Video: Announcing Sophos Firewall v22 | Duration: 2572s | Summary: Announcing Sophos Firewall v22 | Chapters: Welcome and Introduction (6.16s), Sophos Firewall Introduction (90.17s), Security Challenges Addressed (206.62s), Secure by Design (490.045s), Secure By Design (997.055s), Enhanced Management Capabilities (1427.75s), Strengthening Competitive Position (1598.705s)

Transcript for "Announcing Sophos Firewall v22": Hello, everybody, and thanks for joining us. We're just gonna give it a few more moments to let people to join and, make sure that people can log in and start from the beginning. If you've got any issues with your audio or anything at all, then, do let us know in the chat. So the person asking, is this the same webinar as yesterday? We did run an America's session of this yesterday. So if you joined yesterday, it is the same content. But, otherwise, welcome to everybody and, we'll get started in just a few moments. And to give you all a little inspiration from the session that we did for The Americas yesterday, people were telling us in the chat where they were joining from. So do feel free to do that throughout the session today. We'd love to know. And, many people also added in, what the weather's like, where they are. So if you're interested in, letting us know your current weather, if you're somewhere very high up in the North Of Scandinavia with some snow, or if you're somewhere much further south where it's a little bit warmer then, we'd love to hear that as well. Okay. So let's get started. Thanks everybody for joining. We're really really pleased to have you all here today to talk about Sophos firewall v22. I'm sure that, there's gonna be a lot of information for you here that you can take away, and, hopefully, you'll find it useful in your upcoming conversations. What we want to cover today is to show you how to take advantage of some of the new capabilities that we've added to Sophos firewall v 22 and how you can really add value for your customers and help them improve their protection. I'm joined by two of my colleagues today, Chris McCormack, who is also from the global product marketing. My name is Barbara Hudson. And Path Mystery is gonna be initially in the background answering your questions, so do please keep him busy. He's from our product management team, so there's nothing that he can't answer. And, what we'll do is we'll all come on stage at the end and, answer some of the questions live there as well. So do feel free to ask anything related to firewall throughout this session. The agenda for today's session is that we're initially gonna take a look at some of the current challenges that you and your customers are facing. Well, they'll take a deeper dive into Sophos Firewall v22 22 and, in particular, the secure by design features, but we'll also look at the features that are adding better value for your customers and also that improve the management and the day to day use of the product. I'll then talk a little bit about how this release improves your competitive positioning, and then we'll go into the q and a. If you have questions throughout the session, please add them to the q and a panel. The chat is just for all the other fun stuff. And, so we we'll be looking at the q and a panel at the end of this if you want us to answer your questions. So let's take a look at some of the challenges that I know that many of you and your customers are facing right now. On the one hand, there is the threat landscape, and I'm sure it hasn't escaped your attention that firewalls, network infrastructure, VPNs are under attack. And I hope that you haven't experienced that firsthand, but you've probably seen the news headlines. And there's been some pretty prominent vulnerabilities and breaches that have impacted, some of our competitors. We've seen a lot of vulnerabilities for Fortinet. We've seen the recent cloud backup breach for a sonic wall. And I think one of the things that generally happens is that your customers will be coming to you and asking, what does this mean for me? How secure am I? Now there are always times when attackers tend to target particular, vendors. And, you know, it's a few years back now, but in 2018, Sophos was subjected to a targeted attack. It was actually the cyber room infrastructure. And throughout that, what people are trying to do is really to look for vulnerabilities. If people have not upgraded their firewall, for example, they were looking for any weaknesses in the configuration, and that's that's really a big topic that can open up risk. But also anything else, you know, authentication, things like that that can really be, you know, the the door to opening it up. And a lot of those, threats that we've seen and a lot of the attacks that we've seen, they're coming from ransomware gangs. The Akira ransomware gang is particularly prevalent at the moment. And so that's one of the things that you know, to help your customers understand how secure is their firewall. And if they're using Sophos firewall, of course, we want to give you the best possible answer to that. The other thing, and particularly now towards the end of the year, is the economic climate. And, you know, you just need to turn on the news to hear how things are, and customer budgets are stretched to the limit. And I'm sure that, there's hardly any company that's not impacted in some way by this. If consumers are not spending money, it has a knock on effect for a lot of other