Solution Brief: XG Firewall

Similar documents
FIREWALL BEST PRACTICES TO BLOCK

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Next-Gen Firewall Buyers Guide

XG Firewall. What s New in v17. Setup, Control Center and Navigation. Initial Setup Wizard. Synchronized App Control Widget.

FIREWALL BEST PRACTICES TO BLOCK

XG Firewall and SD-WAN

Sophos MSP Connect. One flexible MSP program to connect you and your customers to one complete and simple security solution.

Server Protection Buyers Guide

Sizing Guideline. Sophos XG Firewall XG Series Appliances. Sophos Firewall OS Sizing Guide for XG Series appliances

CASE STUDY. Customer-at-a-Glance. Industry. Sophos Solutions. Fitas Flax Indústria e Comércio Ltda. Brazil. Manufacturing

Sophos XG Firewall. IP Partners ICT Systems & Services.

Sizing Guidelines. Sophos XG Firewall - XG Series Appliances. Sophos Firewall OS Sizing Guide for XG Series appliances

Consolidating to a Best of Breed Security System

High risk, unwanted and even malicious applications are hiding like parasites on many organizations' networks.

WatchGuard Total Security Complete network protection in a single, easy-to-deploy solution.

CUSTOMER CASE STUDY. Sophos and Wave 9 Make Managing 20 Schools Easier and More Secure. Customer-at-a-Glance

Synchronized Security

Defend Against the Unknown

SOLUTION BRIEF RSA NETWITNESS EVOLVED SIEM

Top 10 most important IT priorities over the next 12 months. (Percent of respondents, N=633, ten responses accepted)

Securing Your Microsoft Azure Virtual Networks

From Firewall to Cloud, Diocese of Brooklyn Enthusiastically Embraces Unified Sophos Security Across its Parishes and Schools

Securing Your Amazon Web Services Virtual Networks

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Synchronized Security

ARTIFICIAL INTELLIGENCE POWERED AUTOMATED THREAT HUNTING AND NETWORK SELF-DEFENSE

Transforming Security from Defense in Depth to Comprehensive Security Assurance

SRX als NGFW. Michel Tepper Consultant

Sophos XG Firewall v Release Notes. Sophos XG Firewall Reports Guide v17

Agenda. Why we need a new approach to endpoint security. Introducing Sophos Intercept X. Demonstration / Feature Walk Through. Deployment Options

trend micro smart Protection suites

Vectra Cognito. Brochure HIGHLIGHTS. Security analyst in software

Preparing your network for the next wave of innovation

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

SOLUTION BRIEF RSA NETWITNESS SUITE 3X THE IMPACT WITH YOUR EXISTING SECURITY TEAM

Firewall Buyers Guide

WHITE PAPER. Applying Software-Defined Security to the Branch Office

The Cognito automated threat detection and response platform

Sophos Pricing and Ordering Made Simple Partner FAQ

Sophos Gateway Comparison

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

Snort: The World s Most Widely Deployed IPS Technology

Cloud Security & Advance Threat Protection. Cloud Security & Advance Threat Protection

2018 Edition. Security and Compliance for Office 365

with Advanced Protection

Endpoint Security Buyers Guide

Competitive Analysis. Version 1.0. February 2017

Symantec Endpoint Protection 14

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Cisco Cloud Security. How to Protect Business to Support Digital Transformation

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

RSA INCIDENT RESPONSE SERVICES

WHY SIEMS WITH ADVANCED NETWORK- TRAFFIC ANALYTICS IS A POWERFUL COMBINATION. A Novetta Cyber Analytics Brief

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

BUILDING A NEXT-GENERATION FIREWALL

Simplify Your Network Security with All-In-One Unified Threat Management

A Security View-point

Isla Web Malware Isolation and Network Sandbox Solutions Security Technology Comparison and Integration Guide

CASE STUDY INSIGHTS: MICRO-SEGMENTATION TRANSFORMS SECURITY. How Organizations Around the World Are Protecting Critical Data

