3. Augmentation des pressions sur la sécurité
informatique
SOPHISTICATION
D'ATTAQUE ACCRUE
La conscience des
risques progresse
Périmètre
Disparu
EXPANSION des
SURFACES D'ATTAQUE
1
2 3
4
4. 1. EXPANSION DES SURFACES D'ATTAQUE
Nombre croissant de Dispositifs Mobiles … …Et de la Taille du marché des IoT …
… Avec un certain nombre de Systèmes D'exploitation … … Croissance Rapide dans l’Utilisation (IP) Internet
5.0
5.3
5.6
5.8 6.1 6.3
2013 2014 2015 2016 2017 2018
Phones and Ultramobiles
(bn) CAGR: 4.7%
1,300
3,040
2013 2020
($bn)
CAGR: 13%
51.2 62.5 75.7 91.3 109.7
131.6
2013 2014 2015 2016 2017 2018
CAGR: 20.8%
(‘000 exabytes per month)
5. 32.7
140.9
2013 2017
2. Périmètre Disparu
Augmentation de la capacite de deployment Mondiale Augmentation du nombre d'employés dans les
programmes BYOD
(Exabytes)
CAGR: 44.1%
31%
46%
61%
2014 2017 2020
% of employees using a BYOD smartphone
Nombre croissant de bornes Wi-Fi Population Mobile Croissante
6. 3. SOPHISTICATION D'ATTAQUE ACCRUE
Zero-day Vulnerabilities
Increasing Volume of Zero-day Vulnerabilities
8
14
23 24
2011 2012 2013 2014
Zero-day vulnerabilities discovered per year
Adobe Reader
5-30
Source: Forbes
Price of zero-day attacks in various applications or OS’s
($ ‘000)
Mac OSX
20-50
Android
30-60
Flash / Java
40-100
MSFT Word
50-100
Windows
60-120
Firefox / Safari
60-150
Chrome / IE
80-200
IOS
100-250
7. 4. La conscience des risques progresse
Nombre croissant de Hautes Attaques de Profil …
… Augmentetion du nombre d'organisations qui forment leur personnels sur la sensibilisation à la sécurité
Piratage de profil personnel
UK News International phone hacking scandal,
iCloud celebrity nude photos
Erosion de la confiance
Snowden leaks, Gemalto, SuperFish,
Comodo/Diginotar CA breaches
Anthem, Sony, Target, Home Depot, AdobePiratage de profil entreprise
Large organisations SMBs
62% 68%
2012 2014
46% 54%
2012 2014
Source: PWC Source: PWC
% De grandes organisations fournissant une formation permanente de
sensibilisation à la sécurité
% Des PME fournissant une formation continue sur la sensibilisation à la sécurité
8. Spending on IT Security and Documenting Security Policies Is Increasing
…Is the TOP Priority For CIOs…
Top 3 priorities
Innovation
#2
Cloud mobility
#3
3%
6%
15%
18%
82%
76%
Small
businesses
Large
organisations
Low or no priority
Neither high nor low priority
Very high or high priority
Information Security Is a Priority
For Top Management…
IT security
#1
…Increasing the Spend On Security Projects in All
Categories
8.1%
5.9%
6.2%
(0.2%)
3.1%
11.5%
8.1%
6.5%
3.5%
2.6%
Security
Cloud…
DW/BI/…
Networking
Data Center
Oct-14 Jan-15
YoY increase in spend in external IT projects
8.4%7.4%8.4%9.1%
6.6%
5.3%5.0%
6.8%
Overall SecurityRisk & Compliance
Monitoring
Endpoint SecurityNetwork Security
Spending growth expectations
Source: PWC Source: Morgan Stanley research
La sécurité est une priorité élevée pour les entreprises
de toutes tailles
2014 2015
Source: Grant Thornton survey
(1)
(1)
9. 31%
9%
11%
20%
7%
22%
Hackers gained access to *all* company data
…Impact Mid-Market EquallyHigh Profile Enterprise
Breaches…
110 million records stolen
150 million passwords stolen
56 million credit cards and 53 million email addresses stolen Online store infiltrated, exposing customer records
CryptoLocker police to pay cybercriminals to decrypt files
Attack led to leaking 677,335 user accounts
Card data stolen using installed malware
Website compromise exposed customer card number and records
At least 51% of data breaches affect
organizations with
fewer than 10,000 employees
Unknown
More than
100,000
10,001-100,000
1-100
101-1,000
(# of Employees)
1,001-10,000
Source: Verizon data breach investigations report, 2013
Les entreprises de taille moyenne font face aux
mêmes menaces que les grandes entreprises .
