Sophos XG Firewall
IP PartnersICT Systems & Services
www.ippartners.gr
XG Firewall Overview
Today’s top firewall problems
Visibility
Protection
Complexity
What IT managers say about their existing firewall…
doesn't identify risky users or apps
doesn't alert me to threats
is missing features
makes it difficult to configure
does not isolate infected systems
makes it difficult to find information
Firewall Satisfaction Survey (Spiceworks 2017)
My Firewall…
Top Concerns
Sophos XG Firewall
4
Unrivalled Security, Simplicity, and Insight
Simpler to Manage Instant InsightsSynchronized security
Streamlined workflows Unified policies Policy templates
Control center User & App Risk On-box reporting
Security Heartbeat™ Identify & Isolate APTs Dynamic app ID
Complete Protection
Firewall & Wireless Web, Apps, APT Email and WAF
XG Firewall
5
Unrivalled Security, Simplicity, and Insight
3. Simpler to ManageXG Firewall makes managing advanced protection simple• Unified policy and rule management brings everything together in one place• Enterprise-grade web policy is powerful, flexible and easy• Business application templates simplify setup & guide best-practices
1. Complete ProtectionMore-in-one protection than any other firewall• Advanced Threat Protection from the latest botnets and APTs• Next-generation Network, IPS, wireless, web, and app control• Optional email anti-spam, DLP, encryption and full-featured WAF
4. Instant InsightsUnprecedented insights into user and network activity• Control center surfaces critical information using traffic-light style indicators• User and application risk indicators identify issues before they become problems• Extensive on-box reporting included at no-extra charge provides even deeper insights
2. Synchronized SecurityAutomated threat protection and response• Industry-first synchronizing IT security products to share telemetry• Security Heartbeat™ can automatically respond and isolate compromised systems• Unknown App Identification enables the firewall to identify unknown traffic
XG Firewall Ecosystem
Sophos Firewall OS (SF-OS)New Firewall Operating System
and Software Platform (available on Azure)
XG Series AppliancesIdentical to SG Series exceptcome preloaded with SF-OS
Migration ToolsEnabling an easy migration from
UTM 9 to SF-OS
Sophos Firewall Manager (SFM)Full-featured on-premise Centralized Management
Sophos Central Firewall Manager (CFM)Centralized Firewall Management in the Cloud
(for partners only initially – coming to Central soon!)
Sophos iView ReportingUpdated on-premise Centralized Reporting
Synchronized SecurityIntegration with Sophos Endpoints
for enhanced protection & response
XG Firewall’s Unique Innovations
7
What makes XG Firewall Unique
8
Innovative features you just can’t get anywhere else
Synchronized Security
• Links Endpoints and Firewall to share telemetry and status
• Enables features like Security Heartbeat™ & Real-time App ID
Unified Firewall Rules and Policies
• All firewall rules on one screen with snap-in user-based policies
• Policy templates simplify protecting business applications
Enterprise-grade Secure Web Gateway
• Powerful top-down inheritance based web policy model
• Easy and intuitive to build sophisticated user and group based policies
User and Application Risk Assessment
• Automatically identifies high risk users and applications on the network
• Identifies potential issues before they become real problems
No-compromise Deployment and Central Management
• The most flexible deployment options without compromise: XG Series, software, virtual, IaaS (Azure)
• Comprehensive centralized management and reporting made simple
Synchronized Security
9
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™
RED Heartbeat
Firewall detects traffic from Endpoint
!
Unified Firewall Rules and Policies
10
Making management easier
All firewall rules in one place
User, Network, Business Applications
Powerful filtering options
By rule type, zone, status or ID
At a glance indicators
Type, source, destination, users, service,
traffic status, heartbeat, QoS, and natural
language description
Policy Templates
11
Custom tailored templates enable easy & proper protection for common business apps
Enterprise-grade Secure Web Gateway
12
Powerful tools for building sophisticated user and group based web policies
Top-down inheritance policy model
Makes building sophisticated policies easy
and intuitive. The same kind of SWG usually
found only in dedicated enterprise products.
