Gadget

Sophos launches AI-enhanced firewall

Sophos has introduced a new architecture for the Sophos XG Firewall called “Xstream”, which traffic decryption capabilities for encrypted malware connections. XG Firewall now also features AI-enhanced threat analysis from SophosLabs and accelerated application performance.

Sophos says 23% of malware families uses encrypted communication for Command and Control (C2) or for installation of the malware. Three common present Trojans – Trickbot, IcedID, and Dridex – leverage TLS during the course of their attacks. Cybercriminals also use TLS to hide their exploits, payloads and stolen content and to avoid detection. In fact, 44% of prevalent information stealers use encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, out from under organisations’ noses.

“As SophosLabs’ research demonstrates, cybercriminals are boldly embracing encryption in an attempt to bypass security products,” says Dan Schiappa, chief product officer at Sophos. 

“Unfortunately, most firewalls lack scalable TLS crypto capabilities and are unable to inspect encrypted traffic without causing applications to break or degrade network performance. With the new Xstream architecture in XG Firewall, Sophos is providing critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos’ internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engine as compared to previous XG versions. This is a game-changer.”

Latency too often deters IT admins from using decryption, as seen in an independent Sophos survey of 3,100 IT managers in 12 countries. The survey white paper, The Achilles Heel of Next-Gen Firewalls, reports that while 82% of respondents agreed TLS inspection is necessary, only 3.5% of organisations are decrypting their traffic to properly inspect it.
Key new features of XG Firewall include:

Sophos XG Firewall is available in the cloud-based Sophos Central platform alongside Sophos’ portfolio of cybersecurity solutions. Sophos’ Synchronized Security approach empowers these solutions to work together for real-time information sharing and threat response.

Exit mobile version