It is critically important for a modern firewall to parse through the mountain of information it collects, correlate data where possible, and highlight only the most important information requiring action – ideally before it’s too late.

According to the latest statistics, approximately 90% of web traffic is encrypted, making it invisible to most firewalls. An increasing amount of malware and potentially unwanted apps exploit the fact that organisations are simply not using SSL inspection. Network administrators’ main fears are that SSL inspection will have a performance impact or cause something to break, impacting the user experience.

“Unfortunately, most organisations are powerless to do anything about it because their current firewall lacks the performance necessary to utilise TLS/SSL inspection without slowing down dramatically,” says Ross Anderson, Sophos Product Development Manager at Duxbury Networking

Sophos Firewall, with its new Xstream SSL inspection engine, has a much higher capacity for concurrent connections and offers flexible policy tools to make intelligent decisions about what should and can be scanned, offloading where appropriate. Using the SSL policy tools, organisations can create enterprise-grade TLS/SSL policies related to un-decryptable traffic, certificates, protocols, cipher enforcement options, and more. Sophos Firewall supports TLS 1.3 and all modern crypto suites across every port and application in the system.

Additional tools available right on the dashboard enable administrators to see exactly how much network traffic is encrypted, and how it is being handled. Sophos Firewall does a much better job at surfacing this information than other solutions, particularly with how it highlights errors that are encountered due to certificate validation or websites that do not support the latest encryption standards.

Administrators can also pop up a detailed window to see exactly which sites are problematic, and why, as well as users experiencing issues. From there, they can take action directly to exclude the application or site from decryption to prevent further issues. No other SSL inspection solution offers the same accessibility to this information.

“Sophos Firewall’s Control Centre provides an unprecedented level of visibility into activity, risks, and threats on your network. It uses ‘traffic light’ style indicators to focus your attention on what’s most important to you. If something’s red, it requires immediate attention. Yellow indicates a potential problem. And if everything is green, no further action is required,” Anderson explains.

Every widget on the Control Centre offers additional information that is easily revealed simply by clicking that widget. For example, the status of interfaces on the device can be obtained by clicking the ‘Interfaces’ widget on the Control Centre.

Figure 1.

“System graphs also show performance over time with selectable timeframes, whether you want to look at the last two hours to the last month or year. And they provide quick access to commonly used troubleshooting tools to resolve potential issues,” says Anderson.

In addition to a number of firewall hardware products, Sophos also provides users with the option of a virtual firewall, eliminating the issues of componentry shortages experienced as a result of the Covid-19 pandemic.

“Sophos Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection while maintaining performance efficiency. Sophos Firewall includes a high-speed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency,” says Anderson.

“You can deploy the virtual appliances as next-generation firewalls. They offer industry-leading network security to virtual data centres, a ‘security-in-a-box’ setup for MSSPs and organisations, and an ‘office-in-a-box’ setup. By providing comprehensive security features available in its hardware security devices, in virtualised form, these virtual devices offer layer-8 identity-based security on a single virtual device,” adds Anderson.

Sophos offers a complete virtual security solution to organisations with its virtual network security devices, next-generation firewalls, and Sophos Central to centrally manage your Sophos Firewall devices. You can install virtual appliances within environments hosted on VMware, Hyper-V, KVM, and XenApp.

High-impact server and container security for on-premises, data centre, and cloud
Much of today’s security isn’t built to face modern challenges. It’s too slow, and reactive to threats rather than proactive. Threats grow more comple...
Prevent phishing and imposter threats with Sophos Email
Emails, the primary method of communication for most businesses in the digital age are more valuable than ever to attackers. Statistics show that on a...