1 / 26

Next-Generation Endpoint Protection Enduser Protection

Next-Generation Endpoint Protection Enduser Protection. Sophos Portfolio. Secure the Perimeter Ultimate enterprise firewall performance, security, and control. Secure the Endpoint (PC/Mac) Next Gen Endpoint security to prevent, detect, investigate and remediate. Next-Gen Endpoint Protection.

yale
Télécharger la présentation

Next-Generation Endpoint Protection Enduser Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Next-GenerationEndpoint ProtectionEnduser Protection

  2. Sophos Portfolio Secure the PerimeterUltimate enterprise firewall performance, security, and control. Secure the Endpoint (PC/Mac) Next Gen Endpoint security to prevent, detect, investigate and remediate Next-Gen Endpoint Protection Next-Gen Firewall /UTM Secure the Web Advanced protection, control, and insights that’s effective, affordable, and easy. Secure the Mobile Device Secure smartphones and tablets just like any other endpoint Web Security Mobile Control Network Enduser Protect the Data Simple-to-use encryption for a highly effective last line of defense against data loss Secure the Email Email threats and phishing attacks don’t stand a chance with transparent email filtering. Sophos Central Email Security SafeGuardEncryption Secure the Wireless Super secure, super easy Wi-Fi. Secure the Servers Protection optimized for server environment (physical or virtual): fast, effective, controlled Server Security Wireless Security

  3. Agenda Security Landscape Secure the PerimeterUltimate enterprise firewall performance, security, and control. Secure the Endpoint (PC/Mac) Next Gen Endpoint security to prevent, detect, investigate and remediate Endpoint Protection Next-Gen Endpoint Protection Next-Gen Firewall /UTM Server Security Secure the Web Advanced protection, control, and insights that’s effective, affordable, and easy. Secure the Mobile Device Secure smartphones and tablets just like any other endpoint Web Security Synchronized Security Mobile Control Network Enduser SafeGuard Encryption Protect the Data Simple-to-use encryption for a highly effective last line of defense against data loss Secure the Email Email threats and phishing attacks don’t stand a chance with transparent email filtering. Sophos Central Email Security SafeGuardEncryption Secure the Wireless Super secure, super easy Wi-Fi. Secure the Servers Protection optimized for server environment (physical or virtual): fast, effective, controlled Server Security Wireless Security

  4. The world is changing Attacks are more sophisticated than defenses Syndicated crime tools Zero day exploits Memory resident Polymorphic/metamorphic Network and endpoint integrated Advanced Persistent Threats Math Point Products AV is Dead Next-Generation Signatureless Behavior Analytics Attack surface exponentially larger Laptops/Desktops Phones/Tablets Virtual servers/desktops Cloud servers/storage Detonation Anti-virus IPS Firewall Sandbox Zero-Day Exploit Big Data Zero Trust Sandbox

  5. Continued industrialization of malware Cyber Crime Damages(Juniper report) • $500 Billion WW damages • Growing to $1.5T by 2019 New Cyber Security market defined • Endpoint Detection and Remediation Emergence of new ‘Next Gen’ vendors • Focused on detect and remediate • Exploit detection / Runtime Analytics • SEIM / Security Operations Center • Malicious activity hunting/ High FP Diverse and sophisticated adversaries • Criminal syndicates • Nation states • Hacktivists Growth in Malware • 350,000 400,000 new malware programs per day Successful Attacks(2015 Cyber threat defense) • Over 70% of organizations report having been compromised by a successful cyber attack in the last 12 months

  6. Agenda Security Landscape Endpoint Protection Next-Gen Endpoint Protection Server Security Synchronized Security Mobile Control Enduser SafeGuard Encryption Sophos Central SafeGuardEncryption Server Security

  7. What Sophos Endpoint Protection Does • Prevention • Correlates threat indicators to block web and application exploits, dangerous URLs, potentially unwanted apps and malicious code • DetectionAnalyzes software behavior and network traffic in real time, alerting you to hidden threats that can be missed by traditional AV technology • Device control • Reputation • Lockdown • Sandboxing • Patch • Static file analysis • Dynamic file analysis • Behavior Analytics • Malicious Traffic Detection • Sync Security • Encryption Key Shredding • Network Lockdown • Sophos Clean • Synchronized Security • Response • Removes detected malware automatically or isolates compromised devices in order to prevent damage

  8. The Sophos EndpointTODAY Simple management Integration beyond the endpoint Seamless integrated agent Prevention Detection Respond Exposure prevention Execution prevention Runtime detection Respond & remove Comprehensive platform support Curated threat intelligence

  9. How Sophos protects on the endpointBeyond signature based protection Respond Detect Prevent • Runtime lookups and automated updates • 24/7 threat monitoring and model curation • Champion/Challenger model testing • Automated Efficacy, Efficiency and False positive testing prior to publishing • Driven by data science + threat analyst expertise Runtime Detection Runtime behavior Exploit Detect & Prevent Data loss prevention Ransomware Prevent Execution Prevention File analytics Heuristic evaluation On-device emulation Signature checking ExposurePrevention Web protection Web and App control Download reputation Device control Incident Response Malware Removal Malware Quarantine Incident Response Report Automatic Root Cause determination SOPHOSLABS BIG DATA 5% 15% 80% Threat Intelligence AUTOMATION LEVERAGED EXPERTISE

