sophos day belgium - what's cooking in sophos' network security group?

Sophos XG FirewallThe next thing in next-gen

Chris McCormackNSG Product Marketing

November, 2016

2

What we’ll cover…

Today’s Top Problems with Existing FirewallsSophos XG Firewall

What’s NewLive Demo

What’s Next

Today’s top firewall problemsCompounded by trends in network security

Poor performance

Poor value

Too complex

Insufficient security & control

Insufficient visibility

Top complaints with existing Firewalls (2016*) Network Security Trends

Enormous amounts of data collectedMore than any IT manager can consume

More sophisticated threatsEvasive, targeted, zero-day threats

Increasing number of solutionsToo many features, too many products

$Spiralling costs of securityMore solutions competing for similar budget

Unprecedented network demandsCloud, IaaS, vanishing perimeter, BYOD

*Sophos commissioned a survey of mid-market IT managers on Spiceworks

4

Sophos XG FirewallSolving today’s top problems with existing Firewalls

Central ManagementSimpler to manage Instant visibility Synchronized security Top performance Streamlined workflows Unified policies Policy templates

Control center User & App Risk On-box reporting

Linking firewall & EP Security Heartbeat™ Dynamic app ID

Industry-leading HW FastPath optimization High-performance proxy

Full-featured & consistent Cloud or on-premise Free for partners

Complete protection Firewall & Wireless Web, Apps, APT Email and WAF

XG Firewall’s Unique Innovations

5

6

What makes XG Firewall UniqueInnovative features you just can’t get anywhere else

Synchronized Security

• Links Endpoints and Firewall to share telemetry and status

• Enables features like Security Heartbeat™ & Real-time App ID

Unified Firewall Rules and Policies

• All firewall rules on one screen with snap-in user-based policies

• Policy templates simplify protecting business applications

Enterprise-grade Secure Web Gateway

• Powerful top-down inheritance based web policy model

• Easy and intuitive to build sophisticated user and group based policies

User and Application Risk Assessment

• Automatically identifies high risk users and applications on the network

• Identifies potential issues before they become real problems

No-compromise Deployment and Central Management

• The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure)

• Comprehensive centralized management and reporting made simple

7


Admin

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™

RED HeartbeatFirewall detects traffic from Endpoint

!

8


Admin

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat

MISSING HeartbeatFirewall detects traffic from Endpoint

?

9


Admin

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Destination Heartbeat™

GREEN Heartbeat

!RED HeartbeatConnections to/from the compromised system are blocked

Endpoint attempts to connect to compromised system

10


Admin

Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App Identification

GREEN HeartbeatFirewall detects unknown traffic from Endpoint

Firewall requests context from endpoint

Application information is exchanged

11

Unified Firewall Rules and PoliciesMaking management easier

All firewall rules in one place

User, Network, Business Applications

Powerful filtering options

By rule type, zone, status or ID

At a glance indicators

Type, source, destination, users, service,traffic status, heartbeat, QoS, and naturallanguage description

12

Policy TemplatesCustom tailored templates enable easy & proper protection for common business apps

13

Enterprise-grade Secure Web GatewayPowerful tools for building sophisticated user and group based web policies

Top-down inheritance policy model

Makes building sophisticated policies easyand intuitive. The same kind of SWG usuallyfound only in dedicated enterprise products.

Pre-defined policy templates

Out-of-the-box policies for included for workplace, CIPA compliance, and more

Powerful customization

Custom define users/groups, activities(URLs, categories, file types), allowed action,and time-of-day and day-of-week constraints

14

User Risk AssessmentAutomatically identifying top risk users on the network

Automatically identifying top risk userson the network – before they become aproblem

15

App Risk AssessmentAutomatically identifying top application risks and overall app risk

Risk: LowA few high risk applications and users are operating on the network – continue to monitor the situation carefully

Risk: HighTake action and setup an application control policy before data loss, abuse, or illegal activity become a real problem

16

Deployment flexibility without compromise

XG Series HardwareFull range of hardware appliances with wireless AP and RED add-onsMulti-core processors, solid-state storage, generous RAMIndustry-leading performance at all price points – Miercom tested

Virtual/Software

Vmware, Hyper-V, Citrix XEN, KVMFlexibility regarding resource assignment and high availabilityCompatible with all x86 hardware

IaaS

Available in Microsoft Azure MarketplaceUp and running in minutes with preconfigured VMPay-as-you-go or BYOL

