Network Guys

Share your knowledge!

A view at the Sophos Discover 2017 in Lissabon

The Sophos Discover was amazing! Many informations about new products and product features and a perfect organized event!

Project “Nemo” (Sophos XG – SFOS)

The new upcoming SFOS (Sophos Firewall Operating System) version will get an immense peformance boost through new and optimized alghorithms.

Sophos wants to release monthly maintenance updates. At September, Sophos will release v17 of SFOS (XG) which will close all feature gaps of the UTM and with 0 bugs. This will be my / our company start with the Sophos XG product!

The XG bridge mode can now scan tagged VLAN packets, so no additional configuration is required when you place the device between the current firewall and the switch environment.

The Discover/Tap mode can operate as a “viewer” of your current security environment. The device will be connected to a SPAN / switch mirror port of the current firewall switch port. Ideal for checking the current customer environment without interruption.

The new Dynamic App control function in XG can communicate with Sophos endpoints so your firewall device will know every application you are running inside your company. Apps can be make visible and classified for your control!

The new SSL inspection is very powerful! Sophos will also release new hardware devices within the next twelve month. There will be two new generation plattforms. The second one will have built-in ASICs for better operation:

so maybe you wait for the second new hardware wave ;)

The new v17 of SFOS will have Unified Log Viewer and fast quick filters.  The User Risk Assessment can identifiy the risk level of every user (counting malware infections, firewall and application block rules, etc.) and will built a “Security Audit Report”. The firewall rules will be represented in a unified view:

so it will be easier to understand your company /customer rules. So back to “Project Nemo”, what is so exciting about this? What will be the main feature? Sophos acquired Invincea, a Gartner-called “visionary” company for Deep Learning Neural Network features. The call it “Project MI6”. This is artificial intelligence for global malware learning. It’s an alghoritm who identifies “good” and “bad” files like a human brain:

The presentation of the recognization of 100 unknown and heavy malware files was AMAZING! I was flashed of the very fast cleanup. The interesting fact: The malware alghorithm had only a one-digit megabyte size and was 86 days old (!) this is a decade within a typical anti-virus time. Normal signature-based Anti-Virus software can go home! Really! The alghorithm can detect every little mutation and base code of every malware. Why is a signature-based anti-virus program inefficient against malware like Ransomware? Ransomware or exploits are mostly built at your computer in the memory. So there is no file which can be scanned for example. Ransomware also “mutates”. The infected file, which infects you, is harmless for anti-virus engines. The file generates the real malware directly at your computer or downloads secured infected files from the internet. So every Ransomware is mostly a complete “new” malware. Signature-based Anti-Virus programs can only block which they know. You understand the problem here?

This new deep learning alghorithm will be include in Sophos Intercept X at the end of the year. Sophos will be a podium player across the whole portfolio! Deep learning will also be implented in the Sophos XG firewall!

Man vs. Machine… Sophos told us that the analyze machine has now surpassed the best code-analyzer… so yeah, the machine wins… it’s a little bit scary and simultaneously amazing.

 

Sophos Mobile Control

Ok first, “Sophos Mobile Control” has been changed to “Sophos Mobile” :) they also adapted the Sophos Central version to the on premise version. So both products have now the same interface and you can move directly from on-premise to Sophos Central. Sophos Mobil will also be able to manage “Android Things” and “Windows IoT” devices.

 

 

 

 

Sophos also advertised Sophos Home, the free Home endpoint-protection and introduced a new beta-program for Sophos Home Premium:

There were many other interesting lectures and I hope I will have the chance to visit Sophos Discover 2018! At last I want to give you some other impressions of the event:

Are you impressed or afraid of the new deep neural network features? Feel free to write your thoughts in the comments! Have a nice sunday!

 

Leave a Reply

Click on the button to load the content from jetpack.wordpress.com.

Load content

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Certificates

ekahau Certified Survey Engineer
ATP_wsrgb
ACMP2
suca
Post Categories
Post Archives