Synchronized Security and Security Heartbeat Rvolutionnons la protection
Synchronized Security and Security Heartbeat™ Révolutionnons la protection avancée contre les menaces Yassine Abbad Andaloussi Pre. Sales Manager - Morocco 1
État de la sécurité du réseau 2
Augmentation des pressions sur la sécurité informatique 1 EXPANSION des SURFACES D'ATTAQUE 2 Périmètre Disparu 4 La conscience des risques progresse 3 SOPHISTICATION D'ATTAQUE ACCRUE
1. EXPANSION DES SURFACES D'ATTAQUE …Et de la Taille du marché des Io. T … Nombre croissant de Dispositifs Mobiles … Phones and Ultramobiles (bn) 5. 0 5. 3 3, 040 ($bn) CAGR: 4. 7% 5. 6 5. 8 6. 1 6. 3 2014 2015 2016 2017 2018 … Avec un certain nombre de Systèmes D'exploitation … CAGR: 13% 1, 300 2013 2020 … Croissance Rapide dans l’Utilisation (IP) Internet (‘ 000 exabytes per month) CAGR: 20. 8% 51. 2 62. 5 75. 7 91. 3 2014 2015 2016 109. 7 2017 131. 6 2018
2. Périmètre Disparu Augmentation de la capacite de deployment Mondiale (Exabytes) 140. 9 Augmentation du nombre d'employés dans les programmes BYOD % of employees using a BYOD smartphone 61% 46% CAGR: 44. 1% 32. 7 2013 2017 Nombre croissant de bornes Wi-Fi 2014 2017 Population Mobile Croissante 2020
3. SOPHISTICATION D'ATTAQUE ACCRUE Zero-day Vulnerabilities Price of zero-day attacks in various applications or OS’s ($ ‘ 000) Adobe Reader 5 -30 Flash / Java 40 -100 Mac OSX 20 -50 Windows 60 -120 MSFT Word 50 -100 Firefox / Safari 60 -150 Android 30 -60 Chrome / IE 80 -200 IOS 100 -250 Source: Forbes Increasing Volume of Zero-day Vulnerabilities Zero-day vulnerabilities discovered per year 8 2011 23 24 2013 2014 14 2012
4. La conscience des risques progresse Nombre croissant de Hautes Attaques de Profil … Piratage de profil entreprise Anthem, Sony, Target, Home Depot, Adobe Piratage de profil personnel UK News International phone hacking scandal, i. Cloud celebrity nude photos Erosion de la confiance Snowden leaks, Gemalto, Super. Fish, Comodo/Diginotar CA breaches … Augmentetion du nombre d'organisations qui forment leur personnels sur la sensibilisation à la sécurité Large organisations SMBs % De grandes organisations fournissant une formation permanente de sensibilisation à la sécurité Source: PWC 62% 68% 2012 2014 % Des PME fournissant une formation continue sur la sensibilisation à la sécurité 46% 2012 Source: PWC 54% 2014
La sécurité est une priorité élevée pour les entreprises de toutes tailles Information Security Is a Priority For Top Management… …Is the TOP Priority For CIOs… Top 3 priorities 6% Large (1) organisations 18% 76% Small businesses 15% Low or no priority Neither high nor low priority Very high or high priority Source: PWC Yo. Y increase in spend in external IT projects Oct-14 IT security . . . Jan-15 8. 1% 5. 9% 82% #2 11. 5% 8. 1% 6. 2% 6. 5% (0. 2%) 3% (1) #1 …Increasing the Spend On Security Projects in All Categories 3. 5% 3. 1% 2. 6% Innovation Spending growth expectations 6. 8% 9. 1% 8. 4% 5. 0% #3 Cloud mobility Network Security 2014 Source: Grant Thornton survey 2015 Endpoint Security Source: Morgan Stanley research Spending on IT Security and Documenting Security Policies Is Increasing 5. 3% 7. 4% Risk & Compliance Monitoring 6. 6% 8. 4% Overall Security
Les entreprises de taille moyenne font face aux mêmes menaces que les grandes entreprises. …Impact Mid-Market Equally High Profile Enterprise Breaches… Hackers accessed information from 78. 8 million people Attack led to leaking 677, 335 user accounts Hackers gained access to *all* company data Card data stolen using installed malware 150 million passwords stolen Website compromise exposed customer card number and records 110 million records stolen Crypto. Locker police to pay cybercriminals to decrypt files 56 million credit cards and 53 million email addresses stolen Online store infiltrated, exposing customer records Data Breaches by Company Size (# of Employees) Unknown More than 100, 000 10, 001 -100, 000 22% 31% 1 -100 7% 20% 11% Source: Verizon data breach investigations report, 2013 9% 101 -1, 000 1, 001 -10, 000 At least 51% of data breaches affect organizations with fewer than 10, 000 employees