Flexible deployment options optimized for today’s business

17

XG Firewall – How to buy Deployment, Licensing and Pricing

Firewall & VPN Wireless

Network Protection

Web & AppProtection

EmailProtection

Web ServerProtection

XG Series Appliances

Software/Virtual

IaaS

Base License

Total Bundle or À la carte

Deployment Choices

NGFW Bundle

XG FirewallHow XG does user policy better

18

19

Layer-8 User Identity and Awareness made simpleCovers all areas of the Firewall. Consolidated. Easy to Manage

IPS QoS Web Apps Routing

20

Powerful user/group policy enforcement made simpleSimply snap-in your sophisticated user and group based polices to a single firewall rule

Define your user/group web enforcement policy Snap-it-in to your desired firewall rule

21

Sophos Transparent Authentication Suite (STAS)Making user identity transparent and reliable. Single-Sign-On (SSO) made easy

MicrosoftActive Directory

Server

STASCollector & Agent

No client required on devices for SSO!

XG Firewall

AuthenticationInformation

XG Firewall v16

22

23

HA support for dynamic WAN interfaces

Per-rule and Policy-based routing

Google Apps Control

Microsoft Azure SupportTwo-Factor Authentication

Support for 3rd party URL databases

New NavigationNew AP 15C and RED 15w support

Enhanced Anti-Spam

STAS GUI configuration

Synchronized SecurityApp Identification

Streamlined FirewallRule Screen

Firewall-to-firewall RED tunnels

Clone firewall and other rules

Log Viewer EnhancementsEnhanced Control Center

Email Per-DomainRouting and MTA

SPX Email Encryption reply portal

Support for 3rd party URL databases

New User/GroupWeb Policy

Creative Commons SafeSearchImage Enforcement

Enhanced Security Heartbeat

Firewall domain name

Missing SecurityHeartbeat Detection

120!Over…

New Features

XG Firewall v16: Key Focus AreasUser ExperienceCreating a more intuitive experience across all areas of the product from navigation to policy to logging & more

New FeaturesOver 120 new features including the 35 most-wanted features from UTM 9 across web, email, 2FA & more

Synchronized SecurityAdding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility

25

Headline EnhancementsNew (more familiar) NavRedesigned SWG-style Web PolicyEmail Enhancements (MTA)Logging and TroubleshootingTwo-factor authenticationSynchronized Security

Missing HeartbeatReal-time app visibilityDestination Heartbeat

Microsoft Azure Support

26

Live Demo

27

What’s Next

SFM/CFM for v16

28

Entering beta soon

Full-Featured

Manage all firewall features

Monitoring, alerting, role-based admin

Easy Time Savers

Policy templates make enrollment quick

Firmware update management

Deployment Flexibility

On-Prem (Hardware, Software, Virtual)

Free in the cloud for Partners

Cloud coming for customers in v17

29

Sophos SandstormCloud-sandboxing – coming to XG Firewall in v16.5 (December)

Suspect Control Report

Sophos Sandstorm

Hash ?

Determine Behavior

30

How Effective is It?

10-20

One university that deployed Sandstorm blocked over 400 new macro variants in the first few weeks. Very delighted with the simplicity and effectiveness of Sophos Sandstorm.

Daily detonated files per customer

0.4-1.8Daily malware detected per customer

34

XG Firewall on Sophos Central

•Full-featured multi-device•On-prem or cloud (partners)

•Single device and HA clusters•Zero-touch and alerting

•Simple groups & multi-device•API Support

Sophos FirewallManager

Sophos CentralSingle Device

Sophos CentralMulti-Device

Q4Q1 Q2 Q3CY 2017

Why Customers Choose Sophosfor their next firewall

35

36

Why customers are choosing Sophosfor their next firewall

1. Simpler to manageWe make advanced next-gen protection easier to manage than any other firewall product, making it easier to ensure proper protection.

2. Instant insightsWe include extensive rich on-box reporting at no extra charge and unique insights into risks and activity.

3. Complete protectionWe provide more-in-one appliance than any other vendor.

4. Top PerformanceOur firewall delivers industry leading performance at every price point.

5. Trusted industry leaderSophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.

37

A Leader in Unified Threat Management

• Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant – and has retained this position for 5 consecutive publications

• Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year

• Gartner’s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors

• In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind

This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose .All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.

Gartner Magic QuadrantUNIFIED THREAT MANAGEMENT

Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016

sophos day belgium - what's cooking in sophos' network security group?

Education