We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: European Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc # EUR151172124, September 2024).

The IDC MarketScape study evaluates the capabilities and business strategies of managed detection and response service vendors with a market presence in Europe, and positions Sophos in the Leaders Category.

This latest recognition follows Sophos being named an MDR Leader in the Worldwide version of this evaluation – IDC MarketScape: Worldwide Managed Detection and Response (MDR) Services 2024 Vendor Assessment (doc #US49006922, April 2024).

With decades of experience and knowledge as a security technology vendor, Sophos has considerable expertise when it comes to how cyberattacks impact and unfold across enterprise infrastructure. Since the launch of its MDR ambitions with a series of acquisitions in 2019, the vendor has also put considerable emphasis on building teams of highly experienced and skilled security analysts to deliver its human-led service. The company’s unmetered and unlimited incident response offering is a compelling component of this. Where organizations are seeking an MDR provider with deep security expertise and a human-led service that engages with them from the outset until an incident has been resolved, Sophos represents a compelling option.

– IDC MarketScape: European Managed Detection and Response 2024 Vendor Assessment

Read the excerpt

A European MDR market leader

Sophos has built one of the biggest global managed detection and response (MDR) businesses in the world, and we believe it protects more customers than any other MDR service. This latest IDC MarketScape report noted Sophos “has more than 23,000 MDR customers worldwide, making it one of the biggest players on the market in terms of customer base. In Europe, it counted more than 5,000 unique MDR customers at the end of 2023, with the majority being under-250-employee organizations.”

The IDC MarketScape evaluation also highlights Sophos’ geographic presence in supporting European data residency requirements:

Regarding data residency, Sophos processes telemetry in the region in which the customer account is provisioned. For Europe, Sophos is hosted in the UK & Ireland, and Germany AWS regions.

Sophos MDR has highly skilled threat analysts based in the UK, Ireland, and Germany, in addition to dedicated teams in North America, India, and Australia. This enables us to provide 24/7/365 coverage to our European customers.

Unlimited incident response is a significant differentiator

The IDC MarketScape notes that a key differentiator for any MDR service is its incident response capabilities, and we agree. The two MDR service tiers available from Sophos – MDR Complete and MDR Essentials – are designed to align with the customer maturity journey. Sophos MDR Complete includes a unique, unmetered, full-scale incident response offering that eliminates threats.

Customers subscribing to the entry-level Sophos MDR Essentials service tier also benefit from a flexible range of incident response options, as described in the IDC MarketScape report:

MDR Essentials customers get a Threat Response service, which commits to stopping and containing all active attacks. MDR Essentials customers may also choose to purchase an IR retainer for the extra coverage on top of the core service components they receive. This means that customers that start out with MDR Essentials but decide they want or need more have two options: add the IR retainer or upgrade to the full MDR Complete service (with all the additional components that brings).

Both service tiers include 24/7 expert-led investigation and response and threat hunting.

Extensive partnerships, alliances, and integrations

The IDC MarketScape calls out Sophos’ strategic partnership with Tenable for Sophos Managed Risk, our new vulnerability and attack surface management service, and our partnership with backup provider Veeam, citing the benefits of our substantial partner and customer overlap.

The report noted,

In April 2024, Sophos announced a strategic partnership with Tenable to launch Sophos Managed Risk, a vulnerability and attack surface management service. With a dedicated Sophos team leveraging Tenable’s exposure management technology the companies aim to drive collaborative operation between MDR and vulnerability management. With extensive reporting and prioritization around vulnerabilities, this should help sort signal from noise and address use cases such as risk mitigation through attack surface visibility, patch prioritization, and rapid identification of new risks through alerts around new critical vulnerabilities.

The IDC MarketScape report states that Sophos has “worked on numerous use cases around Microsoft telemetry, such as email compromise, as it aims to deliver concrete security benefits to its clients.”

Reinforcing our credentials in the small business segment where many organizations use Google productivity solutions rather than Microsoft, Sophos also includes an integration with Google Workspace with Sophos MDR and Sophos XDR offerings at no additional cost.

