3. 3
What’s New in SafeGuard Enterprise 7.0
• Enhancements on Windows
Windows 8.1 August Update (f.k.a 8.1-2014) supported
BL management improvements
File Tracking for Cloud Storage targets
LSH user enrollment enforcement
Backend performance improvements in large DB environments
Support of new tokens/smartcards (KBA will be updated for release)
• Enhancements on OS X
• File encryption enhancements – original mount points hidden
• File encryption performance improvements
4. 4
BL - Support for Password Protector
• Passwords as an additional authentication mechanism
4
5. 5
BL - Support for Password Protector
• "Auto-Unlock" as a way to automatically protect and unlock
NON-boot volumes without requiring a user interaction at all.
• Implements support for the BitLocker hardware test, which is
initiated before encryption of the boot volume starts. This
improves the user experience, as scenarios where the user gets
locked out from the system are avoided.
• Allow the user to explicitly postpone BitLocker encryption
when, e.g., a new password is requested.
5
6. 6
LSH user enrollment enforcement
• User are now "remembered" to answer their questions in 3
stages
• Stage 1: Baloon tooltip in tray icon every hour, change to stage 2
on next
calendar day
• Stage 2: Additionally to stage 1 behavior LSH will be started
every logon and unlock and users can postpone, change to stage
3 after 2 days
• Stage 3: Additionally to stage 2 behavior (except the tooltip) the
LSH dialog will be started every 60 min (users can postpone it)
6
7. 7
Mac – File Encryption enhancements
• „Real“ enforcement of file encryption (original folders are
hidden to users and replaced by SGN secured folders)
• No changes in workflows anymore
Users can work with the secured folder as usual
Secured folders are stored on the same place where the original folders
were)
Real pathes (e.g. documents) can be used in Terminal now
• Support of additional AV engines
7
11. 11
Sophos Security.
Cloud Simplicity.
The same trusted endpoint protection, now available in the cloud.
Instant deployment, instant security, instant satisfaction.
13. 13
Business Key Needs Sophos Cloud
Easy to Implement
As a small business owner I typically have to “do it all”
and don’t have time to become a security expert. It’s
critical that this solution is quick to implement.
From Need to Solution in Minutes
• Sign up online and deploy endpoints right from
the cloud
• No server to implement
Easy to Manage, Maintenance free
Once we’re running, make it simple for me to stay
protected and, when I need to take action, make it easy.
Manage Anywhere with Auto Updates
• Per user policy and reporting
• Automatic upgrades
Ideal for Businesses
Cost Effective
My budget is tight so the price has to be competitive.
Economical
• Per user license – add users as you grow
• Licensing flexibility
• Annual, Multi-year
• No equipment procurement or maintenance costs
Effective Protection Everywhere
I need to ensure remote and roaming users are
protected the same way as office users
Best in Class Protection Everywhere
• Automatic threat and policy updates
• Built-in best practices; fewer clicks to better
protection
14. 14
Sophos Cloud v3 – Key Capabilities
-Releases November 18 2014-
Windows server protection (standard)
Automatic exclusions, enhanced exclusion capabilities, device based
policy
Existing EP customer automatically extended a 25% server allocation
(license)
Evaluation license support
Customer of EP or Server can always try the other regardless of whether
customer is licensed for it
15. 15
Cloud Server Protection (Standard)
Easy to configure and manage
• Automatically identifies and adapts to your server
environment
• Automatic exclusions
Fast Performance
• Low performance impact that won’t slow down your
servers
Great Protection
• Anti-malware, HIPS, Live Protection, Web Security
16. 16
Cloud Server Protection (Standard)
How is it different from Endpoint Protection?
Server policy is set per machine (server) and not per user
The server policy allows you to control all the features
(endpoint limits control over certain features)
Server has its own dashboard widget and report
Server has improved exclusions support and automatic
exclusions
Server doesn’t have device control or web control
You can only install Server on server OS and you can only
install Endpoint on desktop OS
17. 17
Cloud Server Protection (Standard) - Exclusions
What variables are supported?
