UTM - The Complete Security Box


Published on

This presentation focuses on the features of Sophos UTM that give you complete security, without complexity. UTM provides security solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile.

Find out more about Sophos UTM here: http://bit.ly/ULoBZV

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • We see that there are three main problems making IT security more difficult today:Threats like fakeAV are still getting through defencesData is still getting lost on disks, laptops and via email. At the same time your IT infrastructure is getting more complex with users on mobile devices, using home computers, in satellite offices - all using data and services in the cloud, as well as behind your firewall.Too often the onus is put on the IT teamto address all these risks. This means you buy, configure and manage multiple security software and hardware solutions that let you deal with the aftermath of defences being breached. You also have to solve new security problems as they emerge, often by buying and deploying even more new products. What you need is complete security from a vendor you trust.
  • Securing IT to protect data is a job that keeps getting harder. Internet connections are faster, threats are more complex and users are more mobile. The result is what we see here. Software and hardware solutions are added as they’re needed. So your server room starts to fill up with an appliance or server for every job you need to do. As a result you’re spending more, you’re managing more and you’re adding complexity.
  • Stopping threats and protecting your data is what we do. And we believe our job is to do that comprehensively, without making your job more complicated. This is our mantra: Complete Security, Without Complexity, Active protection.What we do, How we do it, How we do it better.Complete security isabout taking care of yourprotection at every stagewithout it having to be complicated..
  • That’s why we give you solutions for every part of your business. Endpoint, Network, Data, Email, Web and Mobile. We protect them all. So your users and data are protected wherever they are and whatever they use.
  • To deal with today’s networks and combat modern threats we’re delivering a UTM that is the Complete Security appliance. From network management and protection, to gateway filtering and endpoint security this is a truly unified solution that can grow with your business.
  • Each of the modules will work however you decide to deploy it. So if you don’t need Wireless protection today, no worries, just subscribe to that module when you do. Then you’ll be able to access the settings for that module from the same familiar console you’re already using. We have an aggressive roadmap for Sophos UTM, adding mobile device management and data protection to the appliance within the year.
  • Having a connected business is essential to being successful, but computers have to be protected from threats targeting you. Having an internet connection allows you to connect out but also makes your network visible to attackers. A computer connected directly to the web will be targeted by a hacker within minutes so it’s important that essential protection is in place for computers in your network. The problem is that many network firewalls are complicated to setup and need specialist knowledge.
  • The Essential Firewall contains the fundamental basis security functions which every business should use such as a firewall, network tools, routing and secure remote access. These are all available free of charge for all Astaro appliances - also for commercial use.A good firewall can prevent exploits that lead to data loss or theft, infected computers, and other incidents that cost you time and money. The protective features in our Essential Network Firewall are designed for simplicity. We make it easy to control incoming and outgoing traffic. So you can be assured that you are configured for complete protection.With the integrated firewall, unauthorized access to internal and external resources are rejected and hacker attacks blocked.
  • Firewalls are only the most basic protection for networks more complex attack will get through these defenses or target your network in a different ways like exploiting a vulnerable application or moving from one computer to another. Protecting your network and keeping your business running isn’t just about stopping threats. You also want to make sure that your optimizing your bandwidth and allowing remote offices and workers secure and reliable connections to your systems.
  • Sophos Network Protection includes many fully integrated features: an intrusion prevention system, denial-of-service protection, a VPN gateway, an HTML5 VPN portal, advanced routing and more. We help protect your network by keeping bad traffic out and enabling secure access to authorized users. Advanced routing capabilities in Sophos Network Protection provide optimal path selection, load balancing and stability.
  • Your wireless networks need the same policies and protection as the wired network. This can be difficult without a way to centrally manage the network and extend your security. Many dedicated wireless management solutions are expensive and difficult to configure, with almost too many features for most businesses. The other option, with wireless built into the hardware doesn’t give the coverage or flexibility needed. And if you’re an organization with lots of remote offices setting up wireless connections in each one can be a challenge.
  • Sophos UTM helps you easily create, manage and secure wireless networks so you get consistency across your organization. Our wireless access points can be plugged in anywhere and configured centrally from the Sophos UTM. It’s like having built in wireless but with the flexibility that gives you complete coverage. And you can also set up wifi hotspots and access options for guests to your offices or remote branches.
  • There is still a huge amount of spam email out there, without any protection your users inboxes would be crammed full of useless messages that stop them being productive. Today lots of emails also carry links to malicious websites or phishing sites that want to steal data. Protecting email against viruses, spam and data loss can be hard work. You must address infections caused by viruses that get past your desktop defenses, manage spam quarantines and ensure employees properly encrypt their email.