  10. Breach Response The ‘Kill Chain’ Investigate Remediate Adjust Security Exposure Delivery Exploit Execute Command Control Action on Objective Prevent Detect Respond Sophos confidential Exposure – Web Protection, Device Control Delivery – Download Reputation Exploit – Runtime Memory Analytics Execution – File Analytics / Heuristics Command & Control • Malicious Traffic Action on Objective • Data Loss Prevention • File Encryption Investigate • Alerting and Reports Remediate • Malware Removal • Malware Quarantine Sophos Central Endpoint Advanced Anti-Malware

  11. Anti-Hacking Next Generation • Understand objectives and methods used • Detect the attack on the device and processes • Stop the malicious activity • Track the action to a root cause • Provide answers to critical questions This method looks for hacking Traditional anti-malware • Understand the malware • Identify its components • Block its delivery • Detect its presence on the device through file, process, signal and attribute monitoring • Lockdown the device to trusted applications only This method looks for malware

  12. Sophos Intercept/Ultimate Core Capabilities • Signatureless detection • CryptoGuard – Detect and recover from ransomware • Comprehensive Exploit Prevention • Malicious Traffic Detection • Synchronized Security • Incident Response Report • Automatic Identification of root cause • IOC artifact list • Visualization of the attack events • Forensic Malware Removal • Sophos Clean a 2nd opinion scanner Packaging • Intercept Runs alongside competitive AV • Ultimate is the most complete Sophos EP Exploit Protection • CryptoGuard • Simple and Comprehensive • Universally prevents spontaneous encryption of data • Notifies end user on rapid encryption events • Rollback to pre-encrypted state Incident Response CRYPTOGUARD Sophos Clean

  13. CryptoGuard September 2016 Ransomware Over $1B in ransom payments projected for 2016 (source FBI) Cryptowall costs users $325M in 2015 • 2 out of 3 infections by phishing attack • Delivered by drive by exploit kits • 100’s of thousands of victims world wide Now for MAC and Windows users Targeting everyone • CryptoGuard • Simple and Comprehensive • Universally prevents spontaneous encryption of data • Notifies end user on rapid encryption events • Rollback to pre-encrypted state CRYPTOGUARD

  14. Data Breaches - The root of the problem • 400,000 new malware per day Sophos - Intercept • Exploit and Ransomwareprevention • Incident Response Report • Automatic Root Cause Attribution SIEM, EDR, UEBA • Anomaly Detection • Security Operations Center • Forensic breach assessment teams Patch Management • Vulnerability Scanning • Device Management • Patch testing and deployment Traditional Anti-Virus • File Analytics • Heuristics • URL Blocking • Black/White Lists • Signatures • Sandboxing ∞ More questions than answers • >90% of data breaches use exploits >70% of companies breached Nearly 200 days from vulnerability to patch • >6800 vulnerabilities per year >30% increase from 2015 Very few new exploit methods per year • 10’s Available Exploit Methods Anti-Exploit – Targets the root of the problem

  15. Why Is It So Challenging to Address New Threats? Security 6,787 new vulnerabilities in 2015 31% increase from 2014 (Source: Gartner) 193 Days on average to fix vulnerabilities after initial discover (Source: WhiteHat Security) “More than 90% of all breaches are caused by a few hundred commercial exploit kits.” (Source: NSSLabs) IT Ops

  16. Exploit Prevention - Methods Exploit Protection • Signature-less • Detect and Prevent Application Exploits

  17. So the Endpoint found and removed malware.. What happened? “ “ What damage has been done? Did they steal important data? Where did it get in? Should we contact a Regulator? “ “ When? How? Where? Who? Why? What?

  18. Understanding the Root Cause of attackFirst – keep a log of what the endpoints has been doing Sophos Data Recorder Operating Systems • Windows • MAC OS in early 2017 Capacity • Up to 30 days of activity • 100 MB • Local to the device • Under 0.5% CPU utilization Memory Registry Network File system Process activity

  19. Branched Threat Chains – Threat Chain includes suspect activity related to the root cause Incident Response – Understanding the activityWhen an event happens automatically track back to the root cause • Written by iExplore.exe • From URL fred.com At Risk Assets – Identification of all productivity documents related to the complete threat chain • Datacollector.exe Created Beacon Event Exploit Malicious Traffic Ransomware File analytics HIPS Scan Root Cause Attribution– PDF delivered from USB Recommended Action– Leverage Device Control Threat Chain – full list of IOCs from the Sophos Data Recorder including process, registry, file, network activity Timeline of events – View the chain of events from root cause to detection, filter out unrelated activities. Time

  20. Sophos confidential

  21. Sophos confidential

  22. Sophos Clean – How it works

  23. Sophos Clean – Works with competitive AV

  24. Breach Response The ‘Kill Chain’ Investigate Remediate Adjust Security Exposure Delivery Exploit Execute Command Control Action on Objective Prevent Detect Respond Available September 2016 Sophos confidential Command & Control • Malicious Traffic Action on Objective • Data Loss Prevention • File Encryption Investigate • Alerting and Reports Remediate • Malware Removal • Malware Quarantine Exposure – Web Protection, Device Control Delivery – Download Reputation Exploit – Runtime Memory Analytics Execution – File Analytics / Heuristics Sophos Central Endpoint Ultimate Anti-Malware Action – Event Recorder Investigate – Incident Report Remediate – Forensics Cleanup Adjust Sec – Recommended Actions Exploit – Exploit Prevention Execution – CryptoGuard

More Related