Table of Contents SERVICE OVERVIEW & SOLUTION
advertisement
Commercial-In-Confidence G-CLOUD FRAMEWORK SERVICE DEFINITION Sophos Next Generation Firewall / Unified Threat Management Solution Table of Contents 1 SERVICE OVERVIEW & SOLUTION ............................................................................................. 4 Essential Network Firewall ........................................................................................................... 5 Built-in central management ........................................................................................................ 9 Virtual Ethernet cable .................................................................................................................... 9 Rapid deployment .......................................................................................................................... 9 Email Protection ........................................................................................................................... 11 Web Protection ............................................................................................................................. 13 Web Server Protection ................................................................................................................ 15 Wireless Protection ..................................................................................................................... 17 Endpoint Protection..................................................................................................................... 18 Real time monitoring ................................................................................................................... 19 Central Configuration .................................................................................................................. 20 Reporting ...................................................................................................................................... 23 2 INFORMATION ASSURANCE ....................................................................................................... 24 3 BACKUP/RESTORE AND DISASTER RECOVERY PROVISION ................................................ 24 4 ON-BOARDING AND OFF-BOARDING PROCESSES ................................................................ 24 4.1 On-Boarding .......................................................................................................................... 24 4.2 Off-Boarding .......................................................................................................................... 24 5 SOPHOS SECURITY .................................................................................................................... 25 5.1 Secure Encrypted Connection from the Client to the Application ......................................... 25 6 PRICING ........................................................................................................................................ 25 7 SERVICE MANAGEMENT DETAILS ............................................................................................. 25 7.1 Technical Boundary ............................................................................................................... 25 7.2 Support Boundary ................................................................................................................. 25 7.3 User Authorization and Roles................................................................................................ 25 7.4 General Support details ........................................................................................................ 25 8 SERVICE CONSTRAINTS ............................................................................................................ 27 8.1 Planned Maintenance ........................................................................................................... 27 8.2 Emergency Maintenance ...................................................................................................... 29 9 SERVICE LEVELS ......................................................................................................................... 29 9.1 Award of Service Credits: ...................................................................................................... 31 9.2 Payment of Service Credits:.................................................................................................. 31 10 Financial recompense ............................................................................................................... 32 11 TRAINING ................................................................................................................................. 32 12 INVOICING PROCESS ............................................................................................................. 32 13 TERMINATION TERMS ............................................................................................................ 32 14 DATA EXTRACTION /REMOVAL CRITERIA ............................................................................ 32 14.1 Data standards in use ........................................................................................................... 32 14.2 Consumer generated data .................................................................................................... 32 14.3 Data extraction ...................................................................................................................... 33 14.4 Price of extraction ................................................................................................................. 33 14.5 Purge & destroy .................................................................................................................... 33 15 DATA PROCESSING AND STORAGE LOCATION(S) ............................................................. 33 16 DATA RESTORATION / SERVICE MIGRATION ....................................................................... 33 17 CUSTOMER RESPONSIBILITIES............................................................................................ 33 18 TECHNICAL REQUIREMENTS ................................................................................................ 33 19 BROWSERS ............................................................................................................................. 34 20 DETAILS OF ANY TRIAL SERVICE AVAILABLE ...................................................................... 34 1 SERVICE OVERVIEW & SOLUTION The Sophos Next Generation Firewall (also known as a Unified Threat Management solution) provides a flexible solution as an appliance, virtual appliance, software appliance or even in the Amazon cloud AWS. You choose the platform and the software subscription to meet your needs and together you have a solution which grows with you as your security needs and requirements grow into the future. Manage all your IT security from a single console: Firewall Intrusion Prevention / Intrusion Detection System IPS / IDS Web application firewall WAF email security Web security and filtering Dual Anti-Virus Engines for COCO / PSN Wireless management and security Security for remote offices Secure VPN access for mobile workers Endpoint protection (Antivirus, Antispyware, worms, Trojans, APT’s, Macro) and Device Control for Windows OS (Mac OSXlater 2013 / 2014) Our SophosLabs analysts constantly monitor and fine-tune detection for you— keeping an eye on websites to avoid, threats, spam and more. One vendor to call Modules Available: Essential Firewall – core Module Network Protection Email Protection Web Protection Web Server Protection Wireless Protection Endpoint Protection Central Management of multiple appliances via the Sophos UTM Manager Our Next Generation Firewall / UTM Solution include: Essential Network Firewall A good firewall can prevent exploits that lead to data loss or theft, infected