Advance Active Adversary Defenses With New Sophos Firewall

Stay one step ahead of cyberthreats with new Sophos Firewall v20 software. The highly anticipated update introduces Active Threat Response, empowering security teams to automate defensive measures. Discover how Sophos Firewall v20 quickens response time to block attackers from infiltrating the network.

  • December 4, 2023 | Author: Alan Strakey
Learn More about this topic

Article Key

The challenge of defending customers against cyberthreats can be immense. On offense, adversaries continuously adapt and evolve their tactics, techniques, and procedures. On defense, they are looking for new ways to evade detection and stay one step ahead of security teams. 

 

To help organizations stay a step ahead of cyberattacks, Sophos announced their highly anticipated Sophos Firewall v20 release. The update brings a number of exciting enhancements and top-requested features.

 

The new firewall software adds Active Threat Response to automatically shut down attacks and block active adversaries from moving across networks, all without having to add firewall rules. The firewall uniquely integrates with Sophos Endpoint, Sophos XDR and Sophos MDR to automatically respond to any threat or attack identified at the firewall, an endpoint, or elsewhere by a security analyst. The result is an immediate halt in malicious activity, containment of the threat, and easy clean up and investigation. 

 

How Does it Work?

When an analyst detects a threat anywhere on the network, they can transmit this information to Sophos Firewall using a new threat feed API. The firewall then coordinates its defense mechanisms, eliminating the need for manual intervention or additional firewall rules. 

 

Any attempt by a host to communicate with a blocked threat will trigger a RED Heartbeat status on the device itself, neutralizing that threat immediately. The detection system works well regardless of whether the threat is initially identified by an analyst, an endpoint device, a firewall, or a network detection and response (NDR) system.

 

Moreover, the Sophos Firewall can automatically block traffic from other compromised endpoints that attempt to communicate with any IP addresses associated with the threat feeds.

 

Integration of ZTNA Gateway  

Sophos Firewall v20 also includes an integrated Zero Trust Network Access (ZTNA) gateway. This enhances security measures while providing scalability, easier management, and a transparent end-user experience. It also simplifies ZTNA deployments for organizations managing remote worker access to on-premises applications. 

 

This zero-touch, zero-trust integration eliminates the need for additional appliance purchases and VM deployments. Beautifully architected to address feedback from some early ZTNA adopters that setting up and managing this access could be complex as it sometimes required additional servers, VMs, agents, and management consoles, Sophos Firewall v20 eliminates the need to purchase and install additional appliances and VMs and deploy and manage endpoint network agents. Partners and customers are now free to consolidate their security tools with a single agent, single management console, and single gateway, all from a single vendor. 

 

Channel partners can leverage the security features offered by Sophos Firewall v20 to deliver comprehensive enterprise-grade protection to their clients, as well as peace of mind. This update is now available for purchase and as a free upgrade to all licensed Sophos Firewall customers.

 

Sophos Firewall v20 includes a ton of great new features and enhancements. Watch this video for a comprehensive overview, or download the What’s New Guide for full details.