Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Sophos Security Threat Report 2013January 2013
Sophos updateProtecting businesses for over 27 years• First European-based vendor of security solutions for Businesses    ...
Triple Leader                  Endpoint                                                              Data                 ...
Triple Champion               Endpoint                                                             Data                   ...
Security Threat Report        www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx5
Agenda    Web    Blackhole    Java    Ransomware    ZeroAccess    Mac OS X    Android    Cloud    Targeted Attacks    Long...
Threats continue to growSophosLabs analyze 250,000+ new malware samples every day       250,0007
Spam is diminished butnot defeated• Authorities are successfully fighting back    In July, the dismantling of Grum botnet ...
Web is the new Email    Web is the the predominant mechanism to infect users                        Spam                  ...
Compromised legitimate sitesSophosLabs detect 30,000 new infectious Web pages every day Browse via Search engine          ...
Drive-by downloadsExploit kits make it trivial for anyone to exploit users over the web     • Exploit packs can be bought ...
Social EngineeringPrevalent on social network attacks                                              clickjacking           ...
Redirecting victims„Controlling‟ user traffic     Compromise legitimate web sites   Search engine optimization (SEO)13
Protection StrategiesLayered Protection: block an attack at any step in the delivery chain     Compromise legitimate web s...
Protection StrategiesWhere do Sophos product technologies work in protecting customers?     Compromise legitimate web site...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
Blackhole27% of infected sites and redirections17
Toolkits & Polymorphism• Blackhole attacks multiply thanks to widely spread Toolkits• They make an extended use of JavaScr...
MaaS (Malware as a Service)     Price list for Blackhole19
VulnerabilitiesBlackhole exploits vulnerabilites in PDF, Flash, Java …                                                    ...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
Blackhole (v1.x)Targets a large array of vulnerabilities, including a majority on Java    CVE           Cible             ...
Instant exploit of vulnerabilitiesWhat is the future of Java?     • August 2012      •   CVE-2012-4681 zero-day      •   R...
Blackhole 2.0September 2012 – New version of the exploit kit announced ! • Less predictable URLs • Harder to track • Harde...
Blackhole (v2.x)Reportedly slimming down volume of exploits targeted    CVE          Cible                                ...
Blackhole payloadsPayloads distributed by Blackhole between August-Sep 2012                   Downloader                  ...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targetd Attacks...
Ransomware The new scareware? • Malware that locks/encrypts user data • Pay ransom to access files         Simple         ...
Ransomware Multilingual!29
Ransomware: Matsnu Lockout page shown to user30
Ransomware: Matsnu Behind the scene • Connection to C&C server     • HTTP, RC4 encrypted • Receives remote commands:     •...
Ransomware: Matsnu File encryption      Manifest file      original_filename1.ext      new_filename1.ext      key      ori...
Agenda     Web     Blackhole     Java     Ransomware                             Nothing     ZeroAccess               to s...
ZeroAccessZeroAccess is a Rootkit familytypically dropped in the system by a Blackhole attack                             ...
HidingZeroAccess evolves its hiding techniques depending on the OS                   32 bit                              6...
Peer-to-Peer BotnetZeroAccess uses a distributed or peer-to-peer control model for resilience36
TrapsZeroAccess use aggressive techniques to defend themselves,such as setting up traps for security software37
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
After Fake AV for Mac ...MacDefender, MacSecurity and more39
Flashback (OSX/Flshplyer)Flashback on a malware epidemic on Mac OSX • 600,000 Mac OS X systems infected in spring 2012    ...
Morcut (OSX/Morcut-A)More sophisticated and potentially more dangerous• Designed for spying     • Monitors virtually every...
And more ...Distribution of the 4,900 malwares for Mac OS Xthat spread in the first week of August 201242
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
Mobile Malware     60,000                                           54,900     50,000     40,000     30,000     20,000    ...
Threat Exposure Rate In the USA and Australia, this rate exceeds those of PCs45
Why Android?• Adding applications to marketplace is easy• Repackaged apps• Alternative Android application markets• Forums...
