Skip to content
Avanet
Sophos Discover Conference 2017 - What Sophos is Planning for the Future

Sophos Discover Conference 2017 - What Sophos is Planning for the Future

22. MAY 2017

For the second time, we had the honor of attending the annual Sophos Discover Conference. This year, this special event was held in Lisbon. Participation is by invitation only for selected Sophos partners from the EMEA region (Europe, Middle East, and Africa), representing a total of 116 countries.

We would like to send a huge thank you to Sophos Switzerland and especially to “Q”, our Account Manager. 🙂

Last year we didn’t have time to report on it, so this year we’re providing a brief summary of the highlights. If we have the opportunity to attend again in 2018, we will keep you updated on new developments directly from the event.

Sophos Discover Conference 2017

At the Sophos Discover Conference, Sophos presents its roadmap for the coming year and a little beyond. This year, everything revolved around Next-Generation Security, structured into three major topics: Intercept X, Synchronized Security and XG Firewall.

Intercept X

Intercept X - you might remember our earlier Blog post - is THE Sophos solution for tackling new and unknown threats. Until now, the product has mainly been marketed as ransomware protection, but in reality it can do much more. The new class of threats that Intercept X also protects against is exploits.

An exploit is malicious software that contains data or executable code which can be used to take advantage of security vulnerabilities in software.

Imagine you are running an application on your computer that has a vulnerability allowing arbitrary code execution. That would mean data could be exfiltrated, passwords read, or other systems on the network infected - all with ease. These attacks are fully automated and invisible to the end user.

Intercept X can protect against this new generation of threats such as “WannaCry”, “Locky”, “Zerber”, “Goldeneye” and many others. Thanks to the recent Sophos acquisition of “Invincea”, Intercept X is becoming even more effective. An update is bringing “machine learning technology” into endpoint protection.

Not everyone will immediately understand what machine learning in an endpoint protection context really means. Traditional antivirus products such as McAfee, Kaspersky, Avira, etc. rely on signature-based detection. In other words, the piece of malware has to have been seen and identified before so that an antivirus engine can recognise it. This approach will likely be obsolete by the end of the year. This is where “machine learning” comes into play: the system autonomously determines whether something is benign or malicious. For a detailed explanation of how this technology actually works, take a look at my article “Machine Learning: Sophos relies on artificial intelligence”.

So if you are not yet running Intercept X, do not wait any longer - get it deployed. A classic antivirus solution simply is not enough any more.

It is also worth pointing out that Sophos is not the only vendor using machine learning to detect malicious software. Companies such as Malwarebytes or Cylance are doing this as well. Why do we still rely on Sophos? That question leads perfectly into the next topic: “Synchronized Security”.

Synchronized Security

From our perspective, selling a solid endpoint protection product that includes “machine learning technology”, such as those from Cylance or Malwarebytes, is only half the battle. What we really value about Sophos is the clear strategic vision and the fact that this vision has been thought through almost to completion from the very beginning. What gives Sophos a decisive edge over its competitors is “Synchronized Security”. Sophos realised earlier than anyone else that, going forward, it would be essential for security systems to communicate with each other to deliver extended protection.

Until now, a firewall’s job, put simply, was to allow or block traffic. The antivirus solution was responsible for detecting and blocking malware on the endpoint. The firewall had no insight into what the antivirus was doing, and vice versa.

With Synchronized Security, communication takes place between Sophos products. Sophos calls this “Security Heartbeat”. If, for example, you are running an XG Firewall and using Sophos Central on your endpoints, they can exchange information.

Previously, this enabled scenarios such as an XG Firewall blocking a client’s access to the file server when that client was infected with malware. Looking ahead, far more scenarios will be possible, as other products such as access points, Sophos File Encryption and mobile devices can also be integrated.

You can probably imagine the kinds of things this enables. We will certainly be presenting some of these scenarios in detail when the time is right.

No other vendor currently offers Synchronized Security in such an advanced form as Sophos. As a certified Sophos Synchronized Security Partner, we naturally recognise how important this topic is.

XG Firewall

The third major topic was XG Firewall. If you have been following us for some time, you will know that we initially struggled to warm to it. That is largely because the first version of SFOS was, to put it diplomatically, “not very good”.

With v16 and 16.05, a lot has improved, although it is still not completely perfect. There is still some catching up to do in certain areas. Even before the conference we had the pleasure of meeting the “Sophos Firewall Release Manager”, who gave us a private preview. Before v17 is released in September, a number of further improvements will be implemented.

These are the features we can look forward to in v17:

  • Improved application identification via Heartbeat: XG sees the processes on the endpoint.
  • Enhanced Log Viewer: search and filter across all logs with much better visualisation (finally!).
  • More clearly arranged firewall rules, including grouping.
  • Web policy testing and faster content filtering.
  • Various improvements around spam protection.

And what else is coming?

  • A new hardware revision (update) delivering 20% more performance (still in 2017).
  • In 2018, completely new hardware with double the performance.
  • Control of cloud apps (as more and more applications are browser-based).
  • IoT devices are becoming a major topic; there will be solutions for these as well.

So what about Sophos SG or UTM? Unfortunately, we have to disappoint you here - there was no news on that front, which is a clear indication of where things are heading.

We are already using XG in selected cases. For larger projects, we still mainly deploy UTM (depending on requirements). From September, once v17 is available, XG will be our first choice. If you are running SG hardware, there is a free upgrade path to SFOS. So it is really not as bad as it might sound.

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.