Tag: Sophos

eXtending Network Security – Ping Podcast – Episode 48

Episode 48: eXtending Network Security

The network perimeter barely exists in 2021, and that means extending network security beyond the traditional edge. Aaron Chen and Shane Davis with Sophos join us to discuss the networking needs of businesses in 2021, including remote access security and visibility, performance in the face of increasing security demands, and more. How can they address those needs? We talk about the latest technologies introduced by Sophos, including XDR (extended detection & response), the XGS firewall series, and Xstream protection (including the special second Xstream processor included in XGS firewalls).

In headlines, we discuss some cybersecurity actions by the U.S. government, both against Russia and on the homefront. Then, we hear about a survey that shows business owners are ready to pony up for ransomware attacks. And finally, we talk about a nuclear cyber attack blamed on a North Korean group.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, Overcast, Amazon Music, TuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please rate and review us wherever you listen. And remember to subscribe or follow where you can to get the latest episodes as soon as they’re released

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week, and our knowledge hub.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Sophos XDR: Extended response & advanced AI for the whole network

Sophos has long been known for creating holistic network security solutions that work across devices to provide broad views of network security posture. We have talked about the boons of Synchronized Security with Sophos Security Heartbeat for years on this blog! Now that cross-device monitoring and high-powered AI security goes a step further with the introduction of XDR.

What is XDR?

XDR stands for Extended Detection and Response. This sounds similar to another industry technology: EDR, or Endpoint Detection and Response. But XDR takes the concept of Endpoint Detection & Response and extends it across multiple security layers. It brings together real-time network data and automated decision-making to provide advanced threat responses that stop attacks before they become a breach.

Sophos Intercept X with XDR extended advanced security across devices

How is Sophos XDR different from other solutions?

Sophos Intercept X Advanced with XDR (formerly Intercept X Advanced with EDR) integrates email, cloud, mobile, and endpoint data across your network, pulling data from multiple sources across security layers and products to provide broad, high-level security determinations orchestrated by deep learning AI. XDR leverages data from endpoints, servers, firewalls, switches, and other security devices spread across your network and centralizes that intelligence in a single ecosystem.

This pitch may sound familiar to you if you’ve used SOAR (Security Orchestration, Automation, & Response) or SIEM (Security Information & Event Management) solutions. What SOAR and SIEM do is quite similar in function: collect large volumes of data from multiple sources, analyze events, and provide guided response recommendations. Where XDR shines and soars above preceding solutions lies in its ability to take action. Sophos XDR not only creates a roadmap of how admins should respond to an event but takes the initiative to apply those steps before a security incident can grow.

All in all, XDR goes beyond data gathering and helpful suggestions. Sophos XDR orchestrates responses and applies them across devices on a network.

How to get Sophos XDR

XDR found a home with Sophos as part of its Intercept X product suite, an advanced endpoint protection suite built to stop malware, ransomware, exploits, viruses, and zero-day threats. In previous years, Intercept X Advanced could be paired with EDR to automatically detect and prioritize threats. While Intercept X’s EDR capabilities suggest where and how network admins focus their attention, XDR is now fully closing the monitor-detect-respond decision-making loop.

Sophos Intercept X Advanced uses the latest machine learning technology to make security verdicts on unknown threats by comparing the behavior of potentially dangerous files or apps to the known behavior of currently understood threats.

Shop Sophos XDR

Shop Sophos Intercept X Advanced with XDR

Try Sophos XDR for yourself

Try a free online demo of Sophos XDR and see how endpoint detection and response driven by AI can tie together the loose threads of your network.

What to Expect When You’re Expecting Cyber Threats in 2021 – Ping Podcast – Episode 36

Episode 36: What to Expect When You’re Expecting Cyber Threats in 2021

Start 2021 off with a bang – or a Ping in our case – as we podcast our way through some cyber threats to look out for in the new year. Andrew & Kevin go through predictions from top security experts at Fortinet’s FortiGuard Labs, Sophos, Barracuda, and WatchGuard. What did they find? Plenty of network security hazards face us in 2021, from evolving ransomware and phishing campaigns, to continued remote work vulnerabilities.

When you’re done listening, take a read through some of these predictions for yourself, from Fortinet, WatchGuard, Sophos, and Barracuda.

And for a more in depth look at WatchGuard’s predictions, check out Episode 34.

In headlines, the news about the FireEye/SolarWinds/federal government/Russia cyber breach keeps coming. And then, learn why fear may not be the right factor in cybersecurity training. Finally, hear about a new type of swatting that uses smart doorbells and home security cameras.

Oh, and Happy New Year!!

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). And now we’re on Amazon Music, too! Moreover, please remember to subscribe or follow where you can to get the latest episodes as soon as they’re released. And please rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Top 4 Email Security Solutions of 2020

Top 4 Email Security Solutions of 2020

The best email security solution ends up pulling a lot more weight than most network security services in 2020. Unless you live under a rock, you are increasingly aware of the ransomware scourge plaguing small businesses and enterprises alike. Email security targets advanced threats where they’re most likely to attack: your inbox. Thanks to social engineering schemes, your small business email service is a big, flashing target for hackers looking to infiltrate the network. Business emails are exceedingly vulnerable to advanced threats, like:

  • Phishing & spearphishing
  • Domain squatting
  • Cloud-based malware droppers
  • Business Email Compromise & account takeover
  • Impersonation & fraud

What makes email-borne attacks so efficient and how can you stop them in their tracks? We’ll break down the four best email security solutions of 2020, explain how they rebuff the bad guys, and help you find the email security solution that best fits your network needs.

How does email security keep you safe?

Email security solutions are often multi-faceted platforms that integrate several moving pieces to form a cohesive, defense-in-depth strategy. Email security monitors both inbound and outbound email traffic, allowing networks to scan the contents of messages and attachments to determine their intentions. Pair this with other fail-safes such as a cloud-based sandbox, anti-spam, and anti-malware services, and you’ve got a robust system that can keep an eye out not just for viruses, but also for sensitive data exfiltration and impersonation attempts.

Modern email security appliances and services offer multi-layered security by scanning all email contents, URLs, attachments, and headers with advanced analysis techniques. These techniques recognize threats based on their behavior, NOT by relying on known threat signatures. Just as the bad guys train to imitate the way you write messages, the best email security solutions are experts at spotting subtle clues in messages that betray malicious intentions.

What to look for in an email security solution

Email security solutions need to be more than just effective; they also must be user-friendly. Simplifying the challenges of network security is crucial to a network security infrastructure that meets your business goals. The best email security solution for small businesses is one that’s easy to setup and manage.

Other factors to look for in the best email security solution for your needs include:

  • Email spooling that allows for business continuity even during Internet loss or power outages
  • Message archiving to make regulatory compliance audits easier
  • Real-time threat intelligence updates that keep your email security constantly evolving
  • Task automation & robust reporting to effortlessly manage addresses, accounts, & user groups

Top 4 Email Security Solutions for Small to Mid-Sized Businesses

 

SonicWall Ransomware Solutions 2020

SonicWall TotalSecure Email

Key Features:

  • Industry-validated Capture Advanced Threat Protection sandbox stops ransomware & zero-day threats from ever reaching your inbox
  • Users protected from clicking on malicious links across any device or location with time-of-click URL protection
  • Granular Data Loss Prevention & compliance policies protect data

What makes SonicWall TotalSecure one of the Best Email Security Services in 2020?

SonicWall Email Security appliances and software provide multi-layered protection from inbound and outbound email threats and compliance violations by scanning all inbound and outbound email content, URLs and attachments for sensitive data. What’s more, they deliver real-time protection against ransomware, targeted phishing attacks, spoofing, viruses, malicious URLs, zombies, directory harvest, denial-of-service and other attacks.

TotalSecure Email leverages multiple, patented SonicWall threat detection techniques and a unique, worldwide attack identification network.

 

Sophos Ransomware Solutions 2020

Sophos Advanced Email Protection

Key Features:

  • Sophos Synchronized Security connects Sophos Email security with endpoint protection, delivering automated detection & clean-up
  • Compromised Mailbox Detection services detect outbound spam & malware to safeguard send reputation
  • Sophos Phish Threat gives you tools to test & train employees on cybersecurity awareness

What Qualifies Sophos Advanced Email Protection as one of the Best Email Security Services in 2020?

Sophos Email integrates in real-time with Sophos Central, an intuitive console for managing all your Sophos products. By extending Sophos Synchronized Security to your inbox, you ensure email security integrates into your entire network security posture.

