1

Vincent VanbiervlietSenior Sales Engineer

Securing with SophosSophos Security Day – 25/11/2014

22

SafeGuard Enterprise 7.0What’s New

3

What’s New in SafeGuard Enterprise 7.0

• Enhancements on Windows

Windows 8.1 August Update (f.k.a 8.1-2014) supported

BL management improvements

File Tracking for Cloud Storage targets

LSH user enrollment enforcement

Backend performance improvements in large DB environments

Support of new tokens/smartcards (KBA will be updated for release)

• Enhancements on OS X• File encryption enhancements – original mount points hidden

• File encryption performance improvements

4

BL - Support for Password Protector

• Passwords as an additional authentication mechanism

4

5

BL - Support for Password Protector

• "Auto-Unlock" as a way to automatically protect and unlock NON-boot volumes without requiring a user interaction at all.

• Implements support for the BitLocker hardware test, which is initiated before encryption of the boot volume starts. This improves the user experience, as scenarios where the user gets locked out from the system are avoided.

• Allow the user to explicitly postpone BitLocker encryptionwhen, e.g., a new password is requested.

5

6

LSH user enrollment enforcement

• User are now "remembered" to answer their questions in 3 stages

• Stage 1: Baloon tooltip in tray icon every hour, change to stage 2 on next calendar day

• Stage 2: Additionally to stage 1 behavior LSH will be started every logon and unlock and users can postpone, change to stage 3 after 2 days

• Stage 3: Additionally to stage 2 behavior (except the tooltip) the LSH dialog will be started every 60 min (users can postpone it)

6

7

Mac – File Encryption enhancements

• „Real“ enforcement of file encryption (original folders are hidden to users and replaced by SGN secured folders)

• No changes in workflows anymore

Users can work with the secured folder as usual

Secured folders are stored on the same place where the original folders were)

Real pathes (e.g. documents) can be used in Terminal now

• Support of additional AV engines

7

8

Mac - SGN 6.1 File Encryption

8

SGN 6.1!!!

9

Mac - File Encryption enhancements

9

1010

Sophos Cloud

11

Sophos Security.

Cloud Simplicity.

The same trusted endpoint protection, now available in the cloud. Instant deployment, instant security, instant satisfaction.

12

Updates, upgrades

and reporting

Sophos Cloud - Cloud-managed Security

Admin(Anywhere)

Sophos Cloud

Roaming worker

Home worker

HQ office worker

Remote office worker

13

Business Key Needs Sophos Cloud

Easy to ImplementAs a small business owner I typically have to “do it all” and don’t have time to become a security expert. It’s critical that this solution is quick to implement.

From Need to Solution in Minutes• Sign up online and deploy endpoints right from

the cloud• No server to implement

Easy to Manage, Maintenance freeOnce we’re running, make it simple for me to stay protected and, when I need to take action, make it easy.

Manage Anywhere with Auto Updates• Per user policy and reporting• Automatic upgrades

Ideal for Businesses

Cost EffectiveMy budget is tight so the price has to be competitive.

Economical• Per user license – add users as you grow• Licensing flexibility

• Annual, Multi-year• No equipment procurement or maintenance costs

Effective Protection Everywhere I need to ensure remote and roaming users are protected the same way as office users

Best in Class Protection Everywhere• Automatic threat and policy updates• Built-in best practices; fewer clicks to better

protection

14

Sophos Cloud v3 – Key Capabilities

-Releases November 18 2014-

Windows server protection (standard)

Automatic exclusions, enhanced exclusion capabilities, device based policy

Existing EP customer automatically extended a 25% server allocation (license)

Evaluation license support Customer of EP or Server can always try the other regardless of whether

customer is licensed for it

15

Cloud Server Protection (Standard)

Easy to configure and manage

• Automatically identifies and adapts to your server environment

• Automatic exclusions

Fast Performance

• Low performance impact that won’t slow down your servers

Great Protection

• Anti-malware, HIPS, Live Protection, Web Security

16

Cloud Server Protection (Standard)

How is it different from Endpoint Protection?

