4. 4
Attacks Getting More Sophisticated
Zero-day Vulnerabilities
Increasing Volume of Zero-day Vulnerabilities
8
14
23 24
2011 2012 2013 2014
Zero-day vulnerabilities discovered per year
Adobe Reader
5-30
Source: Forbes
Price of zero-day attacks in various applications or OS’s
($ ‘000)
Mac OSX
20-50
Android
30-60
Flash / Java
40-100
MSFT Word
50-100
Windows
60-120
Firefox / Safari
60-150
Chrome / IE
80-200
IOS
100-250
5. 5
1. Advanced Persistent Threats (APTs)
APTs are usually targeted at specific industries,
organizations, or even individuals and may
involve significant research into personnel,
offices, IT practices, operations and much more
to help gain a foot-hold
2. Entry Point
Targeted or not, the initial system is usually
infected by either:
• Visiting an infected website
• Opening an email attachment
• Plugging in a USB stick
3. Discretely Call Home
The infected system connects to the
command & control (C&C) server for
further instructions or to start passing
sensitive data
4. Covertly Spread
The malware may choose to remain
undetected and move slowly or it may
attempt to spread to other systems by
taking advantage of unpatched
vulnerabilities or using hijacked credentials5. Silently Exfiltrate Data
The malware may attempt to
steal information from emails,
documents, Skype or IM
conversations, or even
webcams depending on its
intentions
6. 6
32.7
140.9
2013 2017
Perimeters are Vanishing
Increasing Worldwide Cloud Deployments Capacity Increasing Number of Employees in BYOD Programs
(Exabytes)
CAGR: 44.1%
31%
46%
61%
2014 2017 2020
% of employees using a BYOD smartphone
Increasing Number of Wi-Fi Hotspots Increasing Mobile Population
7. 7
31%
9%
11%
20%
7%
22%
Hackers gained access to *all* company data
…Impact Mid-Market EquallyHigh Profile Enterprise
Breaches…
110 million records stolen
150 million passwords stolen
56 million credit cards and 53 million email addresses stolen Online store infiltrated, exposing customer records
CryptoLocker police to pay cybercriminals to decrypt files
Attack led to leaking 677,335 user accounts
Card data stolen using installed malware
Website compromise exposed customer card number and records
At least 51% of data breaches affect
organizations with
fewer than 10,000 employees
Unknown
More than
100,000
10,001-100,000
1-100
101-1,000
(# of Employees)
1,001-10,000
Source: Verizon data breach investigations report, 2013
Everyone Is Affected – Not Just Enterprise
Hackers accessed information from 78.8 million people
High Profile Enterprise Breaches…
Data Breaches by Company Size
8. 8
Spending on IT Security and Documenting Security Policies Is Increasing
…Is the TOP Priority For CIOs…
Top 3 priorities
Innovation
#2
Cloud mobility
#3
3%
6%
15%
18%
82%
76%
Small businesses
Large
organisations
Low or no priority
Neither high nor low priority
Very high or high priority
Information Security Is a Priority
For Top Management…
IT security
#1
…Increasing the Spend On Security Projects in All
Categories
8.1%
5.9%
6.2%
(0.2%)
3.1%
11.5%
8.1%
6.5%
3.5%
2.6%
Securit
y
Cloud
Comp…
DW/BI/
Analy…
Networ
king
Data
Center
Oct-14 Jan-15
YoY increase in spend in external IT projects
8.4%
7.4%
8.4%9.1%
6.6%
5.3%5.0%
6.8%
Overall SecurityRisk & Compliance
Monitoring
Endpoint SecurityNetwork Security
Spending growth expectations
Source: PWC Source: Morgan Stanley research
Security is a High Priority for Businesses of All Sizes
2014 2015
Source: Grant Thornton survey
(1)
(1)
10. 10
IT Manager Survey on SpiceWorks
Top Complaints About Current Firewalls
Profit
Poor performance
Poor value
Not easy to manage
Insufficient security & control
Insufficient reporting & visibility
11. 11
Introducing Sophos XG Firewall
A revolution in firewalls:
Simple to use
Lightning fast
Unparalleled protection
On-box reporting
From a trusted industry leader
13. 13
XG Firewall: Simply Solving Common Problems
Difficult to mine data to
identify and prioritize issues
Interactive dashboard
instant data and drilldown
Firewalls full of jargon
and difficult to navigate
Complexity of policy creation
and management
Policy templates,
easy to understand