Only Sophos Central lets you build and manage multiple lines of defense from email-borne threats, allowing you to respond to threats faster. This includes secure email, cybersecurity awareness training, and next gen endpoint protection, all from a single mobile-optimized portal.

 

Barracuda Logo

Barracuda Essentials – Email Security & Compliance

Key Features:

  • Real-time detection of dynamic threats constantly updates with 24×7 threat intelligence
  • Outlook plug-ins & mobile apps for easy user access
  • Barracuda Cloud Email Archiving integrates with Exchange & other cloud-based email services to create an indexed archive

What Qualifies Barracuda Essentials as one of the Best Email Security Services in 2020?

Barracuda Essentials filters and sanitizes all messages before delivery to your mail server. This protects your network from email-borne threats and social engineering before users even have a chance to click a link. Barracuda Essentials combines virus scanning, reputation checks, URL protection, spam scoring, real-time intent analysis, and other techniques to monitor threats across all potential attack vectors.

 

Fortinet Email Security Solutions 2020

Fortinet FortiMail Appliances

Key Features:

  • Outbreak protection, content disarm & reconstruction, sandbox analysis, & impersonation detection combined into a single hardened appliance
  • Prevent data loss with powerful, identity-based email encryption
  • Integrate with full suite of Fortinet products as well as third-party Fortinet Fabric Partners by sharing Indicators of Compromise across Fortinet Security Fabric

What Qualifies Fortinet FortiMail as one of the Best Email Security Services in 2020?

FortiMail secure email gateways stop volumetric and targeted cyber threats to secure dynamic attack surfaces. FortiMail also prevents the loss of sensitive information and simplifies regulatory compliance. Offered as high-performance physical and virtual appliances, FortiMail is flexible enough to deploy on-site or in the public cloud to meet a wide range of business goals and security needs.

 

Looking for the best email protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

3 Best Ransomware Protection Solutions 2020

3 Best Ransomware Protection Solutions for Business 2020

Once your network is infected, ransomware encrypts files on afflicted endpoints, making it impossible to read or open them. The best ransomware protection for small businesses proactively hunts down and eliminates even never-seen-before ransomware long before an employee ever gets a chance to fall for it. Here are a few key features you should seek when comparing the best ransomware protection services available in 2020:

  • Advanced email security
  • Cloud-based sandboxing
  • Behavior-based scanning
  • Regular threat intelligence updates

Want to avoid shelling out big bitcoin to get your small business’s data back under control? Get a ransomware security solution that does more than just look out for known ransomware signatures.

What is Ransomware Protection?

The best ransomware protection for businesses scans inbound and outbound traffic across your entire network, using artificial intelligence to monitor the behavior of files as they traverse and interact with other network resources. Ransomware protection solutions spot behavior that looks similar to malicious activity and further investigate it in nanoseconds. Faster than you can say mind palace, these solutions either allow or block file access based on that verdict.

What to Look for in a Ransomware Protection Service

The best ransomware protection systems include a cloud-based sandbox where suspicious files can be sent for disarmament or detonation. In other words, if your ransomware tool is even the least bit suspicious of a file, the system safely opens and inspects it without threatening your network health.

Additionally, the best ransomware services rely on artificial intelligence and machine learning to reach threat verdicts via behavior monitoring. This means that even if a strain of ransomware has never been seen by any other endpoint in the entire world, if it walks like ransomware, talks like ransomware, or displays any other tell-tale ransomware behavior, your ransomware protection should yank it aside for closer inspection. Traditional ransomware protection services fall back on known signatures that need to be constantly refreshed and can do nothing to stop zero-day threats.

Top 3 Ransomware Protection Services in 2020

 

SonicWall Ransomware Solutions 2020

SonicWall Capture Advanced Threat Protection (ATP)

Key Features:

  • Real-time threat intelligence updates with up-to-the-minute signatures
  • High security effectiveness & low false-positive rate against zero-days
  • Real-Time Deep Memory Inspection blocks mass-market malware

What Qualifies Capture ATP as one of the Best Ransomware Protection Services in 2020?

SonicWall Capture Advanced Threat Protection (available as an add-on for all SonicWall TZ or NSa firewalls) is a powerful cloud-based sandbox with malware-analysis that can detect evasive threats. Capture ATP blocks suspicious files at the gateway until a verdict is rendered.

SonicWall combines multi-layer sandboxing, Real-Time Deep Memory Inspection, full system emulation, virtualization techniques, and more to detect more threats than any single-engine sandbox available in 2020. On top of that, the low false-positive rate means it won’t block the legitimate files you need to do business.

 

Sophos Ransomware Solutions 2020

Sophos Intercept X Advanced with EDR

Key Features:

  • Highly-acclaimed malware detection engine driven by deep learning
  • Exploit prevention stops attackers from taking advantage of vulnerable software & apps
  • Root cause analysis visualizes where threats originate & how they move on the network

What Qualifies Sophos Intercept X Advanced with EDR as one of the Best Ransomware Protection Services in 2020?

Sophos Intercept X Advanced with Endpoint Detection & Response is a mouthful. But it’s also a comprehensive, defense-in-depth tool that combines advanced techniques to squash malware, ransomware, and zero days. Intercept X also uses behavioral analysis to stop boot-record attacks.

Plus, even if a system is already infected, CryptoGuard stops the encryption process and reverts (or rolls back) files back to their pre-infection state.

 

Fortinet Ransomware Solutions 2020

Fortinet FortiEDR & FortiSandbox

Key Features:

  • Integrates with all Fortinet Security Fabric components to protect digital attack surfaces
  • Provides actionable intelligence via automation to detect & respond to advanced threats
  • HUGE accolades from third-party testers such as NSS Labs, BPS, & ICSA Labs

What Qualifies FortiEDR with FortiSandbox as one of the Best Ransomware Protection Services in 2020?

Fortinet’s EDR & FortiSandbox establish a two-step sandboxing approach centered around artificial intelligence. These services first compare at-risk files against known and emerging malware with static analysis. Then, second stage analysis uncovers the full attack lifecycle by detonating the cyber payload in a virtual, quarantined environment.

Detail analysis maps any uncovered malware to Mitre ATT&CK framework with powerful investigation tools to help admins better visualize security events.

 

Look for the best ransomware protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

Ransomware Attack Clapback: How to Prepare if You’re Targeted

Ransomware Attack 2020: Why Prepare

It seems like every week in 2020, we hear about another major ransomware attack. While volume continues to grow in recent years, more troubling is the fact that ransomware is getting more targeted. Why is this more troubling? Because of its more targeted nature, it’s also getting more effective. Many ransomware cells now study their targets to pinpoint weaknesses, then customize attacks to exploit them. Not only that, they select targets and set ransom amounts based on knowledge of what those victims can pay.

And one more troubling fact to keep you up at night: soft targets are particularly vulnerable. That is, bad actors are placing local governments, school systems, nonprofit organizations, and even healthcare providers in the crosshairs. So even if your business avoids attack, a successful breach of one of these targets has major effects on day to day life. Enough preamble though. If you made it this far, you know the situation is serious. Here are three ways to prepare to clapback, so an attack won’t stop you in your tracks.

Train Your Staff

Your employees can be either the point of entry or the first line of defense for a ransomware attack. The choice is yours. Among the most common ways for ransomware to infect your network is once again through phishing emails. If your network users don’t know what to look for, they may unsuspectingly click on an attachment that delivers the malicious payload. Simple training makes all the difference, sharing tips like:

  • Double-check the domain name that sent the email
  • Look for spelling errors as well as numbers replacing letters
  • Review the signature & legitimacy of the request
  • Hover over links – without clicking – to check where they lead
  • Don’t click on attachments unless you’re sure of the source

There are applications available to let you test your employees & reinforce training without the consequence being an actual breach. Check out Sophos Phish Threat and Barracuda PhishLine for a couple worthy examples. Oh and one other key piece of training? Teach your employees to report any suspicious contacts asking for a way into your network.

Layer Your Security

The best approach to network security in 2020 is a layered one. As we just noted, well-trained employees are one layer, but there are many others to consider. If you haven’t heard by now, it all starts with the firewall. Your firewall – operating the latest and greatest security services – should be the cornerstone of a protected network setup. A current generation firewall plus those security services protects against just about any threat that comes your way. Companies now commonly incorporate threat intelligence – both human and the artificial variety – plus machine learning into their security offerings. That means they’re on the cutting edge to recognize and stop ever evolving ransomware and malware varieties.

