Downloaded 379 times
![44
Competitive Chart Sophos
XG Firewall
Fortinet
FG 20-90
Dell SonicWALL
TZ Series
WatchGuard
XTM Series
Network Firewall/Protection
Advanced threat protection
Network and Endpoint Integration [Heartbeat]
Unified Policies
User Risk Visibility [User Threat Quotient]
FastPath Packet Optimization
Site to site and remote user VPN
Secure web gateway
Complete Email Protection [AV, AS, Enc., DLP]
Dual antivirus
Wi-Fi
Reverse proxy
Web application firewall
User portal
Full Reporting
Best TMG feature parity
Discover (TAP) Mode Deployment
$ $
$ $ $
$ $ $
$ = Another product required
New Differentiators
•New competitive differentiators
•Heartbeat
•Unified policy
•User Threat Quotient
•New comparative differentiators
•FastPath
•Discover Mode
•User-based Firewall Policies](https://image.slidesharecdn.com/xg-firewall-webcast-161020171726/75/XG-Firewall-44-2048.jpg)
Uploaded byDeServ - Tecnologia e Servços
XG Firewall
The document provides an overview of the Sophos XG Firewall. It discusses how the IT landscape is changing with increasing attacks and the blurring of network perimeters. It then introduces the Sophos XG Firewall as having the following key attributes: - Simple and easy to use interface - Lightning fast performance with FastPath packet optimization - Unparalleled protection with features like Security Heartbeat that links endpoints and firewalls - On-box reporting and visibility tools - Backed by Sophos as a trusted industry leader in cybersecurity
More Related Content
More from DeServ - Tecnologia e Servços
![Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]](https://cdn.slidesharecdn.com/ss_thumbnails/codedagentsdeck-251215155422-5497c599-thumbnail.jpg?width=640&height=640&fit=bounds)
XG Firewall
- 1. 1 Speaker Name Speaker Title SophosXG Firewall The Next Thing in Next-Gen
- 2. 2 Agenda • The ITLandscape is changing • Introducing Sophos XG Firewall • Summary
- 3. 3 The IT Landscapeis Changing
- 4. 4 Attacks Getting MoreSophisticated Zero-day Vulnerabilities Increasing Volume of Zero-day Vulnerabilities 8 14 23 24 2011 2012 2013 2014 Zero-day vulnerabilities discovered per year Adobe Reader 5-30 Source: Forbes Price of zero-day attacks in various applications or OS’s ($ ‘000) Mac OSX 20-50 Android 30-60 Flash / Java 40-100 MSFT Word 50-100 Windows 60-120 Firefox / Safari 60-150 Chrome / IE 80-200 IOS 100-250
- 5. 5 1. Advanced PersistentThreats (APTs) APTs are usually targeted at specific industries, organizations, or even individuals and may involve significant research into personnel, offices, IT practices, operations and much more to help gain a foot-hold 2. Entry Point Targeted or not, the initial system is usually infected by either: • Visiting an infected website • Opening an email attachment • Plugging in a USB stick 3. Discretely Call Home The infected system connects to the command & control (C&C) server for further instructions or to start passing sensitive data 4. Covertly Spread The malware may choose to remain undetected and move slowly or it may attempt to spread to other systems by taking advantage of unpatched vulnerabilities or using hijacked credentials5. Silently Exfiltrate Data The malware may attempt to steal information from emails, documents, Skype or IM conversations, or even webcams depending on its intentions
- 6. 6 32.7 140.9 2013 2017 Perimeters areVanishing Increasing Worldwide Cloud Deployments Capacity Increasing Number of Employees in BYOD Programs (Exabytes) CAGR: 44.1% 31% 46% 61% 2014 2017 2020 % of employees using a BYOD smartphone Increasing Number of Wi-Fi Hotspots Increasing Mobile Population
