Sophos XG Firewall IP Partners ICT Systems & Services - - PowerPoint PPT Presentation

Sophos XG Firewall

IP Partners

ICT Systems & Services

www.ippartners.gr

XG Firewall Overview

Today’s top firewall problems

Visibility Protection Complexity

What IT managers say about their existing firewall…

doesn't identify risky users or apps doesn't alert me to threats is missing features makes it difficult to configure does not isolate infected systems makes it difficult to find information

Firewall Satisfaction Survey (Spiceworks 2017)

My Firewall…

Top Concerns

Sophos XG Firewall

4

Unrivalled Security, Simplicity, and Insight

Simpler to Manage Instant Insights Synchronized security

 Streamlined workflows  Unified policies  Policy templates  Control center  User & App Risk  On-box reporting  Security Heartbeat™  Identify & Isolate APTs  Dynamic app ID

Complete Protection

 Firewall & Wireless  Web, Apps, APT  Email and WAF

XG Firewall

5

Unrivalled Security, Simplicity, and Insight

• 3. Simpler to Manage

XG Firewall makes managing advanced protection simple

• Unified policy and rule management brings everything together in one place
• Enterprise-grade web policy is powerful, flexible and easy
• Business application templates simplify setup & guide best-practices
• 1. Complete Protection

More-in-one protection than any other firewall

• Advanced Threat Protection from the latest botnets and APTs
• Next-generation Network, IPS, wireless, web, and app control
• Optional email anti-spam, DLP, encryption and full-featured WAF
• 4. Instant Insights

Unprecedented insights into user and network activity

• Control center surfaces critical information using traffic-light style indicators
• User and application risk indicators identify issues before they become problems
• Extensive on-box reporting included at no-extra charge provides even deeper insights
• 2. Synchronized Security

Automated threat protection and response

• Industry-first synchronizing IT security products to share telemetry
• Security Heartbeat™ can automatically respond and isolate compromised systems
• Unknown App Identification enables the firewall to identify unknown traffic

XG Firewall Ecosystem

Sophos Firewall OS (SF-OS)

New Firewall Operating System and Software Platform (available on Azure)

XG Series Appliances

Identical to SG Series except come preloaded with SF-OS

Migration Tools

Enabling an easy migration from UTM 9 to SF-OS

Sophos Firewall Manager (SFM)

Full-featured on-premise Centralized Management

Sophos Central Firewall Manager (CFM)

Centralized Firewall Management in the Cloud (for partners only initially – coming to Central soon!)

Sophos iView Reporting

Updated on-premise Centralized Reporting

Synchronized Security

Integration with Sophos Endpoints for enhanced protection & response

XG Firewall’s Unique Innovations

7

What makes XG Firewall Unique

8

Innovative features you just can’t get anywhere else

Synchronized Security

• Links Endpoints and Firewall to share telemetry and status
• Enables features like Security Heartbeat™ & Real-time App ID

Unified Firewall Rules and Policies

• All firewall rules on one screen with snap-in user-based policies
• Policy templates simplify protecting business applications

Enterprise-grade Secure Web Gateway

• Powerful top-down inheritance based web policy model
• Easy and intuitive to build sophisticated user and group based policies

User and Application Risk Assessment

• Automatically identifies high risk users and applications on the network
• Identifies potential issues before they become real problems

No-compromise Deployment and Central Management

• The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure)
• Comprehensive centralized management and reporting made simple

Synchronized Security

9

Admin

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Security Heartbeat™

RED Heartbeat

Firewall detects traffic from Endpoint

!

Unified Firewall Rules and Policies

10

Making management easier

All firewall rules in one place

User, Network, Business Applications

Powerful filtering options

By rule type, zone, status or ID

At a glance indicators

Type, source, destination, users, service, traffic status, heartbeat, QoS, and natural language description

Policy Templates

11

Custom tailored templates enable easy & proper protection for common business apps

Enterprise-grade Secure Web Gateway

12

Powerful tools for building sophisticated user and group based web policies

Top-down inheritance policy model

Makes building sophisticated policies easy and intuitive. The same kind of SWG usually found only in dedicated enterprise products.

