Your SlideShare is downloading. ×
Sophos Endpoint - Ago/2013
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Sophos Endpoint - Ago/2013

214
views

Published on

Apresentação do Sophos Endpoint que é comercializado pela GVTech. www.gvtech.eti.br

Apresentação do Sophos Endpoint que é comercializado pela GVTech. www.gvtech.eti.br

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
214
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Stopping threats and protecting your data is what we do. And we believe our job is to do that comprehensively, without making your job more complicated. This is our mantra: Complete Security, Without Complexity, Active protection.What we do, How we do it, How we do it better.Complete security isabout taking care of yourprotection at every stagewithout it having to be complicated..
  • That’s why we give you solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile. We protect them all. So your users and data are protected wherever they are and whatever they use.
  • We see websites that are either hosting malware or have been exploited by malware authors actually every 4.3 seconds. As websites become yet more complex and interactive and the potential for exploiting that complexity grows so the focus is shifting from email. We are also seeing still more organisation amongst cyber criminals as software exploits that can be targeted are sold and automated tools are available to trawl the web for those sites vulnerable to infection.
  • Live url filter: You can connect your computers to our constantly updated list of millions of infected websites, so your users can’t get to them — even when they're outside your gateway protection. And we keep it updated, adding around 40,000 new sites every day.Live antivirus: When one of your computers identifies a potentially suspicious file, we’ll instantly check it with our database. In seconds, we’ll tell the computer if that file relates to a real threat and block it. Sophos Live Anti-Virus is included in all of our Endpoint products and suites. 
  • Behavioral detection: Tuned to detect variants, families (like the Storm worm) and large categories of malware (like encrypted malware), Genotype Protection guards against unknown malware by analyzing behavior before code executes. It uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, all without allowing the code to run. Our threat detection engine detects zero-day threats without the need for signature updates or separate HIPS software.Suspicious file detection: Where Behavioral Genotype Protection is tuned to detect only malicious files, suspicious file detection will identify files that are highly likely to be malicious, again doing this by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place. Suspicious behavior detection: This layer of detection watches all system processes for signs of active malware, such as suspicous writes to the registry, or file copy actions. It can be set to warn the administrator and/or block the process. Unlike other behavior-based detection systems, there is no need for the administrator to train or fine tune analysis, as SophosLabs experts do the fine tuning.Buffer overflow detection: A buffer overflow attack is reported when an attempt is made to exploit a running process using buffer overflow techniques. This detection system will catch attacks targeting security vulnerabilities in both operating system software and applications.
  • We help you control the applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. With Sophos, you can monitor and control what your employees are installing without interfering with their work.
  • You need to control applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. Monitor and control what your employees are installing without interfering with their work. Traditional approachOften requires additional component or agent to be deployedIT admins have to build rules or create identities for applications - updating these when new versions are released and keeping on top of the latest application trendsThe process of creating detection and configuring policy is often time consuming, and difficult to stay on top. This impacts the effectiveness of the feature. How we do it better with Active ProtectionWe don’t just give you a tool to manage applications that asks you to keep it up to date. Instead: Our labs experts create application detection for you and actively maintain the list of applications. If a new version of Skype or peer to peer file sharing software appears you are automatically protected.We’ve built application control into our antivirus engine, so you don’t have to deploy or manage a separate product. You simply set policies for the whole company or specific groups to block or allow particular applications.
  • Granular controlAdmins can set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. They can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure.Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.Preventing bridgingComputers can be connected to two networks at once acting as a bridge between the two – the corporate network by a cable and to another network wirelessly.To stop data from travelling between the two networks, putting data security at risk, the wireless interface can automatically be turned off if a computer is connected to the corporate network via a network cable and then re-enabled when the cable is removed.
