Tag: endpoint protection

Sophos XDR: Extended response & advanced AI for the whole network

By Andrew Harmon

Posted On June 17, 2021

Sophos XDR: Extended response & advanced AI for the whole network
detection edr endpoint protection intercept x response siem soar Sophos xdr

Sophos has long been known for creating holistic network security solutions that work across devices to provide broad views of network security posture. We have talked about the boons of Synchronized Security with Sophos Security Heartbeat for years on this blog! Now that cross-device monitoring and high-powered AI security goes a step further with the introduction of XDR.

What is XDR?

XDR stands for Extended Detection and Response. This sounds similar to another industry technology: EDR, or Endpoint Detection and Response. But XDR takes the concept of Endpoint Detection & Response and extends it across multiple security layers. It brings together real-time network data and automated decision-making to provide advanced threat responses that stop attacks before they become a breach.

Sophos Intercept X with XDR extended advanced security across devices

How is Sophos XDR different from other solutions?

Sophos Intercept X Advanced with XDR (formerly Intercept X Advanced with EDR) integrates email, cloud, mobile, and endpoint data across your network, pulling data from multiple sources across security layers and products to provide broad, high-level security determinations orchestrated by deep learning AI. XDR leverages data from endpoints, servers, firewalls, switches, and other security devices spread across your network and centralizes that intelligence in a single ecosystem.

This pitch may sound familiar to you if you’ve used SOAR (Security Orchestration, Automation, & Response) or SIEM (Security Information & Event Management) solutions. What SOAR and SIEM do is quite similar in function: collect large volumes of data from multiple sources, analyze events, and provide guided response recommendations. Where XDR shines and soars above preceding solutions lies in its ability to take action. Sophos XDR not only creates a roadmap of how admins should respond to an event but takes the initiative to apply those steps before a security incident can grow.

All in all, XDR goes beyond data gathering and helpful suggestions. Sophos XDR orchestrates responses and applies them across devices on a network.

How to get Sophos XDR

XDR found a home with Sophos as part of its Intercept X product suite, an advanced endpoint protection suite built to stop malware, ransomware, exploits, viruses, and zero-day threats. In previous years, Intercept X Advanced could be paired with EDR to automatically detect and prioritize threats. While Intercept X’s EDR capabilities suggest where and how network admins focus their attention, XDR is now fully closing the monitor-detect-respond decision-making loop.

Sophos Intercept X Advanced uses the latest machine learning technology to make security verdicts on unknown threats by comparing the behavior of potentially dangerous files or apps to the known behavior of currently understood threats.

Shop Sophos XDR

Shop Sophos Intercept X Advanced with XDR

Try Sophos XDR for yourself

Try a free online demo of Sophos XDR and see how endpoint detection and response driven by AI can tie together the loose threads of your network.

Keep In Sync With The Sophos Security Heartbeat

By Andrew Harmon

Posted On January 28, 2019

Keep In Sync With The Sophos Security Heartbeat
endpoint protection intercept x Sophos

What the Security Heartbeat Does

Much like the human heart keeps vital blood flowing from head to toe and everywhere in between in rhythmic fashion, the Security Heartbeat keeps all your Sophos products functioning on the same sheet of music. Why does Sophos use the term “heartbeat” to describe the cornerstone of its Synchronized Security? It seems simple enough. The Heartbeat pumps information between endpoints such as desktop and laptop computers, mobile phones and tablets, Sophos firewalls, and all other security products to form the Synchronized Security system.

You’ve probably heard of Security as a Service, also known as SaaS. Sophos has another abbreviation to remember: Cybersecurity as a System, or CaaS. The Security Heartbeat revolutionizes network security by allowing every component to talk to each other in the same language through the hub of Sophos Central, securely sharing information from each endpoint about your network health.

As we’ve noted before, Sophos puts an impressive suite of security hardware and software at your disposal, from XG Firewalls (which you can get free with a security subscription), to Intercept X Endpoint Protection, and a lot more in between. As an example, let’s spotlight a communication between an endpoint and firewall using the Security Heartbeat in a Synchronized Security system.

A Sophos Security Heartbeat Example

A laptop, running Sophos Endpoint virus and malware protection, identifies a malware attack. Sophos Endpoint uses the Security Heartbeat to let the XG firewall know that it’s been infected. The firewall immediately responds by isolating the laptop to prevent the malware from spreading across the network. In the meantime, Sophos Endpoint cleans up the affected device, then notifies the firewall when it’s back up and running smoothly.

The firewall then restores the laptop to the network, and all is right with the world again. To ensure the mistake can be avoided in the future, Root Cause Analysis caps things off by generating a detailed report of the incident, allowing you to identify weak spots that need to be addressed to be even better prepared for the next attack.

Sophos Security Heartbeat Scenario

Real-Time Integration for Truly Unified Threat Protection

The best part? All this happens within seconds. Without the Security Heartbeat, this same process could take hours to complete, leaving your network in a state of limbo. Instead of becoming a weeks long crisis, an attack like the one above is barely a blip on the radar, and your organization keeps running smoothly.

Through integrated CaaS coordinated by the Security Heartbeat, Sophos Synchronized Security allows your network to:

  • Discover – Identify Unknown Threats
  • Analyze – Get Instant Insights
  • Respond – Respond Automatically to Incidents

It Only Gets Easier

Another best part? You just need an XG Firewall to let the Security Heartbeat synchronize your security. You can add an XG firewall to your existing network or build your network security from scratch with an XG Firewall. Either way works! Get the XG Firewall that’s right for your network free by bundling it with a suite of next-gen security services.