White Paper. Why IDS Can t Adequately Protect Your IoT Devices

Sophos XG Firewall Licensing

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

MODERN DESKTOP SECURITY

SOLUTION BRIEF RSA NETWITNESS NETWORK VISIBILITY-DRIVEN THREAT DEFENSE

Reduce Your Network's Attack Surface

Best Practices in Securing a Multicloud World

Cognito Detect is the most powerful way to find and stop cyberattackers in real time

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

DEFENCE IN DEPTH HOW ANTIVIRUS, TRADITIONAL FIREWALLS, AND DNS FIREWALLS WORK TOGETHER

How your network can take on the cloud and win. Think beyond traditional networking toward a secure digital perimeter

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Managed Endpoint Defense

Sophos. Allan Widell Channel Account Executive. 24. August 2017

Sophos Secure Gateway Comparison

JUNIPER SKY ADVANCED THREAT PREVENTION

Christopher Covert. Principal Product Manager Enterprise Solutions Group. Copyright 2016 Symantec Endpoint Protection Cloud

Security Made Simple by Sophos

What to Look for When Evaluating Next-Generation Firewalls

IBM Security Network Protection Solutions

OUR SECURITY DELIVERED YOUR WAY

WHITEPAPER. How to secure your Post-perimeter world

Synchronized Security: Outsmart Hackers by Coordinating Your Defenses

Security and Compliance for Office 365

RSA INCIDENT RESPONSE SERVICES

WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION

Juniper Sky Advanced Threat Prevention

3 Ways Businesses Use Network Virtualization. A Faster Path to Improved Security, Automated IT, and App Continuity

Machine-Powered Learning for People-Centered Security

6 KEY SECURITY REQUIREMENTS

Intel Security Advanced Threat Defense Threat Detection Testing

Integrated Access Management Solutions. Access Televentures

HOW TO HANDLE A RANSOM- DRIVEN DDOS ATTACK

PROTECTING YOUR NETWORK FROM THE INSIDE-OUT

Copyright 2011 Trend Micro Inc.

Security Automation Best Practices

Analytics Driven, Simple, Accurate and Actionable Cyber Security Solution CYBER ANALYTICS

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

DATA SHEET RSA NETWITNESS PLATFORM PERVASIVE VISIBILITY. ACTIONABLE INSIGHTS.

Transcription:

Solution Brief: XG Firewall There s an evolution in firewalls currently underway that s very different from any previous generation. The threat landscape has shifted radically and as a result, the complexity and number of security systems required to combat it has increased dramatically. And if that wasn t enough, collectively these security solutions generate an overwhelming amount of isolated data that is impossible to correlate. This has created a perilous situation that requires a radical new approach to network security one that can enable security systems to work together; that simplifies and streamlines everyday workflow; and can parse enormous volumes of information to focus attention on exactly what s important. It requires a different approach to security integration, innovations in management, and new ways of identifying and responding to risks and threats.

