Sophos Firewall v20 Active Threat Response

ProductsEarly Access ProgramSFOS v20Sophos Firewall

Start taking advantage of all the great new features in SFOS v20 today.

With Sophos Firewall v20 now available for early access, we will be covering some of the top new features every week leading up to launch.

In last week’s article, we covered the new authentication and Azure AD enhancements in Sophos Firewall v20. This week, we’ll have a look at one of the flagship features of this release – Active Threat Response.

Active Threat Response dramatically improves response time.  It essentially extends Synchronized Security to Sophos MDR and XDR analysts – enabling an instant and automated response to active adversaries and threats.

How it works:

If an analyst identifies a new threat communicating out to a command and control server, they can push that threat intel to the firewall from Sophos Central via a new threat feed API. The firewall will then start coordinating a defense immediately and automatically – without the need for manual intervention or new firewall rules. Any host attempting to communicate with the blocked threat will be flagged with a RED Security Heartbeat and be isolated accordingly, preventing any lateral movement and stopping the threat dead in its tracks. It works equally well regardless of what initially identifies the threat: the analyst, an endpoint, the firewall, or NDR.

Check out this video for a comprehensive overview of this exciting new capability:

This new automated response feature is a game changer for Sophos MDR and XDR customers who use Sophos Firewall.


Check out all the new features in v20

Sophos Firewall v20 includes a ton of great new capabilities. Check out the full list of what’s new in this What’s New PDF download.


Early Access Program

Please note that the early access program has ended – we expect to announce general availability very soon! A special thanks to all who have participated in the program.