Endpoint Protection
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
640
On Slideshare
640
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
30
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Stopping threats and protecting your data is what we do. And we believe our job is to do that comprehensively, without making your job more complicated. This is our mantra: Complete Security, Without Complexity, Active protection.What we do, How we do it, How we do it better.Complete security isabout taking care of yourprotection at every stagewithout it having to be complicated..
  • We don’t want using all this great technology to be difficult. That’s why we’re doing the hard work. A good example is our HIPs solution which gives you everything we know about how malicious files are constructed and behave and identifies them for you. You don’t have to construct a complex policy, you just tick a box to get it working. And our active protection is truly unified. Identifying and protecting against every type of threat and delivered to the engine that powers all of our products, whether at the endpoint, gateway or across the network.
  • That’s why we give you solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile. We protect them all. So your users and data are protected wherever they are and whatever they use.
  • We see websites that are either hosting malware or have been exploited by malware authors actually every 4.3 seconds. As websites become yet more complex and interactive and the potential for exploiting that complexity grows so the focus is shifting from email. We are also seeing still more organisation amongst cyber criminals as software exploits that can be targeted are sold and automated tools are available to trawl the web for those sites vulnerable to infection.
  • Live url filter: You can connect your computers to our constantly updated list of millions of infected websites, so your users can’t get to them — even when they're outside your gateway protection. And we keep it updated, adding around 40,000 new sites every day.Live antivirus: When one of your computers identifies a potentially suspicious file, we’ll instantly check it with our database. In seconds, we’ll tell the computer if that file relates to a real threat and block it. Sophos Live Anti-Virus is included in all of our Endpoint products and suites. 
  • Behavioral detection: Tuned to detect variants, families (like the Storm worm) and large categories of malware (like encrypted malware), Genotype Protection guards against unknown malware by analyzing behavior before code executes. It uses pre-execution scanning to determine the functionality of the code, and the behavior it is likely to exhibit, all without allowing the code to run. Our threat detection engine detects zero-day threats without the need for signature updates or separate HIPS software.Suspicious file detection: Where Behavioral Genotype Protection is tuned to detect only malicious files, suspicious file detection will identify files that are highly likely to be malicious, again doing this by determining what the behavior of a file would be if the file were to be run. This detection provides the benefits of a traditional runtime behavior-based system without impacting system performance, or the inherent security issue of allowing a file to run before detection takes place. Suspicious behavior detection: This layer of detection watches all system processes for signs of active malware, such as suspicous writes to the registry, or file copy actions. It can be set to warn the administrator and/or block the process. Unlike other behavior-based detection systems, there is no need for the administrator to train or fine tune analysis, as SophosLabs experts do the fine tuning.Buffer overflow detection: A buffer overflow attack is reported when an attempt is made to exploit a running process using buffer overflow techniques. This detection system will catch attacks targeting security vulnerabilities in both operating system software and applications.
  • We help you control the applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. With Sophos, you can monitor and control what your employees are installing without interfering with their work.
  • You need to control applications that could cause security or legal problems, like P2P or instant messaging. And you'll get a handle on the unwanted applications that clog your network. Monitor and control what your employees are installing without interfering with their work. Traditional approachOften requires additional component or agent to be deployedIT admins have to build rules or create identities for applications - updating these when new versions are released and keeping on top of the latest application trendsThe process of creating detection and configuring policy is often time consuming, and difficult to stay on top. This impacts the effectiveness of the feature. How we do it better with Active ProtectionWe don’t just give you a tool to manage applications that asks you to keep it up to date. Instead: Our labs experts create application detection for you and actively maintain the list of applications. If a new version of Skype or peer to peer file sharing software appears you are automatically protected.We’ve built application control into our antivirus engine, so you don’t have to deploy or manage a separate product. You simply set policies for the whole company or specific groups to block or allow particular applications.
  • Granular controlAdmins can set flexible rules to allow usage for only those that need it, such as blocking USB devices for everyone except the IT department. They can also allow specific devices - such as encrypted USB keys - to guarantee that any data saved on removable devices is secure.Alternatively, read-only access can be granted so employees can access information stored on USB keys or CDs but not write to them.Preventing bridgingComputers can be connected to two networks at once acting as a bridge between the two – the corporate network by a cable and to another network wirelessly.To stop data from travelling between the two networks, putting data security at risk, the wireless interface can automatically be turned off if a computer is connected to the corporate network via a network cable and then re-enabled when the cable is removed.
