Sophos XG FirewallIntegrated Security for Better ProtectionJon HopeChannel Manager UK&I – Network SecurityJames BurchellSenior Sales Engineer

In this sessionWhat we will cover XG – What’s included?What’s in it for customers?What’s in it for partners?Competitive UpdateXG vs UTM 9 featuresXG HardwareLicensing & PricingSupport PlansCross-Selling Opportunities

XG – What’s Included?3

XG Firewall: What does it include?HeartbeatSophos Firewall OS (SF-OS)New Firewall Operating Systemand Software PlatformXG Series AppliancesSecurity Heartbeat Identical to SG Series except Support for Security Heartbeatcome preloaded with SF-OS with Sophos Cloud EndpointsSophos Firewall Manager (SFM)New on-premise Centralized ManagementSophos Cloud Firewall Manager (CFM)Centralized Firewall Management in theCloud(for partners only initially)Migration ToolsLater this year for migratingUTM 9 to SF-OSSophos iView ReportingUpdated on-premise Centralized Reporting

Initial Target Market Segments –Simple!XG FirewallTargeting New Prospectsor Customers with no UTM Cloud customers (gain Security Heartbeat!) SEC customers migrating to CloudUTM 9Business as usual for existing UTM customersWe WILL look after them! Don’t worry about migration just yet Consider at renewal Or when migration tools available (CQ1)

Migration Starting as early as nextquarter For Customers Free upgrade to SF-OS Phased migration tools Ultimately push-buttonmigration Automatic licensing migration Supports NG/SG refreshprogram New capabilities for allcustomers!For Partners 2 year active development on existingplatformsRich education programs/certificationGlobal partner council as activeadvisorsPartner exclusive early access programsCY 2016CY 2015Q1UTM 9SUM 4.3Q2EAL4 XG FirewallQ3Q4V10.6.3Q2MRV1.5Q4Minor features &performanceMigrationSandbox subscSG85, AP15C,RED15WRED WifiAppAccuracyMESH imprQ3V9.5V9.4V9.35V1CyberoamOSQ1V2MRV3MR

What’s in it forCustomers?7

Compelling Reasons to Switch . protectionOn-box reportingTrusted industry leader

How does XG Firewall strengthen our story?

1. Simpler

XG Firewall: Simply solving common problemsDifficult to identify andprioritize issuesComplexity of policycreation andmanagementInteractive dashboardinstant data anddrilldownPolicy templates,easy to understandFirewalls full of jargonand difficult to navigateSelf-documentinginterface and menusIdentifying risksUser Threat Quotient andApp Risk monitoring

Unified PolicyManagement Don’t need tonavigate multiplemodules, or tabs tofind polices All policies on onescreen Users &Networking BusinessApplications Sort and Filter by Rule type Source Zone DestinationZone Status

IntegratedPolicies Everything on onescreen Layer-8 UserIdentity Polices Zone basedpolicies Web and AppControl per policy IPS and Traffic Flowper Policy Security HeartbeatPolicy Limit accessfor Red orYellowHeartbeats

Business AppPolicyTemplates Templates simplifyWAF protection forcommon businessapplications Exchange Sharepoint Lync And MuchMore Templates can becustomized Templates can beshared

2. Faster

Fast Path Technology FastPath optimizes firewall connectivity and routing Once connection is deemed trusted, all related packets take the fast path We properly scan all content in real-time or batch mode – we do notstream scanPolicy EngineMalware Engine(Who are you? Where are you going?)(Are you carrying anything dangerous?)FastPath Packet OptimizationStream scanning(e.g. for approved traffic “travelling together”)(e.g. visual inspection only)

3. All-in-One Protection

SecurityHeartbeat& AdvancedThreats Accelerateddiscovery Positiveidentification Automatedresponse Instant insightsinto compromisedsystems Hostname, IP User Time period Threat App/Process

Security Heartbeat Network and Endpoint working better together to revolutionize advanced threat protection AcceleratedAdvanced Threat ProtectionSuspectEndpoint1. ATP detects and blocks suspect C&C connection2. Context requested from Endpoint3. Full information exchanged (user, process, etc.)4. Admin notified about ATP event including contextHeartbeat in Network PoliciesEndpointsInternetXG FirewallNoSecurityissuesUnwantedApplicationSet more restrictivepolicies for systems withYellow HeartbeatCompromisedInfectedAutomatically isolatesystems withRed HeartbeatServerXG FirewallDiscoveryEndpoint and networkprotection combine toidentify unknownthreats faster. Active IdentificationReduces time taken toidentify infected or atrisk device or host byIP address alone. Automated ResponseCompromisedendpoints can beautomatically isolatedor restricted byfirewall policies basedon Heartbeat status.

