Sophos Central Integrates Firewall Management to Improve Security

EXCLUSIVE: Sophos is enhancing its synchronized security and management capabilities with the integration of its XG Firewall into Sophos Central.

Sophos Central

Sophos announced on Dec. 10 that it is bringing its XG Firewall to the Sophos Central Management service, enabling organizations to manage security in an integrated approach from a central management dashboard.

The integrated capability is now available in early access for Sophos customers and will complement other technologies that are available in the Sophos Central services, including interacting with Sophos’ endpoint products.

"We're finally bringing firewall management into Sophos Central," Dan Schiappa, senior vice president and general manager at Sophos, told eWEEK. "Sophos Central is part of our synchronized security story and helps to add value to customers who are running both our endpoint products and our firewall products."

The Sophos Central platform is an effort to provide a consolidated view of security devices and controls across an organization. Among the capabilities that had previously been added to Sophos Central are endpoint security management features as well as email security and phishing simulation capabilities.

With synchronized security, organizations gain the ability to share information that allows the other products to react in real time based on information that is shared, Schiappa said. He added that with the addition of firewall management into Sophos Central, administrators can now manage their security controls in one location.

XG Firewall 

Why has Sophos decided to integrate XG Firewall into Sophos Central now? It has to do with the timing of the latest XG Firewall release. On Nov. 28, Sophos announced XG Firewall 17.5, providing new capabilities to help organizations defend and prevent attackers from moving laterally within an enterprise network.

"We can isolate machines from the rest of the environment when we believe that there's lateral movement being attempted," Schiappa said. 

One of the synchronized security scenarios that is now enabled is that the endpoint can communicate to the firewall and the firewall in turn can broadcast that information to all the other devices on the network and basically isolate a potentially infected machine, he said. After a security issue on the endpoint is remediated, it can communicate its new clean status to the firewall, which will reopen communications to the rest of the world.

With the Sophos Intercept X Advanced with EDR endpoint security platform that was announced on Oct. 9, the company added capabilities to monitor and detect potentially malicious activities, including lateral movement by attackers. With the XG Firewall 17.5 update, Sophos added the ability to detect lateral movement across a network as well. Schiappa explained that the combination of firewall and endpoint security provides a powerful integration to help protect organizations against attackers being able to move around easily within a network.


An emerging trend among in cyber-security over the past year has been the evolution of Security Orchestration, Automation and Response (SOAR) platforms. The basic promise of SOAR is an integrated set of capabilities that can automatically detect and respond to threats as they occur. Schiappa said Sophos Central can be thought of as an element of a SOAR platform.

"The whole synchronized security effort is really kind of focused around the SOAR approach, where we're trying to automate response based upon what the products are seeing, as opposed to being based upon what an administrator is saying," he said.

The Sophos Central dashboard integration for the XG Firewall control will initially enable organizations to manage individual firewalls. Moving forward, Schiappa said the plan is to provide a more blended threat hunting type of experience, where joint cases between the EDR and Firewall can be examined in the dashboard. He said Sophos is working on differentiated threat hunting capabilities for its EDR platform and enhanced automation across multiple Sophos products. The goal is to make a product that is consumable by different levels of users, including the less sophisticated organizations that a need a little more guidance.

"We're going to do that by bringing in more intelligence, and we're also going to do it by automating as much as possible," Schiappa said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.