  • Sophos Endpoint Security protects your data in a virtual environment—simpler and more secureWhen you virtualize, you save money. You reduce the hardware you have to buy and manage, you save on power to run the hardware and you save time trying to keep all your computers in line with corporate standards.But in today's changing threat environment, businesses moving toward virtualization of servers and desktops can't afford to leave security by the wayside. As new security threats emerge, your business needs to stay on the cutting edge of technology.You also need to balance your security with performance to keep your business running smoothly.Protection or performance—you shouldn't have to chooseSome security products treat virtualization security differently, making you choose between performance and protection.New protection models designed to scan multiple virtual machines from a single point have promise. But this technology is still in its infancy. As security experts, we've studied the pros and cons of central scanning and we're taking a measured approach to developing this technology.Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
  • Your security solution should give you the best protection against malware and data loss in one, without negative impact on potential cost savings or on the way your users work.You get both with SophosAt Sophos, our approach to endpoint security offers performance without sacrificing protection. Because our resource impact is low, the security you need doesn't get in the way of you doing business.With Sophos Endpoint Security and Control, you can protect all your physical and virtual computers with the same level of security. And all with the same product—with no extra license costs.You can get more virtual computers on a physical machine because it uses less memory. It's efficient too—you can stagger scan times, so everyday security tasks won't grind your systems to a halt.Protecting you now and in the futureWe partner with VMware®, Citrix® and Microsoft® to give you complete support. Because we know the security requirements for virtualization in the future, we can keep you safe whether you’re virtualized now or will be soon.We provide better performance than other traditional antivirus systems. And our solution offers a full array of protection currently unsupported by our competitors' central scanning products, including HIPS, DLP and URL filtering. You don't have to take our word for it. Download the report from the Tolly Group for a complete product comparison.
  • 30% of customers have no web filtering (Gartner)The voice of the customer:Hitachi has an issue with roaming laptops each week being bring brought into IT because they have been infected with malware through the web; the cost to the organization is significant because during the time required to remove malware, the "road warriors" are without machines and unproductive.-Current technology sucks. Lots of promises, largely ineffective. I’m still getting infected.-Same goes for protecting users everywhere – it’s a pain in the ass, costing me a lot in time, effort and hard $. It’s also complex. -I’m under pressure from compliance comittees, regulations, duty of care, etc. to control productivity and data leakage through these diverse apps which blend productive use with time wasting and inappropriate content- I want something better
  • What it does: Connects endpoints to the central web appliance.It provides immediate policy updates:Apply policy in appliance as usual – same console for onsite and offsite endpoints. Policy changes are immediately sync’d to Endpoints everywhereAnd Instant activity reporting: Endpoint sends activity updates continuouslyOnly available with the full solutionSecure end to end encryption – we don’t see the traffic… only facilitate the connection.
  • What are your most important and sensitive company data assets? How do you protect them?What type of data security compliance regulations does your business have to comply with? Has your organization suffered a data breach or do you know of organizations that have suffered data breaches and become non-compliant as a result? How do you protect against such data breaches?How do you meet your compliance audit requirements currently? How do you ensure that the audits are comprehensive (i.e., covering mixed user/device environments)? How long does it take you to provide reports to management and auditors?Where do you feel your current vulnerabilities are? What plans and processes have you put in place to address these?What is your strategy for dealing with the growing problem of sensitive or confidential information being lost? Does your existing endpoint solution have both data control and data encryption capabilities? What challenges are you facing with implementing a solution that prevents data loss?What percentage of your users have laptops that they take out of the office? What would happen to your business if you had a major data loss incident?How do you protect against internal threats to the security of your data?
  • Data exit points are:Removable storage / optical mediaRead only mode for storageInternet applications (web browser, email client, IM client)
  • The main trouble with the typical approaches is that the IT admin is blind to the patched state of their endpoints and how vulnerable they really are....and the result is that endpoints get compromised. Remember, according to Gartner, 90% of those could be prevented!
  • Sophos helps, firstly by assessing patches for all the commonly exploited software applications, not just MicrosoftBack to the earlier point, Microsoft is now only up to a third of the problem, so supporting these other vendors is key to effectively reducing the threat surfaceSecondly, we accurately detect installed O/S and applications locally on each managed endpoint and only reports missing patches relevant to an endpoint.Our detections use complex fingerprinting methods to ensure we report any patches that are not fully installed – unlike some ..and, thirdly, we make life easy by presenting the Missing Patches prioritised using SophosLabs intelligence. Which enables customers to only worry about the relatively small subset (5-10%) of patches that stop actively exploited vulnerabilitiesThe SophosLabs rating process takes into consideration a number of factor, including the difficulty of the exploit and the existence and prevalence of the threats attacking it.
