It is critically important for a modern firewall to parse through
the mountain of information it collects, correlate data where possible, and
highlight only the most important information requiring action – ideally before
it’s too late.
According
to the latest statistics, approximately 90% of web traffic is encrypted, making
it invisible to most firewalls. An increasing amount of malware and potentially
unwanted apps exploit the fact that organisations are simply not using SSL
inspection. Network administrators’ main fears are that SSL inspection will
have a performance impact or cause something to break, impacting the user
experience.
“Unfortunately, most organisations are powerless to do anything
about it because their current firewall lacks the performance necessary to
utilise TLS/SSL inspection without slowing down dramatically,” says
Ross Anderson, Sophos Product Development
Manager at Duxbury Networking
Sophos Firewall, with its new Xstream SSL inspection engine, has a
much higher capacity for concurrent connections and offers flexible policy
tools to make intelligent decisions about what should and can be scanned,
offloading where appropriate. Using the SSL policy tools, organisations can create
enterprise-grade TLS/SSL policies related to un-decryptable traffic,
certificates, protocols, cipher enforcement options, and more. Sophos Firewall
supports TLS 1.3 and all modern crypto suites across every port and application
in the system.
Additional tools available right on the dashboard enable
administrators to see exactly how much network traffic is encrypted, and how it
is being handled. Sophos Firewall does a much better job at surfacing this
information than other solutions, particularly with how it highlights errors
that are encountered due to certificate validation or websites that do not
support the latest encryption standards.
Administrators can also pop up a detailed window to see exactly
which sites are problematic, and why, as well as users experiencing issues.
From there, they can take action directly to exclude the application or site
from decryption to prevent further issues. No other SSL inspection solution
offers the same accessibility to this information.
“Sophos Firewall’s Control
Centre provides an unprecedented level of visibility into activity, risks, and
threats on your network. It uses ‘traffic light’ style indicators to focus your
attention on what’s most important to you. If something’s red, it requires
immediate attention. Yellow indicates a potential problem. And if everything is
green, no further action is required,” Anderson explains.
Every widget on the Control Centre offers additional information that is easily revealed simply by clicking that widget. For example, the status of interfaces on the device can be obtained by clicking the ‘Interfaces’ widget on the Control Centre.
Figure 1.
“System graphs also show
performance over time with selectable timeframes, whether you want to look at
the last two hours to the last month or year. And they provide quick access to
commonly used troubleshooting tools to resolve potential issues,” says
Anderson.
In
addition to a number of firewall hardware products, Sophos also provides users
with the option of a virtual firewall, eliminating the issues of componentry
shortages experienced as a result of the Covid-19 pandemic.
“Sophos Firewall removes the blind spots caused by encrypted traffic by allowing you to use SSL inspection while maintaining performance efficiency. Sophos Firewall includes a high-speed deep packet inspection (DPI) engine to scan your traffic for threats without a proxy slowing down the process. The firewall stack can completely offload the processing to the DPI engine, significantly reducing latency and so improving overall efficiency,” says Anderson.
“You
can deploy the virtual appliances as next-generation firewalls. They offer
industry-leading network security to virtual data centres, a ‘security-in-a-box’
setup for MSSPs and organisations, and an ‘office-in-a-box’ setup. By providing
comprehensive security features available in its hardware security devices, in
virtualised form, these virtual devices offer layer-8 identity-based security
on a single virtual device,” adds Anderson.
Sophos
offers a complete virtual security solution to organisations with its virtual
network security devices, next-generation firewalls, and Sophos Central to
centrally manage your Sophos Firewall devices. You can install virtual
appliances within environments hosted on VMware, Hyper-V, KVM, and XenApp.