Device & Media Encryption
• Device Control • DLP • VPN client
• AV & HIPS • Full Disk Encryption
Clientless SSL VPN • MAC OS support TBA
Hotspot support • …
• “Captive Portal” Extended Wireless Protection .
• Repeater, Wireless IDS,
Rogue AP detection
UTM Mobile Control
• Remote Lock & Wipe
• Central App. Mgmt.
• Email Access Mgmt
37
35. Conclusion
Sophos UTM v9
Complete Security
• UTM with the most comprehensive feature set on the market
• UTM meets endpoint – full integration of endpoint security
Without Complexity
• Single intuitive GUI for all functionalities
• Unique plug`n`play Wifi and VPN technology
Let s cut the costs
• All-In-One vs. bunch of point solutions
• Tailor made subscription plan
• “Keep things simple”
38
36. Thank you very much!
Questions?
Sophos UTM Contact: dupreezvw@netxactics.co.za
Notes de l'éditeur
Letsstartwithsome quick overviewabou Sophos:
As you can see different businesses trust the protection of Astaro. You find global brands as well as thousands of mid size companies
The ASG product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users.As opposed to other UTM solutions, Astaro software can be also installed on your own servers.The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all Astaro Security Gateway models - no matter if the hardware, software or virtual appliance is deployed.Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Therefore, even the smallest remote office can get the same protection as a company's central office - without compromise.The ASG 525 and 625 models offer the highest availability through a redundant hard drive and power supply.
Astaro Wireless Security is a new approach, which serves to simplify the secure and reliable availability of WLAN environments. The integrated wireless controller in the ASG ensures that the affordable Access Points do not require any manual configuration. Astaro Access Points can be positioned anywhere in the office and offer a strong WLAN signal all over the office - the placement behind an Astaro RED is also possible, WLAN access for guests is also available in minutes and many clients can also be protected through the UTM security of the central ASG.
9.2 SynchronisationderApplicationControl zwischen V9 und Endpoint -- gibt es heute noch nicht -> V9 fragt beim Client nach, welche App einen bestimmten netflow erzeugt -- Zusammenarbeit mit Sophos Labs eröffnet unerahnte MöglichkeitenVPN client im Endpoint Client enthaltenMobile Control: iOS und Android