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for European Managed Detection and Response, read the excerpt here.

Source: Sophos

Sophos Firewall v21 brings exciting new enhancements to VPN, authentication, and routing functionality.

VPN enhancements

• Bulk activate and deactivate options are now available for connections (see screen shot below)
• Enhanced filtering on the VPN manage page now consolidates information across multiple pages
• Free text- and value-based search is now supported in VPN configurations for network, subnet, users for remote access and site-to-site VPNs
• An XFRM interfaces-specific view has been added on the Interfaces page for easy filtering of RBVPN interfaces

Site to site VPN enhancements

• FQDN-based remote gateways have been optimized to improve scalability for distributed deployments
• DHCP relays over XFRM interfaces are now supported for traffic to DHCP servers deployed behind a remote firewall (see illustration below)
• RBVPN deployments get an increase of up to 20x in XFRM interface up-time, significantly minimizing disruption during tunnel flap, HA failovers, or reboots

Authentication enhancements

• Google Workspace integration via LDAP clients and Google Chromebook SSO compatibility with LDAP server types enables SSO functionality for Google LDAP for Chromebook environments
• Performance for burst login handling is improved up to 4x for Radius SSO, STAS, and Synchronized User ID to enable the handling of thousands of simultaneous login requests even in multiple SSO environments (mix of STAS, Radius SSO, and Synchronized User ID)
• In addition, support has been added for a transparent AD SSO experience when HSTS is enforced, enabling Kerberos and NTLM handshakes over HTTP or HTTPS

Static and dynamic route management

• Users can clone static routes, turn them on or off, and add descriptions via the new Manage option for each static route in the table (see screen shot below)
• There’s now a blackhole route option and support for equal-cost multi-path (ECMP) for load balancing
• Dynamic routing gets a new option to redistribute BGP routes into OSPFv3
• Dynamic routing now experiences zero impact during HA failover scenarios

Watch this short demo video to see how it works and how to set it up:

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Source: Sophos

Sophos Firewall v21 brings several quality-of-life enhancements to streamline day-to-day management and improve the overall user experience.

User interface enhancements

• Significantly enhanced responsiveness
• Refreshed look and feel, integrating the latest Sophos style guidelines for consistency with Sophos Central and your other Sophos products
• Improved horizontal layout to better take advantage of widescreen displays
• New card views to further enhance visibility into important network events and data with the same flip and drill-down capabilities as before
• An all-new Active Threat Response card consolidates threat information from MDR, Sophos X-Ops, and third-party threat feeds into a single, easy-to-view section

Network object references

• New visibility into network object usage is now provided for interfaces, zones, gateways, and SD-WAN profiles. Simply click the new “usage” indicator on any of these screens for a quick view of the associated network objects. You can then drill down to view or edit the object details and settings in place.
• A new XML API is also provided to retrieve object reference (usage) counts, offering visibility into unused objects. See the video below for details and a demo.

Watch this short demo video to see the new quality of life enhancements in action:

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the early access program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Get the What’s New Guide for a complete overview of all the new features in Sophos Firewall v21.

Source: Sophos

Sophos Firewall v21 adds third-party threat feed support for Active Threat Response.

Active Threat Response was first introduced in v20, implementing a new extensible threat feed framework in Sophos Firewall to automatically respond to active threats. Initial support was provided for dynamic threat intelligence feeds from Sophos X-Ops and Sophos MDR, enabling the firewall to automatically respond by blocking access to any threat published through this framework.

While this is all most customers will ever need, there are certain regions or vertical markets where specific custom threat feeds are encouraged or required. There has also been an interest by our partner community, SoC providers, and many customers for an extensible threat feed capability to support existing or new threat detection and response solutions and services.

To enable these use cases, Sophos Firewall v21 extends the threat feed framework to support third-party threat feeds. Now, you can easily add additional vertical or custom threat feeds to the firewall, which will monitor and respond in the same automatic way – blocking any activity associated with them – across all security engines (IPS, DNS, Web and AV) and without requiring any additional firewall rules.