Variable Windows 2008 Windows 2003
Example Expansion Uses Environment Variables Expansion Uses Environment Variables
%allusersprofile% C:ProgramData %allusersprofile% C:Documents and SettingsAll
Users
%allusersprofile%
%appdata% C:Users*AppDataRoaming %systemdrive% C:Documents and
Settings*Application Data
%systemdrive%
%commonprogramfiles% C:Program FilesCommon Files %commonprogramfiles% C:Program FilesCommon Files %commonprogramfiles%
%commonprogramfiles(x86)% C:Program Files (x86)Common
Files
%commonprogramfiles(x86)% C:Program Files (x86)Common
Files
%commonprogramfiles(x86)%
%localappdata% C:Users*AppDataLocal %userprofile% C:Documents and
Settings*Local
SettingsApplication Data
%userprofile%
%programdata% C:ProgramData %programdata% C:Documents and SettingsAll
UsersApplication Data
%programdata%
%programfiles% C:Program Files %programfiles% C:Program Files %programfiles%
%programfiles(x86)% C:Program Files (x86) %programfiles(x86)% C:Program Files (x86) %programfiles(x86)%
%systemdrive% C: %systemdrive% C: %systemdrive%
%systemroot% C:Windows %systemroot% C:Windows %systemroot%
%temp% or %tmp% C:Users*AppDataLocalTemp %systemdrive% C:Documents and
Settings*Local SettingsTemp
%systemdrive%
%userprofile% C:Users* %systemdrive% C:Documents and Settings* %systemdrive%
%windir% C:Windows %windir% C:Windows %windir%
%homedrive% NOT SUPPORTED %homedrive% (per-user) NOT SUPPORTED %homedrive% (per-user)
%homepath% NOT SUPPORTED %homepath% (per-user) NOT SUPPORTED %homepath% (per-user)
18. 18
Cloud Server Protection (Standard) : Exclusions
Automatic Exclusions –
We will automatically apply exclusions based on the
applications detected on the server
The feature is controlled from the policy
Detection will be handled via the registry and custom
detection scripts
Sophos will provide a data feed with the exclusion rules,
which will be updated regularly
We are starting with the Microsoft ones: Exchange, SQL and
Active Directory domain controllers
We are the only ones doing this
32. 33
What is SMC?
• For IT professionals that want to enable mobility, Sophos
Mobile Control manages and secures mobile devices, content,
and applications with a user-centric approach that delivers the
simplest experience for users and administrators.
33. 34
Core Benefits of SMC 4.0
• Data Protection that Doesn’t
End at the Office Door
• Integrated Security
(Anti-malware, Web Filtering,
UTM integration)
• User Centric
(user based pricing and simple UI)
!
34. 35
Mobile Content Management
Data Protection that Doesn’t End at the Office Door
• Mobile Encryption built into the SMC Console
• Ensures Secure Content Collaboration
• Only EMM vendor to offer individual File Encryption
protected even “beyond the Cloud” with gated entry to each
file
• Ensures that each document that is connected to the server
remains secure
44. 45
Top complaints about current firewalls
IT Manager Survey on SpiceWorks
Profit
Insufficient reporting & visibility
Insufficient security & control
Not easy to manage
Poor value
Poor performance
45. 46
UTM Advantage 9.3
Enhancing Protection – New Features:
Stronger Protection
Simply Securing Content
• Time quotas, tagging, and selective SSL
scanning bolsters web protection
• SPX encryption user portal simplifies
data protection
• WAF features improve our TMG
replacement advanage
Better Everywhere
Extending deployment flexibility
• Microsoft Hyper-V 2012 support
• Remote assistance in a click with
customer-controlled secure access
• Multiple Bridge Support
Smarter WiFi
Taking Secure WiFi to the next level
• Automated wireless optimization
• New HTTPS and multi-tenancy hotspots
• Support for new APs and
wireless appliances
• Availabilty of SMS authentication*
46. 47
Top 3 New Features in Web Protection
Enterprise level SWG features – poweful, flexible, simple
• Time quota policy - users can browse specified categories for a set period
per day
• Site tagging – enables sites to be tagged and tags to be used in policies (e.g.