Hackers accessed information from 78.8 million people
High Profile Enterprise Breaches…
Data Breaches by Company Size
12. 12
Attaques croissantes, sophistication croissante
Surface d'attaque
exponentiellement plus
grande
Ordinateurs portables
Téléphones / Tablets
Serveurs / postes de travail
virtuels
Serveurs / stockage Cloud
Menaces plus
sophistiquées
Les attaques sont plus
coordonnées que les défenses
15. 15
Présentation de la sécurité synchronisée
La sécurité doit être complète
Les capacités exigées pour satisfaire entièrement le besoin du
client
La sécurité peut être simplifiée
Plate-forme, déploiement, licence, expérience utilisateur
La sécurité est plus efficace en tant que système
Nouvelles possibilités grâce à la coopération technologique
La Sécurité synchronisée
Une sécurité intégrée et
contextuelle où des
technologies de sécurité
distinctes partagent des
informations significatives et
travaillent ensemble pour
offrir une meilleure
protection.
16. 16
Protection complete
• Prévenir les Malwares
• Détecter les compromise
• Remédier aux menaces
• Investigate Issues
• Investiguer les points faible
• Crypter des données
MAC
ANDROID
WINDOWS
iOS
Données d’Entreprise
WINDOWS
PHONE
LINUX
La Sécurité synchronisée
17. 17
La prochaine génération de sécurité
Produits Point
Anti-virus
IPS
Firewall
Sandbox
Couches
Bundles
Suites
UTM
EMM
Sécurité synchronisée
Security
Heartbeat™
18. 18
Intégration à un niveau différent
Synchronized Security Alternative
• Intelligence système
• Corrélation automatisée
• Prise de décision plus rapide
• Découverte de menace accélérée
• Réponse automatisée aux
incidents
• Gestion unifiée simple
• Utilisation intensive des ressources
• Corrélation manuelle
• Dépendant de l'analyse humaine
• Menace / Réponse manuelle aux
incidents
• Produits supplémentaires
• Endpoint/Réseau ne se connaissent
pas
Management
Enduser Network
SIEM
Endpoint
Mgmt
Network
Mgmt
Endpoint Network
20. 20
Sophos Security Heartbeat™
SOPHOS LABS
Sophos Central
Next Gen
Network Security
Next Gen
Enduser Security
Security
heartbeat™
La capacité unique de Sophos de permettre la communication sécurisée entre
notre critère nouvelle génération et le pare-feu nouvelle génération, livrant la
sécurité(le titre) synchronisée.The unique Sophos capability that enables secure
communication between our next-gen endpoint and next-gen firewall,
delivering synchronized security.
21. 21
Advanced threat protection made real
User, device, and process
identification reduces time
taken to manually identify
infected or at risk device or
host by IP address alone
Compromised endpoints are
isolated by the firewall
automatically, while the
endpoint terminates and
removes malicious software.
Endpoint and network
protection combine to identify
unknown threats faster.
