REVIEW: Sophos has melded the best of its endpoint security systems with the acquired intellectual property of firewall vendors Astaro and Cyberoam.
IT security vendor Sophos has raised the bar on unified security by bringing together an array of security technologies in a package that melds firewall intelligence with endpoint analytics.
The company brought its new security platform to market under the moniker "Sophos Security Heartbeat," which describes a unifying technology that allows endpoints running Sophos security products to collaborate with the company's security appliances to create a comprehensive system that's all about keeping things secure.
Perhaps a better explanation lies in what security unification between the endpoint and a unified threat management (UTM) system means in the context of Sophos's offering. In simple terms, an endpoint has its own local security application (anti-malware, anti-rootkit, etc.), which helps to protect the endpoint while also communicating with a central security appliance.
The two-way conversation excels in detecting anomalies, wherein the endpoint can inform the security appliance of something suspicious and the security appliance can vet that suspicious traffic, while also executing policy to contain the traffic.
What's more, the security appliance can further analyze the traffic to measure the impact of suspicious traffic on the network, applications and services before using those results to detect suspicious behavior on other endpoints or other parts of the network. The security appliance's unified view of traffic and activity across the network uses integrated machine learning capabilities to identify anomalies quickly and, more importantly, actually do something about those anomalies in real time.
Going Hands-On with the Sophos XG Series
Sophos XG is actually a family of NGFWs (Next Generation FireWalls) that share a common core feature set and include capabilities such as traffic shaping, policy-based rule execution, traffic anomaly detection, Web filtering, intrusion detection and intrusion prevention.
In essence, any member of the Sophos XG family functions as a UTM appliance and is designed around the concepts of ease of use and automation. Sophos gained the firewall and related threat-management technology through its acquisitions of Astaro and Cyberoam.
While there are many different models in the Sophos XG family, the primary difference is scale. For example, the entry-level XG85 is designed for small offices and includes just four GbE copper ports and is rated at 2Gbps throughput.
In contrast, the top-of-the-line XG750 is rated for 140Gbps throughput and sports as many as 64 GigE ports, as well as support for 10Gbps Ethernet. While the raw processing power and connectivity is vastly different between those two extremes, the underlying software is much the same, which means feature sets are universal across the whole product line.
I visited Sophos's Vancouver office to test the XG's capabilities and evaluate the feature set of the product line. Most of my testing was done on a Sophos XG 125W, which is rated for 5Gbps raw throughput, includes eight GbE copper ports and incorporates an 802.11b/g/n/ac 2.4/5 GHz Wi-Fi AP.
It is interesting to note that XG series devices that come with integrated Wi-Fi offer a complete set of Wi-Fi security controls and fully integrates NGFW capabilities into the Wi-Fi AP. I was able to test connectivity to a variety of endpoints, both wired and wireless, to evaluate how the XG 125W functioned in a simulated small enterprise environment.
Installation and Setup
Within just a few minutes of unpacking the device it became apparent that ease of use has been injected heavily into the XG product line, making the device almost plug-and-play simple to set up. I say "almost" only because anyone installing the device must have some basic understanding of network cabling and be adept at knowing how to change their management system's IP address to launch the browser-based setup wizard.
That said, it is important to note that the XG family of devices default to an initial IP address of 172.16.16.16 instead of the all-too-common 192.168.0.1 that so many appliances do today.
That caveat aside, all setup and management of the device is accomplished using a browser-based GUI, which incorporates setup wizards to keep things surprisingly simple.