computers, and other incidents that cost you time and money. The protective features in our Essential Network Firewall are designed for simplicity. We make it easy to control incoming and outgoing traffic. So you can be assured that you are configured for complete protection. Firewall The firewall in our UTM appliance is easy to use. With an open, visual layout you can be as broad or as detailed as you need. Sophos make firewall configuration simple with an object-based approach. You define an object like a workstation, file server or web server, and re-use it as needed. The packet filter is configured to deny-by-default. Only traffic that you specifically allow will pass through. This reduces the amount of time administrators spend learning and configuring the firewall. It also ensures that no unwanted traffic will be allowed through the firewall by accident. The Sophos firewall includes a variety of tools and features for controlling data flows that are allowed to pass from the Internet to the internal LAN and vice versa: Stateful packet filter Application-level deep packet filtering Controls network access for specific protocols and applications Flexible rules management Can include hosts, networks, groups or VPN users Automatic rule generation for application proxies and internal services Time-based activation Policy-based routing Interface-based rules Network Address Translation SNAT/DNAT, 1-to-1 NAT Masquerading Native Windows Remote Access Sophos acts as a receiver for the native Windows VPN. Native Windows Remote Access is a budget-friendly VPN. It is designed for organizations that need secure remote access that is easy to deploy and easy to use. Using the client tools in Windows, employees can authenticate and build a secure tunnel to any Sophos installation in moments. And you control access by group, individuals or a combination of both. PPTP (Point-To-Point Tunneling Protocol) Supports strong encryption (128-bit) Local or RADIUS based user authentication Authentication protocols: MSCHAPv2 IP Address assignment via pool network or DHCP server Supports native Windows and Apple iPhone client L2TP (Layer-2-Tunneling Protocol) over IPSec Authentication via pre-shared key or X.509 certificate Local or RADIUS based user authentication Authentication protocols: PAP, CHAP, MSCHAP, MSCHAPv2 IP Address assignment via pool network or DHCP server Supports native Windows and Apple iPhone client IPv6 Support Sophos UTM lets you migrate step-by-step to the new world of IPv6. By supporting a set of different tunneling and translation techniques you can easily connect IPv6 “islands” over your existing IPv4 infrastructure or even run IPv6 and IPv4 at the same time, across the same networks. We are fully certified as “IPv6 Ready” and have one of the most complete implementations of IPv6 support. Sophos UTM includes the first IPv6 ready packet filter with CC EAL4+ certification. Tunnel Broker SixXs Freenet Teredo Dual Stack 6to4 Mapping Amazon Virtual Private Cloud Connector (VPC) In addition to support for running UTM inside the Amazon Cloud itself, you can use UTM to access a dedicated private piece just for you using their dedicated and scalable hosting infrastructure. Sophos UTM is one of just three select providers to offer a secure connector to the Amazon VPC. Virtual Private Cloud Hardware Connector A purpose-built connection utility to VPC to access all your hosted servers with the strongest level of security Amazon supports. Knowledge Free Amazon VPC uses BGP routing across multiple tunnels to provide the utmost in security and reliability. With UTM, you don’t have to study all the technical details, you can link your UTM to VPC in seconds. Auto-Setup Link your UTM to Amazon VPC using your Amazon account to have an encrypted connection to redundant Amazon gateways built automatically, or choose to download the configuration from your Amazon account and simply upload the file into UTM. Network Protection Module Sophos Network Protection includes many fully integrated features: an intrusion prevention system, denial-of-service protection, a VPN gateway, an HTML5 VPN portal, advanced routing and more. We help protect your network by keeping bad traffic out and enabling secure access to authorized users. Intrusion Prevention Our Intrusion Prevention System identifies and stops threats that are hiding in incoming traffic. It analyzes approved traffic to protect your network from outside assaults. Identifies and blocks application and protocol related probes and attacks through deep-packet inspection Flood protection: DoS, DDoS and portscan blocking Database of over 8,000 patterns and rules including: Probing, port scans, interrogations, host sweeps Attacks on application vulnerabilities Protocol exploitations Intrusion detection and prevention Notify administrator and/or block traffic immediately Powerful management interface One click to enable or disable complete rule sets e.g. for email or web servers Branch Office VPN Our Branch Office VPN lets employees at different locations send and receive information through the Internet via a secure connection. And it’s so easy to use, you can link sites without any experience with VPNs. Supports IPsec and SSL protocols IPSec offers high interoperability with other devices SSL allows for easy setup between two Sophos UTM appliances Star, hub-and-spoke, and fully meshed configurations Nat-Traversal for establishing tunnels between NAT devices Supports all major encryption and many authentication methods DES, 3DES, AES, Serpent, Blowfish, Twofish MD5, SHA-1 XAUTH allows for integration of One-Time-Password systems Full Public Key Infrastructure (PKI) support Remote Access VPN For workers in the field requiring easy but secure remote access to their company network, Sophos supports a broad set of industry-standard VPN technologies including IPSec, SSL, Cisco VPN, iOS and native Windows VPN clients. Authentication via pre-shared key (PSK), PKI (X.509), smartcards, tokens, XAUTH Encryption: AES (128/192/256), DES, 3DES (112/168), Blowfish (128/448), RSA (up to 2048 Bit), DH groups 1/2/5/14, MD5, SHA-256/384/512 Intelligent split-tunneling for optimum traffic routing NAT-Traversal support Multilingual (English, German, French) Works with any Sophos UTM appliance running a UTM Network Protection subscription Proven SSL- (TLS) based security Supports MD5, SHA, DES, 3DES and AES Works through all firewalls, regardless of proxies and NAT Independent from browser Offers transparent access to all resources and applications within the corporate network Once installed, runs without requiring administrative rights HTML5 VPN Portal Give controlled network access to third parties and IT staff who are outside of the office. Our HTML5 VPN Portal allows access from anywhere. Pure HTML5 based KVM (Keyboard Video Mouse) Client in Portal Only uses HTML5 canvas, web sockets and JavaScript No plugin or client to install No files are stored on devices, keeping data secure Access your network resources with: VNC, RDP, Citrix, SSH, Telnet, WebUI and WebApps Auto-Login makes old single-password devices multiuser capable Advanced Routing Advanced routing capabilities in Sophos Network Protection provide optimal path selection, load balancing and stability. Sophos RED – Remote Ethernet Devices Sophos RED provides complete protection for even the smallest remote and home offices. It extends your Network, Web and Email Security subscriptions on your Sophos UTM to branch offices. Sophos RED connects securely to your central Sophos UTM, where all your security is managed. So your branch office gets the same level of protection as head office. All you need for a Sophos RED device to work is an active Network Security subscription. Built-in central management The Sophos UTM controls your Sophos RED so there’s no need to manage individual devices. And all connections go through a clever cloud-based provisioning service. Everything from configuration, logging and troubleshooting are done from your Sophos