Sophos, a global leader in cybersecurity, has announced a major update to its Sophos Firewall, now including the Sophos Network Detection and Response (NDR) Essential feature, which is available for free to all customers with an XStream Protection license.
This update integrates two artificial intelligence engines to enhance malware detection. These engines are specifically designed to identify malware communications and those using algorithmically generated domain names. By leveraging Sophos’ NDR probe, the firewall can now detect previously unknown threats, even if they haven’t been indexed yet. This addition complements the existing Active Threat Response capabilities in Sophos Firewalls.
Chris McCormack, Senior Product Marketing Manager at Sophos, explained, “NDR traffic analysis requires substantial processing power. That’s why we’ve chosen to offload the heaviest tasks to the Sophos Cloud, providing a more efficient solution.”
Sophos Connect Integrates EntraID for Single Sign-On (SSO)
Sophos Firewall also includes an upgrade to Sophos Connect, its VPN client, now supporting EntraID (Azure AD) for single sign-on (SSO). This improves security and streamlines the user experience for both SSL and IPsec VPN connections. Users can now authenticate through EntraID and implement multi-factor authentication for both the Sophos Connect VPN client and the firewall-hosted user portal.
Other VPN-Related Enhancements Include:
- Improved User Interface: The connection types are now renamed from “site-to-site” to “policy-based,” and tunnel interfaces have been renamed to “route-based” for better clarity.
- Dynamic IP Address Validation: The update enhances IP address pool management for VPN connections like SSL VPN, IPsec, L2TP, and PPTP, helping to prevent address conflicts.
- Strict Profile Enforcement: Default values are now excluded from IPsec profiles, ensuring synchronization of algorithms and preventing fragmentation issues that could prevent VPN tunnels from establishing.
- Scalability Enhancements: Sophos Firewall now supports up to 3,000 simultaneous VPN tunnels, including 1,000 SD-RED site-to-site tunnels and up to 650 concurrent SD-RED devices.
Additional Management Improvements:
- Flexible DHCP Prefix Delegation: Now supports prefixes from /48 to /64, increasing compatibility with various internet service providers.
- Router Advertisement and DHCPv6 Server: These are now enabled by default for easier configuration.
- Resizable Table Columns: The web admin interface has been optimized for ultra-wide screens, and columns can now be resized for better usability.
- Enhanced Object Search Functionality: The SD-WAN routing configuration page now supports more detailed search criteria, including object names, IDs, and values like IP addresses and domains.
- Default Configuration Changes: The initial setup now includes only the default network and MTA rules, with other firewall rules and groups removed to simplify setup.
Secure-by-Design Features
Sophos continues to refine its firewalls with a secure-by-design approach. This includes containerization of critical features and integrity checks on essential operating system files using mathematical checksums. If any mismatch is detected, an alert is triggered, allowing security teams to quickly address potential compromises.
Availability
Customers can now manually download and deploy the update on any Sophos Firewall with a valid license.