Self-documenting
interface and menus
Identifying risks
User Threat Quotient and
App Risk monitoring
14. 14
All-new Control Center
•Surfaces important
information
• System status
• Traffic
• Security heartbeat
• Advanced threats
• UTQ
• VPNs
• Risky users, apps,
websites
• Policy activity
•Quick access to additional
information and tools
15. 15
3-Clicks to Anywhere
Navigation
•Never more than 3-clicks
to anywhere
•Nav remembers your last
selected item
•Description identifies what
each menu items provides to
make discovery easy
•Main Nav Menu
• Control Center
• Reporting
• Policies
• Protection
• System
• Objects
16. 16
Unified Policy
Management
•Don’t need to navigate
multiple modules, or tabs to
find polices
•All policies on one screen
•Users & Networking
•Business Applications
•Sort and Filter by
•Rule type
•Source Zone
•Destination Zone
•Status
17. 17
Integrated Policies
•Everything on one screen
•Layer-8 User Identity
Polices
•Zone based policies
•Web and App Control per
policy
•IPS and Traffic Flow per
Policy
•Security Heartbeat Policy
•Limit access for Red
or Yellow Heartbeats
18. 18
Business App Policy
Templates
•Templates simplify WAF protection
for common business applications
•Exchange
•Sharepoint
•Lync
•And Much More
•Templates can be customized
•Templates can be shared
19. 19
SFM Dashboard – At-a-Glance Management
2
Top panel
3
Device overview
4Device Monitor
6
Model information
7System messages
5
System information about SFM
1 Menu for key work areasLet’s take a look…
20. 20
Management Made Simple: Three Work Areas
Device
Configuration
• Manage config. or
policies
• For individual device
or group of devices
Template
Configuration
• Create and apply
reusable config.
templates
• Quickly set up new
branch offices /
customer sites
System
Management
• Device health and
settings (add device/
group, update
firmware, etc.)
• Change control
• Monitoring
22. 22
• FastPath optimizes firewall connectivity and routing
• Once connection is deemed trusted, all related packets take the fast path
• It is NOT Stream scanning – which lightly scans packets as they pass for malware
• We properly scan all content in real-time or batch mode – we do not stream scan
Policy Engine
(Who are you? Where are you going?)
Malware Engine
(Are you carrying anything dangerous?)
FastPath Packet Optimization
(e.g. for approved traffic “travelling together”)
Stream scanning
(e.g. visual inspection only)
FastPath Packet Optimization
24. 24
• Single-pane overview
• Unified policies
• Security Heartbeat
Essential
Firewall
• Find threats faster
• Simplify investigation
• Minimize threat impact
Security Heartbeat
Modular Security features
Network
Protection
• Intrusion Prevention (IPS)
• Client & Site-to-Site VPN
• Quality of Service (QoS)
• Advanced Threat Prot. (ATP)
• Wireless Controller for
Access Points
• Multi-Zone (SSID)
support
• Hotspot Support
Wireless
Protection
• Anti Spam & Phishing
• Dual Virus Protection
• DLP & Encryption
Mail
Protection• Reverse Proxy
• Web Application Firewall
• Antivirus
Web Server
Protection
• URL Filtering Policies
• Web Threat Protection
• Application Control
Web
Protection
25. 25
Generations Of Security
Point Products
Anti-virus
IPS
Firewall
Sandbox
Layers
Bundles
Suites
UTM
EMM
Synchronized Security
Security Heartbeat™
26. 26
Security Heartbeat™
Network and Endpoint working better together to revolutionize advanced threat protection
Endpoints
XG Firewall
Server
Internet
No Security
issues
Unwanted
Application
Compromised
Infected
Automatically isolate
systems with
Red Heartbeat
Set more restrictive
policies for systems with
Yellow Heartbeat
1. ATP detects and blocks suspect C&C connection
2. Context requested from Endpoint
3. Full information exchanged (user, process, etc.)
4. Admin notified about ATP event including context
Heartbeat in Network Policies
Advanced Threat Protection
Suspect
Endpoint
XG Firewall
•Accelerated Discovery
Endpoint and network protection
combine to identify unknown
threats faster.
•Active Identification
Reduces time taken to identify
infected or at risk device or host
by IP address alone.
