Sophos is a security software company founded in 1985 in Oxford, UK with approximately 2,500 employees. It focuses on providing integrated endpoint and network security solutions for mid-market enterprises through a channel-first sales model and managed delivery via the cloud. Sophos uses Amazon Web Services (AWS) to power its cloud-based services like Sophos Labs, which processes 400,000 transactions per second and provides active protection to over 100 million endpoints globally. AWS allows Sophos to scale its infrastructure elastically and focus on security rather than managing its own data centers.
2. Sophos at a Glance
1985
FOUNDED
OXFORD, UK
$450M
IN FY15 BILLING
(APPX.)
2,500
EMPLOYEES
(APPX.)
200,000+
CUSTOMERS
100M+
USERS
HQ
OXFORD, UK
90+%
BEST IN CLASS
RENEWAL RATES
15,000+
CHANNEL
PARTNERS
LARGEST TECH
IPO
in history on the
London Stock
Exchange
SOPH
STOCK
~£1.15B
MARKET CAP
3. Our Strategy
Security only Focus on mid-market enterprises
Complete security made simple Integrated next-generation
endpoint and network security
Managed and delivered through the
cloud ‘Channel First’ sales model
To
be
the
best
in
the
world
at
delivering
complete
IT
security
to
mid-‐market
enterprises
and
the
channel
that
serves
them
Mission
Strategy
4. Synchronized Security
Network
Security
§ Next Gen Firewall,
Unified Threat
Management
§ Secure Wifi
§ Web Gateway
§ Email Security
§ Endpoint
§ Mobile
§ Server
§ Encryption
SOPHOS
LABS
Security
Heartbeat
Enduser
Security
Sophos
Cloud
5. Avon & Wiltshire
Mental Health Partnership NHS Trust
Providing services at dozens of locations and increasingly, in patient homes
Large mobile workforce dealing with confidential patient information
• Uses Sophos Cloud to
manage Endpoint
protection
• No need for workers to
connect to their network
• Remote workers always
up to date
• Simple to manage
7. SophosLabs– Live Protection Via the Cloud
SophosLabs
Active Protection
Malware
Data
Website URL
Database
HIP
S
Rule
s
Reputati
on Data
Malicious
URLs
Spam
Campaign
s
Sensitive
Data
Types
Application
Categories
Devi
ce
Data
Mobile
Application
Reputation
Anonymizing
Proxies
Application
Patches
Network Servers Devices
We
b
Emai
l
Next
Gen FW
Web
App FW
Wifi
Smartphon
e/
Tablet
Workstatio
n/
Laptop
Data
Correlated Intelligence
Reputation Data
Content Classification
File
Web
Email
100,000,000
Endpoints/
Network
Devices
400,000
Transactions
per
Second
8. Before Amazon Web Services
Forced to build expertise
in:
• Hardware
• Procurement
• Data Centre
Management
…none of which our
customers value
9. Sophos Live Protection
Processing 400,000 transactions per second
CloudFormation
CloudTrail
CloudWatch
Availability Zone
AWS Region
Route 53
Auto Scaling group
Availability Zone
Availability Zone
CloudWatch
Logs
DynamoDB DynamoDB Streams ElastiCache
SQSS3
Availability Zone
AWS Region
Auto Scaling group
Availability Zone
Availability Zone
DynamoDB DynamoDB Streams ElastiCache
Availability Zone
AWS Region
Auto Scaling group
Availability Zone
Availability Zone
Logs
DynamoDB
DynamoDB DynamoDB Streams Elasticache
Auto Scaling group –worker nodes
Availability Zone Availability Zone
DynamoDBDynamoDB
SophosLabs
Active Protection
SQS
S3
10. Monitoring and Scaling
CloudWatch
Use custom application metrics
Sophos Labs logs with metric filters
identifies errors and alerts
Auto-Scaling
Driven by CloudWatch
Logic Monitor
Monitoring platform was customized
to track CloudWatch metrics
CloudTrail
Security alerts into ELK stack
11. Example: One service in one region
• Traffic Spikes
Typical peak traffic is 25x greater
than low points (50M/5 mins)
• Auto-scaling
Instances vary from 4 to 38 currently
13. Global Network Optimized for Mobile Workforce
Lightweight Endpoint Agent
• Proxies data traffic to a Sophos Gateway
• Dynamically chooses the best performing gateway
• Knows what traffic not to proxy based on policy
Globally distributed gateways
• Analyze each packet for threats
• Apply corporate policies
• Aggregate data for real-time analytics
Central Management
through Sophos Cloud
Globally Distributed Gateways