Android Malware                Spyware     mTAN             Andr/DroidRt           Andr/NewyearL-          Others         ...
Andr/Boxer & Andr/FakePremium SMS Trojans                             Andr/Boxer              Andr/Fake     Percentage in ...
Andr/KongFuSophisticated & Multifunctional49
Andr/FkToken-A - mTANMobile transaction authentication number sentby banks to authenticate online bank transactions • Catc...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
Storage in the Cloud     Which solution(s) other than email are you using to exchange professional data?         Portable ...
Do you worry about Dropbox?                            Are files     Where is the                           protected?    ...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targeted Attack...
Targeted drive-by attackMore cases are revealed55
Targeted drive by attackIndirect targeting                           • Hack aeronautical site                 HACK      • ...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targetd Attacks...
75% of attacks are unique           Malware attacks (binary)80%70%60%50%40%30%20%10% 0%      1    2        3        4     ...
Server-side Polymorphism• Weaknesses of old-style polymorphic worms     • Polymorphism engine part of the code      • Can ...
Obfuscated JavaScript • Endless source of obfuscation techniques • Anti-emulation techniques     •   Recursive function ca...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targetd Attacks...
Thirteen predictions for1. Attack toolkits continue to proliferate2. Modernization and hardening of operating systems3. Cl...
Agenda     Web     Blackhole     Java     Ransomware     ZeroAccess     Mac OS X     Android     Cloud     Targetd Attacks...
Protect Users at all levelsDeploy solutions at all levels, covering the entire threat lifecycleReduce attack surface      ...
Reduce attack surfaceDeploy solutions with preventive features                                                            ...
Protect all the Devices or your EndUsersThe emergence of BYOD requires to protect an ever larger number of devices        ...
Control Web ApplicationsControl Web access and Web applications usage         Endpoint                Web access        We...
Educate UsersUse Sophos free Education toolkits and resources     DOs and DON’T                        Mobiles        Data...
Staying ahead of the curveStaying ahead of the curve                                         US and Canada      facebook.c...
Upcoming SlideShare
Loading in …5
×

2013 Security Threat Report Presentation

4,761 views

Published on

The 2013 Security Threat Report recaps what happened in data security in 2012, and what trends are ahead in 2013. For more information, visit: http://bit.ly/VcLfLa

Published in: Technology

2013 Security Threat Report Presentation

  1. 1. Sophos Security Threat Report 2013January 2013
  2. 2. Sophos updateProtecting businesses for over 27 years• First European-based vendor of security solutions for Businesses • Headquarter in Oxford, UK • Billings in excess of 400M US$ (300M €)• Global with strong European base • 100 millions users • 1,600 employees worldwide • 5 SophosLabs Centers, including 2 in the EU Oxford, Budapest, Boston, Vancouver, Sydney • 8 R&D Centers, including 6 in the EU Oxford, Aachen, Budapest, Dortmund, Karlsruhe, Linz, Munich, Vancouver• Dedicated to Businesses2
  3. 3. Triple Leader Endpoint Data UTM Magic Quadrant for Magic Quadrant for Magic Quadrant for Endpoint Protection Platforms Mobile Data Protection Unified Threat Management Sources: Gartner: Magic Quadrantsfor Endpoint Protection Platforms (2 Jan 2013) , Mobile Data Protection (6 Sep 2012), and UTM (5 March 2012). The Magic Quadrant graphic was published by Gartner, Inc. as part of a larger research note and should be evaluated in the context of the entire report.3