•Automated Response
Compromised endpoints can be
automatically isolated or
restricted by firewall policies
based on Heartbeat™ status.
27. 27
Security Heartbeat
& Advanced Threats
•Accelerated discovery
•Positive identification
•Automated response
•Instant insights into
compromised systems
• Hostname, IP
• User
• Time period
• Threat
• App/Process
• Incidents/Count
29. 29
App Risk Meter
• Identifies overall risk level
• Application dashboard
identifies risky apps
and who’s using them
30. 30
User Threat Quotient
•Identify risky users
before
they become a problem
•UTQ based on recent
web history and ATP
triggers
• Enables:
•Quick and easy policy
changes
•User education
•Targeted intervention
36. 36
To Sum Up…
XG Firewall:
Simple to use - easy to navigate
Lightning fast - with FastPath packet optimization
Unparalleled protection - featuring the industry first Security Heartbeat
On-box reporting - over 300 reports included as standard
Trusted industry leader - Gartner Leaders Quadrant for Endpoint and UTM
39. 39
Management
MANAGEMENT Firewall
Management
Centralized
Management
Status & Alerts
Reporting &
Logging
What’s Key
All-new Control Center and user interface
Sophos Firewall Manager
iView reporting
Key Management Features
• All-new Control Center for immediate insights into issues
• Unified policy model with all policies on a single screen
• Policy templates for quick business app protection.
• Role-based Admin granular access control
• Centralized Management via Sophos Firewall Manager
• Centralized Consolidated Reporting with Sophos iView
• On-box Reporting on every appliance
• PSA/RMM XML-based API
40. 40
User & App Control
What’s Key
Unified policy model
Patented Layer-8 User Identity
Full user-based app control
User Threat Quotient
Key User and App Control Features
• Unified Policy Model to manage all policies on a single screen
• Layer-8 User Identity patented technology for user-based firewall rules & visibility
• Flexible Authentication including directory services, client agents, and portal
• User based firewall policies any firewall rule can be user-based
• Per-policy app, web, QoS, and IPS control for ultimate ease and flexibility
• Customizable templates for apps, web, IPS and traffic shaping
• User Threat Quotient to identify risky users.
• Broad enforcement including HTTPS, Anonymizing proxies, and SafeSearch
• Web caching reducing bandwidth consumption – including Endpoint updates
USER & APP CONTROL User Identity Application Control Web Control Content Control
41. 41
Network Protection
What’s Key
Next-Gen IPS
FastPath packet optimization
Security Heartbeat
Pharming protection
Key Network Protection Features
• Stateful firewall with deep packet inspection with zone based policies
• Perimeter defenses against DoS, reconaissance, spoofing, flood, and ICMP attacks
• Next-Gen IPS (NGIPS) protection from hacks and attacks that’s user and app aware
• FastPath packet optimization that provides up to 200% performance improvement
• Advanced protection from the latest viruses and web threats
• Security Heartbeat that links endpoints with the firewall
• Advanced Threat Protection from bot-nets and C&C traffic
• Pharming Protection to protect from overwritten hosts files (DNS lookups)
• Web Application Firewall for business applications like Exchange & SharePoint
• SSL decryption and inspection and certificate validation
NETWORK PROTECTION
Synchronized
Security
Advanced Threat
Protection
Business
Applications
Encrypted Traffic
Firewall IPS Anti-malware Web Protection
42. 42
Email Protection
What’s Key
IMAP Filtering
What’s Unique
SPX Email Encryption
DLP Policies
with pre-packaged sensitive data types
Key Email Protection Features
• Anti-spam Protection from the latest spam campaigns
• New IMAP filtering for email services using this protocol
• SPX Email Encryption for simple push encryption without trust infrastructure
• DLP Policies with pre-packaged sensitive data types
• Self-help Quarantine Management through the user portal
EMAIL PROTECTION Anti-spam Email Encryption
Data Loss
Prevention
Quarantine
Management
43. 43
Networking
What’s Key
Discover Mode
Zone Segmentation
Traffic Shaping per-policy
Key Networking Features
• Routing and Bridging supporting all the latest standards
• Zone segmentation with isolation/policy support for LAN, WAN, VPN, DMZ, etc.
