Synchronized Security in Action
Attacks are becoming more sophisticated while attack surfaces are growing exponentially. Synchronized Security from Sophos coordinates defenses across endpoints, networks, servers and more to stay better coordinated against attacks. It provides unparalleled protection through next-gen endpoint protection and network security working together. Automated incident response leverages technologies like Security Heartbeat to automatically detect, isolate and remediate incidents. Real-time insight and control gives visibility across systems and estates for rapid root cause analysis and response. Customers report that Synchronized Security saves them time through quick threat identification and remediation.
2. Synchronized Security in Action
How many
customers are
using it?
Is it delivering on
its stated benefits?
When are the rest
of the products
getting a
Heartbeat?
Who should we be
targeting?
What does the
competitive
landscape look
like?
2
3. Attacks are more
sophisticated than defenses
Attack surface
exponentially larger
Increasing attacks, increasing sophistication
3
Laptops/Desktops
Phones/Tablets
Virtual servers/desktops
Cloud servers/storage
IoT
Syndicated crime tools
Zero day exploits
Memory resident
Polymorphic/metamorphic
Multilevel botnets
4. Synchronized Security
Sophos Central
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |
Malware Identities | URL Database | Machine Learning | Threat Intelligence | Genotypes | Reputation |
Behavioral Rules | APT Rules | App Identities | Anti-Spam | DLP | SophosID | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
Next-Gen Endpoint
Mobile
Server
Encryption
UTM/Next-Gen Firewall
Wireless
Email
Web
In Cloud On Prem
4
6. Synchronized Security
Best of breed security system that enables your
defenses to be more coordinated than the attacks.
6
Automated
Incident Response
Unparalleled
Protection
Breach
Prevention
Reduce
Breach Impact
Simplify IT
Management
Real-time Insight
and Control
9. Synchronized Security
Sophos Central Mgmt.
Root Cause Analysis
Next-Gen Endpoint + Network Protection
9
Script-based
Malware
Phishing
Attacks
.exe
Malware
Non-.exe
Malware
.doc
.xls
.pdf
Malicious
URLs
Removable
Media
Unauthorized
Apps
Exploits
More
Coordinated
Than Attacks
It Just Works
Together
11. Sophos Central
Cloud Intelligence
Sophos Labs
Analytics | Analyze data across all of Sophos’ products to create simple, actionable insights and automatic resolutions
| 24x7x365, multi-continent operation |
URL Database | Malware Identities | File Look-up | Genotypes | Reputation | Behavioural Rules | APT Rules
Apps | Anti-Spam | Data Control | SophosID | Patches | Vulnerabilities | Sandboxing | API Everywhere
Admin Self Service Partner| Manage All Sophos Products | User Customizable Alerts | Management of Customer Installations
In Cloud On Prem
Next-Gen EndpointUTM/Next-Gen Firewall
Security Heartbeat
Available Now
11
Server
Encryption
Security Heartbeat™
12. Bad guy’s trilemma
12
Disable
Sophos Security
Red Health sent through HB
FW Isolates Endpoint
Disable Heartbeat
FW detects Missing Heartbeat
FW Isolates Endpoint
Leaves Sophos
Security alone
Sophos sees everything they do
Intercept X blocks attack
13. Lateral Movement Detection and Prevention
Credential Theft Attempt – Detected By Intercept X
Security Heartbeat™
Internet
XG Firewall Endpoints
Servers
14. Security Heartbeat™
Lateral Movement Detection and Prevention
Security Heartbeat™
Detection and Isolation
Internet
XG Firewall Endpoints
Servers
15. Security Heartbeat™
Lateral Movement Detection and Prevention
Security Heartbeat™
Detection and Isolation – Endpoint Stonewalling
Internet
XG Firewall Endpoints
Servers
16. Security Heartbeat™
Lateral Movement Detection and Prevention
Detection and Isolation – Wireless Heartbeat
Internet
XG Firewall Endpoints
Servers
Security Heartbeat™
Security Heartbeat™
17. Lateral Movement Detection and Prevention
Detection and Isolation – Destination Based Rules
Internet
XG Firewall Endpoints
Servers
Security Heartbeat™
18. Automated Incident Response
18
Available 2H 2017
• Security Heartbeat
• Intercept X
• Server Heartbeat
• Synchronized Encryption
• Wireless Heartbeat
• Synchronized Mobile
• Synchronized Email
• Endpoint Stonewalling
• Credential Theft Detection
Isolation
Lateral Movement Detection and Prevention
20. Real-time Insight and Control
Available Now
20
Security Heartbeat Active Threat ID
Machine, Process,
User
Threat chain
visibility
Root Cause Analysis
Infrastructure
visibility
21. Dynamic Application Control
21
• Automatically identifies unknown
app traffic
• Better visibility than any other
Firewall on the market
o Risk Reduction
- Morphing Apps attempting to avoid
Firewalls/Sandboxing
- Suspicious Applications
o Performance improvement
- Bandwidth storms
24. Real-time Insight and Control
24
Available 2H 2017
• Security Heartbeat
• Active Threat Identification
• Root Cause Analysis
• Dynamic App Control
• RCA Cross-Estate
Real-time Visibility, Analysis
Security Control
25. 25
1.5M Members
7000 Employees
187 Parishes
90 Schools
Brooklyn, USA
Quote
“Sophos saves me time because I can identify
threats and remove them quickly.”
1000 Computers
Sophos Central Endpoint
Advanced, Intercept X
50 Servers
Sophos Central Server Advanced
Network
3 XG Firewalls, 5 SG UTM
2000 Reflexion licenses
Visibility
across multiple locations
RCA
and forensics quickly and easily
Unify and simplify
endpoint, FW, and cloud security
Real-time Insight
and Control
“The time we save is equivalent to at least
one part-time person—that’s huge.”
Gus Garcia, Senior Project Manager
26. Next-Gen EndpointUTM/Next-Gen Firewall
Synchronized Security 2017
26
Mobile
Server
Wireless
Email
Web
Security Heartbeat™
Encryption
“It only took 2 minutes to find out that everything was under control. Sophos XG Firewall detected the
threat and Security Heartbeat allowed the infected host to be immediately identified, isolated and cleaned
up. Instead of going into fire drill mode, we were able relax and finish our lunch.”
DJ Anderson, CTO, IronCloud
Threat landscape is constantly changing
Average user had 3 devices and both user and device are mobile
Everything will be Cloud Managed
IoT
Attackers coordinate and combine tecniques to improve thier strike rate.
Resuable code, online tools, it’s easy
Soccer/Football – Red Cards (7 player minimum)
How do we solve this issue?
Our Vision/Strategy/Ref Architecture
All products working together in a system (security services)
Best of Breed vs. Integrated System – old thinking
Heartbeat, Cloud Intelligence, Analytics – for Action, not Info
Managed by Sophos Central (Easy, Scale, Service)
Who is using it? POLL
Cloud Endpoints – over 320,000
Cloud Servers – over 30,000 avg 24
DP safeguard – over 30,000
Synchronized Network licenses 3400
It’s working, so how do we talk about it, how do we pitch it?
Rest of presentation – IN ACTION
Demos
Customers
How it’s being sold
Sync Security is broader than Heartbeat
Technologies within the Endpoint work together
One tech spots suspicious, can kick off another tech to scan
ATP finds bad URL, bad traffic, but unknown
Asks endpoint for detail – run a scan, or give me the process info
Compelling event – looking for better visibility to scale, save costs
1000 Computers – CEA, CIX
50 Servers - Server Advanced
3 XG Firewalls, 5 SG UTM
2000 Reflexion licenses