But with the workforce extended beyond the perimeter now more than ever, your security must do the same. That means endpoint protection and secure access to your network for remote employees are also musts. Endpoint protection not only gives you visibility into these remote devices, it also extends many of the same security services to them individually. Ensuring secure access via VPN then brings your teleworkers back under the security of your firewall and network setup. And the layering shouldn’t stop there. Ensure you have email security in place to filter out suspicious messages before they even reach the eyes of an employee. And segment your network so a breach of one device doesn’t extend throughout. This may sound like a lot, but bundling services is surprisingly reasonable, and security costs much less than a successful ransomware attack ever will.

Backup So You Can Rollback

This could easily fall under the layers above, but when it comes to a ransomware attack, backup deserves a spotlight all its own. If you are successfully breached and your files encrypted, the smart money isn’t on paying the ransom, it’s on rolling back. Regular backups of your data allow you to get right back to work with minimal interruption, even if a ransomware attack occurs. A Sophos survey of 5,000 IT managers found more than half of firms whose data was encrypted by ransomware restored it through backups. Why is that? There are no guarantees when you pay the ransom. Plus, you don’t really want to support a criminal enterprise. And on a more practical note, Sophos also found that paying the ransom resulted in twice the remediation costs of restoring data from backups. Even if the ransomware cell you’re working with gives you the encryption key when you pay up, you still have to dedicate time and effort to restoration. So why not just have the restoration already available in house. Learn about Barracuda Backup and Sophos Intercept X with CryptoGuard for a couple of options to ensure you’re not caught flat-footed when a ransomware attack comes.

Best Endpoint Security of 2020 for Small Businesses

Best Endpoint Security of 2020 for Your Small Business

Finding the best endpoint security for your network needs can be a challenge. There are dozens of options, all supporting a myriad of advanced security features and integrations that may be impossible to navigate unless you’re an expert. Each vendor offers a unique set of services with strengths and weaknesses that will ultimately determine whether your users stay safe or not. The best endpoint security may vary from organization to organization, but here are our top picks for the best endpoint security options available in 2020.

What is Endpoint Security?

Endpoint security, end user security, endpoint protection—while the name can be flexible, its necessity for a secure network is not. Endpoint security software protects small businesses & enterprises by guarding connected devices against malware and other advanced cyberattacks. Modern endpoint security integrates with appliances and applications you already use to provide edge protection as employees and guests access your network.

Encrypted malware, ransomware, and business email compromise can spell disaster for small businesses. That’s why the ability to monitor end user activity in real time – as well as make decisions to quarantine and isolate individual machines – can mean the difference between a small, contained incident and a catastrophic breach.

In 2020, endpoint security platforms now incorporate Endpoint Detection & Response capabilities powered by AI. Guided response, rich reporting, and root cause analysis are all top-shelf features that organizations should seek in a quality endpoint security service.

What does Endpoint Security include?

The best endpoint security goes beyond the basics. Traditionally, end user protection included passive endpoint scans combined with basic antivirus capabilities. However, in 2020, the best endpoint security blow the basics out of the water with multiple advanced security features:

  • Continuous monitoring of files, applications, & connected devices
  • Automated incident detection and isolation of infected machines
  • Web content filtering to safeguard productivity and network usage
  • Auto-provisioning based on user group, OS, location, or time of day
  • Intuitive regulatory compliance controls & reporting
  • Real-time threat intelligence updates from a pedigreed threat research team

The threat landscape is always evolving. That means your end user protection must stand up to threats never-before-seen by the network security ecosystem. The ability to recognize zero day exploits based on machine learning and behavioral analysis is essential for organizations to stay secure in 2020.

What is the Best Endpoint Protection of 2020?

Here are our top picks for the best Endpoint Protection for small businesses in 2020:

SonicWall Capture Client

Key Features:

  • Continuous behavioral monitoring creates complete profile of network activity
  • Layered defense of cloud intelligence, advanced static analysis, & dynamic protection
  • Integration with Capture Advanced Threat Protection cloud-based sandboxing
  • Ability to rollback targeted endpoints to a restored state even after infection
  • Malware protection engine powered by SentinelOne

SonicWall Capture Client Endpoint Protection

What makes SonicWall Capture Client unique?

SonicWall teams up with SentinelOne to deliver a heuristic endpoint protection suite with the unique capability to mirror Microsoft shadow copies for post-infection rollbacks. This eliminates the need for manual restoration after a ransomware attack and lets admins rest easy knowing they can always restore endpoints to their pre-infection state. In addition, round-the-clock behavioral monitoring eliminates the need for scheduled system scans. In short, this minimizes network resource hogging and safeguards user productivity.

 

Fortinet FortiClient

Key Features:

  • Integrates with all Fortinet Security Fabric components
  • Automated prevention of known & unknown threats through host-based security stack
  • Intelligent patch management & vulnerability shielding
  • SSL & IPSec VPN security provides reliable access to corporate networks
  • Detects elusive memory techniques used in exploits like buffer overflows

Fortinet FortiClient Enduser Protection

What makes Fortinet FortiClient unique?

Fortinet FortiClient end user protection services simplify remote user experience with built-in user provisioning, auto-connect, and an “always-up” VPN. FortiClient works perfectly in tandem with all Fortinet devices and services on your network through the Fortinet Security Fabric. According to NSS Labs 2019 Advanced Endpoint test, FortiClient blocked 100% of malware including extremely elusive threats.

 

Sophos Intercept X Advanced with EDR

Key Features:

  • Automatically detects, prioritizes, & investigates potential threats using AI
  • Leverages deep learning analysis to analyze malware in extreme detail
  • Out-of-the-box SQL queries categorized by use case
  • Live Response provides users command line access to endpoints & servers
  • Quickly search up to 90 days of current & historical on-disk data

Sophos Intercept X Advanced with EDR for Endpoint Protection

What makes Sophos Intercept X Advanced with EDR unique?

Sophos made a huge splash with the upgrade to its original Intercept X service. It sports big changes that included Endpoint Detection & Response (EDR) capabilities in addition to its already robust real-time, integrated endpoint platform. Intercept X Advanced combines powerful endpoint protection with endpoint detection driven by machine learning. This means most threats are squashed long before they can damage your network. Artificial intelligence assists with guided response. To save your small business even more, an important note: the objective of Sophos endpoint protection is to reduce the need for added IT employees by consolidating their roles into a single automated system.

 

Cisco Meraki Systems Manager

Key Features:

  • Native Network Integration shares intelligence across all Meraki components
  • Automatic WiFi settings securely connect managed wireless devices
  • Auto-provisioning of VPN settings based on Client VPN
  • Zero-touch deployment through a self-service web portal
  • Deploy policies & changes from the cloud across the entire network

Cisco Meraki Systems Managed Endpoint Protection

What makes Cisco Meraki Systems Manager unique?

Cisco Meraki’s endpoint management solution supports a variety of platforms and operating systems, making Systems Manager a flexible option for most any deployment. Systems Manager offers cloud-based endpoint management tools that easily scale up to meet growth needs. By providing admins the ability to manage distributed deployments from anywhere in the world, Systems Manager is an endpoint security solution built for a highly mobile, highly distributed world.

 

Look for the best endpoint protection for your small business?

Give us a call at 866-957-2975 to find the perfect fit!

 

Synchronized App Control: Minimize TCO & Firewall Management Hours

Superior Application Visibility & Control

Modern businesses tend to deploy several cloud-based applications to meet the unique demands of their business. Apps such as DropBox and Skype–both common mainstays on SMB and enterprise networks alike–can make or break day-to-day business communication. However, every application comes with its own set of vulnerabilities, patches, and management dashboards that can make juggling multiple apps a headache for admins. Plus, these apps eat up huge amounts of bandwidth if left unchecked!

Sophos Synchronized Application Control, compatible with all Sophos XG Firewalls, attacks both issues. Plus, it provides a lower Total Cost of Ownership that makes your network security investment a win. Monitor all traffic, both inbound and outbound, across your network without the need to employ multiple network security specialists.

Sophos Synchronized App Control

Synchronized Security enables you to deliver greater benefit for your security investment. Automated incident response frees up IT teams, while centralized management slashes day-to-day overheads. Driving down the total cost of owning and managing your firewall frees up resources, both human and monetary.

Synchronize your Security & Save Money

Synchronized App Control, as part of Sophos XG Firewall, uses Synchronized Security to share information across the network, gathering data points from all endpoints to provide a top-down view of your network topography. Configuring Synchronized App Control is quick and easy.

