Synchronized Security

Synchronized Security Revolutionizing Advanced Threat Protection Justinas Valentukevicius Channel Account Executive, Baltics 1

About Sophos 3

Sophos Snapshot Founded 1985 in Oxford, UK Appx. $400 million in FY13 billings Appx. 2,200 employees Over 220,000 customers Over 100 million users HQ in Oxford, UK and Boston, MA Best in class renewal rates (90+%) 20,000+ channel partners OEM Partners: Cisco, IBM, Juniper, Citrix, Lenovo, Rackspace Key development centers: Abingdon, UK; Vancouver, BC; Karlsruhe, Germany; Linz, Austria; Budapest, Hungary; Ahmedabad, India 20+ additional offices worldwide Sophos in Oxford, UK 4

Sophos Historical Timeline Founded in Abingdon (Oxford), UK Supplied security software to UK forces in 1st Gulf War Acquired ActiveState Acquired Utimaco Safeware AG Acquired Astaro Acquired Cyberoam Peter Lammer c.1985 Jan Hruska c.1985 1985 1988 1989 1991 1996 2003 2008 2010 2011 2012 2014 First checksumbased antivirus software First signaturebased antivirus software Voted best small/medium sized company in UK US HQ established in Boston Awarded 3 Queen s Awards for Enterprise, Innovation and International Trade Majority interest sold to Apax Partners Acquired DIALOGS 5

Sophos Major Global Sites Vancouver Canada 155 San Francisco Bay Area 10 Others The World 150 Wiesbaden Germany 100 Aachen Germany 95 Oxford UK 425 Boston MA 240 Paris France 50 Karlsruhe Germany 165 Munich Germany 40 Linz Austria 60 Dortmund Germany 30 Budapest Hungary 65 Singapore 50 Ahmedabad India 550 Tokyo Japan 40 Manila Philippines 30 Total Sophos Employees 2,200 Sydney Australia 50 6

Sophos Partners (OEM and Alliances) Companies that OEM Sophos Security Technology Strategic Alliance Partners 7

1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 Threat Volume Total Malware 80 000 000 70 000 000 60 000 000 50 000 000 40 000 000 30 000 000 20 000 000 10 000 000 0 250,000 previously unseen files received each day within SophosLabs Source: SophosLabs 2013 8

3 Increasing Attacker Sophistication Zero-day Vulnerabilities Price of Zero-day attacks in various applications or operating systems Adobe Reader Mac OSX Android ($ 000) 5-30 20-50 30-60 Flash / Java 40-100 Source: Forbes 8 Firefox / Safari 60-150 MSFT Word 50-100 Chrome / IE 80-200 Windows 60-120 IOS 100-250 Increasing Volume of Zero-day Vulnerabilities Zero-day vulnerabilities discovered per year 14 23 24 2011 2012 2013 2014 Source: Symantec 9

Mid-Market Faces Same Threats as Large Enterprise High Profile Enterprise Breaches Sony Pictures Hackers gained access to *all* company data, from unreleased movies to sensitive emails. Adobe 150,000,000 passwords stolen. Target 110 million records stolen. Home Depot 56 million credit cards and 53 million email addresses stolen. UPS Store Malware on PoS systems in 24 US states left customers at risk of identity theft and credit card fraud. Impact Mid-Market Equally Racing Post SQL injection attack led to leaking 677,335 user accounts for this sports betting website. Signature Systems Criminals installed malware and then stole the card data of the restaurants customers. Park N Fly Website compromise exposed customer card number, name, billing address, card expiration, CVV code. Swansea Police Dept. CryptoLocker police to pay cybercriminals to decrypt department files. LaCie Online store infiltrated, exposing customer credit card numbers and contact information. Data Breaches by Company Size (# employees) Unknown More than 100,000 10,001-100,000 7% 22% 31% 20% 11% 9% 1-100 101-1,000 At least 51% of data breaches affect organizations with fewer than 10,000 employees Source: Verizon data breach investigations report, 2013 10