Firewalls Today Early firewalls operated at lower layers of the network stack, providing basic routing and packet filtering based on port and protocol inspection, to forward or drop the traffic. These firewalls were effective at stopping very basic attempts by hackers to enter the network. Network security has been forced to evolve, as attacks have shifted from attacking the network directly to infecting systems inside the network, typically by exploiting vulnerabilities in applications and servers; or by taking advantage of social engineering to gain a foothold through email and compromised websites. Over time, organizations have been forced to add additional network security appliances to their network perimeter for intrusion prevention, web filtering, anti-spam, remote access (VPN), and web application firewalls (WAF). The UTM (Unified Threat Management) appliance evolved out of the burden of managing an array of network security products UTM solutions allowed organizations to consolidate everything into a single appliance. Firewall technology has evolved as well, moving up the stack to Layer 7 and beyond to be able to identify and control specific application traffic. Firewalls also grew to incorporate technologies to more deeply inspect the contents of network packets and look for threats. They also gained the ability to control traffic based on the originating user or application, not just the type of traffic. This shift from ports and protocols to applications and users has spawned a new category of network protection: nextgeneration firewalls. A next-generation firewall is one that includes traditional stateful firewall inspection along with deep packet inspection that includes Intrusion Prevention, application awareness, user-based policies, and the ability to inspect encrypted traffic. Network security continues to consistently change and grow to meet the ever-evolving threat landscape. Modern threats like ransomware and botnet malware are more advanced, evasive, and targeted than ever before. These advanced persistent threats (APTs), use techniques that create a new zero-day threat with every instance, and can be extremely challenging for most signature-based systems to detect until it s too late. In a recent study, 83% of organizations surveyed had compromised systems on their network that were either victims of an APT or botnet. This is a pervasive and widespread problem. The nature of the current threat and network landscape is creating the need for fundamental changes in the approach to network security. First: Network security systems must now integrate new technology to identify malicious behavior in network payloads without the use of traditional antivirus signatures. Technologies like sandboxing that, until recently, were only affordable for large enterprise, have become extremely affordable for small and mid-sized organizations, and are now an essential part of an effective defence against modern malware. Solution Brief Document February 2017 2

Second: Security systems that used to be isolated and independent, such as the firewall and endpoint, now need to be integrated and work together to detect, identify, and respond to advanced threats quickly and efficiently before they can cause significant damage. Third: New dynamic application control technologies are required to properly identify and manage unknown applications, given the growing ineffectiveness of signaturebased engines to identify the latest protocols, custom applications, and those applications increasingly reliant on generic HTTP/HTTPS protocols. To make matters worse, most modern firewall products have become increasingly complicated, often leveraging several separate but loosely integrated solutions to tackle different threat vectors and compliance requirements. As a result, the management burden for the average network administrator has reached unsustainable levels and the amount of information and data these systems produce is simply indigestible. In fact, in a recent Firewall Satisfaction Survey of IT administrators, a number of common issues were identified with most firewalls in use today: They require too much time spent digging to get the necessary information They do not provide adequate visibility into threats and risks on the network They have plenty of features, but make it too difficult to figure out how to use them Sophos XG Firewall Sophos XG Firewall has been designed from the ground up to address today s top problems with existing firewalls, while also providing a platform designed specifically to tackle the evolving threat and network landscape. As a new entrant to the next-gen firewall space, Sophos XG Firewall brings a fresh approach to the way you manage your firewall, identify and respond to threats, and monitor what s happening on your network. It s packed with innovative modern technology that makes it the best choice for protecting your organization from today s latest threats, while offering all the insight and controls you need to manage risk and productivity, simply and easily. Intelligent Insights It s critically important for a modern firewall to parse through the mountain of information it collects, correlate data where possible, and highlight only the most important information requiring action ideally before it s too late. Solution Brief Document February 2017 3

Control Center XG Firewall s Control Center provides an unprecedented level of visibility into activity, risks, and threats on your network. It uses traffic light style indicators to focus your attention on what s most important: If something s red, it requires immediate attention. If something is yellow, that s an indication of a potential problem, and if everything is green, no further action is required. And every widget on the Control Center offers additional information that is easily revealed simply by clicking that widget. For example, the status of interfaces on the device can be easily obtained by simply clicking the Interfaces widget on the Control Center. Solution Brief Document February 2017 4

The host, user, and source of an advanced threat is also easily determined simply by clicking the ATP (advanced threat protection) widget in the dashboard. System graphs also show performance over time with selectable timeframes, whether you want to look at the last two hours to the last month or year. And they provide quick access to commonly used troubleshooting tools. The live log viewer is available from every screen with just a single click. You can open it in a new window so you can keep one eye on the relevant log while working on the console. It provides a nearly real time five-second refresh, and color-coded log lines and one-click access to the firewall rule table or packet capture make troubleshooting quick and easy. Solution Brief Document February 2017 5