This lets you identify wasteful software, bandwidth-hungry apps, and potential security vulnerabilities. Sophos Intercept X endpoint protection paired with Synchronized App Control means that your network is constantly sharing information in real time, enabling your firewall to identify all applications on your network—even the ones trying really, really hard to stay hidden!

Synchronized Security from Sophos allows greater appplication visibility, automated incident response, and security heartbeat

Application Categories & Labels

Synchronized App Control grants you the ability to block individual applications as well as entire categories of apps. That means if your business struggles to keep employees off unwanted instant messaging apps or unsecured file transfer apps, you can nix them all with a few clicks. Applications can be automatically marked with the following labels to simplify management:

  • New: Newly-detected apps unknown to your XG Firewall
  • Mapped: Detected apps automatically mapped to an app category
  • Customized: Applications that you mapped manually

Managing application labels and categories is made simpler with a handful of intuitive commands. XG Firewall includes a default set of categories for most common applications, but you can go more advanced with individual app controls. Synchronized App Control allows you to:

  • Acknowledge new applications & indicate that you don’t want to change their attributes
  • Customize an app to edit its name & category
  • Hide or Show applications you already know or don’t want to see
  • Delete apps & remove them from application filters. If XG Firewall detects a deleted app on an endpoint, the application will reappear on the application list

All of this is accomplished through one cloud-based management dashboard: a single pane of glass that acts as command and control for your entire security infrastructure. Whether you’re managing your bandwidth to ensure you squeeze every last MB out of your ISP or are hunting down network bottlenecks, a single unified console cuts your time spent in half.

Cybersecurity Evolved

Through Sept. 30th, Sophos is offering its Evolved Firewall Promo, making it more cost-effective than ever for small businesses to bolt on advanced security services like Synchronized App Control with XG Firewall. By purchasing a 3-year security service bundle, you get the firewall hardware free. It’s that simple. Enjoy the added benefits of Sophos XG Firewall & save money. Plus, we’ll throw in free, same-day ground shipping on your order.

Sophos XG 86 & XG 106 function as secure VPN appliances

Sophos XG 86 & XG 106 firewalls stand in as secure VPN appliances

Sophos XG 86 and Sophos XG 106 appliances are powerful next generation firewalls many small businesses use to as their primary cyber threat defense. However, these mighty little devices are far more versatile than admins give them credit for! Did you know the XG 86 and XG 106 can both stand in as dedicated VPN platforms to secure temporary remote work spikes? So you won’t need a Sophos RED (remote ethernet device) or other comparable VPN appliance.

Blog Banner General Buy Now Red-High-Quality

 

Sophos XG 86 firewall

A Sophos XG 86 firewall costs about the same as a Sophos RED and similar competing remote access devices. Yet it can perform even better than SMA devices if a split-tunnel deployment is required. This substitution is possible because Sophos XG firewalls come with a basic set of security features and services. They include the ability to deploy Sophos site-to-site VPN tunnels. Since this feature is part of the XG firewall base license, that also means no recurring fees or renewals are necessary.

Remote access security ensured

With your remote workers accessing company applications and resources through a firewall-facilitated VPN tunnel, you ensure the onboard and advanced Sophos security features they enjoy at the office protect users working from home as well. Those include Network Protection, Synchronized Security, and the Sophos Heartbeat. Bundle your Sophos XG 86 firewall with an EnterpriseProtect Plus package that includes advanced Web Protection to get a solution ideal for split-tunnel VPN deployments.

Ease management & deployment of remote access users

Another great benefit of using your Sophos XG 86 or XG 106 firewall as a stand-in for a secure remote access device is ease of management. Manage all your site-to-site tunnels and connected users intuitively through the Sophos XG Firewall single-pane-of-glass management dashboard. Simplify remote work chaos by monitoring and managing traffic with the same tools you would in the home office.

Sophos XG 86 vs Sophos RED

  • Remote workers returning? XG 86 can shift back to a security role
  • XG 86 offers more flexible secure access options like SSL & IPSec VPN
  • Centrally manage XG 86 VPN deployments with Sophos Central
  • Protect traffic routed through split tunnel setups that Sophos RED does not secure

Blog Banner General Buy Now Red-High-Quality

 

Sophos RED 15 secure access device

How to use an XG Firewall for secure remote access

Using an XG 86 or XG 106 (for even more power and user support) in place of a RED or similar secure access device is simple. A Sophos XG firewall will act as a server that waits for incoming connection requests. This is quick and easy to configure with a few clicks to turn on “RED Status.” You can see full detailed instructions for this VPN setup in the Sophos Knowledge Base.

 

What is EDR? Automated endpoint detection & real-time response to threats

To continue our recent theme of decoding abbreviations, EDR means Endpoint Detection & Response, and that means that the age of AI is upgrading networks. This automated, real-time endpoint solution ensures that end users can work securely no matter where in the world they’re located in relation to a firewall.

With EDR, your network defenses constantly scan for the kinds of elusive malware, ransomware, and zero day threats that signature-based detection platforms miss. And in the event a security incident occurs, advanced Endpoint Detection & Response platforms such as Sophos Intercept X Advanced with EDR or FortiEDR stop attacks even if the endpoint is compromised. Guided response lets administrators easily walk through the steps of an attack to see its root cause and isolate infected machines.

EDR’s machine learning systems deter, detect, disarm, dissect, deescalate, and do away with any cyber threats you can throw its way.

Why EDR works for small businesses

Survey after survey several years running have revealed two facts: a majority of small businesses find it difficult to hire qualified IT talent–especially talent focused on network security–and their budgets often struggle to accommodate the talent they do find. Automated endpoint detection and response monitored by 24-hour machine learning intelligence adds just the kind of cybersecurity expertise that SMBs need without a higher employee headcount.

Just like modern grocery stores have self-checkout lines and autoworkers now benefit from the assistance of robotics, automation enables small businesses to do more with less to get the job done. Farm out malware expertise and incident response to the bots!

Sophos Intercept X Advanced with EDR

Intercept X Advanced has been a longstanding go-to for network admins looking to add advanced protection to their networks in a comprehensive, integrated system. Sophos Intercept X Advanced now also consolidates that industry-leading protection and EDR into a single solution. Intercept X’s advanced malware prevention significantly eases the workload on the EDR component, allowing you to utilize more of the speed and performance you pay your Internet Service Provider for.

  • Minimize staffing by automating IT tasks usually done by skilled experts
  • Prioritize potential threats & automatically detect security incidents
  • Provide visibility into attack scope, root cause, impact, & network health
  • Hunt for indicators of compromise that may leave your network vulnerable

 

Fortinet FortiEDR

FortiEDR will be made available to order on May 4th and is already boasting some big benefits and features. An EDR solution purpose-built to detect potential threats, FortiEDR stops breaches in real time, and mitigate the damage of ransomware even on machines that have already been compromised. FortiEDR also extends security to IOT devices with the ability to protect everything from PCs to servers to point-of-sale systems and more.

  • Creates very small network footprint thanks to native cloud infrastructure
  • Enjoy automated EPP with orchestrated response across platforms
  • Stop file-based malware with Fortinet’s kernel-level Next Gen AV engine
  • Eliminate dwell time & reduce post-breach expenses

 

SonicWall Capture Client

Automated endpoint detection and response is integrated into SonicWall’s Capture Client, bringing together EDR, advanced threat protection, and integrated network security. With unique ransomware rollback capabilities and intuitive attack visualizations, Capture Client offers a comprehensive endpoint protection and EDR environment for any SonicWall network.

SonicWallEDR

  • Next-generation SentinelOne malware protection engine
  • Advanced threat protection with sandbox integration
  • Behavior-based scanning powered by machine learning
  • Unique attack rollback capabilities using Volume Shadow Copy Service
  • Install & manage trusted TLS certificates to leverage DPI-SSL

 

Sophos SD-RED 20 & 60: Synchronized SD-WAN

Just in the nick of time for our strange days of full-capacity remote work, Sophos releases a new heir to the secure remote access throne with a replacement for their mainstay Sophos RED appliances. The new Sophos SD-RED 20 and Sophos SD-RED 60 bring together secure, encrypted SD-WAN capabilities and the Sophos Synchronized Security flagships XG Firewall and Intercept X. These unique and simple remote work solutions extend network connectivity to remote branches, distributed offices, outposts, home offices, and any other remote workers, no matter where they’re located. Whether you need stable remote access at a mountaintop observatory or in your new sealab, Sophos SD-RED appliances have you covered with stable, secure access and real-time visibility.

