Sophos Discover Conference 2017: What Sophos plans for the future
This is the second time we have had the honour of attending the annual Sophos Discover Conference. In this year, this special event took place in Lisbon. Only selected Sophos partners from the EMEA region (Europe, Middle East, and Africa) from 116 countries are invited.
We would like to thank Sophos Switzerland and especially “Q”, our account manager. :-)
Last year we didn’t have time to report and this year’s most important news will be announced soon. If we are permitted to be there again in 2018, we will inform you about innovations on site.
Sophos Discover Conference 2017
At the Sophos Discover Conference we’ll presenting Sophos plans for the following year and beyond. This year everything is about the Next-Generation Security and there were three major topics: Intercept X, Synchronized Security and the XG Firewall.
Intercept X, you may remember from our former Blogpost, is THE Sophos solution against new and unknown threats. Until now the product has always been advertised as Ransomware protection, but actually it can do much more. The new kind of threats, that Intercept X also protects against, are Exploits.
An exploit is malware that contains data or executable code. It also can exploit security issues in computer programs.
So, imagine that your computer is running a program that contains a security issue, that allows you to run random code on your computer. This would mean that data could easily be taken, passwords read or other computers in the network could be infected. These attacks are fully automated and invisible to the user.
Intercept X is able to protect your computer against malware like “WannaCry”, “Locky”, “Zerber”, “Goldeneye” & Co. The latest acquisition of Sophos’s “Invincea” company makes Intercept X even better. An update brings Machine Learning Technology into endpoint protection.
I guess not everyone of you understands what machine learning means in an endpoint protection. Traditional antivirus programs such as McAfee, Kaspersky, Avira, etc. work with signature-based detection. This means that the malware must have been detected before, so that an antivirus program can detect it. This method is expected to be outdated at the end of the year. That is the point where “machine learning” takes place. The system automatically recognizes whether something is good or bad. I will explain how the technique works in detail in a later post.
So if you don’t have an Intercept X installed yet, don’t wait any longer and get it! A classical antivirus is simply not enough anymore.
What we would like to say, is that Sophos is not the only company using this machine learning to detect malware. Companies such as Malwarebytes or Cylance can do the same. Why shall we still choose Sophos anyway? This question is the perfect transition to the next point: “Synchronized Security”.
In our opinion, selling good endpoint protection, which even has a “machine learning technology”, such as that one of Cylance or Malwarebytes, is only half the battle. What we love about Sophos is the clear idea of where they are headed and that the vision has been more or less fully planned from the beginning of the project till the end. What Sophos has ahead of all its rivals is Synchronized Security. Sophos has recognised earlier than anyone else that it is essential for security systems to communicate with each other for extended protection in the future.
Until now, a firewall was simply meant to let traffic pass or block. The antivirus should detect and block malware on the client. The firewall does not know what the antivirus is doing and vice versa. That looks something like as shown in this funny video:
Synchronized security is the communication between Sophos products. Sophos calls this the “Security Heartbeat.” For example, if you have an XG firewall and use Sophos Central on the endpoint, information can be exchanged.
Up to now, scenarios such as this have been possible, so that the XG Firewall could block a client’s traffic to the file server if it was infected by a virus. However, many more options are available in the future, since it will be possible to integrate products such as Access Points, Sophos File Encryption or mobile devices.
You can imagine what you can do with it. We will surely present some of these scenarios in the future in the given time.
No other company offers Synchronized Security in this advanced form, as Sophos can. As a certified Sophos Synchronized Security Partner, we understand the importance of the issue.
The third big topic was the XG Firewall. If you’ve been following us for a long time, you know that we’ve had our problems making friends with this. But that’s because the first version of SFOS, let’s say it in a diplomatic way, was “not very good”.
With v16 and 16.05, things have improved a lot, but not quite perfect. There is still some work to be done in some areas. Before the conference, we had the pleasure of getting to know the Sophos Firewall Release Manager, which gave us a very private view of the situation. Before v17 will be released in September, some improvements will be made.
We can expect the following features from v17:
- Improved application detection through heartbeat. XG sees the processes on the endpoint.
- Improved Log Viewer. Search and filter all logs and with a better view (finally!).
- More transparent firewall rules including groupings
- Web policy test and faster content filtering
- Improvements around spam protection
And what else is coming up?
- New hardware upgrade, which will deliver 20% more performance (still in 2017)
- In 2018 we will bring completely new hardware with doubled performance.
- Control Cloudapps (because more and more applications are running in the browser)
- IoT devices are becoming more and more of a topic, and there are solutions for that too.
And what about Sophos SG or UTM? Unfortunately, we have to disappoint you because there was no news, which is also a clear sign where the journey will go.
Currently we are already using XG in some cases. For larger projects we still use the UTM (depending on the requirements). In September, when v17 is available, XG will be our first choice. If you have SG hardware, there is a free update to the SFOS. If you can see, it’s not that bad!