Sophos has recently launched the Sophos Firewall v21, which is making waves in the cybersecurity industry with its innovative Network Detection and Response (NDR) integrated feature. NDR is a vital component of network security products that helps detect any abnormal traffic behavior to identify potential threats within the network.
Skilled attackers are constantly finding ways to evade detection, making it crucial for businesses to have advanced security measures in place. Sophos has been offering NDR as part of its MDR/XDR portfolio since early 2023, but the integration of NDR with Sophos Firewall in the latest SFOS v21.5 release is a groundbreaking move in the industry. The best part is that this integration comes at no additional cost for Sophos Firewall customers using Xstream Protection.
One of the key challenges in integrating NDR with a Next-Gen Firewall is to ensure that it does not impact the performance of the firewall. NDR traffic analysis requires significant processing power, which is why Sophos has opted to deploy an NDR solution in the Sophos Cloud to offload the heavy processing from the firewall.
The launch of NDR Essentials is a significant development in Sophos Firewall v21.5. This cloud-delivered NDR platform utilizes the latest AI detections to identify active adversaries and shares relevant information using the Sophos Firewall threat feeds API as part of Active Threat Response. The platform is designed to keep users informed of any detections and their relative risks.
The operation of NDR Essentials involves capturing metadata from TLS-encrypted traffic and DNS queries by Sophos Firewall, which is then sent to NDR Essentials in the Sophos Cloud for analysis using multiple AI engines. This process can detect malicious encrypted payloads and unusual domains generated through algorithms that are often indicative of compromises.
It is worth noting that the NDR Essentials feature is currently only available on XGS Series hardware firewalls. Virtual, software, and cloud firewalls may receive this integration capability in future updates, but it is not included in the v21.5 release.
The implementation of NDR Essentials is relatively straightforward, requiring users to turn on the feature, select internal interfaces to monitor, set a minimum threshold for detection risk, and that’s it. The platform scores detections on a range of 1 to 10 based on risk level, with only detections meeting or exceeding the threshold triggering notifications and alerts on the Control Center dashboard widget.
While NDR Essentials provides an additional layer of active threat detection to Sophos Firewall without impacting performance, it is important to note that it is not a replacement for the full Sophos NDR implementation for customers utilizing the XDR platform or MDR service. For more advanced detection insights and threat hunting capabilities, customers are encouraged to explore Sophos Extended Detection and Response (XDR) with the full implementation of Sophos NDR.
In conclusion, Sophos Firewall v21.5 with integrated NDR Essentials is a game-changer in the cybersecurity landscape, offering enhanced threat detection capabilities at no extra cost. Businesses looking to bolster their security measures should consider taking advantage of this latest offering from Sophos.