  4. 4. Triple Champion Endpoint Data UTM Vendor Lanscape for Vendor Landscape for Vendor Landscape for Endpoint Anti-Malware Endpoint Encryption Next Generation Firewalls Sources: Info-Tech: Vendor Landscape for Endpoint Anti-Malware (October 2012) , Endpoint Encryption (December 2011), and UTM (October 2012). The Vendor Landscape graphic was published by Info-Tech as part of a larger research note and should be evaluated in the context of the entire report.4
  5. 5. Security Threat Report www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx5
  6. 6. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions6
  7. 7. Threats continue to growSophosLabs analyze 250,000+ new malware samples every day 250,0007
  8. 8. Spam is diminished butnot defeated• Authorities are successfully fighting back In July, the dismantling of Grum botnet Control and Command center in the Netherlands, then in Panama and Russia succeeded in reducing spam volume by 17%• But targeted attacks such as spear phishing are growing8
  9. 9. Web is the new Email Web is the the predominant mechanism to infect users Spam 85% Web9
  10. 10. Compromised legitimate sitesSophosLabs detect 30,000 new infectious Web pages every day Browse via Search engine Browse direct10
  11. 11. Drive-by downloadsExploit kits make it trivial for anyone to exploit users over the web • Exploit packs can be bought relatively cheaply • No skill required • Content created to target relevant browser and application vulnerabilities • „Silent‟ infection of victims11
  12. 12. Social EngineeringPrevalent on social network attacks clickjacking Social engineering12 Fake polls
  13. 13. Redirecting victims„Controlling‟ user traffic Compromise legitimate web sites Search engine optimization (SEO)13
  14. 14. Protection StrategiesLayered Protection: block an attack at any step in the delivery chain Compromise legitimate web sites Search engine optimisation (SEO)14
  15. 15. Protection StrategiesWhere do Sophos product technologies work in protecting customers? Compromise legitimate web sites Search engine optimisation (SEO) Antimalware Scan Malicious URL Filtering Host IPS (runtime)15 Security Patches
  16. 16. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions16
  17. 17. Blackhole27% of infected sites and redirections17
  18. 18. Toolkits & Polymorphism• Blackhole attacks multiply thanks to widely spread Toolkits• They make an extended use of JavaScript obfuscation capabilities in their attempts to evade detection with server-side Polymorphism 18
  19. 19. MaaS (Malware as a Service) Price list for Blackhole19
  20. 20. VulnerabilitiesBlackhole exploits vulnerabilites in PDF, Flash, Java … ? hcp://…20
  21. 21. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions21
  22. 22. Blackhole (v1.x)Targets a large array of vulnerabilities, including a majority on Java CVE Cible DescriptionCVE-2012-4681 Java Java forName, getField vulnerabilityCVE-2012-0507 Java Java AtomicReferenceArray vulnerabilityCVE-2011-3544 Java Oracle Java SE Rhino Script Engine Remote Code Execution vulnCVE-2011-2110 Flash Adobe Flash Player unspecified code execution (APSB11-18)CVE-2011-0611 Flash Adobe Flash Player unspecified code execution (APSA11-02)CVE-2010-3552 Java SkylineCVE-2010-1885 Windows Microsoft Windows Help and Support Center (HCP)CVE-2010-1423 Java Java Deployment Toolkit insufficient argument validationCVE-2010-0886 Java Unspecified vulnerabilityCVE-2010-0842 Java JRE MixerSequencer invalid array indexCVE-2010-0840 Java Java trusted Methods ChainingCVE-2010-0188 PDF LibTIFF integer overflowCVE-2009-1671 Java Deployment Toolkit ActiveX controlCVE-2009-4324 PDF Use after free vulnerability in doc.media.newPlayerCVE-2009-0927 PDF Stack overflow via crafted argument to Collab.getIconCVE-2008-2992 PDF Stack overflow via crafted argument to util.printfCVE-2007-5659 PDF collab.collectEmailInfoCVE-2006-0003 IE MDAC22