“customer sites” or “research sites”)
• Selective HTTPS Scanning – automatically determines which encrypted
connections to scan
Other Notable Features:
• Updated App Control engine – broader app coverage (1300 Apps) and
enhanced ATP
• Performance Improvements – proxy optimizations resulting in 20%
performance improvement and 75% memory reduction
• True File Type Detection – can block archives based on the files they
contain
47. 48
Time Quota Policy
Policy: Select the categories and the time quota…
User Experience
Helpdesk
(Reset if needed)
48. 49
Site Tagging
Tag sites to create unlimited custom categories
Use tags in policy just like
other categories
49. 50
Selective HTTPS Scanning
Optimize performance and privacy by scanning only sites that pose a risk
50. 51
Top 3 New Features in Email Protection
Simpler SPX Email Encryption and Better Email AV
• SPX Self-Registration – provides a portal so users can register, recover, and
reset their own SPX passwords
• SPX Reply Portal Support for Attachments – SPX replys can now support
email attachments.
• Live Anti-Virus – implemented Sophos AV engine for email with added
protection from malware in emails by doing cloud lookups on suspicious
content and true-file-type detection
53. 54
Top 3 New Features in Web Server Protection
Improving our Advantage as a TMG Replacement…
• Flexible Setup – allow/deny lists for IP ranges,
wildcards for server farms, username prefix/suffix
settings, support for custom WAF rules
• WAF Performance– Scan size limits and for customers
only using a UTM for WAF, they can dial up the capacity
of the WAF
• Persistent SSO – (coming a bit later) better user
experience that doesn’t require them to re-enter
credentials when accessing different MS applications
54. 55
Top 3 New Features in Wireless Protection
Taking Wireless Protection to the next level
• Automated WiFi Optimization – extends
automatic channel selection beyond startup to
work ongoing in the background
• Hotspot Multi-tenancy and HTTPS – Allows one
UTM to be used to service different hotspots
and encrypt the portal page.
• SMS Authentication – (available as needed)
allow users to request access to a hotspot on
their phone and receive voucher via SMS
55. 56
Top 3 Better Everywhere Features
Extending deployment flexibility
• Hyper-V 3.5 – adds support for Microsoft Hyper-V
Server 2012 R2 including MS Integration Tools v3.5
which will add HA/LB to Hyper-V
• Remote Assistance In-a-Click – enables webadmin
access to the UTM by Sophos Support with the click of a
single button
• Multi-Bridge Support – improves deployment options
57. 58
Sophos iView
Extending Reporting – Key Features and Benefits:
Added Visbility
Increased depth and breadth of reporting
• Over 1000 built-in reports and views
• Compliance reporting: HIPAA, PCI DSS,
GLBA, SOX
• Fully customizable reports & views
with extensive drill-down capabilities
Security Intelligence
Identify issues before they become
problems
• Rich dashboard and detailed traffic reports
offer intelligent insights
• Easily monitor suspect users or traffic
anomalies
• Quickly identify attacks on your network
Consolidated Reporting
Centralized reporting across multiple UTMs
• Works out-of-the-box with all Sophos UTMs
• Single centralized view of all network activity
• Great for larger organizations
and MSPs
Log Management
Backup and long-term log storage
• Automated backups of all UTM logs for long-term storage
• Eliminates reporting gaps if replacing/upgrading a UTM
• Quick access and retrieval of historical data for
audits and forensics
Our Design principle for Sophos Cloud is to provide Sophos security with Cloud Simplicity
The same trusted endpoint protection now available as a cloud-based/ cloud managed service with instant deployment.
What is Sophos cloud?
Sophos Cloud is a Cloud Managed security service.