industries as well. And so when we notice that people are starting to extend their firewall life cycles or maybe delaying an upgrade or thinking, you know, that firewall that was maybe due for a refresh now that's five years old or whatever, that maybe I'm gonna use it for another year. The problem is when people start pushing things out for products that are no longer supported or already end of life. And I think many of you, accompanied us through the x g to x g s refresh, for earlier this year. If you do have any remaining XG customers that had licenses that went beyond the end of life date, then make sure you're getting them upgraded because it's now long after the end of life date. I'm sure that they're pleased to be bugged by, emails about the end of life. And, we wanna make sure that we're getting people upgraded and people are not using things that are not supported because that just increases the risk. There are also people struggling with a lack of skilled staff, and that can take two different forms. On the one hand, it could be because of that economic climate that people don't necessarily have the budget to employ the staff that they need with the skills that they need because IT experts can be pretty expensive. But on the other hand, there's a lack of people around that have those skills. And so many many of us, and it's you know, it applies for softwares. I'm sure it applies for you and your customers. We're all trying to do more with less at the moment. Now that can be fine, you know, and and teams have a way of rallying together and managing to get everything done, but it can also lead to some tasks falling under the radar. And that can have a knock on effect and could impact security. So that's something that we wanna make sure doesn't happen. So what you really need, you and your customers need, is a firewall that is built to be secure by design, that offers them excellent value so that they know that the investment that they've made is really worthwhile. And, also, that easy's day to day management, that they know that, you know, maybe it's got some automation built in that's gonna just help with some of the things that you're not sitting there watching, and always have to let the firewall work for you sometimes rather than you always working for the firewall. And that's a really, really important point. And Sophos firewall v 22 is really all of those things and much more. And I hope as we go throughout this presentation, that you'll see some of the things that you can use to help you address those topics with your customers. I'll hand now to Chris, who's gonna take you through some of those features. Thanks, Barbara. Yeah. Let's have a look at what's new in version 22 for Sophos firewall. So there are three key themes to this release. Secure by design, as Barbara mentioned, or really hardening and strengthening the security of the firewall itself has been a key pillar of our strategy for a few years now. But with v 22, the team has really taken Secure by Design to a whole new level. There's new features to help ensure the firewall is configured optimally and securely, a new next gen architecture for added security and scalability, expanded monitoring of all customer firewalls by our security teams for signs they might be under attack, new anti malware engine that introduces AI detections, and secured updates using SSL encryption and certificate pinning to ensure the authenticity of those updates. Then networking and scalability has also been enhanced for all organizations, but particularly larger distributed networks such as at universities or education networks with enhanced monitoring and logging tools. And then as with every Sophos firewall release, the team focuses on your top feedback and continuously looks for ways to optimize day to day management. And you'll find great performance enhancements in the management console in this release, a new SNMP monitoring for the hardware, enhancements to authentication such as, multi factor authentication support on the web application firewall, and SHA two fifty six and five twelve bit support for one time passwords. So all of this adds up to tremendous added value for customers. There's literally something or many things for everyone in this great release. Now I, won't go through this list completely. This shows, all the new features in version 22. So please feel free to take a screen capture of this if you want to go through it on your own. We will do a deeper dive into some of these in a moment. But at a high level, there's a new firewall health check feature. That's probably the headline feature of this release. There's also a new next gen extreme architecture we'll talk a bit more about. And of course, many other secure by design enhancements I'll touch on in a bit as well. I mentioned network scale scalability that includes logging and API enhancements, as well as s flow monitoring. Then there are management experience or quality of life improvements, I like to call them, such as the improved UI performance, the hardware monitoring of the SNMP I mentioned, instant alerting of web policy violations, which is particularly helpful in education environments, particularly in The UK where this is a requirement, and then other enhancements to the management experience. So lots lots of great new features there. Now for customers that are going to be migrating from our legacy SG UTM platform to Sophos firewall, as the end of life