Sophos Integrates Endpoints, Firewalls


By: Michael Vizard

One of the biggest issues with IT security these days is that not a lot of intelligence is shared between network and endpoint security technologies. In fact, network security (in the form of firewalls) and endpoint security software (in the form of anti-virus software) are typically managed in complete isolation from one another.

British IT security and hardware company Sophos has been moving to close that gap using a Synchronized Security framework to unify endpoint and firewall security technologies. A new iteration of the Sophos XG Firewall is part of that effort. The firewall upgrade, announced this week, can collect data from endpoints running Sophos security software to classify and ultimately block or enable applications.

This reflects a trend in high demand for the IT user community. As Futuriom found in our SysSecOps report, which surveyed more than 160 IT and security managers, integrating security functions is a huge challenge in organizations. End users cited better integration between security tools as one of the most helpful approaches to solving security problems.

Firewall & endpoint synchronicity

Sophos uses the Synchronized App Control tool to pull data from an endpoint using Sophos Security Heartbeat software developed as part of Sophos Intercept X scanning software, according to Dan Schiappa, senior vice president and general manager of End User and Network Security Groups at Sophos. Schiappa says that the proliferation of data means it's now simpler to classify applications. If an application still can't be classified, Sophos XG Firewall then provides the local administrator with tools to classify that application and apply policies as they best see fit.

"They can now block all unwanted applications," says Schiappa.

Organizations also have the option of simulating implementations of security policies to gauge their impact in a production environment before implementing them. Sophos officials say the next release of Intercept X scanning software will employ machine learning algorithms to help automate threat detection.

Most of the applications running inside any organization are unidentified. This creates an issue when the firewall can't identify the application and doesn't know what controls to implement based on the policies defined by the IT organization. To resolve that problem, Sophos makes it possible to implement firewalls on-premises, in a cloud, or using a set of dedicated hardware appliances from Sophos that can gather information about applications from any connected endpoint, says Schiappa.


Coordinating defenses

Sophos is implementing a strategy to move beyond the firewalls with a somewhat dated reputation as an isolated security appliance guarding the perimeter of the network. IT organizations are looking to mount a more coordinated defense. In many cases, that means not only adopting new technology platforms, but also changing how security software is purchased and managed in the enterprise. Sophos has made a bet that IT organizations will insist on approaches to security where all the technologies employed to defend the enterprise share threat information with one another.

It's not yet clear to what degree organizations want to standardize on a single vendor to achieve that goal or simply insist that vendors plug into a common software-defined security management framework. Whatever the approach, the one thing that is for certain is that the IT security technologies being employed today, largely in isolation from one another, are not getting the IT security job done.