Yesterday (07.03.2018) we visited the Sophos Roadshow 2018 in Dübendorf, Switzerland and summarise everything worth knowing here. In keeping with the theme "Ready for Take Off", the event was held at the "Air Force Center Zurich". As always a really cool location. Here are some insights:
Ready For Take Off
After a greeting there were some horror stories, which you can hardly read in the press, because no company is willing to make it public. A security forensic expert gave us an insight into various attack scenarios that have really happened. Ransomware was of course a big topic, but also targeted attacks. On the one hand, it was especially impressive how with little effort an enormous damage could be caused, but on the other hand, hackers take a lot of time for targeted attacks and think ahead incredibly!
After this very interesting post, there was an insight into Sophos's roadmap. To put it mildly, it seemed that it was taken over again last year. Or to put it another way, the promises of 2016 and 2017 are to be implemented and kept this year. 😅
Towards the end of the day, like last year in Lisbon at the Partner Conference, it was all about the XG Firewall, Intercept X with Deep Learning, Central and Synchronized Security.
New Sophos Access Points
The new access points, which should come last year, are now expected in Q3. The new models will then be called APX 320, APX 530 and APX 740 and will be equipped with the new Wave 2 Standard.
APX 320 - 2x2:2 802.11ac (867 Mbps + 300 Mbps) Quad core 717Mhz Dual 5GHz mode increases Max speed up to 1.7Gbps (Twice the performance as opposed to the AP 55)
APX 530 - 3x3:3 802.11ac (1.3 Gbps + 450 Mbps) Max. Speed up to 2.6Gbps @ 160MHz (Twice the performance as opposed to the AP 100)
APX 740 - 4x4:4 802.11ac (1.7 Gbps + 450 Mbps) Max. Speed up to 3.6Gbps @ 160 MHz (Three times better performance than the AP 100)
Info: Wave 2 delivers faster data rates and offers the ability to communicate with four different clients (MU-MIMO) at the same time instead of just one, plus more channel width and a larger number of clients.
Wave 1 vs. Wave 2
- Channel width: 20, 40, 80 Mhz > 20, 40, 80, 160 MHz
- Number of streams: 3 > 4
- MIMO: Single-User > Multi-User
- Throughput: 1.3 Gbit/s > 3.6 Gbit/s
Sophos Firewall Roadmap
XG v17.1 will be released in April at the latest.
- Synchronized Application Control (SAC) - Various improvements and more well-known software
- CASB Visibliity - Even more insight into the shadow IT
- Email Protection - Per-user controls over black/allow list & exeptions
- Migration Tool from SG to XG (Sounds great, but unfortunately it's not "yet". Much is not taken over.)
- Support for new hardware models XG85 - XG135 Rev. 3
- Stonewalling - When an endpoint is infected, the firewall stops other clients from communicating with it to prevent it from spreading across the network.
- Central Management & Reporting - Cloud Management and Reporting from the Firewall
- Email Protection - BATV/SPF/AD User verification - This will finally bring important features to the XG. The XG MTA is completely replaced by the UTM.
- Support for the new APX access points
- IPS TALOS categorization
XG v17.3 will also be released this year. Here is a small extract of the expected features. More detailed explanations will be given by us shortly before the release.
- Lateral Movement Detection - Leverage Firewall to detect lateral movement attempts from Eps
- Device Discovery and IOT - Device detection and identification with Deep Learning
- Email Protection - DKIM Protection
- Air Gap Licensing Support - Support from enviroment where Internert access is limited for Firewall licensind and synchronisation
- Web & Firewall - Support classrom-wide URL overrides, Automatic firewall rule groupings
- IKEv2 Site to Site VPN Support
- Sandstorm improvements
- WAF Let's Encrypt certificate support
- New RED Firmware with 4G Module Support
- Email improvements
- New ATP library
Update July 25, 2018: IKEv2 has been removed from the roadmap.
- Sophos Anti-Spam Engine
- DMARC support
- Email Spoof Protection
- Email Encryption Enhancements
Sophos Central Roadmap
Sophos Central Admin
- Two-factor authentication for the admin dashboard has been working for a few weeks now, but was introduced again.
- Tamper Protection Recovery - If the client was deleted from Sophos Central, but the endpoint protection was still installed on the device, it took a lot of effort to remove it afterwards. Now, at least within 60 days you can still see the tamper protection password for deleted devices.
For larger customers there is the Central Enterprise Dashboard. This allows you to manage several Central Accounts. This is suitable, for example, for larger companies that operate in several countries and require an admin with a central account in each country. Or as a second example, the Enterprise Dashboard is also suitable for a community with several schools. This means that you can buy a lot of licenses and distribute them, which makes it cheaper. The following two functions have already been announced for even better management:
- Master Policy - Create a policy and distribute it across all accounts
- Better management of notifications - Individual admins can now be notified of defined events.
Sophos Central Email
- Sophos Central Email will now receive the "Sandstrom" feature expected in 2016. In addition, there is "Deep Learning Technology","Outbound Spam" and "Virusscans".
- Multi Policty DKIM + DMARC.
Sophos Intercept X für Server
Also intercept X for Server was not released as announced in 2017, but is now scheduled for publication this year.
Mobile 8 Roadmap
With the new version it is now possible to manage Windows and macOS. Ideal for customers who do not have an Active Directory, many field staff or many BYOD devices.
- Email, WLAN, certificate and password policies can be centrally distributed.
- Applications from the Windows Store or MSI can be rolled out.
- Manage computer compliance policies
Sophos Central Wireless
Synchronized security is now making its way into Sophos Central Wireless. This means that if a client is infected, it can be isolated so that other clients in the network cannot be infected.
Sophos Phish Threat
Until now, the product could be ordered, but it was not available in German and only visible for customers whose account was created in the US data center. This has changed and now you can test your users with perfectly fake phishing emails and train them through regular campaigns. We're sure we'll be introducing Sophos Phish Threat in more detail as we've now enjoyed this product ourselves.
Sophos Central File Encryption
However, the "File Encryption"product is very frustrating. Sophos Central File Encryption should be released before 25 May 2018, before the EU's basic data protection regulation enters into force. However, the product launch has now been postponed to 2019. 😒
Since we are really dealing with Sophos 365 days a year, there were no announcements that would really surprise us. Nevertheless, Sophos managed to present one or two nice features that we didn't have directly on screen. All in all, it was again a wonderful occasion, with good conversations and lots of information, which we have summarized here in this article.
If you have any questions, just contact us. We will keep you up to date as soon as possible. 🤘