FW0505 20 0v1 What is Sophos Firewall

Prévia do material em texto

<p>Copyright © 2024 Sophos Ltd</p><p>Sophos Firewall</p><p>What is Sophos</p><p>Firewall?</p><p>Version: 20.0v1</p><p>[Additional Information]</p><p>Sophos Firewall</p><p>FW0505: What is Sophos Firewall</p><p>January 2024</p><p>Version: 20.0v1</p><p>© 2024 Sophos Limited. All rights reserved. No part of this document may be used or reproduced in any form or by any means without the prior written</p><p>consent of Sophos.</p><p>Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other names, logos and marks mentioned in this document may be the</p><p>trademarks or registered trademarks of Sophos Limited or their respective owners.</p><p>While reasonable care has been taken in the preparation of this document, Sophos makes no warranties, conditions or representations (whether express</p><p>or implied) as to its completeness or accuracy. This document is subject to change at any time without notice.</p><p>Sophos Limited is a company registered in England number 2096520, whose registered office is at The Pentagon, Abingdon Science Park, Abingdon,</p><p>Oxfordshire, OX14 3YP.</p><p>What is Sophos Firewall? - 1</p><p>Copyright © 2024 Sophos Ltd</p><p>What is Sophos Firewall?</p><p>In this chapter you will learn the</p><p>key functions performed by</p><p>Sophos Firewall.</p><p>DURATION 10 minutes</p><p>RECOMMENDED KNOWLEDGE AND EXPERIENCE</p><p>✓ Experience of Sophos Central</p><p>✓ Practical knowledge or networking, including</p><p>subnets, routing, VLANs, and VPNs</p><p>✓ Experience configuring network security devices</p><p>✓ Knowledge of fundamental encryption and hashing</p><p>algorithms and certificates</p><p>Copyright © 2023 Sophos Ltd</p><p>In this chapter you will learn the key functions performed by Sophos Firewall.</p><p>What is Sophos Firewall? - 2</p><p>Copyright © 2024 Sophos Ltd</p><p>What is Sophos Firewall?</p><p>Next-Gen Firewall</p><p>Visibility, Protection, and</p><p>Response</p><p>All-in-One Protection</p><p>Consolidate, Simplify, & Save</p><p>School Protection</p><p>Affordable, Simple Compliance</p><p>& Control</p><p>SD-WAN & Branch</p><p>Retail, Branch Office, ICS &</p><p>SD-WAN</p><p>Endpoint Integration</p><p>Synchronized Security &</p><p>Automated Response</p><p>Public Cloud</p><p>Protection for Azure and Hybrid</p><p>Networks</p><p>Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and identity-</p><p>based policies at its core. Sophos Firewall does not only protect wired networks, but as a wireless</p><p>controller for Sophos access points, can provide secure wireless networking functionality.</p><p>Protection is provided through a single cloud-based platform, making day-to-day management of all</p><p>your Sophos products (including Sophos Firewall) easy and scalable. There are features purpose built</p><p>to help universities, higher education, K-12, and primary or secondary educational institutions</p><p>overcome key challenges. For example, powerful web filtering policies, and built-in policies for child</p><p>safety and compliance.</p><p>With Sophos Firewall and SD-RED you can connect sites across your geographically-distributed</p><p>network. Sophos Firewall works together with Sophos Central in real time. So, when either Sophos</p><p>Firewall or Sophos Central identifies a threat, they work together to provide health and threat</p><p>monitoring, lateral movement protection as well as synchronized application control and synchronized</p><p>security.</p><p>Sophos Firewall can be deployed using preconfigured virtual machines in the cloud where cloud</p><p>servers can be secured, protecting them against hacking attempts.</p><p>What is Sophos Firewall? - 3</p><p>Copyright © 2024 Sophos Ltd</p><p>What is Sophos Firewall?</p><p>See it</p><p>Stop it</p><p>Secure it</p><p>Expose hidden risks</p><p>Superior visibility into risky activity, suspicious traffic, and</p><p>advanced threats helps you maintain control of your network.</p><p>Stop unknown threats</p><p>Powerful next-gen protection technologies like deep learning</p><p>and intrusion prevention keep your organization secure.</p><p>Isolate infected systems</p><p>Automatic threat response instantly identifies and isolates</p><p>compromised systems on your network and stops threats from spreading.</p><p>Sophos Firewall includes a comprehensive built-in reporting engine, which allows you to easily drill</p><p>down into reports to find the information you need.