  • Sophos Endpoint Security protects your data in a virtual environment—simpler and more secureWhen you virtualize, you save money. You reduce the hardware you have to buy and manage, you save on power to run the hardware and you save time trying to keep all your computers in line with corporate standards.But in today's changing threat environment, businesses moving toward virtualization of servers and desktops can't afford to leave security by the wayside. As new security threats emerge, your business needs to stay on the cutting edge of technology.You also need to balance your security with performance to keep your business running smoothly.Protection or performance—you shouldn't have to chooseSome security products treat virtualization security differently, making you choose between performance and protection.New protection models designed to scan multiple virtual machines from a single point have promise. But this technology is still in its infancy. As security experts, we've studied the pros and cons of central scanning and we're taking a measured approach to developing this technology.Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
  • Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
  • 30% of customers have no web filtering (Gartner)The voice of the customer:Hitachi has an issue with roaming laptops each week being bring brought into IT because they have been infected with malware through the web; the cost to the organization is significant because during the time required to remove malware, the "road warriors" are without machines and unproductive.-Current technology sucks. Lots of promises, largely ineffective. I’m still getting infected.-Same goes for protecting users everywhere – it’s a pain in the ass, costing me a lot in time, effort and hard $. It’s also complex. -I’m under pressure from compliance comittees, regulations, duty of care, etc. to control productivity and data leakage through these diverse apps which blend productive use with time wasting and inappropriate content- I want something better
  • What it does: Connects endpoints to the central web appliance.It provides immediate policy updates:Apply policy in appliance as usual – same console for onsite and offsite endpoints. Policy changes are immediately sync’d to Endpoints everywhereAnd Instant activity reporting: Endpoint sends activity updates continuouslyOnly available with the full solutionSecure end to end encryption – we don’t see the traffic… only facilitate the connection.
  • What are your most important and sensitive company data assets? How do you protect them?What type of data security compliance regulations does your business have to comply with? Has your organization suffered a data breach or do you know of organizations that have suffered data breaches and become non-compliant as a result? How do you protect against such data breaches?How do you meet your compliance audit requirements currently? How do you ensure that the audits are comprehensive (i.e., covering mixed user/device environments)? How long does it take you to provide reports to management and auditors?Where do you feel your current vulnerabilities are? What plans and processes have you put in place to address these?What is your strategy for dealing with the growing problem of sensitive or confidential information being lost? Does your existing endpoint solution have both data control and data encryption capabilities? What challenges are you facing with implementing a solution that prevents data loss?What percentage of your users have laptops that they take out of the office? What would happen to your business if you had a major data loss incident?How do you protect against internal threats to the security of your data?
  • Data exit points are:Removable storage / optical mediaRead only mode for storageInternet applications (web browser, email client, IM client)
  • The main trouble with the typical approaches is that the IT admin is blind to the patched state of their endpoints and how vulnerable they really are....and the result is that endpoints get compromised. Remember, according to Gartner, 90% of those could be prevented!
  • Sophos helps, firstly by assessing patches for all the commonly exploited software applications, not just MicrosoftBack to the earlier point, Microsoft is now only up to a third of the problem, so supporting these other vendors is key to effectively reducing the threat surfaceSecondly, we accurately detect installed O/S and applications locally on each managed endpoint and only reports missing patches relevant to an endpoint.Our detections use complex fingerprinting methods to ensure we report any patches that are not fully installed – unlike some ..and, thirdly, we make life easy by presenting the Missing Patches prioritised using SophosLabs intelligence. Which enables customers to only worry about the relatively small subset (5-10%) of patches that stop actively exploited vulnerabilitiesThe SophosLabs rating process takes into consideration a number of factor, including the difficulty of the exploit and the existence and prevalence of the threats attacking it.
  • Sophos research shows that connecting an unprotected,unpatched computer running Windows XP (without SP2) tothe internet leads to a 40% risk of infection from an internetworm within about 10 minutes, rising to a 94% chance after60 minutes (see figure 11). There may not even be enoughtime to download and install security patches or firewalls, socomputers must be protected before going online.
  • Reduce impact with our quick scans that detect malware, adware, suspicious files and behavior, and unauthorized software—faster than any other major vendor, and now up to 15% faster than our last major upgradeGet the most effective threat protection with our built-in host intrusion prevention systems (HIPS), web-based script attack detection and Live Anti-Virus real-time lookups to SophosLabs’ reputation database Block access to websites hosting malicious code and inappropriate content  Control the installation and use of removable storage devices and unauthorized applications like P2P and IM Automatically assess managed and guest computers for out-of-date security and patch status before they join your network Protect against accidental loss of sensitive information with a unique and simple approach to data control, that integrates scanning into the antivirus agent Watch single endpoint agentOne console simplifies it allGet instant visibility of security status for all Windows computers from the same console used to manage Mac, Linux, UNIX and virtualized computers  Keep track of activity with computer and user based reports that can be scheduled to run and automatically emailed to specific recipients Reduce time required to deploy, manage and update security across all Windows computers and operating systems Automate protection with Active Directory synchronization; remove old security products automatically during deployment Get the latest protection with small, frequent protection updates from SophosLabs that are automatically distributed across your network—now up to 41% faster than our last major upgrade  Protect all your Windows and operating systems from Windows 2000 to Windows 7
  • To find out more about us visit www.sophos.com, thanks for listening.