Sophos Security Heartbeat™
pulses real-time information
on suspicious behaviors
Security Heartbeat™
Accelerated Threat
Discovery
Active Source
Identification
Automated Incident
Response
Reduced threat impact Quicker, easier
investigation Saves IT time & cost
22. 22
Comprehensive Next-Gen Endpoint
SOPHOS SYSTEM
PROTECTOR
Web & app
exploit
prevention
Threat
Engine
Application
Control
URL &
download
reputation
Pre-
execution
emulation
Behavior
analytics
Device
Control
Malicious
Traffic
Detection
Web
Protection
Heuristics
analysis
Live
Protection
Security
Heartbeat™
23. 23
Comprehensive Next-Gen Network
SOPHOS FIREWALL
OPERATING SYSTEM
Web
Filtering
Intrusion
Prevention
System
Routing
Email
Security
Security
Heartbeat™
Selective
Sandbox
Application
Control
Data Loss
Prevention
ATP
Detection
Proxy
Threat
Engine
Firewall
25. 25
SOPHOS SYSTEM
PROTECTOR
Sophos Central
Improved Threat Detection
heartbeat
SOPHOS FIREWALL
OPERATING SYSTEM
Web & app
exploit
prevention
Threat
Engine
Application
Control
URL &
download
reputation
Pre-
execution
emulation
Behavior
analytics
Device
Control
Malicious
Traffic
Detection
Web
Protection
Heuristics
analysis
Live
Protection
Security
Heartbeat™
Web
Filtering
Intrusion
Prevention
System
Routing
Email
Security
Security
Heartbeat™
Selective
Sandbox
Application
Control
Data Loss
Prevention
ATP
Detection
Proxy
Threat
Engine
Lockdown local network access
Remove file encryption keys
Terminate/remove malware
Identify & clean other infected
systems
User | System | File
Compromise
Firewall
26. 26
SOPHOS SYSTEM
PROTECTOR
Sophos Central
Automated Protection of Endpoints
heartbeat
SOPHOS FIREWALL
OPERATING SYSTEM
Web & app
exploit
prevention
Threat
Engine
Application
Control
URL &
download
reputation
Pre-
execution
emulation
Behavior
analytics
Device
Control
Malicious
Traffic
Detection
Web
Protection
Heuristics
analysis
Live
Protection
Security
Heartbeat™
Web
Filtering
Intrusion
Prevention
System
Routing
Email
Security
Security
Heartbeat™
Selective
Sandbox
Application
Control
Data Loss
Prevention
ATP
Detection
Proxy
Threat
Engine
Discover unmanaged Endpoints
Could it be managed?
Self-service portal setup
User authentication
Distribute security profile
Win | Mac | Mobile
Endpoint
Firewall
27. 27
SOPHOS SYSTEM
PROTECTOR
Sophos Central
Detect and Remediate Compromises
heartbeat
SOPHOS FIREWALL
OPERATING SYSTEM
Web & app
exploit
prevention
Threat
Engine
Application
Control
URL &
download
reputation
Pre-
execution
emulation
Behavior
analytics
Device
Control
Malicious
Traffic
Detection
Web
Protection
IoC
Collector
Live
Protection
Security
Heartbeat™
Web
Filtering
Intrusion
Prevention
System
Routing
Email
Security
Security
Heartbeat™
Selective
Sandbox
Application
Control
Data Loss
Prevention
ATP
Detection
Proxy
Threat
Engine
Identify compromise
Detect source
Assess impact
Block/remove malware
Identify & clean other infected
systems
User | System | File
Compromise
Firewall
29. 29
Don’t just take our word for it!
“We consider Sophos XG appliances and
Sophos Heartbeat software to be a
significant innovation that can raise
security performance standards for
medium-sized organizations”.
451 Research
“I have seen how the information passed in
the Security Heartbeat has the potential to
mitigate business risk, helping
organizations accelerate the speed of
detection and response.
It is not just management interface
integration; the two products share
valuable information that can make each
one more effective and efficient.
For companies who do not have the luxury
of extensive in-house security teams, this
new approach can help bolster
productivity while streamlining security
operations.”
Jon Oltsik, ESG
“No other company is close to delivering
this type of communication between
endpoint and network security products.”
Chris Christianson, vice president of security
programs, IDC
Source: Gartner
Source: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014
Source: Cisco
Each product FW, AV, Dev control, App Control, Mobile – has a unique way of looking at the network. You are looking at it from a sideview, not a top-down 3D view. This is just the nature of the beast. FW just looks at the network. If it’s designed to let port 80 through, I craft my malware to use port 80. We’re left with competent products, but only a 2D view (un-integrated).
Chaque produit FW, AV, le contrôle de Dev, le Contrôle d'App, le Portable - a une façon unique de regarder le réseau. Vous le regardez d'une vue de côté, pas une vue 3D de haut en bas. C'est juste la nature de la bête. FW regarde juste le réseau. S'il est conçu pour laisser le port 80 par, j'ouvre mon logiciel malveillant pour utiliser le port 80. Nous sommes laissés avec des produits compétents, mais seulement une vue 2D (non-intégrée).
Endpoint security used to be about stopping malware from infecting Windows PCs on the network.
Now it has to evolve to not only prevent malware, but also detect machines that are already compromised and help remediate detected threats on a variety of workstation and mobile platforms.
Endpoint security also has to include a focus on the data, ensuring it is encrypted and accessible only to authorized users regardless of where the data lives.
* Important to note – we are not intending to replace SIEMs, but rather enable them to achieve what they were originally built to do – strategic analysis and risk management. Leave the fire-fighting of threats to us – we can do it in real-time and manage the strategic long-term analysis with SIEMs.