Subscribe
About

Exposing hidden risks with Sophos’ virtual and physical firewalls

It is critically important for a modern firewall to parse through the mountain of information it collects, correlate data where possible, and highlight only the most important information requiring action – ideally before it’s too late.

According to the latest statistics, approximately 90% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organisations are simply not using SSL inspection. Network administrators’ main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience.

“Unfortunately, most organisations are powerless to do anything about it because their current firewall lacks the performance necessary to utilise TLS/SSL inspection without slowing down dramatically,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking.

Sophos Firewall, with its new Xstream SSL inspection engine, has a much higher capacity for concurrent connections and offers flexible policy tools to make intelligent decisions about what should and can be scanned, offloading where appropriate. Using the SSL policy tools, organisations can create enterprise-grade TLS/SSL policies related to un-decryptable traffic, certificates, protocols, cipher enforcement options and more. Sophos Firewall supports TLS 1.3 and all modern crypto suites across every port and application in the system.

Additional tools available right on the dashboard enable administrators to see exactly how much network traffic is encrypted, and how it is being handled. Sophos Firewall does a much better job at surfacing this information than other solutions, particularly with how it highlights errors that are encountered due to certificate validation or websites that do not support the latest encryption standards.

Administrators can also pop up a detailed window to see exactly which sites are problematic and why, as well as users experiencing issues. From there, they can take action directly to exclude the application or site from decryption to prevent further issues. No other SSL inspection solution offers the same accessibility to this information.

“Sophos Firewall’s Control Centre provides an unprecedented level of visibility into activity, risks and threats on your network. It uses ‘traffic light’ style indicators to focus your attention on what’s most important to you. If something’s red, it requires immediate attention. Yellow indicates a potential problem. And if everything is green, no further action is required,” Anderson explains.

Every widget on the Control Centre offers additional information that is easily revealed simply by clicking that widget. For example, the status of interfaces on the device can be obtained by clicking the ‘Interfaces’ widget on the Control Centre.

Figure 1
Figure 1

“System graphs also show performance over time with selectable timeframes, whether you want to look at the last two hours to the last month or year. And they provide quick access to commonly used troubleshooting tools to resolve potential issues,” says Anderson.

In addition to a number of firewall hardware products, Sophos also provides users with the option of a virtual firewall, eliminating the issues of componentry shortages experienced as a result of the COVID-19 pandemic.

“Sophos Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection while maintaining performance efficiency. Sophos Firewall includes a high-speed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency,” says Anderson.

“You can deploy the virtual appliances as next-generation firewalls. They offer industry-leading network security to virtual data centres, a ‘security-in-a-box’ set-up for MSSPs and organisations, and an ‘office-in-a-box’ set-up. By providing comprehensive security features available in its hardware security devices, in virtualised form, these virtual devices offer layer-8 identity-based security on a single virtual device,” adds Anderson.

Sophos offers a complete virtual security solution to organisations with its virtual network security devices, next-generation firewalls and Sophos Central to centrally manage your Sophos Firewall devices. You can install virtual appliances within environments hosted on VMware, Hyper-V, KVM and XenApp

For more information, contact Duxbury Networking, (+27) 011 351 9800, info@duxnet.co.za, www.duxbury.co.za.

Share

Duxbury Networking

Since its formation in 1984 by CEO, Graham Duxbury, Duxbury Networking has embraced ongoing technological changes within the ICT sector in order to provide its customers with access to the latest trends and solutions. Satisfying the evolving and diverse needs of its customer base is achieved through an emphasis on sourcing cost-effective, high-quality products from carefully selected local and international vendors. Aligned with this is the provision of uncompromising technical support, which is possible due to an extensive investment in the training and upskilling of its team. The company is driven to take an active role in reshaping and redefining the South African digital landscape in its mission to help its customers build a network that will support current and future technologies.

Editorial contacts

Allyson Koekhoven
Write Here
write-on@iafrica.com
Alzira Queiroz
Duxbury Networking
(+27) 011 351 9800
aqueiroz@duxnet.co.za