UTM. No matter where your offices are, all you need is a web connection. Managing your remote site’s IP addresses is easy with Sophos RED. Define your global DHCP and DNS Server configuration on your central Sophos UTM. Then roll it out to all RED-connected networks. Sophos RED also simplifies security policies. There’s no need to create and maintain separate security policies for each branch office. One global security policy protects all remote sites. You don’t need any separate reporting tools. Built-in reporting integrates RED-connected networks, just as if they were physically connected to your Sophos UTM. So you manage your branch offices just like another department in your central office. Virtual Ethernet cable Sophos RED acts like a remote network port connected by a virtual Ethernet cable to your Sophos UTM. All data sent to the central UTM appliance is protected with strong encryption. Sophos RED creates a secure Ethernet tunnel to your Sophos UTM appliance using AES256 encryption and SHA1-HMAC authentication. Before it is sent across the network, data is authenticated via SSL by using trusted digital X.509 certificates. Hardware-based AES encryption accelerates throughput rates and ensures low latency. Each Sophos RED 10 device can provide throughput rates of more than 30 Mbps, which should be easily enough for most small office Internet connections. However, if a higher throughput rate is required, we recommend deploying Sophos RED 50, which provides data throughput of up to 360 Mbps. Rapid deployment Sophos RED is the first security gateway that doesn’t require local set up or technical skills at the remote site. The entire configuration is done at your central office and distributed to all Sophos RED devices. The easy plug-and-play setup enables mass rollouts of up to 100 devices in a day. Sophos RED configuration and deployment is completely automated. Simply enter a name and the unique device ID printed on the RED into your Sophos UTM. A new configuration file is automatically created and stored with the Sophos provisioning service. An unconfigured Sophos RED device is shipped to the remote office. Connect it to the Internet, and plug it into the wall. The Sophos RED device powers up and automatically retrieves its configuration from the provision service. It then connects to your central Sophos UTM and establishes a secure Ethernet tunnel. Email Protection Protecting email against viruses, spam and data loss can be hard work. You must address infections caused by viruses that get past your desktop defenses, manage spam quarantines and ensure employees properly encrypt their email. Sophos UTM Email Protection makes it easy to keep your inboxes clear of viruses and spam. We give you accurate, high-capacity mail filtering and email encryption. And handy management tools make life easier for you and your users. Anti-Spam Unwanted email can slow your network and your people. Our anti-spam software stops all spam before it’s delivered to employee mailboxes. Identifies and disposes unsolicited SMTP and POP3 emails Highest detection rate through combination of multiple methods to identify spam Reputation service with spam outbreak detection (format and language agnostic) using patented Recurrent-Pattern Detection™ technology Realtime Blackhole Lists (RBLs) Dialup network blocking Greylisting BATV (Bounce Address Tag Verification) SPF (Sender Policy Framework) record checking Expression filter Recipient validation (using Active Directory) Reverse-DNS & HELO syntax checks Phishing URL detection Flexible management Emails and attachments can be rejected with message to sender, passed with a warning or quarantined Web-based UserPortal and daily quarantine reports about blocked emails allow for user self-servicing actions Antivirus Scanning Dual scanning protection engines operate in parallel at the network gateway. So providing support to COCO / PSN recommendations for dual layer scanning for Anti-Virus, Worms, APT’s, Trojans, Macro malware in emails. Dual independent virus scanners with multiple detection methods Frequent automatic updates Behavioral scanning Live protection Scans HTTP, HTTPS, FTP, SMTP and POP3 traffic Scans encrypted SMTP traffic Flexible management Easily set up file and content rules. Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined Email Encryption You need to make sure that your email traffic is secure. We do that for you with email that’s automatically encrypted and decrypted at the gateway. Encryption/decryption and digital Signatures for SMTP emails Supports OpenPGP,S/MIME and TLS Completely transparent to the enduser No additional software on client PC required Easy setup Only three configuration steps to start Central management of all keys and certificates No key or certificate distribution required Allows content/virus scanning even for encrypted SMTP emails Allows usage of internal or external Certificate Authorities (CA) Fully supports X.509 standard for digital certificates Personal Quarantine & Email Manager We give employees control over their spam quarantine and message activity. You save time and effort. Web Protection The web can threaten productivity and introduce malware to your network. Sophos Web Protection prevents malware infections and gives you control over employees’ web use. Spyware and viruses are stopped before they can enter the network. You create easy policies that set where and how employees spend time online. Everything is tracked and arranged in detailed reports so you can see what people are doing and make changes as needed. Application Control We help you control the applications that could cause security or legal problems, like P2P or instant messaging. And you get a handle on the unwanted applications that clog your network. Patterns for over 600 relevant applications Deep Layer-7 inspection for true application identification (Next-Generation Firewall) Unclassified application feedback Updates on new applications Complete control to block, allow, shape and prioritize applications Detailed real-time reporting and forensic history Graphical flow-monitor that shows everything as it happens URL Filtering Control which websites your employees can access. Protect the network and boost productivity. Block and allow an entire category of websites or a single URL. Comprehensive Up-to-Date Database with 35+ Million Websites Covering over 3.9 Billion Web Pages in 96 Categories: Nudity, gambling, criminal activities, shopping, drugs, job search, sports, entertainment, etc. Additional categories can be created for individual customization International content from hundreds of countries in 65 languages Re-categorization via online form Fast Response Times through Globally Distributed Database Replications Filter Might also Consider Global Reputation Whitelists and Blacklists to Tailor Access for Groups of Users Many User Authentication Options IP Address, Active Directory SSO, eDirectory SSO, LDAP, RADIUS/TACACS+ Time-based access policies Antivirus/Anti-spyware A variety of web threats put your network at risk. Dual scanning protection engines operate in parallel at the network gateway. So providing support to COCO / PSN recommendations for dual layer scanning for Anti-Virus, Worms, APT’s, Trojans, Macro malware in web sites or web content downloaded from web sites. Blocks (unintentional) downloads of spyware, adware, and other malicious software Prevents infected systems from sending information back to servers hosting malware Checks against a database of known spyware URLs Filters and removes active content such as Java, Active X, Flash, cookies, VBScript or JavaScript Dual independent virus scanners with multiple detection methods Frequent automatic updates Behavioral scanning Live protection Scans HTTP, HTTPS, FTP, SMTP and POP3 traffic Flexible management Easily setup file and content rules Emails and attachments can be dropped, rejected with message to sender, passed with a warning, or quarantined HTTPS Scanning Malware and other threats