If you re like most network admins, you ve probably wondered whether you have too many firewall rules, and which ones are really necessary versus which ones are not actually being used. With Sophos XG Firewall, you don t need to wonder anymore. The Active Firewall Rules widget shows a real-time graph of traffic being processed by the firewall by rule type: Business Application, User, and Network Rules. It also shows an active count of rules by status, including unused rules where you could have an opportunity to do some housekeeping. As with other areas of the Control Center, clicking any of these will drill down, in this case, to the firewall rule table sorted by the type or status of rule. Solution Brief Document February 2017 6

Risk Assessment and Reports User Risk Studies have proven that users are the weakest link in the security chain, and patterns of human behavior can be used to predict and prevent attacks. Also, usage patterns can help illustrate how efficiently corporate resources are utilized and if user policies need to be fine-tuned. The Layer 8 technology over Sophos firewalls treats user identity as the eighth layer or the "human layer" in the network protocol stack. This allows administrators to uniquely identify users, control the internet activity of these users in the network, and enable policy-setting and reporting by username. User Threat Quotient (UTQ) helps a security administrator spot users who pose a risk based on suspicious web behavior and advanced attacks triggered from their hosts. The risk could be a result of unintended actions due to lack of security awareness, a malware infected host, or the intentional actions of a rogue user. Knowing the user and the activities that caused risk can help the network security administrator take required actions to avoid such risks. Application Risk It s imperative today that your firewall provide essential insights into the applications traversing the network and potential risks they pose. XG Firewall s application awareness and control offers complete visibility into which applications are being accessed within the network and stops sophisticated application-layer threats right at the network perimeter. The Application Risk Meter provides an at-a-glance indication of the overall risk associated with various applications, and is calculated based on individual risk associated with a specific application and the number of hits on that application. If Solution Brief Document February 2017 7

your App Risk Meter is green, you have nothing to worry about. However, if it creeps into the red, you have risky or illegal apps in use on your network and you need to take action and implement an application control policy for your riskiest users. Rich On-Box Reporting XG Firewall is unique among firewall and UTM products, providing comprehensive, rich on-box reporting at no extra charge. Of course, we also offer a centralized off-box reporting platform, Sophos iview, if you prefer to do your reporting on a separate server. But most small and mid-sized organization appreciate the ability to get full historical reporting on a single appliance without paying extra. Solution Brief Document February 2017 8

XG Firewall provides a comprehensive set of reports, conveniently organized by type, with several built-in dashboards to choose from. There are literally hundreds of reports with customizable parameters across all areas of the firewall, including traffic activity, security, users, applications, web, networking, threats, VPN, email, and compliance. You can easily schedule periodic reports to be emailed to your or your designated recipients, and save reports as HTML, PDF, or CSV. Simpler Policy Management A commitment to simplicity has always been a key part of the Sophos DNA. But perhaps more importantly, Sophos has a rare willingness to embrace change and take bold steps to do things differently in the interest of providing both better protection and a better user experience. When we launched the Sophos XG Firewall, with an all new user interface, we had a unusual and exciting opportunity for a fresh start. We not only embraced that opportunity we made the most of it. The UX design team invested significant effort making XG Firewall look great, as well as addressing some of the most significant problems with managing firewalls today. Unified Policy Management Managing a firewall can be incredibly challenging, with multiple policies spread across a variety of functional areas often with several different rules required to provide the necessary protection. With the new XG Firewall, we took the opportunity to completely re-think the way policies are organized and managed. Instead of having to hunt around the management console looking for the right policies, we collected all policy management into a single unified screen. You can now view, filter, search, edit, add, modify, and organize all your firewall rules in one place. Solution Brief Document February 2017 9

