Web protection is one of the most widely used features on the Sophos UTM, and no wonder. The importance of dealing properly with web threats is one reason, but there are others.
We’ve made a number of changes in UTM Accelerated (9.2) to strengthen, simplify and accelerate web protection. I’ll be talking about a few of them in this blog series. Two of the most important ones are transparent single sign-on and device-specific authentication.
Transparent Single Sign-on
With all the temptations of the Internet at their fingertips, it’s hard for end users to exercise great judgment about where they should be browsing. That’s why most organizations deploy at least some kind of productivity filtering. Whether you’re just blocking the seedier side of the Internet, or limiting browsing to business-related content, the Sophos UTM makes it simple to enforce a range of different policies.
Most importantly, you can create different policies for different users. If you’re a school, you want to manage where the students can go but still allow the staff some leeway to go to important sites. Or maybe you’re at a business where the restrictions on your call center staff would not go down well if applied to the CEO.
User-based web policies are nothing new. But if you’ve tried to make them work before, especially with transparent web filtering, you’ve probably experienced headaches.
While planning UTM 9.2 we talked to a lot of businesses about their experiences with web filtering products and we heard some real horror stories. Some spoke of products that required agents to be installed on the Active Directory server. Many spoke of users being mis-identified because the product couldn’t keep up with logouts and logins. Others complained about users having to keep entering their username and password to log in.
With previous versions of Sophos UTM, you had to install our User Agent on all your endpoints if you wanted to enforce user-based policies in transparent mode. This worked well, but was certainly not as simple as we would like.
Fortunately, our engineers have come up with a truly simple solution: transparent single sign-on.
Sophos’s transparent single sign-on technology was developed originally on our standalone Web Appliance. It’s been working really well on that product for a few years now, so as a proven technology we thought it was time to bring it to the Sophos UTM.
It works by transparently communicating with the browser to authenticate with the UTM in the background, without impacting the user. The browser sends the user’s Active Directory credentials and the UTM can log the traffic to the correct user and apply the right policy. It requires no extra software agents.
Even if you’re not an Active Directory shop, your life will still be easier. Once the user has logged on for the first time, their credentials will be stored and re-used to keep interruptions to a minimum.
Device-Specific Authentication
Another challenge our customers are facing is enabling the safe use of mobile devices. Users want to bring their smartphones and tablets to work and expect to be able to use them.
Unfortunately these devices can’t always handle the same authentication protocols as PCs. In some situations, you may want to ensure users go through a login page before browsing. Or maybe you don’t care about where they’re browsing as long as a basic anti-malware policy is applied.
Previously, the only solution for this would have been to segregate these devices into different subnets, or even onto different Wi-Fi networks. This approach no longer felt right with BYOD becoming a norm. So we fixed it.
UTM 9.2 can now analyze network streams and quickly tell what kind of device it’s coming from. By spotting fingerprints in the network stream, it can distinguish a Windows PC from an iPad or an Android from a Mac. You can then use this information to specify different authentication options for each type of device without having to structure your network to cope with these differences.
Transparent single sign-on and device-specific authentication in UTM 9.2 are just two out of the many features that help accelerate your protection. Your users can be protected quickly and simply, with the right web policies, without you having to leave the UTM’s WebAdmin console.
Get ready for UTM Accelerated (9.2)
You’ll soon be able to read all about these great new features as we roll them out on our website. Or if you’re visiting RSA or CeBIT in the coming weeks, we’ll be offering a sneak peak at this technology in action at our trade show booth.
Come back to Sophos Blog for the next post in the coming days explaining more feature highlights of Sophos UTM Accelerated (9.2). Until then, should you have any questions, we’re only an email or a phone call away.
What’s coming in Sophos UTM Accelerated (9.2): #3 – Easier web policy enhancements | Sophos Blog
[…] role in protecting our customers and their users. In the last blog post I discussed changes to user authentication. In this post I’m going to talk about how we’ve made policy authoring easier, and how […]
What’s coming in Sophos UTM Accelerated (9.2): #5 – Advanced Threat Protection (ATP) | Sophos Blog
[…] you will, of course, have enabled (watch out for our next blog post to find out why)—and your web protection—and consolidate […]
What’s new in Sophos UTM Accelerated (9.2): #7 – Safer Web Application Firewall | Sophos Blog
[…] Maybe you’ve been using Microsoft Forefront TMG for this? Well now you have a great upgrade replacement that integrates with the rest of your network security. It offers both customizable forms-based authentication as well as basic browser-based authentication. […]
The wait is over: Introducing Sophos UTM Accelerated (9.2), our best UTM release ever | Sophos Blog
[…] use. Whether that’s ensuring they can use their smartphone to authenticate, or providing more user-friendly ways to log in to the web with their latest iOS or Android […]
Sophos in the news: UTM Accelerated 9.2, APTs, and the NSA’s blurred lines | Sophos Blog
[…] #2 – Smarter web user authentication […]