Sophos (LSE: SOPH), a global provider of network and endpoint security, has introduced synchronized security protection against today’s sophisticated threats – with the Sophos Security Heartbeat capability of the Sophos XG series of “next-generation” firewalls and UTMs.
The new technology directly links “next-generation” firewalls and UTMs with “next-generation” endpoint security to share threat intelligence that would enable faster detection of threats, automatic isolation of infected devices, and more immediate and targeted response and resolution.
Sophos Security Heartbeat
With Security Heartbeat, organizations of any size would be able to advance their defenses against increasingly coordinated and stealthy attacks and drive a dramatic reduction in the time and resources required to investigate and address security incidents.
The Security Heartbeat pulses continuous, real-time information about suspicious behavior or malicious activity between endpoints and the network firewall or UTM. By giving these traditionally independent products the ability to directly share intelligence, the Security Heartbeat can instantly trigger a response to stop or help control a malware outbreak or data breach.
The Sophos XG Firewall uses data provided by Sophos’ endpoint protection to isolate and restrict access to and from the affected device, and in parallel, the endpoint protection can remediate the attack.
IT organizations can benefit from these advanced threat protection capabilities without requiring additional agents, layers of complex management tools, logging and analysis tools, or expense. The Security Heartbeat is fully enabled and included as part of the Sophos XG Firewall and Sophos Cloud-managed endpoint protection.
How does the Sophos Security Heartbeat work?
- When a new Sophos protected endpoint is added to the network, its Security Heartbeat automatically connects to the local Sophos XG Firewall and the endpoint immediately starts sharing health status.
- If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information is instantly shared securely via the Security Heartbeat.
- The endpoint reports context-rich information such as the computer name, username and process information associated with the threat.
- The firewall can automatically take action to isolate the endpoint from internal and/or external networks and trigger additional action on the endpoint to mitigate risk and prevent data loss.
- After the threat has been removed, the endpoint uses the Security Heartbeat to communicate updated health status back to the network, which then re-establishes normal service to the endpoint.
“Today Sophos has taken the next big step in next-generation security,” said Kris Hagerman, CEO of Sophos. “Organizations of every size know they need endpoint security and network security – they are two foundational pillars of any IT security strategy. But for too long, these two product segments simply didn’t communicate with each other – they were independent and isolated silos, which limited their effectiveness and their manageability. Synchronized security delivers both better protection and better manageability, for organizations of any size.”