  • Sophos PureMessage for Microsoft Exchangeblocks spam, viruses, spyware and phishing. Scanning all inbound, outbound and internal email and Exchange message stores, it proactively protects against email-borne threats, and prevents confidential data being lost.
  • Sophos research shows that connecting an unprotected,unpatched computer running Windows XP (without SP2) tothe internet leads to a 40% risk of infection from an internetworm within about 10 minutes, rising to a 94% chance after60 minutes (see figure 11). There may not even be enoughtime to download and install security patches or firewalls, socomputers must be protected before going online.
  • Reduce impact with our quick scans that detect malware, adware, suspicious files and behavior, and unauthorized software—faster than any other major vendor, and now up to 15% faster than our last major upgradeGet the most effective threat protection with our built-in host intrusion prevention systems (HIPS), web-based script attack detection and Live Anti-Virus real-time lookups to SophosLabs’ reputation database Block access to websites hosting malicious code and inappropriate content  Control the installation and use of removable storage devices and unauthorized applications like P2P and IM Automatically assess managed and guest computers for out-of-date security and patch status before they join your network Protect against accidental loss of sensitive information with a unique and simple approach to data control, that integrates scanning into the antivirus agent Watch single endpoint agentOne console simplifies it allGet instant visibility of security status for all Windows computers from the same console used to manage Mac, Linux, UNIX and virtualized computers  Keep track of activity with computer and user based reports that can be scheduled to run and automatically emailed to specific recipients Reduce time required to deploy, manage and update security across all Windows computers and operating systems Automate protection with Active Directory synchronization; remove old security products automatically during deployment Get the latest protection with small, frequent protection updates from SophosLabs that are automatically distributed across your network—now up to 41% faster than our last major upgrade  Protect all your Windows and operating systems from Windows 2000 to Windows 7
  • To find out more about us visit www.sophos.com, thanks for listening.

Transcript

  • 1. Endpoint ProtectionSecures your computers and data
  • 2. We are focused on protecting you Threats Data changing, everywhere, still regulations increasing growing Users everywhere, using everything3
  • 3. We do IT securityBecause you’ve got enough to worry about Security Without Active Everywhere Complexity Protection Wherever Quicker to Our unique the user is, setup, approach for what ever maintain and better they use solve protection you problems can actually deploy4
  • 4. Active Protection Our unique approach for better protection with less complexityEndpoint Web Email Data Mobile Network
  • 5. Security everywhereProtecting every part of your business Endpoint Network Web Mobile Email Data
  • 6. Endpoint Protection Application Exchange Control Device Control Server Protection Anti-malware Access control Intrusion Virtualization prevention Web Firewall Protection Encryption Data Control Patch assessment
  • 7. Today’s threats Mainly come from the web Target data, identities and cash Exploit vulnerabilities Often execute silently In families of malware Are produced on a massive scale
  • 8. Anti-malware A single engine to protect from all malware Genotyping technology Active Protection cloud technologies: • Live url filter: Stops urls we know are bad instantly • Live anti-virus: Checks in seconds to see if a suspicious file might be a real threat Fast and low impact scanning Small updates, frequently applied
  • 9. Intrusion Prevention Behavioral detection Suspicious file detection Suspicious behavior detection Buffer overflow detection Rules created by Sophos via Active Protection So reliable it’s on by default
  • 10. Applications wrongly applied Users trying to install and run unauthorized apps Some apps are risky Unwanted apps might use bandwidth Version control isn’t easy
  • 11. Application Control Applications created and updated via Active Protection Over 40 categories including: • Online storage • Browsers • P2P File sharing • Instant messaging • Virtualization tools • Remote access • USB program launchers
  • 12. Plugging the device gap Devices can carry malware They take data everywhere If they’re lost can you be sure they’re secure? People will plug them in anywhere
  • 13. Device ControlControl devices connected to computersGranular control of: • Storage devices: • Removable storage - USB keys, removable hard disks • Optical / disk drives - CD / DVD / HD-DVD / Blu-rayNetwork devices: • Wi-Fi / Modems • Bluetooth • Infra-red
  • 14. Securing virtual environments Virtualization saves money Is security on the agenda? Don’t compromise on performance
