Harish Chib, VP-MEA, Sophos, tells us why synchronised security, which enables endpoints and network security components to directly share information, will revolutionise threat detection.
Why is it important for organisations to have comprehensive security solutions?
Most organisations struggle with lack of visibility into the state of network and endpoint. Absence of context and timely intelligence further aggravate security challenge. Even with a so-called best-of-breed approach, different security solutions fail to share useful security information and as a result a security event soon snowballs into a security incident. Attackers and cyber-criminals take advantage of such gaps and target endpoints to make further progress into the network, being able to fly under the radar, eventually inflicting substantial damage to network, users, data and reputation as well.
The strategy of adding layer upon layer of disparate security technologies really is no longer practical or effective. It is costly, complex and out of reach for the vast majority of businesses who simply don’t have the resources to deploy, maintain and coordinate all these products. With an ever-increasing threat vector, there is a need to enable complete visibility at the desktop and at the gateway.
What steps should organisations take to enhance security?
It is important for organisations to adopt a proactive approach with respect to their security measures. They must first reassess their security posture, and develop, manage and control a new and improved cyber security infrastructure. They must also educate employees of the perils of cyber-attacks and ensure that they conform to the organisation’s cyber security policies. They need to start looking at cyber security as a part of their IT infrastructure and not as an add-on.
The three challenges that organisations must address are improving cyber security awareness, realising that lack of preparedness is putting sensitive data at risk, and making a concerted effort towards improving their cyber security infrastructure to protect endpoints and networks.
What is your take on next-generation security?
“Next generation” security is simply a way to describe the latest technologies in endpoint and network protection to make security better and faster. Sophos has been actively delivering next generation technologies in both network security and endpoint security, and in other areas of our portfolio as well. The two factors that differentiates Sophos from other vendors is that we deliver industrial-strength, next-generation technologies, but in a way that can be consumed and managed by organisations of any size; and second, we are taking the industry beyond “next generation” with the next step of synchronised security – enabling the next-gen endpoint and next-gen firewall to actively communicate with each other to improve the effectiveness and manageability of security for organisations of any size
Can you elaborate on your IT security solutions portfolio? What differentiates your solutions?
Sophos has a broad portfolio of solutions for network protection, end user protection and server protection. These include UTMs, wireless access points, secure Web Gateway, endpoint protection for mobile and desktops, SafeGuard encryption, virtualisation security and server security. In the development of our solutions, we have also kept the needs of pragmatic enterprises in mind; this means our solutions can be deployed and managed easily. Additionally, Sophos also offers a wide range of easy-to-integrate OEM solutions including AV, anti-malware, anti-spam, data loss prevention (DLP) and unified threat management (UTM).
Sophos believes security should be comprehensive, it should work as a system, and it must be simple to use; these are guiding principles that govern our product development. Our philosophy ‘Security Made Simple’ guides every aspect of our business. We realise that the world needs an answer to progressively complex threats and this is not going to change anytime soon. Unlike other organisations in the cyber security domain, we do not believe the answer to such threats lies in complex security solutions. Our core focus is delivering comprehensive and highly advanced solutions that are easy to deploy, manage and control.
Also, with the recently launched Security Heartbeat feature, which is fully enabled and included as a part of our Sophos XG Firewall/UTM and Sophos Cloud Managed Endpoint Protection, we have revolutionised the world of IT security. With Security Heartbeat, we deliver synchronised security that enables network and endpoints to share meaningful data that protects organisations from next-generation threats. This helps us offer an unrivalled security proposition and deliver the next level of IT security.
Sophos has coined the term Synchronised Security. What does it mean? What is your company’s vision on it?
Sophos is the first security vendor to deliver synchronised security, directly linking next-generation endpoint security and next-generation firewall to share threat intelligence that enables faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution. Synchronised security automates incident response via instant sharing of threat, security, and health information between endpoint and network. It eliminates the manual work of trying to figure out who, what and when a compromise happened.
Synchronised security is a key innovation in next-generation security protection, and we are delivering that through Sophos Security Heartbeat.
What is Security Heartbeat and how does it work?
Sophos is first to bring synchronised security between endpoints and networks in our new Sophos XG Firewall with Security Heartbeat. The Security Heartbeat pulses continuous, real-time information about suspicious behavior or malicious activity between endpoints and the next-generation firewall or UTM.
When a new Sophos protected endpoint is added to the network, its Security Heartbeat automatically connects to the local Sophos XG Firewall and the endpoint immediately starts sharing health status. If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information is instantly shared securely via the Security Heartbeat. The firewall can automatically take action to isolate the endpoint from internal and/or external networks and trigger additional action on the endpoint to mitigate risk and prevent data loss. After the threat has been removed, the endpoint uses the Security Heartbeat to communicate updated health status back to the network, which then re-establishes normal service to the endpoint
With Security Heartbeat, organisations of any size can advance their defenses against increasingly coordinated and stealthy attacks and drive a dramatic reduction in the time and resources required to investigate and address security incidents. IT organisations can benefit from advanced threat protection capabilities without requiring additional agents, layers of complex management tools, logging and analysis tools, or expense. The Security Heartbeat is fully enabled and included as part of the Sophos XG Firewall and Sophos Cloud-managed endpoint protection.
Why is the Security Heartbeat so significant in today’s market?
As an innovative leader, Sophos is driving this exciting new vision of synchronised security. Complexity is the enemy of effective security and products or technologies that are too hard to deploy or too hard to use don’t do any good. As the only vendor in the world with a balanced business at scale across endpoint and network security we are the first to be able to connect the endpoint and network directly. To make security simple, we have created a single, cloud-based management console that will span our entire portfolio.
What type of companies are you targeting with this solution? What is your strategy for the Middle East region?
Security Heartbeat is a solution which most organisations would benefit from, irrespective of their size and domain. However, it is seen that when it comes to securing data amid resource constraints, mid-market enterprises face more acute challenges as compared to their enterprise counterparts.
With Security Heartbeat we aim to target this underserved mid-market as there is a huge demand for solutions which provide complete, enterprise-grade IT security encompassing the entire IT infrastructure.
Sophos enjoys presence across the MEA region, which spans across 45 plus countries. The region is set to take a big leap in digitisation and we are ready to help with our demonstrable competence and experience of protecting customers of various verticals and sizes. Businesses and institutions in the Middle East and Africa are showing growing awareness of the need to bolster cyber resilience and enhance their cyber security infrastructure. We cover all aspects of securing a digital enterprise and have a wide portfolio of disruptive security innovations.