Current occasions with F5 and SonicWall underline a unbroken concern: community infrastructure is consistently underneath assault, and the cybersecurity business continues to grapple with deep product safety challenges.
Our adversaries are concentrating on the very instruments designed to defend us. These aren’t opportunistic assaults: they’re a long-term technique requiring years of analysis and are more and more involving direct breaches of distributors’ personal engineering and product environments.
As disclosed in our Pacific Rim analysis from final yr, Sophos has direct expertise with this. We found an inner breach of our firewall division in 2018, adopted by assaults towards buyer units that demonstrated an uncanny information of our product structure. A handful of different distributors have disclosed related inner intrusions however this doubtless solely scratches the floor of a wider concern.
What can we do? As Ollie Whitehouse on the Nationwide Cyber Safety Centre has identified, that is finally a market incentives downside. Consumers have to demand higher. Not by punishing distributors who disclose breaches, however by rewarding distributors who embrace transparency and display an actual dedication to Safe by Design rules.
During the last a number of releases, we’ve got continued to spend money on implementing Safe by Design rules into all our merchandise, together with Sophos Firewall. Sophos Firewall has had quite a few updates in the previous couple of years to aggressively harden the product, make it simpler to patch vulnerabilities, and to establish when a buyer is underneath assault.
As you most likely know, Sophos Firewall is exclusive in providing zero-touch over-the-air hotfixes that can be utilized to patch new vulnerabilities with out scheduling downtime. Sophos can also be the one vendor that’s actively monitoring our set up base to assist establish indicators of an assault early.
Sophos Firewall v22 takes Safe by Design to a brand new stage with a number of vital enhancements:
Improved workload isolation – With our next-gen Xstream Structure, SFOS v22 introduces an all-new management airplane re-architected for elevated defense-in-depth and scalability. The brand new management airplane permits deeper modularization, isolation, and containerization of providers.
Hardened kernel – The following-gen Xstream Structure in Sophos Firewall OS is constructed upon a brand new hardened kernel (v6.6+) that gives enhanced safety, efficiency, and scalability to maximise present and future {hardware}. This new kernel affords tighter course of isolation and higher mitigation for side-channel assaults in addition to mitigations for CPU vulnerabilities. It additionally affords hardened usercopy, stack canaries, and Kernel Handle Area Structure Randomization (KASLR).
Distant integrity monitoring – Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that allows real-time monitoring of system integrity, together with unauthorized configuration, rule exports, trojan horse execution makes an attempt, file tampering, and extra. This helps our safety groups – who’re proactively monitoring our complete Sophos Firewall set up base – to higher establish, examine, and reply extra rapidly to any assault. That is an added safety functionality that no different firewall vendor offers.
Sophos Firewall Well being Test – A powerful safety posture depends upon making certain your firewall and different community infrastructure is optimally configured. Sophos Firewall v22 makes it a lot simpler to judge and handle the configuration of your firewall with the brand new Well being Test characteristic, which checks dozens of various configuration settings in your firewall and compares them with CIS benchmarks and different greatest practices, offering rapid insights into areas which may be in danger.
Remember to become involved within the Sophos Firewall v22 Early Entry Program to higher safe your community and assist make this launch the very best it may be.
When you’re a researcher, we welcome safety analysis on our merchandise so please do take part in our bug bounty program. You’ll be able to obtain as much as $50K for findings on our firewall platform.
