Sophos Day Belgium - What's cooking in Sophos' Network Security Group?

1. Sophos XG Firewall The next thing in next-gen Chris McCormack NSG Product Marketing November, 2016

2. What we’ll cover… 2 Today’s Top Problems with Existing Firewalls Sophos XG Firewall What’s New Live Demo What’s Next

3. Today’s top firewall problems Compounded by trends in network security Poor performance Poor value Too complex Insufficient security & control Insufficient visibility Top complaints with existing Firewalls (2016*) Network Security Trends Enormous amounts of data collected More than any IT manager can consume More sophisticated threats Evasive, targeted, zero-day threats Increasing number of solutions Too many features, too many products $ Spiralling costs of security More solutions competing for similar budget Unprecedented network demands Cloud, IaaS, vanishing perimeter, BYOD *Sophos commissioned a survey of mid-market IT managers on Spiceworks

4. Sophos XG Firewall 4 Solving today’s top problems with existing Firewalls Central ManagementSimpler to manage Instant visibility Synchronized security Top performance  Streamlined workflows  Unified policies  Policy templates  Control center  User & App Risk  On-box reporting  Linking firewall & EP  Security Heartbeat™  Dynamic app ID  Industry-leading HW  FastPath optimization  High-performance proxy  Full-featured & consistent  Cloud or on-premise  Free for partners Complete protection  Firewall & Wireless  Web, Apps, APT  Email and WAF

5. XG Firewall’s Unique Innovations 5

6. What makes XG Firewall Unique 6 Innovative features you just can’t get anywhere else Synchronized Security • Links Endpoints and Firewall to share telemetry and status • Enables features like Security Heartbeat™ & Real-time App ID Unified Firewall Rules and Policies • All firewall rules on one screen with snap-in user-based policies • Policy templates simplify protecting business applications Enterprise-grade Secure Web Gateway • Powerful top-down inheritance based web policy model • Easy and intuitive to build sophisticated user and group based policies User and Application Risk Assessment • Automatically identifies high risk users and applications on the network • Identifies potential issues before they become real problems No-compromise Deployment and Central Management • The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure) • Comprehensive centralized management and reporting made simple

7. Synchronized Security 7 Admin Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™ RED Heartbeat Firewall detects traffic from Endpoint !

8. Synchronized Security 8 Admin Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat MISSING Heartbeat Firewall detects traffic from Endpoint ?

9. Synchronized Security 9 Admin Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Destination Heartbeat™ GREEN Heartbeat !RED Heartbeat Connections to/from the compromised system are blocked Endpoint attempts to connect to compromised system

10. Synchronized Security 10 Admin Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Dynamic App Identification GREEN Heartbeat Firewall detects unknown traffic from Endpoint Firewall requests context from endpoint Application information is exchanged

11. Unified Firewall Rules and Policies 11 Making management easier All firewall rules in one place User, Network, Business Applications Powerful filtering options By rule type, zone, status or ID At a glance indicators Type, source, destination, users, service, traffic status, heartbeat, QoS, and natural language description

12. Policy Templates 12 Custom tailored templates enable easy & proper protection for common business apps

13. Enterprise-grade Secure Web Gateway 13 Powerful tools for building sophisticated user and group based web policies Top-down inheritance policy model Makes building sophisticated policies easy and intuitive. The same kind of SWG usually found only in dedicated enterprise products. Pre-defined policy templates Out-of-the-box policies for included for workplace, CIPA compliance, and more Powerful customization Custom define users/groups, activities (URLs, categories, file types), allowed action, and time-of-day and day-of-week constraints

14. User Risk Assessment 14 Automatically identifying top risk users on the network Automatically identifying top risk users on the network – before they become a problem

15. App Risk Assessment 15 Automatically identifying top application risks and overall app risk Risk: Low A few high risk applications and users are operating on the network – continue to monitor the situation carefully Risk: High Take action and setup an application control policy before data loss, abuse, or illegal activity become a real problem

16. Deployment flexibility without compromise 16 XG Series Hardware Full range of hardware appliances with wireless AP and RED add-ons Multi-core processors, solid-state storage, generous RAM Industry-leading performance at all price points – Miercom tested Virtual/Software Vmware, Hyper-V, Citrix XEN, KVM Flexibility regarding resource assignment and high availability Compatible with all x86 hardware IaaS Available in Microsoft Azure Marketplace Up and running in minutes with preconfigured VM Pay-as-you-go or BYOL Flexible deployment options optimized for today’s business

17. XG Firewall – How to buy 17 Deployment, Licensing and Pricing Firewall & VPN Wireless Network Protection Web & App Protection Email Protection Web Server Protection XG Series Appliances Software/ Virtual IaaS Base License Total Bundle or À la carte Deployment Choices NGFW Bundle