  23. 23. Instant exploit of vulnerabilitiesWhat is the future of Java? • August 2012 • CVE-2012-4681 zero-day • Rapidly targeted • Metasploit • Exploit kits “It took less than 12 hours from the time the proof of concept for the latest Java zero-day vulnerabilities went public for exploits of those vulnerabilities to be included in a commercial crimeware kit.”23
  24. 24. Blackhole 2.0September 2012 – New version of the exploit kit announced ! • Less predictable URLs • Harder to track • Harder to block via IDS • More aggressive blacklisting • “Monitor” mode • Slimmer • Less vulnerabilities • Etc.24
  25. 25. Blackhole (v2.x)Reportedly slimming down volume of exploits targeted CVE Cible DescriptionCVE-2012-4681 Java Java forName, getField vulnerabilityCVE-2012-0507 Java Java AtomicReferenceArray vulnerabilityCVE-2011-3544 Java Oracle Java SE Rhino Script Engine Remote Code Execution vulnCVE-2011-2110 Flash Adobe Flash Player unspecified code execution (APSB11-18)CVE-2011-0611 Flash Adobe Flash Player unspecified code execution (APSA11-02)CVE-2010-3552 Java SkylineCVE-2010-1885 Windows Microsoft Windows Help and Support Center (HCP)CVE-2010-1423 Java Java Deployment Toolkit insufficient argument validationCVE-2010-0886 Java Unspecified vulnerabilityCVE-2010-0842 Java JRE MixerSequencer invalid array indexCVE-2010-0840 Java Java trusted Methods ChainingCVE-2010-0188 PDF LibTIFF integer overflowCVE-2009-1671 Java Deployment Toolkit ActiveX controlCVE-2009-4324 PDF Use after free vulnerability in doc.media.newPlayerCVE-2009-0927 PDF Stack overflow via crafted argument to Collab.getIconCVE-2008-2992 PDF Stack overflow via crafted argument to util.printfCVE-2007-5659 PDF collab.collectEmailInfoCVE-2006-0003 IE MDAC
  26. 26. Blackhole payloadsPayloads distributed by Blackhole between August-Sep 2012 Downloader 2% Other ZeroAccess 9% 6% Zbot 25% Backdoor 6% FakeAV 11% Ransomware 18% Sinowal 11% PWS 12%26
  27. 27. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targetd Attacks Long Tail Perspectives for 2013 Conclusions27
  28. 28. Ransomware The new scareware? • Malware that locks/encrypts user data • Pay ransom to access files Simple Medium Complex • Password • XOR • RC4 protected archives • shift • Public key crypto Recover data?28
  29. 29. Ransomware Multilingual!29
  30. 30. Ransomware: Matsnu Lockout page shown to user30
  31. 31. Ransomware: Matsnu Behind the scene • Connection to C&C server • HTTP, RC4 encrypted • Receives remote commands: • IMAGES • GEO • LOCK • UNLOCK • URLS • EXECUTE • KILL • UPGRADE • UPGRADEURL • LOAD • WAIT • MESSAGE31
  32. 32. Ransomware: Matsnu File encryption Manifest file original_filename1.ext new_filename1.ext key original_filename2.ext new_filename2.ext key … … • Recovery tool? • No! • Decryption/recovery requires: • Grab data value from HTTP request • B64 decode (->MASTER_KEY) • Grab machine ID from HTTP request • RC4 decrypt the MASTER_KEY with this • Append constant string • RC4 decrypt manifest file with machine ID key • DWORD transposition • RC4 decrypt this using the MASTER_KEY • Locate file you wish to decrypt in the manifest file • Grab RC4 key for file, append constant string32 • RC4 decrypt file
  33. 33. Agenda Web Blackhole Java Ransomware Nothing ZeroAccess to see here Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions33
  34. 34. ZeroAccessZeroAccess is a Rootkit familytypically dropped in the system by a Blackhole attack Nothing to see here34
  35. 35. HidingZeroAccess evolves its hiding techniques depending on the OS 32 bit 64 bit Global Assembly Malicious driver Injected DLL Cache Encrypted Linked file system Hide ‘in plain sight’ folder35
  36. 36. Peer-to-Peer BotnetZeroAccess uses a distributed or peer-to-peer control model for resilience36
  37. 37. TrapsZeroAccess use aggressive techniques to defend themselves,such as setting up traps for security software37
  38. 38. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions38
