Sophos UTM Endpoint meets Gateway Jonathan Hope Channel Manager Network Security UK & Ireland
Sophos UTM Endpoint Web Email Data Mobile UTM Complete Security
Sophos UTM Sophos complete security integrated into a single appliance Network Protection Firewall, intrusion prevention, VPN & wireless protection at the perimeter Network Web Web and Email Protection optional features for flexible UTM protection at the perimeter Email UTM Mobile Data Endpoint 3 UTM 9: Endpoint Protection and Mobile Control Protecting communication and data directly at the endpoint
Flexible Licensing
Flexible Deployment Hardware Appliance Software Appliance Virtual Appliance
Flexible Management Resellers End-User Managed Resellers & MSPs Outsourced MSPs Cloud Service
Product Certifications VMware Ready Recognizes solutions that are interoperable and optimized for VMware platforms. ICSA Labs Firewall Certification Security industry's central authority for research, intelligence, and certification testing of products. Common Criteria EAL 4+ First Unified Threat Management appliance to receive the coveted Common Criteria certification. TOLLY Up-to-Spec Certified Certificated by an independent test lab. IPv6 Ready Certificated by an independent test lab.
Reference Customers
Essential Firewall
Network Security
Web Security
Mail Security
Web Application Security
Wireless Security
RED Branch Security Reinvented
Available Options Routers for private users Low-end UTM Appliances MPLS and Managed VPN Services
Sophos RED The easiest and most economic way to secure your branch offices in a few minutes without the need for technical personnel at the remote site!
Simple Depolyment Appliance can be delivered without configuration Internet TUNNEL Branch Office A0410230401 Computer Headquarters
Astaro Command Centre Real-Time Monitoring Aggregated Reporting Inventory Management Device Maintenance Central Configuration Access Management
Sophos UTM V9 Complete Security, the unfair advantage 20
Product Rebranding Renaming Astaro Security Gateway 220 ASG Web (Mail ) Security Astaro RED10 Astaro AP30 Astaro Command Center Sophos UTM 220 UTM Web (Email ) Protection Sophos RED10 Sophos AP30 Sophos... Redesign Change the look of Webadmin GUI (color, fonts and icons, no structural changes) -> Sophos UTM 9 Change the look of appliances (colors and logos) -> Sophos UTM110/120, 220, 320, 425, RED10 & AP10/30/50 done 21
New Hardware Design
New GUI 23
New GUI 24
New GUI 25
New GUI 26
Sophos AV Engine integration Add Sophos Anti-Virus (SAV) Engine as Secure-Mode Pattern-based engine Sophos Live-Protection Engine (SXL) will be added as Fast-Mode Realtime-Lookup of File/URL Checksums against Sophos Labs Needs no Pattern Update Detection rate at >99% compared to SAV 5-6x times faster Avira becomes secondary AV engine for dual-scan mode ClamAV engine removed 27
Integral Endpoint Management The marriage of gateway and endpoint protection Networking features for high availability and load balancing Endpoint Security & Mobile Control Complete email, web & network protection at the gateway VPN & wireless extensions Flexible Deployment Software Appliance Virtual Appliance Central, browser-based management & reporting of all applications 28
Sophos UTM V9 Endpoint Security in UTM (UTM 9.2) Broker Service Policies, Events, Updates Branch office Mobile user Policies, Events, Updates Internet Policies Roadwarrior Central office 29
Sophos UTM V9 Endpoint Security in UTM PROTOTYPE 30
Sophos UTM V9 Endpoint Security in UTM PROTOTYPE 31
UTM 9.0: Clientless SSL-VPN Grant secure, trusted access to internal systems for maintenance Browser-based, Pure HTML (NO Java or Active-X required) Support for VNC, RDP, SSH, Telnet, WebUI and WebApps Mobile Support for Apple ios, Android #1 Feature Request at http://feature.astaro.com
UTM 9.0: Hotspot support Protect Internet Access for Guest in Companies, Hotels and other places Aka Captive Portal Operating-Modes: Disclaimer-Page Password of the Day Guest-Registration within the EndUser-Portal Customization of the Portal-Site Part of the Wireless Subscription #2 Feature Request at http://feature.astaro.com