approaches for SG UTM. They also have a few new features that will be able to make that migration easier to Sophos firewall. Things like MFA support for the web application firewall was a top request from them. SHA two fifty six and five twelve bit support for one time passwords was another top request, and audit trail logs to comply with the latest NIST requirements are also in version 22. Alright. So, hopefully, you agree there's a ton of added value there for every type of organization using Sophos firewall today. Let's talk more about secure by design, shall we? Which is all about making the heart the firewall more hardened and more secure in a tougher target. This has really developed since we were under attack ourselves by nation state hackers a few years ago. We've been investing heavily in Secure by Design, making Sophos firewall one of the toughest targets for any attacker possible. And a few things that we added previously that are worth revisiting include these three elements here. Now as we discussed, a common attack vector these days is hackers targeting unpatched vulnerabilities in network infrastructure, such as firewalls. And this problem is compounded by the fact that many devices out there are often unpatched or have unpatched vulnerabilities for an extended period of time due to a variety of factors. You know, it may take time to develop and test the patch, then integrate it into a firmware update, then publish that update, then the customer or you have to apply the update, which requires scheduling downtime and and reboot the device. Now all of this means that a device, especially from competitors, is vulnerable for a lot longer than it should be. And we've really narrowed the window on this by equipping all Sophos firewalls with an automated hotfix patch capability that allows us to push a critical security update to the firewall in real time as it's needed over the air without having to do a firmware update or schedule downtime. That's huge. This dramatically reduces the window in which a device may be vulnerable and removes a huge burden from the network admin at the same time. Next, we make sure backups are doubly protected if you like. And and this is worth being able to talk to, especially in light of the recent recent SonicWall incident. Yeah. We do the equivalent of putting your sensitive data in a vault in Sophos cloud and then locking the front door on top of that. It's particularly important because we know there's lots of sensitive data about your network in these backups, and we wanna make sure that they're secure. And then softness is also unique in that we take a vested interest in you and your customer security by actually monitoring the firewalls for any signs that they're being attacked. And that capability got a huge upgrade in version 22 as I'll mention in a moment. But no other vendor is offering this kind of monitoring capability for their customers' firewalls. And I think it's important to point out that we are not monitoring your traffic or data or the customer's traffic or data. We are simply looking for any signs that the device is being attacked or tampered with by unauthorized malware or agents on the device. So think of it like the check engine light on a vehicle. We are monitoring for that check engine light. We're not looking at where the driver is going or what they're doing or or whatever. We are just interested in the health of the car itself, and that's exactly what we're doing with the firewall monitoring. So what's new is that we have enhanced that monitoring, as I mentioned, by adding a Sophos Linux XDR sensor onto the firewall to enable us to receive better real time telemetry and detections of things like file tampering or someone, you know, starting up a, a new, partition or doing anything like that that's affecting the device's operation. If a customer's device is being attacked or compromised, we will know about it and be able to start talking to you and the customer immediately to help remediate it. Again, nobody else is doing this. It's almost like a free added service from our security team. Then we've also deeply hardened the platform, starting with the new hardened kernel and building our next gen extreme architecture on top of that with a brand new control plane to isolate and containerize processes in the firewall. While also expanding the capabilities and the architecture for future enhancements. I'll get into a bit more of what that means in a moment. And then one of the great new features in Sophos firewall v 22 is the new health check capability that is continuously analyzing dozens of configuration settings throughout the firewall and immediately identifying anything that may be high risk or misconfigured, allowing you and customers to quickly and easily address it. So I mentioned the, the new next gen extreme architecture. It's a key component of our firewall and has been since version 18, which we introduced at that time to enable XGS series appliances to take full advantage of the added processing capabilities that they included. Now since then, our extreme architecture has been constantly scaling, evolving, and adapting to bring additional performance to customer networks. And this is all thanks largely to the programmable nature of Sophos Firewall's extreme architecture that is not dependent on custom silicon ASICs. And in fact, works equally well on general purpose CPUs or virtual CPUs, as well as, of course, our XGS