Other new features include SFP ports, Power-over-Ethernet capabilities for the SD-RED 60, huge improvements in throughput, and more interfaces than previous Sophos RED devices. The Sophos SD-RED appliances work seamlessly with Sophos wireless access points and the SD-RED 60 could even support two Sophos access points with Power-over-Ethernet alone!

Blog Banner General Buy Now Red-High-Quality

SD-WAN gets a heartbeat

When an SD-RED appliance is centrally managed through the XG Firewall platform (free trial?), admins can extend Synchronized SD-WAN to multiple branch locations. Synchronized SD-WAN means that not only are you replacing expensive and unstable MPLS connections with super intelligent SD-WAN capabilities, you’re also protecting traffic that traverses those SD-WAN connections with the same Synchronized Security & Sophos Security Heartbeat features that employees would enjoy on the home network.

So easy a home user can do it

Due to COVID-19, many small businesses now have employees working from home that may have no prior experience with remote work before the big change. SD-RED appliances ease the pressure of extending your secure network to remote workers with a truly plug-and-play, zero-touch deployment. No technical skill is required for remote workers or branch locations to install an SD-RED 20 or SD-RED 60. Just type the device ID into your Sophos firewall appliance and ship your SD-RED appliance to its destination. Once the device is received and plugged in, the SD-RED will connect to the Internet, call back home to your primary firewall, and automatically establish a secure VPN tunnel with auto-provisioning.

Sophos RED vs Sophos SD-RED

So how do these new remote access devices stack up against their predecessors? Check out our handy comparison table or keep scrolling to see new throughput improvements, expanded interfaces, and more to compare the original RED to the new, improved SD-RED.

Sophos SD-RED 20

Sophos SD-RED 20

  • Maximum Throughput: 250 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 1 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos SD-RED 60

Sophos SD-RED 60

  • Maximum Throughput: 850 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
  • WAN Interfaces: 2 x 10/100/1000 Base-TX (shared with SFP)
  • Power-over Ethernet Ports: 2 PoE Ports (total power 30W)
  • USB Ports: 2 x USB 3.0 (front and rear)

 

Sophos RED 15

Sophos RED 15

  • Maximum Throughput: 90 Mbps
  • LAN Interfaces: 4 x 10/100/1000 Base-TX
  • WAN Interfaces: 1 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 1 x USB 2.0

 

Sophos RED 50

Sophos RED 50

  • Maximum Throughput: 360 Mbps
  • LAN Interfaces:4 x 10/100/1000 Base-TX
  • WAN Interfaces: 2 x 10/100/1000 Base-TX
  • Power-over Ethernet Ports: None
  • USB Ports: 2 x USB 2.0

Blog Banner General Buy Now Red-High-Quality

Buy Sophos SD-RED

Ready to get your hands on Synchronized SD-WAN? These new SD-RED appliances are ready to ship now! With the Sophos RED 15 potentially looking at backorders in the wake of the remote work rush, the SD-RED 20 and 60 have landed just when they are needed most. Synchronize your SD-WAN and secure your remote workforce today!


 

Sophos Threat Cases make malware cleanup easy

What are Sophos Threat Cases?

Sophos Threat Cases make Intercept X Advanced with EDR truly stand out from the crowd as an end user protection platform. Granting admins the ability to investigate and clear up malware attacks with just a few clicks, Threat Cases provide a birds’ eye view allowing you to visualize incidents occurring on your network. After getting an idea of what the incident looks like, you can then drill down into individual events and files to investigate details at a granular level. Guided response, root cause analysis, and attack visualization make Threat Cases a one-of-a-kind experience for network administrators.

See where attacks originated, how and where they spread, and identify which files, processes, applications, and devices were affected by the breach. Threat Cases are available for both XG firewalls and for servers, offering extensive visibility and control both on-premise and in the cloud.

Quickly identify, diagnose, & mediate

    • Isolate affected devices
    • Search for similar threats
    • Clean up after a breach
    • Block threats with automated guided response

For example, if malicious behavior is detected in an Office 365 file such as a Word document or Excel spreadsheet, Sophos Threat Cases will indicate that the file was written to the computer by Outlook.exe and tip off administrators that the threat was the result of a malicious email. Admins may then use this information to identify and close security gaps to prevent future exploitation of this attack vector.

Threat cases are only generated for malicious behavior detections and do not include detection of Potential Unwanted Applications and other false positives.

Types of infections seen by Sophos Threat Cases:

    • Malware detection
    • Web threats
    • Malicious behavior
    • Malicious traffic
    • Exploits

Where to find Sophos Threat Cases

If you want to take advantage of the features offered by Sophos Threat Cases such as root cause analysis, registry key and process filters, infection path visualization, and guided response, you’ll need an Intercept X Advanced license to get started. Once logged into your Sophos Central Admin dashboard, Sophos Threat Cases can be found by clicking the “Endpoint Protection” or “Server Protection” menu linked in the “My Products” section.

Sophos Threat Cases is found in the Sophos Central admin dashboard

The Anatomy of a Threat Case

What does a threat case event look like and why is it so helpful for network administrators? Every Threat Case begins with a simplified events chain, giving an easy-to-follow visualization of the basic details of your incident.

Simplified Attack Chain makes it easy to visualize a breach

After the simplified attack chain, each Sophos Threat Case serves up a more robust attack summary that details basic information like detection name, root cause, potentially affected data, infected user, device names, and attack timeframe.

The summary section is followed up by a Suggested Next Steps function which generates automated remediation advice on what to do next. Advice is dependent on the type of attack and other details specific to the incident. Examples of some advice from Sophos Threat Cases include isolating computers, setting priorities, and setting the status of a case record.

Last but definitely not least, the Analyze section is home to most of the detailed information admins will love from Sophos Threat Cases. Here you can find graphics of the attack “beacons” that Sophos detected and the root cause that Threat Cases identified. The beacon and root cause are then linked by interconnecting lines that make up the attack chain.

Sophos Threat Cases Analysis Section

Admins can click on any individual event in this attack chain graphic, allowing them to view additional detailed information in a right-hand pop-up menu.

Sophos Threat Cases detail overviw

Try Sophos Intercept X and Sophos XG Firewall

Ready to get your hands on Threat Cases but still not sure about Sophos security? Try a 30-day trial of Intercept X or a 30-day trial of Sophos XG Firewall for free before you buy. You can also get your next Sophos XG Firewall appliance at no cost when you purchase a qualifying 3-year security license with our Sophos Evolved Firewall Promo.

Emotet is back & badder than ever but Intercept X answers the call

Hardcore fans of the Firewalls.com Blog (yes, we’re aware those don’t exist) may remember our Emotet malware article in March of last year, painting the banking trojan as the cybersecurity world’s biggest villain of 2019 and comparing him to the ever-evolving baddie, Ultron. With recovery costs surpassing a million dollars per incident, this feisty malware can wreak real havoc on small businesses and enterprises alike. A year has passed since that spotlight article, but Emotet is far from being ancient history. In fact, recent trends suggest that the Emotet problem may grow worse in 2020.

Security researchers at Nuspire discovered a huge resurgence in Emotet malware activity throughout Q4 of 2019 including 1,275 unique variants of the malware with 339,000 new strains discovered each week. To support this growth, Emotet has been diligently adding new features to its toolset, allowing for greater versatility in stealing credentials, spreading infection, and pilfering user data.

Same goal, new ways to reach them

We discuss a few of these new capabilities in Episode 13 of Ping: the Firewalls.com Podcast, specifically focusing on Emotet’s ability to scan wireless networks and infect connected devices. Added up with past strategies–spreading through email spam and lateral network movement–this advanced Trojan is proving ever more elusive to detect, identify, and prevent with every iteration.

When Emotet malware made a sharp resurgence in September of 2019, it often paired up with Ryuk ransomware, providing maximum damage to networks once attackers got their foot in the door. Cameos with TrickBot and BitPaymer also demonstrate that Emotet is willing to team up with fellow no-goodniks to cause even greater disaster after an infection.

Best practices to prevent Emotet malware

When it comes to malware, the greatest cure is prevention. Educating users, securing unmanaged devices, and shining a light on network blind spots are all strong preventative measures that can prevent an Emotet outbreak on your network. Focusing on email security training and Business Email Compromise with your staff arms them with the knowledge needed to sidestep Emotet’s widespread spam campaigns.

Sophos Intercept X Advanced with EDR (and other machine learning-powered endpoint protection platforms) monitor the evolving behavior of malware strains such as Emotet, comparing threat data from security sensors worldwide to compile real-time threat data to networks. Intercept X offers multiple layers of security, including detonation of executable files in a secure sandbox environment.

