Skip to content
Avanet
Sophos Discover Conference 2018 - News from King’s Landing

Sophos Discover Conference 2018 - News from King’s Landing

13. SEPTEMBER 2018

Between 17 and 19 September 2018, Sophos held its partner conference. We were thrilled to be invited to this event for the third time in a row. This year, we were once again able to be there in person when the roadmap for the coming year was presented.

Venue

Our journey took us to the east coast of Westeros, more precisely to King’s Landing, the capital of the Seven Kingdoms. 😄 For those who aren’t fans of HBO’s US TV series Game of Thrones, we traveled to Dubrovnik in Croatia. We had again received two invitations and this year flew out on the evening of 13 September so that we could explore the city over the weekend.

Coverage

Last year in Lisbon, we weren’t really prepared and just let everything come at us. This year, we’re trying to make the coverage in this blog post a bit more personal and with more photos. Even though you are probably primarily interested in the facts, we would still like to give you a brief insight into what a Sophos partner conference looks like. You can simply skip the personal passages and jump straight to the section “The future of Sophos”.

As you are used to from us, we place great value on reporting as objectively as possible. Even though Sophos pays for the hotel and meals (we cover the flights ourselves), we do not let that influence us. Up to now, we have also not had to sign any non-disclosure agreement that would oblige us to anything. 😅

Avanet in Dubrovnik

We arrived in the beautiful old town of Dubrovnik on Thursday evening. You almost get run over by the masses of tourists, but the city still exudes an incredible amount of charm and invites you to eat and relax on practically every corner. Since we are big Game of Thrones fans, we absolutely wanted to visit the various filming locations and joined a corresponding tour. We were lucky: our guide had herself spent eight years working with the film crew and knew Joffrey, Cersei, Jaime, Tyrion, Jon Snow, and all the others personally. That made the whole tour even more special for us. 😎 The three days we had to ourselves went by quickly. We used the weekend to relax by the sea and even made a short side trip on Saturday to Mostar in Bosnia and Herzegovina.

Dubrovnik beach
Dubrovnik harbour
Dubrovnik bay
Dubrovnik city
Dubrovnik bay

Partner reception and awards gala

On Monday evening, the Sophos Discover Conference opened with a gala dinner. We moved from Dubrovnik’s old town to the newer part of the city and were curious to see what Sophos had planned for the next three days. The gala, as well as the entire Sophos event, took place at the impressive Sun Gardens Hotel. With a wide range of delicious canapes for the aperitif and a fantastic sea view, Sophos gave its partners a warm welcome. After sunset, Sophos invited everyone to dinner. The hotel’s spacious grounds made it easy to walk to a different location for the meal. The highlight of the gala evening is always the awards ceremony, where partners from the DACH region (Germany, Austria, Switzerland) and the CEMEA region (Central Europe, Middle East and Africa) are recognized for their achievements.

Sophos event location
Sophos event hotel
Sophos event evening
Sophos event gala dinner

Opening keynote

On Tuesday morning at 10:00 a.m., the eagerly anticipated opening keynote took place. The motto of this year’s Sophos Discover Conference was “See the Future”. A slogan like that naturally raises expectations and makes it very clear that we are supposedly about to see what the future with Sophos will look like. 🤤 The buildup was done perfectly as well, with mysterious music and a 60-second countdown before Kris Hagerman (CEO) stepped onto the stage. Two hours later, the opening keynote was over and our notes were empty. That was not because we were too overwhelmed to type, but simply because nothing extraordinary was said that we didn’t already know or had not already covered in this blog.

After this presentation, we genuinely had to ask ourselves whether we had already travelled into the future in a DeLorean last year and had only been keeping you updated with spoilers ever since. It must be true, because we had obviously already seen Sophos’s future.

The future of Sophos

We still want to summarize a few points so that you can better judge where Sophos is headed. From a strategic point of view, Sophos is setting its future priorities around the following products:

  1. Endpoint
  2. Firewall
  3. Central
  4. Synchronized Security

Endpoint

On the endpoint side, the main focus was Intercept X, which was recently released for servers as well. Intercept X itself is not really new, and since deep learning was integrated in January 2018, there have been no new features. That does not mean the product is weak. Quite the opposite: Sophos has been tested by several independent institutes and achieved by far the best malware detection rate. However, Sophos only reaches that result with Intercept X. Sophos Central Endpoint alone is not enough. That is why we always recommend buying the Intercept X Advanced bundle.

From our perspective, we would of course have expected something completely new. But we also have to acknowledge that a product which is already this good and ahead of the competition does not urgently need new features right now. It is roughly the same phenomenon as with smartphones. Manufacturers have not made huge leaps in recent years either, and aside from better CPUs and cameras, the bigger changes have largely failed to materialize.

There will still be a new product: Sophos Intercept X EDR. We will present it in detail in a dedicated article in November. The public beta for Intercept X EDR only started during the conference. At a high level, it is about the following:

Root Cause Analysis (RCA) has been revised and is gaining additional capabilities to make it easier for administrators to identify causes in even greater depth. This provides more information about potentially malicious files, making it easier to understand their behavior. It also provides suggestions for the best next steps.

So Root Cause Analysis, which is already part of Intercept X, is getting a major upgrade with Intercept X EDR to enable even more precise analysis, including exporting forensic data or completely isolating clients. Version 1.0 of the software is expected to be released in November and sold as a separate product with its own license.