can hide in the encrypted traffic from trusted web sites. Our HTTPS Scanner lets you see this traffic and block malicious content. Transparent de-encryption and re-encryption of HTTPS traffic via a trusted man-inthe-middle technique Complete filtering of encrypted HTTPS sessions and their contents via dual antivirus scanners Stops tunneling programs from abusing open HTTPS ports URL filtering for HTTPS sites Automatic validation of server certificates prevents users from (un)intentionally bypassing certificate warning messages Full CA management One-click deployment of gateway certificate Granular tuning and exceptions Interactive Web and User Reporting We give you the information you need, clearly and simply. Understand how your employees are using the web and how to improve your network protection. Learn more about Interactive Web and User Reporting Web Server Protection Attackers can easily take advantage of web servers to steal data, obtain unauthorized access and infect systems. Manually protecting the web server against these threats requires specialized expertise. Sophos Web Server Protection eliminates this need. We use a reverse proxy to protect the web server(s) and web application(s) against the unknown. A clear administrative interface simplifies policy setting. Web Application Firewall Hackers can use a number of attack methods to silently test your site and applications for security holes. Our Web Application Firewall keeps hackers at bay by scanning their activity and identifying probes and attacks. Over 350 patterns are dedicated to this single area of protection Live-updated in real time using Sophos Up2Date technology Can be configured by any administrator, no special training is required Support for multiple profiles, which can be applied to different servers separately No complex regular expressions to master Reduces the risk of data theft and site tampering Antivirus Scanning Dual scanning engines operate in parallel at the network gateway, scanning all traffic to and from your web servers. Visitors are unable to upload infected content, and your servers are protected from exploits. Making sure they don’t hand out malicious files and infected content to your customers. Dual, independent virus scanners with multiple detection methods Virus signatures Heuristic analysis Scans HTTP and HTTPS, traffic to and from your servers Compares content to a huge signature database More than 800,000 virus signatures Frequent automatic updates Features flexible management Can specify to scan uploads, downloads or both Form Hardening Inspect and validate the information submitted by visitors via forms on websites. This stops users from submitting invalid data that can damage or exploit your server. Form data analysis Legitimate response awareness Encrypted response packaging Rejection of tampered forms Rejection of forms that remove the form hardening package URL Hardening When web server(s) try to interpret a crafted URL, it can create a hole that can be used to obtain access to your server. Our URL Hardening technology enforces the requests that a visitor is allowed to make, restricting them to valid ones only. Define and manage allowed entry URLs Prevent unwanted "deep-linking" to your site and control entry points Inspect the objects returned from a server in response to a user request and enforce that the next thing they request is on that list Prevent users from passing commands to your servers that can exploit or overwhelm them Keep visitors from accessing areas of the site not meant for them, like an /admin directory that is not appropriately secured On-the-fly inspection and building of object and URL whitelist customizes the feature per-user Cookie Protection Hackers can exploit cookies and put your website visitors at risk. Our Cookie Protection ensures that the cookies given to visitors by your web servers have not been tampered with. Each cookie is digitally signed so the integrity of the information can be verified. Wireless Protection Wireless networks need the same policies and protection as the wired network. This can be difficult without a way to centrally manage the network and extend your security. Sophos give you these capabilities with Wireless Protection. Now the wireless network is easily managed and protected, ensuring consistency across your organization. Central Management Sophos UTM acts as a wireless controller, centrally managing Sophos Wireless Access Points. All configurations, logging and troubleshooting is done within the UTM appliance. Thin access point technology Built-in wireless controller in Sophos UTM Wi-Fi Hotspot Easily set up wireless Internet access for guests or temporary users without the risk of compromising the integrity of your network. Guests and contractors expect to get Internet access when they visit an organization. There isn’t an easy way to set up the infrastructure for this with time-based access and passwords for connecting. With Sophos UTM, you can easily configure various types of hotspots, depending on your policies for wireless access. With a voucher-based hotspot, for example, you have the flexibility to freely define Internet vouchers based on the validity period, a time quota or the data volume. Endpoint Protection Keep users safe by stopping malware and rogue websites, as well as controlling devices attached to computers. Endpoint Protection There are hundreds of thousands of pieces of new malware detected every day by SophosLabs. Nearly all of these threats are targeted at computers browsing the web and plugging in devices. Sophos UTM Endpoint Protection helps you easily deploy our antivirus software to your computers and set policies to keep them safe wherever and however they’re connected. We also let you control which devices can be connected to these computers. With Sophos Endpoint Anti-Virus and Host Intrusion Prevention System (HIPS) you can make sure that files, webpages and devices are scanned as they’re accessed by computers, blocking or cleaning potential threats. Sophos HIPS takes protection beyond signatures with proactive and behavioral detection. And our live URL blocking can also stop bad websites before they load. We do this by checking against a list of known malicious URLs maintained by Sophos and accessed via the cloud. Our antivirus detects, blocks and cleans: Viruses Trojans Spyware Worms Macro APT (Advanced Persistent Threat) Adware Potentially unwanted applications Device Control With device control you can reduce the risk of data loss and malware by managing removable devices connected to your computers. Device control lets you define which computers have access to specific removable devices. You can also manage which endpoints are allowed particular devices—i.e., making sure that senior manager’s use only encrypted USB keys. Our device control lets you manage: Removable storage Secure removable storage CD and DVD devices Infrared devices Wi-Fi devices Bluetooth interfaces Protect Endpoints Everywhere with LiveConnect Sophos LiveConnect is a cloud service that lets your endpoint computers communicate with your Sophos UTM wherever they are. You can set policies for antivirus and device control, see alerts and even geographic locations, all from your central console. So even if your user is connected at a business partner, at a remote location, home or hotel, you know that endpoint protection is managed and the computer is safe Sophos UTM Manager Sophos UTM Manager lets you see and manage lots of Sophos UTMs through a single log in. From instant hardware reports to security information, monitoring and managing many devices is quick and easy. With just a few simple steps secure VPN tunnels are opened and policies can be deployed to all your Sophos UTMs. Key Features Real-Time Monitoring Central Configuration Reporting Real time monitoring Wherever a UTM is used, activity and information is gathered that administrators rely on. Rather than view and work with this data individually, our Sophos UTM Manager is the central