but Don t Have Adequate Resources to Respond 20,000+ Employees An Enterprise Approach Is Not Realistic Average Number of People Dedicated to IT Security Large Enterprises 5,000-19,999 Employees Mid-Market Enterprises 100-499 Employees 500-999 Employees 1,000-4,999 Employees Key Security Challenges Faced by Mid-Market Growing number and sophistication of security threats Increasing cost and exposure of "getting it wrong" Traditional, complex point solutions increase cost and erode usability and manageability Fragmented and constantly changing vendor landscape is difficult to navigate and understand Limited in-house IT security personnel and expertise Pressure on resources, budgets and time Enterprise security issues without enterprise class budgets 11

Mid-Market Focus with Value Proposition that Resonates with Enterprises of All Sizes % OF SOPHOS BILLINGS IT SECURITY MARKET SOPHOS CUSTOMER EXAMPLES 20% Large > 5,000 Employees $4.9Bn 18% OF TOTAL c. 22K ENTERPRISES 57% Mid-Market 100 5,000 Employees $18.5Bn 69% OF TOTAL c. 1M ENTERPRISES 23% SMB < 100 Employees $3.5Bn 13% OF TOTAL c. 64M ENTERPRISES 13

A Proven Market Leader Endpoint Encryption Leader UTM Unified Threat Management EPP Endpoint Protection Client Sec/ Endpoint Wave Leader SWG Secure Web Gateway SEG Secure Email Gateway ENF Enterprise Network Firewall MDP Mobile Data Protection EMM Enterprise Mobility Management Endpoint Encryption Champion Endpoint Anti- Malware Champion Next Generation Firewall Champion 16

Only Vendor Ranked as a Leader in Endpoint, UTM and Encryption Endpoint, UTM and Encryption Represent [73]% of Sophos Billings (1) LEADER in all 3 of these Gartner Magic Quadrants LEADER in 2 of these Gartner Magic Quadrants LEADER in 1 of these Gartner Magic Quadrants (2) PRESENT in 1 of these Gartner Magic Quadrants Notes: 1. Figures refer to fiscal year 2015. Fiscal year-end March 31 2. In February 2015, FrontRange and Lumension announced they would merge and form HEAT Software, backed by Clearlake Capital Group 17

Unique Balance Between Endpoint and Network ENDPOINT NETWORK 10,8% 54,9% 100,0% 93,7% 100,0% 100,0% 100,0% 89,2% 100,0% 100,0% 100,0% 100,0% 100,0% 45,1% 6,3% 18

Complete Security, Made Simple Complete Security Network Servers Anti-Malware End Users and Devices Next Gen Firewall Antimalware and IPS URL Filtering Network Access Control Webserver Protection Virtualization Anti- Malware Mobile Encryption Patch Assessment Wireless VPN Anti-Spam Email Encryption App Control V-Shield Application Control Device Control Encryption for Cloud Endpoint Web Protection Made Simple. Simple Deployment Simple Protection Simple Management On premise Virtual Cloud User self provision Active Protection real-time protection powered by SophosLabs Live lookups via the Cloud SophosLabs experts tune the protection so you don t have to Intuitive consoles: On Premise or From the Cloud Backed by expert support 19

Sophos Labs Using Big Data to Protect Information SAMPLES TELEMETRY SOPHOSLABS HUMAN DECISION MAKING AUTOMATED LEARNING & AUTOMATION AT HOME ON THE MOVE REMOTE OFFICE HONEY POTS BIG DATA ANALYTICS Dynamic & Static HEADQUARTERS 20

SophosLabs Protection Via the Cloud Better, Real-time Protection Made Simple Malware Data Website URL Database HIPS Rules SophosLabs Active Protection Sensitive Data Types Application Categories Device Data Reputation Data Malicious URLs Spam Campaigns Mobile Application Reputation Anonymizing Proxies Application Patches Correlated Intelligence Reputation Data Content Classification Network Servers Devices Web Web App FW Email Wifi Next Gen FW Email Web File Smartphone/ Tablet Data Workstation/ Laptop 21