  39. 39. After Fake AV for Mac ...MacDefender, MacSecurity and more39
  40. 40. Flashback (OSX/Flshplyer)Flashback on a malware epidemic on Mac OSX • 600,000 Mac OS X systems infected in spring 2012 • These systems have been exploited in a very large scale botnet • First appearance at the end of 2011 • Pretended to be a Flash installer • Passive and silent download • Exploited several Java vulnerabilities on Mac OS X • In March, exploit of a vulnerability corrected only in April by Apple • 2.1% of Mac systems were infected at the infection peak (Estimation based on Sophos free antimalware for Mac)40
  41. 41. Morcut (OSX/Morcut-A)More sophisticated and potentially more dangerous• Designed for spying • Monitors virtually every way a user communicates• First appearance in July 2012• Posed as a Java Archive file (JAR) • Pretended to be signed by Verisign • Deployed kernel driver components to hide and run without administrator‟s authentication• Reflects an extremely thorough understanding of Mac programming techniques, capabilities, and potential weaknesses• Perfect tool for targeted attacks41
  42. 42. And more ...Distribution of the 4,900 malwares for Mac OS Xthat spread in the first week of August 201242
  43. 43. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions43
  44. 44. Mobile Malware 60,000 54,900 50,000 40,000 30,000 20,000 10,000 0 2011 2012 Jan Apr Jul Oct Jan Apr Jul Oct44
  45. 45. Threat Exposure Rate In the USA and Australia, this rate exceeds those of PCs45
  46. 46. Why Android?• Adding applications to marketplace is easy• Repackaged apps• Alternative Android application markets• Forums and file sharing sites• “Cracked” apps• Alternative markets• Android app landscape similar to Windows46
  47. 47. Android Malware Spyware mTAN Andr/DroidRt Andr/NewyearL- Others B Andr/Gmaster-A Andr/KongFu Andr/Kmin Andr/Boxer Andr/Fake47
  48. 48. Andr/Boxer & Andr/FakePremium SMS Trojans Andr/Boxer Andr/Fake Percentage in total 56.8% 17.5% Number of >3 0-4 Premium SMS Russia, Ukraine and Targeted Countries Russia Kazakhstan • Determine premium • Download and number based on the install applications Other Functionalities Mobile Country Code • Access website • Access website • masquerade as a legitimate app48
  49. 49. Andr/KongFuSophisticated & Multifunctional49
  50. 50. Andr/FkToken-A - mTANMobile transaction authentication number sentby banks to authenticate online bank transactions • Catch SMS message • Send SMS message • Delete SMS message • Contact remote sites to get list of info like attack‟s phone number and websites • Also it looks like it will A trial sample detected as Andr/FkToken-A download and install apk50
  51. 51. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions51
  52. 52. Storage in the Cloud Which solution(s) other than email are you using to exchange professional data? Portable Devices (USB keys …) 77% A corporate solution (FTP server …) 38% Online storage services (Dropbox…) 27% Remote access solution (VPN …) 16% Other 4% Source: Sophos online poll - 1,005 total count When you ask your IT department for help, how long are you willing to wait before looking for a solution on your own? Less than 5 minutes 22% Between 5 and 30 minutes 40% Between 30 minutes and 1 hour 13% Between 1 hour and 1 day 14% 1 day 5% I never move without their answer, however long 7% Source: Sophos online poll - 1,005 total count52
  53. 53. Do you worry about Dropbox? Are files Where is the protected? data stored? Are you Is sensitive allowed to use data already in it? the cloud?53
  54. 54. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targeted Attacks Long Tail Perspectives for 2013 Conclusions54
  55. 55. Targeted drive-by attackMore cases are revealed55
  56. 56. Targeted drive by attackIndirect targeting • Hack aeronautical site HACK • Redirect + exploits uploaded to site • TARGET company browses site HIT • Zero-day vulnerability hits TARGET EXPLOIT • CVE-2012-1889 (MS XML Core Services) • TARGET compromised PWN56