Third-party threat feeds and Active Threat Response also trigger the same Synchronized Security response as any other red Security Heartbeat condition. Your Sophos Firewall will enforce any firewall rules that contain red Heartbeat conditions and the firewall will also coordinate Lateral Movement Protection with your Sophos Endpoints, which will inform all healthy managed endpoints that there is a compromised host on the LAN so they can block traffic from that device.

Check out the short video below a full demonstration on:

• How to set up third-party threat feeds
• How Active Threat Response and lateral movement protection work
• How to use the new dashboarding and reporting

For more information, consult the online documentation.

A variety of specialized and vertical threat feeds are supported, including those provided by security organizations, industry consortiums, and community-based or open-source threat intelligence sources. A good example is Greynoise, who is featuring the Sophos Firewall integration on their website.

Other great examples include:

• Cisco Talos
• Abuse.ch / URLhaus
• Hakk Solutions
• OSINT (Open-source Intelligence) / DigitalSide
• CINS Score
• CrowdSec
• EclicticIQ
• Feodo Tracker
• And more!

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the Early Access Program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

Source: Sophos

We’re pleased to announce that the early access program (EAP) is now underway. The latest and greatest Sophos Firewall release brings exciting enhancements and top-requested features, including…

Added protection

• Active Threat Response has been extended with support for third-party threat feeds to enable easier integration with specialized and custom threat intelligence sources
• Synchronized Security’s automated response to active threats is also extended to third-party threat feeds

Enhanced scalability

• High-availability (HA) deployments gain added resilience and more seamless transitions for reduced down time
• IPsec VPN gains improved manageability, configuration, and performance
• Authentication and web enhancements

Seamless upgrades

• Any-to-any backup and restore for added flexibility when upgrading
• Port mapping support to make it easy to upgrade to an appliance with a different port configuration

Streamlined management

• Multiple user-experience enhancements, including the overall look and feel, Control Center cards, as well as VPN and static route configuration optimization
• Let’s Encrypt certificate support across many areas of the firewall
• Expanded network object visibility to see where objects are being used

And more!

Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v21.

Getting started today

You can download the upgrade package or installer for v21 from the Sophos Firewall v21 EAP Registration Page. Simply submit your contact info and the download links will be emailed to you straight away.

Sophos Firewall v21 EAP is a fully supported upgrade from all supported versions of v20, v19.5 and v19.0; including the latest v20 MR2.

NOTE: Sophos Firewall v21 does NOT include support for XG and SG Series appliances. XG Series EOL is March 31, 2025.

All support during the EAP will be through our forums on the Sophos Firewall EAP Community.

Please provide feedback using the option at the top of every screen in your Sophos Firewall as shown below or via the Community Forums.

Source: Sophos

Sophos ZTNA provides secure access to networked applications, RDP systems, and web management consoles. It provides a much better alternative to remote access than VPN, offering better security, easier management, and complete transparency for end-users.

To see what ZTNA is all about, we’re offering three free one-year licenses to Sophos Firewall customers, enabling you to start taking advantage of the integrated ZTNA gateway built into every firewall as of v19.5 MR3 and later. Feel free to use them however you like – maybe start with your IT admin staff for remote management and go from there.

The only qualifications for this free offer are that you’re a term Sophos Firewall customer, managing one or more of your firewalls in Sophos Central, and are running v19.5 MR3 or v20 (or later) on your Firewall. This offer will be extended to MSP customers soon.

To take advantage of this offer, simply click the button on the banner in the Firewall Management screen in Sophos Central as outlined below.

If you’re new to Sophos ZTNA, you can learn more about how it can help secure your application access at Sophos.com/ZTNA.

Check out the Deployment Checklist for other considerations when deploying ZTNA.

You can also access the latest online documentation, and the troubleshooting guide has been updated in case you encounter any issues during configuration.

Source: Sophos

However skilled an adversary is at covering their tracks, they always need to cross the network. Sophos NDR sits deep within your network, monitoring network traffic using five real-time threat detection engines to identify signs of malicious or suspicious activity.