  • 15. Virtualization We protect virtual environments. At no extra cost Our lighter-weight agent is better than other traditional Endpoint security solutions Stagger scanning for virtual machines No compromise on protection Citrix Reciever plugin Developing Vmware vShield scanner
  • 16. The web: where malware is atA threat network • The number one source of infection • Legitimate sites are regularly infected • Productivity filtering isn’t enough • Many applications accessing the webHow people do web protection today • Large scale deployments that focus on the gateway • Backhauling traffic to appliances • None or limited protection for users not connecting to the gateway
  • 17. Web protection Basic Endpoint • Active Protection from malware and bad sites • Works in any browser Web Filtering in Endpoint • Low-cost add-on integrated into the Endpoint/SEC • Reduce surface area of attack from risky parts of the web (porn, hate, p2p, etc.) • Essential compliance and liability coverage for inappropriate sites Web Protection Suite • Complete protection everywhere users go with LiveConnect • Full coverage of threats, compliance, productivity, liability, and visibility • Reduce investment & complexity in backhauling/VPN/Gateway HW
  • 18. Inside LiveConnectwith Web Protection SuiteEnables full visibility and controlPolicy and reporting synchronizationImmediate and automaticSecure end-to-end encryption
  • 19. Knowledge is power How much is your data worth? Compliance and it’s consequences Balancing protection and productivity Educating your people
  • 20. Encryption Industrial strength full disk encryption Deployed and managed from your endpoint console Fast initial encryption Full password recovery options
  • 21. Data ControlFully integrated endpoint DLP solutionDesigned to prevent accidental data lossMonitor and enforce on all common data exit pointsTrain staff through use of desktop promptsData types provided from Sophos via Active ProtectionIntegrated with email protection
  • 22. The problem with patching No visibility of exposure level • Have users installed vulnerable applications? • Have users disabled automatic updates? • Is Microsoft WSUS/SCCM working correctly? • Don’t know which patches to worry about! Compliance audits become a real headache Machines get compromised • Gartner: 90% of situations where machines got compromised, a patch or configuration change existed that could have prevented it!
  • 23. Patch Assessment1. We assess all the key exploited applications • Checking for patches from 11 vendors2. We accurately assess each endpoint • Local scans on every managed endpoint • Complex fingerprinting ensures patches accurately detected • Centralized reporting of relevant missing patches • Simple: no end-user interaction or messaging3. We prioritize patches to make life easier • Sophos rates patch criticality via Active Protection • Sophos shows any malware associated with patches • Creates a focus on the patches that really matter!
  • 24. Spam, spam, spam and malwareSpam emails contain weblinks to malwareThey might also carry viruses in themOver 90% of the worlds email is spamNasty emails might be stored on your local exchange servers too
  • 25. Exchange Server protection • Stop viruses and other threats in inbound, outbound and items inside Microsoft Exchange • Unique real-time Behavioral Genotype malware engine • Live anti-spam via Active Protection stops 99% • Gives instant visibility of status, email throughput, quarantine databases and all policy rules from a single console • Generate graphical management reports showing trends in email throughput, protection level and issues needing action
  • 26. Where’s the fire? Open ports on PCs and Laptops are open doors to hackers A computer without a firewall and connected to the internet is a target Worms often target particular ports and protocols Laptops can connect anywhere, you need different rules when they’re outside your network
  • 27. Client firewall Location aware policies Identifies apps by checksum Rollout invisible to users Interactive management alerts to create rules Stealth mode prevents unauthorized network access by hackers
  • 28. Who’s on my LAN?Do your computers have all the right software installed?You don’t know when guests are connecting computers and if they’re secureIf guests don’t use the same software you do then you don’t know if they’re OK to connect
  • 29. Access Control Prevent security issues by assessing managed and unmanaged computers. Detect and fix managed endpoint vulnerabilities Ensure that any guest computers match your security requirements before they access your network Updated database of over 600 security applications Prevent unauthorized computers from accessing the network
  • 30. Complexity Users may complain about PC performance Does implementing a new feature mean a whole new rollout? Can you see every platform you’ve deployed to? How easy is it to perform common tasks or cleanup threats?
  • 31. Deploy and manageA single deployment wizard for all featuresSingle agent for: • Anti malware • HIPS • Device Control • Data Control • Web protectionWidest platform supportConsole built for usability
  • 32. www.sophos.com/endpoint