Heatbeat demo

4. On-Box Reporting

All-in-One includes ReportingComplete on-box reporting – Standard!New Application and User Risk AnalysisApp Risk MeterIdentifies overall risk levelApplication dashboard identifies risky appsand who’s using themUser Risk Quotient (UTQ)Identifies risky usersBased on recent web browsing historyand advanced threat event triggers

User ThreatQuotient Identify risky usersbeforethey become aproblem UTQ based onrecent web historyand ATP triggers Enables: Quick and easypolicy changes User education Targetedintervention

UTQ demo

5. Trusted IndustryLeader

Gartner MQ - LeaderSophos: 4th year as a leader in the UTM MQ One of three leaders in a hot space Recognized for our focus on ease of use Only leader to move up and right this year No significant cautionsFortinet: Slips in vision. Still a very strong competitor.Gartner: “Difficult to sell and support”. “Usability andperformance doesn’t meet expectations”Checkpoint: Expensive!Gartner: “clients often cite price as the reason for notchoosing Checkpoint”Dell: Demoted out of the Leaders quadrant.Weakening.Gartner on Sonicwall: “Poor usability”, “Channeldisruption”Watchguard: Demoted out of the Leaders quadrant.Stagnant.Gartner on Watchguard: “Not visible”, “Not acompetitive threat”

Another product requiredCompetitive ChartSophosXG FirewallFortinetFG 20-90Dell SonicWALLTZ SeriesWatchGuardXTM SeriesNetwork Firewall/ProtectionAdvanced threat protectionNetwork and Endpoint Integration [Heartbeat]Unified PoliciesUser Risk Visibility [User Threat Quotient]FastPath Packet OptimizationSite to site and remote user VPNSecure web gatewayComplete Email Protection [AV, AS, Enc., DLP] Dual antivirusWi-FiReverse proxyWeb application firewallUser portalFull ReportingBest TMG feature parityDiscover (TAP) Mode Deployment

XG Firewall vs. UTM 928

XG Firewall vs UTM 9 Feature OverlapLots of compelling reasons to be excited about XGHighly requested features IN Copernicus(NOT in UTM 9)- User-based firewall polices- Zone based policies- IPS and QoS settings per policy- Firmware roll-back- Improved reporting- TAP mode deployments- Improved user authentication- Packet capture in UI- IMAP Proxy- Configuration APIInnovations (NOT in UTM 9)- Security Heartbeat- Unified policy model- WAF Policy Templates- Transparent web filtering- Pharming protectionGreat Sophos UTM Technology- Wireless- RED- WAF- ATP- SPX- Object Model- Web Proxy Engine- Sophos AV Engine- Clientless AccessGreat Cyberoam Technology Added- User-Identity based Firewall- FastPath packet optimization (200%!)- Authentication- IPS- App Control- iView Reporting- Centralized Management & ReportingUTM features NOT in Copernicus- 3 Node clustering- Clustering/HA for “w” models- RED to RED Tunnels- Some web security features(override, category quotas)- Endpoint Management(shifting to Cloud integration for HB)- SMC Integration- 2FA Support

XG Firewall: Making it easier to growEasier to SellEasier to Demo / PoCEasier to ManageEasier to Cross-Sell Simpler Faster More-inone Reporting Leader5-Reasons Sophos isbetterthan CompetitorsDiscover (TAP) ModeSophos Firewall ManagerCloud Firewall ManageriView ReportingWireless APs / REDNew: CentralizedManagementCentralized Reporting

What’s in it for SophosPartners?31

Centralized Management and ReportingSophos Firewall Manager (and CFM)Full-featured central mgmt/monitoring ofSF-OS devicesFree license for partnersSophos iView ReportingReports on SF-OS, UTM 9, &CyberoamOS devicesFree license for partners

Discover ModeTwo options to easily evaluate and produce a comprehensive Security Audit ReportExisting FirewallTAP/Mirror ModeDiscover ModeTAP/Mirror ModeExisting SwitchMirror PortBridge Mode No disruptive changes to the network Mirrors traffic through UTM/NGFW Monitor only, no enforcement Visibility (no enforcement) into: User Behavior User-App Risks & Usage Web Risks & Usage Intrusion Attacks & ATP Client Insights (Heartbeat), Virus, VPNcoming post v1Protected NetworkSecurity Audit ReportBridge Mode Offers extended reporting insightincluding HeartbeatAllows optional policy enforcementTraffic is passing through UTM/NGFWPossible use of bypass module

