Sophos Discover Conference 2018 – News from King’s Landing

Between September 17 and 19, 2018, Sophos held its Partner Conference. We were very happy to be invited to this event for the third time in a row. So we had the pleasure to be live on site again this year when the roadmap for the coming year was presented.

Venue

Our journey took us to the east coast of Westeros, more precisely to King’s Landing, the capital of the Seven Kingdoms. 😄 For those who are not fans of the US TV series from HBO Game of Thrones: We traveled to Dubrovnik – Croatia. We had received two invitations again and this year we flew already in the evening of September 13, so that we could still see the city on the weekend.

Reporting

Last year in Lisbon we were not really prepared and just let everything come to us. This year we are trying to make the coverage in this blogpost a bit more personal and with more pictures. Even though you are probably only interested in the facts, we would like to give you a brief insight into how a Sophos partner conference works. You can also just skip the personal passages and jump straight to the “The future of Sophos” item.

As usual, we make a point of reporting as objectively as possible. Even though Sophos pays for the hotel accommodation and meals (we pay for the outward and return flights), we do not allow ourselves to be influenced. We have not yet had to sign a confidentiality agreement that obliges us to do anything. 😅

Avanet in Dubrovnik

We arrived in the beautiful old town of Dubrovnik on Thursday evening. You are almost overrun by the mass of tourists, but still the city exudes a lot of charm and invites you to eat and relax at practically every corner. Since we are big fans of Game of Thrones, we really wanted to visit the various filming locations and took part in a corresponding tour. We were lucky and our tour guide had been on the road herself with the film crew for 8 years and knew Joffrey, Cersei, Jaime, Tyrion, Jon Schnee, and what they are all called personally. Of course, that made the whole tour that much more special for us. 😎 The three days we had to ourselves passed quickly. We used the weekend to relax by the sea and even took a little side trip to Bosnia Herzegovina to the city of Mostar on Saturday.

Partner reception and award ceremony gala

On Monday evening, the Sophos Discover Conference opened with a gala dinner. So we changed our location from the old town to the slightly newer part of Dubrovnik and were excited to see what Sophos had planned for us over the next three days. The gala, as well as the entire Sophos event, took place at the impressive Sun Garden Hotel. With a variety of delicious appetizers for the aperitif and a great view of the sea, Sophos warmly welcomed its partners. After the sun had set, Sophos invited them to dinner. The large turnaround of the hotel made it easy to walk to a new location for dinner. The highlight of the gala evening is always the awards ceremony, where partners from the DACH (Germany, Austria, Switzerland) and CEMEA (Central Europe, Middle East and Africa) regions are honored for their achievements.

Opening Keynote

On Tuesday morning at 10:00 am, the highly anticipated Opening Keynote took place. The theme of this year’s Sophos Discover Conference was “See the future”. Such a slogan naturally raises certain expectations and unmistakably indicates that we are about to experience what the future with Sophos will look like! 🤤 The suspense was also perfectly built up with mysterious music and a 60-second countdown before Kris Hagerman (CEO) took the stage. After two hours the Opening Keynote was over and our notes were empty. However, this was not because we could not press a button due to excitement, but simply nothing extraordinary was told that we did not already know or have already written in this blog.

After this presentation, we really had to ask ourselves if we already traveled into the future with a DeLorean last year and have only kept you up to date with spoilers so far. It must be so, because we have obviously already seen the future of Sophos!

The future of Sophos

Nevertheless, we would like to summarize a few points for you so that you can better assess what the future holds for Sophos. Strategically, Sophos is prioritizing the following products for the future:

1. Endpoint
2. Firewall
3. Central
4. Synchronized Security

Endpoint

For the endpoint, we mainly talked about Intercept X, which was recently released for servers. Intercept X is not really new either and since Deep Learning was integrated in January 2018, there have been no new features. Now this does not mean that this product is bad. Quite the opposite! Sophos has been tested by several independent institutes and has by a very large margin the best detection rate as far as malware is concerned. But you can only achieve this result with Intercept X. Sophos Central Endpoint alone is not enough. Therefore, we also always recommend buying the Intercept X Advanced bundle.

From our point of view, we would have expected something completely new, of course. But we also have to realize that a product that is already so good and leaves the competition behind does not need any new features for the moment. It’s about the same phenomenon as with smartphones. The manufacturers have not made much progress in the past few years either, and apart from better CPUs and cameras, major changes have fallen by the wayside.

Nevertheless, there will be a new product: Sophos Intercept X EDR. We will present this in detail in a separate article in November. The public beta for Intercept X EDR has just started during the conference. Roughly summarized, the issue is this:

Root Cause Analysis (RCA) has been reworked and gets more features to make it easier for administrators to perform even deeper root cause identification. This provides additional information about the potentially malicious file to better understand its behavior. In addition, one also receives suggestions as to how best to proceed now.

Root Cause Analysis, which is a component of Intercept X, is thus further enhanced with Intercept X EDR in order to perform even more precise analyses and, for example, export forensic data or completely isolate clients. The software is expected to be introduced in November in version 1.0 and sold as a separate product with its own license.