- 7. 7 31% 9% 11% 20% 7% 22% Hackers gained accessto *all* company data …Impact Mid-Market EquallyHigh Profile Enterprise Breaches… 110 million records stolen 150 million passwords stolen 56 million credit cards and 53 million email addresses stolen Online store infiltrated, exposing customer records CryptoLocker police to pay cybercriminals to decrypt files Attack led to leaking 677,335 user accounts Card data stolen using installed malware Website compromise exposed customer card number and records At least 51% of data breaches affect organizations with fewer than 10,000 employees Unknown More than 100,000 10,001-100,000 1-100 101-1,000 (# of Employees) 1,001-10,000 Source: Verizon data breach investigations report, 2013 Everyone Is Affected – Not Just Enterprise Hackers accessed information from 78.8 million people High Profile Enterprise Breaches… Data Breaches by Company Size
- 8. 8 Spending on ITSecurity and Documenting Security Policies Is Increasing …Is the TOP Priority For CIOs… Top 3 priorities Innovation #2 Cloud mobility #3 3% 6% 15% 18% 82% 76% Small businesses Large organisations Low or no priority Neither high nor low priority Very high or high priority Information Security Is a Priority For Top Management… IT security #1 …Increasing the Spend On Security Projects in All Categories 8.1% 5.9% 6.2% (0.2%) 3.1% 11.5% 8.1% 6.5% 3.5% 2.6% Securit y Cloud Comp… DW/BI/ Analy… Networ king Data Center Oct-14 Jan-15 YoY increase in spend in external IT projects 8.4% 7.4% 8.4%9.1% 6.6% 5.3%5.0% 6.8% Overall SecurityRisk & Compliance Monitoring Endpoint SecurityNetwork Security Spending growth expectations Source: PWC Source: Morgan Stanley research Security is a High Priority for Businesses of All Sizes 2014 2015 Source: Grant Thornton survey (1) (1)
- 9. 9 Introducing Sophos XGFirewall
- 10. 10 IT Manager Surveyon SpiceWorks Top Complaints About Current Firewalls Profit Poor performance Poor value Not easy to manage Insufficient security & control Insufficient reporting & visibility
- 11. 11 Introducing Sophos XGFirewall A revolution in firewalls: Simple to use Lightning fast Unparalleled protection On-box reporting From a trusted industry leader
- 12.
- 13. 13 XG Firewall: SimplySolving Common Problems Difficult to mine data to identify and prioritize issues Interactive dashboard instant data and drilldown Firewalls full of jargon and difficult to navigate Complexity of policy creation and management Policy templates, easy to understand Self-documenting interface and menus Identifying risks User Threat Quotient and App Risk monitoring
- 14. 14 All-new Control Center •Surfacesimportant information • System status • Traffic • Security heartbeat • Advanced threats • UTQ • VPNs • Risky users, apps, websites • Policy activity •Quick access to additional information and tools
- 15. 15 3-Clicks to Anywhere Navigation •Nevermore than 3-clicks to anywhere •Nav remembers your last selected item •Description identifies what each menu items provides to make discovery easy •Main Nav Menu • Control Center • Reporting • Policies • Protection • System • Objects
- 16. 16 Unified Policy Management •Don’t needto navigate multiple modules, or tabs to find polices •All policies on one screen •Users & Networking •Business Applications •Sort and Filter by •Rule type •Source Zone •Destination Zone •Status
- 17. 17 Integrated Policies •Everything onone screen •Layer-8 User Identity Polices •Zone based policies •Web and App Control per policy •IPS and Traffic Flow per Policy •Security Heartbeat Policy •Limit access for Red or Yellow Heartbeats
- 18. 18 Business App Policy Templates •Templatessimplify WAF protection for common business applications •Exchange •Sharepoint •Lync •And Much More •Templates can be customized •Templates can be shared
- 19. 19 SFM Dashboard –At-a-Glance Management 2 Top panel 3 Device overview 4Device Monitor 6 Model information 7System messages 5 System information about SFM 1 Menu for key work areasLet’s take a look…
- 20. 20 Management Made Simple:Three Work Areas Device Configuration • Manage config. or policies • For individual device or group of devices Template Configuration • Create and apply reusable config. templates • Quickly set up new branch offices / customer sites System Management • Device health and settings (add device/ group, update firmware, etc.) • Change control • Monitoring
- 21.
