Sophos introduces the new XGS firewall series with Xstream flow processors and TLS inspection. The latest study shows that more and more cyber criminals are using the Transport Layer Security (TLS) encryption protocol for attacks.
Sophos introduces its new firewall models of the XGS series. Completely redeveloped, the platform is characterized by its very high performance and advanced protection against cyber attacks. In addition to great flexibility, the new models with dedicated Xstream Flow processors enable extremely powerful TLS (Transport Layer Security) inspections - including native support for TLS 1.3, which is up to five times faster than others on the market Models.
Desktop and 1U rackmount versions
The desktop and most of the 1U rackmount versions from the XGS series are now available through the Sophos channel. These models are particularly suitable for small and medium-sized companies as an all-in-one network security solution. Additional models for enterprise environments that require maximum throughput for more complex network configurations will be available in the coming weeks.
Sophos presents the new XGS firewall series with Xstream flow processors and TLS inspection (Photo: Sophos).
“The XGS series models represent the most comprehensive hardware upgrade that Sophos has ever introduced. With this new platform, our firewalls achieve enormous performance and, as a result, the highest detection rates and even more protection,” says Dan Schiappa, Chief Product Officer at Sophos. “Security teams can no longer afford to ignore encrypted traffic for fear of disrupting ongoing processes or slowing down performance. The risk is too high. We have completely redesigned the Sophos Firewall hardware to meet the challenges of modern and future-oriented Internet use. Security managers now have the ability to inspect encrypted traffic without impacting their firewall performance.”
Study confirms: Cyber criminals use TLS to cover up
Alongside the new firewall models, Sophos is presenting the results of a new study entitled “Nearly Half of Malware Now Use TLS to Conceal Communications”. The results clearly show that cybercriminals are increasingly using TLS in their attacks to encrypt their communications. The trend is enormous: already 45 percent of the malware detected by Sophos from January to March 2021 used TLS to obfuscate their activities. That's a huge increase from 23 percent in early 2020. SophosLabs has also seen an increase in the use of TLS to conduct ransomware attacks over the past year, particularly manual attacks. The majority of detected malicious TLS traffic consists of malware that aims for initial compromise, such as loaders, droppers, or document-based installers such as BazarLoader, GoDrop, and ZLoader.
“On the one hand, TLS has undoubtedly changed the privacy of Internet communications for the better. On the other hand, TLS makes it much easier for attackers to download and install malicious software to steal data, for example – right under the noses of IT security teams,” says Dan Schiappa. “Attackers use TLS-protected web and cloud services to distribute and control malware. The initial compromise malware is used to prepare for the actual, usually larger attacks.”
Xstream architecture: Accelerated protection against threats
It is precisely against these dangers, such as zero-day threats including ransomware, that the firewall models of the XGS series with the Xstream architecture protect. Additional protection is provided by SophosLabs Intelix, a service in which petabytes of threat data from SophosLabs are included for detection using machine learning. Suspicious files are securely unpacked, executed and analyzed in a virtual environment for additional information.
The Xstream flow processors used in the new XGS models also accelerate trustworthy data traffic, such as software-as-a-service (SaaS), software-defined wide-area networks (SD-WAN) and cloud applications. The technology thus creates maximum leeway for the data traffic that requires TLS and deep packet inspection. This approach significantly reduces latency and improves overall performance for the benefit of critical applications - especially those that use real-time data. The Xstream Flow processors are programmable network processors that will allow Sophos to outsource additional secure data traffic in the future. This flexibility through an adjustment option at the hardware level protects customer investments over the entire life cycle.
Complete transparency of TLS traffic
Sophos is also the only provider that provides complete visibility into TLS traffic and potential inspection problems on a single dashboard. Security administrators can add exceptions for problematic streams with just one click. Performance is also optimized by a set of rules that are constantly updated and maintained by SophosLabs to exclude secure traffic from the inspection.
Sophos Firewall XGS Series models and firmware are managed via the cloud-based Sophos Central platform (Photo: Sophos).
"Of course, performance and speed are decisive factors for our customers when it comes to firewalls - but when it comes to modern and effective network protection, speed and pure power are no longer the only purchase arguments these days," says Dietmar Helmich from Helmich IT Security GmbH. “The new Sophos firewall with Xstream architecture not only accelerates important cloud data traffic on the hardware level, it also uses performance freedom for TLS and deep packet inspection for the first time. This is an enormous advantage for our customers, as with the new dual processor architecture from Sophos they are now able to cover this 'blind spot' in terms of security threats and thus effectively ward off ransomware and other modern cyberattacks. The new Sophos Firewall gives our customers and us an enormous advantage in the fight against modern cyberattacks. "
Managed via the cloud-based Sophos Central platform
Sophos Firewall XGS Series models and firmware are centrally and easily managed via the cloud-based Sophos Central platform along with all of Sophos' other next-generation cybersecurity solutions. The solutions communicate with each other, share threat data and automatically react to security incidents through the industry-leading synchronized security approach. Integration with Sophos Managed Threat Response (MTR) also increases protection through human analytics for fully managed detection and response to threats at all times.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.