Strong email protection through XG Firewalls provides additional strata of security, scanning outbound emails to detect Emotet spam, identifying which machines are responsible for it, and quarantining them from the network. Fighting off advanced threats such as Emotet requires multiple layers of security with end-to-end visibility and access control. Check out the Firewalls.com Services section to learn how our team of certified network engineers can deploy Access Control Lists, optimize your email security, and monitor your network around the clock with Managed Security Services.

Free XG Firewall with the Sophos Evolved Promo

Maybe you’ve heard about the exciting new release of Sophos XG Firewall v18 or maybe you’re looking to add powerful Synchronized Security with Sophos Central Intercept X and EDR to your network setup. Whatever the reason you’re shopping for a Sophos XG firewall, there has never been a better time to make your investment. That’s because Sophos is giving away a free XG Firewall with every purchase of a qualifying 3-Year FullGuard Plus or EnterpriseGuard Plus bundle until the end of March 2020. *This promo has been extended until September 30, 2020!

This deal is called the Sophos Evolved Firewall Promotion because 2020 is the perfect time for your network security to evolve to the next generation!

What is FullGuard, FullGuard Plus, & EnterpriseGuard Plus?

FullGuard Bundle

The Sophos FullGuard Bundle includes Network Protection, Web Protection, Email Protection, WebServer Protection, & Enhanced Support. This option is a perfect fit for medium-sized organizations and businesses that maintain their own web- or cloud-based servers. Just remember to take advantage of this promotion, you’ll have to take the next step up.

FullGuard Plus Bundle

With everything included in the FullGuard Bundle, the FullGuard Plus Bundle takes your security to new heights with the inclusion of Sandstorm, a cloud-based sandbox environment. Quarantine suspicious traffic and detonate malicious payloads in a safe environment segregated from your network!

EnterpriseGuard Plus

The Sophos EnterpriseGuard Plus bundle includes Network Protection, Web Protection, & Enhanced Support. This package also includes the same powerful sandboxing capabilities with the addition of Sandstorm. EnterpriseGuard Plus is a great fit for smaller enterprises that can do without the extra Email and WebServer assets included with FullGuard.

sophos xg firewall free

Get a Free Sophos XG Firewall

Ready to get your XG Firewall with 3 Years of super advanced Sophos security services? Live Chat with a Sophos expert at Firewalls.com or call us at 866-957-2975.

 

Ten Key Sophos XG Firewall Features

X Marks the Spot

A firewall is more than just a box you put on a desk or in a rack in the back room, it’s an appliance you count on to secure your network. But it’s often hard to distinguish between which of those appliances offers the best solution for your specific needs. Enter Sophos XG Firewall. This model line has options for networks of many shapes and sizes (even including virtual and software firewalls). Sophos XG Firewall features superior visibility, protection, and response to stop malware in its tracks. This series is also noted for its ease of deployment and management for even those who may be a little less tech savvy. In honor of the X in Sophos XG, we decided to put together X (or 10 when in Rome) Sophos XG Firewall features in video form.

More on XG Firewall features

If the video whet your appetite, but you still want to learn more about the Sophos XG firewall, we can help! Check out our feature review videos of the XG 125 and the new XG 86 & XG 106. We’ve also written about Sophos’ two security services bundles, EnterpriseProtect and TotalProtect. And last, but certainly not least, if you like learning about Sophos XG Firewall features in audio form, listen to episode 3 of Ping: A Firewalls.com Podcast in which we talk to Sophos’ Chris McCormack to take an even deeper dive into the XG firewall series.

What Are Sophos TotalProtect & TotalProtect Plus for XG Firewall?

If you’re looking into deploying a Sophos XG Firewall on your business network, it can be a challenge to discern the precise differences between various bundles, services, and licenses. What exactly is included in a Sophos TotalProtect or TotalProtect Plus bundle? How does it differ from FullGuard or EnterpriseProtect? While we took an in-depth look at Sophos EnterpriseProtect & EnterpriseProtect Plus suites in past posts, we’re back to peek again into the Sophos arsenal. This post will layout exactly which services are included in TotalProtect & TotalProtect Plus bundles for XG Firewall, showcasing the most comprehensive security solutions Sophos offers as part of its Synchronized Security suite.

Blog Banner General Buy Now Red-High-Quality

XG Firewall Base Appliance

We talked extensively about the capabilities of Sophos XG Firewalls in our most recent podcast with Chris McCormack, (Sophos Senior Product Marketing Manager). XG Firewalls range in size from 1-10 user setups to 1000+ user environments, bringing advanced scanning and security capabilities to SMBs and enterprises alike. TotalProtect and TotalProtect Plus bundles include both a physical XG Firewall appliance–like the recently launched XG 86 & XG 106 firewalls–and the full suite of security services. FullGuard and FullGuard Plus consist of the attached security services, but do not include an appliance.

Network Protection

Sophos Network Protection licenses tie in the Sophos Intrusion Prevention Service, Advanced Threat Protection, and the Sophos Security Heartbeat, providing your network with robust perimeter defenses designed to keep zero-days at bay.

Email Protection

Sophos Email Protection scans inbound and outbound inbox traffic and fully supports SMTP, POP3, & IMAP protocols. Spam greylisting and a robust reputation service keep your inboxes free of unwanted junk while real-time security lookups in the cloud test message contents against the latest email threat intelligence. With plenty of automated file-type detection, phishing detection, and malware detection engines running simultaneously, the threat of Business Email Compromise is minimized. Additionally, pre-packaged Content Control Lists make for convenient one-click compliance for PII, PCI, HIPAA, and many other regulatory requirements.

Web Protection

With a majority of Internet traffic now encrypted, managing inbound and outbound web traffic is crucial to keeping threats off your internal network while protecting and prioritizing your limited bandwidth resources. Sophos Web Protection provides real-time visibility and control, enhanced web filtering, huge databases of pre-built URL blacklist, Smart Filters, and continuous threat intelligence updates from SophosLabs.

Blog Banner General Buy Now Red-High-Quality

Web Server Protection

Sophos Web Server Protection guards your externally-facing servers and applications, shoring up one of your most publicly-exposed attack surfaces. If you host your own website, Web Server Protection offers a reverse proxy and web application firewall, along with SSL offloading and authentication services, to prevent data loss. This is a super easy way to harden your servers against attack while improving server performance.

Enhanced Support

Sophos Enhanced Support provides a warranty and replacement option for your firewall should it experience a malfunction. Your network is also backed by 24×7 Sophos support via phone, email, or a web portal ticket system. When new firmware updates become available, Enhanced Support ensures your XG Firewall is updated in a timely manner – a security must.

Why Bundle Sophos Services?

Some administrators may think that it saves time, money, or labor hours if they purchase individual security licenses “a la carte” as needed, but in most cases this is incorrect. Manufacturers bundle comprehensive service suites not because they hope to sell more services, but because these bundles have been holistically designed to integrate with one another and provide far greater visibility, control, and ease-of-use when working in tandem than when working individually. In the case of Sophos TotalProtect & TotalProtect Plus bundles, the whole is even better than the sum of its parts. When your system is composed of like-minded team players, it enables real-time communication between network layers. This means your security infrastructure is covered from multiple angles and is more responsive in the case of a breach.

You can learn more about XG Firewalls and the intelligent Sophos services that operate on them by checking out our latest episode of Ping: the Firewalls.com Podcast.

A Firewall Primer – Ping: A Firewalls.com Podcast – Episode 3

Episode 3: A Firewall Primer, starring Sophos

It’s taken us two full episodes, but we’ve decided it’s time. Episode 3 of Ping: A Firewalls.com Podcast focuses on our namesake, the firewall. Specifically, we turn our attention to Sophos’ XG Firewall with Chris McCormack, Senior Product Marketing Manager with Sophos Network Security. During our discussion, we discuss the XG Firewall mantra: “A firewall that thinks like you, so you don’t need to think like a firewall.” You’ll learn about the various XG Firewall models available, from small business to enterprise appliances to software and virtual options. Chris also highlights some key features of XG Firewall, including its integration with other network devices through the Sophos Security Heartbeat.

Find the Sophos XG Firewall that’s right for your network or learn more with our Sophos Buyers Guide.

Also in this episode, Firewalls.com Network Engineer Alan Steady checks in with our Engineer’s Minute bringing an important reminder regarding how to maximize the security that your XG Firewall offers. Learn more about the network security services our certified engineers offer.