- 22. 22 • FastPath optimizesfirewall connectivity and routing • Once connection is deemed trusted, all related packets take the fast path • It is NOT Stream scanning – which lightly scans packets as they pass for malware • We properly scan all content in real-time or batch mode – we do not stream scan Policy Engine (Who are you? Where are you going?) Malware Engine (Are you carrying anything dangerous?) FastPath Packet Optimization (e.g. for approved traffic “travelling together”) Stream scanning (e.g. visual inspection only) FastPath Packet Optimization
- 23.
- 24. 24 • Single-pane overview •Unified policies • Security Heartbeat Essential Firewall • Find threats faster • Simplify investigation • Minimize threat impact Security Heartbeat Modular Security features Network Protection • Intrusion Prevention (IPS) • Client & Site-to-Site VPN • Quality of Service (QoS) • Advanced Threat Prot. (ATP) • Wireless Controller for Access Points • Multi-Zone (SSID) support • Hotspot Support Wireless Protection • Anti Spam & Phishing • Dual Virus Protection • DLP & Encryption Mail Protection• Reverse Proxy • Web Application Firewall • Antivirus Web Server Protection • URL Filtering Policies • Web Threat Protection • Application Control Web Protection
- 25. 25 Generations Of Security PointProducts Anti-virus IPS Firewall Sandbox Layers Bundles Suites UTM EMM Synchronized Security Security Heartbeat™
- 26. 26 Security Heartbeat™ Network andEndpoint working better together to revolutionize advanced threat protection Endpoints XG Firewall Server Internet No Security issues Unwanted Application Compromised Infected Automatically isolate systems with Red Heartbeat Set more restrictive policies for systems with Yellow Heartbeat 1. ATP detects and blocks suspect C&C connection 2. Context requested from Endpoint 3. Full information exchanged (user, process, etc.) 4. Admin notified about ATP event including context Heartbeat in Network Policies Advanced Threat Protection Suspect Endpoint XG Firewall •Accelerated Discovery Endpoint and network protection combine to identify unknown threats faster. •Active Identification Reduces time taken to identify infected or at risk device or host by IP address alone. •Automated Response Compromised endpoints can be automatically isolated or restricted by firewall policies based on Heartbeat™ status.
- 27. 27 Security Heartbeat & AdvancedThreats •Accelerated discovery •Positive identification •Automated response •Instant insights into compromised systems • Hostname, IP • User • Time period • Threat • App/Process • Incidents/Count
- 28.
- 29. 29 App Risk Meter •Identifies overall risk level • Application dashboard identifies risky apps and who’s using them
- 30. 30 User Threat Quotient •Identifyrisky users before they become a problem •UTQ based on recent web history and ATP triggers • Enables: •Quick and easy policy changes •User education •Targeted intervention
- 31.
- 32. 32 From a TrustedIndustry Leader
- 33. 33 Gartner Magic Quadrant UNIFIEDTHREAT MANAGEMENT Gartner Magic Quadrant ENDPOINT PROTECTION Only Vendor That Is a Gartner Leader in EP and UTM Challengers Leaders Niche players Visionaries Completeness of vision Abilitytoexecute Source: Gartner (December 2014) Microsoft Eset IBM Webroot F-Secure Bitdefender Symantec Kaspersky Trend Micro Panda Security McAfee Check Point Lumension Qihoo 360 ThreatTrack Security Landesk Stormshield Challengers Leaders Niche players Visionaries Completeness of vision Abilitytoexecute Source: Gartner (August 2015) Cisco Juniper Networks Huawei Check Point Rohde & Schwarz (gateprotect) Fortinet Dell WatchGuard Stormshield Barracuda Hillstone Networks Aker Security Solutions
- 34. 34 Unique Balance BetweenEndpoint and Network
- 35.
- 36. 36 To Sum Up… XGFirewall: Simple to use - easy to navigate Lightning fast - with FastPath packet optimization Unparalleled protection - featuring the industry first Security Heartbeat On-box reporting - over 300 reports included as standard Trusted industry leader - Gartner Leaders Quadrant for Endpoint and UTM
- 37. 37 © Sophos Ltd.All rights reserved.