UTM 9.0: Hotspot support Easy Setup 34
UTM 9.0 other new features 35 Networking DHCP Options Support DHCP Server "Relay Mode" Network Definition Ranges Export of Netflow/IPFIX Records Interface Groups in Multi-Path rules IPv6 Support for Dynamic Interfaces DHCPv6: Clients with static mappings only Improved 3G Modem Support Load Sharing between multiple BGP uplinks Various QoS Improvements Bridge Network Security 1:1 NAT Rules Reorganize NAT Tab Multiple Objects in packetfilter rules Make user VPN configs available to admin SSL VPN Client without admin rights Update OpenSSL to > 1.0 Cyrilic langugage support for SSL-VPN Add hidden confd flags to limit/disable logging functionality Ship Snort engine as a pattern [PADLOCK] IPv6 NAT ICMP forward should only be outgoing NAT: Show rule numbers for "log initial packets" IPv6 Support for GEOIP Web Security AppAccuracy Program Configurable NAVL Classifier connlimit 'Youtube for Schools' Support Web Application Security Site Path Routing Hot-Standby support for backend servers Form hardening: check HTTP request method Mail Security Improve Listbox Widget Notifications for blocked outgoing mail Logging/Reporting Show license info in Executive Report Improve performance of userlog_read for the Management tab WebAdmin/GUI Customize Title for WebAdmin Add + expanders to customization GUI Add constant Live-Log button to WebAdmin TOP Show active sessions and logged in users Customizable Dashboard Global Object Search LCD4Linux Improvements HA/Cluster Keep unit reserved during Up2Date (Coldrollback) Sync conntrack node id Kernel Kernel Update Performance: AFC low hanging fruits Performance: MMAPed nfnetlink Drop uniprocessor kernels Installer Improve SSD support Up2Date Support installation of newer revisions of the same version Confd/Middleware Store shell login passwords in the Confd storage Hide passwords from debug log Infrastructure Patterns Misc LCD: integrate new LCD program
UTM 9.X Roadmap 2012 2013 Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Release 9.0 Release 9.1 Release 9.2 Release 9.0 GUI in Sophos Design SAV Integration UTM Endpoint Protection Device Control AV & HIPS Clientless SSL VPN Hotspot support Release 9.1 Improved Endpoint Protection Web Filtering (policy sync.) Client Firewall (policy sync.) DLP Full Disk Encryption MAC OS support Improved Wireless Security Repeater, Wireless IDS, Rogue AP detection Release 9.2 Improved Endpoint Protection App.Ctrl (client/gw comm.) Device & Media Encr. VPN client UTM Mobile Control Remote Lock & Wipe Central App. Mgmnt. Email Access Mgmnt. 36
Hardware Roadmap UTM 110/120, 220, 320 rev.5 Rebranded versions of existing ASG appliances Double RAM size UTM 425 rev.5 New model with Intel Sandy Bridge platform Intel Quad Core i5 CPU 8 GB RAM 6 GE Copper + 2 SFP Ports UTM 525/625 rev.5/2 New models with Intel Sandy Bridge e5 platform Multiple 10G ports Modular Interfaces GA: Mid Feb. GA: Mid Feb. GA: Q3 37
Access Points AP 50 Supports 5 & 2.4 GHz bands GE interface POE+ injector included For medium sized offices (~50 users) Shipping AP 5 USB Access Point Add wireless capabilities to every RED 10 rev.2/3 Centrally Managed out of UTM Pricing < 100 /$ GA: Q3
RED RED 10 rev.3 Rebranded version of existing RED 10 RED 50 For medium sized offices (~50 users) 1 USB 4 GE LAN ports 2 GE WAN ports for load balancing and failover VRED 10 Virtualized Version of RED10 Used to interconnect virtualization environment VMware Image Shipping GA: Q2/Q3 Upon request 39
Astaro Command Centre Planned features: Rebranded version -> Sophos UTM Central Manager? Increased Bandwidth efficiency Increased Scalability Central license management MSP license management Global EP policy management 40
Gateway Products 41
Sophos and the Cloud Cloud Connectors RED Product Line Astaro Security Gateway with VPC Connector Cloud Security UTM in the Cloud Live Protection Cloud Management Astaro Command Center in the Cloud Security as a Service product (Endpoint & UTM) 42