point where you can see information on your connected installations. View UTM activity from one console System load CPU load (total) CPU load by core RAM and Swap allocations Hard drive allocations for all partitions Network card load HA/Cluster status Threats Infringements of packet filter rules IPS attacks, port scans, failed login attempts, virus and spyware attacks Monitoring mail activity and see spam statistics Services Overview Display of activated and deactivated services Monitoring of functions in the segments: Network Security: SOCKS proxy, Intrusion Protection Web Security: FTP and HTTP proxy Mail Security: SMTP and POP3 proxy NTP, DNS and DHCP servers CPU load by service RAM load by service License Information Active and maximum permitted number of users and connections License status and license ID Remaining period for each subscription Manage your UTM inventory Inventory management lets you review everything connected to the Sophos UTM Manager. Showing which types of devices are currently being managed, along with hardware specifications like number of processors and amount of memory, so you can keep track of exactly what’s in your security infrastructure. You can also access a details page for each device, which provides an in-depth hardware profile about the components which make up the security appliance. Information like BIOS version, hard drive model and capacity, and information (including MAC address) of every installed network interface card. Many tools exist for controller which devices are allowed to communicate to SCC either over a private VPN or the public Internet, and administrators can review the connected devices and choose to edit details and labeling for any of them, along with deleting/denying them access to the SUM. Scheduled operations allow tasks such as a scheduled reboot or firmware download/installation to happen at a convenient time. Inventory Lists with Hardware Information for all Devices: Device type Processor RAM Hard drive CD ROM Network cards Central Configuration Control access to UTMs The Sophos UTM Manager uses encrypted sessions so you can dive directly into a device’s WebAdmin without needing to login each time. Working with lots of locations in a business is always challenging. The problems begin with basic tasks like logging into a specific site. The administrator needs to know what password to use and what address to login to. These types of operations cause extra management time and lead to shortcuts being made, like a single password being used for all locations or sensitive data being left in plain view on sticky notes or in unprotected documents. Connecting devices to Sophos UTM Manager is simple; just login to a SophosUTM, point it at the Sophos UTM Manager, then authorize it as being allowed. Using encrypted communications, the Sophos Sophos UTM Manager can then talk to the connected installation securely. User Rights Granular role assignment by customer, user and gateway: No access Monitoring: access to general overviews Maintenance: access to the inventory overview as well as administration of routine tasks Configuration: can perform configuration tasks Reporting: can see and access reports and device information UserAdmin: user rights administrator for selected devices Directory Service Integration Authentication of all SCC users via directory services: eDirectory, Active Directory, RADIUS, TACACS+ and LDAP Secure single sign-on (SSO) access to all devices (without additional login prompting) Reporting Daily, weekly, monthly and yearly overviews of: Hardware and network capacity Network security of Sophos UTM Manager Automatic transmission of an executive report via email Configure Site-to-Site VPNs With Sophos UTM Manager creating a VPN tunnel between two or more sites doesn’t need you to log into each device. We make building VPN tunnels easy, even if dozens of devices need to be connected. Central VPN Configuration Build site-to-site IPSec VPN tunnels Connect multiple sites together with one process Wizard for tunnel creation Edit/Delete deployed tunnels Fully contained within SUM, no WebAdmin logins required. Create Global Definitions Avoid redundant tasks with Global Definitions. You can use to use the Sophos UTM Manager to centrally define objects and then push them out to your installations, putting objects directly in the target device inventory, ready to be used for building configuration. If you have a central file server which ten installations access you do not have to define this file server object inside all 10 devices to build access rules around it. And if you ever need to change the parameters of this file server, you don’t need to go back and manually touch each device; just make the change to the object centrally. The Sophos UTM Manager will automatically ensure any updates or changes you make to Global Definitions are updated on the devices which they are deployed to. If an object already exists locally on a specific installation, you can easily convert it to a global one simply by matching the parameters and choosing to substitute the existing local definition with its global counterpart during deployment. It’s even possible to share global definitions across separate companies managed by the same Sophos UTM Manager installation. "Make once, use many" approach Import definitions from your UTM Centrally manage and roll-out Network and Service Definitions Automatic re-synchronization of deployed definitions when updated Merge existing local definitions with their new central counterparts Use "shared" Global Definitions on devices in separate Organizations Set central web content filter rules Working with a company policy on web use can be difficult when you have multiple sites or branches to maintain. With central management of Web Content filtering, you can make sweeping changes or selective adjustments anytime with no need for advanced planning or synchronizing separate management consoles. Learn more about central web content filter rules Rather than doing all the work by hand, Sophos UTM Manager offers you a much more efficient way to manage your web content filtering policy. Right in the UTM Manager, you can craft profiles with desired configuration settings and permissions. Once your policy is built, you can then push it out to one, all, or any combination of your company sites. We also make updating what you’ve deployed a breeze, simply edit the profile you want to make changes to, and adjustments can be instantly pushed out to the sites operating under that profile. Forget scheduling or planning your changes by working with your locations one at a time, procedures which used to take hours or days to fully complete will literally take just seconds. Sophos UTM Manager makes it simple to build, deploy, and maintain web security settings for your entire company. Set central packet filter rules When faced with the task of building and maintaining firewall rules for multiple locations, administrators can often be overwhelmed by complex rule sets that need to be manually created and maintained at each site, and grow exponentially as more locations are added. For the average SMB to the enterprise company, there is a better and more effective way to work with your security rules. Sophos UTM Manager gives you the ability to build, deploy, and maintain firewall rules and rule sets from a central point. Now, ensuring your security settings are in synch has never been easier. Compliance efforts can also be affected if a rule is forgotten at one location or a you need to make changes to deal in response to new guidelines. Rather than waste time trying to manually co-ordinate your firewall rules on each device, do it once in Sophos UTM Manager and simply push settings out to the desired locations. You also get the freedom to carefully craft and review your rulesets before deciding when and where to push them out. Once you have deployed your rules, making revisions and changes is very easy. If you notice an error, your needs change, or