18. XG Firewall How XG does user policy better 18

19. Layer-8 User Identity and Awareness made simple 19 Covers all areas of the Firewall. Consolidated. Easy to Manage IPS QoS Web Apps Routing

20. Powerful user/group policy enforcement made simple 20 Simply snap-in your sophisticated user and group based polices to a single firewall rule Define your user/group web enforcement policy Snap-it-in to your desired firewall rule

21. Sophos Transparent Authentication Suite (STAS) 21 Making user identity transparent and reliable. Single-Sign-On (SSO) made easy Microsoft Active Directory Server STAS Collector & Agent No client required on devices for SSO! XG Firewall Authentication Information

22. XG Firewall v16 22

23. 23 HA support for dynamic WAN interfaces Per-rule and Policy-based routing Google Apps Control Microsoft Azure SupportTwo-Factor Authentication Support for 3rd party URL databases New Navigation New AP 15C and RED 15w support Enhanced Anti-Spam STAS GUI configuration Synchronized Security App Identification Streamlined Firewall Rule Screen Firewall-to-firewall RED tunnels Clone firewall and other rules Log Viewer Enhancements Enhanced Control Center Email Per-Domain Routing and MTA SPX Email Encryption reply portal Support for 3rd party URL databases New User/Group Web Policy Creative Commons SafeSearch Image Enforcement Enhanced Security Heartbeat Firewall domain name Missing Security Heartbeat Detection 120! Over… New Features

24. XG Firewall v16: Key Focus Areas User Experience Creating a more intuitive experience across all areas of the product from navigation to policy to logging & more New Features Over 120 new features including the 35 most-wanted features from UTM 9 across web, email, 2FA & more Synchronized Security Adding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility

25. Headline Enhancements 25 New (more familiar) Nav Redesigned SWG-style Web Policy Email Enhancements (MTA) Logging and Troubleshooting Two-factor authentication Synchronized Security Missing Heartbeat Real-time app visibility Destination Heartbeat Microsoft Azure Support

26. Live Demo 26

27. What’s Next 27

28. SFM/CFM for v16 28 Entering beta soon Full-Featured Manage all firewall features Monitoring, alerting, role-based admin Easy Time Savers Policy templates make enrollment quick Firmware update management Deployment Flexibility On-Prem (Hardware, Software, Virtual) Free in the cloud for Partners Cloud coming for customers in v17

29. Sophos Sandstorm 29 Cloud-sandboxing – coming to XG Firewall in v16.5 (December) Suspect Control Report Sophos Sandstorm Hash ? Determine Behavior

30. How Effective is It? 30 10-20 One university that deployed Sandstorm blocked over 400 new macro variants in the first few weeks. Very delighted with the simplicity and effectiveness of Sophos Sandstorm. Daily detonated files per customer 0.4-1.8Daily malware detected per customer

32. 32

33. 33

34. XG Firewall on Sophos Central 34 •Full-featured multi-device •On-prem or cloud (partners) •Single device and HA clusters •Zero-touch and alerting •Simple groups & multi-device •API Support Sophos Firewall Manager Sophos Central Single Device Sophos Central Multi-Device Q4Q1 Q2 Q3 CY 2017

35. Why Customers Choose Sophos for their next firewall 35

36. Why customers are choosing Sophos 36 for their next firewall 1. Simpler to manage We make advanced next-gen protection easier to manage than any other firewall product, making it easier to ensure proper protection. 2. Instant insights We include extensive rich on-box reporting at no extra charge and unique insights into risks and activity. 3. Complete protection We provide more-in-one appliance than any other vendor. 4. Top Performance Our firewall delivers industry leading performance at every price point. 5. Trusted industry leader Sophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.

37. A Leader in Unified Threat Management 37 • Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant – and has retained this position for 5 consecutive publications • Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year • Gartner’s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors • In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice. Gartner Magic Quadrant UNIFIED THREAT MANAGEMENT Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016

Sophos Day Belgium - What's cooking in Sophos' Network Security Group?

Sophos Day Belgium - What's cooking in Sophos' Network Security Group?

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente(19)

Destacado

Destacado(18)

Similar a Sophos Day Belgium - What's cooking in Sophos' Network Security Group?

Similar a Sophos Day Belgium - What's cooking in Sophos' Network Security Group?(20)

Más de Sophos Benelux

Más de Sophos Benelux(11)

Último

Último(20)

Sophos Day Belgium - What's cooking in Sophos' Network Security Group?

Notas del editor