IT and Business Insights for SMB Solution Providers

Sophos Debuts Synchronized Security for Endpoints and Networks

With the new Sophos XG Firewall with Security Heartbeat, IT organizations can benefit from advanced threat protection capabilities. By Colleen Frye

Sophos, a global provider of network and endpoint security, has introduced Sophos Security Heartbeat, synchronized security protection included as part of the Sophos XG Firewall and Sophos Cloud-managed endpoint protection. This new technology directly links Sophos XG series next-generation firewalls and UTMs with next-generation endpoint security to share threat intelligence to enable faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution.

Dan Schiappa

Attackers are coming at organizations systematically, using multiple components and often productized exploit packages, says Dan Schiappa, senior vice president and general manager, Sophos Enduser Security Group. And while he says there are great network and endpoint protection tools in the industry, “We didn’t have the means to communicate and coordinate defenses” between the endpoint and the network. “We went forward with the concept of synchronized security.” The shared information, when used collectively, “increases the security posture of the entire system. It’s the first meaningful piece of technology in that space.”

The Security Heartbeat pulses continuous, real-time information about suspicious behavior or malicious activity between endpoints and the network firewall or UTM. With shared intelligence, the Security Heartbeat can instantly trigger a response to stop or help control a malware outbreak or data breach. The Sophos XG Firewall uses data provided by Sophos endpoint protection to isolate and restrict access to and from the affected device, and in parallel, the endpoint protection can remediate the attack, according to Sophos.

“If the network device sees abnormal behavior it immediately knows not just the IP address, but which user, which machine, which process,” says Schiappa. “The network can request the endpoint to scan that device or process to see if there are any known threats. It works the other way around as well; if we identify something on the endpoint, now the network device can have a firewall that says ‘Dan’s machine is acting weird, we’re not positive if it’s compromised, but let’s limit outside activity.’ If there is known malware we can send a red state out to the network and isolate that machine.”

With the new synchronized security, he says it gives the Sophos reseller an opportunity to go back to their customers and add value to their existing investment. “They buy the new XG Firewall, and it will make their existing endpoint prod even more valuable. It’s very compelling for channel partners.”

In addition to Security Heartbeat, the Sophos XG Firewall offers the following new features:

  • Network security control center. An interface that delivers instant network and threat intelligence so users can take action fast.
  • Unified policy model. Simplified policy management with preconfigured templates for business apps to dramatically streamline configuration.
  • User and app risk analysis. Helps identify high-risk users and applications and highlights potential security hotspots.
  • User threat quotient. Manage user-centric policies based on an individual’s known behavior as well as the health status of the computer or mobile device they are using.
  • Sophos Firewall Manager. Full-featured centralized management of multiple firewalls that’s free for Sophos partners and managed service providers.
  • Centralized cloud management. Sophos partners and MSPs can manage multiple Sophos XG Firewall installations from the cloud, using the new Sophos Cloud Firewall Manager.

In addition, there is a range of appliances, including the new entry-level XG 85(w) and high-end XG 750 models. Plus, the Sophos XG Firewall operating system will also run on existing Sophos SG appliances and Cyberoam NG appliances.

Finally, customers can choose to deploy as hardware, software, or virtual appliances, and every feature is available on every form factor.

Available models range from a desktop appliance with integrated Wi-Fi to rack-mount appliances for the data center. Pricing is available from authorized Sophos partners worldwide.

Schiappa says Sophos has been talking to partners about synchronized security for 18 months, launching at the partner conference. “We’ve received overwhelming support. We do not need to sell the story; it resonates.”

He adds that Sophos “will keep adding more meaningful information to Heartbeat. I think this will be a unique approach for us. Customers are looking at different buying strategies. Coordinated products versus best of breed will make their life easier.”

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.