Sophos Security and Control future directionIntegrating information control and security compliance
into existing anti-malware infrastructure
Today every IT team has to look beyond anti-virus and anti-spam to address the risks of data loss and unauthorized users accessing information. Evolving the existing anti-malware infrastructure to address these issues is a manageable way forward.
Security threats and customer needs have changed dramatically over the past five years. Profit motives now drive cybercriminals to create threats that outstrip traditional anti-virus techniques. Meanwhile, an increasingly mobile workforce has rendered the network perimeter obsolete and left sensitive data assets at risk from careless or malicious user behavior. At the same time, the penalty for breaches has risen with data confidentiality, putting regulatory compliance center-stage.
Sophos led the security industry by moving beyond 'reactive' techniques to 'proactive' techniques with Genotype technology in all our products and application control, and we are leading again with 'preventive protection’ to automatically ensure computers are properly configured and users behavior conforms to policy.
Our next steps emphasize control of information, user behavior and computer configuration to combat the 'internal threat' - the loss of information, both accidental and malicious, by those inside the organization, and to make compliance manageable.
Data leakage prevention
Controlling users, data and applications
Today's mobile and collaborative workforce demands access to information wherever they are and the ability to share with co-workers or partners. Users routinely use and share data without giving thought to confidentiality and regulatory requirements. This has led to numerous data loss incidents that are frequently accidental rather than malicious.
The first step in data leakage prevention is encryption of laptops, removable storage devices and email. The second step is finer control of information and users by detecting risky behavior with information. It is here that Sophos differentiates - by treating this as a natural extension of current anti-malware infrastructure, and by using the analysis of SophosLabs to classify information in addition to malware.
Today, we manage data leakage with our email solutions offering content policy management, alongside anti-spam and anti-malware capabilities. At the endpoint, Sophos Security and Control already classifies certain characteristics and actions as malware, suspicious or unwanted behavior while allowing access to corporate approved applications and safe, appropriate content. For example by controlling the installation and use of peer-to-peer file sharing applications.
The next version of Sophos Endpoint Security and Control (version 9) will make Sophos the first vendor to extend anti-virus analysis to personally identifiable information (eg credit cards) and other confidential data. By integrating data leakage capabilities into the anti-malware infrastructure that every organization needs, Sophos will simplify the enforcement of consistent and effective data leakage prevention policies. Future versions will leverage this integrated infrastructure as we develop our capacity to help organizations control data.
Security compliance and IT governance
Using our expertise to make it easy for you
For efficient operation, and to meet regulatory requirements, corporate IT departments must ensure devices remain correctly configured, security is up-to-date, information is under control and users are compliant with corporate policies. Great security is no longer just about effective malware detection - it is about manageable systems for ensuring compliance with corporate approved IT policies and providing preventative protection.
Sophos led the way with core governance and compliance capabilities built-into Endpoint Security and Control 8 for the first time in the market. For more complex requirements, Sophos NAC Advanced assesses reports and remediates endpoints to meet best practice and regulatory requirements, it is a proven product with successful large scale deployments.
In the future we are further simplifying compliance by feeding NAC Advanced with constantly updated templates for best practice and regulatory compliance, using the expertise and infrastructure of SophosLabs. Customers can then tailor policies for their requirements, and lean on our experience, knowledge and expertise.
Manageable security
A matter of integration, automation and simplicity
As the range of computer, user and information control expands, the need for better integrated policy-setting and management becomes compelling. Sophos has pioneered an integrated approach to managing multiple security aspects, with the ability for single deployment, updating, policy setting and reporting.
Sophos will continue to keep pace with this challenge, at the same time simplifying and automating processes to reduce the cost of security management.
Protects all points:
Resources
"Sophos... consistently beat McAfee and Symantec in ease-of-use which should reduce recurring costs in any size enterprise."
Award-winning expertise
All licenses include industry-leading 24/7 technical support, and round-the-clock virus detection updates.