Policy types for users, business applications, and networking make it easy to view only the policies you need while providing a single convenient screen for management. Indicator icons provide important information about policies such as their type, status, Heartbeat requirements, and much more. Natural language descriptions help you understand what a policy is doing in simple language long after you ve configured it. Layer-8 User-Based Policy XG Firewall integrates our patented Layer 8 identity-based policy technology, enabling user-level controls over applications, bandwidth, and other network resources, regardless of IP address, location, network or device. It literally takes firewall policy to a whole new layer. This user-based policy offers full Layer 8 control over applications, websites, categories, and traffic shaping (Qu s) all in a single panel. With most other firewall products, this would require four or five different policies, all on different screens. Our integrated policies dramatically reduce firewall rule counts and make policy management a lot easier. Flexible authentication options enable you to easily know who s who, and include directory services such as Active Directory, edirectory, and LDAP, as well as NTLM, RADIUS, TACACS+, RSA, client agents, or a captive portal. And Sophos Transparent Authentication Suite (STAS) provides integration with directory services like Microsoft Active Directory for easy, reliable, transparent single sign-on authentication. Solution Brief Document February 2017 10

Enterprise-Grade Secure Web Gateway Web protection and control is a staple in any firewall, but unfortunately, it feels like an afterthought in most firewall implementations. Our experience building enterprisegrade web protection solutions has provided us with the background and know-how to implement the kind of web policy control you would normally only find in enterprise SWG solution costing ten times as much. We ve implemented an all-new top-down inheritance policy model, which makes building sophisticated policies easy and intuitive. Pre-defined policy templates, available right out of the box, are included for most common deployments such as typical workplace environments, education CIPA compliance, and much more. It means you can be up and complaint immediately with easy fine-tuning and customization options at your fingertips. In fact, we know that web policy is one of the most frequently changed elements on a dayto-day basis in your firewall which is why we ve invested heavily in making it easy for you to manage and tweak based on your user and business needs. You can easily customize users and groups, activities (comprised of URLs, categories, and file types), actions (to block, allow, or warn), and add or adjust time-of-day and day-of-week constraints. It s powerful web policy made simple. Solution Brief Document February 2017 11

Business Application Templates Anyone who s tried to setup a web application firewall policy for something like Exchange, SharePoint or a web server knows how challenging and issue-prone it can be. The range and number of settings is bewildering. But pre-defined policy templates can help you protect common business application servers quickly, easily, with confidence. Simply select your desired server type from the drop-down list. Once you select one of the common business applications you need to protect with your firewall, the configuration screen is prepopulated with the appropriate fields to make your job a lot simpler. You then simply enter a few details like the domain, path, and server information, and you re done. Compare this with having to setup a WAF policy in any other product which usually requires several screens. It s complex and confusing. Not with XG Firewall. Advanced Threat Protection and Synchronized Security Industry experts agree: proper protection against today s cyber threats requires defensein-depth, or layered defense that includes network traffic analysis, payload analysis, and endpoint behavior analysis. The age of signatures is gone. Today s more targeted and evasive threats require a coordinated effort that includes behavioral analysis and exploit detection and prevention to be effective. Advanced Threat Protection Advanced threat protection is essential for identifying APTs, bots, and other malware lurking on your network. XG Firewall uses a sophisticated mix of malicious traffic detection, botnet detection, and command and control (C and C) call-home traffic detection. It combines IPS, DNS, and URL analysis to identify call-home traffic and immediately identify not only the infected host, but the user and process. Solution Brief Document February 2017 12