Pre-defined policy templates

Out-of-the-box policies for included for workplace, CIPA compliance, and more

Powerful customization

Custom define users/groups, activities (URLs, categories, file types), allowed action, and time-of-day and day-of-week constraints

User Risk Assessment

13

Automatically identifying top risk users on the network

Automatically identifying top risk users

• n the network – before they become a

problem

App Risk Assessment

14

Automatically identifying top application risks and overall app risk

Risk: Low

A few high risk applications and users are

• perating on the network – continue to

monitor the situation carefully

Risk: High

Take action and setup an application control policy before data loss, abuse, or illegal activity become a real problem

Deployment flexibility without compromise

15

XG Series Hardware

Full range of hardware appliances with wireless AP and RED add-ons Multi-core processors, solid-state storage, generous RAM Industry-leading performance at all price points – Miercom tested

Virtual/Software

Vmware, Hyper-V, Citrix XEN, KVM Flexibility regarding resource assignment and high availability Compatible with all x86 hardware

IaaS

Available in Microsoft Azure Marketplace Up and running in minutes with preconfigured VM Pay-as-you-go or BYOL

Flexible deployment options optimized for today’s business

XG Firewall How XG does user policy better

16

Layer-8 User Identity and Awareness made simple

17

Covers all areas of the Firewall. Consolidated. Easy to Manage IPS QoS Web Apps Routing

Powerful user/group policy enforcement made simple

18

Simply snap-in your sophisticated user and group based polices to a single firewall rule

Define your user/group web enforcement policy Snap-it-in to your desired firewall rule

Sophos Transparent Authentication Suite (STAS)

19

Making user identity transparent and reliable. Single-Sign-On (SSO) made easy

Microsoft Active Directory Server

STAS Collector & Agent No client required on devices for SSO! XG Firewall

Authentication Information

What’s New

XG Firewall v16 & v16.5

20

21 HA support for dynamic WAN interfaces

Per-rule and Policy-based routing

Google Apps Control

Microsoft Azure Support Two-Factor Authentication Support for 3rd party URL databases

New Navigation

New AP 15C and RED 15w support Enhanced Anti-Spam

STAS GUI configuration

Synchronized Security App Identification

Streamlined Firewall Rule Screen

Firewall-to-firewall RED tunnels

Clone firewall and other rules

Log Viewer Enhancements Enhanced Control Center

Email Per-Domain Routing and MTA

SPX Email Encryption reply portal

Support for 3rd party URL databases New User/Group Web Policy

Creative Commons SafeSearch Image Enforcement

Enhanced Security Heartbeat

Firewall domain name

Missing Security Heartbeat Detection

120!

Over… New Features

XG Firewall v16

Continuing to build on the story

Simplified User Experience

Creating a more intuitive experience across all areas of the product from navigation to policy to logging & more

New Protection Features

Over 120 new features improving protection and flexibility across all areas

• f the firewall

Added Synchronized Security

Adding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility

Simplified User Experience

23

New in XG Firewall v16: Easier Navigation Enhanced Control Center Widgets Streamlined Policy Setup Improved Logging and Trouble- shooting Tools

Complete Protection

24

New in XG Firewall v16: New Enterprise-Grade Secure Web Gateway Two-factor Authentication Email Enhancements (Routing, Policy Tools, MTA) Microsoft Azure Support

Synchronized Security

25

Cloud Intelligence

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Missing Heartbeat Detection

Identifying & isolating compromised endpoints

Destination Heartbeat

Block access to compromised servers and endpoints

Unknown App Identification

Insights and control over unknown app traffic

New in XG Firewall v16

Synchronized Security

26

Admin

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Unknown App Identification

GREEN Heartbeat

Firewall detects unknown traffic from Endpoint Firewall requests context from endpoint Application information is exchanged

The adoption of cloud infrastructure and services is accelerating

• IaaS spending to grow

38.4% in 2016

• Cloud is the fastest

growing business at Microsoft (Azure, Office 365, CRM)

• All driven by immense

benefits in pay-for-what- you-use, convenience, flexibility, reliability and scalability

