sophos firewall v21
Products and Services PRODUCTS & SERVICES

Sophos Firewall v21: Third-party threat feeds

How to make the most of the new features in Sophos Firewall v21
Written by
September 10, 2024
Products & Services Firewall network v21

Sophos Firewall v21 adds third-party threat feed support for Active Threat Response.

Active Threat Response was first introduced in v20, implementing a new extensible threat feed framework in Sophos Firewall to automatically respond to active threats. Initial support was provided for dynamic threat intelligence feeds from Sophos X-Ops and Sophos MDR, enabling the firewall to automatically respond by blocking access to any threat published through this framework.

While this is all most customers will ever need, there are certain regions or vertical markets where specific custom threat feeds are encouraged or required. There has also been an interest by our partner community, SoC providers, and many customers for an extensible threat feed capability to support existing or new threat detection and response solutions and services.

To enable these use cases, Sophos Firewall v21 extends the threat feed framework to support third-party threat feeds. Now, you can easily add additional vertical or custom threat feeds to the firewall, which will monitor and respond in the same automatic way – blocking any activity associated with them – across all security engines (IPS, DNS, Web and AV) and without requiring any additional firewall rules.

Third-party threat feeds and Active Threat Response also trigger the same Synchronized Security response as any other red Security Heartbeat condition. Your Sophos Firewall will enforce any firewall rules that contain red Heartbeat conditions and the firewall will also coordinate Lateral Movement Protection with your Sophos Endpoints, which will inform all healthy managed endpoints that there is a compromised host on the LAN so they can block traffic from that device.

FW-ATR

Check out the short video below a full demonstration on:

  • How to set up third-party threat feeds
  • How Active Threat Response and lateral movement protection work
  • How to use the new dashboarding and reporting

For more information, consult the online documentation.

A variety of specialized and vertical threat feeds are supported, including those provided by security organizations, industry consortiums, and community-based or open-source threat intelligence sources. A good example is Greynoise, who is featuring the Sophos Firewall integration on their website.

Other great examples include:

  • Cisco Talos
  • Abuse.ch / URLhaus
  • Hakk Solutions
  • OSINT (Open-source Intelligence) / DigitalSide
  • CINS Score
  • CrowdSec
  • EclicticIQ
  • Feodo Tracker
  • And more!

Start taking advantage of this great new capability in Sophos Firewall v21 by participating in the Early Access Program. Simply register for the program, click the link in your email to download the firmware update package, and install it on your Sophos Firewall.

About the Author

Chris McCormack is a network security specialist at Sophos where he has been focused on firewall and network protection since joining Sophos in 2008. When not evangelizing Sophos network security products, Chris specializes in providing advice and insight into the latest threats and network protection technologies and strategies.

Read Similar Articles

Leave a Reply

Your email address will not be published. Required fields are marked *