The initial version of Sophos Cloud delivers cloud-managed endpoint security as a service.
The management console is hosted by Sophos which means there is no server to set up and security can be deployed instantly.
A small client anti-malware software (or agent) is installed on the protected computers.
Users - regardless of where they are – either in the office, working remotely working or traveling - will get complete coverage everywhere with real time policy refresh, and the latest threats and software updates. And because the management is hosted by Sophos in the cloud, users will get automatic updates and upgrades through the management console.
Smaller and growing businesses like yours may not have a lot of resources but are still concerned about cybercrime having a negative impact on your business.
Your IT resource is far too precious to focus a lot of time on security.
You need security that is easy to deploy.
Sophos Cloud doesn’t require a server. And you can start with a trial account that take minutes from sign up on line to deployment.
<Click>
The second need is effective protection everywhere.
Growing business like yours typically have remote and roaming workers. You want to ensure they are protected the same way as office users.
Sophos Cloud provides automatic threat updates and real time policy refresh so your roaming workers are always protected against the latest threats.
In addition, we know that 90% of threats are coming from web. Sophos Cloud automatically blocks web threats before they reach your computers.
What’s more, Sophos Cloud uses security best practice to automatically resolve issues for you. Whenever we can, we make dealing with issues easier and quicker than ever.
<click>
We know that security is not your only job, so a solution must be easy to manage and maintenance free.
Sophos cloud’s management console is accessible from anywhere.
And because the server is hosted by Sophos, we provide automatic software updates and upgrades, which means it is maintenance free for you.
<click>
Lastly, you want a solution the is economical. We offer per user licensing. Your user may have a desktop and a macbook air for travel, but that stil counts as one user. Sophos Cloud is subscription-based, so you can add users as you grow.
And we have flexible licensing terms with available annual or multi-year subscriptions, and monthly subscriptions are coming soon.
Again, Sophos cloud means no equipment procurement or maintenance costs, automatic updates and upgrades, and per user licensing.
Improved exclusion capabilities (2008/r2, 2012/r2)
Automatic exclusions (2008/r2, 2012/r2)
Competitive intelligence – against competitor’s server product focus on set up/ configuration.
No plan to put server AV on 3rd party test.
Performance test - > 3rd party accolade (general Sophos, not product specific)
download reputation – first in cloud. (server?) APT/ network-aware threat detection.
Guidance on what collateral -
The original Cloud Endpoint license (EP-Cloud) introduced with v1 was retired when v2 was released. All customers with this license were automatically upgraded to CEA.
Set up is extremely easy. If you start with the trial, complete a simple form and Sophos Cloud will send you an activation email. That leads you to set up your account log in.
We know that setting up an account without deploying endpoint client doesn’t really help anybody. So the first experience after you sign in is this “lightbox” that urges you to deploy the software.
Simply deployment via email
Policy can be set by the user or by the group, and will automatically apply to all the computers under that user or group.
A dashboard that shows actions required, if any, is also included to give you tremendous visibility into your deployment.
The reports give you at a glance views of all the devices, computers and users protected. You can also view reports by users, by computers or by devices
- Data Protection that doesn’t end at the office door: With Mobile Content Management for iOS devices, SMC is the only EMM vendor to offer individual File Encryption, ensuring each document that is connected to the server remains secure, allowing users to remain productive by collaborating safely. Gated entry to each file allows organizations to rest assured that their documents and data remain safe – not just in the office, but anywhere & everywhere their users go.
- Integrated Security: Mobile devices are essentially computers that travel everywhere with users; hence, mobile devices need the same level of AV protection, to ensure users can remain productive and safe. Sophos Mobile Control is the only vendor to provide integrated AV and Web Filtering for Android devices – Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC 4.0, users get integrated anti-malware, which protects users from malicious websites and other threats; this can be integrated into the SMC console and centrally managed through SMC. Additional web filtering protection helps ensure that Android devices remain secure, and organizations have reduced risk data breaches with our UTM integration which blocks network access based on compliance status of device (SMC also integrates with Checkpoint & Cisco for Network Access Control).