Pre-defined policy templates
Out-of-the-box policies for included for
workplace, CIPA compliance, and more
Powerful customization
Custom define users/groups, activities
(URLs, categories, file types), allowed action,
and time-of-day and day-of-week constraints
User Risk Assessment
13
Automatically identifying top risk users on the network
Automatically identifying top risk userson the network – before they become aproblem
App Risk Assessment
14
Automatically identifying top application risks and overall app risk
Risk: LowA few high risk applications and users are operating on the network – continue to monitor the situation carefully
Risk: HighTake action and setup an application control policy before data loss, abuse, or illegal activity become a real problem
Deployment flexibility without compromise
15
XG Series Hardware
Full range of hardware appliances with wireless AP and RED add-ons
Multi-core processors, solid-state storage, generous RAM
Industry-leading performance at all price points – Miercom tested
Virtual/Software
Vmware, Hyper-V, Citrix XEN, KVM
Flexibility regarding resource assignment and high availability
Compatible with all x86 hardware
IaaS
Available in Microsoft Azure Marketplace
Up and running in minutes with preconfigured VM
Pay-as-you-go or BYOL
Flexible deployment options optimized for today’s business
XG FirewallHow XG does user policy better
16
Layer-8 User Identity and Awareness made simple
17
Covers all areas of the Firewall. Consolidated. Easy to Manage
IPS QoS Web Apps Routing
Powerful user/group policy enforcement made simple
18
Simply snap-in your sophisticated user and group based polices to a single firewall rule
Define your user/group web enforcement policy Snap-it-in to your desired firewall rule
Sophos Transparent Authentication Suite (STAS)
19
Making user identity transparent and reliable. Single-Sign-On (SSO) made easy
MicrosoftActive Directory
Server
STASCollector & Agent
No client required on devices for SSO!
XG Firewall
AuthenticationInformation
What’s NewXG Firewall v16 & v16.5
20
21
HA support for dynamic WAN interfaces
Per-rule and Policy-based routing
Google Apps Control
Microsoft Azure SupportTwo-Factor Authentication
Support for 3rd party URL databases
New Navigation
New AP 15C and RED 15w support
Enhanced Anti-Spam
STAS GUI configuration
Synchronized SecurityApp Identification
Streamlined FirewallRule Screen
Firewall-to-firewall RED tunnels
Clone firewall and other rules
Log Viewer EnhancementsEnhanced Control Center
Email Per-DomainRouting and MTA
SPX Email Encryption reply portal
Support for 3rd party URL databases
New User/Group Web Policy
Creative Commons SafeSearchImage Enforcement
Enhanced Security Heartbeat
Firewall domain name
Missing SecurityHeartbeat Detection
120!Over…
New Features
XG Firewall v16Continuing to build on the story
Simplified User ExperienceCreating a more intuitive experience across all areas of the product from navigation to policy to logging & more
New Protection FeaturesOver 120 new features improvingprotection and flexibility across all areasof the firewall
Added Synchronized SecurityAdding new Synchronized Security features to the arsenal to improve protection, enforcement and visibility
Simplified User Experience
23
New in XG Firewall v16:
Easier Navigation
Enhanced Control Center Widgets
Streamlined Policy Setup
Improved Logging and Trouble-shooting Tools
Complete Protection
24
New in XG Firewall v16:
New Enterprise-Grade Secure Web Gateway
Two-factor Authentication
Email Enhancements (Routing, Policy Tools, MTA)
Microsoft Azure Support
Synchronized Security
25
Cloud Intelligence
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat DetectionIdentifying & isolating compromised endpoints
Destination HeartbeatBlock access to compromised servers and endpoints
Unknown App IdentificationInsights and control over unknown app traffic
New in XG Firewall v16
Synchronized Security
26
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Unknown App Identification
GREEN Heartbeat
Firewall detects unknown traffic from Endpoint
Firewall requests context from endpoint
Application information is exchanged
The adoption ofcloud infrastructure
and services is accelerating
• IaaS spending to grow 38.4% in 2016
• Cloud is the fastest growing business at Microsoft (Azure, Office 365, CRM)
• All driven by immense benefits in pay-for-what-you-use, convenience, flexibility, reliability and scalability
XG Firewall on Azure
28
Consistent Experience
Same easy user experience
Familiar and consistent
Primary Use-cases
NGFW, WAF, IPS, SWG, VPN
Easy deployment and simple licensing
Deploy virtual machine in minutes from the
Microsoft Azure Marketplace
BYOL or Pay-as-you-go (hourly) licensing