- 38. 38 Optional Feature DetailSlides & Competitive Comparison
- 39. 39 Management MANAGEMENT Firewall Management Centralized Management Status &Alerts Reporting & Logging What’s Key All-new Control Center and user interface Sophos Firewall Manager iView reporting Key Management Features • All-new Control Center for immediate insights into issues • Unified policy model with all policies on a single screen • Policy templates for quick business app protection. • Role-based Admin granular access control • Centralized Management via Sophos Firewall Manager • Centralized Consolidated Reporting with Sophos iView • On-box Reporting on every appliance • PSA/RMM XML-based API
- 40. 40 User & AppControl What’s Key Unified policy model Patented Layer-8 User Identity Full user-based app control User Threat Quotient Key User and App Control Features • Unified Policy Model to manage all policies on a single screen • Layer-8 User Identity patented technology for user-based firewall rules & visibility • Flexible Authentication including directory services, client agents, and portal • User based firewall policies any firewall rule can be user-based • Per-policy app, web, QoS, and IPS control for ultimate ease and flexibility • Customizable templates for apps, web, IPS and traffic shaping • User Threat Quotient to identify risky users. • Broad enforcement including HTTPS, Anonymizing proxies, and SafeSearch • Web caching reducing bandwidth consumption – including Endpoint updates USER & APP CONTROL User Identity Application Control Web Control Content Control
- 41. 41 Network Protection What’s Key Next-GenIPS FastPath packet optimization Security Heartbeat Pharming protection Key Network Protection Features • Stateful firewall with deep packet inspection with zone based policies • Perimeter defenses against DoS, reconaissance, spoofing, flood, and ICMP attacks • Next-Gen IPS (NGIPS) protection from hacks and attacks that’s user and app aware • FastPath packet optimization that provides up to 200% performance improvement • Advanced protection from the latest viruses and web threats • Security Heartbeat that links endpoints with the firewall • Advanced Threat Protection from bot-nets and C&C traffic • Pharming Protection to protect from overwritten hosts files (DNS lookups) • Web Application Firewall for business applications like Exchange & SharePoint • SSL decryption and inspection and certificate validation NETWORK PROTECTION Synchronized Security Advanced Threat Protection Business Applications Encrypted Traffic Firewall IPS Anti-malware Web Protection
- 42. 42 Email Protection What’s Key IMAPFiltering What’s Unique SPX Email Encryption DLP Policies with pre-packaged sensitive data types Key Email Protection Features • Anti-spam Protection from the latest spam campaigns • New IMAP filtering for email services using this protocol • SPX Email Encryption for simple push encryption without trust infrastructure • DLP Policies with pre-packaged sensitive data types • Self-help Quarantine Management through the user portal EMAIL PROTECTION Anti-spam Email Encryption Data Loss Prevention Quarantine Management
- 43. 43 Networking What’s Key Discover Mode ZoneSegmentation Traffic Shaping per-policy Key Networking Features • Routing and Bridging supporting all the latest standards • Zone segmentation with isolation/policy support for LAN, WAN, VPN, DMZ, etc. • Discover Mode in bridge or TAP mode for easy PoCs and evaluations • Traffic Shaping per-policy offering greater flexibility in prioritizing traffic • Integrated Wireless Controller with plug-and-play Sophos WiFi Aps • Wireless Hotspots with flexible authentication options • High performance switching, scanning, and proxy engines • Standard VPN Options including IPSec, SSL, PPTP, L2TP, Cisco, OpenVPN • Clientless VPN for easy access to hosts or services via the user portal • RED VPN for easy and secure networking to remote locations • IPv6 support for future-proofing and deployment into IPv6 environments NETWORKING Routing & Bridging Zone Segmentation Traffic Shaping Wireless Controller Performance VPN RED VPN iPv6
- 44. 44 Competitive Chart Sophos XGFirewall Fortinet FG 20-90 Dell SonicWALL TZ Series WatchGuard XTM Series Network Firewall/Protection Advanced threat protection Network and Endpoint Integration [Heartbeat] Unified Policies User Risk Visibility [User Threat Quotient] FastPath Packet Optimization Site to site and remote user VPN Secure web gateway Complete Email Protection [AV, AS, Enc., DLP] Dual antivirus Wi-Fi Reverse proxy Web application firewall User portal Full Reporting Best TMG feature parity Discover (TAP) Mode Deployment $ $ $ $ $ $ $ $ $ = Another product required New Differentiators •New competitive differentiators •Heartbeat •Unified policy •User Threat Quotient •New comparative differentiators •FastPath •Discover Mode •User-based Firewall Policies
Editor's Notes
- #5 Depending on the OS or application that has been compromised, Zero-day vulnerabilities can be worth into six figures. With these types of financial rewards on offer it’s little wonder that the number of zero-days has grown year on year.
