SOPHOS | Network Security Appliances

Who is SOPHOS?

Sophos is a UK-based cyber security company, which is in both the endpoint and network markets. The company aims to simplify security by combining these two markets by providing products including: Next-Gen Endpoint Security with Advanced Threat Prevention, Always-On Encryption and UTM Firewall Appliances. Sophos has teams of threat researchers that track emerging strains of malware.

Unified Threat Management (UTM)

A unified threat management device, or UTM security appliance, can provide a comprehensive and easily managed security solution for small and mid-sized organizations at reasonable cost.

UTM appliances provide an alternative approach to building a security solution from several different point products, often from different vendors. These point solutions work independently of each other to fulfil different security functions that an organization requires, and may include a hardware firewall appliance, an anti-malware scanner, and a network intrusion detection and prevention system.

Those point solutions may give greater security protection than a one-size-fits-all UTM appliance – but they can come with management, implementation, and integration challenges too great for the IT staff of a small business. A UTM solution can solve all those problems and provide comprehensive security that’s easier to manage and costs less. It may not be a best of breed point solution, but it’s pretty darn good for an SMB.

What Is A Unified Threat Management (UTM) Appliance?

A UTM appliance is a hardware device that plugs in to your organization’s network at the network perimeter. It serves as a gateway onto your corporate network, providing all the security services you need to protect your network from malware, unauthorized intrusion, and other security risks.

UTM Security Features

At the most basic level, a UTM security appliance acts as a standard network hardware firewall to restrict access to your network. Other security functions can generally be turned on as options if required. Typical security functions offered by a UTM security device include:

  • Remote access and site-to-site virtual private network (VPN) support
  • Secure web gateway functionality (including anti-malware scanning and URL and content filtering)
  • A network intrusion prevention system focused on blocking attacks against unpatched Windows PCs and servers

Other UTM security features that are sometimes offered:

  • Application control
  • Web application firewalling
  • Bandwidth management
  • Data loss prevention (DLP)
  • Identity-based access control
  • Load balancing
  • DDOS protection
  • Wireless access management
  • Email security

The majority of these extra security features may not be needed by many organizations. If your organization is small, you are unlikely to have any web applications to secure or web servers that need load balancing. You may also be using a cloud-based email offering such as Exchange Online or Google Apps.

UTM Pros

  • Fewer resources needed: A UTM requires minimal security staff because there is only one system to maintain, update, upgrade, and monitor through a single pane of glass. Security logs are also available in a single place.
  • Better security coverage: A UTM should not leave any holes in the protection it provides because all the components should be designed to work together. That is not necessarily the case with a collection of point solutions.
  • Scalability: As a UTM is a single device, it is easier to upgrade the security solution (or replace it) as your organization grows.
  • Guaranteed compatibility: A UTM is an integrated appliance, and any software upgrades or updates are pre-tested to ensure that all the components continue to work well together. If you use point security solutions, it is up to you to ensure continued compatibility between parts of your solution following software changes.
  • Central management and configuration of all security components: A UTM offers a single interface for management and configuration, which saves time and removes the need for training on each individual solution. Central configuration is particularly valuable for functions such as firewalling, VPN, and intrusion prevention and detection, because these act on the same policies, so central management reduces the likelihood of misconfiguration errors.
  • Lower cost: A UTM is generally a less costly option than several point solutions running on separate hardware. A UTM will also consume less power and take up less data center space, and because it runs in a single appliance it will involve less hardware replacement costs.
  • Backup security: A UTM security device can be purchased to act as a hardware firewall only, with other security functions provided by point solutions. The benefit of this approach is that if a particular point solution fails, then the corresponding functionality can be activated in the UTM as a stop-gap security measure until the point solution can be made to run normally again. A UTM firewall comparison is necessary to determine which UTMs offer firewalls that are sufficiently sophisticated to act as a standalone firewall appliance.

UTM Cons

  • Single point of failure: A UTM contains all your security eggs in one basket, so if the UTM appliance fails, all your security systems fail. Many organizations get around this by having two UTMs, but this negates some of the cost and management benefits of a UTM.
  • Security efficacy: The risk mitigation provided by a UTM security appliance may not match the features and functionality of best-of-breed point solutions. In addition, UTMs may leave security holes if they simply offer a bundle of different products with a single interface rather than a genuinely unified solution.
  • Performance limitations: Enabling security features on UTM can have a hugely detrimental effect on the performance (in terms of data throughput) that an appliance offers.
  • Unnecessary costs: smaller organizations may require very few of the security features that a UTM offers and may therefore pay for features that remain disabled.

XG Firewall

Sophos XG Firewall is a modular network security platform that can be configured as a next-gen firewall (NGFW) or a UTM. It is primarily targeted at SMB and mid-market organizations, although it also appeals to larger organizations. It also protects infrastructure as a service (IaaS) solution in Microsoft Azure. It also introduces an innovative approach to the way that you manage your firewall, and how you can detect and respond to threats on your network.

Their comprehensive next-generation firewall protection has been built to expose hidden risks, block both known and unknown threats, and automatically respond to incidents. It Exposes hidden risks, blocks unknown threats Automatically responds to incidents. Sophos XG Firewall provides unrivalled visibility into risky users, unknown and unwanted apps, advanced threats, suspicious payloads, encrypted traffic and much more. Rich on-box reporting is built-in and powerful centralized reporting for multiple firewalls is available in the cloud. Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including Intrusion Prevention, Advanced Threat Protection,Cloud Sandboxing and full AI-powered threat analysis, Web and AppControl, Email Protection, and a full featured Web Application Firewall.

And it’s easy to setup and manage. XG Firewall is the only network security solution that can fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security Heartbeat that shares telemetry and health status between Sophos endpoints and your firewall.

Leave a Reply