Sophos Launches Xstream

1 April 2020 Infrastructure

Sophos has introduced a new ‘Xstream’ architecture for Sophos XG Firewall with high performance Transport Layer Security (TLS) traffic decryption capabilities that eliminate significant security risk associated with encrypted network traffic, which is often overlooked by security teams due to performance and complexity concerns. XG Firewall now also features AI-enhanced threat analysis from SophosLabs and accelerated application performance.

The SophosLabs Uncut article, ‘Nearly a quarter of malware now communicates using TLS’, explains how 23% of malware families use encrypted communication for Command and Control (C2) or installation. The article details, for example, three common and ever-present Trojans – Trickbot, IcedID and Dridex – that leverage TLS during the course of their attacks. Cybercriminals also use TLS to hide their exploits, payloads and stolen content and to avoid detection. In fact, 44% of prevalent information thieves use encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, out of organisations.

“As SophosLabs’ research demonstrates, cybercriminals are boldly embracing encryption in an attempt to bypass security products. Unfortunately, most firewalls lack scalable TLS crypto capabilities and are unable to inspect encrypted traffic without causing applications to break or degrade network performance,” said Dan Schiappa, chief product officer at Sophos. “With the new Xstream architecture in XG Firewall, Sophos is providing critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos’ internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engine as compared to previous XG versions.”

Latency too often deters IT admins from using decryption, as seen in an independent Sophos survey of 3100 IT managers in 12 countries. The survey white paper, The Achilles Heel of Next-Gen Firewalls, reports that while 82% of respondents agreed TLS inspection is necessary, only 3.5% of organisations are decrypting their traffic to properly inspect it.

Key new features of XG Firewall include:

• Inspection of TLS 1.3 to detect cloaked malware: New port-agnostic TLS engine doubles crypto operation performance over previous XG versions.

• Optimised critical application performance: New FastPath policy controls accelerate performance of SD-WAN applications and traffic, including Voice over IP, SaaS and others, to up to wire speed.

• Adaptive traffic scanning: The newly enhanced Deep Packet Inspection (DPI) engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33% across most network environments.

• Threat analysis with SophosLabs intelligence: Provides network administrators with the SophosLabs AI-enhanced threat analysis needed to understand and adjust defences to protect against a constantly changing threat landscape.

• Comprehensive cloud management and reporting in Sophos Central: Centralised management and reporting capabilities in Sophos Central provide customers with group firewall management and flexible cloud reporting across an entire estate without additional charge.

• Integration with Sophos Managed Threat Response (MTR) service: Customers of XG Firewall who also subscribe to the Sophos MTR Advanced service will have deeper actionable intelligence to prevent, detect and respond to threats, as a result of the integration.

Watch the video, TLS Encryption Explained (https://vimeo.com/392040023), to see how attackers are using TLS encryption to commit cybercrime https://vimeo.com/392040023




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
The hidden cost of cheap networking gear
Duxbury Networking Infrastructure
When it comes to building a network, price is always a consideration, especially in the current economic climate, but there is a difference between smart spending and short-term savings with long-term losses.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Suprema unveils BioStar Air
Suprema neaMetrics News & Events Access Control & Identity Management Infrastructure
Suprema launches BioStar Air, the first cloud-based access control platform designed to natively support biometric authentication and feature true zero-on-premise architecture. BioStar Air simplifies deployment and scales effortlessly to secure SMBs, multi-branch companies, and mixed-use buildings.

Read more...
Back-up securely and restore in seconds
Betatrac Telematic Solutions Editor's Choice Information Security Infrastructure
Betatrac has a solution that enables companies to back-up up to 8 TB of data onto a device and restore it in 30 seconds in an emergency, called Rapid Access Data Recovery (RADR).

Read more...
Advanced surveillance storage from ASBIS
Infrastructure Surveillance Products & Solutions
From a video storage solutions perspective, SkyHawk drives, designed for DVRs and NVRs, offer high capacity, optimised firmware, and a reliability workload rating of hundreds of terabytes per year.

Read more...
Power surges are killing our networks
Duxbury Networking Infrastructure
With power surges and lightning strikes becoming an all-too-familiar threat to South African infrastructure, Duxbury Networking is calling on local installers and network integrators to follow proper grounding protocols.

Read more...
A passport to offline backups
SMART Security Solutions Technews Publishing Editor's Choice Infrastructure Smart Home Automation
SMART Security Solutions tested a 6 TB WD My Passport and found it is much more than simply another portable hard drive when considering the free security software the company includes with the device.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.