XG Firewall on Azure

28

Consistent Experience

Same easy user experience Familiar and consistent

Primary Use-cases

NGFW, WAF, IPS, SWG, VPN

Easy deployment and simple licensing

Deploy virtual machine in minutes from the Microsoft Azure Marketplace BYOL or Pay-as-you-go (hourly) licensing

XG Firewall Advanced Threat Protection

29

Evasion Techniques

Obfuscation Polymorphism Delayed Activity

Delivery Methods

MS Office Files with Macros and PDF Documents via email and web IoT devices being Hacked

Crippling Impact

Potential loss of all data with encryption Devastating DDoS attacks

Financially Motivated

Ransoming access to your data or devices for significant sums of money

$

How advanced threats work

31

Your Network

C & C Servers Target

• 1. Infiltrate

Cyber Criminal

Hack systems remotely Email Attachments Compromised websites USB devices

• 2. Call Home

Register Success Get Instructions

• r Encryption Key
• 5. Bot Attack

Scan DDoS DNS Amplification Bruteforce Spam

• 4. Steal Data

Upload sensitive or valuable data

• 3. Ransom

Encrypt data and ransom access

Need Defense in Depth – Complete Protection

32

Need Network Traffic Analysis

• App, Web and Email Protection
• Advanced Threat Protection
• Malicious traffic detection and call-home

Need Payload Analysis

• Sandboxing

Need Endpoint Behavior Analysis

• Next-Gen Endpoint with Anti-exploit

Need To Know Where to Look

• Synchronized Security dramatically increases visibility

Need Forensics

• Root-cause analysis

Gartner, Sophos and other experts agree…

Advanced Threat Protection in XG Firewall

A full suite of technologies to protect against the latest zero-day threats

Enterprise Web & Mail Protection Security Heartbeat Advanced Threat Protection Full- featured WAF Cloud Sand- Boxing

Utilizing a multi-layer approach of DNS, IPS & URL filtering Providing immediate insight and automatic response to threats Identifying the latest zero-day threats like bots and ransomware With sophisticated policy tools and protection engines Able to provide reverse-proxy, auth

• ffloading and server

hardening

Sophos Sandstorm

One of our fastest growing products

Now Available on XG Firewall

Sophos Sandstorm

35

Cloud-sandboxing – available now Suspect Control Report

Sophos Sandstorm

Hash

?

Determine Behavior

Intercept X and XG Firewall

provide a powerful defense

To block advanced threats like ransomware and botnets!

and together Intercept X and XG Firewall can automatically respond to threats for you – saving you time and preventing further incidents

36

Sophos Sandstorm Visibility

Sophos Sandstorm Detailed Historical Reporting

38

Synchronized Security

39

Admin

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Security Heartbeat™

RED Heartbeat

Firewall detects traffic from Endpoint

!

Synchronized Security

40

Admin

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Missing Heartbeat

MISSING Heartbeat

Firewall detects traffic from Endpoint

?

Synchronized Security

41

Admin

Endpoint/Next-Gen Endpoint UTM/Next-Gen Firewall

Destination Heartbeat™

GREEN Heartbeat ! RED Heartbeat

Connections to/from the compromised system are blocked Endpoint attempts to connect to compromised system

How XG Firewall and Intercept X can protect

42

Your Network

C & C Servers Target

• 1. Infiltrate

Cyber Criminal

Hack systems remotely Email Attachments Compromised websites USB devices

• 2. Call Home

Register Success Get Instructions

• r Encryption Key
• 5. Bot Attack

Scan DDoS DNS Amplification Bruteforce Spam

• 4. Steal Data

Upload sensitive or valuable data

• 3. Ransom

Encrypt data and ransom access

XG Firewall

• Protects devices and servers

from being hacked & infiltrated

• Blocks compromised websites
• Catches spam and phishing
• Sandboxes suspicious files

(to catch bots and ransomware)

