Sophos Firewall 2024 PDF

Summary

This document provides an overview of Sophos Firewall, including its key functions, features, and benefits. It discusses topics such as next-generation firewall protection, network segmentation, and lateral movement protection, as well as its use in various network settings.

Full Transcript

Copyright © 2024 Sophos Ltd

What is Sophos
Firewall?

Sophos Firewall
Version: 20.0v1

[Additional Information]

Sophos Firewall
FW0505: What is Sophos Firewall

January 2024
Version: 20.0v1

© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written
consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the
trademarks or registered trademarks of Sophos Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express
or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.

Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,
Oxfordshire, OX14 3YP.

What is Sophos Firewall? - 1
Copyright © 2023
2024 Sophos Ltd

What is Sophos Firewall?

In this chapter you will learn the RECOMMENDED KNOWLEDGE AND EXPERIENCE
key functions performed by ✓ Experience of Sophos Central
Sophos Firewall. ✓ Practical knowledge or networking, including
subnets, routing, VLANs, and VPNs
✓ Experience configuring network security devices
✓ Knowledge of fundamental encryption and hashing
algorithms and certificates

DURATION 10 minutes

In this chapter you will learn the key functions performed by Sophos Firewall.

What is Sophos Firewall? - 2
Copyright © 2024 Sophos Ltd

What is Sophos Firewall?

Next-Gen Firewall All-in-One Protection School Protection
Visibility, Protection, and Consolidate, Simplify, & Save Affordable, Simple Compliance
Response & Control

SD-WAN & Branch Endpoint Integration Public Cloud
Retail, Branch Office, ICS & Synchronized Security & Protection for Azure and Hybrid
SD-WAN Automated Response Networks

Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and identity-
based policies at its core. Sophos Firewall does not only protect wired networks, but as a wireless
controller for Sophos access points, can provide secure wireless networking functionality.

Protection is provided through a single cloud-based platform, making day-to-day management of all
your Sophos products (including Sophos Firewall) easy and scalable. There are features purpose built
to help universities, higher education, K-12, and primary or secondary educational institutions
overcome key challenges. For example, powerful web filtering policies, and built-in policies for child
safety and compliance.

With Sophos Firewall and SD-RED you can connect sites across your geographically-distributed
network. Sophos Firewall works together with Sophos Central in real time. So, when either Sophos
Firewall or Sophos Central identifies a threat, they work together to provide health and threat
monitoring, lateral movement protection as well as synchronized application control and synchronized
security.

Sophos Firewall can be deployed using preconfigured virtual machines in the cloud where cloud
servers can be secured, protecting them against hacking attempts.

What is Sophos Firewall? - 3
Copyright © 2024 Sophos Ltd

What is Sophos Firewall?
Expose hidden risks
See it Superior visibility into risky activity, suspicious traffic, and
advanced threats helps you maintain control of your network.

Stop unknown threats
Stop it Powerful next-gen protection technologies like deep learning
and intrusion prevention keep your organization secure.

Isolate infected systems
Secure it Automatic threat response instantly identifies and isolates
compromised systems on your network and stops threats from spreading.

Sophos Firewall includes a comprehensive built-in reporting engine, which allows you to easily drill
down into reports to find the information you need.

It also provides comprehensive next-generation firewall protection that exposes hidden risks, blocks
unknown threats, and automatically responds to incidents.

Superior visibility into risky activity, suspicious traffic, and advanced threats helps you maintain control
of your network.

Powerful next-gen protection technologies, like deep learning and intrusion prevention, keep your
organization secure.

Automatic threat response instantly identifies, and isolates compromised systems on your network
and stops threats from spreading.

What is Sophos Firewall? - 4
Copyright © 2024 Sophos Ltd

See It

See it

Stop it

Secure it

The control center appears as soon as you sign in. It provides a single screen snapshot of the state and
health of the security system with its traffic-light style indicators, which immediately draw attention to
what matters most.

Immediately you can see your top risks related to heartbeat, apps, payloads, users, threats, websites
and attacks.

What is Sophos Firewall? - 5
Copyright © 2024 Sophos Ltd

Stop It
Next-Gen Firewall Web Application Firewall

See it Intrusion Prevention System Active Threat Response

Application Visibility and Control Synchronized Security

Web Protection & SSL Inspection Deep learning
Stop it
Sandboxing Email, DLP, Encryption

Wireless Protection RED, VPN, and ZTNA

Secure it

Sophos Firewall analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP
requests, and IP packets) for sophisticated attacks by using a full suite of protection technologies.
These include:

Powerful zero-day protection sandboxing,
Deep learning with artificial intelligence,
Top performing IPS,
Active Threat Response,
And web protection with dual AV, JavaScript emulation, and SSL inspection.

All benefit from over 30 years of threat intelligence data from Sophos Labs.

