Sophos has introduced a new “Xstream” architecture for Sophos XG Firewall with high performance Transport Layer Security (TLS) traffic decryption capabilities that eliminate significant security risk associated with encrypted network traffic, which is often overlooked by security teams due to performance and complexity concerns. XG Firewall now also features AI-enhanced threat analysis from SophosLabs and accelerated application performance.
The Firewall will assist its channel partners to become trusted security advisers and service providers to their customer in in a way that is convenient, intuitive and scalable.
“As SophosLabs’ research demonstrates, cybercriminals are boldly embracing encryption in an attempt to bypass security products. Unfortunately, most firewalls lack scalable TLS crypto capabilities and are unable to inspect encrypted traffic without causing applications to break or degrade network performance,” said Dan Schiappa, chief product officer at Sophos. “With the new Xstream architecture in XG Firewall, Sophos is providing critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos’ internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engine as compared to previous XG versions. This is a game changer.”
Latency too often deters IT admins from using decryption, as seen in an independent Sophos survey of 3,100 IT managers in 12 countries. The survey white paper, The Achilles Heel of Next-Gen Firewalls, reports that while 82% of respondents agreed TLS inspection is necessary, only 3.5% of organizations are decrypting their traffic to properly inspect it.
Key new features of XG Firewall include:
•Inspection of TLS 1.3 to detect cloaked malware: New port-agnostic TLS engine doubles crypto operation performance over previous XG versions
•Optimised critical application performance: New FastPath policy controls accelerate performance of SD-WAN applications and traffic, including Voice over IP, SaaS and others, to up to wire speed
•Adaptive traffic scanning: The newly enhanced Deep Packet Inspection (DPI) engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33% across most network environments
•Threat analysis with SophosLabs intelligence: Provides network administrators with the SophosLabs AI-enhanced threat analysis needed to understand and adjust defenses to protect against a constantly changing threat landscape
•Comprehensive cloud management and reporting in Sophos Central: Centralized management and reporting capabilities in Sophos Central provide customers with group firewall management and flexible cloud reporting across an entire estate without additional charge
•Integration with Sophos Managed Threat Response (MTR) service: Customers of XG Firewall who also subscribe to the Sophos MTR Advanced service will have deeper actionable intelligence to prevent, detect and respond to threats, as a result of the integration
“Sophos’ new XG Firewall offers a wide array of enterprise-caliber features, with a growing installed base that is now one of the industry’s most widely deployed next-generation firewalls,” Eric Parizo, senior analyst for enterprise IT strategy, Omdia . “XG Firewall can win against industry competitors in large part because of Sophos Central, its SaaS-based, single-pane-of-glass management system for overseeing deployment, management, policy, updates, and response, with optional log management and analytics. This cloud management platform with the Firewall Management and Reporting feature, plus the TLS inspection, position Sophos XG Firewall as a compelling option for a wide variety of organisations.”
Latest posts by David Dungay (see all)
- Avaya considering $5 billion buy out - March 27, 2019
- Mitel Appoints Graham Bevington as EVP and Chief Sales Officer - April 10, 2015
- Exertis is the New Name for Micro-P - October 24, 2013