you have to respond to a request from external factors like a compliance audit, adjustments can be made to the rule sets at any time. By removing the need to manually touch each location, the margin for error at individual sites is eliminated, and you retain all the control of what rules are in place at what locations; you just manage it more efficiently and easily by doing everything centrally. Easily update and maintain UTMs The Sophos UTM Manager lets you take central control over updating your security infrastructure. Using the same technology as our WebAdmin, you can see what firmware version your installations are running and update them all simultaneously. The Sophos UTM Manager gives you a configurable overview of every connected device. It can show you the versions of firmware and security patterns currently running at each site and you can use it to schedule and deploy updates to every site in the company without needing to manually manage this process at each location. Ensuring that a security device is at the latest version means you are protected against the latest threats and by having an easy system for updating all devices reduces the chance that you will fall behind on your protection. Version Control Installed firmware and pattern versions Initiation of firmware and pattern updates Prefetch control Monitoring of the update process Reporting Get aggregated reports from your UTMs Sophos UTM Manager has a central reporting engine which allows you to select and compile over 20 reports individually or combined across multiple installations. This can let you know things like the most-accessed site in a company for a month, or the total amount of bandwidth transferred by three locations so far this week. For more information, all reporting output can be drilled into graphically for more details. In addition, you can make copies of the reports any time and send the report to a physical printer or PDF engine. Filters are available so you can limit the displayed devices for reporting sources to a certain company, allowing for easy creation of reports per Organizational Unit. This is especially useful if Sophos UTM Manager is used to manage devices for separate companies, since administrators from each company can login and print their own reports anytime. Generate reports of combined data from any desired number of devices Print reports, drill-down to precise details, and use sorting and comparison features Covers Accounting, Network Security, Web Security and Mail Security features More than 20+ reports are available, with more being added 2 INFORMATION ASSURANCE Sophos has hosted solutions with our partners at IL0-2 and are in conversations with a IL3 provider to explore offering pan-Government IL3 hosting. Currently the solution is available as an on-premise virtual via software or physical appliance based solution or delivered as a managed solution via our partners including AWS. 3 BACKUP/RESTORE AND DISASTER RECOVERY PROVISION Sophos UTM’s are available as hardware, software or virtual Appliances or through Amazon. The appliances can be clustered in to High Availability Clusters – Active / Passive or Active / Active. Creating and Restoring a backup - http://www.sophos.com/enus/support/knowledgebase/115187.aspx Reimage a UTM - http://www.sophos.com/en-us/support/knowledgebase/115879.aspx Documentation - http://www.sophos.com/en-us/support/documentation/sophos-utm.aspx# User BBS – http://www.astaro.org/ Sophos UTM Manager Documentation - http://www.sophos.com/enus/support/documentation/sophos-utm-manager.aspx# Sophos recommend engaging with partner or Sophos Professional Services for complex environments 4 ON-BOARDING AND OFF-BOARDING PROCESSES 4.1 On-Boarding New Sophos customers will receive a license schedule which contains all the updating / licencing information required to download, install and update Sophos solutions for the period of the license. Most Sophos licenses are sold as subscriptions typically for 1, 2, 3 and 5 year periods. However some solutions can be purchased as a perpetual license with a maintenance renewal. Sophos solutions are generally installed within the customers own environment on their own server infrastructure. These servers are either physical or virtual running Windows OS. To download Sophos software a “MyUTM” will need to be created on the Sophos.com website. When created this My Sophos account will ask for various details about the license which will then provide the creator with the ability to download licenced software and updates for the period of the license. The Sophos web site also includes all support documentation and knowledgebase articles, plus a Getting Started section which provides import information relating to system requirements or hints and tips for successful installations http://www.sophos.com/en-us/support/resource-centers/gettingstarted.aspx we also have a Youtube channel http://www.youtube.com/user/SophosGlobalSupport Sophos would recommend Partner or Sophos Professional Services to help customers get up and running quicker. Depending on the exact requirements and scope, this could take the form of a remote session, server install and training or full installation and competitive AV product removal. All customers are entitled to 24x7 Technical support directly from Sophos via phone, web and email. 4.2 Off-Boarding For software purchased via Subscription, if the subscription ends then all updates will cease and the software must be uninstalled from all devices using the software. For software purchased via Perpetual, then the customer owns the software – but access to support or maintenance releases will be blocked unless the on-going maintenance payment is made. 5 SOPHOS SECURITY As noted above, Sophos solutions are generally installed within the customers own environment on their own server infrastructure – therefore Sophos and Sophos employees do not have any access to this infrastructure. To protect customer data within the Sophos solutions, many of our products include role based administration and auditing of events – such as log on / off / policy change etc.. This ensures that the data integrity is maintained and if policy configuration is changed then this event is logged. 5.1 Secure Encrypted Connection from the Client to the Application Sophos Next Generation Firewalls / UTM are managed via web browser using an HTTPS connection on port 4444 Sophos UTM Manager is managed via a web browser using an HTTPS connection on ports 4444 (Web Admin) and 4422 (Gateway Manager) UTM Manager communicates to the UTM’s via port 4433 to provide centralised management of multiple UTMs’ 6 PRICING Please refer to pricing document. 7 SERVICE MANAGEMENT DETAILS 7.1 Technical Boundary As noted above, Sophos solutions are generally installed within the customers own environment on their own physical or virtual server infrastructure – therefore Sophos and Sophos employees do not have any direct access to this infrastructure. 7.2 Support Boundary Some Enabled partners can offer 1st and 2nd line support as UTM Standard Support Alternatively Customers can purchase UTM Premium support to access 24x7 Technical support directly from Sophos via phone, web and email. 7.3 User Authorization and Roles Administrators set user profiles which can link to the ability to carry out tasks. Different roles can be defined depending upon the risk profile of the organisation. 