4 Steps to Optimal Endpoint Settings
31
SOPHOS Sophos EP Policy Webinar 02/12/2013 Presenter: Tom Farrell Sophos Professional Services Topics: Policies and demonstrations of Anti-Virus Live Protection. Policies and demonstrations of Anti-Virus Web Protection. Policies and demonstrations of Data Control. Policies and demonstrations of Web Control.
-
Upload
sophos -
Category
Technology
-
view
928 -
download
2
description
Sophos Professional services reviews how to optimally configure your Sophos Endpoint Product. This slide deck covers: • Anti-virus policy live protection • Anti-virus policy web protection • Data control policy options to track files and removable storage • Web control multi-browser inappropriate filtering and full web control
Transcript of 4 Steps to Optimal Endpoint Settings
SOPHOSSophos EP Policy Webinar
02/12/2013
Presenter:
Tom Farrell
Sophos Professional Services
Topics:
Policies and demonstrations of Anti-Virus Live Protection. Policies and demonstrations of Anti-Virus Web Protection. Policies and demonstrations of Data Control. Policies and demonstrations of Web Control.
Live protection
Sophos has two primary types of file checking technologies
OnAccess LiveProtection
Live protection
OnAccess examines files as they are “accessed” As they are Written As they are Read As they are Renamed
Live protection
OnAccess uses onboard virus detection database 4.5 million identities. “VDL”
Live protection
Live Protection, is cloud based technology. Live Protection releases are immediate. Using Sophos SXL DNS transport lookup.
Live protection
Live protection
Additional events can trigger Live checks Buffer Overflows Host intrusion protection events
Suspicious files Suspicious behavior Malicious file events
Live protection
Live protection demonstrations
Detection events & CleanupBest practice
Not recommended
Web protection
Web Protection There are two features to Web Protection.
Block access to malicious websites. Download scanning
Web protection
Block access to malicious websites Uses WinSock 2 API layered service provider (LSP) LSP is a DLL that is inserted into the TCP/IP stack, once
registered it can examine network traffic. With Sophos this is browser traffic for reputation and content.
Web protection
Download scanning Performs scans of temporary internet files. Can rely on On-Access configuration or can operate
independent of On-Access settings.
Web protection
Web Protection transport similar to Live protection. Very fast checksum based queries. Transport using DNS/SXL. SXL response defines content type:
Malicious Adult / Sexual Crime / Violence, etc...
Web protection
Web Protection demo
Data Leakage Prevention
Tracks moving data. Data source can be local HD and network volumes. Rules can be content expression based and or file matching. Destinations include:
Removable storage Browsers Instant messenger Email clients
Data Leakage Prevention
Managing DLP events Actions that can be applied
Allow and log Block and log Allow on user acceptance and log
All events are centrally reported and reports can be built using the Enterprise Console “EventViewer”
Data Leakage Prevention
DLP use cases Good people doing dumb things. Bad people doing bad things. The enemy within.
DLP demonstration
Web control
• There are two types: Inappropriate Full web control
Web control
Both use Winsock 2 LSP Uses WinSock 2 API layered service provider (LSP) LSP is a DLL that is inserted into the TCP/IP stack, once
registered it can examine browser based network traffic for reputation and content.
Web control
Inappropriate filtering uses built in 14 categories of controls.
Control can be of Allow, Block or Warn.
Inappropriate Web control
Web control
Web Control client events can be accessed through the Enterprise Console event viewer.
Web control
Full Web Control requires Sophos Web Appliance physical or virtual.
Full Web Control
Sophos Web Appliance
Web control
Key benefits of full web control Greater control than just the built in 14 categories Centrally store and report on users ENTIRE internet
history, not just the violations. Web control policies extend out of the office without
any special network configurations using “live connect”
Web Control Demo
Getting started & getting help
Documentation and resources http://www.sophos.com/en-us/support/documentation/enterprise-console.aspx http://www.sophos.com/en-us/support/professional-services.aspx
Contacting support http://www.sophos.com/en-us/support/contact-support.aspx [email protected] 1-888-767-4679
Sophos Professional Services
• Sophos PS is the global team that…• Enables ‘best practice’ adoption of Sophos solutions
• Optimizes your security posture to your needs
• Our experience..• Over 3500 engagements every year
• Hundreds of thousands of endpoints every year
• Engagements with a few endpoints to 50k+ endpoints
• Tom Farrell• Most senior PS engineer in North America
Who are we, who am I
31
US and Canada 1-866-866-2802
UK and Worldwide + 44 1235 55 9933
nakedsecurity.sophos.com
Staying ahead of the curveStaying ahead of the curve
facebook.com/securitybysophos
twitter.com/Sophos_News
Sophos on Google+
linkedin.com/company/sophos
