Beruflich Dokumente
Kultur Dokumente
What?
Now
Better than us
Diverse Actors
Fake anti-virus/scareware
Fake anti-virus
Fake anti-spyware
System optimizers
Et tu, Mac?
MacDefender, MacSecurity, and many more
Koobface
Feature rich and evolving
Who?
Estdomains
McColo
Botnet C&C
Spam sites
Child abuse content
Malware
Fake anti-virus
Identity Theft (500,000+ Bank accounts)
150 Years
$13-65 Billion
How?
Server-side polymorphism
Obfuscation engine on the server
(PHP)
JavaScript returned changes
on each page request
Challenge to generic detection
Core AV engine needs to
see through obfuscation
Cannot afford performance
hit
Large effort in building heuristics to
distinguish legitimate and
malicious JavaScript
Why?
Motives
Yes Stereotypes
Pharma profitability
Date
Orders
01
30
02
74
03
216
04
193
05
231
06
191
07
189
08
78
09
99
10
128
11
52
$7936/day
12
124
Whats it worth?
Pirated software
Endpoint protection
Exchange
Server Protection
Application
Control
Device Control
Anti-malware
Access control
Virtualization
Intrusion
prevention
Web
Protection
Firewall
Encryption
Data Control
Patch assessment
Anti-malware
Stop attacks and breaches
Sophos AV
A single engine to protect from all malware
Genotyping technology
Active Protection cloud technologies:
Intrusion prevention
Stop attacks and breaches
Sophos HIPS
Behavioral detection
Suspicious file detection
Suspicious behavior detection
Buffer overflow detection
Rules create by SophosLabs via Active Protection
Malware solved
Stop attacks and breaches
http://www.sophos.com/support/knowledgebase/article/113342.html
Layered protection
Stop attacks and breaches
Active Protection
Stop attacks and breaches
Endpoint
Web
Data
Mobile
Network
A threat network
Web protection
Protect everywhere
Basic Endpoint
Anti-virus
Firewall
Current
Out of
date
None
Disabled
None
Enabled
Patch Status
Patched
Unpatched
Patch assessment
Reduce attack surface
Application control
Reduce attack surface
Application control
Reduce attack surface
Online storage
Browsers
Instant messaging
Virtualization tools
Remote access
Games
Toolbars
Device control
Reduce attack surface
Device control
Reduce attack surface
Network devices:
Wi-Fi / Modems
Bluetooth
Infra-red
Data control
Stop attacks and breaches
PII
Client firewall
Stop attacks and breaches
Problem:
Solution:
Virtualization
We protect virtual environments. At no extra cost
Our lighter-weight agent is better than other traditional
Endpoint security solutions
Stagger scanning for virtual machines
No compromise on protection
Citrix Receiver plugin
Developing VMware vShield scanner
Encryption
Protect everywhere
Report
Report
Proof points
CRN: IT Buying Behaviors.
What are middle market CIOs saying?
Adjusting To The New Normal.
Middle market CIOs face the same day-to-day fightthey need to do more with less.
Small budgets and limited resources demand ROI on IT investments.
Bradley Burns, Technology Director, Duncan/Channon
..We are also looking for really good valuewhat kind of support we are going to
get, the product features. We look for all-in-one solutions with overall value.
Tony Diaz, Director of Information Technology, Montgomery & Co.
.CIOs have to take things in-house and choose vendor partners who offer more
all-in-one solutions for cheaper costs.
Security as an
add-on to a
platform
Partial security
Security portfolio
Complete
security
without
complexity
Complete Security
Learning Exercises
Endpoint & Web Security
Scenario #1
School Town of Munster has 4,000 student with over 3,200 notebook computers in
use across the network
Business Challenges
They consolidated their protection with Sophos in 2012 with the Complete Security
Suite
Learning Exercises
Endpoint & Web Security
Scenario #2
Investors Savings Bank 500 users, 52 locations across 8 countries
Business Challenges
Need more control protecting network and data from rapidly evolving security
threats
Also wanted to ensure compliance with tighter industry standards and government
regulations
Sophos web appliance is protecting the bank against malware, phishing threats and
unwanted applications
Sophos email appliance is stopping spam, phishing, malware and data leakage
Learning Exercises
Endpoint & Web Security
Scenario #3
Taco Bueno restaurant franchise has over 1,000 users across nine states
Business Challenges
Gain greater control over users' access to VoIP, games, social networking and other
applications that threaten security as well as productivity/
Strengthen its PCI compliance measures to further protect its customers' credit card
data
Sophoss professional services team helped upgrade all machines on its network for
190 restaurants across nine states
Upgrading the existing Sophos endpoint solution took the IT team less than two
hours
Taco Bueno chose Sophos Email Security, Sophos Web Security and Sophos
Endpoint Security and Control
Learning Exercises
Endpoint & Web Security
Scenario #4
Hitachi Medical Systems has 2 locations with 450 Users that include a large mobile
workforce
Business Challenges
IT would like to monitor and report on what these users are doing
While controlling the sites they visit is not critical understanding whats going on is
Complete Security