7.4 General Support details At Sophos we take support seriously, making sure you can quickly get the expert help you need. Many of our products come with 24/7 support and upgrades as standard and for those that don’t you can simply choose the level of support your business needs. For the Sophos Next Generation Firewall / UTM, some enabled partners can offer 1st and 2nd line support directly to customers. Alternatively UTM Premium support can be purchased directly from Sophos. Depending on the package you choose you’ll get access to engineers directly for one-to-one support by email or telephone, or simply access our comprehensive, searchable, web-based support knowledgebase. And our support is proactive making sure you hear about the latest product news and general information on security threats and protection strategies. You’ll get help with installing, configuring and upgrading our products and resolving any technical issues. And we don’t place limits on how much help you can get, raise as many support incidents as you need to - if you’ve got a problem we want to fix it. UTM Web: Included free-of-charge with every UTM base license and offers a 72 hour bring in hardware replacement during the period of 1 year as well as unlimited access to web based self-help support such as the Sophos Knowledgebase and User forums UTM Standard: Included with every UTM security subscription with a run time of 1, 3 or 5 years and offers a 24 hour bring in hardware replacement, automatic software updates as well as technical 10*5 support via your UTM partner UTM Premium: This can be purchased as an optional upgrade to the Standard Support for 1, 3 or 5 years and offers a 24 hour up front hardware replacement, automatic software updates as well as 24x7 technical support direct from Sophos support engineers We’re a member of TSANet (www.tsanet.org), the worldwide vendor-neutral support alliance. This means that we can work directly with other vendors to help solve problems that involve their technologies. The SCP standard makes us part of a community of companies giving the very best service. Sharing best practices and working actively together to make technical support better for everyone. http://www.sophos.com/enus/medialibrary/PDFs/Support/sophos_support_spc_certification_en.pdf Please find an overview of our Standard, Premium and Platinum support levels below http://www.sophos.com/en-us/support/technical-support/utm-support-packages.aspx Please note that if required, Sophos can provide SC and DV cleared support engineers to Premium and Platinum customers. All Sophos documentation can be found here http://www.sophos.com/enus/support/documentation.aspx 8 SERVICE CONSTRAINTS 8.1 Planned Maintenance Sophos solutions are generally installed within the customers own environment on their own physical or virtual server infrastructure. To upgrade versions of Sophos solutions we provide an easy to follow upgrade centre http://www.sophos.com/en-us/support/resource-centers/unified.aspx To upgrade to a new version of the UTM / Next Generation Firewall For most solutions the upgrade process involves downloading the updated software either via the Up2Date service or from the FTP Server, backing up the solution and installing new version onto the appliance. Sophos UTM 9.1 gives you improved security and ease-of-use, so your users are better protected and better connected. If you are currently running UTM 9.0 you can simply install the UTM 9.1 up2date package from the WebAdmin. Option 1: Upgrade your system to version 8.309, which includes an option to one-touch upgrade to UTM 9.1 (for Sophos UTM hardware appliances only) Option 2: Install fresh from an ISO image on our FTP server and restore your backup to retain all your existing configuration. Sophos Update Manager Sophos UTM’s can be configured to update from the Sophos UTM manager. The UTM Manager then downloads the updates via the Up2Date Service from the Sophos databanks and then stages them for the UTMS to update from. Endpoint Client Updating To provide rapid protection against new threats, Sophos provide several options to update the Endpoint Protection Client. To do this Sophos provides 3 types of updates: Daily updates Monthly updates Major updates and upgrades Additionally Live protection provides real time access to the SophosLabs threat database for all files detected suspicious or malicious. Daily Update Once SophosLabs identifies an unknown threat, likely to impact a client, an update is published. These updates are small to allow rapid distribution and without impacting the network infrastructure. These deliveries can be released at any time as they provide an update of an emergency. There are on average 5 to 10 of these definitions published each day. Frequency: variable, on average 5 to 10 times per day Size: variable, 15KB on average. Monthly Update To limit the total number daily updates stored on each client, Sophos recompiles each month all daily updated in a monthly update. The monthly delivery integrates all the daily updates, as well as PUAs updates and the new Controlled Applications. This update can also include bug fixes or the introduction of new features / functionality. Monthly updates can be delayed by up to 2 months using Sophos Update Manager Frequency: monthly Size: 8 to 20 Mb for the versions in extended maintenance 20 to 80 Mb for the versions in active maintenance For more information on the active and extended maintenance follow this link: http://www.sophos.com/en-us/support/knowledgebase/article/112580.aspx 8.2 Emergency Maintenance 9 SERVICE LEVELS Sophos Technical Support is delivered through three packages: Standard, Premium and Platinum. Each package ensures you get the most out of your investment and that you remain protected against increasingly complex and evolving threats. With Premium and Platinum support you can benefit from features like formal service level agreements with target response and escalation times, and a technical account manager to oversee all support activity. Response Our technical support responds to every support incident you submit. You will receive an acknowledgement that we have registered the support incident has been, assigned a Severity and allocated to a support engineer. Response times are measured from the time a customer support incident is received by Sophos Technical Support to the time a response is provided. Severity levels All support incidents you submit are assigned a Severity by Sophos based on the information you provide. In the event that insufficient information is provided for Sophos support engineers to determine the Severity, a default of Medium Severity is assigned to the incident. The assigned Severity may be adjusted upon receipt of further incident details from the customer. The Severity levels that may be assigned are defined below Critical A Critical Severity is assigned to a Sophos product problem causing a complete loss of service. Work cannot continue at all and operation is mission-critical to the customer’s business. No acceptable workaround to the problem exists. High A High Severity is assigned to a Sophos product problem causing a significant loss of service and no acceptable workaround is available. The problem adversely impacts customer business, but operation can continue in a restricted fashion or be alternatively routed. Medium A Medium Severity is assigned to a Sophos product problem causing no loss, or only very minor loss in service. The impact is an inconvenience, which does not impede operation or customer business. All incidents initiated by email will be assigned Medium Severity in the first instance, except those of a Low Severity level, as defined in the next column. Low A Low Severity is assigned to a question concerning the operation of a Sophos product, or a suggested change to a product or to the product documentation. ESCALATION PROCEDURES To provide timely and effective resolution, all submitted incidents are subject to the following escalation procedures, according to their Severity and the support service provided. Critical severity escalation Standard Support Hours 0 – 24: Sophos support engineers are involved as required to troubleshoot and resolve the problem Hour 24: Problem is escalated to Sophos support management. Product experts—including product and development management—are involved as required Premium Support Hours 0 – 2: Sophos support engineers are involved and are actively working on resolution Hour 2: Problem is escalated to Sophos support management. Product experts—including product and development management—are involved as required Platinum