Sophos Internet

30-04-2021
 |  [RAND-100] - Comments



Sophos Central is the unified console for managing all your Sophos products. Sign into your account, take a tour, or start a trial from here. Personal; Download Client. The Download Client page contains links to download all the clients you might need. The SSL VPN menu allows you to download remote access client software and configuration files, connect via clientless access and do secure web browsing. This page displays the overall Internet Usage of the user. Our Free Home Use XG Firewall is a fully equipped software version of the Sophos XG firewall, available at no cost for home users – no strings attached. Features full protection for your home network, including anti-malware, web security and URL filtering, application control, IPS, traffic shaping, VPN, reporting and monitoring, and much more. Sophos is a big name in business and enterprise antivirus, endpoint protection, and security suite products, but you can get much of the same enterprise-level protection for your own devices, in. Sophos Support Plans Our support plans range from basic technical support to options including direct access to senior support engineers and customized delivery. Receive Training As a Sophos Customer, you can attend our courses and webinars to stay up to date.

Sophos
TypePrivate
IndustryComputer software
Founded1985; 36 years ago
Founder
HeadquartersAbingdon, England
Key people
ProductsSecurity software
ServicesComputer security
Revenue$640.7 million (2018)[1]
US$46.9 million (2018)[1]
US$66.3 million (2018)[1]
OwnerThoma Bravo
Number of employees
3,319 (2018)[1]
Websitesophos.com

Sophos Group plc is a British security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to 100- to 5,000-seat organizations. While not a primary focus, Sophos also protects home users, through free and paid antivirus solutions (Sophos Home/Home Premium) intended to demonstrate product functionality. It was listed on the London Stock Exchange until it was acquired by Thoma Bravo in February 2020.

History[edit]

Sophos was founded by Jan Hruska and Peter Lammer and began producing its first antivirus and encryption products in 1985.[2] During the late 1980s and into the 1990s, Sophos primarily developed and sold a range of security technologies in the UK, including encryption tools available for most users (private or business). In the late 1990s, Sophos concentrated its efforts on the development and sale of antivirus technology, and embarked on a program of international expansion.[3]

In 2003, Sophos acquired ActiveState, a North American software company that developed anti-spam software. At that time viruses were being spread primarily through email spam and this allowed Sophos to produce a combined anti-spam and antivirus solution.[4] In 2006, Peter Gyenes and Steve Munford were named chairman and CEO of Sophos, respectively. Jan Hruska and Peter Lammer remain as members of the board of directors.[5] In 2010, the majority interest of Sophos was sold to Apax.[6] In 2010, Nick Bray, formerly Group CFO at Micro Focus International, was named CFO of Sophos.[7]

In 2011, Utimaco Safeware AG (acquired by Sophos in 2008–9) were accused of supplying data monitoring and tracking software to partners that have sold to governments such as Syria: Sophos issued a statement of apology and confirmed that they had suspended their relationship with the partners in question and launched an investigation.[8][9] In 2012, Kris Hagerman, formerly CEO at Corel Corporation, was named CEO of Sophos and joined the company's board. Former CEO Steve Munford became non-executive chairman of the board.[10] In February 2014, Sophos announced that it had acquired Cyberoam Technologies, a provider of network security products.[11] In June 2015, Sophos announced plans to raise $US100 million on the London Stock Exchange.[12] Sophos was floated on the FTSE in September 2015.[13]

On 14 October 2019 Sophos announced that Thoma Bravo, a US-based private equity firm, made an offer to acquire Sophos for US$7.40 per share, representing an enterprise value of approximately $3.9 billion. The board of directors of Sophos stated their intention to unanimously recommend the offer to the company's shareholders.[14] On 2 March 2020 Sophos announced the completion of the acquisition.[15]

Acquisitions and partnerships[edit]

From September 2003 to February 2006, Sophos served as the parent company of ActiveState, a developer of programming tools for dynamic programming languages: in February 2006, ActiveState became an independent company when it was sold to Vancouver-based venture capitalist firm Pender Financial.[16] In 2007, Sophos acquired ENDFORCE, a company based in Ohio, United States, which developed and sold security policy compliance and Network Access Control (NAC) software.[17][18] In November 2016, Sophos acquired Barricade, a pioneering start-up with a powerful behavior-based analytics engine built on machine learning techniques,[19] to strengthen synchronized security capabilities and next-generation network and endpoint protection. In February 2017, Sophos acquired Invincea, a software company that provides malware threat detection, prevention, and pre-breach forensic intelligence.[20][21][22]