series models that some of them have dedicated flow processors. As I mentioned, Sophos firewall version 22 introduces the next generation of this extreme architecture. It has an all new control plane, which has been rearchitected for maximum scalability and security that really takes us into the future. This new control plane enables modularization, isolation, and containerization of services. So, you know, capabilities like IPS now run like an app on the firewall platform and enables us to add future sort of containerized services to the firewall easily in the future. It also enables complete separation of privileges for added security, and it will enable us to introduce new ultra scalable features in future releases, such as end node, high availability clusters, or higher performance group management and automation tools, and a full restful API. So lots to look forward to down the road. The net result though is an ultra scalable, secure, streamlined architecture really built for the future. Now, this is a bit of a rhetorical question, but how much insights do your customers have into potential weak spots on their firewall? Well, of course, the answer is never enough. And as we discussed earlier, you know, attackers are exploiting any weakness that they can find in network infrastructure, including misconfigured firewalls. So a strong security posture depends on ensuring the firewall is optimally configured. But we know that with everyone trying to do more with less, this is often an area that gets neglected and maybe a a risk. But software's firewall version 22 aims to change all of that with a significant and new feature. Let's have a look at that. So v 22 makes it much easier to evaluate and address any misconfiguration of the firewall with this new health check feature. What it is doing is it's evaluating dozens of different configuration settings across all areas of the firewall and compares them with CIS industry benchmarks and other best practices. And it provides immediate insights into areas that may be at risk. It makes it super easy by highlighting all high risk settings and providing recommendations with quick easy drill down to the areas of concern so you can easily address them. As you can see, there's a new widget that's right on the control center, which summarizes the results of the latest analysis. And you can then click on that to drill down to the full report you see lower on the slide. And then from there, you can, actually drill down to the particular feature or area of configuration as necessary to remediate it. Now you might be wondering, who is CIS? So they are the center for Internet security. They're a nonprofit community of IT professionals really dedicated to evolving standards and best practices for securing IT systems and data like firewalls. So you can get more insights into our partnership by visiting that the Sophos page on the CIS benchmarks website. You can also download the benchmark PDF from their web site for deeper insights into why these configuration changes are considered a best practice. So this is a fabulous new capability that's gonna make, the firewall much more secure. It is initially only on box or on device. It will be coming to Sophos Central in a future release. Okay. So how does Secure by Design really help you? The new health check feature is great. It enables you to uncover security gaps and demonstrate added value to your customers. It also provides a great opportunity for you as your customer security adviser to either help ensure their firewall is optimally secure, or if you're managing it for them, ensure you haven't overlooked anything yourself. You could even use this new capability as a reason to get in touch with your customers and review their security posture together. You could even use it as the basis for some kind of security optimization professional services offering. Right? It also helps you to strengthen your competitive positioning at a time where this kind of capability is is gonna be scrutinized and is is being looked at by more and more buyers. You know, secure by design is becoming critically important in network infrastructure as as it's in the headlines all the time. So while secure by design elements sometimes are architectural or back end in nature and not really visible, this secure, or this new health check feature is a perfect example of a highly visible tool that really enables you to showcase your commitment and our commitment to secure by design. And it's it's just one of those great, easy to use, highly visible tools that shows that we are committed to secure by design. But enough about secure by design, let's have a look at some capabilities that enhance the overall value and the management experience. So as we discussed, Sophos continues to add new features in every firewall release, but we always tend to focus on trying to make the product easier to use and increasing the value to customers. You know, they've spent a lot of money on their firewall. We wanna make sure that they're getting maximum value for that. And so we previously added tons of new features and releases such as DNS protection, NDR, active threat response for a variety of threat feeds. And we add all these features and capabilities without charging extra for them. And b 22, of course, continues that trend, adding great additional features at no extra cost such as the health check and the other security hardening measures we looked at. And