XG FirewallAdvanced Threat Protection
29
Evasion Techniques
ObfuscationPolymorphism
Delayed Activity
DeliveryMethods
MS Office Files with Macros and PDF
Documents via email and web
IoT devices beingHacked
CripplingImpact
Potential loss ofall data with encryption
DevastatingDDoS attacks
FinanciallyMotivated
Ransoming accessto your data or
devices forsignificant
sums of money
$
How advanced threats work
31
Your Network
C & C Servers Target1. Infiltrate
CyberCriminal
Hack systems remotelyEmail AttachmentsCompromised websitesUSB devices
2. Call Home
Register SuccessGet Instructionsor Encryption Key
5. Bot AttackScanDDoSDNS AmplificationBruteforceSpam
4. Steal Data
Upload sensitive orvaluable data
3. Ransom
Encrypt data andransom access
Need Defense in Depth – Complete Protection
32
Need Network Traffic Analysiso App, Web and Email Protection
o Advanced Threat Protection
o Malicious traffic detection and call-home
Need Payload Analysiso Sandboxing
Need Endpoint Behavior Analysiso Next-Gen Endpoint with Anti-exploit
Need To Know Where to Looko Synchronized Security dramatically increases visibility
Need Forensicso Root-cause analysis
Gartner, Sophos and other experts agree…
Advanced Threat Protection in XG FirewallA full suite of technologies to protect against the latest zero-day threats
Enterprise Web & MailProtection
SecurityHeartbeat
AdvancedThreat
Protection
Full-featured
WAF
CloudSand-Boxing
Utilizing a multi-layer approach of DNS, IPS& URL filtering
Providing immediate insight and automatic response to threats
Identifying the latest zero-day threats like bots and ransomware
With sophisticated policy tools and protection engines
Able to provide reverse-proxy, authoffloading and server hardening
Sophos Sandstorm
One of our fastest growing productsNow Available on XG Firewall
Sophos Sandstorm
35
Cloud-sandboxing – available now
Suspect Control Report
Sophos Sandstorm
Hash ?
Determine Behavior
Intercept X and XG Firewall provide a powerful defense
To block advanced threats like ransomware and botnets!
and together Intercept X and XG Firewall can automatically respond to threats for you – saving you
time and preventing further incidents
36
Sophos Sandstorm Visibility
Sophos Sandstorm Detailed Historical Reporting
38
Synchronized Security
39
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Security Heartbeat™
RED Heartbeat
Firewall detects traffic from Endpoint
!
Synchronized Security
40
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Missing Heartbeat
MISSING Heartbeat
Firewall detects traffic from Endpoint
?
Synchronized Security
41
Admin
Endpoint/Next-Gen EndpointUTM/Next-Gen Firewall Destination Heartbeat™
GREEN Heartbeat
!RED Heartbeat
Connections to/from the compromised system are blocked
Endpoint attempts to connect to compromised system
How XG Firewall and Intercept X can protect
42
Your Network
C & C Servers Target1. Infiltrate
CyberCriminal
Hack systems remotelyEmail AttachmentsCompromised websitesUSB devices
2. Call Home
Register SuccessGet Instructionsor Encryption Key
5. Bot AttackScanDDoSDNS AmplificationBruteforceSpam
4. Steal Data
Upload sensitive orvaluable data
3. Ransom
Encrypt data andransom access
XG Firewall
• Protects devices and serversfrom being hacked & infiltrated
• Blocks compromised websites• Catches spam and phishing• Sandboxes suspicious files
(to catch bots and ransomware)
XG Firewall• Detects bots and ransomware
attempting to call home• Automatically responds and isolates
infected systems• Prevents data exfiltration• Prevents bots and threats moving
laterally across network segmentsIntercept X
• Detects and stopsransomware & exploits
Central Management made Simple
43
Central Management: Sophos Firewall ManagerFull-featured centralized management for multiple firewalls
• Multiple monitoring views
• Instant visibility into network status
• Flexible grouping and organization
• Policy templates make deployingnew firewalls fast and simple
• Push, pull, replicate policies
• Ensures consistent protection
• Configure individual devices
• Consistent UI/workflow with on-box
Deployment options
• 3 hardware models
• Virtual/Software
Central Reporting: Sophos iView ReportingConsolidated centralized reporting
• Consolidated reporting across devices
• Support for SF-OS, UTM9, CyberoamOS
• Flexible grouping and organization
• Compliance reportingHIPPA, PCI-DSS, GLBA, SOX,
• Backup and long-term data storage
Deployment options
• Virtual/Software
Why Customers Choose Sophosfor their next firewall
46
Why customers are choosing Sophos
47
for their next firewall
2. Simpler to manageWe make enterprise-grade protection easier to manage than any other firewall product, saving time and ensuring proper protection.