</p><p>It also provides comprehensive next-generation firewall protection that exposes hidden risks, blocks</p><p>unknown threats, and automatically responds to incidents.</p><p>Superior visibility into risky activity, suspicious traffic, and advanced threats helps you maintain control</p><p>of your network.</p><p>Powerful next-gen protection technologies, like deep learning and intrusion prevention, keep your</p><p>organization secure.</p><p>Automatic threat response instantly identifies, and isolates compromised systems on your network</p><p>and stops threats from spreading.</p><p>What is Sophos Firewall? - 4</p><p>Copyright © 2024 Sophos Ltd</p><p>See It</p><p>See it</p><p>Stop it</p><p>Secure it</p><p>The control center appears as soon as you sign in. It provides a single screen snapshot of the state and</p><p>health of the security system with its traffic-light style indicators, which immediately draw attention to</p><p>what matters most.</p><p>Immediately you can see your top risks related to heartbeat, apps, payloads, users, threats, websites</p><p>and attacks.</p><p>What is Sophos Firewall? - 5</p><p>Copyright © 2024 Sophos Ltd</p><p>Stop It</p><p>See it</p><p>Stop it</p><p>Secure it</p><p>Intrusion Prevention System</p><p>Web Protection & SSL Inspection</p><p>Sandboxing</p><p>Active Threat Response</p><p>Synchronized SecurityApplication Visibility and Control</p><p>Email, DLP, Encryption</p><p>Web Application Firewall</p><p>Wireless Protection RED, VPN, and ZTNA</p><p>Deep learning</p><p>Next-Gen Firewall</p><p>Sophos Firewall analyzes incoming and outgoing network traffic (for example, DNS requests, HTTP</p><p>requests, and IP packets) for sophisticated attacks by using a full suite of protection technologies.</p><p>These include:</p><p>• Powerful zero-day protection sandboxing,</p><p>• Deep learning with artificial intelligence,</p><p>• Top performing IPS,</p><p>• Active Threat Response,</p><p>• And web protection with dual AV, JavaScript emulation, and SSL inspection.</p><p>All benefit from over 30 years of threat intelligence data from Sophos Labs.</p><p>What is Sophos Firewall? - 6</p><p>Copyright © 2024 Sophos Ltd</p><p>Secure It</p><p>See it</p><p>Stop it</p><p>Secure it</p><p>Security Heartbeat</p><p>Sophos Firewall Sophos Central</p><p>Phishing</p><p>Email</p><p>Internet Sophos Firewall</p><p>Malware Server</p><p>Servers</p><p>RANSOMWARE ATTACK</p><p>Infected Host</p><p>Devices</p><p>Threats and targeted ransomware demonstrate the ways cybercriminals are constantly changing their</p><p>tactics to stay effective and profitable.</p><p>The next-gen advancements of Sophos Firewall combined with the intelligence of Synchronized</p><p>Security, and easy management of all products within Sophos Central, are essential for maintaining</p><p>protection and responding quickly to any attack.</p><p>What is Sophos Firewall? - 7</p><p>Copyright © 2024 Sophos Ltd</p><p>Xstream Architecture</p><p>TLS 1.3 Decryption</p><p>Deep Packet Inspection Engine</p><p>Xstream Network Fastpath</p><p>TLS inspection provides transparency into all the encrypted traffic on the network.</p><p>Deep packet threat protection is provided in a single engine for anti-virus, intrusion protection, web</p><p>protection, application control and TLS inspection.</p><p>Network Fastpath accelerates SaaS, SD-WAN, cloud traffic such as VoIP and video and other trusted</p><p>applications automatically or via defined policies. These are placed on the Xstream Fastpath to</p><p>optimize performance.</p><p>What is Sophos Firewall? - 8</p><p>Copyright © 2024 Sophos Ltd</p><p>Zero Trust Overview</p><p>Trusted</p><p>Zero Trust is a cybersecurity mindset</p><p>based on the principle of</p><p>trust nothing, check everything</p><p>Traditionally cybersecurity has involved creating a security perimeter and trusting that everything</p><p>inside that perimeter is secure. This is a vulnerable design as once an attacker or unauthorized user</p><p>gains access to a network, that individual has easy access to everything inside the network, where</p><p>they can progressively search for the key data and assets that are ultimately the target of their attack.</p><p>Zero trust is a relatively new and evolving approach to network design, but it's also part of a wider</p><p>mind-set based on the principle of trusting nothing and checking everything. With zero trust, no user</p><p>is trusted, whether inside or outside of the</p><p>network.