Get My FREE XG FIREWALL

5 Reasons to Love the New Sophos XG Firewalls v17

By Andrew Harmon

Posted On November 2, 2017

5 Reasons to Love the New Sophos XG Firewalls v17
application controls content filtering endpoint protection firewalls NAT policy ngfw Sophos sophos xg

Don’t you just hate it when, as soon as Halloween ends, an explosion of premature Christmas spirit takes over the rest of the year? Well, this year Sophos wants to change your mind on the matter, so they intercepted your letter to Santa and got you everything on your firewall wish list. Sophos took the top customer-requested features and crammed them all into one comprehensive update: Sophos XG Firewalls v17.

Keep reading and you will learn how keyword content filtering, synchronized app control, and streamlined policy management makes monitoring and reporting the activity of your firewall easier than ever before.

#1 – Synchronized App Control

An average 60% of application traffic arrives in firewall management portals as unidentified. Synchronized App Control automatically identifies unknown applications, allowing you to block unwanted applications and prioritize mission-critical apps.

Synchronized App Control is an XG exclusive. You will not find this feature with any other firewall option, so if you’re looking for a reason to switch over to Sophos, this is your big talking point.

#2 – Policy Test Simulator

If only there was a simple, straightforward way to test out your new NAT policies! Well, now there is. No more guesswork. No more “fingers crossed.” Just answers.

The Sophos XG Firewalls Policy Test Simulator is located right on your rules screen so you have the power to experiment with what works, what doesn’t, and why.

#3 – Web Keyword Content Filtering & PUAs

With web surfers striking out in every direction imaginable, it can be difficult to stay ahead of the wave as a network administrator. At times the task seems Sisyphean: we block websites, users find a new haven to flee to, we block the new sites, they move on to the next. But no more. Sophos XG v17 includes a handy feature that allows administrators to block Potentially Unwanted Applications (PUAs). Don’t waste your days catching up to the problem. Get out ahead of it.

#4 – Intrusion Prevention & Email Got Smarter

In recent tests by NSS Labs, Sophos XG Firewalls earned top-of-class marks for price-performance ratio and effectiveness against evasion techniques. Now this intrusion prevention has grown more powerful with the addition of Smart Filters. This hands-off approach allows administrators to rely on filters to do the legwork of preventing breaches.

Likewise, Smart Host capabilities allow you to route email traffic intended for applications like Office 365 through your firewall. This means that emails are being scanned and scrubbed long before they’re a potential problem.

#5 – Firewall Rule Management

Do you have too many firewall rules? Too few? Are some redundant? Which rules aren’t really doing anything? Sophos XG Rule Activity Monitoring takes the guesswork out of creating a set of comprehensive, efficient firewall rules. XG Firewalls make it easy to manage all your network security in one screen, including everything from user-based rules to web application protections and more. Powerful new reports help you decide whether your rules are champs or chumps.

What’s In It For Me?

The Fastest Administrator on Earth: In the Justice League Comic Mini-Series “Kingdom Come,” the superhero Flash (the fastest man alive) has stopped stopping altogether. This version of the Flash is in constant motion around his hometown of Keystone City, preventing crimes in the split-second before they start. Now your network administrator can be the Flash: an unstoppable, dynamic blur of justice that shuts down cybercrime before it ever begins.

Direct Traffic, Don’t Chase It: When a major sporting event lets out, police don’t wait around for traffic to gridlock before trying to untangle a congested intersection. Instead, roadblocks are set up to guide traffic through desired routes and prevent unrelated traffic from exacerbating the problem. Keyword content filtering, synchronized app control, and blocking PUAs means traffic flows exactly as planned.

Save Your Poor Mouse Button: You’ll be clicking around your reports far less often since network activity is succinctly visualized right on one convenient screen. That means you’ll save a few click, click, clicks and maybe a few headaches along the way.

sophos xg firewalls with intrusion prevention and keyword content filtering makes firewall management easier than ever

Sophos XG Firewalls are drawing massive attention and praise. Sophos has a clear vision of the path towards a safer cyber security future and you can trust that they understand the pain points that network administrators struggle with. If you’re rooting for innovation and common sense solutions, it may be time to jump over to Team Sophos. Worried about navigating through new features? Our certified engineers and network architects are here to help you migrate to a safer, faster future.

CHECK OUT OUR XG FIREWALL APPLIANCES

OR

TAKE SOPHOS XG FIREWALLS FOR A TEST DRIVE – ENROLL IN A RISK-FREE 30 DAY TRIAL!

WatchGuard Workhorse: Increase conversions & site speed without sacrificing security

By Andrew Harmon

Posted On August 28, 2017

WatchGuard Workhorse: Increase conversions & site speed without sacrificing security
DPI endpoint protection performance UTM watchguard XTM

Ecommerce websites live or die by conversions and statistics bear out that slow site speeds have a devastating impact on customers getting to checkout. It’s no secret that adding layers of security to your network can introduce lag into this equation. Luckily, there’s a better way. 

WatchGuard XTM runs at lightning speeds even with full security features enabled. You don’t have to choose between security and speed.

EXPLORE WATCHGUARD FIREBOX

Get the run down on network security, site load speeds, & increasing conversions with the infographic below!

View Full Size