Support Hours 0 – 2: Sophos support engineers are involved and are actively working on resolution Hour 2: Problem is escalated to Sophos support management. Product experts—including product and development management—are involved as required Hour 8: Sophos executive management is involved in the escalation. A management and technical expert escalation team is put together to address and defuse the emergency situation effectively High severity escalation Standard Support As required: We escalate the problem to Sophos support management. Product experts— including product and development management—are involved as required Premium and Platinum Support Hours 0 – 72: Sophos support engineers will work on the incident to provide a resolution to the problem Hour 72: The customer may request escalation of the incident to Sophos support management. At this time, Sophos will establish a plan to employ all reasonable efforts to correct the problem within a timeframe agreed upon between the customer and Sophos management Medium severity escalation In the event that a Medium Severity incident with a Sophos product worsens, or is not resolved within 30 days, customers may request that the submitted support incident be reclassified with a higher Severity. Premium and Platinum Support In the event that a Medium Severity incident is not resolved within 1 week, the problem will be escalated to Sophos support management. For more details please see “Sophos Global Support Services Definitions.pdf” 9.1 Award of Service Credits: All security vendors offer Service Level Agreements (SLAs) with targets they promise to meet. At Sophos we offer more than just a promise. With a proven track record in providing the highest level of support, our Premium and Platinum support packages include a penaltybacked SLA that gives customers Support Credits if we fail to meet the defined response time targets. Support Credits can be redeemed when purchasing Sophos Professional Services or as money back. The table below shows the amount of Support Credits that can be earned, which is dependent upon the customer’s support level (Premium or Platinum) and the severity of the support incident. 9.2 Payment of Service Credits: Support Credits are described in 9.1 above and can be redeemed when purchasing Sophos Professional Services or as money back – they are only applicable on our SLA backed services – premium and platinum support. Claiming credits - A claim must be made within seven calendar days of Sophos Technical Support failing to meet its response time - A claim must include the Sophos assigned ticket number, and be provided in writing - Only one claim for Support Credits can be made for any single support incident - Support Credits must be redeemed within six months of being awarded - Claims can be made through the local Sophos Account Manager - Support Credits are only available to customers with Premium or Platinum support contracts. 10 Financial recompense The only recompense stated is against the enhanced services described in section 9. 11 TRAINING We've been at the forefront of safer computing for more than a decade. Our highly acclaimed, handson training is designed to keep you secure in today's increasingly connected world. Sophos HQ in Oxfordshire includes training facilities to train and enable both end users and partners. Our training courses, run by knowledgeable professionals, offer comprehensive practical experience. We even include the use of computers, with one PC provided per attendee. Sophos provide courses for all of our solutions, please see http://www.sophos.com/en-us/aboutus/training/locations/uk-abingdon-training-ctr.aspx for more details. Sophos Professional Services can also be used to train IT teams as part of a scoped deployment project. Some Sophos Partners can also offer training for end users and IT Administrators. 12 INVOICING PROCESS Although Sophos has a direct relationship with our customers all quoting and ordering is via our Channel Partners. These are typically your existing IT Partner or VAR, but for new customers we also have a partner locator tool http://www.sophos.com/en-us/partners/partnerlocator.aspx 13 TERMINATION TERMS All Legal License Agreements can be found here - http://www.sophos.com/en-us/legal.aspx End User License Agreement - http://www.sophos.com/en-us/legal/sophos-end-user-licenseagreement.aspx Appliance License Agreement - http://www.sophos.com/en-us/legal/sophos-appliance-licenseagreement.aspx SophosLabs Information Security Policy - http://www.sophos.com/en-us/legal/sophoslabs-informationsecurity-policy.aspx The customer acknowledges that it has purchased the Services for the Minimum Period and any Renewal Term(s)), as defined in the Certificate or Order Summary. 14 DATA EXTRACTION /REMOVAL CRITERIA 14.1 Data standards in use No data is taken from the client site as it is stored either on the appliance or within the clients network storage. 14.2 Consumer generated data No data is taken from the client site as it is stored either on the appliance or within the client’s network storage. 14.3 Data extraction No data is taken from the client site as it is stored either on the appliance or within the client’s network storage. 14.4 Price of extraction No data is taken from the client site as it is stored either on the appliance or within the client’s network storage. 14.5 Purge & destroy No data is taken from the client site as it is stored either on the appliance or within the client’s network storage. 15 DATA PROCESSING AND STORAGE LOCATION(S) No data is taken from the client site as it is stored either on the appliance or within the client’s network storage. 16 DATA RESTORATION / SERVICE MIGRATION No data is taken from the client site as it is stored either on the appliance or within the clients network storage. 17 CUSTOMER RESPONSIBILITIES http://www.sophos.com/en-us/legal/sophos-end-user-license-agreement.aspx - this is the Sophos End User Licence Agreement in which all responsibilities and clauses are laid out. 18 TECHNICAL REQUIREMENTS All System Requirements can be found here http://www.sophos.com/enus/products/unified/utm/technical-details.aspx Guides are available in English, German and Simplified Chinese Latest version of Firefox (recommended), latest version of Chrome, latest version of Safari, or Microsoft Internet Explorer 8 onwards. JavaScript must be enabled. In addition, the browser must be configured not to use a proxy for the IP address of the UTM’s internal network card (eth0). Minimum hardware requirements – Virtual UTM or Software Image Best performance results are experienced when using hardware specifications at or beyond Intel Dual/Quad-Core CPUs >2GHz, 2GB RAM. Specific licensing packages are available based on the number of users/IP addresses. Deployment scenarios A Sophos UTM appliance provides only the protection you need, where you need it. Customize your appliance with inter-operable security applications that can be activated individually or together, as needed. Deploy Sophos UTM virtual appliances on VMware, Citrix, Microsoft Hyper-V or KVM servers. This will provide complete network, web and email security for your LAN. It will also protect communications between virtual machines. 1.5+ GHz processor 1 GB RAM 20 GB hard disk Bootable CD-ROM 2 or more network cards 1 GB RAM 40 GB IDE or SCSI hard disk drive 3 PCI-NICs (Internet, Local Net, Demilitarized Zone) Virtual UTM supports ESX(i) 4 & 5 VMPlayer VMWare Workstation 19 BROWSERS Latest version of Firefox (recommended), latest version of Chrome, latest version of Safari, or Microsoft Internet Explorer 8 onwards. JavaScript must be enabled. In addition, the browser must be configured not to use a proxy for the IP address of the UTM’s internal network card (eth0). 20 DETAILS OF ANY TRIAL SERVICE AVAILABLE Many of Sophos solutions and suites are available for free trials directly from the Sophos.com website, but we recommend you contact your IT Partner or Sophos directly so we can best assist during any trials.