- #6 Let’s step through how a typical Advanced Persistent Threat (APT) could compromise your organization. <Read slide>
- #7 In addition to these growing threats, ‘traditional’ IT setups are rapidly becoming a thing of the past. Users are working everywhere. The office, at home, while travelling and they are using multiple devices to do it – laptops, tablets, mobiles. Increasingly they are bringing and expecting to be able to use their personal devices at work. This all generates additional challenges for your network security. Source: Gartner Source: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014
- #8 While attacks on large on large enterprises are more likely to hit the headlines, SMBs are equally affected. <Highlight several points>
- #9 As you can see here, IT security is of huge importance to businesses of all sizes. And IT security is the front runner when it comes to spend for IT budgets.
- #11 In a recent survey of IT managers on Spiceworks, Sophos asked what their top complaints with their existing firewall were… They cited…<read from chart> Interestingly, these issues are all strengths of the XG Firewall.
- #12 It’s simple to use, lightning fast, gives unparalleled protection, has on-box reporting and comes from a trusted industry leader. Now let’s take a look at how the XG Firewall is achieving each of these points.
- #14 It solves a lot of common problems, IT managers have with managing their existing firewalls… It’s currently difficult to identify and prioritize issues, complex to create and manage policies, difficult to navigate and parse through the jargon, and identify risks before they become a problem. So when Sophos set about to design XG Firewall, they made sure they solved these important issues… First, there’s a brand new rich interactive dashboard that surfaces all the important information a manager needs and offers quick and easy drill-down to what’s important. Then they implemented policy templates and a unified policy model that’s easy to manage and work with and saves a lot of time. Then, they made the navigation more streamlined but also more helpful with self-documenting notes in the menus with thumbnails so you’re never more than 3 clicks from anywhere and can easily find what you’re looking for without a lot of trial and error. And they didn’t stop there, they also incorporated some exciting and extremely helpful new technologies to identify user and application risks in the environment. Let’s have a look now.