• Discover Mode in bridge or TAP mode for easy PoCs and evaluations
• Traffic Shaping per-policy offering greater flexibility in prioritizing traffic
• Integrated Wireless Controller with plug-and-play Sophos WiFi Aps
• Wireless Hotspots with flexible authentication options
• High performance switching, scanning, and proxy engines
• Standard VPN Options including IPSec, SSL, PPTP, L2TP, Cisco, OpenVPN
• Clientless VPN for easy access to hosts or services via the user portal
• RED VPN for easy and secure networking to remote locations
• IPv6 support for future-proofing and deployment into IPv6 environments
NETWORKING
Routing & Bridging Zone Segmentation Traffic Shaping Wireless Controller
Performance VPN RED VPN iPv6
44. 44
Competitive Chart Sophos
XG Firewall
Fortinet
FG 20-90
Dell SonicWALL
TZ Series
WatchGuard
XTM Series
Network Firewall/Protection
Advanced threat protection
Network and Endpoint Integration [Heartbeat]
Unified Policies
User Risk Visibility [User Threat Quotient]
FastPath Packet Optimization
Site to site and remote user VPN
Secure web gateway
Complete Email Protection [AV, AS, Enc., DLP]
Dual antivirus
Wi-Fi
Reverse proxy
Web application firewall
User portal
Full Reporting
Best TMG feature parity
Discover (TAP) Mode Deployment
$ $
$ $ $
$ $ $
$ = Another product required
New Differentiators
•New competitive differentiators
•Heartbeat
•Unified policy
•User Threat Quotient
•New comparative differentiators
•FastPath
•Discover Mode
•User-based Firewall Policies
Editor's Notes
Depending on the OS or application that has been compromised, Zero-day vulnerabilities can be worth into six figures.
With these types of financial rewards on offer it’s little wonder that the number of zero-days has grown year on year.
Let’s step through how a typical Advanced Persistent Threat (APT) could compromise your organization.
<Read slide>
In addition to these growing threats, ‘traditional’ IT setups are rapidly becoming a thing of the past.
Users are working everywhere. The office, at home, while travelling and they are using multiple devices to do it – laptops, tablets, mobiles.
Increasingly they are bringing and expecting to be able to use their personal devices at work.
This all generates additional challenges for your network security.
Source: Gartner
Source: IDC, Worldwide and Regional Internet of Things 2014–2020 Forecast Update by Technology Split, #252330, Nov 2014
While attacks on large on large enterprises are more likely to hit the headlines, SMBs are equally affected.
<Highlight several points>
As you can see here, IT security is of huge importance to businesses of all sizes.
And IT security is the front runner when it comes to spend for IT budgets.
In a recent survey of IT managers on Spiceworks, Sophos asked what their top complaints with their existing firewall were…
They cited…<read from chart>
Interestingly, these issues are all strengths of the XG Firewall.
It’s simple to use, lightning fast, gives unparalleled protection, has on-box reporting and comes from a trusted industry leader.
Now let’s take a look at how the XG Firewall is achieving each of these points.
It solves a lot of common problems, IT managers have with managing their existing firewalls…
It’s currently difficult to identify and prioritize issues, complex to create and manage policies, difficult to navigate and parse through the jargon, and identify risks before they become a problem.
So when Sophos set about to design XG Firewall, they made sure they solved these important issues…
First, there’s a brand new rich interactive dashboard that surfaces all the important information a manager needs and offers quick and easy drill-down to what’s important.
Then they implemented policy templates and a unified policy model that’s easy to manage and work with and saves a lot of time.
Then, they made the navigation more streamlined but also more helpful with self-documenting notes in the menus with thumbnails so you’re never more than 3 clicks from anywhere and can easily find what you’re looking for without a lot of trial and error.
And they didn’t stop there, they also incorporated some exciting and extremely helpful new technologies to identify user and application risks in the environment.
Let’s have a look now.
From the main dashboard you get complete oversight of your security status.
<Highlight areas below as desired>
System - Displays the real-time status of system performance, services, connections, and other system parameters. Green indicates everything is fine, orange indicates a warning, and red indicates something needs immediate attention. Each item is clickable to reveal additional details, graphs, as well as helpful system and network tools you can use for troubleshooting purposes such as ping, traceroute, packet capture, command-line access, and much more.
Traffic insight - This provides an overview of traffic processed in the last 24 hours including web activity, allowed and blocked apps and web categories as well as network attacks. You can quickly determine when your peak traffic periods are as well as how effective your policies have been at blocking unwanted activity and traffic.