Server policy is set per machine (server) and not per user

The server policy allows you to control all the features (endpoint limits control over certain features)

Server has its own dashboard widget and report

Server has improved exclusions support and automatic exclusions

Server doesn’t have device control or web control

You can only install Server on server OS and you can only install Endpoint on desktop OS

17

Cloud Server Protection (Standard) - Exclusions

Variable Windows 2008 Windows 2003

Example Expansion Uses Environment Variables Expansion Uses Environment Variables

%allusersprofile% C:\ProgramData %allusersprofile% C:\Documents and Settings\All Users

%allusersprofile%

%appdata% C:\Users\*\AppData\Roaming %systemdrive% C:\Documents and Settings\*\Application Data

%systemdrive%

%commonprogramfiles% C:\Program Files\Common Files %commonprogramfiles% C:\Program Files\Common Files %commonprogramfiles%

%commonprogramfiles(x86)% C:\Program Files (x86)\Common Files

%commonprogramfiles(x86)% C:\Program Files (x86)\Common Files

%commonprogramfiles(x86)%

%localappdata% C:\Users\*\AppData\Local %userprofile% C:\Documents and Settings\*\Local Settings\Application Data

%userprofile%

%programdata% C:\ProgramData %programdata% C:\Documents and Settings\All Users\Application Data

%programdata%

%programfiles% C:\Program Files %programfiles% C:\Program Files %programfiles%

%programfiles(x86)% C:\Program Files (x86) %programfiles(x86)% C:\Program Files (x86) %programfiles(x86)%

%systemdrive% C: %systemdrive% C: %systemdrive%

%systemroot% C:\Windows %systemroot% C:\Windows %systemroot%

%temp% or %tmp% C:\Users\*\AppData\Local\Temp %systemdrive% C:\Documents and Settings\*\Local Settings\Temp

%systemdrive%

%userprofile% C:\Users\* %systemdrive% C:\Documents and Settings\* %systemdrive%

%windir% C:\Windows %windir% C:\Windows %windir%

%homedrive% NOT SUPPORTED %homedrive% (per-user) NOT SUPPORTED %homedrive% (per-user)

%homepath% NOT SUPPORTED %homepath% (per-user) NOT SUPPORTED %homepath% (per-user)

What variables are supported?

18

Cloud Server Protection (Standard) : Exclusions

Automatic Exclusions –

We will automatically apply exclusions based on the applications detected on the server

The feature is controlled from the policy

Detection will be handled via the registry and custom detection scripts

Sophos will provide a data feed with the exclusion rules, which will be updated regularly

We are starting with the Microsoft ones: Exchange, SQL and Active Directory domain controllers

We are the only ones doing this

19

20

Cloud Server Protection (Standard) – List View

21

Cloud Server Protection Standard: Detail View

Basic Server Info

Visibility to event history

22

Cloud Server Protection (Standard): Exclusions

Automatic exclusions!

24

Features and PackagingSophos Cloud Endpoint Protection Standard (CES)

Sophos Cloud EndpointProtectionAdvanced (CEA)

Sophos Cloud Mobile Control (CMC)

Sophos Cloud Enduser Protection (CUP)

Sophos Cloud Server ProtectionStandard (CSP)

Introduced v2 v2 v2 v2 v3

Anti-malware

Web Security

HIPS

Live protection

Device Control

Web Control

AD Sync

MDM

Policy type User-based User-based User-based User-based Server-based

Platform Windows, Mac Windows, Mac iOS, Android Windows, Mac,iOS, Android

WindowsServer

2525

Product Interface

26

26

27

27

28

28

29

User / Group Based Policy

30

30

31

Easy Reporting

3232

SMC 4.0 – Benefit Overview

33

What is SMC?

• For IT professionals that want to enable mobility, Sophos Mobile Control manages and secures mobile devices, content, and applications with a user-centric approach that delivers the simplest experience for users and administrators.

34

• Data Protection that Doesn’t End at the Office Door

• Integrated Security (Anti-malware, Web Filtering, UTM integration)

• User Centric (user based pricing and simple UI)

Core Benefits of SMC 4.0

!

35

Mobile Content Management Data Protection that Doesn’t End at the Office Door

• Mobile Encryption built into the SMC Console

• Ensures Secure Content Collaboration

• Only EMM vendor to offer individual File Encryption protected even “beyond the Cloud” with gated entry to each file

• Ensures that each document that is connected to the server remains secure

36

A glimpse into Secure Content Collaboration

37

Integrated AV (malware protection)

Integrated Security

38

39

Web Filtering

Integrated Security

X

40

Integrated Security

41

Network Access Control

Integrated Security

!