- #15 From the main dashboard you get complete oversight of your security status. <Highlight areas below as desired> System - Displays the real-time status of system performance, services, connections, and other system parameters. Green indicates everything is fine, orange indicates a warning, and red indicates something needs immediate attention. Each item is clickable to reveal additional details, graphs, as well as helpful system and network tools you can use for troubleshooting purposes such as ping, traceroute, packet capture, command-line access, and much more. Traffic insight - This provides an overview of traffic processed in the last 24 hours including web activity, allowed and blocked apps and web categories as well as network attacks. You can quickly determine when your peak traffic periods are as well as how effective your policies have been at blocking unwanted activity and traffic. Security Heartbeat - The Sophos Security Heartbeat widget indicates the health status of all your Sophos Cloud managed endpoints. If any systems are running unwanted applications or infected, they will show here as yellow or red. Clicking the widget reveals full details on the affected computer, including the user, hostname, IP address, and even the process responsible, enabling you to quickly take action. You can also use Security Heartbeat status in your policies to limit access to network resources for affected systems. Advanced Threat Protection - This widget provides an immediate indication of the presence of advanced threats on your network – either bot-net or command-and-control (C&C) traffic that has been blocked. Clicking the alert will reveal details about the infected system including the hostname, IP address, and source of the malicious traffic. User Threat Quotient - Unique to Sophos, User Threat Quotient (UTQ) is an indication of a user’s risk level based on recent web and advanced threat activity. This widget is green when risk levels are low, and turns red when a threshold of risky activity is detected indicating the number of high risk users. The score is analyzed over a 7 day period and clicking on it will take you directly to the detailed UTQ report. Connections - The connections widget shows the status of various connected devices and users including Remote Ethernet Device (RED) VPN connections, pending and active wireless access points, remote SSL VPN connections, and the current live users count. Clicking the various components of this widget will take you directly to the respective setup or reporting screen. Messages - The messages panel displays important system notices, warnings and alerts with blue, yellow and red icons respectively. Examples include default password warnings, HTTPS and SSH WAN access warnings, registration notifications, license notifications and firmware updates. Click any message to review the full details and take action. Reports - This panel displays the top five reports that may have data of interest or require action based on automatic background analysis. Examples include high risk applications, objectionable websites, web users, intrusion attacks, web server attacks, and more. Clicking any of the listed reports will open a PDF view of the full report. Active Policies - The Active Policies panel right on the control center indicates exactly how many policies you have of each type, how many are unused, disabled, changed and recently added. Unused policies are a good indication of policies that may benefit from some housekeeping as they can present potential openings or vulnerabilities in the network that are no longer required. Navigation - The menus and navigation get out of your way but offer quick access to all areas of the system. In fact, you’re never more than 3-clicks from anywhere. The menus are designed with built-in help making discovery easy and they remember your last selection requiring even fewer clicks to your most often used screens.
- #16 To make things as straight-forward as possible you can navigate to anywhere in only 3 clicks. Menu items are grouped logically, so you won’t waste time looking for something that’s hiding in the wrong place.
- #17 If you’re familiar with any other Firewall product, you know that policies are all over the place… firewall, IPS, email, web, and WAF policies are all on different screens in different modules and often spread across several tabs. That’s no longer the case. Sophos has made policy management a lot simpler by implementing a single screen to manage all your policies in one place. All your user, network and business application or WAF policies are here on the policies screen <advance animation> and you can easily filter them by type source and destination or status. And when you add a new policy, you choose the type, which provides a tailored template ideally suited for that type of policy, making it easy to setup new policy rules with just a few clicks.
- #18 And different policy settings are now all integrated. For any user or network rule, you can define an application control policy, web filtering policy, IPS policy, and traffic shapping policies, all with just a few drop down selections, and all on the same screen. In any other product, that would require at least four different rules or policies and multiple fields or tabs. Now it’s all done in one place. And you’ll see on the bottom of this screen… options for Security Heartbeat. Allowing you to add heartbeat requirements to any policy to limit access to any endpoint that’s been compromised. (more on that in a bit).
- #19 And another innovation and huge time saver are the new business application templates for setting up WAF policies. Here you simply select one of the common business applications you need to protect with the firewall, and it prepopulates the rest of the policy settings with the most common settings for that type of application. You then simply need to enter a couple of details like the domain name and server IP address and you’re done. Compare this with having to setup a WAF policy in any other product that’s usually several screens, complex, and confusing. Not with XG Firewall.
- #20 SFM - Sophos Firewall Manager Easily configure your devices, templates and manage your systems Here you can search for a device, see flagged alerts, errors get help and more info Device overview lets you see how many devices you have, which are actually connected and whether they are synched together See how your devices are running Information on SFM itself See which models you are running System messages
- #21 <Read slide>
- #23 One of the key new technologies we have now is FastPath Packet Optimization… which optimizes the connectivity and routing of traffic. Once a connection is deemed trusted, all subsequent packets can take the fast path. This is NOT stream scanning… which is all about optimizing the inspection of traffic for malware… we still properly scan all content in real-time or batch mode and do not compromise on security for added performance like some of our competitors. The best analogy for this is the process you go through at the airport. First someone will check your identity and destination to determine if you’re allowed to travel… this is analogous to the policy engine in the firewall. If you’re deemed trusted to travel to your destination, you proceed to the next stage which is the security screening <advance> FastPath Packet Optimization simply allows people travelling as a group to bypass the first step and take the Fast Path. In the firewall, all subsequent packets that are part of a known and trusted connection can similarly take the fast path improving performance. Everyone still goes through the security screening stage which is analogous to the malware inspection in a firewall. In our case, all traffic is still scanned completely for threats. <advance> Competitors often use Stream Scanning as a technique to improve performance, but it sacrifices security… something we’re not willing to do. The result is that you get better performance and better protection. FastPath can provide up to 200% improvement in firewall throughput.
