We see that there are three main problems making IT security more difficult today:Threats like fakeAV are still getting through defencesData is still getting lost on disks, laptops and via email. At the same time your IT infrastructure is getting more complex with users on mobile devices, using home computers, in satellite offices - all using data and services in the cloud, as well as behind your firewall.Too often the onus is put on the IT teamto address all these risks. This means you buy, configure and manage multiple security software and hardware solutions that let you deal with the aftermath of defences being breached. You also have to solve new security problems as they emerge, often by buying and deploying even more new products. What you need is complete security from a vendor you trust.
Securing IT to protect data is a job that keeps getting harder. Internet connections are faster, threats are more complex and users are more mobile. The result is what we see here. Software and hardware solutions are added as they’re needed. So your server room starts to fill up with an appliance or server for every job you need to do. As a result you’re spending more, you’re managing more and you’re adding complexity.
Stopping threats and protecting your data is what we do. And we believe our job is to do that comprehensively, without making your job more complicated. This is our mantra: Complete Security, Without Complexity, Active protection.What we do, How we do it, How we do it better.Complete security isabout taking care of yourprotection at every stagewithout it having to be complicated..
That’s why we give you solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile. We protect them all. So your users and data are protected wherever they are and whatever they use.
To deal with today’s networks and combat modern threats we’re delivering a UTM that is the Complete Security appliance. From network management and protection, to gateway filtering and endpoint security this is a truly unified solution that can grow with your business.
Each of the modules will work however you decide to deploy it. So if you don’t need Wireless protection today, no worries, just subscribe to that module when you do. Then you’ll be able to access the settings for that module from the same familiar console you’re already using. We have an aggressive roadmap for Sophos UTM, adding mobile device management and data protection to the appliance within the year.
Having a connected business is essential to being successful, but computers have to be protected from threats targeting you. Having an internet connection allows you to connect out but also makes your network visible to attackers. A computer connected directly to the web will be targeted by a hacker within minutes so it’s important that essential protection is in place for computers in your network. The problem is that many network firewalls are complicated to setup and need specialist knowledge.
The Essential Firewall contains the fundamental basis security functions which every business should use such as a firewall, network tools, routing and secure remote access. These are all available free of charge for all Astaro appliances - also for commercial use.A good firewall can prevent exploits that lead to data loss or theft, infected computers, and other incidents that cost you time and money. The protective features in our Essential Network Firewall are designed for simplicity. We make it easy to control incoming and outgoing traffic. So you can be assured that you are configured for complete protection.With the integrated firewall, unauthorized access to internal and external resources are rejected and hacker attacks blocked.
Firewalls are only the most basic protection for networks more complex attack will get through these defenses or target your network in a different ways like exploiting a vulnerable application or moving from one computer to another. Protecting your network and keeping your business running isn’t just about stopping threats. You also want to make sure that your optimizing your bandwidth and allowing remote offices and workers secure and reliable connections to your systems.
Sophos Network Protection includes many fully integrated features: an intrusion prevention system, denial-of-service protection, a VPN gateway, an HTML5 VPN portal, advanced routing and more. We help protect your network by keeping bad traffic out and enabling secure access to authorized users. Advanced routing capabilities in Sophos Network Protection provide optimal path selection, load balancing and stability.
Your wireless networks need the same policies and protection as the wired network. This can be difficult without a way to centrally manage the network and extend your security. Many dedicated wireless management solutions are expensive and difficult to configure, with almost too many features for most businesses. The other option, with wireless built into the hardware doesn’t give the coverage or flexibility needed. And if you’re an organization with lots of remote offices setting up wireless connections in each one can be a challenge.
Sophos UTM helps you easily create, manage and secure wireless networks so you get consistency across your organization. Our wireless access points can be plugged in anywhere and configured centrally from the Sophos UTM. It’s like having built in wireless but with the flexibility that gives you complete coverage. And you can also set up wifi hotspots and access options for guests to your offices or remote branches.
There is still a huge amount of spam email out there, without any protection your users inboxes would be crammed full of useless messages that stop them being productive. Today lots of emails also carry links to malicious websites or phishing sites that want to steal data. Protecting email against viruses, spam and data loss can be hard work. You must address infections caused by viruses that get past your desktop defenses, manage spam quarantines and ensure employees properly encrypt their email.
Sophos UTM Email Protection makes it easy to keep your inboxes clear of viruses and spam. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted email before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives.We give youhandy management tools to make life easier for you and your users. And we let you secure email that leaves your business with email encryption options.