42

Integrated Security

43

Integrated Security

4444

UTM Advantage (9.3)

45

IT Manager Survey on SpiceWorks

Top complaints about current firewalls

Profit

Poor performance

Poor value

Not easy to manage

Insufficient security & control

Insufficient reporting & visibility

46

Stronger Protection

Simply Securing Content

• Time quotas, tagging, and selective SSL scanning bolsters web protection

• SPX encryption user portal simplifies data protection

• WAF features improve our TMG replacement advanage

UTM Advantage 9.3Enhancing Protection – New Features:

Better Everywhere

Extending deployment flexibility

• Microsoft Hyper-V 2012 support• Remote assistance in a click with

customer-controlled secure access• Multiple Bridge Support

Smarter WiFi

Taking Secure WiFi to the next level

• Automated wireless optimization• New HTTPS and multi-tenancy hotspots• Support for new APs and

wireless appliances• Availabilty of SMS authentication*

47

Top 3 New Features in Web Protection

• Time quota policy - users can browse specified categories for a set period per day

• Site tagging – enables sites to be tagged and tags to be used in policies (e.g. “customer sites” or “research sites”)

• Selective HTTPS Scanning – automatically determines which encrypted connections to scan

Other Notable Features:

• Updated App Control engine – broader app coverage (1300 Apps) and enhanced ATP

• Performance Improvements – proxy optimizations resulting in 20% performance improvement and 75% memory reduction

• True File Type Detection – can block archives based on the files they contain

Enterprise level SWG features – poweful, flexible, simple

48

Time Quota PolicyPolicy: Select the categories and the time quota…

User Experience

Helpdesk

(Reset if needed)

49

Site TaggingTag sites to create unlimited custom categories

Use tags in policy just like other categories

50

Selective HTTPS ScanningOptimize performance and privacy by scanning only sites that pose a risk

51

Top 3 New Features in Email Protection

• SPX Self-Registration – provides a portal so users can register, recover, and reset their own SPX passwords

• SPX Reply Portal Support for Attachments – SPX replys can now support email attachments.

• Live Anti-Virus – implemented Sophos AV engine for email with added protection from malware in emails by doing cloud lookups on suspicious content and true-file-type detection

Simpler SPX Email Encryption and Better Email AV

52

SPX Self-Registration Portal

53

SPX Secure Reply with Attachments

54

Top 3 New Features in Web Server Protection

• Flexible Setup – allow/deny lists for IP ranges, wildcards for server farms, username prefix/suffix settings, support for custom WAF rules

• WAF Performance– Scan size limits and for customers only using a UTM for WAF, they can dial up the capacity of the WAF

• Persistent SSO – (coming a bit later) better user experience that doesn’t require them to re-enter credentials when accessing different MS applications

Improving our Advantage as a TMG Replacement…

55

Top 3 New Features in Wireless Protection

• Automated WiFi Optimization – extends automatic channel selection beyond startup to work ongoing in the background

• Hotspot Multi-tenancy and HTTPS – Allows one UTM to be used to service different hotspots and encrypt the portal page.

• SMS Authentication – (available as needed) allow users to request access to a hotspot on their phone and receive voucher via SMS

Taking Wireless Protection to the next level

56

Top 3 Better Everywhere Features

• Hyper-V 3.5 – adds support for Microsoft Hyper-V Server 2012 R2 including MS Integration Tools v3.5 which will add HA/LB to Hyper-V

• Remote Assistance In-a-Click – enables webadminaccess to the UTM by Sophos Support with the click of a single button

• Multi-Bridge Support – improves deployment options

Extending deployment flexibility

5757

iView

58

Added Visbility

Increased depth and breadth of reporting

• Over 1000 built-in reports and views• Compliance reporting: HIPAA, PCI DSS,

GLBA, SOX• Fully customizable reports & views

with extensive drill-down capabilities

Sophos iViewExtending Reporting – Key Features and Benefits:

Security Intelligence

Identify issues before they become problems

• Rich dashboard and detailed traffic reports offer intelligent insights

• Easily monitor suspect users or traffic anomalies

• Quickly identify attacks on your network

Consolidated Reporting

Centralized reporting across multiple UTMs

• Works out-of-the-box with all Sophos UTMs• Single centralized view of all network activity

• Great for larger organizationsand MSPs

Log Management

Backup and long-term log storage

• Automated backups of all UTM logs for long-term storage• Eliminates reporting gaps if replacing/upgrading a UTM

• Quick access and retrieval of historical data for audits and forensics

59

Easy setup - iView

60

Easy setup - UTM

61

Added Visibility

62

Compliance ReportingHelping customers meet key compliance reporting requirements

63

Consolidated ReportingReporting across multiple UTMs

64

Security and IntelligenceTraffic and threat trend reporting

65© Sophos Ltd. All rights reserved.