now, you and your customers can do a lot of additional monitoring with s flow, for example, on interfaces or SNMP monitoring of the hardware. Education institutions can enjoy that new instant alerting on web policy violations. And again, all of this is coming in a firmware update that doesn't require upgrading the hardware or the firewall itself. So this release, like most, really allows you to demonstrate clearly how much added value customers are getting for their investment. And there's plenty of direct and indirect benefits for you as well. Of course, you can use SNMP monitoring to identify potential hardware issues on your firewall customer install base. You can help improve customer compliance with the audit trail logs and real time web alerts and health check feature, of course. You can assure customers that their investment is secure with the foundation we've laid for future enhancements with the new architecture, and that they'll continue to see significant added value in ROI going forward. You can demonstrate the tangible improvements such as the faster user interface and, the improved visibility they're getting into various areas of the system. And if you're an MSP, you could take advantage of the enhanced API controls in version 22 that provides stronger API governance and multi tenant management capabilities. So lots of benefits for you as well. And it also really helps strengthen your, competitive position. So when you're having a discussion with new prospects or new potential new customers, you're gonna win more business. And for that, I'm gonna turn it over to Barbara who's gonna walk us through it. Thank you, Chris. And, there was really a lot to take in there. I think there's some really great features and particularly the secure by design features. I think they're giving our partners a a great story to tell. So let's take a look at how this release strengthens your competitive position. We wanna make sure that you've got something to address every different sales scenario. And I'll start with those prospects, those potential new customers that you may be talking to. Now, of course, we wanna make sure that you've got something to talk them about. Why should they choose Sophos over choosing another vendor? And I think a lot of the secured by design features are a really good reason to do that right now, particularly when you consider, you know, some of the other topics that we were discussing related to the threat landscape and some of the vulnerabilities. It's a great opportunity as well to if you've got a prospect and they're considering more than one vendor, to really compare and contrast. Ask that prospect, you know, how is your vendor addressing the secure by design goals? Because whereas most vendors have actually signed that pledge that they're gonna achieve those secure by design goals, a lot of them have not actually made transparent what they're actually doing. So, you know, if you're not telling people what you're doing, and that's one of the things that we want to do is be really transparent about that. Now, of course, it wouldn't be me if I wasn't gonna tell you about the fact that, of course, we have a competitive trading promo that you can use. And where people will can get a 50% discount on both XGS hardware and extreme protection. Now if it's a new firewall Sophos firewall customer, you can get that discount. If it's a brand new Sophos customer, there is an additional promo code that you can use in combination with this one that would give them one year of Sophos endpoint for free for 25 user licenses and three server licenses. And the reason we're doing that is really to make sure that you've got the opportunity to not only sell somebody a firewall, but to, make it to lay the foundation for future cross sell and upsell as well. Because if you want to get somebody using Sophos endpoint and they see the value of synchronized security, for example, they may want to extend that into other areas of their business. Or they may say, I want to then move to XDR or MDR. So there's a lot more potential in there, and we're really trying to ensure that we give you those opportunities. A promo is not just about giving something away for a cheaper price. It's it's laying that foundation. So think of it as safe budget for your customers, but maybe you can position something else as well. When it comes to your existing customers, as Chris was mentioning, really being able to demonstrate the added value that we're giving them, making sure that you're going back to them. Not every customer uses all of the functionality on their firewall, and the health check may be a way that actually uncovers some of that. It might have the reference to, you know, this needs to be turned on, and that could be an a way to discuss that with the customer and see if that's something that they could potentially use to increase their security posture. So that's certainly one of the areas. It gives you a reason to call your existing customers as well. And I think, you know, every time when you're looking for another reason to call your customer without just, hey. How are you doing? I wanted to check-in, but you've got a really good reason to call them here. So encourage your customers to upgrade, let them know what's new, and make sure that we're we're really pushing this so that we can give them the value that we have from this release and all the ones that went before that as well. And, of course, there