Skip to content

Sophos SandstormKeeping intruders away from your network is an essential first line of defense. However, cybercriminals are constantly updating and refining their methods of attack, using unknown malware to evade conventional protection.

This means organizations need additional tools, working with traditional anti-malware protection, to strengthen their defenses against unknown threats.

For many companies though, these technologies are too costly and require extra security expertise to implement and monitor them.

That’s why we’re bringing the optional next-gen sandbox capabilities of Sophos Sandstorm to XG Firewall 16.5. Instantly providing another layer of detection and advanced protection against ransomware and targeted attacks, Sandstorm blocks evasive threats — sending them to its cloud-sandbox to be detonated and observed in a safe environment. Threat intelligence is fed back to the Sophos solution and the files are blocked or permitted.

The solution is simple to deploy and maintain, but also affordable so that all businesses can have access to powerful threat intelligence.

Want to know more?

You can learn about Sophos Sandstorm at Or, see for yourself by starting your FREE 30-day trial. Go to MySophos or the Administration -> Licensing menu in Control Center to get started today.


How would sandstorm be beneficial in the following scenario: network with UTM/XG using web filtering only with users using gmail and hotmail etc. Users have both PC’s and Mac and roam in and out of the office. Firstly how does sandstorm protect from webmail bourne threats and URL threats firstly in the office and secondly when outside the office but not connected to the office network via VPN. In there a client component or is this not a use case sandstorm covers. Many thanks.


Hi Richard and thanks for your question.

In your first scenario, in the office behind the firewall, Sandstorm will protect against webmail borne threats. The webmail traffic is http and https, which is scanned by UTM and XG, any suspicious attachments not detected as malware will be sent to Sandstorm for analysis.

In scenario two, out of the office, currently, Sandstorm will not will protect against webmail borne threats, unless the remote user is using a VPN to connect to the office network. Currently the remote user will rely on his endpoint security. We do plan to address this in future releases and make Sandstorm available directly from the endpoint.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!