Name: Announcing Sophos Firewall v22
Uploaded: 2025-12-09T05:45:03.690Z
Duration: 40 min 8 s
Description: Announcing Sophos Firewall v22

Transcript for "Announcing Sophos Firewall v22": Hi, everybody. Thank you for joining today's Sophos Academy session on Sophos Firewall v 22, how to take advantage of all the new capabilities and enhance your customers' protection. Today, we've got Chris McCormack, presenting for you all, and we've got Parth Mistry here supporting to answer all of your questions. So throughout the session, if you do have any questions, please feel free to pop them in the q and a panel to the right hand side of your screen, and we'll be going through all of those questions at the end. Also, as a reminder, this session is being recorded, and a copy of the recording will be sent out to everybody post session. But without further ado, I will pass it on over to Chris. Thanks, Charnell, and, welcome, everybody. This is a session we're gonna talk about Sophos firewall version 22 and how to take advantage of all the new capabilities to enhance your customer's protection. Now my name, as Chardonnay mentioned, is Chris McCormick, and I work on the product team at Sophos along with Parth, who's also here answering questions today. And with me or usually with me is Barbara Hudson, but she couldn't make it, as it's in the middle of the night for her time zone. So, but she is responsible for having developed a lot of the content you're gonna see here today. Now today, we're gonna cover some of the top challenges that you and your customers are facing with network security, which will help us to frame the new capabilities that we've put into Sophos Firewall version 22 in a very relevant way. Change around secure by design here at Sophos. More recently, it's been Fortinet and SonicWall that's been in the news. But, of course, your customers rely on you to keep them secure and safe. So in light of all this recent news about firewalls being exploited, they might be asking you, you know, are we safe? And, of course, you want to be able to answer that positively. And today, we're gonna share some important aspects about Sophos firewall and the new features in b 22 that will help you answer that question definitively and in detail. Of course, the economic climate has also been changing for the worst lately. Customer budgets are stretched to the limit, which means that firewall life cycles are being extended perhaps well beyond what they normally would be, and upgrades might be being deferred or delayed. And everyone is really trying to extract the maximum life and value from their investment. So today, you're gonna see a number of ways in which we continue to enable you to deliver tremendous value to your customers with this release. And then every organization is also struggling to try and do more with less. And that often means that some important security tasks may fall under the radar simply just due to a lack of time or staff. We recognize that, and we want to make it easier for you and your customers to make sure security isn't compromised even during these challenging times, particularly with the first point above regarding firewalls coming under increased attack. So what you and your customers really need these days is secure by design and able to be able to adapt quickly to a changing threat landscape that offers excellent value and continues to actually increase in value and improve the product over time. And you need a firewall that makes your customers day to day management and your deployment to management experience easier. So you're all spending less time managing network security and feeling confident that the network is secure. And so as you'll see, Sophos firewall version 22 is really gonna deliver all of these things and more. And it's gonna be released later today in Asian, Pacific time. It's nighttime here where I'm at in Vancouver, Canada. But, tomorrow my time or later today your time, version 22 will be available for those of you that want to deploy it. So let's have a look at what's included in Sophos firewall version 22. There are key themes to this release. In fact, there are three key themes to this release. Secure by design or hardening and strengthening the security of the firewall itself has been a key a key pillar of our product strategy for a few years now. But with version 22, the team has really taken Secure by Design to a whole new level. There's new features to help ensure the firewall is configured optimally and securely, a new next gen architecture for added security and scalability, expanded monitoring of all firewalls out there by our security teams for signs that they may be under an attack. There's a new man anti malware engine that introduces AI detections, and then secure updates using SSL encryption and certificate pinning to ensure authenticity. So a a real great list of secure by design enhancements. Now network and scalability has also been enhanced for all organizations of every size, but particularly larger distributed networks, maybe universities, education, government networks will really enjoy the enhanced monitoring and logging. And that's with every software spiral, Elise. The team focuses on your top feedback and continuously looks for ways to optimize day to day management and improve your quality of life. And so you'll find great performance enhancements in the management console, new SNMP monitoring for hardware, enhancements to authentication such as multifactor authentication support on the web application firewall, SHA two fifty six and five twelve bit support for one time passwords, and really more. There's all this adds up though to what is just amazing release full of added value for customers. There's really something or many things for everyone in this release. So let's dig into in a bit more detail. Every Sophos firewall release includes a ton of great new features, and this release is no exception. I'm not gonna go through all of this in detail. We're gonna hit on some of the highlights here in detail, though. But, of course, you can screen cap this and go through it on your own at any time. But this really captures all of the great enhancements in Sophos firewall version 22. As I mentioned, we'll do a deeper dive into some of these in a moment. But at a high level, you can see there's a ton of great secure by design capabilities with the firewall health check, a new next gen extreme architecture, many secure by design enhancements. I mentioned network scalability, and that includes logging and API enhancements as well as s flow monitoring. Then I talked about management experience or quality of life enhancements. I mentioned, such as UI in, in performance improvements. So the UI is a lot more responsive. There's hardware monitoring now via SNMP, instant learning of web policy violations, which may be particularly helpful in education environments or where compliance with the web policies is very important. There's just tons of great new stuff in this release. And even customers that are still on our legacy SG UTM platform and migrating to softwares firewall as the end of life approaches, they have a few features to look forward to that they've been asking for that will make the transition for them even easier. So hopefully, you