SophosUTM Flexible Sicherheit für flexible Unternehmen Infinigate Security Day 2013 27. August 2013 1
Umfassende Sicherheit kann einfach sein Complete Security Überall, unabhängig vom genutzten Gerät Massgeschneiderte Bereitstellung Lokal, als Serviceoder Hardware bzw. virtuelle Appliance Leicht gemacht Einfache Einrichtung, verwaltet über die Cloud usw. 2
Security made simple. Referenzarchitektur Zuverlässigkeitsdaten Active Protection SophosLabs Gebündeltes Know-how Inhaltsklassifizierung ZU HAUSE UND UNTERWEGS REMOTESTANDORT Sicheres VPN-RED Mobile Control Endpoint-Anti-Virus SafeGuard- Verschlüsselung Sicherer VPN- Client Sicheres WLAN Endpoint-Anti-Virus SafeGuard- Verschlüsselung Mobile Control HAUPTSITZE SOPHOS CLOUD Management Schutz Reporterstellung Verwaltung Mobile Control Server-Anti-Virus SafeGuard- Verschlüsselung Endpoint-Anti-Virus SafeGuard- Verschlüsselung Sicheres WLAN Sicheres Web-Gateway NextGen Firewall UTM Sicheres E-Mail-Gateway Web Application Firewall Gast-WLAN 3
SophosUnified Protection Sophos Complete Security in einer einzigen Appliance 4
SophosLabs Schutz über die Cloud Besserer Echtzeitschutz leicht gemacht Malware- Daten Datenbank mit Webseiten-URLs HIPS- Regeln SophosLabs Active Protection Sensible Datentypen Anwendungskategorien Gerätedaten Zuverlässigkeitsdaten Schad- URLs Spam- Kampagnen Zuverlässigkeit Mobilanwendungen Anonymisierende Proxyserver Anwendungs patches Gebündeltes Know-how Zuverlässigkeitsdaten Inhaltsklassifizierung Netzwerk Server Geräte Web Web App FW E-Mail Next Gen FW WLAN E-Mail Web Datei Smartphone/ Tablet Daten Workstation/ Laptop 5
SophosLabs Big Data zum Schutz von Daten SAMPLES TELEMETRIE HONEYPOTS SOPHOSLABS MENSCHLICHE ENTSCHEIDUNG AUTOMATISCHES LERNEN & AUTOMATISIERUNG BIG DATA ANALYTIK Dynamisch & statisch ZU HAUSE UNTERWEGS REMOTESTANDORT HAUPTSITZE 6
News UTM 9.1 7
UTM 9.1 -Networking News Sticky Multipath Regeln IPsec Tunnel Uplink Interface Bindung Anzeige von Auto-Packetfilter Regeln Country Blocking Exceptions und Erweiterungen Unified Host Objects MAC-basierte Packetfilter Regeln QoS Ingress Policing DNSSEC Support 8 8
UTM 9.1 -Networking News IPv6 Server Load Balancing IPv6 Prefix Delegation IPv6 Renumbering Multilink PPP Support Konfigurierbares VDSL Tag 9 9
UTM 9.1 -VPN News Support für SSL VPN Profile RED Initialprovisionierung via USB Stick Automatische RED Deauthorisierung MAC Address Whitelists pro RED VPN Tunnel Up/Down Notifikationen Statischer Amazon VPC Tunnel Neue (performantere) AES GCM Policies für IPSEC VPN 10 10
UTM 9.1 -Wireless News Mehrals8 SSID s pro UTM Wireless Repeater Funktion Wireless Bridge Funktion MAC filtering pro SSID STP Support 11 11
UTM 9.1 -Wireless Mesh Network Bridge/Repeater ProduktionsWLAN Mitarbeiter GaesteWLAN Mitarbeiter Repeater Repeating Bridge Ethernet Mesh WLAN 12 12
UTM 9.1 -Web Security News HTTP Proxy Performance Verbesserung dank tmpfs Nutzung Caching von Sophos Endpoint Updates Volle Anpassbarkeit der Block Seiten 13 13
UTM 9.1 -Mail Security News POP3 SSL support(ssl scanning) IPv6 Support vom POP3 Proxy 14 14
UTM 9.1 -Webserver Protection News Outlook Anywhere Unterstützung Exceptions können nun deaktiviert werden 15 15
UTM 9.1 -Basissystem News Zeitdefinitionen über Mitternacht hinaus möglich Erweiterung Password guessing lockout CA Stammzertifikate werden via up2date Pattern aktualisiert Performance Optimierungen im Reporting 16 16
News -UTM Web in Endpoint Die selbe Web Filter Policy im Büro und unterwegs Web Policy: No games, no weapons Office Zynga.com Games Zynga.com Web policy Reporting data Remote user Games 17 17
