Sophos has introduced a new “Xstream” architecture for Sophos XG Firewall with high performance Transport Layer Security (TLS) traffic decryption capabilities.
The enhancement eliminates significant security risk associated with encrypted network traffic, which is often overlooked by security teams due to performance and complexity concerns. XG Firewall now also features AI-enhanced threat analysis from SophosLabs and accelerated application performance.
Sophos has also published the SophosLabs Uncut article, “Nearly a Quarter of Malware now Communicates Using TLS,” which explains how 23 percent of malware families use encrypted communication for Command and Control (C2) or installation. The article details, for example, three common and ever-present Trojans – Trickbot, IcedID and Dridex – that leverage TLS during the course of their attacks. Cybercriminals also use TLS to hide their exploits, payloads and stolen content and to avoid detection. In fact, 44 percent of prevalent information stealers use encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, out from under organisations.
“As SophosLabs’ research demonstrates, cybercriminals are boldly embracing encryption in an attempt to bypass security products. Unfortunately, most firewalls lack scalable TLS crypto capabilities and are unable to inspect encrypted traffic without causing applications to break or degrade network performance,” said Dan Schiappa, chief product officer at Sophos. “With the new Xstream architecture in XG Firewall, Sophos is providing critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos’ internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engine as compared to previous XG versions. This is a game changer.”
Latency too often deters IT admins from using decryption, as seen in an independent Sophos survey of 3,100 IT managers in 12 countries. The survey white paper, The Achilles Heel of Next-Gen Firewalls, reports that while 82 percent of respondents agreed TLS inspection is necessary, only 3.5 percent of organisations are decrypting their traffic to properly inspect it.
“Sophos’ new XG Firewall offers a wide array of enterprise-caliber features, with a growing installed base that is now one of the industry’s most widely deployed next-generation firewalls,” Eric Parizo, senior analyst for enterprise IT strategy, Omdia.
“XG Firewall can win against industry competitors in large part because of Sophos Central, its SaaS-based, single-pane-of-glass management system for overseeing deployment, management, policy, updates, and response, with optional log management and analytics. This cloud management platform with the Firewall Management and Reporting feature, plus the TLS inspection, position Sophos XG Firewall as a compelling option for a wide variety of organisations,” he added.
Sophos XG Firewall is available in the cloud-based Sophos Central platform alongside Sophos’ entire portfolio of next-generation cybersecurity solutions. Sophos’ unique Synchronised Security approach empowers these solutions to work together for real-time information sharing and threat response.