Traditionally networks were groups of computers joined together and usually in the same location. But today the network really can be anywhere. With laptops as the most popular choice as workstations for users in businesses they aren’t just connected to managed and protected internal networks, they might also be connected to the web at home, hotels or coffee shops. It’s not realistic to expect these users to connect to the corporate VPN every time they want to browse the web but that also means that when they do they aren’t protected by the web protection that’s at your gateway. Lots of different devices also get connected to endpoints and these carry a risk all of their own, either because data put onto them isn’t secure or because they are a common method for carrying malware. The protection for these computers must move beyond traditional signature based antivirus.
Endpoint protection in Sophos UTM lets you install an agent to your computers to keep them protected wherever they go, with detection and blocking of viruses, trojans, spyware and adware. With Live protection you can also be sure that if they try to visit an infected site when they aren’t connected to your gateway they’ll still be protected. Instantly. We’ve also built in device control, to reduce the risk of infection and let you protect data moved to USB sticks. And you’ll always be able to see your computers to know they’re protected with our LiveConnect service. It uses the cloud to let you set polices and see the status of endpoints however they’re connected.
Today the web is at the center of almost everything that we do with IT, we could argue that it’s just at the center of everything we do. This is a challenge for people in your business who are so used to using it that perhaps sometimes they use it a little too much and sometimes not in the right way, which can impact on their work. It’s also the reason why the web is the number one source of malware infections, with many people browsing and getting infected without even knowing it.
Sophos Web Protection prevents malware infections and gives you control over employees’ web use. Spyware and viruses are stopped before they can enter the network.You create easy policies that set where and how employees spend time online. With our web application control we help you control the applications that could cause security or legal problems, like P2P or instant messaging. So you get a handle on the unwanted applications that clog your network. And everything is tracked and arranged in detailed reports so you can see what people are doing and make changes as needed.
At Sophos we estimate that over 30,000 websites are infected every day. The majority of these sites began as a legitimate web presence for businesses just like yours. If a customer browsing to your site gets a warning from their antivirus to tell them it’s infected you might be looking at a loss of reputation. Most of these infected websites will attempt to use a weakness in the way the site is setup to redirect the browser to a site hosting the malicious code. The problem is that manually protecting the web server against these threats requires specialized expertise.
Sophos Web Server Protection eliminates this need. We use a reverse proxy to protect your web server and web applications against the unknown. A clear administrative interface simplifies policy setting. Our web application firewall is continually scanning for probes and attacks targeted at your web server. Our anti malware scanner is also letting the webserver scan its own files to make sure it’s not handing out infected content to your customers. We can also stop sql injection attacks that use invalid form data and we make sure that only valid url request are allowed so attackers can’t create a backdoor. With cookie protection we make sure that each one is digitally signed so the information in it is approved.
We provide better flexibility by offering a huge set of different deployment options – all providing the same functionality.The hardware appliance product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users and even more within large distributed networks.As opposed to other UTM solutions, Astaro software can be also installed on your own servers. Our gateways run on standard Intel-compatible PCs and servers not requiring any proprietary ASICs. This allows for easy installation also in home or in virtual environments and for fast update with new features as new threats arise.We also allow easy usage within an Amazon environment by offering Amazon Machine Images (AMI) and also facilitate the usage of Amazon VPCs through our VPC connector.Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Therefore, even the smallest remote office can get the same protection as a company's central office - without compromise.
The Sophos UTM product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users.As opposed to other UTM solutions, oursoftware can be also installed on your own servers.The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all our UTM models - no matter if the hardware, software or virtual appliance is deployed.Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Soeven the smallest remote office can get the same protection as a company's central office - without compromise.The UTM 525 and 625 models offer the highest availability through a redundant hard drive and power supply.
To find out more about us visit www.sophos.com, thanks for listening.