In March 2020, Thoma Bravo acquired Sophos for $3.9 billion.[23]

See also[edit]

References[edit]

  1. ^ abcd'Annual Report 2018'(PDF). Sophos. Retrieved 20 March 2019.
  2. ^'Sophos: the early years'. Naked Security.
  3. ^'Exterminator Tools'. Windows IT Pro. 15 November 1999. Retrieved 24 April 2017.
  4. ^'Sophos acquires anti-spam specialist ActiveState'. www.sophos.com. Retrieved 3 January 2016.
  5. ^'Sophos Management Team | Global Leaders in IT Security'. sophos.com.
  6. ^'Apax Partners to acquire majority stake in Sophos'.
  7. ^'Board of Directors'.
  8. ^'The Bureau Investigates article'. Archived from the original on 4 December 2011.
  9. ^'Statement from Sophos on Recent Media Reports'.
  10. ^'Sophos Board of Directors webpage'.
  11. ^'Sophos Acquires Cyberoam to Boost Layered Defense Portfolio'. Infosecurity Magazine.
  12. ^'Sophos Plans $100 Million London IPO'.
  13. ^'Sophos joins the UK's top public companies in the FTSE 250'.
  14. ^'Sophos founders exit before Thoma Bravo sale'. Global Capital. 5 December 2019. Retrieved 25 February 2020.
  15. ^'Sophos opens new chapter with take-private acquisition'.
  16. ^'ActiveState Acquired by Employees and Pender Financial Group; Company Renews Focus on Tools and Solutions for Dynamic Languages'. Business Wire. 22 February 2006. Retrieved 24 April 2017.
  17. ^'Sophos buys Endforce for network access control'. Network World. 11 January 2007. Retrieved 24 April 2017.
  18. ^Wauters, Robin. 'Sophos beefs up on online security, acquires Dutch security software firm SurfRight for $31.8 million'. Retrieved 2 August 2016.
  19. ^https://www.sophos.com/en-us/press-office/press-releases/2016/11/sophos-acquires-security-analytics-start-up-in-ireland.aspx
  20. ^'Sophos Adds Advanced Machine Learning to Its Next-Generation Endpoint Protection Portfolio with Acquisition of Invincea'. Sophos. 8 February 2017. Retrieved 11 February 2017.
  21. ^'Sophos grows anti-malware ensemble with Invincea'. Sophos. 8 February 2017. Retrieved 11 February 2017. One may ask, if you already have great next-generation technology, why do you need Invincea’s technology?...Think of Invincea as the superhero that takes our ensemble to the next level – the entity that adds neural network-based machine learning to the team.
  22. ^'Sophos to Acquire Invincea to Add Industry Leading Machine Learning to its Next Generation Endpoint Protection Portfolio'. Invincea. 8 February 2017. Retrieved 11 February 2017.
  23. ^'Thoma Bravo completes $3.9B Sophos acquisition'. TechCrunch. Retrieved 7 April 2020.

External links[edit]

Retrieved from 'https://en.wikipedia.org/w/index.php?title=Sophos&oldid=1014829104'

Sophos XG firewall rules are broken up into ‘User/Network Rules’ and ‘Business Application Rules’. For this example, we’ll be creating a ‘User/Network Rules’ firewall rule that will allow devices on our network to access the internet. If you used the setup wizard during the Sophos XG setup process, a firewall rule was automatically created labeled #Default_Policy_Rule that does exactly this. The purpose of this example is to explain each of the settings in more detail.

Browse to the ‘Firewall’ page under ‘Protect’ and click ‘Add Firewall Rule’ -> ‘Add User/Network Rule’.

Rule Name: Type in a rule name that allows you to easily identify what this rule is for such as, “Allow LAN to WAN”.

Description: Provide a description so you can remember specifically what this rule does such as, “Allow all traffic originating from LAN to access the internet.”

