Sophos Firewall version 21 offers enhanced threat intelligence integration with its Active Risk Response capability, leveraging third-party menace feeds to further bolster proactive security measures.
Sophos Firewall introduced Energetic Risk Response in version 20, featuring an innovative, extensible threat feed framework that enables proactive responses to dynamic threats. Preliminary support was provided for dynamic threat intelligence feeds from Sophos X-Ops and Sophos Managed Detection and Response, empowering the firewall to proactively respond by blocking malicious entries transmitted through this platform.
While many clients typically require standardised threat intelligence feeds, specific industries or sectors may necessitate bespoke and customised solutions to effectively mitigate unique threats. There has been significant interest among our partner communities, System-on-Chip (SoC) suppliers, and numerous customers for an extensible threat feed capability that can support both existing and emerging threat detection and response solutions and services.
Sophos Firewall version 21 enhances the malicious feed framework, empowering third-party malware feeds to operate seamlessly within the system. Now you’ll be able to seamlessly integrate additional, vertically customized threat feeds into the firewall, enabling real-time monitoring and automated response capabilities that proactively block malicious activities across all security engines (IPS, DNS, Network and AV), without necessitating further firewall configuration or rule updates.
A third-party menace, as well as an Energetic Risk Response, triggers a synchronized security response akin to that of a Pink Safety Heartbeat incident. Your Sophos Firewall will enforce any configured firewall policies that involve Pink Heartbeat scenarios and synchronizes Lateral Motion Safety protocols with your Sophos Endpoints, which can proactively notify all healthy managed endpoints of a compromised host on the local area network, enabling them to block traffic from that device.
Watch our comprehensive video tutorial to gain a deeper understanding:
- To effectively organize third-party menace feeds, consider implementing a structured approach to categorization and prioritization. Begin by grouping similar feeds together based on their relevance, such as threat intelligence providers or open-source intelligence platforms.
Next, prioritize feeds based on their reliability and accuracy, with trusted sources at the top of your list. Consider establishing a tiered system, where high-priority feeds are monitored closely for potential threats, while lower-priority feeds are reviewed less frequently.
Additionally, consider implementing filters to remove irrelevant or redundant information from your feeds.
- Innovative companies have developed cutting-edge solutions to mitigate risks in high-stress environments. One such approach is the Energetic Risk Response (ERR). This paradigm shifts the focus from traditional risk assessment methods to a more dynamic, real-time strategy.
When unexpected events unfold, ERR enables teams to swiftly adapt and respond effectively. By acknowledging the inherent uncertainty of complex situations, this framework empowers organizations to make informed decisions in the face of ambiguity.
Another crucial aspect of ensuring safety is lateral motion control. This concept centers on the ability to redirect energy, whether it be kinetic or potential, away from critical systems or personnel. Effective lateral motion strategies can prevent catastrophic failures by dissipating excessive forces and stabilizing structures.
By integrating ERR and lateral motion principles, organizations can significantly enhance their preparedness for unpredictable situations. Proactive risk management becomes a cornerstone of their safety culture, fostering an environment where resilience and adaptability thrive.
- Discover how to unleash the full potential of your data with our cutting-edge dashboarding and reporting capabilities. Leverage real-time insights to drive informed decisions, streamline operations, and propel business growth.
Whether you’re a data-driven leader or an analytics enthusiast, our intuitive tools empower you to create customized dashboards that speak directly to your unique needs. With seamless integration, you’ll have instant access to key metrics, KPIs, and performance indicators – at your fingertips!
Say goodbye to tedious spreadsheets and hello to interactive visualizations that tell a story. Uncover hidden trends, identify areas for improvement, and measure progress with precision. Our advanced reporting features enable you to:
• Drill down into granular data for unparalleled visibility
• Visualize complex data sets in stunning detail
• Share insights securely across your organizationTake control of your data journey today!
Consulting with experts in the relevant field will provide additional insights.
Supported are a diverse array of specialized and vertical threat feeds from various entities, including those provided by reputable safety organizations, industry consortiums, and open-source menace intelligence sources. An exemplary example is Greynoise, which encompasses.
Different nice examples embrace:
- Cisco Talos
- Abuse.ch / URLhaus
- Hakk Options
- OSINT (Open-source Intelligence) / DigitalSide
- CINS Rating
- CrowdSec
- EclicticIQ
- Feodo Tracker
- And extra!
Collaborate seamlessly with other teams and stakeholders using the enhanced integration features in Sophos Firewall v21. To complete the registration process, simply follow these steps: Click on the link provided in your email to download the firmware update package, then install it on your Sophos Firewall.