Security Heartbeat - The Sophos Security Heartbeat widget indicates the health status of all your Sophos Cloud managed endpoints. If any systems are running unwanted applications or infected, they will show here as yellow or red. Clicking the widget reveals full details on the affected computer, including the user, hostname, IP address, and even the process responsible, enabling you to quickly take action. You can also use Security Heartbeat status in your policies to limit access to network resources for affected systems.
Advanced Threat Protection - This widget provides an immediate indication of the presence of advanced threats on your network – either bot-net or command-and-control (C&C) traffic that has been blocked. Clicking the alert will reveal details about the infected system including the hostname, IP address, and source of the malicious traffic.
User Threat Quotient - Unique to Sophos, User Threat Quotient (UTQ) is an indication of a user’s risk level based on recent web and advanced threat activity. This widget is green when risk levels are low, and turns red when a threshold of risky activity is detected indicating the number of high risk users. The score is analyzed over a 7 day period and clicking on it will take you directly to the detailed UTQ report.
Connections - The connections widget shows the status of various connected devices and users including Remote Ethernet Device (RED) VPN connections, pending and active wireless access points, remote SSL VPN connections, and the current live users count. Clicking the various components of this widget will take you directly to the respective setup or reporting screen.
Messages - The messages panel displays important system notices, warnings and alerts with blue, yellow and red icons respectively. Examples include default password warnings, HTTPS and SSH WAN access warnings, registration notifications, license notifications and firmware updates. Click any message to review the full details and take action.
Reports - This panel displays the top five reports that may have data of interest or require action based on automatic background analysis. Examples include high risk applications, objectionable websites, web users, intrusion attacks, web server attacks, and more. Clicking any of the listed reports will open a PDF view of the full report.
Active Policies - The Active Policies panel right on the control center indicates exactly how many policies you have of each type, how many are unused, disabled, changed and recently added. Unused policies are a good indication of policies that may benefit from some housekeeping as they can present potential openings or vulnerabilities in the network that are no longer required.
Navigation - The menus and navigation get out of your way but offer quick access to all areas of the system. In fact, you’re never more than 3-clicks from anywhere. The menus are designed with built-in help making discovery easy and they remember your last selection requiring even fewer clicks to your most often used screens.
To make things as straight-forward as possible you can navigate to anywhere in only 3 clicks.
Menu items are grouped logically, so you won’t waste time looking for something that’s hiding in the wrong place.
If you’re familiar with any other Firewall product, you know that policies are all over the place… firewall, IPS, email, web, and WAF policies are all on different screens in different modules and often spread across several tabs.
That’s no longer the case. Sophos has made policy management a lot simpler by implementing a single screen to manage all your policies in one place. All your user, network and business application or WAF policies are here on the policies screen
<advance animation>
and you can easily filter them by type source and destination or status.
And when you add a new policy, you choose the type, which provides a tailored template ideally suited for that type of policy, making it easy to setup new policy rules with just a few clicks.
And different policy settings are now all integrated. For any user or network rule, you can define an application control policy, web filtering policy, IPS policy, and traffic shapping policies, all with just a few drop down selections, and all on the same screen. In any other product, that would require at least four different rules or policies and multiple fields or tabs. Now it’s all done in one place.
And you’ll see on the bottom of this screen… options for Security Heartbeat. Allowing you to add heartbeat requirements to any policy to limit access to any endpoint that’s been compromised. (more on that in a bit).
And another innovation and huge time saver are the new business application templates for setting up WAF policies. Here you simply select one of the common business applications you need to protect with the firewall, and it prepopulates the rest of the policy settings with the most common settings for that type of application. You then simply need to enter a couple of details like the domain name and server IP address and you’re done. Compare this with having to setup a WAF policy in any other product that’s usually several screens, complex, and confusing. Not with XG Firewall.
SFM - Sophos Firewall Manager
Easily configure your devices, templates and manage your systems
Here you can search for a device, see flagged alerts, errors get help and more info
Device overview lets you see how many devices you have, which are actually connected and whether they are synched together
See how your devices are running
Information on SFM itself
See which models you are running
System messages
<Read slide>
One of the key new technologies we have now is FastPath Packet Optimization… which optimizes the connectivity and routing of traffic.