</p><p>What is Sophos Firewall? - 9</p><p>Copyright © 2024 Sophos Ltd</p><p>Zero Trust Overview</p><p>Trusted</p><p>SaaS</p><p>Remote Users</p><p>The number of users, who wish to work remotely, and use their own personal devices to access</p><p>corporate data and resources on untrusted networks, such as those in coffee shops, is increasing.</p><p>The use of SaaS apps, cloud platforms, and services, leaves some data outside of the corporate</p><p>perimeter. The use of public cloud platforms, means that many of the devices or services that once ran</p><p>within the corporate perimeter, are now run outside of it.</p><p>The principle of zero trust is to secure every device as if it was connected directly to the Internet.</p><p>What is Sophos Firewall? - 10</p><p>Copyright © 2024 Sophos Ltd</p><p>ZTNA and Firewalls</p><p>Sophos Central</p><p>ZTNA</p><p>Service Edge Access</p><p>SD-RED</p><p>Core Network AccessAPX Switch</p><p>SD-WAN VPNAzureAWS</p><p>ZTNA is complimentary to a firewall, just as VPN is complimentary to a firewall. Of course, the firewall</p><p>still plays a critically important role in protecting corporate network and data center assets from</p><p>attacks, threats, and unauthorized access. ZTNA bolsters a firewall, by adding granular controls and</p><p>security for networked applications, in the cloud or on-premise.</p><p>What is Sophos Firewall? - 11</p><p>Copyright © 2024 Sophos Ltd</p><p>Network Segment</p><p>Sophos FirewallInternet</p><p>Devices</p><p>Sw</p><p>it</p><p>ch</p><p>Applications</p><p>Sw</p><p>it</p><p>ch</p><p>Users</p><p>!</p><p>On the firewall side, network segmentation or even micro-segmentation around your users, devices,</p><p>apps, networks, and so on, provides one of the key benefits of the zero-trust strategy.</p><p>Dynamic policies are at the center of Sophos Firewall, with multiple sources of data available to</p><p>leverage as part of a policy. Identity, time of day, network location, device health, network packet</p><p>analysis – and more. All these different sources of data can be used in different combinations</p><p>depending on the scenario.</p><p>As a key example, Server and Endpoint Protection can be used to assign every device a health status.</p><p>In the event a device is compromised, the device can be automatically isolated.</p><p>What is Sophos Firewall? - 12</p><p>Copyright © 2024 Sophos Ltd</p><p>Lateral Movement Protection</p><p>Sophos FirewallInternet</p><p>Local Area Network</p><p>Sw</p><p>it</p><p>ch</p><p>Infected Host</p><p>Endpoint</p><p>Application Server</p><p>Lateral Movement Protection effectively provides an adaptive micro-segmentation solution. With</p><p>Lateral Movement Protection, each individual endpoint is effectively on its own segment, able to be</p><p>isolated in response to an attack or threat, regardless of the network topology.</p><p>Sophos Firewall uniquely integrates the health of connected hosts into your firewall rules, enabling</p><p>you to automatically limit access to sensitive network resources from any compromised system, until</p><p>it’s cleaned up.</p><p>This is made possible by Synchronized Security, which is our cross-portfolio approach to analyze</p><p>system and network activity, adapt to scenarios through dynamic policy, and automate complex tasks</p><p>like isolating machines and more.</p><p>What is Sophos Firewall? - 13</p><p>Copyright © 2024 Sophos Ltd</p><p>Chapter Review</p><p>A comprehensive network security device, with a zone-based firewall, and identity-based policies as its</p><p>core.</p><p>Can expose hidden risks, stop unknown threats and isolate infected systems.</p><p>Supports ZTNA by providing network segmentation and lateral movement protection.</p><p>Here are the three main things you learned in this chapter.</p><p>Sophos Firewall is a comprehensive network security device, with a zone-based firewall, and identity-</p><p>based policies at its core.</p><p>The firewall can expose hidden risks, use next-gen protection technologies to stop unknown threats,</p><p>while automatic threat response identifies, and isolates compromised systems.</p><p>Sophos Firewall can support ZTNA by providing network segmentation and lateral movement</p><p>protection.</p><p>What is Sophos Firewall? - 19</p><p>Copyright © 2024 Sophos Ltd</p><p>What is Sophos Firewall? - 20</p>