Security vendor Sophos Ltd. has shipped a new edition of its next-generation firewall capable of studying network traffic streams in real time for previously unidentified and potentially dangerous applications, including those that use generic HTTP and HTTPS connections or have no identifiable signature.
Version 17 of Sophos XG Firewall, which is available immediately, includes a feature called Synchronized App Control that combines its own network traffic observations with data provided by Sophos endpoint security solutions to identify the file name and path of newly spotted applications. Administrators can then categorize those systems, which are flagged for further attention in the Sophos Control Center management portal,†apply policies to them, and block them if necessary.
Sophos’s Synchronized Security technology, which allows the vendor’s various security products to share information and coordinate action with one another, makes the collaboration between XG Firewall and the endpoint possible. At present, Synchronized App Control requires the latest early access release of Intercept X, the next-generation endpoint protection system that Sophos introduced in September 2016, but the company’s Central Endpoint Advanced solution will provide similar support as well starting in January.
“In recent research IT professionals admitted that about 60 per cent of network traffic is unknown, and the security risks associated with this top their list of concerns,” said Dan Schiappa, senior vice president and general manager of the Enduser and Network Security Groups at Sophos, in prepared remarks. “This new technology is a game changer for the IT professional who is no longer prepared to accept the gaps and blind spots that stand-alone firewall and endpoint solutions have created in their environments.”
Future versions of Synchronized App Control will share information about freshly discovered apps between firewalls and allow administrators to stop newly installed applications from being flagged for follow-up by identifying them to the system in advance.
Version 17 of Sophos XG Firewall is available for deployment both on-premises and in the cloud on all major virtualization platforms as well as through the Microsoft Azure marketplace. Sophos recently unveiled an extension to its partner program that lets resellers get the same benefits they receive for selling locally-installed licenses when using Sophos products in both the Amazon Web Services and Microsoft Azure public clouds.
Also available now from Sophos are new XG Series appliances with fail-safe bypass ports and optional bypass FleXi Port modules. The units are designed to allow technicians without direct control over the network perimeter to ensure that data continues to flow after hardware changes.
“For example, if Sophos XG Firewall is put in-line behind an existing firewall, even in a worst-case-scenario hardware failure, the firewall can fail open,” said Schiappa in emailed remarks to ChannelPro. “This would simply allow traffic to continue, and avoid network downtime.”
Bypass ports are available today on all Rev.2 XG 210 through 750 models.