Cyber Security Elements by NSS

Sophos UTM Advantage (9.3) is coming soon – find out what’s new!

We’re pleased to commence the roll-out of our latest major UTM software update: UTM Advantage (9.3). More and more organizations are switching to Sophos UTM for their next firewall to take advantage of our all-in-one protection with on-box reporting, simplicity and performance. This release continues to add even more value and protection while making things easier for everyone. If you’re not already a Sophos UTM customer, UTM Advantage (9.3) adds to the 5 great reasons why you should switch to a better Firewall. Watch our brief demo video of what’s new in UTM Advantage (9.3). The complete release notes are provided below.

UTM Advantage (9.3) brings dozens of new features including:

Stronger protection for web, email and WAF
Smarter Wi-Fi performance and hotspot management
Better everywhere-deployment flexibility

Release Availability and Roll-out Timing
We are rolling out UTM Advantage (9.3) in three main phases over the coming weeks to provide a great upgrade experience for everyone:

  • Phase 1: We are starting with an initial Up2Date to select customer systems today.
  • Phase 2: Around mid-November, we plan to make the installation package generally availability for download via our FTP site as we continue the release roll-out to additional systems. Any customers wishing to update their UTM as soon as possible can take advantage of the manual download at this time. We’ll post a notification here on the Sophos Blog when the download is available.
  • Phase 3: By mid-December we will have rolled-out the Up2Date package for all customer installations including HA/Cluster environments.

Release Notes for UTM 9.300

Major New Features:

  • Live AV Look-ups in Email Protection

Introduced previously in UTM 9.2 for Web Protection, Live AV look-ups now come to UTM Email Protection. This option will improve the malware detection rates by consulting the cloud infrastructure from SophosLabs in real-time for possible threat matches. Look-ups that fail will still be scanned by the AV engine, and as part of our global feedback network unknown files will be sampled for execution and deep analysis by SophosLabs to benefit the global community while allowing you to tap the knowledge gained by these events worldwide.

  • SPX Email Encryption – Self-Registration

With the self-registration feature, recipients of our unique SPX encrypted email now have the option to register themselves through an online portal where they will be able to create, reset and recover passwords to access their encrypted emails. This eliminates the need to manually communicate passwords to recipients of encrypted emails, and allows them to use the same password (which they will remember) for all encrypted emails. It makes SPX Email Encryption simpler for everyone.
SPX Email Encryption – Support for Attachments on Reply Portal
SPX encrypted email recipients are now able to add attachments when securely replying to the sender using the SPX online portal. This allows for full encryption of all communications both ways.

  • URL Tagging 

With UTM 9.2 we introduced the Website List feature where customers can add URLs and override the site category. URL tagging extends this feature by allowing customers to apply custom tags, or labels to URLs, in effect creating their own custom site categories. They can then use these tags in Web Policy just like regular system categories. For example, if a customer has a restrictive policy but needs to access customer websites that would otherwise be blocked, they can add their customer sites to the Website List, tag them as ‘Customer Sites’ and then modify the policy to enable access to the ‘Customer Sites’ tag. 

  • Browsing Time Quotas

Many organizations want to allow users a limited amount of personal browsing time during the day. In many situations, limiting this to specific times of day does is too restrictive. With this new feature in Web Protection, administrators can allocate time quotas to specific sets of sites or categories for specific users or groups. Users can choose when to consume their time quota throughout the day. When they browse to a quota site, they will be warned that they’re about to use their quota. When a quota expires, they’ll be informed accordingly. Administrators can reset quota if necessary through the Web Protection Helpdesk area of the UTM.

  • Selective HTTPS Scanning

To allow more flexibility and provide better performance we have implemented an option to allow selective HTTPS filtering. This allows organizations to balance the need for security or visibility into some encrypted traffic, with the privacy and performance concerns that come with decrypting all HTTPS content. For example, customers can focus on performing important scans in HTTPS like (a) the ability to detect malicious content in uncategorized sites, (b) the ability to identify search terms and enforce safe search for Google and other search engines, and (c) the scanning webmail traffic for DLP only for specific sites. Previously, HTTPS decryption had to be enabled for all traffic, with exclusions being set up for individual sites where necessary.

  • Support for SG1xx Wireless Hardware

This release will add support for new SG 1xx wireless models we are going to introduce later this year.

  • Hotspot Improvements

This release improves our hotspot capabilities with a few new features: First, we built an interface to communicate with Micros Fidelio hotel management software via its FIAS protocol. Second, we have implemented HTTPS support for hotspot login pages. And finally, hotspots can now be configured in a more multi-tenant-like fashion by restricting the “Allowed Users” option on a per-hotspot basis.

  • Multiple Bridge Support

Many more advanced firewall configurations can be solved by allowing more then one network bridge. With this release we added support for multiple bridges. With introduction of this feature we at the same time cleaned up the configuration options in the UTM WebAdmin by moving the bridge configuration directly into the interfaces pane to allow you user-friendly and simple control over all aspects of your interface configuration.

Other New Features:

  • VLAN DHCP & Tagging

We removed some restrictions around VLANs to make them easier to administer: you can now allow DHCP on VLAN interfaces and you can now tag and untag interfaces on the same hardware.

  • True-File-Type Detection

In our web and mail proxy we now traverse archive files (zip, rar, etc.) to detect the types of files inside. This allows granular policy enforcement based on file types included in an archive rather than blocking archive files in general.
One-Click Secure Sophos Customer Support Access to UTM
With an ever increasing number of Sophos global support sites with different IP ranges, it can often be challenging to enable Sophos Support access to the UTM via WebAdmin and SSH . As a result, we’ve implemented a feature that enables administrators to easily enable access to the UTM by Sophos Support upon request with just a single-click.

  • WAF Allow/Block Lists

For the Web Application Firewall we’ve now added support of lists to allow and block IP ranges. This is configured in the site paths settings.

  • WAF Wildcard Extension

Exceptions for internal servers now allow wildcards also in the middle of the server path. This allows administrators to easily add exceptions for multiple servers effectively eliminating the need to maintain long lists in WebAdmin.

  • WAF Prefix/Suffix Option

Some environments, most notably Microsoft servers like Exchange and Sharepoint, require UPN/domain-style user names for log in. By adding an option to append a prefix or suffix to user-names customers now are able to add a default domain (for example) to facilitate this in order to streamline the user experience.

  • HyperV 3.5 Support

The UTM 9.3 now fully supports Microsoft Hyper-V Server 2012 R2. We’ve also incorporated MS Integration Tools v3.5 for Hyper-V which include the latest drivers and additional capabilities like high availability and load balancing.

  • Improved performance for URL categorization

In version 9.2 we introduced Live URL Filtering, a new way of doing URL categorization lookups to our cloud data services that offers better performance than the existing CFFS system. On the UTM it provides better local caching of commonly-visited site data. In the cloud, it provides greater responsiveness and automated scaling. With version 9.3 we are enabling this feature by default. Although the URL data used has not changed, this new system will only return one category for each site. This may impact the operation of policy for a small number of sites that previously had more than one category. 

Read the original article, here.