With Sophos NDR, you can see and stop attackers faster. Leveraging a combination of AI-powered machine learning, advanced analytics, and rule-based matching techniques, it identifies threats that often go undetected until it’s too late, including: 

• Threats on unprotected devices like point-of-sale systems, IoT and OT devices, and legacy operating systems 
• Rogue assets that adversaries exploit to launch attacks 
• Insider threats such as sensitive data uploads to an offsite location 
• Zero-day attacks, and more 

Plus, when combined with other security telemetry, Sophos NDR enables threat analysts to paint a more complete, accurate picture of the entire attack path and progression, enabling a faster, more comprehensive response. 

What’s new in v1.7

We continue to enhance Sophos NDR to further accelerate network threat detection and response. The rich graphical interface and forensic investigation tools in the new Investigation Console enable analysts to dive deeper into your network activity and pinpoint issues sooner. Use cases include:  

• Gain comprehensive visibility into all network activity over the past 30 days  
• Analyze application activity, flow risks, and communication on non-standard ports 
• Monitor network activity over time to identify suspicious patterns and behaviors 
• And much more 
  

For maximum flexibility, Sophos NDR deploys as a virtual appliance on VMware or Microsoft Hyper-V, in the cloud on AWS, or on a range of certified hardware appliances. The latest version includes a refreshed certified hardware portfolio, including a new entry-level model. 

To learn more about the latest enhancements, visit the Sophos NDR community forum  

Explore Sophos NDR today

Existing Sophos NDR customers benefit from all the latest enhancements automatically and at no additional charge. To get started, visit the community forum and download the Investigation Console image from Sophos Central. 

Sophos NDR is available with the self-managed Sophos XDR tool and our 24/7 fully-managed Sophos MDR service. All Sophos customers can now activate a 30-day free trial directly within their Sophos Central console. To learn more and explore your security operations needs, speak with your Sophos partner or account team. 

Source: Sophos

As we approach the October 2024 deadline for EU Member States to enact the NIS 2 Directive, organizations that do business in Europe must prepare for the significant changes it brings to cybersecurity compliance.

This article aims to shed light on the NIS 2 Directive, its necessity, key updates from the original NIS Directive, and how businesses can prepare for compliance. For an even deeper dive on the directive, download the Sophos NIS 2 Directive whitepaper.

What is the NIS 2 Directive?

The NIS 2 Directive is an evolution of the original Network and Information Systems (NIS) Directive, implemented to bolster the cybersecurity posture of EU member states. The initial NIS Directive, enacted in 2016, established guidelines for improving cybersecurity resilience across the EU. However, with the increasing sophistication and frequency of cyber-attacks, especially during and after the Covid-19 pandemic, there was a clear need for more stringent and comprehensive regulations.

Cyber threats have escalated to an industrial scale, with ransomware attacks becoming particularly prevalent. In June 2024, a hacking group known as Qilin, with ties to the Kremlin, carried out an attack on Synnovis, which is a pathology lab used by the UK’s National Health Service (NHS). The hackers demanded a £40 million ransom, and when the NHS refused to pay, hackers released the stolen data on the dark web.

Additionally, geopolitical tensions, such as the Russian invasion of Ukraine, have underscored the necessity for robust cybersecurity measures. The NIS 2 Directive aims to address these challenges by enhancing the security and resilience of essential and important entities across the EU.

Implications for non-EU Companies

While primarily aimed at EU Member States, non-EU companies operating within the EU or providing services to EU entities will also be impacted. Many national regulations are currently not as wide-ranging as the NIS 2 Directive; however, it would be prudent to expect further changes to local law as the plans for the EU legislation are developed further.

By proactively addressing the challenges outlined below, non-EU companies can better protect themselves and their customers from evolving cyber threats while avoiding severe penalties for non-compliance.