- #25 You can pick and choose the modules depending on your security needs. Sophos XG Firewall delivers outstanding NGFW capabilities, but if you’re looking for an UTM solution it also gives you everything you need.
- #26 Security is an ever-evolving landscape. Having separate, best-of-breed products for each security aspect used to be the conventional wisdom. Then came security in layers – product bundles and suites, UTM, EMM, etc. Now Sophos has brought the next generation of security – Synchronized Security. So what do we mean by ‘Synchronized Security’? In order to stop sophisticated threats, you need security products that work together as a system – protecting your users and corporate data across all points of the network. This is exactly what Synchronized Security provides. The exact means of execution is via the ‘Sophos Security Heartbeat’ – which shares intelligence in real time across a trusted channel between your endpoints and firewall. We’ll go into more detail on the next slide. But this simple step of synchronizing security products that previously operated independently creates more effective protection against advanced malware and targeted attacks.
- #27 How it works is quite ingenious and simple. When malicious C&C or botnet traffic is detected on the network, the Firewall can use the Heartbeat connection to let the Endpoint know, which will change it’s status, triggering a notification and possibly changes in policy. Any network policy can have a heartbeat status attached as we saw earlier, enabling infected machines to be automatically isolated completely in the event of an incident until they can be cleaned up… or at least limit access to compromised machines so they don’t leak data or potentially infect other systems on the network. It’s incredibly helpful, important, and yet amazingly simple.
- #28 Sophos Security Heartbeat comes at no extra cost to XG Firewall, providing a revolutionary new approach to identifying and responding to advanced threats on the network. It provides a link between the firewall and Sophos Cloud Endpoints that enables these two essential security enforcement points to communicate and share information like nothing before. <advance> With traditional APT detection solutions, you would be lucky to identify the IP address of the compromised host. With Security Heartbeat linking endpoints with the Firewall, they can share important information so when you get an advanced threat warning, you not only know the IP address, but the hostname, user, time period, the threat, and the infected process or executable, and the number of incidents. The benefits are enormous in time savings to discover, identify and remediate an advanced threat. All the information needed is surfaced instantly to the XG Firewall Control Center… <read stuff in bullets>
- #30 XG Firewall has a fantastic reporting framework, modern look and feel, and some great new reports. Here are just a couple of the reports that provide extremely important insights into potential risks... The first is the App Risk Meter widget which appears on the application report dashboard. It’s a score that indicates the relative risk level of apps in the environment. A high score in red indicates that risky apps are being used, and you may want to establish an app control policy to prevent them from becomming a problem.
- #31 The next is the user threat quotient... Which identifies risky users based on their recent web bnrowsing history and advanced threat triggers. Users attempting to access a lot of blocked sites, or who have been infected in the past, are highly likely to re-offend... And are called out in this report. With this information admins can make policy changes, or educate these users, before they get themselves infected.
- #32 You can also use Sophos iView which gives you comprehensive, centralized reporting across all of your firewall devices. Monitor and analyze security risks across your entire network. Compliance reporting - HIPAA, PCI DSS, GLBA, and SOX
- #34 Sophos is the only vendor to feature as a Gartner Leader in both the Endpoint Protection and Unified Threat Management Magic Quadrants.
- #35 As you can see from the slide – Sophos is the only vendor to have a nearly even split between Endpoint and Network. You cannot get that anywhere else.