Sophos Discover Conference 2018: News from King's Landing
The Sophos Partner Conference took place between 17 and 19 September 2018. We were delighted to be invited to this event for the third time in a row. So we were able to be there live this year as well, when the roadmap for next year was presented.
Our journey took us to the east coast of Westeros, more precisely to King’s Landing, the capital of the Seven Kingdoms. 😄 For all those who are not fans of the US TV series by HBO Game of Thrones: We travelled to Dubrovnik – Croatia. We had received again two invitations and flew this year already on the evening of September 13th, so that we could have a look at the city at the weekend.
Last year in Lisbon we weren’t really prepared yet and just let it all come to us. This year we are trying to make the writing in this blog post more personal and with more pictures. Although you may have been interested only in the facts, we’d like to give you a brief overview of how a Sophos partner conference works, at least in a nutshell. You can also simply skip the personal sections and jump right to “The future of Sohpos”.
As usual, you can expect objective reporting from us. Even though Sophos pays for the hotel accommodation and food (we take the flight both ways on our own), we won’t be influenced. We haven’t yet had to sign any NDA that would oblige us to do anything. 😅
Avanet in Dubrovnik
We arrived on Thursday evening in the beautiful old town of Dubrovnik. We are almost overwhelmed by the crowd of tourists, but still the city has a lot of charm and invites you to eat and relax at practically every corner. Since we are big fans of Game of Thrones, we wanted to visit the different film locations and took part in a corresponding tour. We were lucky and our tour leader was herself on the road with the film crew for 8 years and knew Joffrey, Cersei, Jaime, Tyrion, Jon Snow, and as they are all called. This made the whole tour even more special for us. 😎 The three days we had for ourselves passed quickly. We used the weekend to relax by the sea and on Saturday we even made a small detour to Bosnia Herzegovina in the city of Mostar.
Partner Reception and Award Gala
On Monday evening, the Sophos Discover Conference opened with a gala dinner. So we changed our location from the old town to the somewhat newer part of Dubrovnik and were curious to see what Sophos had planned for us for the next three days. The gala, as well as the entire Sophos event, took place in the impressive Sun Garden Hotel. With a variety of delicious appetizers for aperitifs and a great view of the sea, Sophos welcomed its partners warmly. After the sun had set, Sophos invited them to dinner. The hotel’s big turnaround made it easy to move to a new location for dinner. The highlight of the gala evening was the awards ceremony, where partners from the DACH (Germany, Austria, Switzerland) and CEMEA (Central Europe, Middle East and Africa) regions were honoured for their achievements.
At 10:00 a.m. on Tuesday morning, the eagerly awaited Opening Keynote took place. The theme of this year’s Sophos Discover Conference was “See the future”. Such a slogan, of course, awakens certain expectations and makes it clear that we are about to see what the future will look like with Sophos! 🤤 The excitement was also perfectly built with mysterious music and a 60-second countdown before Kris Hagerman (CEO) stepped onto the stage. After two hours, the opening keynote was over and our notes were empty. This wasn’t because we couldn’t press a key because of the tension, but simply because nothing extraordinary was told, which we didn’t already know or wrote in this blog.
After this presentation we really had to ask ourselves if we had already travelled into the future with a DeLorean last year and only kept you up to date with spoilers. It has to be, because we’ve obviously already seen the future of Sophos!
The future of Sophos
Nevertheless, we would like to summarize a few points so that you can better assess how Sophos will proceed in the future. Strategically, Sophos’s priorities for the future are as follows:
- Synchronized Security
On the endpoint, it was mainly about Intercept X, which was recently released for servers as well. Intercept X isn’t really new either and since Deep Learning was integrated in January 2018, there haven’t been any new features. But that doesn’t mean that this product is bad. Quite the opposite! Sophos has been tested by several independent institutes and has by far the best malware detection rate. However, this result can only be achieved with Intercept X. Sophos Central Endpoint alone is not enough. Therefore, we always recommend buying the bundle Intercept X Advanced.
From our point of view, of course, we would have expected something completely new. But we also have to realize that a product that is already so good and leaves the competition behind doesn’t need any new features at the moment. It’s about the same phenomenon as with smartphones. The manufacturers haven’t made much progress in recent years either, and apart from better CPUs and cameras, major changes remain on the sidelines.
There will still be a new product: Sophos Intercept X EDR. We will present this in detail in a separate article in November. The public beta of Intercept X EDR only started during the conference. In a nutshell, this is what we are talking about:
Root Cause Analysis (RCA) has been reworked and is getting more features to make it easier for administrators to do a more in-depth identification of the root cause. This gives you additional information about the potentially malicious file to better understand its behavior. You also get suggestions on how best to proceed further.
Root Cause Analysis, which is part of Intercept X, will be drilled up again with Intercept X EDR to make even more precise analyses and e.g. export forensic data or completely isolate clients. The software will probably be introduced in November in version 1.0 and sold as a separate product with its own license.