3. Instant insightsWe surface just what’s important with unique insights into user and app risk as well as rich on-box reporting at no extra charge
1. Complete protectionWe provide more-in-one appliance than any other vendor with synchronized security that automates response to incidents.
4. Top PerformanceOur firewall delivers industry leading performance at every price point.
5. Trusted industry leaderSophos is among the top 3 vendors in the industry and has been a Gartner Magic Quadrant leader for the past 5 years.
UTM &Deployment
Next-GenFirewalland ATP
SynchronizedSecurity
Sophos XG Firewall
CheckPointNGFW
WatchGuardFirebox
Fortinet FortiGate
SonicWALLNSA
CiscoMeraki
FastPath Packet Optimization ✔ ✔ ✔
Dual AV Engines ✔
Intrusion Prevention System ✔ ✔ ✔ ✔ ✔ ✔
Application Control ✔ ✔ ✔ ✔ ✔ ✔ (partial)
Web Protection and Control ✔+ ✔ ✔ ✔ ✔ ✔
User and App Risk Assessment & Visibility ✔ ✔ (partial)
HTTPS Filtering ✔ ✔ ✔ ✔ ✔ ✔
Advanced Threat Protection ✔ ✔ ✔ ✔ ✔ ✔
Sandboxing ✔ ✔ ✔ ✔ ✔ ✔
Identify Compromised Host, User, & Process ✔
Compromised System Isolation ✔
Unknown Application Identification ✔
Full-Featured Web Application Firewall ✔ +1Box +1Box
Email AV, AS, Encryption & DLP ✔ +1Box +1Box +1Box +1Box +1Box
Full Historical Reporting ✔ +1Box +1Box +1Box +1Box
Plug-and-Play Remote Office Security (RED) ✔
Flexible Deployment (HW, SW, VM, IaaS) ✔ ✔ No SW/IaaS No SW No SW/IaaS HW only
The XG Firewall Advantage
A Leader in Unified Threat Management
49
• Sophos first entered into this MQ publication in March 2012, positioned in the Leader quadrant – and has retained this position for 5 consecutive publications
• Sophos remains one of only three leaders after Dell and WatchGuard were demoted last year
• Gartner’s perception of Sophos is even better than last year, recognizing the strength of Synchronized Security, the breadth of our security portfolio and that we are growing - taking market share from our competitors
• In relative terms Sophos is edging closer on Fortinet and leaving smaller vendors trailing further behind
This graphic is published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Sophos.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.
Gartner Magic QuadrantUNIFIED THREAT MANAGEMENT
Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016
Source: Gartner (February 2016)
Only Vendor Positioned as Leader in Endpoint Protection and UTM
Gartner Magic QuadrantENDPOINT PROTECTION
Gartner Magic QuadrantUNIFIED THREAT MANAGEMENT
Magic Quadrant for Unified Threat Management, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, 30 August 2016
Magic Quadrant for Endpoint Protection Platforms, Peter Firstbrook, Eric Ouellet, 1 February 2016
These graphics are published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner documents are available upon request from Sophos.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.All statements in this report attributable to Gartner represent Sophos’ interpretation of data, research opinion or viewpoints published as part of a syndicated subscription service by Gartner, Inc., and have not been reviewed by Gartner. Each Gartner publication speaks as of its original publication date (and not as of the date of this presentation). The opinions expressed in Gartner publications are not representations of fact, and are subject to change without notice.
XG Firewall – How to buy
51
Deployment, Licensing and Optional Add-ons
Firewall & VPN Wireless
Network Protection Web & App Protection
EmailProtection
Web ServerProtection
XG Series Appliances
Software/Virtual
IaaS
Base LicenseDeployment Choices
EnterpriseProtect (NGFW)
TotalProtect Plus
SandstormProtection
Options
Sophos FirewallManager & iView
RED Devices
Wireless APs