Position: Defines whether this firewall rule will be created above or below all of your other firewall rules. The order in which you create firewall rules is extremely important as firewall rules are assessed from top to bottom and will stop being assessed once a firewall rule is applied. For example, if a new connection is being made, it will assess it against the firewall rules starting from the top. If the first rule doesn’t apply to that connection/traffic, it will assess it against the second rule. If instead the first rule does apply to that connection/traffic, it will apply that firewall rule and not assess it against the second rule. You can adjust the order of firewall rules from the main ‘Firewall’ page.

Action: Either accept, drop or reject the traffic. For this example, select ‘Accept’

Source

Source Zones: This is the zone(s) traffic will ingress/enter the Sophos device which is ‘LAN’ for this example. Zones are a logical grouping of physical and/or virtual interfaces. For example, if your hardware has multiple network interfaces, you will likely have one network interface in the ‘LAN’ zone and another in the ‘WAN’ zone. The zones can be configured in the ‘Zones’ tab on the ‘Network’ page under ‘Configure’.

Source Networks and Devices: This defines which specific network(s) or device(s) where traffic will originate from which can be based on anything that is defined on the ‘Host and Services’ page under ‘System’ or newly defined by clicking ‘Add New Item’ -> ‘Create new’. This includes IP addresses, subnets, MAC addresses, Fully Qualified Domain Names (FQDN) or even countries. For this example, we’ll create a new entry for the local subnet by clicking ‘Add New Item’ -> ‘Create new’ -> ‘IP’. In the ‘Add IP Host’ dialog, type in a name such as ‘Local subnet’, select ‘IPv4’, select ‘Network’ and type in your subnet address (ex: 172.16.16.0) and set your subnet to /24 (255.255.255.0). Click ‘Save’. Finally, add this newly created ‘Local subnet’ to the ‘Source Networks and Devices’ list.

During Schedule Time: As the name implies, you can setup times when this firewall rule will be in effect as defined on the ‘Access Times’ tab on the ‘Profiles’ page under ‘System’. For this example, we’ll set this to ‘All the Time’.

Internet

Destination & Services

Destination Zones: Same idea as explained for ‘Source Zones’ except this is the zone(s) traffic will egress/leave the Sophos device which for this example is ‘WAN’ since that is where the physical interface that connects to our internet modem resides.

Destination Networks: Same idea as explained for ‘Source Network and Devices’ except this where the traffic is specifically going to. For this example, this will be ‘Any’ since we don’t know what IP addresses our devices will require access to.

Services: This provides the ability to specify exactly which services the firewall rule will allow. Services are basically an alias for different protocols and/or ports. For example, selecting the HTTP service will allow traffic originating from (source) TCP protocol on ports 1:65535 (port 1 through port 65535) to go to (destination) TCP protocol on port 80. You can view and add new services directly from the firewall page or from the ‘Services’ tab on the ‘Host and Services’ page. For this example, this will be set to ‘Any’ since we have a wide variety of devices on our network that require access to the internet through various services.

Note: Sophos XG is a stateful firewall, meaning if a connection is made from within your local subnet to the internet (assuming you have a firewall rule that allows this), traffic will be allowed both outbound and inbound on that connection. If someone tried to initiate a connection from outside your network to a device on your local network, that connection/traffic would be denied unless you had a specific firewall rule that allows that inbound connection/traffic, which is what ‘Business Application Rules’ are for.

Sophos

Identity

Match known users: For this example, this will be unchecked since we want this firewall rule to apply for all devices. However, with users and/or groups setup, this allows you to apply the firewall rule to specific users and/or groups.

Web Malware and Content Scanning

Scan HTTP: This allows for the scanning of of HTTP traffic for malware, unwanted applications and to enforce SafeSearch features on Google, Yahoo and Bing. These specific settings for ‘Scan HTTP’ can be configured on the ‘General Settings’ tab on the ‘Web’ page under ‘Protect’. For this example, check this box.

Decrypt & Scan HTTPS: This allows the same capabilities as mentioned above but for HTTP/S traffic. Enabling this will require additional setup of certifications on your devices to allow Sophos XG to decrypt the encrypted traffic for scanning. For this example, we’ll leave this unchecked unless you know how to setup the certificates for this feature to work.

Block Google QUIC(Quick UDP Internet Connections): QUIC is a transport layer network protocol (UDP 443) created by Google. If scanning HTTP(s) traffic is enabled, it’s recommended to enable this to force web traffic to use HTTP(s) thus being scanned.

Detect zero-day threats with Sandstorm: Unfortunately, the Sophos XG Home license does not include the Sandstorm service.