Key updates from NIS to NIS 2

The NIS 2 Directive introduces several critical updates and expansions from the original NIS Directive:

1. Broader Scope of Covered Entities:
   • Essential and Important Entities: NIS 2 categorizes entities into “essential” and “important” based on their sector and criticality. This expansion includes more sectors, such as wastewater, healthcare supply chains, postal and courier services, aerospace, public administration, and digital infrastructure.
   • Supply Chain and Service Providers: Organizations involved in the supply chain and those providing critical support services are now explicitly covered, emphasizing the importance of securing interconnected networks.
2. Enhanced Cybersecurity Standards:
   • Mandatory Measures: Article 21 of the directive outlines mandatory cybersecurity measures, including basic cyber hygiene, vulnerability management, supply chain security, encryption, asset management, access control, and zero trust security.
   • Incident Handling and Reporting: The directive mandates more rigorous incident reporting requirements, ensuring timely and consistent responses to cyber threats across the EU.
3. Increased Accountability and Penalties:
   • Senior Management Liability: Senior management can be held personally liable for non-compliance, underscoring the importance of executive involvement in cybersecurity governance.
   • Fines and Sanctions: Organizations can face significant fines, up to €10 million or 2% of global turnover, for failing to comply with the directive.

The following 18 sectors are covered by the NIS 2 Directive:

The following table illustrates the increase in sectors covered by the NIS 2 Directive as compared to the first NIS directive:

Impact on cybersecurity compliance

The NIS 2 Directive significantly impacts how organizations approach cybersecurity compliance. Businesses must adopt a proactive stance, integrating comprehensive risk management processes and ensuring adherence to the stringent standards set forth in the directive. The emphasis on mandatory measures and the potential for severe penalties necessitate a thorough review and enhancement of existing cybersecurity practices.

Organizations will need to allocate sufficient resources to meet these requirements. Estimates suggest that businesses already covered by the original NIS Directive may need to increase their cybersecurity budgets by up to 12%, while those newly covered could see budget increases of up to 22%, according to John Noble, former Director of the National Cyber Security Centre speaking on Sophos Spotlight: NIS2 Directive and Understanding Cybersecurity Compliance.

Preparing for NIS 2 compliance

To ensure compliance with the NIS 2 Directive, organizations should take the following steps:

1. Assess Applicability:
   • Determine whether your organization falls under the categories of essential or important entities. This involves evaluating your sector, the criticality of your services, and your operational footprint within the EU.
2. Understand Jurisdiction:
   • Identify which EU member states have jurisdiction over your operations for NIS  2 purposes. This is crucial for understanding specific national requirements and reporting obligations.
3. Implement Cybersecurity Risk Management:
   • Conduct a comprehensive risk analysis to identify potential cybersecurity threats and vulnerabilities.
   • Implement the mandatory measures outlined in Article 21, mapping them against an appropriate security framework such as ISO 27001 or the NIST Cybersecurity Framework.
4. Strengthen Supply Chain Security:
   • Focus on mitigating risks within your supply chain, particularly concerning software and service providers. This includes ensuring that third-party vendors comply with NIS 2 standards.
5. Develop an Incident Response Plan:
   • Formalize an incident response plan that includes clear protocols for reporting cyber incidents to relevant national authorities. Ensure that significant incidents are reported within the 24-hour timeframe specified by the directive.
6. Engage Senior Management:
   • Secure formal high-level management sign-off on your compliance strategy. Senior management involvement is critical for demonstrating a commitment to cybersecurity and ensuring that necessary resources are allocated.

The NIS2 Directive represents a significant step forward in enhancing the cybersecurity resilience of organizations across Europe. By understanding the key updates and taking proactive measures to ensure compliance, businesses can better protect themselves against the growing threat of cyber-attacks.

As the October deadline approaches, it is imperative for senior management and IT security professionals to prioritize NIS 2 compliance, leveraging resources such as the Sophos whitepaper to guide their efforts.

Source: Sophos

The U.S. government recently announced that it is banning the sale of Kaspersky antivirus products due to national security concerns. If you’re in the U.S. and currently use Kaspersky products today, you have a tight deadline to switch to an alternative provider. After September 29, 2024, U.S. organizations will no longer receive updates or support from Kaspersky. Outside the U.S., many Kaspersky users are also re-evaluating their endpoint security provision.

Thankfully, wherever you are based, you can migrate to Sophos Endpoint in minutes.