  • Transcript

    • 1. Proteção Endpoint Proteja seus computadores e dados
    • 2. Ameaças mudando e sempre aumentando Dados em muitos lugares e leis aumentando Usuários em muitos lugares e usando de tudo Nós somos focados na sua proteção 2
    • 3. Nós fazemos segurança deTI Porque você já tem o suficiente para se preocupar 3 Aonde quer que o usuário esteja e o que estiver usando Nossa unica proposta é a melhor proteção que você realmente pode usar Rapida para instalação, e para resolver problemas Segurança em todo lugar Sem Complexidade Proteção Ativa
    • 4. Segurança em todo lugar Protegendo seu negócio em todas as frentes Email Dados Endpoint Mobile WebRede
    • 5. Proteção Endpoint Controle de Acesso Firewall Virtualização Controle de Aplicativos Controle de Dispositivos Criptografia Anti-malware Prevenção a Intrusão Controle de Dados Gerenciamento de Patch Proteção Web Visibilidade
    • 6. Ameaças de hoje • A maioria vem da web • Foco em dados, identidades e dinheiro • Exploram vulnerabilidades • Normalmente executam-se de forma silenciosa • Em famílias de malware • São produzidas em grande escala
    • 7. Anti-malware • Um unico agente para proteger contra todos os malwares • Tecnologia de Genotipo • Tecnologia de proteção ativa na nuvem: • Live url filter: Pára urls que são ruins instantaneamente. • Live anti-virus: Verifica em segundos, se o arquivo suspeito pode ser uma ameaça real • Verificação rápida com baixo impacto • Pequenos updates frequentemente aplicados
    • 8. Prevenção a Intrusão • Detecção de comportamento • Detecção de arquivos suspeitos • Detecção de comportamento suspeito • Detecção de Buffer Overflow • Regras criadas pela Sophos via Proteção Ativa • Tão confiável que é ativa por padrão
    • 9. Aplicações não controladas • Usuários tentando instalar e rodar aplicações não autorizadas • Algumas aplicações apresentam risco • Aplicações indesejadas podem usar muita banda • Controle de versões não é fácil
    • 10. Controle deAplicativos • Aplicações criadas e atualizadas via Proteção Ativa • Mais de 40 categorias incluindo: • Armazenamento online • Navegadores • File sharing (P2P) • Mensagens instantâneas (MSN) • Ferramentas de virtualização • Acesso remoto • Programas abertos pelo USB
    • 11. Riscosao plugar dispositivos • Os dispositivos podem conter malware • Pegam os dados de qualquer lugar • Se forem perdidos você tem certeza que estará seguro? • As pessoas vão usá-los em qualquer lugar
    • 12. Controle de Dispositivos Controle os dispositivos conectados nos computadores Controle granular de: • Dispositivos de armazenamento: • Armazenamento removível - USBs, HD externos • Discos ópticos - CD / DVD / HD-DVD / Blu-ray Dispositivos de rede: • Wi-Fi / Modens • Bluetooth • Infra vermelho
    • 13. Protegendo ambientes virtuais • Virtualização é economia • A segurança está em seus planos? • Não comprometa sua performance
    • 14. Virtualização • Protegemos ambientes virtuais. Sem custos adicionais • Nosso agente melhorado é mais leve que nossa solução tradicional de Endpoint • Organize a verificação de suas máquinas virtuais • Não compromete a sua proteção • Plugin para Citrix Reciever • Estamos desenvolvendo uma verificação para Vmware vShield
    • 15. Web: onde os malware estão Uma rede de ameaças • A principal fonte de infecção • Sites legítimos são regularmente infectados • Filtro de produtividade não é suficiente • Muitas aplicações acessando a internet Como as pessoas se protegem na Web hoje • Implantações em larga escala são focadas no gateway • Redirecionamento de tráfego para appliances • Nenhuma ou limitada proteção para usuários não conectados ao gateway
    • 16. Proteção Web Básica do Endpoint • Proteção ativa contra malware e sites infectados • Funciona em qualquer navegador Filtragem Web no Endpoint • Integrado dentro da console do Endpoint (SEC) • Reduza a área de ataque de sites de maior risco na web (adulto, ódio, p2p, etc.) • Compliance essencial e cobertura das responsabilidades sobre sites inapropriados Appliance de Proteção Web • Complete a proteção em todo lugar que seus usuários vão com o LiveConnect, que integra o Appliance ao Endpoint • Cobertura total de ameaças, compliance, produtividade, responsabilidade e visibilidade • Reduza o investimento e complexidade de multiplos equipamentos