-User-Centric: the only EMM vendor to offer user-based pricing, Sophos makes it easier for organizations to calculate the costs of implementing BYOD in their environment
With this new and exciting feature, we are extending our promise of “Encryption Everywhere” by offering built in Mobile Encryption into SMC. Cloud storage makes it easy for your customers’ users to access files from any location. But after news of data breaches, can they be sure that their data is really safe? Data protection shouldn’t end at your office door. SMC now makes it easier for you to collaborate with colleagues and business partners. And it enables persistent encryption because each document that is connected to the server remains secure. What makes us different? We are the only EMM vendor to offer individual file encryption: with AirWatch/Mobile Iron, if someone gets access to your dropbox account, they automatically get access to a users’ content. With SMC, each document is gated and therefore even if they get into the dropbox account, they cannot access individual files without a key. Gated entry to each file allows organizations to rest assured that their documents and data remain safe – not just in the office, but anywhere & everywhere their users go. Currently, iOS first Android to follow. Encryption Everywhere
Gartner called out the importance of this in their 2014 MQ report - “Sophos' mobile content management transparently encrypts files leaving a PC or mobile device to prevent data leakage. This integrates with third-party file storage providers and enables companies to securely use low-cost third-party storage.”
Screen shot of Mobile Encryption app, automatically built into SMC. We support DropBox, Egnyte, Google Drive, etc
Available only on iOS
If device is not compliant, the access to the SME app will be blocked
Integrated AV (malware protection): With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life. Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life.
-SMC (with built in SMSec) Helps users avoid undesirable software that may lead to data loss and unexpected costs.
-SMSec is integrated into the SMC console and centrally managed through SMC
-Admins have full control over the app settings and can block infected or outdated devices.
Other EMM vendors don’t offer built in Anti-malware, they have a 3rd party that provides that capability.
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Integrated AV (malware protection): With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life. Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life.
-SMC (with built in SMSec) Helps users avoid undesirable software that may lead to data loss and unexpected costs.
-SMSec is integrated into the SMC console and centrally managed through SMC
-Admins have full control over the app settings and can block infected or outdated devices.
Other EMM vendors don’t offer built in Anti-malware, they have a 3rd party that provides that capability.
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Integrated AV (malware protection): With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life. Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life.
-SMC (with built in SMSec) Helps users avoid undesirable software that may lead to data loss and unexpected costs.
-SMSec is integrated into the SMC console and centrally managed through SMC
-Admins have full control over the app settings and can block infected or outdated devices.
Other EMM vendors don’t offer built in Anti-malware, they have a 3rd party that provides that capability.
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Integrated AV (malware protection): With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life. Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life.
-SMC (with built in SMSec) Helps users avoid undesirable software that may lead to data loss and unexpected costs.
-SMSec is integrated into the SMC console and centrally managed through SMC
-Admins have full control over the app settings and can block infected or outdated devices.
Other EMM vendors don’t offer built in Anti-malware, they have a 3rd party that provides that capability.
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
Integrated AV (malware protection): With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life. Android devices encompass 70% of smartphone sales, yet Android devices are the most susceptible to malware; last year there were about 80,000 malware samples detected. With SMC, users get integrated anti-malware which provides full functionality to protect your Android device without reducing performance or battery life.
-SMC (with built in SMSec) Helps users avoid undesirable software that may lead to data loss and unexpected costs.
-SMSec is integrated into the SMC console and centrally managed through SMC
-Admins have full control over the app settings and can block infected or outdated devices.
Other EMM vendors don’t offer built in Anti-malware, they have a 3rd party that provides that capability.
Web Filtering: Sophos Mobile Control is the only vendor to offer Web Filtering for Android devices. Admins can define 14 categories that they allow/warn/block, filtering web access on Android devices. Sophos is the only EMM vendor to extend this endpoint functionality to mobile devices, offering additional robust protection for Androids to prevent access to data-stealing web pages.