This sophisticated underlying protection technology provides a very simple but helpful view of advanced threats on the network. As mentioned earlier, the XG Firewall Control Center presents a simple traffic-light style indication of advanced threats on the network. When it s red, that means the firewall has identified and blocked an advanced threat. And if you re using Sophos Synchronized Security with your XG Firewall, it can go one step further and isolate that compromised system until it s cleaned up to prevent any data leakage or further communication with hacker s servers. Sandstorm Sandboxing With advanced threats like ransomware becoming more targeted and evasive, there s a dire need for behavior-based payload analysis. Up until recently, the sandboxing technology required to provide this protection was only affordable by the largest enterprises. But now, thanks to cloud-based sandboxing solutions like Sophos Sandstorm, it s incredibly affordable for even the smallest business. For the first time, small and mid-size organizations get the same enterprise-grade sandboxing protection, but without the enterprise price tag. Sophos Sandstorm provides the ultimate cloud sandboxing solution, one that is simple and affordable, while providing essential protection from the latest zero-day threats lurking in email and web payloads. It s tightly integrated into XG Firewall and incredibly simple to setup, but because it s cloud-based there s no additional software or hardware required, and no impact on performance of your firewall. Suspicious email attachments and web downloads are automatically analyzed and detonated in a cloud sandbox to determine their behavior before they are allowed onto your network. Sophos Sandstorm provides an at-a-glance account of payload analysis on the XG Firewall Control Center and rich detailed reporting on all the files and threats analyzed and processed by your firewall. Solution Brief Document February 2017 13

While Sandboxing technology is becoming more commonplace, XG Firewall and Sophos Sandstorm deliver the best protection made simple, at a very aggressive price, making it affordable and effective for everyone. Security Heartbeat To stop sophisticated threats, you need security products that work together as a system protecting your network, users and data across all points of the network. With Sophos Synchronized Security, that s exactly what you get. Sophos Security Heartbeat shares intelligence in real time using a secure link between your endpoints and your firewall. This simple step of synchronizing security products that previously operated independently creates more effective protection against advanced malware and targeted attacks. Security Heartbeat can not only identify the presence of advanced threats instantly, it can also be used to communicate important information about the nature of the threat, the host system, and the user. And perhaps most importantly, Security Heartbeat can also be used to automatically take action to isolate or limit access to compromised systems until they can be cleaned up. It s exciting technology that is revolutionizing the way IT security solutions identify and respond to advanced threats. Solution Brief Document February 2017 14

Security Heartbeat for managed endpoints behind your firewall can be in one of three states: Green Heartbeat status indicates the endpoint system is healthy and will be allowed to access all appropriate network resources. Yellow Heartbeat status indicates a warning that a system may have a potentially unwanted application (PUA) or other issue. You can choose which network resources a yellow heartbeat is allowed to access until the issue is resolved. Red Heartbeat status indicates a system that is at risk of being infected with an advanced threat and may be attempting to call home to a botnet or command-andcontrol server. Using the Security Heartbeat policy settings in your Firewall, you can easily isolate systems with a red heartbeat status until they can be cleaned up to reduce the risk of data loss or further infection. Only Sophos can provide a solution like Security Heartbeat because only Sophos is a leader in both endpoint and network security solutions. While other vendors are starting to realize this is the future of IT security and are scrambling to implement something similar, they are all at a distinct disadvantage: they don t own both an industry leading endpoint solution and an industry leading firewall solution to integrate together. Lightning Performance Today s networks are under increasing performance pressure. The statistics are mindboggling: reports indicate devices outnumbering people 3 to 1, global IP traffic tripling over the next five years, smartphone traffic expecting to exceed that of PCs within the next few years, and massive increases in the use of cloud services, VoIP, video, and virtual meetings already happening. It s no wonder that typical firewalls are buckling under the pressure. That s why it s important to leverage new technologies that can increase throughput to ensure top performance without sacrificing security and protection. FastPath Packet Optimization FastPath packet optimization dramatically improves firewall throughput performance by automatically setting trusted and secure packets on the FastPath, which means they don t have to be processed by the firewall policy engine for identification and destination. Instead, the firewall forwards these packets directly to the security engine for scanning. Solution Brief Document February 2017 15

