REVIEW: Sophos has melded together the best features of their end point security systems with the acquired intellectual property of firewall vendors Astaro and Cyberoam.
IT security vendor Sophos has raised the bar on unified security by orchestrating an array of security technologies in package that melds firewall intelligence with endpoint analytics.The company brought its new security platform to market under the moniker of “Sophos Security Heartbeat”, which to describe a unifying technology that allows endpoints running Sophos security products to collaborate with the company’s security appliances to create a comprehensive system that’s all about keeping things secure.Perhaps a better explanation lies in what security unification between the endpoint and a Unified Threat Management system means in the context of Sophos’s offering.
It all comes down to an endpoint having its own local security application, (anti-malware, anti-rootkit, etc.) which helps to protect the endpoint, while also communicating with a central security appliance.The two-way conversation excels in detecting anomalies, where the endpoint can inform the security appliance of something suspicious and the security appliance can then vet that suspicious traffic, while also executing policy to contain the traffic.
What’s more, the security appliance can further analyze the traffic to measure the impact of suspicious traffic on the network, applications and services before using those results to detect suspicious behavior on other endpoints or other parts of the network.
Simply put, the security appliance’s unified view of traffic and activity across the network gives the integrated machine learning capabilities to quickly identify anomalies and more importantly, actually do something about those anomalies in real-time.
Going Hands On with the Sophos XG Series
Sophos XG is actually a family of NGFWs (Next Generation FireWalls) which share a common core feature set and include capabilities such as traffic shaping, policy based rule execution, traffic anomaly detection, web filtering, intrusion detection, intrusion prevention and so forth.In essence, any member of the Sophos XG family functions as a UTM appliance and is designed around the concepts of ease of use and automation.
Sophos acquired the firewall and related threat-management technology through its acquisitions of Astaro and Cyberoam.While there are many different models in the Sophos XG family, the primary differences in the devices all add up to a question of scale.
For example, the entry level XG85 is designed for small offices and offers just four GbE copper ports and is rated at 2 Gbps throughput but.In contrast the top of the line XG750 is rated for 140 Gbps throughput and sports as many as 64 GigE ports, as well as support for 10Gbps Ethernet. While the raw processing power and connectivity is vastly different between those two extremes, the underlying software is much the same, meaning that feature sets are universal across the whole product line.I visited Sophos’s Vancouver office to test the XG’s capabilities and evaluate the feature set of the product line. Most of my testing was done on a Sophos XG 125W, which is rated for 5 Gbps raw throughput, sports 8 GbE copper ports and incorporates an 802.11b/g/n/ac 2.4/5 GHz WiFi AP.It is interesting to note that XG series devices that come with integrated WiFi offer a complete set of WiFi security controls and fully integrates NGFW capabilities into the WiFi AP.
I was able to test connectivity to a variety of endpoints, both wired and wireless, to evaluate how the XG 125W functioned in a simulated small enterprise environment.
Installation and Setup:
Within just a few minutes of unpacking the device it became apparent that ease of use has been heavily injected into the XG product line, making the device almost plug and play simple to setup.
I say almost only because any one installing the device must have some basic understanding of network cabling and be adept at knowing how to change their management systems IP address to launch the browser based setup wizard.That said it is important to note that the XG family of devices default to an initial IP address of 172.16.16.16, instead of the all too common 192.168.0.1 that so many appliances do today.That caveat aside, all setup and management of the device is accomplished using a browser based GUI, which incorporates setup wizards to keep things surprisingly simple.