Hardware Appliances34

XG Series Appliance PortfolioHardwareApplianceXG 85XG 105 /115XG 125 /135XG 210 /230XG 310 /330XG 430 /450XG 550XG 650XG High-end2ULargeHigh-end2ULargeHigh-end2U44868 & 2 SFP8 (FleXiPort)8 (FleXiPort)8 (FleXiPort)8 (FleXiPort)FleXi 8242432642 SSD (RAID) &2 hot-swap2 hot-swap2 hot-swapNetwork Ports(standard)RedundancyWirelessn/an/aIntegr. 802.11n Integr. ionaln/an/aSSD (RAID)SSD (RAID)SSD (RAID)2nd hot-swappower optional 2 hot-swap2 hot-swap2 hot-swap(SG 450 only) power supplies power supplies power suppliesn/an/an/an/a

Positioning for new models – XG 85(w)XG 85/ XG 85w Introduced due to demand for lower cost model Same chassis as XG/SG 105/115 but no VGA port Some differences to other models:– 8 GB Flash memory – no HDD– Does not support on-box reporting (use iView freeoption)– No dual AV for V1, Sophos only– ‘w’ model 2 x 2:2 MIMO

Positioning for new models – XG 750XG 750 Opens up additional enterprise opportunities 2U chassis 8 FleXi Port bays (1 x 8 GE copper included) –max 64 ports Hot swap SSDs, redundant power supplies andfans Different manufacturer, so different FleXi Ports

Accessories – FleXi Ports, Transceivers& co.Additions to the price list XG 750 FleXi Port Modules 4 x 10GE SFP * Module for 1U and 750 (550/650coming later) LAN bypass modules (different for 1U, 550/650 and750)*Please note: transceivers (mini GBICs) are never included for SFP and SFP ports and need to be orderedseparately.newNormal modenewWAN LAN LANLANBP1/23/41LAN bypass – what’s that? Enables “fail open” operation data flows through theappliance even if there is a hw/sw fault or power outage.Uses relays to create a physical connection between twoports (bypass pair).Use for Bridge Mode – when the appliance is connectedbehind the main firewall.23Bypass modeWAN LAN LAN4LANBP1/23/41234

XG Firewall Licensing39

Base FirewallEnterpriseGuardFullGuardFirewall & VPN &WirelessFirewall & VPN &WirelessFirewall & VPN &WirelessProtection Modules:Included Protection:Included Protection:Network ProtectionNetwork ProtectionNetwork ProtectionWeb ProtectionWeb ProtectionWeb ProtectionEmail ProtectionWeb Server Protect. Enhanced Support XG Series ApplianceEnterpriseProtectEmail ProtectionWeb Server Protect. Enhanced Support XG Series ApplianceTotalProtect

Software & Virtual41

Changes to how we license SW/Virtual Addresses sales complexity such as: WAF protecting single server w/ many 1,000s ofexternal users Double counts for IPv4 and IPv6 for the same user In-line with method used by the market in general Changed due to enhanced Base FirewallSophos UTMXG FirewallHardwareSW / VirtualHardwareSW / VirtualOne-timepaymentPer IP/usersOne-timepaymentPer (v)core/RAMIncl. EssentialFirewallIncl. EssentialFirewallIncl. BaseFirewallOne-time fee forBase

Cross-sell Options43

More Opportunities to Cross-Sell1. RED and Wireless AccessPoints2. Centralized ManagementHeartbeat3. Centralized Reporting4. Security Heartbeat withSophos Cloud Endpoints5. Support Plans

RED and Wireless Wireless included in Base Firewall– Don’t need to pay more for software– Just buy the Access Points– Perpetual license – use it without renewal RED requires Network Protection Subscription– Comes with IPS, ATP, Clientless VPN, and SecurityHeartbeat

Central ManagementSophos Firewall Manager (SFM) 3 hardware models, 6 Virtual/SW models Virtual SFM based on # managed devices Support license req’d (includes upgrades) Perpetual device management licenseSFM200SFM300SFM40030100200SW/Virtual Appliance nsed # managed devices15501002005001,000HW ModelRecom. # managed devicesSophos Cloud Firewall Manager (CFM) Version 1 exclusively for Partners No charge for first version Numbers are current estimates

Central ReportingSophos iView v2 Perpetual license Licensing based on the storage size customerwants to report on Support license required (includes upgrades)NEWiView v2 VirtualAppliance ModelsNEW100 GB500 GB1 TB4 TB8 TBUnlimitedFree 995 1,795 5,995 9,995 19,995iView v2 is clearly marked on the price list and will be introduced after SF-OS