Network Protection - for secure network
The Sophos Firewall Network Protection provides comprehensive security features to protect your IT infrastructure from cyber threats. This page explains the key features of the license.
The most important license for any Sophos Firewall
The Network Protection is critical to your Sophos Firewall because it provides world-class security features while optimizing the performance of your network.
Synchronized Security and Security Heartbeat are features of Sophos Firewall with Network Protection that enable seamless communication between Sophos security products. These features improve threat detection and response by sharing information about the security status of endpoints and network devices.
Xstream TLS Inspection - TLS Inspection enables the Sophos firewall to monitor encrypted traffic and scan it for threats. This allows the firewall to detect and block malicious content in encrypted traffic without compromising user privacy.
SD-WAN (Software-Defined Wide Area Network) is a feature of Sophos Firewall with Network Protection that enables centralized control and optimization of network connections across multiple sites. SD-WAN improves network performance, increases resilience, and reduces the cost of traditional MPLS connections.
Deep Packet Inspection
Deep Packet Inspection (DPI) enables in-depth analysis of data traffic in the network. Unlike traditional packet inspection, which is limited to header information, DPI analyzes the entire content of data packets, including payload and headers. This enables the detection of suspicious activity, malware and other threats.
Deep Packet Inspection offers the following advantages:
- Advanced detection: DPI enables detection of a wide range of threats that may be missed by traditional packet inspection methods. These include advanced attack techniques, malware, and data leaks.
- Protection against malicious applications: By analyzing traffic in detail, DPI can identify malicious applications and scripts. These attempt to bypass security assumptions or extract sensitive information.
- Improved network security: The ability to detect threats at a deeper level enables improved network security and reduced risk of cyberattacks and data loss.
- Customizable security policies: IT administrators can create and configure custom DPI policies to tailor protection to their organization's specific needs. This allows targeted security assumptions to be implemented for specific applications or types of traffic.
- Performance monitoring: Deep packet inspection also enables network performance monitoring, helping IT administrators identify and resolve bottlenecks and quality of service issues.
By implementing Deep Packet Inspection in your Sophos Firewall, you benefit from advanced threat detection, increased network security, and better control of your IT infrastructure. The detailed traffic analysis that DPI provides is a critical factor in preventing cyberattacks and protecting your network.
Intrusion prevention is an important feature of Sophos Firewall Network Protection. It detects and blocks intrusion attempts and cyberattacks in real time. The Intrusion Prevention System (IPS) scans network traffic for anomalies and suspicious activity to detect threats early and initiate countermeasures. It uses advanced technologies and regularly updated signature databases.
Benefits of Intrusion Prevention:
- Proactive protection: IPS provides proactive protection against known and unknown threats. It detects suspicious activity and exploit attempts on the network before they can cause damage.
- Comprehensive detection: By combining signature-based detection methods, anomaly-based detection methods, and behavioral analysis, the IPS can cover a wide range of attack vectors. Both known and zero-day threats are identified.
- Automated response: When a threat is detected, the IPS automatically initiates actions to block the attack and minimize its impact. These include blocking traffic, disconnecting connections or applying quarantine rules.
- Custom policies: To customize detection and response to specific threats and attack vectors relevant to their network and organization, IT administrators can create custom IPS policies.
- Integrated reporting: Intrusion Prevention provides comprehensive reporting capabilities. This allows IT administrators to evaluate the effectiveness of their security measures and continuously improve their security strategy.
With intrusion prevention in your Sophos Firewall Network Protection, you benefit from proactive and comprehensive protection against cyber threats. This improves the security of your network and minimizes the risk of data loss and business disruption.
To manage the Sophos SD-RED appliances and use their full potential, the Sophos Network Protection license is required. SD-RED is an innovative solution that simplifies the setup and management of secure VPN connections between different locations. By using SD-RED appliances, you are able to ensure secure and reliable communications within your corporate network across multiple sites.
It is very easy to set up an SD-RED appliance. You simply connect the appliance to the Internet. It is automatically detected by your centrally managed Sophos Firewall. You can then configure the desired VPN connections and security policies for the appliance. There are no complex manual configurations or time-consuming processes.
With SD-RED, you benefit from secure, encrypted connections between remote sites or branch offices. To enforce consistent security policies, traffic from remote sites can be centrally monitored and filtered through your Sophos Firewall. At the same time, network performance and stability is improved by optimizing bandwidth and latency.
Using SD-RED appliances increases the flexibility and scalability of your network. Without much effort, you can quickly and easily add or remove new sites as needed.
With the Network Protection license, you are thus able to take full advantage of the SD-RED appliances and manage your network easily, efficiently and securely. With this license, you are well prepared for the challenges of an increasingly networked world.
How to: Set up Sophos RED
Advanced Threat Protection
Advanced Threat Protection (ATP) is a powerful feature of Sophos Firewall that detects, prevents, and responds to advanced and targeted attacks. ATP uses cutting-edge technologies to effectively combat complex and persistent threats.