C’est quoi le probleme? 10
Le paysage des menaces 11
Attaques croissantes, sophistication croissante Surface d'attaque exponentiellement plus grande Ordinateurs portables Téléphones / Tablets Serveurs / postes de travail virtuels Serveurs / stockage Cloud Menaces plus sophistiquées Les attaques sont plus coordonnées que les défenses 12
Industrie de la sécurité … Une vue en 2 D 13
Il est temps pour une révolution de sécurité 14
Présentation de la sécurité synchronisée La sécurité doit être complète Les capacités exigées pour satisfaire entièrement le besoin du client La sécurité est plus efficace en tant que système Nouvelles possibilités grâce à la coopération technologique La sécurité peut être simplifiée Plate-forme, déploiement, licence, expérience utilisateur La Sécurité synchronisée Une sécurité intégrée et contextuelle où des technologies de sécurité distinctes partagent des informations significatives et travaillent ensemble pour offrir une meilleure protection. 15
La Sécurité synchronisée Données d’Entreprise WINDOWS PHONE i. OS WINDOWS Protection complete • Prévenir les Malwares • Détecter les compromise • Remédier aux menaces • Investigate Issues • Investiguer les points faible • Crypter des données MAC ANDROID LINUX 16
La prochaine génération de sécurité Produits Point Couches Sécurité synchronisée Anti-virus Bundles IPS Suites Security Heartbeat™ Firewall UTM Sandbox EMM 17
Intégration à un niveau différent Synchronized Security Alternative SIEM Management Enduser • • • Network Intelligence système Corrélation automatisée Prise de décision plus rapide Découverte de menace accélérée Réponse automatisée aux incidents Gestion unifiée simple • • • Endpoint Mgmt Network Mgmt Endpoint Network Utilisation intensive des ressources Corrélation manuelle Dépendant de l'analyse humaine Menace / Réponse manuelle aux incidents Produits supplémentaires Endpoint/Réseau ne se connaissent pas 18
Introduction de Sophos Security Heartbeat™ 19
Sophos Security Heartbeat™ La capacité unique de Sophos de permettre la communication sécurisée entre notre critère nouvelle génération et le pare-feu nouvelle génération, livrant la sécurité(le titre) synchronisée. The unique Sophos capability that enables secure communication between our next-gen endpoint and next-gen firewall, delivering synchronized security. Sophos Central Next Gen Network Security Next Gen Enduser Security heartbeat™ SOPHOS LABS 20
Advanced threat protection made real Security Heartbeat™ Accelerated Threat Discovery Active Source Identification Automated Incident Response Endpoint and network protection combine to identify unknown threats faster. Sophos Security Heartbeat™ pulses real-time information on suspicious behaviors User, device, and process identification reduces time taken to manually identify infected or at risk device or host by IP address alone Compromised endpoints are isolated by the firewall automatically, while the endpoint terminates and removes malicious software. Reduced threat impact Quicker, easier investigation Saves IT time & cost 21
Comprehensive Next-Gen Endpoint Application Control Threat Engine Web & app URL & Web Heuristics exploit download Protection analysis prevention reputation SOPHOS SYSTEM PROTECTOR Pre. Live execution Protection emulation Behavior analytics Device Control Security Heartbeat™ Malicious Traffic Detection 22
Comprehensive Next-Gen Network Routing Threat Engine Proxy Email Security Web Filtering Intrusion Prevention System SOPHOS FIREWALL OPERATING SYSTEM Selective Sandbox Application Control Data Loss Prevention Firewall ATP Detection 23
Synchronized Security 2016 24
