1

John Shaw, VP Product ManagementOctober 8th 2015

The next generation of security

2

Advanced Persistent Threats …….

3

Advanced Persistent Threats …….

4

Toolkits put the advanced techniques quickly in the hands of the bad guys …

5

So it’s not just an issue for the big companies

Sophos Confidential

R: 228G: 98B: 0

R: 0G: 84B: 144

R: 127G: 127B: 127

Note: Source PWC 2015 Information security breaches survey, UK1. Large organizations and SMBs consist of enterprises with >250 employees and 1-249 employees respectively

63% of UK small/medium businesses know they were infected by malware in the past year.

38%of UK small/medium businesses know they were attacked by an unauthorized outsider

74% of UK small/medium businesses had a security incident last year

42.8m global security incidents from 9,700 companies surveyed, up 66%

6

“Antivirus is dead”

“Conventional antivirus software is an outmoded way of protecting computers

against malware.”

The perception of endpoint security

“The current anti-virus method of detecting and blocking known samples is

no longer effective.”

“Antivirus software is now so ineffective at detecting new malware threats most enterprises are probably wasting their

money buying it.”

7

Many security companies tend to push one technology – Maslow’s hammer

8

RemediationRemoves detected malware automatically; Encrypts data and controls

network access to prevent damage from running malware

PreventionCorrelates threat indicators to block web and application exploits, dangerous URLs, potentially unwanted apps and malicious code

DetectionAnalyzes software behavior and network traffic in real time, alerting

you to hidden threats that can be missed by traditional AV technology

Sophos Next Generation Endpoint Protection

9

Typical attack vector

User visits a compromised site or views a malicious ad on a site

Browser is silently redirected to a server running an exploit kit

Malicious code and/or doc exploits vulnerabilities in OS or application

Malware is downloaded/installed onto the computer

Initial exposure

Redirect chain

Exploit

Infection

Command and control via indirectionPayloads – data theft, CPU, ransomware …

Payload

10

How Sophos Next Gen Endpoint protects

User visits a compromised site or views a malicious ad on a site

Browser is silently redirected to a server running an exploit kit

Malicious code and/or doc exploits vulnerabilities in OS or application

Malware is downloaded/installed onto the computer

Initial exposure

Redirect chain

Exploit

Infection

Web Control. Block bad URLsReputation. Block low reputation sources

Block known bad URLsBlock malicious redirect code

Exploit prevention (JavaScript, PDF, Office, Flash, etc.)

Pre-execution emulationHeuristic analysisLive Protection (known malware)

Payload Malicious Traffic DetectionFile EncryptionThreat Analysis Center (2016) Command and control via indirection

Payloads – data theft, CPU, ransomware …

11

Sophos Labs is big data analytics

150,000Malware files added to “Live Protection” Cloud daily as a quick detection response

50%Of our detections are based on 19 malware identities.

3 millionSpam email messages per day seen by our 80 spam feeds across 20 countries

600million

“Live Protection” file lookup events added to Hadoop clusters for analysis every day

1 millionSuspicious URLs seen and analyzed each day from 70 sources

350,000Previously unseen files received each day within SophosLabs, 3 every second!

Confidential : The following roadmap is intended to outline Sophos’s general product direction. It is intended for information purposes only and does not and shall not form part of any contract. The roadmap is not a commitment to deliver any product, version, feature, update, upgrade, code, material or otherwise (collectively referred to “Functionality”), and should not be relied upon when making purchasing decisions. The ongoing development, release and timing of any Functionality or otherwise, remains entirely at the discretion of Sophos.

12

Evolution of security

Point Products

Anti-virus

IPS

Firewall

Sandbox

Layers

Bundles

Suites

UTM

EMM

Synchronized Security

Project Galileo

Sophos Heartbeat

13

A single connected security system that links intelligence from the network and endpoint to make faster and smarter decisions

Project Galileo - A Revolution in Protection

SOPHOS HEARTBEAT

NEXT-GENENDUSER SECURITY

SOPHOS CLOUD

NEXT-GENNETWORK SECURITY

SOPHOSLABS

Automated ResponseNetwork policies to automatically isolate or limit the access for compromised systems

until they are cleaned up

Accelerated DiscoveryEndpoint MTD and Network ATP features

combine to rapidly spot infected hosts across your entire estate

Positive Identificationby enabling network and endpoint to

communicate intelligence context

14

3 pillars of advanced threat protection

By device identification reduces time taken to manually identify infected or at risk device or host

by IP address alone

Compromised endpoints are isolated by the firewall

automatically, while the endpoint terminates and

removes malicious software.

Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeat™ pulses real-time information on suspicious

behaviors

Sophos Heartbeat

Accelerated Discovery

Positive Identification

Automated Response

Faster, better decisions Quicker, easier investigation Reduced threat impact

15

SOPHOS SYSTEMPROTECTOR

Sophos Cloud

Heartbeat in action – advanced threat detection

heartbeat

SOPHOS FIREWALLOPERATING SYSTEM

ApplicationTracking

Threat Engine

Application Control Reputation

EmulatorHIPS/

Runtime Protection

DeviceControl

MaliciousTraffic

Detection

Web Protection

IoCCollector

Live Protection

Heartbeat

Web Filtering

IntrusionPrevention

SystemRouting Email

Security

Heartbeat

SelectiveSandbox

ApplicationControl

Data LossPrevention

ATPDetectionProxy

ThreatEngine

Isolate subnet and WAN accessBlock/remove malwareIdentify & clean other infected systems

User | System | File

Compromise

Firewall

1616

Protecting data

17

Encryption is a also a threat protection technology

EndpointProtection

DataProtection

18

Reactive to Integrity

1919

Mobile

20

Tale of Two Endpoints

PC Management Mobile Device Management

21

N

Protect my company data not my users’ endpoints

Your device, our

data

22

N

EMM of the future is all about security – on all devices

Next gen end user protection Secure MYOD …

User registers a deviceCompany adds access to data, and security

Stop threats

Protect data

Protect identity

23

Project Galileo (1) Integrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection

Sophos Delivers Next Generation Threat Protection

Security must be comprehensiveThe capabilities required to fully satisfy customer need

Security can be made simplePlatform, deployment, licensing, user experience

Security is more effective as a systemNew possibilities through technology cooperation

Note:1. Project Galileo is currently under development and is planned to be released later in CY2015

Next Gen Enduser Security

Next Gen Network Security

Sophos Cloud

heartbeat

SOPHOS LABS