In the last few articles on the topic of our latest Sophos Firewall release, we’ve discussed the importance of Secure by Design and covered one of the highlights of this release: the new Health Check feature. There are also a number of other important enhancements to Secure by Design in Sophos Firewall v22. Let’s take a look.

Next-Gen Xstream Architecture

Sophos Firewall introduced the Xstream Architecture as a key component of v18, enabling XGS Series appliances to take full advantage of the added processing power and capabilities it provided. Since then, Sophos Firewall’s Xstream Architecture has been constantly scaling and adapting to bring additional performance to customer networks.

This is all thanks to the programmable nature of Sophos Firewall’s Xstream Architecture that is NOT dependent on custom silicon ASICs – and in fact works equally well on general-purpose CPUs, virtual CPUs, and our XGS Series models that have dedicated flow processors.

Sophos Firewall v22 introduces our next-generation Xstream Architecture, which has an all-new control plane re-architected for maximum security and scalability to take us into the future. The new control plane enables modularization, isolation, and containerization of services like IPS for example, to run like “apps” on the firewall platform. It also enables complete separation of privileges for added security.

The net result is an ultra-secure, scalable, and streamlined architecture built for the future. This next-gen Xstream Architecture lays a foundation for highly secure, scalable, and modular containerized services, n-node clustering, and full RESTful APIs for high-performance remote management and automation.

High-availability self-healing

In addition, this Next-Gen Xstream Architecture adds a new self-healing capability to high-availability deployments that is continuously monitoring system state and fixes deviations between devices automatically.

Hardened kernel

The next-gen Xstream Architecture in Sophos Firewall OS is built upon a new hardened kernel (v6.6+) that provides enhanced security, performance, and scalability to maximize current and future hardware. The new kernel offers tighter process isolation and better mitigation for side-channel attacks as well as mitigations for CPU vulnerabilities (Spectre, Meltdown, L1TF, MDS, Retbleed, ZenBleed, Downfall). It also offers hardened usercopy, stack canaries, and Kernel Address Space Layout Randomization (KASLR).

Remote integrity monitoring

Sophos Firewall OS v22 now integrates our Sophos XDR Linux Sensor that enables real-time monitoring of system integrity, including unauthorized configuration, rule exports, malicious program execution attempts, file tampering, and more.

This helps our security teams who are constantly monitoring our entire Sophos Firewall customer base to better identify, investigate, and respond more quickly to any attack. This is an added security capability that no other firewall vendor provides.

New anti-malware engine

Sophos Firewall OS v22 integrates the latest Sophos anti-malware engine with enhanced zero-day, real-time detection of emerging threats using global reputation lookups. This is possible thanks to a massive cloud database of known malicious files, which is updated every 5 mins or less.

It also introduces AI and ML model detections and delivers enhanced telemetry to SophosLabs for accelerating their emerging threat detection analysis.

Get started today

Be sure to get involved in the Sophos Firewall v22 Early Access Program to better secure your and your customers’ networks and help make this release the best it can be. Also be sure to review the What’s New Guide for a full list of all the new capabilities in Sophos Firewall v22.