And in our Headlines segment, you’ll hear about how cyber insurance companies are encouraging ransomware payouts (and why they shouldn’t be), how configuring your cloud presence is vital for your security, and how someone may be watching through your webcam.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Remember to subscribe or follow where you can to get the latest episodes as soon as they’re released, and rate and review us as well!
I know the basic button code you gave me awhile back was pretty basic – like no color or font adj

Missed our previous episodes? Get Episode 2 here, and check out episode 1 here!

New episodes are released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show!

Bring Everything to Light With Sophos Cloud Optix

See Everything, Secure Everything

Each day, more and more business-critical assets move from on-premises deployments to the cloud. Maintaining visibility across platforms is vital to ensuring your organization’s sensitive information is secure. The new SaaS-based Sophos Cloud Optix does just that. Powered by artificial intelligence (but not Haley Joel Osment), Cloud Optix automatically and continuously discovers all your assets on Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) environments.

That visibility, combined with smart alerts about suspicious behavior, gives you the ability to see when risks emerge and respond to them in minutes instead of days or weeks – making the cloud anything but cloudy. You can also setup guardrails to prevent, detect, & remediate network configuration changes. Speaking of setup, Cloud Optix plays nice with all your organization’s existing tools, and you can have this agentless service up & running in minutes.

Why Cloud Optix?

Aren’t cloud platforms already pretty secure? Yes and no. These services do have built-in protections on their end. But in a recent report, Sophos found that cloud servers faced an average of 13 attempted attacks per minute, per honeypot. That means if just one setting is wrong on your end, your organization’s valuable data may be exposed. Cloud Optix ensures you have the full picture of your settings at all times, making it simple to see if there’s a problem and address it.

And what about compliance? The public cloud is always evolving, and compliance requirements often change with that evolution. Cloud Optix continuously monitors compliance with custom or out-of-the-box templates for standards like CIS, SOC2, HIPAA, ISO 27001, and PCI DSS. It also does the diagramming for you so you’ll be prepared for security audits – with reports ready to download in just a couple of clicks instead of the hours they used to take to put together manually.

Ready to See More?

Take a closer look at some features of Cloud Optix with this Sophos datasheet, then see it in action in this video:

Try It Yourself

You may be thinking that while the video demo is nice, you’d need to take it for a test drive yourself before buying in. Guess what? You can! Sophos is offering a free online demo of each and every feature. And if that’s not enough, you can get a 30-day free trial to test it with the tools your organization uses every day. And finally, once you’re ready to buy, we have the subscription option that’s right for your organization.

GET CLOUD OPTIX NOW!

Reviewing the Features and Specs of the New Sophos XG 86 and XG 106 Firewalls

Sophos XG 86 and XG 106

Spring is the season for the New, and Sophos has sprung forth with the XG 86 and XG 106 firewalls – the latest additions to the XG firewall family. These models replace the Sophos XG 85 and XG 105 appliances – providing new options in the desktop firewall market for small business and other small office networks. While the physical appearance, software offerings, and most technical specifications remain the same as their predecessors, the XG 86 and XG 106 come complete with 4 GB of RAM – double that of the previous iterations. And at 16 GB, the XG 86 also features two times the embedded MultiMediaCard (eMMC) storage of the XG 85.

Before we go further discussing these new firewall models, let’s back up and talk about the Sophos XG firewall family. XG firewalls are known for top notch visibility into both known & unknown threats. They see & stop malware, and ensure your network is secure – automatically. Top 3rd-party evaluators like Gartner, NSS Labs, and SC Media have found Sophos XG firewalls to be leaders of the network security pack. As part of a Synchronized Security Solution, Sophos XG firewalls can be managed with the Sophos Central cloud console, offering real-time communication with your endpoints and other security solutions around the clock through the Sophos Security Heartbeat. With that background, we turn our video spotlight to the new XG 86 and XG 106 firewalls in our latest feature review:

Sophos XG 86/86W Spec Snapshot

Here’s a quick snapshot of the technical specifications for this small business firewall:

Sophos XG 86

Max Firewall Throughput: 3 Gbps

NGFW Throughput: 310 Mbps

Available Interface Ports: 2xUSB; Micro USB; RJ45; 4xGbE Copper

Concurrent Connections: 3,200,000

New Connections/Second: 15,000

See the full Sophos XG Firewall Series Datasheet

Sophos XG 106/106W Spec Snapshot

Here’s a quick snapshot of the technical specifications for this small business firewall:

Sophos XG 106

Max Firewall Throughput: 3.5 Gbps

NGFW Throughput: 480 Mbps

Available Interface Ports: HDMI; 2xUSB; Micro USB; RJ45; SFP; 4xGbE Copper

Concurrent Connections: 3,200,000

New Connections/Second: 28,000

See the full Sophos XG Firewall Series Datasheet

More firewall feature reviews to see

If you’re still shopping around for the right firewall, we have more videos to compare your options. You’ll find feature reviews of the:

Already watched all the videos? Not to worry, we’ve got plenty of additional resources to help you find the firewall that’s right for your network. Take a look through our firewall buyer’s guide series and peruse our convenient comparison tables.

Focused on Sophos?

To take a deeper dive into your Sophos network security options, read through our Sophos Buyer’s Guide. In it, you’ll find information about different Sophos firewall series, security bundles, services, & even a glossary of terms to help you navigate your Sophos NGFW shopping journey.

Get the SOPHOS Buyer’s Guide

Keep In Sync With The Sophos Security Heartbeat

What the Security Heartbeat Does

Much like the human heart keeps vital blood flowing from head to toe and everywhere in between in rhythmic fashion, the Security Heartbeat keeps all your Sophos products functioning on the same sheet of music. Why does Sophos use the term “heartbeat” to describe the cornerstone of its Synchronized Security? It seems simple enough. The Heartbeat pumps information between endpoints such as desktop and laptop computers, mobile phones and tablets, Sophos firewalls, and all other security products to form the Synchronized Security system.

You’ve probably heard of Security as a Service, also known as SaaS. Sophos has another abbreviation to remember: Cybersecurity as a System, or CaaS. The Security Heartbeat revolutionizes network security by allowing every component to talk to each other in the same language through the hub of Sophos Central, securely sharing information from each endpoint about your network health.

As we’ve noted before, Sophos puts an impressive suite of security hardware and software at your disposal, from XG Firewalls (which you can get free with a security subscription), to Intercept X Endpoint Protection, and a lot more in between. As an example, let’s spotlight a communication between an endpoint and firewall using the Security Heartbeat in a Synchronized Security system.

A Sophos Security Heartbeat Example

A laptop, running Sophos Endpoint virus and malware protection, identifies a malware attack. Sophos Endpoint uses the Security Heartbeat to let the XG firewall know that it’s been infected. The firewall immediately responds by isolating the laptop to prevent the malware from spreading across the network. In the meantime, Sophos Endpoint cleans up the affected device, then notifies the firewall when it’s back up and running smoothly.

The firewall then restores the laptop to the network, and all is right with the world again. To ensure the mistake can be avoided in the future, Root Cause Analysis caps things off by generating a detailed report of the incident, allowing you to identify weak spots that need to be addressed to be even better prepared for the next attack.

Sophos Security Heartbeat Scenario

Real-Time Integration for Truly Unified Threat Protection

The best part? All this happens within seconds. Without the Security Heartbeat, this same process could take hours to complete, leaving your network in a state of limbo. Instead of becoming a weeks long crisis, an attack like the one above is barely a blip on the radar, and your organization keeps running smoothly.

Through integrated CaaS coordinated by the Security Heartbeat, Sophos Synchronized Security allows your network to:

  • Discover – Identify Unknown Threats
  • Analyze – Get Instant Insights
  • Respond – Respond Automatically to Incidents

It Only Gets Easier

Another best part? You just need an XG Firewall to let the Security Heartbeat synchronize your security. You can add an XG firewall to your existing network or build your network security from scratch with an XG Firewall. Either way works! Get the XG Firewall that’s right for your network free by bundling it with a suite of next-gen security services.

Get My FREE XG FIREWALL

No More Wizards! Get the Firewalls.com Configuration QuickStart Checklist

Unrivaled Network Security. It’s no magic trick. Stopping 2021’s top threats means more than just a slick next-gen appliance. It means deploying a detailed and thorough configuration touching on dozens of unique settings, complex hierarchies, and strategic arrangements of resources. How you manage your firewall is just as important as which brand or model you choose, so you can’t afford to short yourself with the setup wizard. According to Gartner, 99% of successful network breaches can be attributed to a misconfiguration of the firewall. It’s time to blow away the smoke and mirrors.

