Sophos XG Firewall – What Should Your Firewall Be Doing For You

Sophos XG Firewall Tulsa

Sophos – “The next thing in next gen”

Firewalls are devices that usually reside on the edge of your network and are the first line of defense for any business environment. These should protect you from viruses, hackers, and in some situations yourself. Some firewalls however, fall behind because they use outdated tactics or are still using operating systems their company developed 10 years ago.

Doesn’t your company deserve a firewall that monitors the ever-evolving threats on the internet and dark web, is purpose-built for ultimate performance to prevent impacting your day to day tasks, and is versatile enough to allow you secure access to your business resources even when you are not in the office? The great news is that the Sophos XG Firewall is the device that can provide all that you need to run a successful and safe business network. Some of the XG firewall’s highlights consist of FastPath Optimization, Next-gen Intrusion Prevention System, Advanced VPN technologies, Granular-Enterprise Level Content Filtering and several other features.

FastPath Optimization

Since the XG Creator/Support team had the scope of making the fastest firewall that was still secure enough to prevent ransomware, there is no surprise that the XG firewalls all sport solid-state drives and multi-core Intel processors. Hardware was not enough for the Sophos team, and they took their speed requirements down to the coding level and developed FastPath packet scanning. When you send traffic across a network or to the internet and back, the information is sent in a series of packets. Think of them as many small envelopes like what is sent through the postal system just much, much faster. To protect you, firewalls will scan these packets to ensure that there are no known issues or viruses with the traffic. Traditional firewalls will stop the transmission of information, scan the packet, and then send information on its way. Sophos has set up a scanning method that makes note of good downloads, websites, etc and scans the packets based on source while looking for what is different. If anything is out of place the scanning throws a red flag. So rather than stopping data flow and scanning each packet one at a time they are able to bulk scan and speed up the process while still prevent any major threats. In short, if you are paying for a 50mbps internet connection you will get what you pay for – instead of 35mbps with older firewalls.

Next-gen Intrusion Prevention System

Intrusion Prevention Systems or IPS for short is the pinnacle of network inbound protection. When information is scanned, IPS is what determines if a packet/data stream is safe. If you are downloading a file that you believe is safe, but in reality it is a new version of ransomware, this is where the magic happens and your download is terminated. Traditional firewalls will perform maintenance to download a list of safe files and website for the users browsing habits. This is great, but in most cases this does not happen with enough frequency to keep the firewall up-to-date with the new viruses like WannaCry and variations of CryptoLocker. Sophos uses both the traditional approach but then double downs by having a build in real-time download for known threats. The main way that Sophos excels with their IPS is that their partners and the XG units themselves will report to the main office that they have found a new threat and that threat if severe enough is pushed to the other units to prevent infection. For example, the WannaCry epidemic started in Asia and Europe, by the time the virus had made it to the United States networks, Sophos had added the appropriate signatures to all of their units so the infection was avoided. The best part is that the Sophos XG unit does all this in the background. Just one more way that Sophos lets its clients sleep better at night.

Granular-Enterprise Level Content Filtering

Do you have issues with employees’ productivity due to social media or recreational sites? What about users who may be click happy and have accidentally downloaded a virus one too many times? Sophos XG firewall’s content filtering can assist. The XGs have several policies that can prevent users from going to sites that can be either unproductive or harmful. These policies can extend to entire departments and locations or be limited to a single user. In a lot of examples, companies want to block social media but they need to allow their marketing department access to these sites, no problem. The XG can identify which user is logged on to a computer and allow or deny access to sites based on this information. The same goes for entire networks. Let’s say that you supply a public Wi-Fi network for your patrons and someone came in and decided to use a bit torrent, now you internet is going to be shutdown by the ISP. To stop this the Public Wi-Fi network would have Bit Torrent/P2P traffic blocked by content filtering and avoid the situation all together, while still being able to allow your clients the added benefit of internet browsing.

Advanced VPN technologies

When travelling, many employees still need access to company documents. Setups like document syncing, unsecure remote access, and unencrypted screen shares can cause huge security holes in your network. If you have one of the most secure networks in the world then chances are the only way your network is going to be infected is from remote computer users. With a firewall from Sophos there are many versatile solutions to allow your remote workers safe and secure access to your business network. Some users like the traditional approach of downloading a program and entering a username and password to connect to the company resources. While this is definitely an option, with the XG there are other options to consider as well. Maybe you are on a new machine that does not have the correct software downloaded. With the XG you can go to a website and authenticate yourself to gain access to a company portal. On this company portal, there may be programs, files, and even remote desktop options listed to assist with your needs. On the other hand, you may have a salesperson or executive who is always on the move and just does not want to hassle with the configuration and connection each time they need a document or program. The RED or Remote Ethernet Device is a mobile Ethernet port that can be plugged into the laptop and an internet connection to allow your machine access to the corporate network and mirrors the behaviour of being in the office. It is an easy and quick option for employees on the move or mobile office.

Find out more Sophos XG Firewall!

The Sophos XG firewall provides many more functions. To find out more, contact NetLink Solutions today or give us a call now at 918-893-9520.

For a fun laugh, Sophos CEO Dave Malarky has several light-hearted videos that explain the importance of having a safe and secure firewall in a business environment. To check out these videos click on the link provided.