  • Sophos UTM Email Protection makes it easy to keep your inboxes clear of viruses and spam. Dual yet individual virus engines operate in parallel to scan and block threats in content before it has a chance to enter the network. Astaro Mail Security stops spam, phishing and other unwanted email before it gets delivered and clutters up mailboxes. The combination of many different recognition mechanisms offer a high hit rate and low amount of false positives.We give youhandy management tools to make life easier for you and your users. And we let you secure email that leaves your business with email encryption options.
  • Traditionally networks were groups of computers joined together and usually in the same location. But today the network really can be anywhere. With laptops as the most popular choice as workstations for users in businesses they aren’t just connected to managed and protected internal networks, they might also be connected to the web at home, hotels or coffee shops. It’s not realistic to expect these users to connect to the corporate VPN every time they want to browse the web but that also means that when they do they aren’t protected by the web protection that’s at your gateway. Lots of different devices also get connected to endpoints and these carry a risk all of their own, either because data put onto them isn’t secure or because they are a common method for carrying malware. The protection for these computers must move beyond traditional signature based antivirus.
  • Endpoint protection in Sophos UTM lets you install an agent to your computers to keep them protected wherever they go, with detection and blocking of viruses, trojans, spyware and adware. With Live protection you can also be sure that if they try to visit an infected site when they aren’t connected to your gateway they’ll still be protected. Instantly. We’ve also built in device control, to reduce the risk of infection and let you protect data moved to USB sticks. And you’ll always be able to see your computers to know they’re protected with our LiveConnect service. It uses the cloud to let you set polices and see the status of endpoints however they’re connected.
  • Today the web is at the center of almost everything that we do with IT, we could argue that it’s just at the center of everything we do. This is a challenge for people in your business who are so used to using it that perhaps sometimes they use it a little too much and sometimes not in the right way, which can impact on their work. It’s also the reason why the web is the number one source of malware infections, with many people browsing and getting infected without even knowing it.
  • Sophos Web Protection prevents malware infections and gives you control over employees’ web use. Spyware and viruses are stopped before they can enter the network.You create easy policies that set where and how employees spend time online. With our web application control we help you control the applications that could cause security or legal problems, like P2P or instant messaging. So you get a handle on the unwanted applications that clog your network. And everything is tracked and arranged in detailed reports so you can see what people are doing and make changes as needed.
  • At Sophos we estimate that over 30,000 websites are infected every day. The majority of these sites began as a legitimate web presence for businesses just like yours. If a customer browsing to your site gets a warning from their antivirus to tell them it’s infected you might be looking at a loss of reputation. Most of these infected websites will attempt to use a weakness in the way the site is setup to redirect the browser to a site hosting the malicious code. The problem is that manually protecting the web server against these threats requires specialized expertise.
  • Sophos Web Server Protection eliminates this need. We use a reverse proxy to protect your web server and web applications against the unknown. A clear administrative interface simplifies policy setting. Our web application firewall is continually scanning for probes and attacks targeted at your web server. Our anti malware scanner is also letting the webserver scan its own files to make sure it’s not handing out infected content to your customers. We can also stop sql injection attacks that use invalid form data and we make sure that only valid url request are allowed so attackers can’t create a backdoor. With cookie protection we make sure that each one is digitally signed so the information in it is approved.
  • We provide better flexibility by offering a huge set of different deployment options – all providing the same functionality.The hardware appliance product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users and even more within large distributed networks.As opposed to other UTM solutions, Astaro software can be also installed on your own servers. Our gateways run on standard Intel-compatible PCs and servers not requiring any proprietary ASICs. This allows for easy installation also in home or in virtual environments and for fast update with new features as new threats arise.We also allow easy usage within an Amazon environment by offering Amazon Machine Images (AMI) and also facilitate the usage of Amazon VPCs through our VPC connector.Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Therefore, even the smallest remote office can get the same protection as a company's central office - without compromise.
  • The Sophos UTM product line covers models for small networks and remote locations with up to 10 users to large networks with up to 5000 users.As opposed to other UTM solutions, oursoftware can be also installed on your own servers.The same set of security applications, including features such as Active/Active Clustering, WAN Uplink Balancing or Active Directory Integration, is available on all our UTM models - no matter if the hardware, software or virtual appliance is deployed.Furthermore, every hardware appliance contains an integrated hard drive for local spam quarantine and log/reporting information. Soeven the smallest remote office can get the same protection as a company's central office - without compromise.The UTM 525 and 625 models offer the highest availability through a redundant hard drive and power supply.
  • To find out more about us visit www.sophos.com, thanks for listening.
  • UTM - The Complete Security Box

