4 Steps to Optimal Endpoint Settings


Published on

Sophos Professional services reviews how to optimally configure your Sophos Endpoint Product.

This slide deck covers:
• Anti-virus policy live protection
• Anti-virus policy web protection
• Data control policy options to track files and removable storage
• Web control multi-browser inappropriate filtering and full web control

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Notes Master heading here Enter Date here Enter Footer text here
  • 4 Steps to Optimal Endpoint Settings

    1. 1. SOPHOSSophos EP Policy Webinar02/12/2013Presenter:Tom FarrellSophos Professional ServicesTopics: Policies and demonstrations of Anti-Virus Live Protection. Policies and demonstrations of Anti-Virus Web Protection. Policies and demonstrations of Data Control. Policies and demonstrations of Web Control.
    2. 2. Live protection Sophos has two primary types of file checking technologies  OnAccess  LiveProtection
    3. 3. Live protection OnAccess examines files as they are “accessed”  As they are Written  As they are Read  As they are Renamed
    4. 4. Live protection OnAccess uses onboard virus detection database 4.5 million identities. “VDL”
    5. 5. Live protection Live Protection, is cloud based technology. Live Protection releases are immediate. Using Sophos SXL DNS transport lookup.
    6. 6. Live protection
    7. 7. Live protection Additional events can trigger Live checks  Buffer Overflows  Host intrusion protection events − Suspicious files − Suspicious behavior − Malicious file events
    8. 8. Live protection Live protection demonstrations
    9. 9. Detection events & CleanupBest practice Not recommended
    10. 10. Web protection Web Protection  There are two features to Web Protection. − Block access to malicious websites. − Download scanning
    11. 11. Web protection Block access to malicious websites  Uses WinSock 2 API layered service provider (LSP)  LSP is a DLL that is inserted into the TCP/IP stack, once registered it can examine network traffic. With Sophos this is browser traffic for reputation and content.
    12. 12. Web protection Download scanning  Performs scans of temporary internet files.  Can rely on On-Access configuration or can operate independent of On-Access settings.
    13. 13. Web protection Web Protection transport similar to Live protection. Very fast checksum based queries. Transport using DNS/SXL. SXL response defines content type:  Malicious  Adult / Sexual  Crime / Violence, etc...
    14. 14. Web protection Web Protection demo
    15. 15. Data Leakage Prevention  Tracks moving data.  Data source can be local HD and network volumes.  Rules can be content expression based and or file matching.  Destinations include: − Removable storage − Browsers − Instant messenger − Email clients
    16. 16. Data Leakage Prevention Managing DLP events  Actions that can be applied − Allow and log − Block and log − Allow on user acceptance and log  All events are centrally reported and reports can be built using the Enterprise Console “EventViewer”
    17. 17. Data Leakage Prevention DLP use cases  Good people doing dumb things.  Bad people doing bad things.  The enemy within.
    18. 18. DLP demonstration
    19. 19. Web control • There are two types: − Inappropriate − Full web control
    20. 20. Web control Both use Winsock 2 LSP  Uses WinSock 2 API layered service provider (LSP)  LSP is a DLL that is inserted into the TCP/IP stack, once registered it can examine browser based network traffic for reputation and content.
    21. 21. Web control Inappropriate filtering uses built in 14 categories of controls. Control can be of Allow, Block or Warn.
    22. 22. Inappropriate Web control
    23. 23. Web control Web Control client events can be accessed through the Enterprise Console event viewer.
    24. 24. Web control Full Web Control requires Sophos Web Appliance physical or virtual.
    25. 25. Full Web Control
    26. 26. Sophos Web Appliance
    27. 27. Web control Key benefits of full web control  Greater control than just the built in 14 categories  Centrally store and report on users ENTIRE internet history, not just the violations.  Web control policies extend out of the office without any special network configurations using “live connect”
    28. 28. Web Control Demo
    29. 29. Getting started & getting help Documentation and resources  http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx  http://www.sophos.com/en-us/support/professional-services.aspx  Contacting support − http://www.sophos.com/en-us/support/contact-support.aspx − support@sophos.com − 1-888-767-4679
    30. 30. Sophos Professional ServicesWho are we, who am I• Sophos PS is the global team that… • Enables ‘best practice’ adoption of Sophos solutions • Optimizes your security posture to your needs• Our experience.. • Over 3500 engagements every year • Hundreds of thousands of endpoints every year • Engagements with a few endpoints to 50k+ endpoints• Tom Farrell • Most senior PS engineer in North America
    31. 31. Staying ahead of the curveStaying ahead of the curve US and Canada facebook.com/securitybysophos 1-866-866-2802 NASales@sophos.com Sophos on Google+ linkedin.com/company/sophos UK and Worldwide + 44 1235 55 9933 Sales@sophos.com twitter.com/Sophos_News nakedsecurity.sophos.com 31