Firewall

Just like last year in Lisbon, the conference focused almost entirely on the XG Firewall and the upcoming 17.5 release, which is expected in November. Last year, our conclusion was that the SG Firewall with the UTM operating system was basically already dead, because not a single word was said about it. That is why it surprised us to see, one year later, that a roadmap for UTM was presented again.

UTM 9.6 will be available soon

  • Sandstorm: improved reporting and manual file submission
  • WAF: support for Let’s Encrypt certificates and improved page customization
  • RED: unified firmware with 4G LTE support
  • Email: updated S/MIME-based encryption
  • ATP: new and improved Advanced Threat Protection engine

Roadmap for UTM 9.7, 9.8 and 9.9

At this point, we unfortunately cannot show a concrete roadmap for new features or bug fixes in versions 9.7 to 9.9. However, it is already known that IKEv2 will not be supported in UTM 9.6.

Quote from Sophos: “Given our experience integrating the technology into XG Firewall, we did not want to delay the UTM 9.6 release unnecessarily and will probably add the feature in a later version.”

For future UTM releases, Sophos is also considering the following enhancements:

  • improvements to email and data protection in line with GDPR
  • improved REST API for retrieving status information
  • machine learning in the on-box anti-virus engine
  • automated IP blacklisting to protect against brute-force attacks

Even though Sophos is still working on UTM, there is no way around the fact that the future belongs to XG with SFOS, which is where innovative new features are being developed. We can also understand Sophos’s position here, because they simply cannot abandon the huge UTM business share overnight. In the longer term, however, it makes no sense to continue developing two different operating systems in parallel and invest duplicate resources. So our conclusion remains that the UTM operating system will probably retire within the next three to five years. There was probably a reason for the breakout session called “Migration from UTM to XG”. 🤭

XG Firewall (SFOS)

With XG Firewall, we can look forward to the next major update, version 17.5. At the roadshow in March, Sophos had still been talking about versions 17.2 and 17.3, but those now appear to have been skipped. By the way, APX access points will still not be supported with version 17.5. For the time being, they can therefore only be operated via Sophos Central Wireless.

Here are three cool features that will be included in version 17.5:

  • Sophos Central Management: manage XG Firewall through Sophos Central, including full SSO device management, alerting and status for availability, licensing, performance and security, zero-touch provisioning for new devices, firmware management for multiple devices, and the option to store and maintain backups centrally
  • Synchronized User ID: the logged-in computer user is transmitted to the XG Firewall via Security Heartbeat. No Active Directory is required. This means logs and reports show a username instead of just a meaningless IP address.
  • Lateral Movement Protection: an infected endpoint can be isolated by the firewall.

Somewhere between late 2019 and early 2020, version 18 should then arrive. Exactly when is probably something even Sophos does not yet know. 😅 What we do already know is that SFOS will use Ubuntu as its new foundation in the future. Alongside that, new hardware is expected with an additional ASIC processor that delivers another 200 percent in performance. Other vendors already work this way today, with dedicated processors handling certain tasks. But even that is not really new information; it was already mentioned last year.

Central

What we would have liked to see was a new product in the direction of software-defined networking (SDN). That would have been an interesting next step. Instead, Sophos now at least seems ready to deliver on its promise that the XG Firewall can be managed via Sophos Central. In the long term, the goal is for everything to be managed through Sophos Central. XG will support this with the 17.5 update. Beyond that, there are no concrete new features and Central will simply continue to improve.

Synchronized Security

In this area too, there was unfortunately nothing particularly concrete. Sophos is updating more and more products with Security Heartbeat, with Wireless being the most recent. The bigger goal is to implement more AI in this area.

Partner cocktail party

After a long day of breakout sessions with more detailed information on various topics, we were able to look forward to a wonderfully organized evening. Once again this year, Sophos had come up with something very special. The meeting point for departure to the party was the harbor behind the hotel, where an old sailing ship was waiting for us. The destination of our journey was the “Revelin Culture Club” in Dubrovnik’s old town. The boat trip took about 30 minutes before we finally docked in the harbor and, after just a few steps, reached the Revelin Culture Club. On the rooftop at the edge of the city walls, there was a varied dinner followed by a live band.

Sophos Dubrovnik - ship
Sophos Dubrovnik - ship
Sophos Dubrovnik - party
Sophos Dubrovnik - party

Closing remarks

It felt strange to leave the conference without really having learned anything new. In our opinion, the motto “See the Future” would have fit much better at the conference one and a half years ago, when Sophos was on stage talking about Synchronized Security and the XG Firewall. The positive side is that the plan presented back then really was implemented, and we now have those features in production. The motto itself was not exactly new either. At the roadshow in Dübendorf, Sophos had already wanted to show us the future.

From our point of view, there simply was not much new to report and the sessions were rather weak. Because our expectations were very high, we left somewhat disappointed. Even so, Sophos currently has a strong portfolio with Endpoint powered by Intercept X, XG Firewall, Central, and Synchronized Security, and that portfolio will continue to evolve. There is still room for improvement in many areas, but the direction is right, and that is what we are taking away from the event.

Besides the sessions, we also had a number of good conversations and expanded our network. We were able to pass on our input on the products to the right people and strengthen our collaboration. What pleases us most, however, is that in Dubrovnik we were able to meet someone who can bring our long-standing idea to life and move Avanet forward a big step. More on this in Q1 2019.

Patrizio

Patrizio

Patrizio is an experienced network specialist focused on Sophos firewalls, switches, and access points. He supports customers and IT teams with configuration, migration, and clean network segmentation.