    • 17. Por dentro do LiveConnect Com o Appliance de Proteção Web • Habilite a visibilidade e controle completos • Políticas e relatórios sincronizados • Imediato e automático • Criptografia segura de ponta a ponta
    • 18. Conhecimento é poder • Quanto vale seus dados? • Compliance e as suas consequências • Balanceando proteção e produtividade • Educando o seu pessoal
    • 19. Criptografia • Força industrial para a criptografia completa de disco • Implementada e gerenciada pela console do endpoint • Criptografia inicial rápida • Opções completas de recuperação de senhas
    • 20. Controle de Dados • Solução de DLP totalmente integrada ao endpoint • Desenhado para prevenir a perda acidental de dados • Monitora e garante todos os pontos comuns de saída de dados • Informa aos usuários com alertas na área de trabalho • Os tipos de dados são fornecidos pela Sophos via Active Protection • Proteção integrada ao email
    • 21. Os problemas com os Patchs Falta de visibilidade sobre o nível exposição • Há usuários com aplicações vulneráveis instaladas? • Há usuários com updates automáticos desabilitados? • O Microsoft WSUS/SCCM está funcionando corretamente? • Não sei quais os patches que devo me preocupar! A auditoria de compliance é uma dor de cabeça real As máquinas estão comprometidas • Gartner: 90% das situações onde as máquinas foram comprometidas, um patch ou uma configuração estava faltando e isso é algo que poderia ser evitado!
    • 22. Avaliação de Patch 1. Nós avaliamos todas as principais aplicações exploradas • Verificamos patches de 11 fabricantes 2. Nós avaliamos com precisão cada endpoint • Verificações locais em todos os endpoints gerenciados • Uma avaliação complexa garante uma detecção precisa de patches • Relatórios centralizados dos patches que faltam mais relevantes • Simples: sem mensagens ou interações para o usuário final 3. Nós priorizamos os patches que deixam a vida mais fácil • A Sophos pontua a criticidade do patch via Active Protection • A Sophos mostra todos os malwares associados com o patch • Cria um foco nos patches que realmente importam!
    • 23. Onde está o fogo? • Portas abertas em PCs e Laptops são portas abertas para hackers • Um computador sem um firewall e conectado a internet é um alvo • Worms normalmente têm como alvo determinadas portas e protocolos • Laptops podem se conectar em qualquer lugar, você precisa de regras diferentes quando eles estiverem fora de suas redes
    • 24. Cliente de firewall • Políticas de acordo com a localização do Endpoint • Identifique os aplicativos pelo checksum • Ative de forma invisível para os usuários • Gerenciamento de alertas interativos para criar regras • O Stealth Mode previne acessos não autorizados em sua rede por hackers
    • 25. Quem está na minha rede? • Será que seus computadores têm os softwares corretos instalados? • Você não sabe quando convidados conectam computadores e se eles estão seguros? • Se os visitantes não usam a mesma proteção que você então você não sabe se eles estão OK para se conectarem
    • 26. Controle deAcesso • Previne problemas de segurança com a adequação de máquinas gerenciadas e não gerenciadas. • Detecta e arruma endpoints gerenciados de vulnerabilidades. • Garanta que todos os computadores visitantes atendam as suas políticas de segurança antes de acessarem a sua rede. • Base de dados atualizada com mais de 600 aplicações de segurança. • Previne que máquinas não autorizadas acessem a sua rede
    • 27. Complexidade • Usuários podem reclamar da performance de seus PCs. • A ativação de novas funcionalidades significa um novo processo de implantação? • Você pode ver todas as plataformas que tem instaladas? • Quão fácil é para você executar tarefas comuns ou limpar ameaças?
    • 28. Instalar e gerenciar • Uma única console implementa todas as funcionalidades facilmente • Agente único para: • Anti-malware • HIPS • Controle de Dispositivos • Controle de Dados Confidenciais • Proteção Web • Suporte a ampla lista de plataformas • Console criada para usabilidade
    • 29. www.gvtech.eti.br