The advantages of ATP include
- Detection of zero-day attacks and unknown threats through the use of machine learning, behavioral analysis, and real-time threat intelligence.
- Proactively defend against threats by detecting anomalies in network behavior and taking preventive action based on them.
- Protection against ransomware and targeted attacks that can often bypass traditional security solutions.
- Integration and collaboration with other Sophos security products for comprehensive and coordinated protection of the IT infrastructure.
- Automated responses to detected threats to minimize the impact of security incidents and reduce the time to restore normal operations.
By implementing ATP in your Sophos Firewall Network Protection, you can ensure that your business is protected against the latest and most sophisticated cyber threats, while reaping the many benefits of this advanced security feature.
Synchronized Application Control
Synchronized Application Control improves the visibility of and controls applications on the network. It enables IT administrators to identify and effectively manage the traffic of applications on the network.
Synchronized Application Control benefits include:
- Increased visibility: IT administrators get detailed information about the applications running on the network. This includes the applications being used by users and devices, as well as bandwidth utilization.
- Fine-grained control: The ability to set application policies at the user, group, or device level enables precise control of application traffic and ensures that critical business applications are prioritized.
- Improved security: Unwanted or unsafe applications can be identified and blocked. This reduces security risks and improves protection against threats such as malware and data loss.
- Network resource optimization: IT administrators can set bandwidth limits for specific applications. This ensures that critical business applications have sufficient resources and network performance is optimized.
With Synchronized Application Control in your Sophos Firewall Network Protection, you benefit from more visibility and control over applications on the network. This leads to greater security and better use of network resources.
Lateral Movement Protection
Lateral Movement Protection helps improve network security by preventing the spread of threats within the network. This feature detects and blocks lateral movement of malware and attackers attempting to access other systems on the network from an infected system.
Lateral Movement Protection helps prevent threats from spreading across the network. This feature detects and blocks lateral movement of malware and attackers when attempting to access other systems on the network from an infected system.
The benefits of Lateral Movement Protection include:
- Increased security: Lateral Movement Protection limits the spread of threats across the network. This reduces the risk of attacks spreading to other systems and causing greater damage.
- Fast detection: Lateral Movement Protection detects suspicious activity that indicates lateral movement. IT administrators can thus respond quickly to potential threats.
- Automatic response: To block lateral movement threats and minimize the impact of attacks, Lateral Movement Protection can automatically take countermeasures.
- Integration with other security features: Lateral Movement Protection works hand-in-hand with other Sophos Firewall Network Protection features. This ensures comprehensive and coordinated protection of the IT infrastructure.
Implementing lateral movement protection in Sophos Firewall Network Protection increases network security and prevents the spread of threats that can cause significant damage and business disruption.
Synchronized User ID
Synchronized User ID provides simplified user identification and seamless integration with existing Active Directory. It enables fast and accurate mapping of network activities to individual users. This does not require complicated manual configurations or scripts.
The advantages of the Synchronized User ID are
- Simplified user identification: Synchronized User ID provides seamless integration with directory services such as Active Directory. This enables automatic discovery of user identities on the network.
- Improved security: By accurately mapping network activity to users, IT administrators can effectively enforce security policies. This ensures that only authorized users have access to sensitive resources.
- Time savings: Automatic user identification eliminates the need for manual configurations and scripts. IT administrators save time and can focus on other important tasks.
- Granular control: To provide granular control over the network, Synchronized User ID allows IT administrators to create user-specific access policies and application rules.
By implementing Synchronized User ID in Sophos Firewall Network Protection, you benefit from improved user identification, enhanced security and more efficient network management.
Sophos Firewall Reporting provides IT administrators and security engineers with valuable insight into network activity and security events. By storing logs in Sophos Central, you can quickly and efficiently access and analyze important information. With standard storage, logs can be stored in Sophos Central for 7 days free of charge.
The reporting functions offer several advantages:
- Visualize network traffic and activity in real time to quickly identify unusual behavior and potential threats.
- Detailed information about the applications, users, and devices that generate network traffic to make informed decisions about security policies and resource allocations.
- Automated reports to meet compliance requirements and identify vulnerabilities or risks in the network.
- Quickly respond to security incidents with user-defined alerts and notifications.
The Central Orchestration increases the storage limit to 30 days, providing a longer period for analyzing and investigating security incidents. The additional Firewall Advanced Reporting license provides even greater storage capacity with up to 100 GB or 365 days of log storage in Central, allowing IT administrators and security engineers to perform even more detailed analysis and trend tracking.
Sophos XGS Firewall – Datasheet
Sophos XGS Firewall – Brochure
Sophos Firewall – Solution Brief
Sophos Central Firewall – Datasheet
Next-Gen Firewall – Buyer's Guide
Cybersecurity System – Buyer's Guide
Sophos Central Firewall Reporting – Datasheet
Sophos Firewall and SD-WAN whitepaper
What’s New in Sophos Firewall – Beginner’s Guide