Improved Threat Detection Sophos Central Application Control Web & app exploit prevention URL & download reputation Web Protection Heuristics analysis Routing Email Security Web Filtering Intrusion Prevention System Firewall heartbeat Threat Engine Live Protection SOPHOS SYSTEM PROTECTOR Preexecution emulation Behavior analytics Device Control Security Heartbeat™ Malicious Traffic Detection Proxy Compromise User | System | File SOPHOS FIREWALL OPERATING SYSTEM Selective Sandbox Application Control Data Loss Prevention Threat Engine ATP Detection Lockdown local network access Remove file encryption keys Terminate/remove malware Identify & clean other infected systems 25
Automated Protection of Endpoints Sophos Central Application Control Web & app exploit prevention URL & download reputation Web Protection Heuristics analysis Routing Email Security Web Filtering Intrusion Prevention System Firewall heartbeat Threat Engine Live Protection SOPHOS SYSTEM PROTECTOR Preexecution emulation Behavior analytics Device Control Security Heartbeat™ Malicious Traffic Detection Proxy Endpoint Win | Mac | Mobile SOPHOS FIREWALL OPERATING SYSTEM Selective Sandbox Application Control Data Loss Prevention Threat Engine ATP Detection Discover unmanaged Endpoints Could it be managed? Self-service portal setup User authentication Distribute security profile 26
Detect and Remediate Compromises Sophos Central Application Control Web & app exploit prevention URL & download reputation Web Protection Io. C Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall heartbeat Threat Engine Live Protection SOPHOS SYSTEM PROTECTOR Preexecution emulation Behavior analytics Device Control Security Heartbeat™ Malicious Traffic Detection Proxy Compromise User | System | File SOPHOS FIREWALL OPERATING SYSTEM Selective Sandbox Application Control Data Loss Prevention Threat Engine ATP Detection Identify compromise Detect source Assess impact Block/remove malware Identify & clean other infected systems 27
What the analysts are saying 28
Don’t just take our word for it! “No other company is close to delivering this type of communication between endpoint and network security products. ” Christianson, vice president of security programs, IDC “I have seen how the information passed in the Security Heartbeat has the potential to mitigate business risk, helping organizations accelerate the speed of detection and response. It is not just management interface integration; the two products share valuable information that can make each one more effective and efficient. “We consider Sophos XG appliances and Sophos Heartbeat software to be a significant innovation that can raise security performance standards for medium-sized organizations”. 451 Research For companies who do not have the luxury of extensive in-house security teams, this new approach can help bolster productivity while streamlining security operations. ” Jon Oltsik, ESG 29
Why Sophos 30
Only Vendor That Is a Gartner Leader in EP and UTM Gartner Magic Quadrant UNIFIED THREAT MANAGEMENT Gartner Magic Quadrant ENDPOINT PROTECTION Leaders Challengers Microsoft Eset Bitdefender Qihoo 360 Panda Security F-Secure IBM Check Point Threat. Track Security Niche players Lumension Webroot Landesk Stormshield Visionaries Completeness of vision Source: Gartner (December 2014) Ability to execute Fortinet Symantec Mc. Afee Trend Micro Kaspersky Check Point Cisco Dell Juniper Networks Barracuda Huawei Stormshield Hillstone Networks Aker Security Solutions Watch. Guard Gateprotect Niche players Visionaries Completeness of vision Source: Gartner (August 2015) 31
To sum up 32
The Synchronized Security difference Sophos Competition Synchronized Security Point Products Simple Complex Comprehensive Incomplete Prevention, Detection, Investigation, Remediation, Encryption Singular focus Enduser, Network, Server, Mobile, Web, Email, Encryption Endpoint or Network Automated Manual Block the known, unknown, advanced, coordinated attacks Partial Prevention 33
© Sophos Ltd. All rights reserved. 34
- Slides: 34