Network access control: Organizations have reduced risk data breaches, since SMC can be programmed to block network access based on device compliance status. In 4.0, SMC integrates with Sophos UTM. SMC controls a user’s network access via Wi-Fi and VPN based on the compliance status of device: if you have a roach device, you can block VPN or Wi-Fi access.
- SMC also integrates with Checkpoint & Cisco for network access control (however, only for controlled VPN/Wi-Fi access only)
So we’ve covered how we’re extending our reporting with iView and addressing customers top complaints about their current firewall, but what about these other major complaints. Of course, the UTM does a great job in providing protection and controls, that are easy to manage, and with everything in a single box, customers get outstanding value, but let’s have a look at how we’re extending this advantage in UTM 9.3
What’s new in UTM 9.3? Well there are a bunch of new features that fall nicely into four areas…
Stronger protection with new features for web, email, and WAF… in particular… one of our most requested features… time quotas for web surfing policies so you can limit users to say 1 hour per day for categories such as social media, shopping or sports. Site tagging and selective SSL scanning are also being introduced.
We’re also making WiFi smarter with enhancements to the WiFi channel optimization to maximize performance, hotspot authentication via mobile devices and of course support for the new Access points.
New deployment options extend the UTMs ability to work better in even more places… with Hyper-V 2012 R2 support (with HA options), support for HA on AWS, and a new option for one-click secure support access to SSH or Webadmin.
And of course, the new iView reporting appliance extends and enhances our UTM reporting, so let’s look at that in more detail…
For those of you that may not know… Sophos iView is our first product collaboration with Cyberoam. This is a product that we’ve worked with them on bringing to the sophos UTM product line as an add-on that extends and enhances our on-box reporting. It works out of the box with Sophos UTMs and offers a number of great features that will appeal to many organizations such as…
Added visibility, adding a bunch of additional reports and views, including reporting that meets compliance requirements for standards like HIPAA, PCI, and a few others.
It also offers a lot of additional views and customization options that will appeal to the nerdy IT admin.
Another key benefit it provides is consolidated reporting across multiple UTMs which will be huge for MSPs and larger organizations with more than one UTM.
It also provides some good insights into traffic trends that may allow admins to identify problem users or attacks on their network
And it provides great log management for backup and long-term storage so if a UTM needs to be replaced all the historical reporting is not lost and makes retrieval easy for audits or forensics
It’s a great new addition to the UTM line up, particularly for customers wanting more breadth and depth of reporting, those who need to meet compliance requirements, or those managing networks with multiple UTMs. It’s coming at the end of Sept.
Since Sophos iView uses the same OS and installer as Sophos UTM, that part of deploying iView will be very familiar to SEs and partners.
After iView is installed, On the UTMs you’re monitoring, all you need to do is go into “Log Settings” and setup iView as a syslog server – iView will automatically recoginze the UTM and start accepting log data
iView offers a huge number of reports and dashboards that are easily customized with attractive animated 3D graphs. Here’s a snap shot of of the Web Usage Dashboard showing top domains, users, categories, and content in a single view with extensive drill down capability
A key feature of iView is the ability to help customers achieve compliance reporting requirements for standards such as PCI, HIPAA and others.
The compliance reporting section offers all the reports customers needs… here’s an example of the admin audit trail report that’s required for PCI compliance.
Consolidated reporting is another key feature of iView as it can collect logs from multiple UTMs and provide both a consolidated view of the entire network as well as the ability to organize UTMs into groups or drill down into individual UTMs
There’s an option to “Select Device” on the top of every report
Which allows you to select the specific UTM or group of UTMs you want to report on.
iView also offers important trend reporting which can be helpful in identifying attacks, such as a sudden increase in ICMP traffic that might be indicating a Denial of Service type attack as you can see here on this chart.
It also offers a ton of custom report options, scheduled reports, and literally any feature you might expect in a dedicated reporting appliance.
We’re going to put together a screen shot library of many of the reports as soon as we can as a sales tool.