“The security industry has been very good at providing endpoint, web security, network, and firewall security. More lately it has moved to a layered approach but Sophos is the first to synchronise all these layers,” he added.
Sophos has taken traditionally independent products and given them the ability to directly share intelligence via the Sophos Cloud. Its ‘Security Heartbeat’ can instantly trigger a response to stop or help control a malware outbreak or data breach. The Sophos XG Firewall uses data provided by Sophos endpoint protection to isolate and restrict access to and from the affected device, and in parallel, the endpoint protection can remediate the attack.
Sophos has one aim – security made simple. It does is for enterprise clients – from 15-5,000 seats which it classifies as mid-market. It provides a complete suite of solutions that appeal to organisations with limited IT administration resources. It can take several hours for IT staff to respond to issues – Sophos automatically responds in seconds.
“Today Sophos has taken the next big step in next-generation security. Organisations of every size know they need endpoint security and network security – they are two foundational pillars of any IT security strategy. But for too long, these two product segments simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability,” commented Kris Hagerman, CEO at Sophos. “Only Sophos links leading network security technology with leading endpoint security technology together in a coordinated and integrated approach. This is synchronised security that delivers both better protection – and better manageability – for organisations of any size.”
How does the Security Heartbeat work?
- When a new Sophos protected endpoint is added to the network, its Security Heartbeat automatically connects to the local Sophos XG Firewall and the endpoint immediately starts sharing health status.
- If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information is instantly shared securely via the Security Heartbeat.
- The endpoint reports context-rich information such as the computer name, username and process information associated with the threat.
- The firewall can automatically take action to isolate the endpoint from internal and/or external networks and trigger additional action on the endpoint to mitigate risk and prevent data loss.
- After the threat has been removed, the endpoint uses the Security Heartbeat to communicate updated health status back to the network, which then re-establishes normal service to the endpoint.
“It is like traffic lights – red for critical, yellow for warning and green for good. If an endpoint has a yellow or red its immediately isolated from corporate resources like the network or server until its fixed,” said Kraft.
We spoke about the Internet of Things – which also really includes bring your own devices.
“You can’t really put [AV] agents on the huge range of IoT devices – no standards exist yet – but you can lock down what a device does on the network so it can only do a specific task. When it steps outside that policy defined in Sophos’s web application firewall it will be isolated until fixed. IoT really needs to look at authentication issues as well,” Kraft said.
We spoke about the cloud and its increasing role in running scalable applications and in storage.
“Cloud is really no different in function to on premise yet it has a very different set of security issues. Things like where it data is stored, data sovereignty, who can access it and more. It is not inside the physical network. Sophos works with cloud providers like Amazon, Microsoft Azure and Google to help protect the enterprises use of the cloud,’ he said.
And what about Sophos?
We are focused solely on mid-market that want a simple, standardized, one-stop shop – not having to use 20 to 80 different security providers as is the case with larger organisations. We know this market well.
We have 2,700 staff, sales of over $400M – almost 50/50 for UTM network and endpoints. We have grown faster than most - twice the industry average for endpoints and three times for UTM. We are the only vendor in Gartner’s Magic Quadrant as leaders in both UTM and Endpoint,” he finished.