We visited the Sophos Roadshow 2018 in Dübendorf Switzerland yesterday (07.03.2018) and summarize everything you need to know here. In keeping with the theme “Ready For Take Off”, the event took place at the “Air Force Center Zurich”. As always, a really cool location. Here are a few insights:
Ready For Take Off
After a welcome, there were a few horror stories that you tend to read less in the press, since no company voluntarily gives itself the nerve to make such a thing public. A security forensic expert gave us a glimpse of various attack scenarios that really happened that way. Ransomware was a big topic, of course, but so were targeted attacks. On the one hand, it was particularly impressive how enormous damage could be caused with little effort, but on the other hand, hackers take a lot of time for targeted attacks and think incredibly far ahead!
After this very interesting contribution, there was an outlook on Sophos’ roadmap. To put it mildly, it seemed as if this was taken over from last year. Or to put it another way, promises made in 2016 and 2017 are now to be implemented and kept this year. 😅
Towards the end of the day, as in Lisbon last year, the Partner Conference was all about XG Firewall, Intercept X with Deep Learning, Central and Synchronized Security.
New Sophos access points
The new access points, which were supposed to come last year, are now expected in Q3. The new models will then be called APX 320, APX 530 and APX 740 and will be equipped with the new Wave 2 standard.
- APX 320 – 2×2:2 802.11ac (867 Mbps + 300 Mbps) Quad core 717Mhz Dual 5GHz mode increases Max speed up to 1.7Gbps(Double performance compared to AP 55)
- APX 530 – 3×3:3 802.11ac (1.3 Gbps + 450 Mbps) Max. Speed up to 2.6Gbps @ 160MHz(double performance compared to AP 100)
- APX 740 – 4×4:4 802.11ac (1.7 Gbps + 450 Mbps) Max. Speed up to 3.6Gbps @ 160 MHz(Triple performance compared to AP 100)
Info: Wave 2 delivers faster data rates and offers the possibility to communicate with four different clients at the same time instead of just one (MU-MIMO) and also more channel width and a higher number of clients.
Wave 1 vs. Wave 2
- Channel width: 20, 40, 80 Mhz > 20, 40, 80, 160 MHz
- Number of streams: 3 > 4
- MIMO: Single-User > Multi-User
- Throughput: 1.3 Gbit/s > 3.6 Gbit/s
Sophos Firewall Roadmap
XG v17.1 should be released in April at the latest.
- Synchronized Application Control (SAC) – Various improvements and more known software
- CASB Visibliity – Even more insight into shadow IT
- Email Protection – Blacklist / Whitelist on user level
- Migration tool from SG to XG (Sounds great, but unfortunately it is not “yet”. Many things are not transferred).
- Support for the new hardware models XG85 – XG135 Rev. 3
- Stonewalling – When an endpoint is infected, the firewall stops other clients from communicating with it to prevent it from spreading across the network.
- Central Management & Reporting – Cloud Management and Reporting from the Firewall
- Email Protection – BATV/SPF/AD User verification – This will finally bring important features to the XG. The XG MTA is completely replaced by that of the UTM.
- Support for the new APX access points
- IPS TALOS Categorization
XG v17.3 is also scheduled for release later this year. Here is a small excerpt of the expected features. We will of course provide more detailed explanations shortly before the release.
- Lateral Movement Detection – Leverage Firewall to detect lateral movement attempts from Eps
- Device Discovery and IOT – Device detection and identification with Deep Learning
- Email Protection – DKIM Protection
- Air Gap Licensing Support – Support from enviroment where Internet access is limited for Firewall licensing and synchronization
- Web & Firewall – Support classrom-wide URL overrides, Automatic firewall rule groupings
- IKEv2 Site to Site VPN Support
- Sandstorm improvements
- WAF Let’s Encrypt Certificate Support
- New RED firmware with 4G module support
- Email improvements
- New ATP Library
Update July 25, 2018: IKEv2 has been removed from the roadmap.
- Sophos Anti Spam Engine
- DMARC Support
- Email spoof protection
- Email encryption improvements
Sophos Central Roadmap
Sophos Central Admin
- Two-factor authentication for the admin dashboard has been working for a couple of weeks, but was introduced again.
- Tamper Protection Recovery – If the client was deleted from Sophos Central, but the endpoint protection was still installed on the device, it became very costly to remove it afterwards. Now, at least within 60 days, the tamper protection password for deleted devices can still be viewed.
For larger customers, there is the Central Enterprise Dashboard. This allows you to manage multiple Central Accounts. This is suitable, for example, for larger companies that operate in multiple countries and require an admin with a Central Account in each country. Or as a second example, the Enterprise Dashboard is also suitable for a community with multiple schools. Thus, you can buy masses of licenses and distribute them and thus come cheaper. For even better management, the following two functions have already been announced:
- Master Policy – Create a policy and distribute it across all accounts
- Better management of notifications – Individual admins can now be notified about defined events.
Sophos Central Email
- Sophos Central Email is now to get the “Sandstrom” feature already expected in 2016. Then there is “deep learning technology”, “outbound spam” and “virus scans”.
- Multi Policty DKIM + DMARC.
Sophos Intercept X for Server
Also, intercept X for servers was not released in 2017 as announced, but is now scheduled for release this year.
Mobile 8 Roadmap
With the new version, Windows and macOS can now be managed. Ideal for customers who, for example, do not have Active Directory, many field employees or many BYOD devices.
- Email, WLAN, certificate or even password policies can be distributed centrally.
- Applications from the Windows Store or MSI can be rolled out.
- Manage computer compliance policies
Sophos Central Wireless
Synchronized Security is now also available in Sophos Central Wireless. As a result, if a client is infected, it can be isolated to prevent other clients on the network from becoming infected.
Sophos Phish Threat
Until now, it was possible to order the product, but it was not available in German and only visible to customers whose account was created in the US data center. This is now different and you can now test your users with perfectly fake phishing emails and train them through regular campaigns. We will certainly introduce Sophos Phish Threat in more detail, as we have now taken a liking to this product ourselves.
Sophos Central File Encryption
On the other hand, there is great disappointment with the “File Encryption” product. Sophos Central File Encryption was supposed to be released before May 25, 2018, i.e. before the EU General Data Protection Regulation came into force. However, the product launch has now been postponed to 2019. 😒
Since we really do deal with Sophos 365 days a year, there were no announcements that really surprised us. Nevertheless, Sophos managed to present one or the other nice feature, which we didn’t have on our radar right now. All in all, it was again a nice event, with good conversations and a lot of information, which we have briefly summarized for you here in this article.
If you have any questions, just contact us. We will continue to try to keep you as up to date as possible. 🤘