Sophos Managed Service Provider (MSP) Programm Michael Kretschmann Channel Manager Sophos Schweiz August 2013 18
Introduction 19
The rise of the service economy Break-fix VAR/Reseller MSP Cloud/Hosti ng Security Services $13B in 2012 12% growth What we re hearing 2 in 3 partners are considering or offering services 20
Roles Sophos, MSP, and Customer Who does what Provide the Solutions and Programs to enable your business: Complete Security Certification Training On-boarding support Monthly pricing/billing Automated licensing Support for the MSP MSP Partner Provide IT Security as a service become the IT security manager for your customers: Install hardware/sw Configure security Setup policy Run reports Monitor status Provide support Invoice customers Collect payment Pay Sophos through Distribution Customer Enjoy the peace-of-mind that comes with having the best protection from their trusted IT service provider. Happily pay their bill on time 21
New MSP Program at a glance Complete MSP Security Based on our UTM, EP and SMC product lines Enabling services for: Network, web, email, endpoints, mobile devices Flexible deployment options and customizable services Centralized management included at no charge New license management in SUM 4.1 transparent and automated Add new customers and cross-sell new services easily Usage-based Pricing and monthly billing Pay-as-you-go, based on usage no up-front commitments required Monthly billing optimize cash flow On-boarding and technical support Technical & sales certification and co-branded marketing assets 24/7 support standard, with Advanced MSP Support available for a fee 22
Solution Overview 23
Complete MSP Security UTM + EP + SMC (Not Sophos Cloud at this time) Protecting Networks Protecting Servers Protecting Users Network Firewall Secure Web Gateway Unified Threat Management Webserver Protection Endpoint Protection Mobile Protection Network Protection Secure Wi-Fi Secure Email Gateway Server Antivirus 24
SUM 4.1 UTM Licensing 25
Centralized Management SMC (Sophos Mobile Control) Features Included at no extra charge! Multi-tenant Real-time monitoring Aggregated reporting Inventory management Central configuration templates Automated licensing Web API for RMM/PSA integration 26
Example deployment 27
Example deployment Customer A Head Office Your Data Center SUM Console Customer A Branch Office Customer B Office UTM 220 RED UTM 110 Customer A Mid-size customer (100 users) Main office + Branch office Services: Complete (Network, Web, Email, WiFi, EP) Users: 100 users FullGuard 50 users Endpoint HW: UTM 220, RED, AP 50/30 Customer B Small customer (10 users) Services: Essential network (Firewall, Web, Email) Users: 10 HW: UTM 110 28
Customer A 100 x 50 x 29
Getting Started 30
On-boarding and Getting Started What you need to do to get started Complete Security MSP Getting Started 1. Sophos MSP Certification 2. Sign MSP Partner Contract 3. Supply Tier 1 support Must have at least 1 technical person certified to MSP Architect Certification Programs Certified Eng/Architect for UTM (Classroom 3-4 days) Certified Eng/Architect for Mobile (Classroom 2-3 days) New MSP Add-on Certifications: - Certified Architect UTM-MSP (Online 0.5 days) - Certified Architect Mobile-MSP (Online 0.25 days) Sign new contract (regardless of whether you are existing partner or managed through a distributor or master MSP) End-customer support is your responsibility We support you 31
More Information Partner Portal Latest MSP news and tools 32
Sophos Security made simple. VielenDank! Fragen? 33
www.sophos.com/unified 34