XG Firewall

• Detects bots and ransomware

attempting to call home

• Automatically responds and isolates

infected systems

• Prevents data exfiltration
• Prevents bots and threats moving

laterally across network segments

Intercept X

• Detects and stops

ransomware & exploits

Central Management made Simple

43

Central Management: Sophos Firewall Manager

Full-featured centralized management for multiple firewalls

• Multiple monitoring views
• Instant visibility into network status
• Flexible grouping and organization
• Policy templates make deploying

new firewalls fast and simple

• Push, pull, replicate policies
• Ensures consistent protection
• Configure individual devices
• Consistent UI/workflow with on-box

Deployment options

• 3 hardware models
• Virtual/Software

Central Reporting: Sophos iView Reporting

Consolidated centralized reporting

• Consolidated reporting across devices
• Support for SF-OS, UTM9, CyberoamOS
• Flexible grouping and organization
• Compliance reporting

HIPPA, PCI-DSS, GLBA, SOX,

• Backup and long-term data storage

Deployment options

• Virtual/Software

Why Customers Choose Sophos

for their next firewall

46

Why customers are choosing Sophos

47

for their next firewall

• 2. Simpler to manage

We make enterprise-grade protection easier to manage than any other firewall product, saving time and ensuring proper protection.

• 3. Instant insights

We surface just what’s important with unique insights into user and app risk as well as rich on-box reporting at no extra charge

• 1. Complete protection

We provide more-in-one appliance than any other vendor with synchronized security that automates response to incidents.

• 4. Top Performance

Our firewall delivers industry leading performance at every price point.

• 5. Trusted industry leader

Sophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.

UTM & Deployment Next-Gen Firewall and ATP Synchronized Security

Sophos XG Firewall CheckPoint NGFW WatchGuard Firebox Fortinet FortiGate SonicWALL NSA Cisco Meraki FastPath Packet Optimization

✔ ✔ ✔

Dual AV Engines

✔

Intrusion Prevention System

✔ ✔ ✔ ✔ ✔ ✔

Application Control

✔ ✔ ✔ ✔ ✔ ✔ (partial)

Web Protection and Control

✔+ ✔ ✔ ✔ ✔ ✔

User and App Risk Assessment & Visibility

✔ ✔ (partial)

HTTPS Filtering

✔ ✔ ✔ ✔ ✔ ✔

Advanced Threat Protection

✔ ✔ ✔ ✔ ✔ ✔

Sandboxing

✔ ✔ ✔ ✔ ✔ ✔

Identify Compromised Host, User, & Process

✔

Compromised System Isolation

✔

Unknown Application Identification

✔

Full-Featured Web Application Firewall

✔ +1Box +1Box

Email AV, AS, Encryption & DLP

✔ +1Box +1Box +1Box +1Box +1Box

Full Historical Reporting

✔ +1Box +1Box +1Box +1Box

Plug-and-Play Remote Office Security (RED)

✔

Flexible Deployment (HW, SW, VM, IaaS)

✔ ✔

No SW/IaaS No SW No SW/IaaS HW only

The XG Firewall Advantage

A Leader in Unified Threat Management

49

• Sophos first entered into this MQ publication in March 2012,

positioned in the Leader quadrant – and has retained this position for 5 consecutive publications

• Sophos remains one of only three leaders after Dell and WatchGuard

were demoted last year

• Gartner’s perception of Sophos is even better than last year,

recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from

• ur competitors
• In relative terms Sophos is edging closer on Fortinet and leaving

smaller vendors trailing further behind

• riginal publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.

Gartner Magic Quadrant

UNIFIED THREAT MANAGEMENT

Only Vendor Positioned as Leader in Endpoint Protection and UTM

Gartner Magic Quadrant

ENDPOINT PROTECTION

Gartner Magic Quadrant

UNIFIED THREAT MANAGEMENT

• riginal publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.

XG Firewall – How to buy

51

Deployment, Licensing and Optional Add-ons

Firewall & VPN Wireless Network Protection Web & App Protection Email Protection Web Server Protection XG Series Appliances Software/ Virtual IaaS

Base License Deployment Choices EnterpriseProtect (NGFW) TotalProtect Plus

Sandstorm Protection

Options

Sophos Firewall Manager & iView RED Devices Wireless APs