Latest occasions with F5 and SonicWall underline a unbroken challenge: community infrastructure is consistently beneath assault, and the cybersecurity business continues to grapple with deep product safety challenges.
Our adversaries are focusing on the very instruments designed to defend us. These should not opportunistic assaults: they’re a long-term technique requiring years of analysis and are more and more involving direct breaches of distributors’ personal engineering and product environments.
As disclosed in our Pacific Rim analysis from final yr, Sophos has direct expertise with this. We found an inside breach of our firewall division in 2018, adopted by assaults in opposition to buyer units that demonstrated an uncanny data of our product structure. A handful of different distributors have disclosed comparable inside intrusions however this probably solely scratches the floor of a wider challenge.
What can we do? As Ollie Whitehouse on the Nationwide Cyber Safety Centre has identified, that is in the end a market incentives downside. Consumers have to demand higher. Not by punishing distributors who disclose breaches, however by rewarding distributors who embrace transparency and display an actual dedication to Safe by Design ideas.
Over the past a number of releases, we now have continued to put money into implementing Safe by Design ideas into all our merchandise, together with Sophos Firewall. Sophos Firewall has had quite a few updates in the previous few years to aggressively harden the product, make it simpler to patch vulnerabilities, and to determine when a buyer is beneath assault.
As you most likely know, Sophos Firewall is exclusive in providing zero-touch over-the-air hotfixes that can be utilized to patch new vulnerabilities with out scheduling downtime. Sophos can be the one vendor that’s actively monitoring our set up base to assist determine indicators of an assault early.
Sophos Firewall v22 takes Safe by Design to a brand new stage with a number of vital enhancements:
Improved workload isolation – With our next-gen Xstream Structure, SFOS v22 introduces an all-new management airplane re-architected for elevated defense-in-depth and scalability. The brand new management airplane allows deeper modularization, isolation, and containerization of companies.
Hardened kernel – The following-gen Xstream Structure in Sophos Firewall OS is constructed upon a brand new hardened kernel (v6.6+) that gives enhanced safety, efficiency, and scalability to maximise present and future {hardware}. This new kernel presents tighter course of isolation and higher mitigation for side-channel assaults in addition to mitigations for CPU vulnerabilities. It additionally presents hardened usercopy, stack canaries, and Kernel Handle House Format Randomization (KASLR).
Distant integrity monitoring – Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that allows real-time monitoring of system integrity, together with unauthorized configuration, rule exports, computer virus execution makes an attempt, file tampering, and extra. This helps our safety groups – who’re proactively monitoring our total Sophos Firewall set up base – to raised determine, examine, and reply extra shortly to any assault. That is an added safety functionality that no different firewall vendor offers.
Sophos Firewall Well being Examine – A powerful safety posture is determined by guaranteeing your firewall and different community infrastructure is optimally configured. Sophos Firewall v22 makes it a lot simpler to judge and deal with the configuration of your firewall with the brand new Well being Examine characteristic, which checks dozens of various configuration settings in your firewall and compares them with CIS benchmarks and different finest practices, offering quick insights into areas that could be in danger.
Make sure to become involved within the Sophos Firewall v22 Early Entry Program to raised safe your community and assist make this launch the very best it may be.
When you’re a researcher, we welcome safety analysis on our merchandise so please do take part in our bug bounty program. You’ll be able to obtain as much as $50K for findings on our firewall platform.