Once a connection is deemed trusted, all subsequent packets can take the fast path.
This is NOT stream scanning… which is all about optimizing the inspection of traffic for malware… we still properly scan all content in real-time or batch mode and do not compromise on security for added performance like some of our competitors.
The best analogy for this is the process you go through at the airport.
First someone will check your identity and destination to determine if you’re allowed to travel… this is analogous to the policy engine in the firewall.
If you’re deemed trusted to travel to your destination, you proceed to the next stage which is the security screening
<advance>
FastPath Packet Optimization simply allows people travelling as a group to bypass the first step and take the Fast Path. In the firewall, all subsequent packets that are part of a known and trusted connection can similarly take the fast path improving performance.
Everyone still goes through the security screening stage which is analogous to the malware inspection in a firewall. In our case, all traffic is still scanned completely for threats.
<advance>
Competitors often use Stream Scanning as a technique to improve performance, but it sacrifices security… something we’re not willing to do.
The result is that you get better performance and better protection.
FastPath can provide up to 200% improvement in firewall throughput.
You can pick and choose the modules depending on your security needs.
Sophos XG Firewall delivers outstanding NGFW capabilities, but if you’re looking for an UTM solution it also gives you everything you need.
Security is an ever-evolving landscape.
Having separate, best-of-breed products for each security aspect used to be the conventional wisdom.
Then came security in layers – product bundles and suites, UTM, EMM, etc.
Now Sophos has brought the next generation of security – Synchronized Security.
So what do we mean by ‘Synchronized Security’?
In order to stop sophisticated threats, you need security products that work together as a system – protecting your users and corporate data across all points of the network. This is exactly what Synchronized Security provides.
The exact means of execution is via the ‘Sophos Security Heartbeat’ – which shares intelligence in real time across a trusted channel between your endpoints and firewall. We’ll go into more detail on the next slide.
But this simple step of synchronizing security products that previously operated independently creates more effective protection against advanced malware and targeted attacks.
How it works is quite ingenious and simple.
When malicious C&C or botnet traffic is detected on the network, the Firewall can use the Heartbeat connection to let the Endpoint know, which will change it’s status, triggering a notification and possibly changes in policy.
Any network policy can have a heartbeat status attached as we saw earlier, enabling infected machines to be automatically isolated completely in the event of an incident until they can be cleaned up… or at least limit access to compromised machines so they don’t leak data or potentially infect other systems on the network.
It’s incredibly helpful, important, and yet amazingly simple.
Sophos Security Heartbeat comes at no extra cost to XG Firewall, providing a revolutionary new approach to identifying and responding to advanced threats on the network.
It provides a link between the firewall and Sophos Cloud Endpoints that enables these two essential security enforcement points to communicate and share information like nothing before.
<advance>
With traditional APT detection solutions, you would be lucky to identify the IP address of the compromised host. With Security Heartbeat linking endpoints with the Firewall, they can share important information so when you get an advanced threat warning, you not only know the IP address, but the hostname, user, time period, the threat, and the infected process or executable, and the number of incidents.
The benefits are enormous in time savings to discover, identify and remediate an advanced threat. All the information needed is surfaced instantly to the XG Firewall Control Center… <read stuff in bullets>
XG Firewall has a fantastic reporting framework, modern look and feel, and some great new reports. Here are just a couple of the reports that provide extremely important insights into potential risks...
The first is the App Risk Meter widget which appears on the application report dashboard.
It’s a score that indicates the relative risk level of apps in the environment. A high score in red indicates that risky apps are being used, and you may want to establish an app control policy to prevent them from becomming a problem.
The next is the user threat quotient... Which identifies risky users based on their recent web bnrowsing history and advanced threat triggers. Users attempting to access a lot of blocked sites, or who have been infected in the past, are highly likely to re-offend... And are called out in this report.
With this information admins can make policy changes, or educate these users, before they get themselves infected.
You can also use Sophos iView which gives you comprehensive, centralized reporting across all of your firewall devices.
Monitor and analyze security risks across your entire network.
Compliance reporting - HIPAA, PCI DSS, GLBA, and SOX
Sophos is the only vendor to feature as a Gartner Leader in both the Endpoint Protection and Unified Threat Management Magic Quadrants.
As you can see from the slide – Sophos is the only vendor to have a nearly even split between Endpoint and Network. You cannot get that anywhere else.