This is the second time we have had the honor of attending the annual Sophos Discover Conference. This year, this special event took place in Lisbon. Only selected Sophos partners from the EMEA region (Europe, Middle East, and Africa), i.e. from a total of 116 countries, are invited.
At this point, a big thank you goes to Sophos Switzerland and especially to “Q”, our account manager. 🙂
Last year we didn’t have time to report on it, and this year we’re giving you the lowdown. However, if we are allowed to be there again in 2018, we will inform you about innovations right on the spot.
Sophos Discover Conference 2017
At each Sophos Discover Conference, we present what Sophos has planned for the coming year and a little beyond. This year it was all about Next-Generation Security and there were three big topics: Intercept X, Synchronized Security and the XG Firewall.
Intercept X, you may remember from our previous blog post, is THE Sophos solution against new and unknown threats. So far, the product has always been advertised as ransomware protection, but it can actually do much more. The new type of threats that Intercept X also protects against are exploits.
An exploit is malware that contains data or executable code that can exploit vulnerabilities in computer programs.
So imagine that your computer is running a program that contains a vulnerability that allows arbitrary code to be executed on your computer. This would then mean that data could easily be stolen, passwords could be read, or even other computers on the network could be infected. These attacks run completely automated and it is not visible to the user.
Intercept X can protect against this new breed of threats such as “WannaCry“, “Locky“, “Cerber“, “Goldeneye” & Co. The latest Sophos acquisition of the company “Invincea” makes Intercept X even better. An update brings “machine learning technology” to endpoint protection.
Now, I’m going to assume that not all of you immediately understand what machine learning means in endpoint protection. The thing is that traditional antivirus programs, such as McAfee, Kaspersky, Avira, etc., work with signature-based detection. This means that the malware must have been detected before, so that an antivirus program can recognize it. This method will probably be obsolete by the end of the year. This is where this “machine learning” comes into play. The system recognizes independently whether something is good or evil. You can read about how the technology works in detail in my article “Machine Learning: Sophos relies on artificial intelligence”.
So if you don’t have Intercept X installed yet, don’t wait any longer and get it! A classic antivirus is simply not enough in this day and age.
What we would like to note here, however, is that Sophos is not the only company that uses this machine learning to detect malicious software. Companies like Malwarebytes or Cylance can do the same. Why we still choose Sophos? This question is the perfect segue to the next point, which is “Synchronized Security”.
Selling a good endpoint protection that even has “machine learning technology”, like those from Cylance or Malwarebytes, is only half the battle in our view. What we love about Sophos is that it has a clear vision of where it wants to go and that this vision has been more or less thought through from the beginning. What Sophos has over all other competitors is “Synchronized Security”. Sophos recognized earlier than anyone else that it is imperative for the future that security systems communicate with each other for advanced protection.
Until now, a firewall has simply been there to let traffic through or block it. The antivirus is supposed to detect and block malware on the client. So the firewall does not know what the antivirus is doing and vice versa.
So with Synchronized Security, there is communication between Sophos products. Sophos calls this the “security heartbeat.” For example, if you have an XG Firewall and use Sophos Central on the endpoint, information can be exchanged.
Until now, scenarios such as XG Firewall blocking a client’s traffic to the file server if it was infected by a virus were possible. In the future, however, many more possibilities can be realized, as products such as access points, Sophos File Encryption or mobile devices can also be integrated.
You can imagine what you can do with it. We will certainly present some such scenarios at the appropriate time in the future.
No other vendor offers Synchronized Security in this advanced form as Sophos can. As a certified Sophos Synchronized Security Partner, we naturally know how important this topic is.
The third big topic was the XG Firewall. If you’ve been following us for any length of time, you know that we’ve had some trouble getting comfortable with it. But that’s because the first version of SFOS was, let’s say it a little diplomatically, “not very good”.
With v16 and 16.05 some things are now better, but still not quite perfect. There is still a need to catch up in some areas. We have now had the pleasure of meeting the “Sophos Firewall Release Manager” before the conference, which has given us a very private outlook. So before v17 will be released in September, some improvements will be made.
We can hope for the following features from v17:
- Improved application detection through Heartbeat. XG sees the processes on the endpoint.
- Improved Log Viewer. Search and filter all logs and with a better display (finally!).
- Clearer firewall rules incl. Groupings
- Web policy testing and faster content filtering
- Improvements around spam protection
And what else is coming?
- New hardware revision (update), which will bring 20% more performance (still in 2017).
- Completely new hardware with doubled performance will be available in 2018.
- Control cloudapps (as more and more apps are run in the browser)
- IoT devices are becoming more and more of an issue, and there are solutions for them as well.
And what about Sophos SG or UTM? Unfortunately, we have to disappoint you, because there was no news about this, which is also a clear sign of where the journey will go.
Currently, we are already using XG in isolated cases. For larger projects, however, we still use UTM (depending on requirements). From September, when v17 is available, XG will be our first choice. However, if you have SG hardware, there is a free update to the SFOS. So everything is half as bad.