Stronger endpoint security for small and midsize businesses

Sophos Endpoint is trusted by over 300,000 organizations worldwide, including thousands of small and midsize businesses. With Sophos Endpoint, you benefit from:

• Affordable threat protection | Enterprise-grade cybersecurity that’s cost-effective for businesses of any size.
• Quick and easy setup | Install and go with simple, one-time installation – including automatic removal of Kaspersky antivirus when you run the Sophos Endpoint installer.
• Simple management and reporting | A single cloud-based dashboard for security alerts, reporting, and management. Recommended security settings are enabled automatically when you install Sophos Endpoint; no complex configuration is required.

The ban on Kaspersky products in the U.S. provides an opportunity to uplevel your defenses. IT security teams around the globe are seeking replacement solutions that provide the best protection and usability, and less management burden. Moving to Sophos Endpoint enables you to leverage superior protection with additional capabilities and benefits that other solutions lack, including:

• Adaptive defenses | Industry-first dynamic defenses that automatically adapt in response to hands-on-keyboard attacks, reducing the attack surface and stopping sophisticated adversaries in their tracks. Watch this quick demo.
• Remote ransomware protection | Sophos provides the most robust zero-touch endpoint defense against remote ransomware. Alternative endpoint security solutions, including Microsoft, CrowdStrike, and SentinelOne, cannot protect against this increasingly pervasive threat.
• Automated account health check | Misconfigured policy settings can compromise your security posture. The Account Health Check identifies security posture drift and risky configurations, enabling administrators to remediate issues with one click.

Learn more about the advantages of Sophos compared to other cybersecurity solutions and watch the overview video to learn more.

Top-rated by customers, industry analysts, and independent testers

Don’t take our word for it! Customers have named Sophos a 2024 Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms for the third consecutive year. Sophos stands tall with an impressive customer rating of 4.8/5 (as of April 30, 2024) and the highest number of independent Gartner-verified reviews of any vendor.

Analyst firm IDC evaluates how endpoint security solutions meet customers’ needs and named Sophos a Leader in the 2024 IDC MarketScape for Modern Endpoint Security for Small and Midsized Businesses. According to the IDC MarketScape evaluation, “Sophos is a strong consideration for small businesses, particularly those with large business security requirements that have little to no in-house security expertise.”

See our wide range of third-party endorsements and evaluations.

Time to upgrade to a fully managed security service?

Cybersecurity is becoming so complex that many small and midsize businesses can’t keep up. Replacing Kaspersky antivirus products could be the ideal opportunity to consider taking advantage of a 24/7 managed security service.

Trusted by over 23,000 organizations worldwide, Sophos Managed Detection and Response (MDR) enables you to reduce the risks and costs associated with potentially catastrophic security incidents. Moreover, all Sophos MDR subscriptions include the Sophos Endpoint product within the standard price.

Learn more about Sophos Endpoint on the Sophos website.

Source: Sophos

Sophos Firewall v20 MR2 includes important enhancements such as an exciting new backup and restore assistant, Active Directory SSO improvements, and web protection optimizations.

Backup and restore assistant

The new Sophos Firewall backup and restore assistant enables firewall configuration backups to be easily restored on a different firewall appliance with flexible interface mapping options.

This makes it easy to upgrade Sophos Firewall XG Series to XGS Series, upgrade any XGS Series model to any other XGS Series model, or even migrate to or from software or virtual appliances.

This also means you can easily migrate interfaces to higher-speed ports on your new or upgraded firewall.

You can also get creative and export a configuration template from a virtual appliance and then restore it on multiple hardware or virtual deployments to simplify repetitive configurations.