are those customers that I mentioned a little bit earlier that are maybe going to have to upgrade their firewall. So whether that's an x g customer who's still stuck on v 20 because they couldn't upgrade to v 21, and they certainly can't upgrade to v 22. So there's another good reason, another thing to get them off their x g, if they're still supported. If they're not supported, they definitely need to be offered. And there's also our Sophos UTM customer base. Now I know in this region, for many of you, that's very near and dear to your heart, and we wanna make sure that we're giving those customers the best possible transition path. Sophos firewall offers some great features, and we've really listened to those customers. And, you know, every different release, we're adding more and more of the top requested features from Sophos UTM customers, and this release is no exception. So make sure that you're telling them about the fact that we're not just saying, you know, this is Sophos as well, so you can move to Sophos firewall. We're giving them a functionally technical reason to move to Sophos Firewall with the architecture that we've got. You know, a Sophos UTM customer today can only dream of these releases and all these new features that we keep bringing because they haven't had much for a long time. So it's really time for people to move on. Of course, we have our great promo, and I would really encourage you to take a look on the partner portal where we have the details, the promo flyers. Our all in one promo is, again, one that not only includes that 50% discount on XGS plus the extreme protection subscription, it also has an extra 10% margin built in. I've got partner discount. Sorry. Built in that you can either choose to pass on to your customer or you can use it yourself. So there's more earnings potential for you. And, of course, again, we've built in those those upsell and cross sell opportunities. People get three years of web server protection absolutely free as part of this promo. They can get 60% discount on central email advance. So, again, we're laying that foundation for you to not only sell a firewall, but bring especially those software UTM customers that may not have any software central products today to bring them really into that ecosystem and let them get the full value of what they've got there. We just recently improved that promo a little bit more as if there wasn't already enough, by offering an up to six month license overlap for people's SG subscriptions or software's UTM subscriptions at no extra cost. So you can go to your customer and say, save yourself the price of a final renewal, final renewal date, December 31, don't forget, and, save yourselves that cost. And if you've got the budget available now to do that refresh, you can get that extra term anyway. So that's a really, really great incentive for those customers to upgrade. So before we move on to the questions, I just wanna summarize what we've been through now. Sophos firewall is an extremely strong release. It's got the compelling new features. It's got the enhancements to existing functionality, things like NDR essentials, active threat response that we continue to develop. And we've got that foundation to take that firewall into the future that you can really assure your customers that this is a good investment to make. We've got the secure by design things that can help you increase customer confidence and demonstrate that we're making a firewall that's secure for them. And the health check, of course, as we've talked about at length, is a really great opportunity to potentially create generate additional revenue, but at least have a checkpoint for what you're doing. So make sure that you're getting your customers to upgrade. We are absolutely committed to providing a firewall that addresses those challenges that I mentioned at the beginning. You know, make sure it's hardened against attack, make sure that it offers great value for your customers, and make sure that it provides easier day to day management. I've seen we've had a lot of questions. There are a lot of you did put things in the chat, and, I know we're all speculating at the moment about what the weather's like in Athens and why we'd be annoyed if we hear that. I I believe it's probably quite warm. So we're gonna go into the questions, and I'll get, Parth and Chris to come on stage and just to highlight some of the most important questions that have come through that we want to share with everybody here. Thanks, Barbara. Pretty interesting v 22, and there are lots of questions so that in chat, we are discussing that folks have already completed delta trainings and things like that. So I think it's a great interest out there. So some of the questions, I'll take on some capabilities in v 22, like SHA two fifty six, five one two. Can it be used for even hardware OTP tokens? So answer is yes. Now that we have integrated it, it's available for all. FIPS one forty dash three certification. So last three major release are all, FIPS certified twenty twenty one twenty one dot five, and we'll soon begin the certification for '22 as well. So we expect, like, mid next year for it to complete. Few questions around some of the future capabilities like v dom or virtual routers. So one thing that we were talking about v '22, that it introduced new extreme architecture, and that with the new control plane, equip our team to develop more scalable, newer