Sophos has shipped a new set of firewalls with an extra processor designed to dramatically accelerate inspection of encrypted traffic.
Called Xstream flow processors, the secondary chips allow the new XGS Series of appliances to check network flows encrypted with the Transport Layer Security (TLS) protocol up to five times faster than competing products, Sophos says, by freeing up capacity on the firewall’s core CPU. Utilizing Sophos’s FastPath technology, for example, XGS devices can offload trusted traffic from cloud applications, SD-WAN solutions, and other sources to the Xstream flow processor and focus the core processor’s attention on TLS streams and deep packet inspection.
That functionality supplements efficiency gains enabled by a new edition of the Sophos Firewall Operating System (SFOS) also released today. SFOS 18.5 will improve performance on older firewalls as well as the new XGS Series, according to Sophos Chief Product Officer Dan Schiappa.
“If you’re on existing hardware, you’ll still see a little bit of improvement, but you’re going to see a massive amount of improvement on the new hardware because we’re actually offloading all that [traffic] to a separate network processor,” he says.
Available immediately, XGS Series firewalls sell for about what buyers are currently paying for older Sophos XG Firewalls. “The pricing is relatively similar to what we’ve had in the past,” Schiappa says. The faster processing speed in the new products, however, makes them a better value.
“From a price-to-performance perspective, we’re going to be right at the top of the heap,” Schiappa says.
Performance limits, according to Schiappa, currently prevent many businesses from inspecting encrypted traffic even if their firewall has TLS functionality.
“Part of the challenge with a lot of the firewalls is it’s super resource-intensive to do that decryption, inspect everything, and then re-encrypt it and pass it along,” he says. As a result, many businesses have simply disabled their firewall’s TLS inspection feature in the past. “It was just slowing the throughput on their firewall down too much,” Schiappa notes.
That’s a particularly risky practice today, though, given how broadly cyber-attackers are utilizing TLS to conceal malware. According to new research from Sophos published today, in fact, nearly 46% of malware detected by the vendor between January and March of this year used TLS to hide malicious communications, up from 23% as of early 2020.
“Without the ability to inspect that you’re running completely blind,” Schiappa says.
Aware of that danger, he continues, channel pros are hungry for a firewall powerful enough to scrutinize encrypted traffic without slowing networks to a crawl. “People are desperate to use it,” he says of TLS inspection functionality.
The new XGS Series and SFOS 18.5 build on the foundation Sophos laid last February when it introduced an updated edition of SFOS based on the all-new Xstream architecture. That release added native support for latest-generation TLS 1.3 traffic, which XGS Series products include as well.
Xstream flow processors are software programmable, Schiappa emphasizes, and capable of handling a wider range of tasks than they perform at present. They figure prominently in several forthcoming products and upgrades on Sophos’s roadmap.