What is Sophos Firewall? - 6
Copyright © 2024 Sophos Ltd

Secure It
Malware Server
Sophos Firewall Sophos Central

See it
Phishing
Email Servers

Security Heartbeat
Stop it
Internet Sophos Firewall Infected Host

Devices

Secure it RANSOMWARE ATTACK

Threats and targeted ransomware demonstrate the ways cybercriminals are constantly changing their
tactics to stay effective and profitable.

The next-gen advancements of Sophos Firewall combined with the intelligence of Synchronized
Security, and easy management of all products within Sophos Central, are essential for maintaining
protection and responding quickly to any attack.

What is Sophos Firewall? - 7
Copyright © 2024 Sophos Ltd

Xstream Architecture

TLS 1.3 Decryption

Deep Packet Inspection Engine

Xstream Network Fastpath

TLS inspection provides transparency into all the encrypted traffic on the network.

Deep packet threat protection is provided in a single engine for anti-virus, intrusion protection, web
protection, application control and TLS inspection.

Network Fastpath accelerates SaaS, SD-WAN, cloud traffic such as VoIP and video and other trusted
applications automatically or via defined policies. These are placed on the Xstream Fastpath to
optimize performance.

What is Sophos Firewall? - 8
Copyright © 2024 Sophos Ltd

Zero Trust Overview
Trusted

Zero Trust is a cybersecurity mindset
based on the principle of
trust nothing, check everything

Traditionally cybersecurity has involved creating a security perimeter and trusting that everything
inside that perimeter is secure. This is a vulnerable design as once an attacker or unauthorized user
gains access to a network, that individual has easy access to everything inside the network, where
they can progressively search for the key data and assets that are ultimately the target of their attack.

Zero trust is a relatively new and evolving approach to network design, but it's also part of a wider
mind-set based on the principle of trusting nothing and checking everything. With zero trust, no user
is trusted, whether inside or outside of the network.

What is Sophos Firewall? - 9
Copyright © 2024 Sophos Ltd

Zero Trust Overview
Remote Users Trusted

SaaS

The number of users, who wish to work remotely, and use their own personal devices to access
corporate data and resources on untrusted networks, such as those in coffee shops, is increasing.

The use of SaaS apps, cloud platforms, and services, leaves some data outside of the corporate
perimeter. The use of public cloud platforms, means that many of the devices or services that once ran
within the corporate perimeter, are now run outside of it.

The principle of zero trust is to secure every device as if it was connected directly to the Internet.

What is Sophos Firewall? - 10
Copyright © 2024 Sophos Ltd

ZTNA and Firewalls
Sophos Central

ZTNA
SD-RED
Service Edge Access

SD-WAN AWS Azure VPN

APX Core Network Access Switch

ZTNA is complimentary to a firewall, just as VPN is complimentary to a firewall. Of course, the firewall
still plays a critically important role in protecting corporate network and data center assets from
attacks, threats, and unauthorized access. ZTNA bolsters a firewall, by adding granular controls and
security for networked applications, in the cloud or on-premise.

What is Sophos Firewall? - 11
Copyright © 2024 Sophos Ltd

Network Segment Devices
!

Switch
Applications

Switch
Internet Sophos Firewall

Users

On the firewall side, network segmentation or even micro-segmentation around your users, devices,
apps, networks, and so on, provides one of the key benefits of the zero-trust strategy.

Dynamic policies are at the center of Sophos Firewall, with multiple sources of data available to
leverage as part of a policy. Identity, time of day, network location, device health, network packet
analysis – and more. All these different sources of data can be used in different combinations
depending on the scenario.

As a key example, Server and Endpoint Protection can be used to assign every device a health status.
In the event a device is compromised, the device can be automatically isolated.

What is Sophos Firewall? - 12
Copyright © 2024 Sophos Ltd

Lateral Movement Protection
Local Area Network

Infected Host

Switch
Endpoint
Internet Sophos Firewall

Application Server

Lateral Movement Protection effectively provides an adaptive micro-segmentation solution. With
Lateral Movement Protection, each individual endpoint is effectively on its own segment, able to be
isolated in response to an attack or threat, regardless of the network topology.

Sophos Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling
you to automatically limit access to sensitive network resources from any compromised system, until
it’s cleaned up.

This is made possible by Synchronized Security, which is our cross-portfolio approach to analyze
system and network activity, adapt to scenarios through dynamic policy, and automate complex tasks
like isolating machines and more.

What is Sophos Firewall? - 13
Copyright © 2024 Sophos Ltd

Chapter Review

A comprehensive network security device, with a zone-based firewall, and identity-based policies as its
core.

Can expose hidden risks, stop unknown threats and isolate infected systems.

Supports ZTNA by providing network segmentation and lateral movement protection.

Here are the three main things you learned in this chapter.

Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and identity-
based policies at its core.

The firewall can expose hidden risks, use next-gen protection technologies to stop unknown threats,
while automatic threat response identifies, and isolates compromised systems.

Sophos Firewall can support ZTNA by providing network segmentation and lateral movement
protection.

What is Sophos Firewall? - 19
Copyright © 2024 Sophos Ltd

What is Sophos Firewall? - 20