Scan FTP for Malware: Similar to what was already mentioned except for File Transfer Protocol (FTP) traffic. For this example, check this box.

Advanced

Intrusion Prevention: This feature, commonly referred to as IPS, allows for deep packet inspection (using Snort) based on pre-defined or customized policies you can create on the ‘IPS Policies’ tab on the ‘Intrusion Prevention’ page under ‘Protect’. For this example, select the ‘lantowan_general’ pre-defined policy as it provides a good balance between protecting your network/devices and preventing false positives (i.e. blocking valid packets).

Note: Enabling ‘Intrusion Prevention’ can potentially slow down your internet speeds. This will depend on how powerful your hardware but with my Qotom Q355G4 (Intel Core i5-5250U), my internet speeds dropped from 900/50 Mbps to 300/50 Mbps.

Traffic Shaping Policy: Allows you to set bandwidth limits and priorities as defined in the ‘Traffic Shaping’ tab on the ‘System Services’ page under ‘Configure’. For this example, we’ll set this to ‘None’.

Web Policy: Ability to restrict web access to certain categories of websites as defined in the ‘Policies’ tab on the ‘Web’ page under ‘Protect. For this example, we’ll set this to ‘None’.

Note: When ‘None’ is selected, packets will not go through the web proxy. With ‘Allow All’ selected, packets will go through the web proxy. For a detailed explaination, see this thread (page 2) in the official Sophos community forums.

Apply Web Category based Traffic Shaping Policy: This enables traffic shaping based on what is defined for each web category. These can be set within each web category definition on the ‘Web’ page under the ‘Categories’ tab.

Application Control: Same as above except for specific applications. For this example, we’ll set this to ‘None’.

Apply Application-based Traffic Shaping Policy: This enables traffic shaping based on what is defined for each application. The traffic shaping policy for each application can be set on the ‘Applications’ page under the ‘Traffic Shaping Default’ tab.

Sophos Internet

Minimum Source HB Permitted: You can ignore this setting unless you’re running Sophos end point software on your devices.

Minimum Destination HB Permitted: Same as above.

Rewrite source address (Masquerading): Since traffic originating from your LAN will have its LAN network IP address as the ‘source’ in the traffic/packet, it will need to be rewritten before leaving your network with the IP address of your internet gateway/modem. For any traffic leaving your network to the internet, this should be checked which is the case for this example.

Use Gateway Specific Default NAT Policy: This option only appears if ‘Rewrite source address (Masquerading) is selected and will use whatever your ‘Default NAT Policy’ is set to on the ‘WAN Link Manager’ tab on the ‘Network’ page under ‘Configure’. By default, it’s set to ‘MASQ’, which will use your internet gateway/modem assigned IP address for rewriting the new source address. For this example, this will be checked.

Overwrite default NAT policy for specific gateway: If you have multiple gateways, this allows you to adjust the NAT policy for each gateway. For this example, this will be unchecked and won’t apply for most basic home networks.

Sophos Internet Speed Slow

Primary Gateway: This setting only applies if you have multiple gateways, which is likely not the case for a normal home network with only one Internet Service Provider (ISP). If you had multiple gateways, this allows you to choose which gateway traffic would utilize for this firewall rule. The option ‘WAN Link Load Balance’ gives you the ability to load balance outgoing WAN traffic. For this example, select your specific gateway.

DSCP Marking: Per the Sophos XG help docs, this setting “classifies flow of packets as they enter the local network depending upon QoS.” For this example, leave it undefined.

Sophos Internet Security

Log Firewall Traffic: As the name implies, with this checked the traffic that applies to this firewall rule will be logged which you can view from the ‘Log Viewer’ located on the top right section of any page. For this example, leave this unchecked unless you have a specific need to log all traffic going through this firewall rule.

Sophos Internet Security Review

Click ‘Save’ at the bottom and you’re finished!

Here’s a screenshot of what this firewall rule looks like (note: ‘Block Google QUIC’ is not pictured as it was added in a later version of Sophos XG):

Sophos Internet Filter

Realize this is just an example of setting up a firewall rule and by no means am I recommending you use this firewall rule for a home network. Your specific requirements will vary and there’s many different opinions and strategies for setting up firewall rules (i.e. deny all vs. allow all outbound by default).