    1. 1. Sophos UTM:The Complete Security Box
    2. 2. We’re focused on protecting you Threats Data changing, st everywhere, ill regulations increasing growing Users everywhere, using everything
    3. 3. IT security sprawlIntrusion prevention SSL VPN Gateway Router Firewall Spam filter Endpoint protection Gateway antivirus WAN link balancer Web filter Load balancer
    4. 4. Complete SecurityBecause you’ve got enough to worry about Security Without Active Everywhere Complexity Protection Wherever Quicker to Our unique the user is, setup, maintai approach for what ever n and solve better they use problems protection you can actually deploy4
    5. 5. Complete SecurityProtecting every part of your business5
    6. 6. Sophos UTMThe Complete Security Box Network Wireless Firewall Protection Email Network Protection Protection Endpoint WebServer Protection Protection Web Protection
    7. 7. A first line of defenseStarting with network security• Any computer connected to the internet is at risk• A computer outside a firewall will be attacked within minutes• Hardware firewalls can be complex to configure
    8. 8. Network firewallFree Firewall for business use• Easy management with object-based rules• Stateful packet inspection• Place anywhere on network• IPv6 Support• Amazon Virtual Private Cloud Connector• Easy tunnelling with Windows Remote Access
    9. 9. Optimize your networkand stop threatsBusinesses need more than just a basic firewall• Firewalls only deal in ports, addresses and protocols• Malicious network traffic can still come through allowed ports• You want to get the best from your web connection• You need a way to let remote workers and offices connect
    10. 10. Network protectionOptimize and secure your network• Intrusion prevention system• Flood protection• VPN (Site-to-site and client)• HTML 5 VPN portal• WAN link balancing
    11. 11. WiFi should be easy and safeYou don’t have to “make do” when it comes to wireless networking• Separate wireless management solutions can be expensive• Lots of built in wireless hardware doesn’t give complete coverage• Configuring wireless networks in remote offices can be a hassle
    12. 12. Wireless protectionEasy central configuration for secure WiFi• Central management• Plug & play deployment• Connect access points anywhere• Easy hotspot configuration
    13. 13. Email traffic is still a riskOld methods with some original techniques• Over 98% of all email is spam• Many spam emails combine links to infected websites• Phishing attacks are on the rise• Data protection is key concern for businesses
    14. 14. Email protectionStopping threats and protecting data at your gateway• Filter spam and stop malware• Let users manage their own quarantined items• Detects phishing urls in emails• Supports S/MIME and OpenPGP for encryption
    15. 15. Endpoints are everywhereAnd so is your network• The anywhere network• Accessing the web outside your protection• Malware carried on USB sticks• You need more than signature-based AV
    16. 16. Endpoint protectionStop threats wherever users are and however they connect• Endpoint anti malware• Live protection• Device control• Manage anywhere through our LiveConnect service
    17. 17. Why worry about the web?A great tool and a potential risk• Lack of control can impact productivity• 85% of all malware comes from the web• Web threats are invisible• Targeted and controlling computers and stealing data
    18. 18. Web protectionLayered protection for computers connected to the web• Gateway anti malware• URL Filtering• Web application control• Interactive usage and user reporting
    19. 19. Vulnerable websites are a targetDon’t let your organization become another statistic• More than 30,000 websites infected every day• 80% of infected websites are legitimate• Exploits will often redirect users to malicious sites
    20. 20. Webserver protectionLet us be your web security expert• Web application firewall• Anti malware scanning• Form hardening• URL hardening• Cookie protection
    21. 21. Choose your deployment type Hardware Appliance Software Appliance Virtual Appliance
    22. 22. Hardware optionsHardware Multiple 110/120 220 320 425 525 625Appliance + RED Large Small Medium Medium Large Large LargeEnvironment networks network network network network network network + branchesNetwork ports 4 8 8 6 & 2 SFP 10 & 4 SFP 10 & 8 SFP MultipleMax.recommended 10/80 300 800 1.500 3.500 5.000 10.000+firewall usersMax.recommended 10/35 75 200 600 1.300 2.000 5.000UTM usersSoftwareAppliance * Runs on Intel-compatible PCs and serversVirtual VMware Ready & Citrix Ready certifiedAppliance * Runs in Hyper-V, KVM, and other virtual environments
    23. 23. Choose your modules Network Web Webserver Firewall Protection Protection Endpoint Protection Network Wireless Email Protection Protection Protection FullGuard
    24. 24. www.sophos.com/unified