Sophos has released a significant update to its Sophos Firewall software with version v21.5, introducing enhanced protection capabilities and streamlined management features designed to strengthen cybersecurity defenses and improve operational efficiency.
Enhanced Network Detection and Response Capabilities
The most notable addition to Sophos Firewall v21.5 is the integration of Sophos NDR Essential, which comes at no additional cost for customers with an XStream Protection license. This enhancement represents a major advancement in threat detection capabilities, utilizing two dedicated artificial intelligence engines specifically designed to identify malware communications and detect communications using algorithmically generated domain names.
The NDR Essential feature addresses a critical challenge in modern cybersecurity by identifying malware communications even when they are previously unknown or not yet cataloged in threat databases. This proactive approach complements the existing Active Threat Response capabilities already built into Sophos firewalls, creating a more comprehensive defense system.
Cloud-Based Processing Architecture
Recognizing the substantial processing power required for NDR traffic analysis, Sophos has implemented an innovative cloud-based approach. As explained by Chris McCormack, Senior Product Marketing Manager at Sophos, the company has deployed the NDR solution in Sophos Cloud to offload the most resource-intensive tasks from the firewall itself. This architecture ensures that the enhanced security capabilities don’t compromise firewall performance while providing robust threat detection.
VPN and Authentication Improvements
EntraID Integration for Single Sign-On
Sophos Connect, the VPN client bundled with Sophos Firewall, now features EntraID (Azure AD) integration for single sign-on functionality. This enhancement significantly improves both security posture and user experience for SSL and IPsec VPN connections by enabling organizations to leverage their existing Microsoft identity infrastructure.
The integration supports multi-factor authentication for both Sophos Connect and access to the user portal hosted by the firewall, providing an additional layer of security while maintaining user convenience.
Comprehensive VPN Enhancements
The update includes several improvements to VPN functionality:
Interface and Usability Improvements: Connection types have been renamed for better clarity, with “site-to-site” connections now called “policy-based” and tunnel interfaces renamed to “route-based” to make configuration more intuitive for administrators.
Enhanced IP Address Management: The system now includes dynamic validation of IP address pools allocated to various VPN connection types (SSL VPN, IPsec, L2TP, and PPTP), helping to prevent and resolve potential IP address conflicts that could disrupt connectivity.
Strict Profile Enforcement: IPsec profiles now exclude default values to ensure proper algorithm synchronization, eliminating potential fragmentation issues that could prevent site-to-site VPN tunnels from establishing successfully.
Scalability Improvements: The system now supports up to 3,000 simultaneously established tunnels, with specific support for up to 1,000 SD-RED site-to-site tunnels and up to 650 concurrent SD-RED devices.
Management and Administrative Enhancements
IPv6 and Network Configuration
The update brings significant improvements to IPv6 support, including more flexible DHCP Prefix Delegation (IPv6 DHCP-PD) that now supports prefixes ranging from /48 to /64. This enhancement improves compatibility with various internet service providers and provides greater flexibility in network design.
Router Advertisement (RA) and DHCPv6 server functionality are now enabled by default, simplifying IPv6 deployment and management.
User Interface and Search Functionality
The web administration interface continues to evolve with support for ultra-wide screens and resizable table columns across many configuration pages. These improvements enhance the user experience for administrators working with modern display setups.
Enhanced search capabilities have been implemented throughout the interface, with the SD-WAN routing configuration screen now supporting searches across multiple criteria including route names, IDs, objects, and object values such as IP addresses and domains. Local ACL rules also benefit from improved search functionality, including content-based searches for both object names and values.
Configuration Defaults
Sophos has streamlined the default configuration approach by removing previously created default firewall rules and rule groups from new firewall setups. The new approach provides only essential default network rules and MTA rules in the initial configuration, with default firewall rule groups and gateway probes set to “None” by default. This change gives administrators greater control over their initial security posture.
Secure by Design Architecture
The update reinforces Sophos’s commitment to secure by design principles through enhanced intrinsic security measures. The firewall now implements containerization of specific features and performs integrity checks on critical operating system files using mathematical checksums.
When checksum mismatches are detected, the system triggers potential compromise alerts, enabling monitoring teams to proactively identify possible security incidents affecting firewall OS integrity. This capability allows incident response and development teams to react swiftly to critical security events.
Availability and Deployment
Sophos Firewall v21.5 is immediately available for manual download and deployment on any Sophos Firewall equipped with a valid license. The update represents a significant step forward in combining advanced threat detection capabilities with improved operational efficiency, making it easier for organizations to maintain robust cybersecurity defenses while simplifying daily management tasks.
This comprehensive update demonstrates Sophos’s continued focus on providing enterprise-grade security solutions that adapt to evolving threat landscapes while maintaining ease of use for security administrators.
Discover more from Techish Kenya
Subscribe to get the latest posts sent to your email.
