Over the last few weeks Sophos’ Chris McCormack has written a series of honest appraisals about the problems with modern firewalls, going into detail about their issues with protection, app control and incident response.
Putting it bluntly, the complexity of next-gen firewalls has left network administrators with a collection of very serious and unsustainable problems, not least:
- Your risky users are anonymous
- Too much of your traffic goes unidentified
- Your endpoints know about risks your firewall doesn’t
Our research in this area revealed that many organizations are flying blind: up to 90% of application traffic is going unidentified, and network administrators simply don’t have the time to master firewalls that are dangerously difficult to understand, configure, manage and deploy.
Cutting through the problems that some next-gen firewalls have burdened your network administrators with is the solution, and it was one of the organizing principles behind the creation of our XG Firewall v17.
XG Firewall teams up with your Sophos endpoints using our unique Security HeartbeatTM, transforming your firewall from a soloist to the conductor of the orchestra. It can stop APTs (Advanced Persistent Threats), track your endpoints’ health status, identify undetected applications and isolate infected systems automatically, so that breaches don’t turn into outbreaks.
And it can do it right now, on your network, easily.
No, really. There’s no need to tear out your existing firewall (or your hair) because you can utilize the best-of-breed capabilities of XG Firewall by deploying it in inline or in Discover mode. (Replacing your existing firewall completely is simple too – our step-by-step deployment wizard will have you up and running in just a few minutes.)
Connect your XG Firewall to a mirror port on your network switch and it starts work revealing deeper insights into your network immediately.
You’ll get all the visibility benefits of Synchronized Security, such as our Security HeartbeatTM status for endpoint health, and instant notifications of systems at risk on your network. You’ll also gain a new level of insight into applications, and the presence of threats and other risks on your network.
Discover mode takes visibility and insight to a whole new level, and when you’re ready to take advantage of some of the additional security and controls that your XG Firewall offers you can easily move it inline.
Our XG series appliances are available with fail-open bypass ports so they can be installed in bridge mode, inline with your existing firewall. If your inline XG Firewall needs to be shut down, or rebooted for a firmware update, your traffic will still flow through it, ensuring there are no disruptions to your network.
Inline deployment enables full Synchronized Security capabilities, including Security HeartbeatTM, Synchronized Application Control, and automated response to incidents on your network when an endpoint’s health changes.
You can also choose to add additional protection like our industry leading IPS, sandboxing with deep learning, ATP protection, web server protection, and more to your network whenever you’re ready.