Sophos Firewall v20: Active Threat Response

Credit to Author: Chris McCormack| Date: Wed, 25 Oct 2023 11:00:24 +0000

With Sophos Firewall v20 now available for early access, we will be covering some of the top new features every week leading up to launch.

In last week’s article, we covered the new authentication and Azure AD enhancements in Sophos Firewall v20. This week, we’ll have a look at one of the flagship features of this release: Active Threat Response.

Active Threat Response dramatically improves response time.  It essentially extends Synchronized Security to Sophos MDR and XDR analysts – enabling an instant and automated response to active adversaries and threats.

How it works

If an analyst identifies a new threat communicating out to a command and control server, they can push that threat intel to the firewall from Sophos Central via a new threat feed API. The firewall will then start coordinating a defense immediately and automatically, without the need for manual intervention or new firewall rules.

Any host attempting to communicate with the blocked threat will be flagged with a RED Security Heartbeat and be isolated accordingly, preventing any lateral movement and stopping the threat dead in its tracks.  It works equally well regardless of what initially identifies the threat: the analyst, an endpoint, the firewall, or NDR.

Check out this video for a comprehensive overview of this exciting new capability…

This new automated response feature is a game changer for Sophos MDR and XDR customers who use Sophos Firewall.

Check out all the new features in v20

Sophos Firewall v20 includes a ton of great new capabilities. Check out the full list in this What’s New PDF download.

Early access program

Check out all the great new features in SFOS v20 today and help us make this release the best it can be by participating in the early access program. Visit the SFOS v20 EAP registration page to get started.

The Sophos Firewall OS v20 EAP release is a fully supported upgrade from any previously supported firmware version, including the most recent v19.5 MR3 release.

Once you’re up and running, please provide feedback through your Sophos Firewall’s feedback mechanism (top right of every screen on your Firewall). Also visit our EAP community forums to share your experiences with others.

Note that the early access program is ending soon – we expect to announce general availability shortly! A special thanks to all who have been participating in the program.

http://feeds.feedburner.com/sophos/dgdY