This year, as in Lisbon, practically only the XG firewall and the next v17.5 version, which will be released in November, were discussed. Last year we concluded that the SG firewall with the UTM operating system was already dead, because nobody said a word about it. So we were very surprised to get a roadmap for the UTM one year later!
UTM 9.6 will be available soon
- Sandstorm: Reporting and Manual File Transfer Enhancements
- WAF: Support for Let’s Encrypt certificate and improvements to page personalization
- RED: Unified Firmware with 4G LTE Support
- EMail: Updated S/MIME-based encryption
- ATP: New and Improved Advanced Threat Protection Engine
Roadmap for UTM 9.7, 9.8 and 9.9
A concrete roadmap to new features or bugfixes for version 9.7 to 9.9 is unfortunately not available at this point. It is known, however, that IKEv2 is not supported in UTM 9.6.
Quote from Sohpos: “Given our experience with integrating the technology into XG Firewall, we didn’t want to delay the release of UTM 9.6 unnecessarily, so we’ll probably add the feature in a later version”.
For future UTM releases, Sophos is also considering incorporating the following new features:
- Email and privacy improvements in line with the DSGVO
- improved RestAPI to retrieve status information
- Machine Learning in the On-Box Anti-Virus Engine
- automated IP blacklisting to protect against brute force attacks
Although Sophos continues to work on UTM, it’s pretty obvious that the future belongs to XG with SFOS, where innovative new features are being developed. But we also understand Sophos here that you can’t just drop the huge share of UTM business. But in the longer term, it just doesn’t make sense to develop two different operating systems in parallel and invest double resources. So we see that the UTM operating system will probably retire in the next 3-5 years. After all, there was a breakout session called “Migration from UTM to XG” for a reason. 🤭
XG Firewall (SFOS)
At the XG Firewall we can look forward to the next big update of version 17.5. At the roadshow in March we talked about a version 17.2 and 17.3, but they are apparently omitted now. APX Access Points are not supported with version 17.5 yet, by the way. So for the time being they can only be used with Sophos Central Wireless.
Here are three cool features that will come with version 17.5:
- Sophos Central Management: Manage XG Firewall via Sophos Central (full SSO device management / alerting and status for availability, license, performance, and security / zero-touch setup of new appliances / manage multi-device firmware updates / option to store/maintain backups in Central)
- Synchronized User ID: Registered computer user is transferred via Security Heartbead of the XG Firewall. No Active Directory is required for this. So you see in the logs/reports a username and not just a meaningless IP address.
- Lateral Movement Protection: Infected endpoints can be isolated by the firewall.
Somewhere between late 2019 and early 2020, version 18 should be released. Sophos itself probably doesn’t know exactly when. 😅 What we already know, however, is the fact that SFOS will be based on Ubuntu in the future! In addition, there will also be new hardware with an additional ASIC processor, which will bring 200% more performance. Other manufacturers already do this today, so that certain tasks are processed by their own processor. But this is also not a brandnew news, but one from last year.
What we would have liked was a new product in the direction of software-defined networking (SDN). We think that would be the next step. However, the promise that the XG firewall (only the XG) can be managed via Sophos Central will now be kept. The XG will support this with the 17.5 update. Otherwise there are no concrete features and Central will simply continue to be improved.
Unfortunately, there is nothing concrete in this area either. Sophos is updating more and more products with the Security Heartbeat. The last one was Wireless. The bigger goal is to implement more KI / AI in this area.
Partner Cocktail Party
After a long day of breakout sessions, in which we were informed in more detail about certain topics, we were looking forward to a super organized evening. Once again this year, Sophos had come up with something very special. The meeting point for the departure to the party was behind the hotel at the harbour, where an old sailing ship was waiting for us. The destination of our trip was the “Revelin Culture Club” in the old town of Dubrovnik. The trip by ship took about 30 minutes, before we finally landed in the harbour and reached the Revelin Culture Club in a few steps. On the roof at the edge of the city wall we had a varied dinner followed by a live band.
It was a strange feeling to leave the conference without really experiencing anything new. In our opinion, the motto “See the Future” would have been more appropriate at the last conference one and a half years ago, when people were on stage talking about Synchroniszed Security and the XG Firewall. The positive thing, however, is that the plan was actually implemented and we have these features in use today. The moto wasn’t really new either. At the roadshow in Dübendorf they also wanted to show us the future.
From our point of view there was not much new to report and the sessions were rather weak. Since our expectations were very high, we are rather disappointed. Nevertheless, Sophos currently has a strong portfolio of Endpoint (Intercept X), XG Firewall (not UTM), Central and Synchronized Security, which will be further developed in the future. There’s still room for improvement in every corner, but the focus is right and we’re taking that with us.
Besides the sessions we had some good conversations and expanded our network. Our inputs to the products were given to the right people and the cooperation was strengthened. However, we are particularly pleased to have had the opportunity to meet someone in Dubvronik who can put our long-standing idea into practice and who will drive Avanet a long way forward. More about this in Q1-2019.