Discover Sophos Project Copernicus 22

Copernicus 23

Project Copernicus + 24

Next Gen Network Security Leading Threat Protection Capabilities Layer 8 User Identity Based Policies Sophos RED for Distributed Networks Secure Wi-Fi & Access Points Common architectures enable rapid integration Leading Application Control Capabilities High Performance Packet Filtering Web, Endpoint and Mobile Protection Architecture Platform Modular Open Source iview Logging & Reporting 25

Setting a new benchmark for firewalls Project Copernicus Comprehensive Management Every feature, on-premise and cloud, dashboards and reports Simple to Use From evaluation, licensing, deployment to day-to-day management Secured by Galileo Network, Enduser and Cloud combine to deliver advanced protection Re-designed workflows User-based policy model 26

Extensive UX Research and Design More friendly, inviting, and useful Fresh New User Experience A fresh ground-up design approach to user interface, navigation, and data presentation that s engaging and useful 27

Built-in Discovery Learn-as-you-go with context-aware documentation and visual reminders Contextual Documentation Provides documentation and visual cues directly in the navigation structure to remind users what that area of the product does 28

Built-in Policy Templates For common business applications like Exchange/Mail, SharePoint, Lync, etc. Business Application Policy Templates Provide access to business application servers or services quickly and easily Common templates include Exchange, SharePoint, Lync, and others TBD 29

Built for Real People Plain language policy descriptions Policy in Plain Language System automatically generates plain-english description of the policy in real-time as options are selected. 30

iview - Added Visibility 31

Easy evaluation using Discover Mode and Bridge Mode Two options to produce a comprehensive Security Audit Report Discover Mode Mirror Port Existing Firewall Existing Switch Bridge Mode Protected Network Discover Mode Discover Mode TAP /Mirror No disruptive changes to the network Mirrors traffic through UTM/NGFW Monitor only, no enforcement Visibility (no enforcement) into: User Behavior User-App Risks & Usage Web Risks & Usage Intrusion Attacks & ATP Client Insights (Heartbeat), Virus, VPN coming post v1 Security Audit Report Evaluation using Bridge Mode Offers extended reporting insight including Heartbeat Allows optional policy enforcement Traffic is passing through UTM/NGFW 32

User Threat Quotient Identifying potential security issues before they become problems User Risk Quotient Graph (Low, Medium, High-risk) with pop-over and drill-down options Risk Meter displays average threat score for the selected user, and compared to other users. User Risk Analysis Behavior-based analysis of Web behavior ATP triggers Ranks users Identifies top risks Enables quick and easy policy changes Broad-based or individual education Targeted intervention 33

Security Heartbeat Network and Endpoint share heartbeat and context to work better together Endpoints Access Control Heartbeat & Context Compliant Partially Compliant Non-Compliant Non-Compliant Suspect Endpoint Non-compliant Endpoints blocked from network and identified SG Firewall Server Partially-compliant Endpoints blocked from servers and identified Advanced Threat Protection 1. ATP detects and blocks suspect C&C connection 2. Context requested from Endpoint Internet SG Firewall Devices on the network share heartbeat and context Firewall enforces access policy based on level of compliance Firewall requests context from Endpoints in the event of suspicious network traffic Two products work better together to provide enhanced protection and improve response times to incidents 3. Connection context provided (user, process, etc.) 4. Admin notified about ATP event including context 34

Discover Sophos Project Galileo 35

36

Sun-centric Earth-centric view of of planetary revolution Simple Systematic Working in concert Relationship to nearby objects Based on multiple points of information Advances in technology Complex Myopic Independent of nearby objects Assumptions based on limited knowledge Best available technology at the time 37

