Sophos announces an update to its Sophos Firewall, now including Sophos NDR Essential, which is free for all customers with an XStream Protection license for Sophos Firewall.
With this integration, Sophos Firewall leverages two dedicated artificial intelligence engines to detect malware communications and communications using algorithmically generated domain names. This new feature, stemming from the Sophos Network Detection and Response probe, aims to identify malware communications even when they are previously unknown or not yet indexed. It complements the Active Threat Response capabilities already implemented in Sophos firewalls.
According to Chris McCormack, Senior Product Marketing Manager at Sophos, “NDR traffic analysis requires substantial processing power. That’s why we’ve adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall.”
Sophos Connect now integrates EntraID for SSO.
This new feature of the VPN client bundled with Sophos Firewall enhances both security and user experience for SSL and IPSEC VPN connections. It is now possible to use EntraID (Azure AD) to authenticate users and implement multi-factor authentication for Sophos Connect and access to the user portal hosted by the firewall.
Other VPN-related improvements include:
- Improved user interface and usability: Connection types have been renamed from “site-to-site” to “policy-based”, and tunnel interfaces have been renamed “route-based” to make them more intuitive.
- Dynamic validation of the IP address pool allocated to VPN connections (SSL VPN, IPsec, L2TP, and PPTP) to better resolve potential IP address conflicts.
- Strict profile enforcement: In IPsec profiles, default values are now excluded to ensure algorithm synchronization, thereby eliminating possible fragmentation of session negotiation packets that could otherwise prevent site-to-site VPN tunnels from being established.
- Route-based VPN and SD-RED scalability: The system now supports up to 3,000 simultaneously established tunnels. Sophos Firewall solutions can now handle up to 1,000 SD-RED site-to-site tunnels and up to 650 concurrent SD-RED devices.
Additional management improvements include:
- More flexible DHCP Prefix Delegation (IPv6 DHCP-PD): Now supports /48 to /64 prefixes, improving compatibility with certain internet service providers.
- Router Advertisement (RA) and DHCPv6 server: Now enabled by default.
- Resizable table columns: The web admin interface continues to adapt to ultra-wide screens, and many configuration pages now allow column resizing as needed.
- Enhanced object search functionality: The search field in the SD-WAN routing configuration screen now supports more criteria (route name, ID, objects, object values such as IP addresses and domains, among others). Local ACL rules now also support object name and value searches, including content-based searches.
- Default configuration changes: Default firewall rules and rule groups previously created during new firewall setups have been removed. Only the default network rule and MTA rules are now provided in the initial configuration. The default firewall rule group and the default gateway probe for custom gateways are both now set to “None” by default.
Secure by Design
Sophos continues to enhance the intrinsic design of its firewalls. The secure-by-design approach includes containerization of specific features and integrity checks on critical operating system files using mathematical checksums. Any checksum mismatch triggers a potential compromise alert, allowing monitoring teams to proactively identify possible security incidents affecting the firewall OS integrity. Incident response and development teams are then able to react swiftly to critical incidents.
Customers can now manually download and deploy this update on any Sophos Firewall equipped with a valid license.