If You Want Something Done Right

You want to try DIY, but maybe you’re not the GOAT with the NSA series. If you’re switching to new tech or just haven’t tackled a config project in a while, you may be surprised by all the advanced new features and options available on next-generation firewalls like the FortiGate-100E with built-in SPUs or how the SFOS 17.5 firmware release handles clientless SSO through Sophos Central. While you may be tempted to bridge a knowledge gap with the pre-packaged configuration wizard, there’s just not a whole lot there when you look behind the curtain.

In fact, the setup wizard is one of the culprits behind some of the most common mistakes even experienced professionals make when configuring their firewalls. We went over seven missteps that we see most often in the video below. Watch if you’re feeling lucky.

To give you another reason to say “No” to the configuration wizard, Firewalls.com is providing a free copy of our Firewall Configuration QuickStart Checklist! This in-depth checklist assists with every step of the configuration process from start to finish. If you choose to tackle your firewall config in-house, follow along with our checklist to make sure you’re not missing out on any of the advanced capabilities your appliance can perform. The checklist includes:

  • 17 Pages of Settings, Documentation, & Helpful Configuration Tips
  • User Group Hierarchy Tables & Network Application Logs
  • In-Depth Overview of WAN, LAN, & Guest Wireless Setting Options
  • Advanced Security Feature Lists
  • Options for Managed Security Services, Support, & Custom Solutions

Make sure you never miss a step by following along with the Firewalls.com Configuration QuickStart Checklist. Every setting, big or small, can be the deciding factor that determines whether you’re a victor or a victim. Download the checklist free and say “No” to the setup wizard!

 

No More Wizards. Get the Firewall Configuration QuickStart Checklist from Firewalls.com

 

If You Want Something Done Flawlessly

Want to skip the config headache completely? Firewalls.com has the credentials to write the guide on firewall configurations because our expert team of top-tier certified network engineers has been perfectly configuring SonicWall, Sophos, Fortinet, WatchGuard, and Barracuda firewalls for literal decades! Each year, we process hundreds of end-to-end firewall configurations out of our Security Operations Center in Indianapolis. Real, local certified security experts work one-on-one with you to take on the unique demands of your network. Whether you’re looking for a highly available network with built-in redundancy or a super smart appliance backed by machine learning, our engineers have the skills and experience to get the job done while you focus on more productive tasks.

Don’t rely on cheap tricks. Say “No” the Configuration Wizard with a Firewalls.com Custom Configuration or follow along with the Firewall Configuration QuickStart Checklist.

Firewall Buyers Guides: Learn About Firewalls, Bundles, & More with our Most Helpful Firewall Guides of 2018

Demand for convenient and comprehensive firewall buyers’ guides exploded over the past year. 2018 was witness to a whirlwind of advancements in next generation firewall defenses. Research teams at FortiGuard Labs, SonicWall’s Capture Labs, & SophosLabs pushed the envelope to hone the capabilities of artificial intelligence, behavioral-scanning, and machine learning in network security.

With product launches like the SonicWall NSa 2650 through NSa 6650 series, a revolutionary power-up to Intercept X Advanced (now with EDR), and the continued growth of the Fortinet Security Fabric, there’s a lot of acronyms, brand terms, and tech data to cover! That’s why in 2018, our Buyers Guides were a huge hit. They generating a ton of buzz and engagement from administrators, small business owners, and IT consultants alike.

Here’s a quick review of all of our firewall buyers’ guides from 2018! *Update: Our latest Ultimate Firewall Buyers Guides are now live. The buttons below will take you to the latest versions.* Arm yourself with the knowledge. Make your best network security investment.

2018 SonicWall Buyers Guide

Check out how SonicWall CGSS and SonicWall AGSS security bundles come with all the tools you need to secure your NSa series next generation firewall. An SMB or mid-range firewall with SonicWall TotalSecure transforms even small business networks into big-time security powerhouses. This guide includes everything you need to know about current SonicWall firewalls, including SonicWall configuration options.

 

2018 Sophos Buyers Guide

Covering everything from XG Firewalls, recommended user counts, TotalProtect bundles, to Synchronized Security operating through the super-intelligent Sophos Central security hub, our 2018 Sophos Buyers Guide can you teach you how to lockdown endpoints with real-time behavior scanning and integrate your whole network’s security infrastructure with Sophos Security Heartbeat. See how the XG 115, Intercept X, and Sophos Central are linking up to provide enterprise-grade security to small business networks.

 

Fortinet Buyers Guide

The Fortinet Buyers guide made its debut in October 2018, and it was packed to the brim with information about FortiGate firewalls that can help both Fortinet SMB and Fortinet enterprise customers when they’re looking to build, upgrade, or expand a secure network. FortiGate firewalls are powerful, smart, and best in class in terms of total cost of ownership. Pound for pound, FortiGate firewalls can stack up against any competitor and with reinforcements from FortiCare support contracts and FortiGuard security services, you’re never facing a fight alone. Go see how the Fortinet Security Fabric wraps up all the loose ends of network security.

 

Intercept Threats With Sophos Intercept X

Network threats are always lurking out there, evolving. Admins need a whole team to pick attack vectors off one-by-one. Sophos has built an all-pro squad in Intercept X, ensuring that even a Tom Brady-level hacker’s attempts to pass malware and ransomware onto your network fall short.

What is Sophos Intercept X? In short, it’s the 1970s Steel Curtain, the 1985 Chicago Bears, and the 2000 Baltimore Ravens defenses all rolled into one package that protects endpoints like those units protected the end zone. Each individual layer of Sophos protection is best in class, but it’s the combination–or team–of features that put Intercept X at the top of the power rankings.

Sophos offers multiple versions of Intercept X with features that only get better as you level-up. Let’s take a look at the different Intercept X plans that are available.

Sophos Intercept X

Intercept X

This standard level of endpoint security is the backbone of all Intercept X options–the locker room leader if you will. Intercept X includes Deep Learning Malware Detection and Exploit Prevention that shuts down penetration before it impacts your device. CryptoGuard protects your files against ransomware, while WipeGuard stops boot-record attacks. You’ll also get automated malware removal, Sophos Clean to do a secondary malware scan, and Sophos Security Heartbeat. All of this combines to allow all your Sophos products to communicate, diagnose, and respond to network incidents in seconds, just like the headsets that keep coaches, coordinators, and captains on the same page during the game. You can try Intercept X completely free, no credit card required, for 30 days.

Try INTERCEPT X Free for 30 Days

Intercept X Advanced

Sophos Intercept X Advanced takes your skills to the next level. All the game-changing features of Intercept X come along for the ride and are joined by the comprehensive features of Sophos Central Endpoint Protection, creating an MVP pairing of protection. These added solutions include Web Security and Application Control, anti-malware file scanning & live protection, potentially unwanted application (PUA) blocking, data loss prevention, and runtime behavior analysis (HIPS).

Intercept X Advanced with EDR – (err XDR)

Taking Advanced a step further, Sophos’ latest addition to Intercept X adds EDR, which stands for Endpoint Detection and Response. (Update 2021: Actually now the latest is XDR – extended detection & response).  EDR means you’ll get everything Intercept X Advanced has to offer, plus cross estate threat searching, guided investigations, EDR deep learning malware analysis, on-demand threat intelligence from the experts at Sophos Labs, forensic data export, and endpoint isolation. This is definitely the Rookie of the Year of endpoint protection.

GET INTERCEPT X WITH XDR

Intercept X Advanced for Server

You’re thinking bigger and Sophos has too. Intercept X Advanced for Server (Update 2021: Intercept X Advanced for Server also features XDR) prevents attacks from reaching the server, detects attacks before they run, and cleans up damage in case of a breach. This is Intercept X on a broader scale: not just the team, but the whole league. It includes the features outlines above, plus other server-based add-ons like application whitelisting, which locks down your server with one click, allowing only authorized applications to run and securing your server in safe state.

GET INTERCEPT X ADVANCED FOR SERVER

All of these options are managed through Sophos Central, a cloud-based console hosted by Sophos that allows you to configure all your products in one place, without the need for a separate management server. You can access Sophos Central anywhere, anytime.

At Firewalls.com, we can help you get your hands on Intercept X and turn the malware hail mary into a game-winning pick six for your organization. Whether you’re already running with Sophos or not, bring Intercept X onto your team to take your endpoint protection straight to the top. See how Synchronized Security, paired with the real-time scanning of the Sophos Security Heartbeat, can be your Most Valuable Player in 2019 (or 2021). Check out our Sophos Buyers Guide for more info!

LEARN MORE WITH OUR SOPHOS BUYERS GUIDE