  57. 57. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targetd Attacks Long Tail Perspectives for 2013 Conclusions57
  58. 58. 75% of attacks are unique Malware attacks (binary)80%70%60%50%40%30%20%10% 0% 1 2 3 4 5 >5
  59. 59. Server-side Polymorphism• Weaknesses of old-style polymorphic worms • Polymorphism engine part of the code • Can be reversed by persistent researchers • Must be decrypted in memory • Emulate the code until the invariant is found • Detection can be based on the decryption loop• Server side-polymorphism • Responsible for the explosion of variants • 250,000 new malware samples are analyzed every day by SophosLabs • No direct access to the polymorphic engine • Frequent updates59
  60. 60. Obfuscated JavaScript • Endless source of obfuscation techniques • Anti-emulation techniques • Recursive function calls • Hooking events (eg. amount of mouse movements ) • Elapsed time checks • etc …60
  61. 61. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targetd Attacks Long Tail Perspectives for 2013 Conclusions61
  62. 62. Thirteen predictions for1. Attack toolkits continue to proliferate2. Modernization and hardening of operating systems3. Cloud-based malware testing changes the threat protection model4. Increased focus on layered security5. One step forward, two steps back6. Mobile attacks become more advanced7. Web servers back in the crosshairs8. Integrate ‘all of the things’9. Diverse business models and irreversible malware10. Skills problem becomes more apparent11. Cyber criminal anti-forensics12. More advanced hacktivism and political Debate13. Arguments over big data vs. analytics and confusion62
  63. 63. Agenda Web Blackhole Java Ransomware ZeroAccess Mac OS X Android Cloud Targetd Attacks Long Tail Perspectives for 2013 Conclusions63
  64. 64. Protect Users at all levelsDeploy solutions at all levels, covering the entire threat lifecycleReduce attack surface Protect everywhere Stop attacks and breaches Keep people working URL Filtering Web Application Endpoint Web Encryption Data Control Access control Automation WiFi security Firewall Protection for cloud Anti-spam Patch Manager Mobile Control Virtualization Anti-malware User education Visibility Local self-help Application Mobile app Clean up Technical Device Control Secure branch Intrusion Firewall Control security support offices prevention Encryption Tamper Free Email Live Protection Small protection Home use VPN Performance updates encryption64
  65. 65. Reduce attack surfaceDeploy solutions with preventive features Anti-Malware Unified Engine Anti-Spyware Sophos Entreprise Console Anti-Rootkit HIPS Web Protection Application Control Integrated Mangement Device Control DLP URL Filtering Patch Assessment Client Firewall NAC Encryption65
  66. 66. Protect all the Devices or your EndUsersThe emergence of BYOD requires to protect an ever larger number of devices Corporate Mobiles Employee Mobiles Corporate PC or Laptop Employee Device66 Corporate Servers Virtualized systems
  67. 67. Control Web ApplicationsControl Web access and Web applications usage Endpoint Web access Web Applications • Anti-malware • Anti-malware • Real time monitoring • Host IPS • HTTPS Scan • Block / Allow • Malicious URL blocking • Anonymizing • Manage risks • Application control Proxies blocking dynamically • URL Filtering • URL Filtering • Limit bandwidth • DLP • Content filtering • Manage priorities
  68. 68. Educate UsersUse Sophos free Education toolkits and resources DOs and DON’T Mobiles Data Social Networks (Best practices)68
  69. 69. Staying ahead of the curveStaying ahead of the curve US and Canada facebook.com/securitybysophos 1-866-866-2802 NASales@sophos.com Sophos on Google+ UK and Worldwide linkedin.com/company/sophos + 44 1235 55 9933 Sales@sophos.com twitter.com/Sophos_News nakedsecurity.sophos.com 69

×