Current occasions with F5 and SonicWall underline a seamless situation: community infrastructure is continually beneath assault, and the cybersecurity business continues to grapple with deep product safety challenges.
Our adversaries are concentrating on the very instruments designed to defend us. These should not opportunistic assaults: they’re a long-term technique requiring years of analysis and are more and more involving direct breaches of distributors’ personal engineering and product environments.
As disclosed in our Pacific Rim analysis from final 12 months, Sophos has direct expertise with this. We found an inner breach of our firewall division in 2018, adopted by assaults in opposition to buyer gadgets that demonstrated an uncanny data of our product structure. A handful of different distributors have disclosed related inner intrusions however this probably solely scratches the floor of a wider situation.
What can we do? As Ollie Whitehouse on the Nationwide Cyber Safety Centre has identified, that is in the end a market incentives downside. Consumers must demand higher. Not by punishing distributors who disclose breaches, however by rewarding distributors who embrace transparency and exhibit an actual dedication to Safe by Design ideas.
During the last a number of releases, now we have continued to put money into implementing Safe by Design ideas into all our merchandise, together with Sophos Firewall. Sophos Firewall has had quite a few updates in the previous couple of years to aggressively harden the product, make it simpler to patch vulnerabilities, and to determine when a buyer is beneath assault.
As you most likely know, Sophos Firewall is exclusive in providing zero-touch over-the-air hotfixes that can be utilized to patch new vulnerabilities with out scheduling downtime. Sophos can be the one vendor that’s actively monitoring our set up base to assist determine indicators of an assault early.
Sophos Firewall v22 takes Safe by Design to a brand new stage with a number of necessary enhancements:
Improved workload isolation – With our next-gen Xstream Structure, SFOS v22 introduces an all-new management airplane re-architected for elevated defense-in-depth and scalability. The brand new management airplane permits deeper modularization, isolation, and containerization of companies.
Hardened kernel – The following-gen Xstream Structure in Sophos Firewall OS is constructed upon a brand new hardened kernel (v6.6+) that gives enhanced safety, efficiency, and scalability to maximise present and future {hardware}. This new kernel presents tighter course of isolation and higher mitigation for side-channel assaults in addition to mitigations for CPU vulnerabilities. It additionally presents hardened usercopy, stack canaries, and Kernel Deal with House Structure Randomization (KASLR).
Distant integrity monitoring – Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that allows real-time monitoring of system integrity, together with unauthorized configuration, rule exports, bug execution makes an attempt, file tampering, and extra. This helps our safety groups – who’re proactively monitoring our whole Sophos Firewall set up base – to higher determine, examine, and reply extra shortly to any assault. That is an added safety functionality that no different firewall vendor offers.
Sophos Firewall Well being Test – A robust safety posture is determined by guaranteeing your firewall and different community infrastructure is optimally configured. Sophos Firewall v22 makes it a lot simpler to judge and handle the configuration of your firewall with the brand new Well being Test characteristic, which checks dozens of various configuration settings in your firewall and compares them with CIS benchmarks and different greatest practices, offering quick insights into areas which may be in danger.
You’ll want to get entangled within the Sophos Firewall v22 Early Entry Program to higher safe your community and assist make this launch the most effective it may be.
In the event you’re a researcher, we welcome safety analysis on our merchandise so please do take part in our bug bounty program. You possibly can obtain as much as $50K for findings on our firewall platform.