feature like REST APIs, VDOM, virtual routers, and node cluster. So we will continue developing those features, like immediate next release v 23. We are bringing REST APIs for all the firewall APIs, and we'll keep building on VDOM that fundamental conceptualization and development has already started. So that that's the path where this new control panel architecture will help us there. Few questions, like, even before I deploy XGS, can I upgrade that onto v 22? So I think that's pretty common practice across, our channel distributor and partners. They can have a USB with ISO ready. And even without connecting any keyboard or monitor or console to the firewall, they can just plug the USB, turn it on, and the LED or the, the port LED or LCD will tell the upgrade status, and that's how you can reimage the firewall on the very new version even before opening or deploying. So those are some of the things there. One great question on the hotfix side of things that whether they really need to take any manual action, enable that, or it's by default enabled. So hotfix on all the firewalls are by default enabled, and there is no UI control to turn it off because it's not recommended. But if you must turn it off, then there is a CLI for that that you really need to go into SSH and turn it off. I think some other things, to highlight as a question there, more of approach questions that how exactly, we can some examples of the secure by design activity that as a sofasor as a vendor you can protect. So here, I can give some technical examples. So based on certain experience and certain security incidences that we have observed, in the industry, there are two very common things that we have noticed. So one, whenever there is any security incidents, exploit, or zero day vulnerability, the attacker, if they get in using one of those exploits, they will either put PG dump command to exfiltrate data from your network. And as soon as the p g dump command is invoked on firewall running v 22, there is a real time alarm that, goes off on our security team dashboard. That's so and so firewall globally. So many firewalls we have seen such thing. So it's a real time telemetry where our security team can analyze if there is any internal SFOS. Some commands are being run. The second such example is whenever such thing happens, a ticker really wants to put some exploit or some workload on the firewall, which would run and do some malicious activity or do lateral movement. So whenever for that to happen, they need to mount some partition into exact kind of permission. So whenever mount exec command is invoked, that's where, again, the real time telemetry will flag that, malicious action to our security dashboard, and we can take some action. So those are some of the advantages. In twenty one dot five, under secure by design, we had file integrity verification. So internal to Sophos firewall file system, if there are any changes into the structure or MD five or changes of the file of the internal system, even that flags the telemetry, to our dashboard, and we'll be able to protect that. So we will work with our support account team through partners and customers and make sure that any such exploits, zero day, or security incidents can be protected, and then use our hotfix mechanism to really stop that from happening globally to all other firewalls. So I think that is the proactiveness and the benefit of, secure by design that we are seeing now. Alright. I'm just looking at some of the new questions. There was one question, Pat, where somebody was asking about benefits for SG customers that might be switching over to MSP. And with the exception of France, there is actually an MSP promo that's available that offers a 70% discount on the hardware that you can use to transition SG customers, across to XGS. So there is that, discount that is available. But I'd suggest speaking to your local account team, and and they can certainly help you so you know which offers are available in your region. Awesome. Okay. I think we have covered most of the questions that we wanted to discuss out. Yeah. I mean, obviously, there's, you know, there's lots and lots of questions that came in, and, you know, it's been really great that everybody's asking so many questions. We'll make sure that we put the answers together for anything that we didn't get around to, Share that with the team so that they can share that with you. And, I think on that note, let's let's make sure that we give everybody back their time, finish on time. Thank you so much to all of you that have joined us today. Thanks to Chris and Path for joining me on this session. I think you'll all agree that v 22 is a great release. And, with what we've managed to do with Secure by Design, this is a release that, you know, it's a really finishing high for us, and we hope that it'll help you as you close out the quarter. And I hope you, keep your keep your partner status. Don't forget your, your deadlines for that that are coming up, next year. But, thanks, everybody, and we'd love to hear from you any feedback you've got on v '22. Please do reach out to us. You will get, a link after this session where you'll have access to the recording. If you've got any colleagues that wanted to join, they can also register and still watch it on demand. So thanks for that, and thank you for everybody. And I say enjoy the rest of your day. Thank you. Thank you. Not allowing me to leave the stage, I guess.