To better illustrate the FastPath concept, think of an airport. You arrive, and first someone verifies your identity and ticket to determine your destination and whether you re permitted to travel there. Packets are like groups of people, and if you have a large family or group traveling together, there s no need for everyone to go through this identity and destination verification step individually. After the leader of your traveling group has been cleared, the rest of this trusted group can proceed directly to security screening they are put on the fast path. This removes a heavy load from the firewall policy engine and results in a significant increase in firewall throughput. The next step at the airport is to go through security screening. And unlike some other firewall vendors, we don t enable anyone (or any packets) to slip past this important part of the process without the appropriate review. Some vendors use stream scanning, which compromises malware scanning effectiveness in the interest of improving performance. As you might imagine, at Sophos, we don t make compromises on protection, so all content is subjected to a thorough security scan by one or two different antivirus engines at your request. So, with Sophos XG Firewall, you re getting the best performance and the best protection without compromise. Industry Leading Appliance Hardware Sophos XG Series hardware appliances are purpose-built with the latest multi-core Intel technology, generous RAM provisioning, and high-speed solid-state storage to provide future-proof performance for the ever-increasing demands on your network. Whether you re protecting a small business or a large data center, you re getting industry-leading performance at every price point. Miercom, a leading independent test center, recently conducted a comparative test of UTM/next-gen firewall appliances from major network security vendors, including Sophos, Fortinet, Check Point, Dell SonicWALL, and WatchGuard. Miercom ran an extensive set of tests, including raw firewall throughput at a variety of real-world packet sizes. We were pleased with the results, as our XG 135w outperformed similar competing models in all tests by a significant margin. The Sophos XG 135w beat the competing average by 67.7%. Solution Brief Document February 2017 16

Throughput Performance Firewall - 1518 Byte 7000 6000 6560 Throughput (Mbps) 5000 4000 3000 2000 1000 2400 1995 1920 2160 2119 0 Sophos XG 135W Check Point 2200 Dell SonicWall TZ600 Fortinet FortiGate 90D WatchGuard M200 Competitor Average Source: Miercom March 2016 Miercom also measured performance under real-world conditions, with a variety of important security features enabled, such as IPS, application control, antivirus, and IPS. The Sophos XG 135w ranked at the top of every test, including the most demanding: a test in which all security features enabled. It outpaced competitors by 31.3%. With modern web applications placing increasing demands on firewall connection limits, Miercom also ran a series of demanding connection tests, which are ideal for revealing performance bottlenecks imposed by inadequate RAM and processing speed. Again, the Sophos XG 135w provides outstanding value with its high-performance Intel multi-core technology and generous amounts of RAM, you ll have an order-ofmagnitude advantage over competing Firewalls. Maximum Concurrent Connections Per Second Firewall vs UTM Concurrent Connections Per Second (CCPS) 9,000,000 8,000,000 7,000,000 6,000,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000 0 Sophos XG 135W Check Point 2200 Dell SonicWall TZ600 Fortinet FortiGate 90D WatchGuard M200 Competitor Average Firewall 8,380,000 936,000 124,994 1,500,000 1,283,000 960,999 UTM 8,370,000 135,000 124,992 1,490,000 914,000 665,998 Source: Miercom March 2016 The full report is available here. Solution Brief Document February 2017 17

Summary You ve seen how Sophos XG Firewall is addressing today s top problems with existing firewalls, by providing a fresh new approach to the way you manage your firewall, respond to threats, and monitor what s happening on your network. Be prepared for a whole new level of simplicity, security and insight. Try XG Firewall online for free. United Kingdom and Worldwide Sales Tel: +44 (0)8447 671131 Email: sales@sophos.com North American Sales Toll Free: 1-866-866-2802 Email: nasales@sophos.com Australia and New Zealand Sales Tel: +61 2 9409 9100 Email: sales@sophos.com.au Asia Sales Tel: +65 62244168 Email: salesasia@sophos.com Oxford, UK Copyright 2017. Sophos Ltd. All rights reserved. Registered in England and Wales No. 2096520, The Pentagon, Abingdon Science Park, Abingdon, OX14 3YP, UK Sophos is the registered trademark of Sophos Ltd. All other product and company names mentioned are trademarks or registered trademarks of their respective owners. 2017-02-09 SBD-NA (MP)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback