Current occasions with F5 and SonicWall underline a seamless situation: community infrastructure is continually underneath assault, and the cybersecurity trade continues to grapple with deep product safety challenges.
Our adversaries are focusing on the very instruments designed to defend us. These usually are not opportunistic assaults: they’re a long-term technique requiring years of analysis and are more and more involving direct breaches of distributors’ personal engineering and product environments.
As disclosed in our Pacific Rim analysis from final yr, Sophos has direct expertise with this. We found an inner breach of our firewall division in 2018, adopted by assaults in opposition to buyer gadgets that demonstrated an uncanny information of our product structure. A handful of different distributors have disclosed comparable inner intrusions however this seemingly solely scratches the floor of a wider situation.
What can we do? As Ollie Whitehouse on the Nationwide Cyber Safety Centre has identified, that is finally a market incentives drawback. Consumers must demand higher. Not by punishing distributors who disclose breaches, however by rewarding distributors who embrace transparency and exhibit an actual dedication to Safe by Design rules.
During the last a number of releases, now we have continued to put money into implementing Safe by Design rules into all our merchandise, together with Sophos Firewall. Sophos Firewall has had quite a few updates in the previous few years to aggressively harden the product, make it simpler to patch vulnerabilities, and to establish when a buyer is underneath assault.
As you most likely know, Sophos Firewall is exclusive in providing zero-touch over-the-air hotfixes that can be utilized to patch new vulnerabilities with out scheduling downtime. Sophos can also be the one vendor that’s actively monitoring our set up base to assist establish indicators of an assault early.
Sophos Firewall v22 takes Safe by Design to a brand new stage with a number of essential enhancements:
Improved workload isolation – With our next-gen Xstream Structure, SFOS v22 introduces an all-new management aircraft re-architected for elevated defense-in-depth and scalability. The brand new management aircraft allows deeper modularization, isolation, and containerization of companies.
Hardened kernel – The subsequent-gen Xstream Structure in Sophos Firewall OS is constructed upon a brand new hardened kernel (v6.6+) that gives enhanced safety, efficiency, and scalability to maximise present and future {hardware}. This new kernel gives tighter course of isolation and higher mitigation for side-channel assaults in addition to mitigations for CPU vulnerabilities. It additionally gives hardened usercopy, stack canaries, and Kernel Deal with Area Structure Randomization (KASLR).
Distant integrity monitoring – Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that permits real-time monitoring of system integrity, together with unauthorized configuration, rule exports, bug execution makes an attempt, file tampering, and extra. This helps our safety groups – who’re proactively monitoring our complete Sophos Firewall set up base – to raised establish, examine, and reply extra shortly to any assault. That is an added safety functionality that no different firewall vendor gives.
Sophos Firewall Well being Examine – A robust safety posture is determined by guaranteeing your firewall and different community infrastructure is optimally configured. Sophos Firewall v22 makes it a lot simpler to judge and deal with the configuration of your firewall with the brand new Well being Examine characteristic, which checks dozens of various configuration settings in your firewall and compares them with CIS benchmarks and different greatest practices, offering quick insights into areas which may be in danger.
You should definitely become involved within the Sophos Firewall v22 Early Entry Program to raised safe your community and assist make this launch the most effective it may be.
For those who’re a researcher, we welcome safety analysis on our merchandise so please do take part in our bug bounty program. You possibly can obtain as much as $50K for findings on our firewall platform.