Increasing attacks, increasing sophistication Attack surface exponentially larger Laptops/Desktops Phones/Tablets Virtual servers/desktops Threats more sophisticated Attacks are more coordinated than defenses 38

System-centric Threat-centric view of security Simple Systematic Working in concert Relationship to nearby objects Based on multiple points of information Advances in technology Complex Myopic Independent of nearby objects Assumptions based on limited knowledge Best available technology at the time 39

Project Galileo Security must be comprehensive The capabilities required to fully satisfy customer need Sophos Cloud Security can be made simple Platform, deployment, licensing, user experience Next Gen Enduser Security Next Gen Network Security Security is more effective as a system New possibilities through technology cooperation heartbeat Project Galileo Integrated, context-aware security where Enduser and Network technology share meaningful information to deliver better protection. SOPHOS LABS 40

Galileo delivers comprehensive security CORPORATE DATA WINDOWS PHONE ios WINDOWS MAC Prevent Malware Detect Compromises Remediate Threats Investigate Issues Encrypt Data ANDROID LINUX 41

42

Next Generation Threat Detection Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine SOPHOS SYSTEM PROTECTOR Galileo Heartbeat heartbeat Galileo Heartbeat SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection Compromise User System File Isolate subnet and WAN access Block/remove malware Identify & clean other infected systems 43

Improved Threat Detection Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine SOPHOS SYSTEM PROTECTOR Galileo Heartbeat heartbeat Galileo Heartbeat SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection Compromise User System File Lockdown local network access Remove file encryption keys Terminate/remove malware Identify & clean other infected systems 44

Automated Protection of Endpoints Sophos Cloud Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine SOPHOS SYSTEM PROTECTOR Galileo Heartbeat heartbeat Galileo Heartbeat SOPHOS FIREWALL OPERATING SYSTEM Threat Engine Live Protection Emulator HIPS/ Runtime Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection Endpoint Win Mac Mobile Discover unmanaged Endpoints Could it be managed? Self-service portal setup User authentication Distribute security profile 45

Network Visibility & Control Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine Live Protection Sophos System Protector Emulator HIPS/Runti me Protection Device Control Galileo Heartbeat Malicious Traffic Detection Galileo Heartbeat Proxy Selective Sandbox Sophos Firewall Operating System? Application Control Data Loss Prevention Threat Engine ATP Detection i App Info User System File Query if Top 10 bandwidth user Query endpoint for App info Identify other systems with same app Update all NGFW with app characteristics 46

Improve TCO Distributing security workload Application Control Application Tracking Reputation Web Protection IoC Collector Routing Email Security Web Filtering Intrusion Prevention System Firewall Threat Engine Sophos System Protector Galileo Heartbeat Galileo Heartbeat Sophos Firewall Operating System Threat Engine Live Protection Emulator HIPS/Runti me Protection Device Control Malicious Traffic Detection Proxy Selective Sandbox Application Control Data Loss Prevention ATP Detection i Compromise User System File Endpoint secure Turn off HTTPS scanning Endpoint compromised Activate HTTPS scanning 47

Wrapping Up 48

Project Galileo Difference Project Galileo System-Centric Simple Comprehensive Prevention, Detection, Investigation, Remediation, Encryption Enduser, Network, Server Automated Block unknown, advanced, coordinated attacks Competition Threat-Centric Complex Incomplete Prevention Point Product Manual Block the known 49

Conclusion 50

Security Made Simple RESULTS More Effective Security Users secure and productive, whatever device they are using. Fewer technologies and vendors simplifies implementation Less Investment No need for ton of time spent on security-focused IT tasks You ll consolidate licensing and get more from budgets 51

Complete Security Can Be Made Simple Complete Security Wherever the user is, whatever device they use Deployed How You Want On premise, as a service or as a hardware or virtual appliance Made Simple Easy setup, managed via Cloud, etc. 52

Sophos Ltd. All rights reserved. 53