New Sophos XG Series gets Heartbeat synch

The XG Series firewall control centre (Image: Sophos)

Print

PrintPrint
Pro

Read More:

20 November 2015 | 0

For some years now, security experts have been predicting that signature-based protections such as antivirus would become irrelevant as the sheer volume of threats would make the model impractical. Behavioural analysis and heuristics combined with various other forms of threat analysis have now been combined with signatures and pattern matching to provide a new generation of protection.

One such offering in this new wave is Sophos’ Security Heartbeat capability built into its XG series of next-generation firewalls and unified threat management (UTM) appliances.

This new approach directly links the firewalls and UTM appliances with endpoint security to share threat intelligence, enabling faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution. With Security Heartbeat, says Sophos, organisations of any size can advance their defences against increasingly coordinated and stealthy attacks and drive a dramatic reduction in the time and resources required to investigate and address security incidents.

Continuous, real-time
The Security Heartbeat relays continuous, real-time information about suspicious behaviour or malicious activity between endpoints and the network firewall or UTM. By giving these traditionally independent products the ability to directly share intelligence, argues the maker, Security Heartbeat can instantly trigger a response to stop or help control a malware outbreak or data breach. The XG Firewall uses data provided by Sophos endpoint protection to isolate and restrict access to and from the affected device, and in parallel, the endpoint protection can remediate the attack.

IT organisations can benefit from advanced threat protection capabilities, according to Sophos, without requiring additional agents, layers of complex management tools, logging and analysis tools, or expense. The Security Heartbeat is fully enabled and included as part of the Sophos XG Firewall and Sophos Cloud-managed endpoint protection.

“Organisations of every size know they need endpoint security and network security – they are two foundational pillars of any IT security strategy,” said Kris Hagerman, CEO, Sophos. “But for too long, these two product segments simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability. Only Sophos links leading network security technology with leading endpoint security technology together in a coordinated and integrated approach. This is synchronised security that delivers both better protection – and better manageability – for organisations of any size.”

“No other company is close to delivering this type of synchronised and integrated communication between endpoint and network security products,” said Christian Christiansen, vice president of security products at IDC. “For the midmarket, the time and resource savings will be very compelling as their ability to stay ahead of increasingly sophisticated threats with today’s products will only become more challenging.”

Auto connect
When a new Sophos protected endpoint is added to the network, its Security Heartbeat automatically connects to the local Sophos XG Firewall and the endpoint immediately starts sharing health status. If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information is instantly shared securely via the Security Heartbeat.

The endpoint reports context-rich information such as the computer name, username and process information associated with the threat. The firewall can automatically take action to isolate the endpoint from any routed or remote networks and trigger additional action on the endpoint to mitigate risk and prevent data loss.         After the threat has been removed, the endpoint uses the Security Heartbeat to communicate updated health status back to the network, which then re-establishes normal service to the endpoint.

“This is a good step toward synchronised security solutions,” said Jon Oltsik, senior analyst at ESG. “Having viewed tests of the Sophos XG Firewall with a Sophos protected endpoint, I have seen how the information passed in the security Heartbeat can reduce the risk to a business by increasing the speed of detection and response. It is not just management interface integration; the two products share valuable information making each one more effective and efficient. For companies who do not have the luxury of extensive in-house security teams, this new approach can help bolster productivity while streamlining security operations.”

Solid foundation
The new XG series of firewalls are built on Sophos’ existing UTM and firewall technologies. New features in the current series include a Network Security Control Centre with an innovative interface that delivers instant network and threat intelligence so users can take action fast. A unified policy model delivers simplified policy management with pre-configured templates for business apps to dramatically streamline configuration. User and app risk analysis functions feature a Risk Score capability to help identify high-risk users and applications and highlight potential security hotspots. The User Threat Quotient manages user-centric policies based on an individual’s known behaviour as well as the health status of the computer or mobile device they are using. The Firewall Manager is a full-featured centralised management of multiple firewalls that is free for Sophos partners and managed service providers. Sophos partners and MSPs can manage multiple XG Firewall installations from the cloud, using the new Cloud Firewall Manager.

There is a comprehensive range of appliances with options for every user, including the new entry-level XG 85(w) and high-end XG 750 models. The XG Firewall operating system will also run on existing Sophos SG appliances and Cyberoam NG appliances, with the choice of deployment as hardware, software or virtual appliances, and every feature is available on every form factor.

www.sophos.com

 

TechCentral Reporters

Read More:



Leave a Reply

Back to Top ↑