A Look at the Key Advantages of XG Firewall V18

ProductsXG Firewall

We’ve been hyping up XG v18 for a while, and the good news is, the wait is over It’s finally here, and it’s the most significant release for XG ever. But what advantages if offers your customers? And how do you talk about those values? Read on to find out.

Apr 08 2020 By

XG V18 is now available!

That’s right folks, XG V18 is out! Let’s talk about what this means at a practical level for your customers. Firstly, this is the most rigorously tested release ever, and this really shows from the feedback we’ve had from the 200,000+ appliances in the field that have already upgraded. Secondly this release unifies our approach to public cloud security on both AWS and Azure platforms. Now that XG can run in both, all those great stories we have been telling customers about Synchronized Security in their office and Azure environments also apply to AWS too! That said, however, the biggest news is the new XStream architecture and how it can be used to solve real-world challenges network managers face. Shall we have a look at a few of those challenges?

Is encryption rendering my Firewall useless?

Traffic visibility has always been a challenge in a world where the number of applications continues to grow, and those applications constantly change and evolve. When you add encryption to the mix, this hides the traffic from the firewall in a private connection and it becomes almost impossible to keep on top of things. In a recent survey, we found that on average 43% of traffic on a network is unclassified and Google estimate that upwards of 80% of global internet traffic is encrypted. Now, allow me to be transparent and state that that ability to inspect SSL traffic on a firewall is nothing new. We’ve been doing it for years, and so have our competition. And yet in 97% of cases where SSL decryption could be enabled, it isn’t leading to massive potential blind spots.

You might be asking “now why is this?” And rightly so. The reasons come down to two factors: performance and usability. The new XStream architecture is specifically designed to maximize firewall throughput by intelligently passing traffic to the areas of scanning that need to be used, while bypassing unnecessary scans. This boosts performance, but also critically it frees up resources that allow the XG Firewall to undertake the heavy lift required to inspect more SSL connections, solving the performance challenge. The next battle is usability, which again is solved by the new architecture. We have decoupled the SSL inspection engine from the web proxy, so we can inspect SSL traffic regardless of what port is in use and the latest TLS 1.3 standard is supported to boost compatibility. Even with these changes though, some applications simply cannot support SSL inspection. This might be because of techniques, like for example certificate pinning. This tends to lead admins to simply turn off SSL inspection wholesale rather than risk the wrath of their users when applications start breaking. XG V18 changes things, because we can quickly show an admin what SSL connections are failing, and why, as well as offering simple one-click remediation of these issues. This allows an admin to enable SSL inspection with confidence, knowing the XG can handle the performance demands and reliably inform when things go wrong and config changes need to be implemented.

The threat landscape is evolving and my protection can’t keep up.

Sophos has long been at the forefront in the battle against new and unknown threats, and this is most clearly demonstrated through the innovative features in our Intercept X endpoint protection. XG V18 brings the best of this technology and incorporates into the network layer, making the XG a more compelling purchase, either standalone or as part of a layered defense strategy. We’re calling this addition ‘Threat Intelligence’ and it will run in parallel with our already proven Sandstorm runtime analysis sandboxing service. The Threat Intelligence Analysis utilizes multiple threat modeling techniques, using deep learning and artificial intelligence to analyze various characteristics and genetics of the file compared to millions of known good and bad files. It provides a very accurate assessment of any new file in just seconds. Sandstorm and Threat Intelligence make a formidable pair when analyzing previously unseen files for evidence they are malicious in order to keep the latest threats off the network.

Sandstorm has also gone through significant enhancements. Firstly, remember that the virtual endpoints are covered with our award-winning Intercept ‘X” protection suite, leading to a high rate of conviction. In addition, we have incorporated technologies from our EDR platform to expose the machine learning decision tree in an overhauled Sandstorm threat report. This allows an admin to look at the decision coming from Sandstorm and what has influenced it. For example: a file lacking an icon or packed in a particular way. Finally, in an industry first, Sandstorm reports show actual screenshots of the sandbox environment as the malware carries out its nefarious deeds, shining a spotlight into a previous black box process.

My business relies on cloud-applications, efficient bandwidth usage and constant uptime.

We have looked at software-defined networking or SD-WAN in previous articles. But with V18 all of those great capabilities gain their own configuration page, making our intentions in this space crystal clear. The capabilities of traffic routing are incredibly comprehensive, empowering admins to throttle and route traffic based on source, application, and destination and defining how to handle failure states. An enterprise may leverage an array of internet connectivity modes including leased-line, MPLS, DSL, and cellular services knowing they will be utilized with maximum efficiency. And, being aware that in the event of outages, the highest priority traffic will always take precedence on whatever connection methods remain functional.

 

Multiple site enterprises are also well catered to. Remember the XG is replete with site-to-site connectivity options such as SSL and IPSec VPN, as well as our unique RED technology, which can be used to link multiple XGs together or employed as a hardware solution for smaller branch offices. All of which are compelling alternatives to costly leased line or MPLS connectivity.

Finally, although not a new feature, Synchronized Application Control, whereby unknown applications are classified through endpoint to firewall collaboration, gains increased significance in light of the release of XG V18. Clearly any attempt to route or control traffic relies entirely on the ability to classify the application in question. Our unique power in this area to dynamically classify unknown apps means that even if an end user wants to control a bespoke application, this can be achieved when Sophos endpoint and firewall are brought together.

 

One more thing:

Although not strictly a part of the V18 release, it’s worth taking a moment to look at how Sophos Central and its links to XG are being strengthened. Since we first launched XG in Central, the team has added some great new features, such as backup and firmware management, the light-touch deployment option, and group firewall management. This feature in particular is great of multi-site customers or MSPs as it allows admins to manage an estate of firewalls as one, unifying policy, firmware updates, and more. And the best bit it that this service is free!

We have also launched Sophos Central reporting, bringing the power of the cloud and big-data analytics to bear on network activity and reporting with a full suite of powerful new reporting tools in Sophos Central for XG Firewall.

Hopefully you’ve found that article useful and it will enable you to position this exciting new release with your customers. I’ll leave you with some feedback from some of our early adopters:

“Being a part of the EAP was invaluable. Not only did we see the value in all of the enhancements, it gave us the confidence to upgrade 200 firewalls across our various customers immediately after it was available.“

“All I can say is my goodness it’s fast – much better performance.”

“I like it. It is fast. You have delivered a good release.”

“Memory use and CPU utilization has gone down by 30%”

“Performance is so much faster and management activities take less time.”

“HA fail over is much faster.”

“v18 gave us a significantly higher performance than I thought possible with our infrastructure. Teachers are now streaming 4K videos to their classes without issue. The changes to the management has greatly simplified our admin efforts making configuration and troubleshooting much easier.”

Thanks for reading.

About the Author

Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.