Transcript of "Sophos UTM9 - Ago/2013"
A Caixa Completa de
e usando de
Nós somos focados na sua
Expansão da segurança de TI
Roteador FirewallPrevenção a Intrusão Gateway SSL VPN
Filtro Spam Gateway antivírus
Filtro WebBalanceador de link WAN Balanceador de carga
Porquê você tem o suficiente para se preocupar
vá e o que
única para a
Protegendo todas as partes de seu negócio
A Caixa Completa de Segurança
Uma primeira linha de defesa
Começe com uma rede segura
• Qualquer computador conectado a internet está em risco
• Um computador fora de um firewall será atacado dentro de minutos
• Firewalls de hardware podem ser complexos de configurar
Firewall de rede
Firewall gratuito para uso comercial
• Gerenciamento fácil com regras baseadas em objetos
• Inspeção de pacotes Stateful
• Coloque em qualquer lugar na rede
• Suporte IPv6
• Conector para Amazon Virtual Private Cloud
• Tunelamento fácil com o Windows Remote Access
Otimize sua rede e pare
ameaçasAs empresas precisam de mais do que apenas um firewall básico
• Firewalls lidam apenas com portas, endereços e protocolos
• O tráfego de rede malicioso ainda pode vir através de portas
• Você quer obter o melhor de suas conexões web
• Você precisa de uma maneira de permitir conexão de
trabalhadores e escritórios remotos
Proteção de rede
Otimizar e proteger a sua rede
• Intrusion Prevention System (IPS)
• Proteção Flood
• VPN (Site-to-site e cliente)
• Portal de VPN sobre HTML 5
• Balanceamento de link WAN
WiFi precisa ser fácil e seguro
Você não tem que "fazer" quando se trata de redes sem fio
• Soluções de gerenciamento de wireless separadas podem ser caros
• Muitos dos dispositivos wireless são fabricados sem uma cobertura
• Configuração de redes sem fio em escritórios remotos pode ser muito
Configuração central fácil para um WiFi seguro
• Gerenciamento central
• Implementação Plug & play
• Conecte access points em qualquer lugar
• Configuração de hotspot fácil
Tráfego de Email ainda é um
riscoMétodos antigos com muitas técnicas originais
• Mais de 98% de todos os emails são spam
• Muitos emails de spam combinam links para websites infectados
• Ataques de phishing estão aumentando
• Proteção de dados é a procupação chave para empresas
Proteção de Email
Parando ameaças e protegendo dados em seu gateway
• Filtra spam e para malware
• Permite que os usuários gerenciem seus próprios itens em
• Detecta urls de phishing nos emails
• Suporte a criptografia S/MIME e OpenPGP
Endpoints estão em todo lugar
E também em sua rede
• Rede em qualquer lugar
• Acessando sites fora de sua proteção
• Malware carregados em memórias USB
• Você precisa de mais do que apenas um AV baseado em assinaturas
Pare ameaças aonde seus usuários estiveres e em qualquer conexão usada
• Anti malware para Endpoint
• Proteção Live (nuvem)
• Controle de dispositivos
• Gerencie em qualquer lugar através de nosso serviço LiveConnect
Porque temer a web?
Uma ótima ferramenta e um risco potencial
• Perda de controle pode impactar a produtividade
• 85% de todos os malwares vem da web
• Ameaças web são invisíveis
• Ataques direcionados controlam computadores e roubam dados
Proteção em camada para computadores conectados na web
• Anti malware no gateway
• Filtragem de URL
• Controle de aplicações Web
• Relatórios interativos de uso e de usuários
Foco em websites vulneráveis
Não deixe a sua empresa fazer parte desta estatística
• Mais de 30.000 websites infectados todos os dias
• 80% dos sites infectados são legítimos
• Exploits normalmente vão redirecionar usuários para sites maliciosos
Proteção de webserver
Deixe-nos ser seu expert de segurança web
• Firewall de aplicação web
• Verificação anti malware
• Validação de formulários
• Validação de URL e variáveis
• Proteção de cookie
Escolha o seu tipo de
Appliance de Software
Appliance de Hardware
Opções de Hardware
110/120 220 320 425 525 625
Rede média Rede média Rede grande Rede grande Rede grande
Portas de rede 4 8 8 6 e 2 SFP 10 e 4 SFP 10 e 8 SFP Multiplos
10/80 300 800 1.500 3.500 5.000 + 10.000
10/35 75 200 600 1.300 2.000 5.000
Software * Rodam em PCs e servidores compatíveis com Intel
VMware Ready e certificado Citrix Ready
Rodam em Hyper-V, KVM, e outros ambientes de virtualização
Escolha seus módulos
Sophos RED 10 e RED 50
A maneira mais fácil e econômica para garantir suas filiais em poucos minutos -
sem a necessidade de pessoal técnico no local remoto!
Cenário de implantação
Rio de Janeiro
Como o RED funciona?
Funciona como um cabo de rede virtual
Tunel VPN Seguro
funciona como um cabo de rede
Sophos Wireless Protection
Garanta um acesso WiFi seguro e confiável
• Instalação fácil e Zero
• Gerenciamento Centralizado
• Funcionalidade de Hotspot
• AP05 especial para o RED
• Sinal contínuo de um AP para
• Acesso fácil para visitantes