Sophos has unveiled an updated edition of its next-generation firewall that blocks lateral movement across networks and comes with a free cloud-based management portal.
Due to enter general availability on Friday and available in trial form today, version 17.5 of Sophos XG Firewall draws on the U.K.-based vendor’s Synchronized Security technology and Intercept X endpoint security system to prevent devices in a compromised “red state” from communicating with other devices.
“If an endpoint gets infected, gets attacked, that information gets shared almost immediately with the firewall, and the firewall then propagates that information to the other endpoints,” says Dan Cole, senior director of product management in Sophos’s Network Security Group. “Effectively, you disallow communication between that endpoint and other endpoints within that same broadcast domain.” That allows channel pros and corporate IT professionals to spend less time and money on breach resolution, Cole continues.
A new IPSec VPN client in the new XG Firewall release automatically prevents remote users of red-state devices from connecting to the network as well, provided they’re running Intercept X.
All those capabilities build upon earlier firewall-endpoint integrations powered by Synchronized Security. In 2016, for example, XG Firewall gained the ability to prevent compromised devices from sending outbound traffic to the internet. A further upgrade rolled out last year enabled XG devices to block previously unidentified and potentially dangerous applications, based on real-time input from Intercept X.
When officially shipped at the end of the week, XG Firewall’s version 17.5 update will be available as a free download to all current users with an active maintenance contract.
The new system arrives as targeted attacks are becoming more and more popular among hackers who have relied chiefly on “spray and pray” phishing campaigns in recent years, according to the SophosLabs research unit’s recently published 2019 threat report. Though such mass attacks remain widespread, that study says, cyber-criminals are increasingly searching out vulnerabilities in a specific victim’s perimeter, using those to invade one endpoint, and then exploiting that beachhead as a launching point for further attacks across the network.
“Once you get on the LAN, the network is fairly open, with the firewalls usually at the gateway,” Cole observes. The latest edition of XG Firewall seeks to close that gap by stopping breaches at their point of entry. “Patient zero stays patient zero,” Cole says. “There’s no patient one, two, three, and four.”
The free cloud-based administration portal for XG Firewall, named Central Management 1.0, is designed to be an affordable, lightweight alternative to more powerful Sophos tools aimed at larger businesses. “It gives you free manageability of all your XGs, so if you’re a partner or reseller you can keep costs down,” Cole says. The new system is scheduled to enter beta testing on December 8th.
Other upgrades in XG Firewall 17.5 include significantly more granular filtering capabilities in the product’s built-in intrusion prevention system (IPS). “We’ve almost tripled the number of categories you can invoke on an IPS policy,” says Cole. As a result, he continues, technicians can now write filters for particular versions of the Apache web server if they wish rather than just for web servers in general.