Firewall

Also this year, as in Lisbon, there was practically only talk about the XG Firewall and the next v17.5 version, which is scheduled for release in November. Last year, we concluded that the SG Firewall with the UTM operating system was actually already dead, because not a word was said about it. We were therefore very surprised to be presented with a roadmap for the UTM again a year later!

UTM 9.6 will be available soon

• Sandstorm: Reporting and manual file transfer improvements
• WAF: Support for the “Let’s Encrypt” certificate and improvements in page personalization
• RED: Unified firmware with 4G LTE support
• Email: Updated S/MIME-based encryption
• ATP: New and improved Advanced Threat Protection engine

Roadmap to UTM 9.7, 9.8 and 9.9

A concrete roadmap to new features or bug fixes for version 9.7 to 9.9. Unfortunately, we are not able to show them here. However, it is known that IKEv2 is not supported in UTM 9.6.

Quote from Sophos: “Given our experience integrating the technology into XG Firewall, we did not want to unnecessarily delay the release of UTM 9.6, so we are likely to add the feature in a later version.”

For future releases of the UTM, Sophos is also considering incorporating the following innovations:

• Improvements in email and data protection in line with the GDPR
• improved RestAPI for retrieving status information
• Machine Learning in the On-Box Anti-Virus Engine
• automated IP blacklisting to protect against “brute force” attacks

Even if Sophos continues to work on the UTM, it cannot be glossed over that the future belongs to the XG with the SFOS, where innovative new features are also being developed. However, we understand here Sophos that you can not just drop the huge share of UTM Business. But in the longer term, it just doesn’t make sense to continue to develop two different operating systems in parallel and invest duplicate resources. So we see that the UTM operating system will probably retire in the next 3 – 5 years. There was probably a breakout session called “Migration from UTM to XG” for a reason. 🤭

XG Firewall (SFOS)

For XG Firewall, we can look forward to the next major update of version 17.5. At the roadshow in March, there was still talk of a version 17.2 and 17.3, but they now seem to be omitted. By the way, the APX access points are not yet supported with version 17.5. So until further notice, these can only be operated with Sophos Central Wireless.

Here are three more cool features that will come with version 17.5:

• Sophos Central Management: Manage XG Firewall via Sophos Central (Full SSO device management / Alerting and status for availability, license, performance and security / Touchless setup of new devices / Manage firmware updates for multiple devices / Option to store, maintain backups in Central)
• Synchronized User ID: Logged in computer user is transmitted via Security Heartbead of XG Firewall. No Active Directory is required for this. This way you can see a username in the logs/reports and not just a meaningless IP address.
• Lateral Movement Protection: Infected endpoint can be isolated by the firewall.

Somewhere between the end of 2019 and the beginning of 2020, version 18 should then be released. When exactly, even Sophos probably does not know yet. 😅 What we already know, however, is that SFOS will be using Ubuntu as its new base in the future! Matching to this, there is also new hardware with an additional ASIC processor, which brings another 200% more performance. Other manufacturers already do this so that certain tasks are processed by a dedicated processor. However, this is not a new news either, but one from last year.

Central

What we would have liked to see is a new product in the direction of software-defined networking (SDN). That would be a next approach. However, the promise that the XG Firewall (only the XG) can be managed via Sophos Central is now to be fulfilled. The XG will support this with the 17.5 update. Otherwise, there are no concrete features and Central just continues to improve.

Syncronized Security

Unfortunately, there is nothing concrete in this area either. Sophos is updating more and more products with the Security Heartbeat. The last to go was Wireless. The bigger goal is to implement more AI / AI in this area as well.

Partner Cocktail Party

After a long day with breakout sessions, in which one was informed in more detail about certain topics, one could look forward to a super organized evening. Once again, Sophos came up with something very special this year. The meeting point for the departure to the party was behind the hotel at the harbor, where an old sailing ship was waiting for us. The destination of our trip was the “Revelin Culture Club” in the old town of Dubrovnik. The boat ride was about 30 minutes before we finally docked at the port and in a few steps we reached the Revelin Culture Club. On the roof at the edge of the city wall we had a varied dinner followed by a live band.

Closing words

It was a strange feeling to leave the conference without really having learned anything new. In our opinion, the motto “See the Future” would have been more appropriate at the last conference 1.5 years ago, when people stood on stage and talked about Synchronized Security and the XG Firewall. The positive thing, however, is that the plan at that time was actually implemented and we have these features in use today. The motto was not really new either. At the roadshow in Dübendorf, they also wanted to show us the future.

From our point of view there was not much new to report and the sessions were rather weak. Since our expectations were very high, we are therefore rather disappointed. Nevertheless, Sophos really has a strong portfolio together at the moment with Endpoint (Intercept X), XG Firewall (not UTM), Central and Synchronized Security, which will be further developed in the future. There is still potential for optimization in all corners, but the right direction is right and we are taking that with us.

Besides the sessions we had some good conversations and expanded our network. Our impputs on the products were delivered to the right people and the cooperation was strengthened. However, we are particularly pleased that we were able to meet someone in Dubvronik who will be able to implement our long-standing idea and drive Avanet forward a great deal. More on this in Q1-2019.