Sophos Firewall v21 provides third-party risk feed help for Lively Risk Response.
Lively Risk Response was first launched in v20, implementing a brand new extensible risk feed framework in Sophos Firewall to robotically reply to energetic threats. Preliminary help was supplied for dynamic risk intelligence feeds from Sophos X-Ops and Sophos MDR, enabling the firewall to robotically reply by blocking entry to any risk revealed by this framework.
Whereas that is all most prospects will ever want, there are particular areas or vertical markets the place particular customized risk feeds are inspired or required. There has additionally been an curiosity by our accomplice neighborhood, SoC suppliers, and many purchasers for an extensible risk feed functionality to help current or new risk detection and response options and companies.
To allow these use instances, Sophos Firewall v21 extends the risk feed framework to help third-party risk feeds. Now, you may simply add further vertical or customized risk feeds to the firewall, which is able to monitor and reply in the identical automated method – blocking any exercise related to them – throughout all safety engines (IPS, DNS, Internet and AV) and with out requiring any further firewall guidelines.
Third-party risk feeds and Lively Risk Response additionally set off the identical Synchronized Safety response as every other pink Safety Heartbeat situation. Your Sophos Firewall will implement any firewall guidelines that comprise pink Heartbeat situations and the firewall will even coordinate Lateral Motion Safety together with your Sophos Endpoints, which is able to inform all wholesome managed endpoints that there’s a compromised host on the LAN to allow them to block site visitors from that gadget.
Take a look at the brief video beneath a full demonstration on:
- How you can arrange third-party risk feeds
- How Lively Risk Response and lateral motion safety work
- How you can use the brand new dashboadring and reporting
For extra data, seek the advice of the on-line documentation.
Quite a lot of specialised and vertical risk feeds are supported, together with these supplied by safety organizations, business consortiums, and community-based or open-source risk intelligence sources. A very good instance is Greynoise, who’s that includes the Sophos Firewall integration on their web site.
Different nice examples embody:
- Cisco Talos
- Abuse.ch / URLhaus
- Hakk Options
- OSINT (Open-source Intelligence) / DigitalSide
- CINS Rating
- CrowdSec
- EclicticIQ
- Feodo Tracker
- And extra!
Begin benefiting from this nice new functionality in Sophos Firewall v21 by taking part within the Early Entry Program. Merely register for this system, click on the hyperlink in your e mail to obtain the firmware replace bundle, and set up it in your Sophos Firewall.