There are a few key dependencies or pre-requisites to take full advantage of this new assistant:

• Backups of XG Series appliances should be made using v19.5 MR4, v20, or later.
• Backups of XGS Series appliances need to be made using this release: v20 MR2 (or later)

This video covers the prerequisites and how to use this new assistant in more detail:

You can also check the compatibility of the appliances you plan to back up/restore and see the exact port configuration (including available Flexi Port modules) using a new tool that is available at https://docs.sophos.com/nsg/sophos-firewall/reference/backup_restore/port_mapping/en-us/

Additional enhancements in Sophos Firewall v20 MR2

• Active Directory Single Sign-on now provides improved support for high-availability failover situations
• Active Directory Single Sign-on adds support for performing the Kerberos/NTLM handshake over HTTP or HTTPS for a more transparent SSO experience when HSTS is enforced
• Web Protection performance is enhanced by reducing the system load when enforcing SafeSearch, YouTube restrictions, Google App login domain, or Azure AD tenant restrictions
• Web Protection cipher customization now enables you to strike the best balance for your network between cipher compatibility, security, and audit compliance

How to get the firmware and documentation

Sophos Firewall OS v20 MR2 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible to ensure that you have all the latest security, reliability, and performance fixes.

This firmware release will follow our standard update process. You can manually download SFOS v20 MR2 from Sophos Central and update anytime. Otherwise, it will be rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.

Sophos Firewall OS v20 MR2 is a fully supported upgrade from all previous versions of v20, v19.5 and v19.0. Please refer to the Upgrade Information tab in the release notes for more details.

Full product documentation is available online and within the product.

Source: Sophos

As a Sophos Firewall customer, your security is our top priority. We’ve not only invested heavily in ensuring Sophos Firewall is the most secure firewall on the market, but we continuously work to make it the most difficult target for hackers, all while helping keep your network and organization safe from future attacks through proactive monitoring.

Here are a few examples of how we have invested in making Sophos Firewall secure by design.

Best practices built in

Our goal is to ensure your firewall’s security posture is optimally configured right from the start by building in security best practices for easy out-of-the-box deployment. You get powerful protection for your network as soon as it’s connected and turned on.

It starts with strict and granular access controls and default firewall rules that provide security and control for your network traffic. Sophos Firewall also makes it quick and easy to set up additional features. ZTNA, for instance, protects your applications while allowing secure access for remote workers without opening any ports on the perimeter.

Hardened against attack

Taking measures to prevent attacks from targeting your firewall is critically important. Sophos Firewall has been designed from the start with security in mind and is continually being hardened against attacks with new technologies.

Sophos Central management offers the ultimate in secure remote management. Recent enhancements include improved multi-factor authentication, containerization for the VPN portal and other trust boundaries, strict default access controls, rapid hotfix support, and more, making Sophos Firewall a formidable opponent for attackers.

Automated hotfix response

Sometimes it’s important to patch urgent security issues quickly before the next regular firmware update. To that end, Sophos Firewall integrates an innovative hotfix capability that enables us to push urgent and important patches out to your firewall “over the air” to address any new zero-day vulnerabilities or other critical issues that arise between regular firmware updates.

While it’s still vitally important that you keep your firewall up to date with the latest firmware release (as every release includes important security fixes, as well as performance, stability, and feature enhancements), this enables a rapid fix to be applied without requiring any downtime normally associated with a firmware upgrade.

Proactive monitoring

You depend on Sophos to be proactive, transparent, and responsive. That’s why we continually monitor our global install base of customer firewalls and rapidly react to any incident.

This enables us to identify incidents before our customers thanks to telemetry collection and analysis. You can rest assured that if a single customer anywhere in the world has their firewall attacked, we’re working tirelessly to help shut the attack down and prevent it from happening elsewhere.

In addition, our mature vulnerability disclosure program ensures we’re transparent and communicative with every security vulnerability or incident, so you’re as well-equipped as possible to protect your network. We also offer the most active and well-funded bug bounty program in the industry to get ahead of any potential issues before they can become a problem.

Additional best practices

In addition to the best practices we build into your firewall, be sure to follow the Hardening Your Sophos Firewall Guide for additional best practices you should follow when setting up and administering your Sophos Firewall.

Download the Sophos Firewall Security Brief if you would like a PDF version covering these capabilities.

And if you’re new to Sophos Firewall, be sure to check out Sophos Firewall’s powerful protection features and take it for a test drive today.

Source: Sophos