agree, there's a ton of added value and great new features. Let's have a look at a few more of these in more detail. So Secure by Design, as I mentioned, is a key pillar of this release. It's all about making the product itself more secure, hardened, a tougher target for attackers. And since we came under attack by nation state hackers a few years ago, we've invested heavily in Secure by Design, really making Sophos firewall the toughest target for attackers possible and one of the most secure firewalls on the market. A few things that we've added previously are listed here, and it's worth just mentioning to remind you that we have these great features. A common attack vector these days is hackers tar targeting unpatched vulnerabilities in network infrastructure like firewalls. This problem is compounded by the fact that many devices out there have unpatched vulnerabilities for extended periods of time because people don't get around to patching. And that's why we have taken time to develop and test patches and integrate them into firmware, but we also offer, automatic patching solution that enables the customer to receive patches for their firewall that are important security updates without having to schedule network downtime, do a firmware update, and reboot the device. None of that is required. If we find a new vulnerability, we could push a patch out over the air to address it without the admin having to do anything. Now we've, we've also made sure the backups are secure. You may have heard of, SonicWall has been in the news recently because their firewall backups in the cloud were compromised. So we make sure backups are double protected. They have the equivalent of putting your sensitive data in a vault and then locking the door to the vault on top of the door to the building. It's really we make sure that the backups and the data contained in those is super secure, encrypted, and stored in a safe repository in Sophos cloud. Now Sophos is all you also unique in that we take a vested interest in your and your customer's security. And we actually monitor our firewalls for any signs they're being attacked. And that capability just got a huge update with v '22. I'll talk about that a bit more in a moment. But no other vendor is offering this kind of monitoring capability for their customers' firewalls. And some may may be concerned that, you know, software spying on what's going on on my firewall. No. Not at all. What we are only looking at is whether the firewall has been tampered with by some malicious actor or some malware. We're not looking at what traffic is going through the firewall or what anything is is going on on the firewall. Think of it like your check engine light on your car. We are the looking for the check engine light. We're not concerned about where you're going or what you're doing with your car. So what have we done with version 22? Well, we've really enhanced Secure by Design, as I said, taken it to another level. We've implemented a Sophos Linux XDR sensor on the firewall that enables us to monitor that check engine light or receive better real time telemetry and detections of things that may be happening on the firewall like file tampering. So if a customer's device is being attacked or compromised, we will know about it and be able to respond and help you and the customer remediate it quickly. Now we've also deeply hardened the platform, starting with a new hardened kernel and building our next gen extreme architecture on top of that with a brand new control plane to isolate and containerize processes in the firewall while also expanding the capabilities of the architecture for future enhancements. And we'll talk a bit more about what that means in a moment. And one of the great new features in Sophos Firewall version 22 is the new health check capability that continuously and automatically analyzes dozens of configuration settings in the firewall and immediately identifies anything that may be high risk or misconfigured, allowing you and your customers to quickly and easily address it and reduce your risk. Now I mentioned we have a new ex NextGen Extreme architecture. We initially launched the Extreme architecture, you may recall, as part of version 18 a few years ago, enabling our XGS series appliances to take full advantage of the added processing power and capabilities that it provided. Since then, that Extreme Architecture has been constantly scaling and adapting to bring additional performance to your customers' networks. This is all thanks to the programmable the programmable nature of the Sophos Firewall's extreme architecture that is not dependent on custom silicon or ASICs like some of our competitors use. And in fact, it works equally well on general purpose CPUs or virtual CPUs and, of course, our XGS series models that have dedicated full processors. Now as I mentioned, version 22 introduces our next gen extreme architecture, which has an all new control plane rearchitected for maximum security and scalability to really take us into the future. The new control plane enables modularization and isolation and containerization of services like, say, IPS. It can now run as an app isolated on the firewall platform, enabling us to add more additional modules easily down the road. It also enables complete separation of privileges and added security. It will enable us to introduce new ultra scalable features in future releases such as, you know, end node, high availability clusters, high performance group management and automation features, and a full restful API. So you can look forward to some of that in future releases. But the net result is an ultra secure, scalable, and streamlined architecture built for the future. Now this is a bit of a rhetorical question, but how much insight do your customers have into potential weak spots on their firewall? If something's not configured correctly, do they know? Probably not, and they probably don't have enough insights. And we discussed earlier that attacks are exploiting any weakness they can find in network infrastructure including misconfigured firewalls. So a strong security posture really depends on ensuring the firewall is optimally configured. But we know that with everything and everyone trying to do more and do with do more with less, this is an area that is getting compromised and may be at risk. But Sophos firewall version 22 is gonna change all that in a significant way. It makes it much easier, in fact, it's automated, to evaluate and address any misconfiguration that might be in the firewall. And that's thanks to this new health check feature, which automatically evaluates dozens of different configuration settings across all areas of the firewall and compares them with CIS benchmarks and other best practices, providing immediate insights to areas that may be at risk. And it makes this super easy. It highlights all high risk settings and provides recommendations with quick drill down to areas of concern so you can easily address them. And as you can see, there's a new widget right on the control center which summarizes the results of the latest analysis. You can then use that to drill into the full report as you see here. And you might be wondering, who is CIS or the Center for Internet Security? They are a nonprofit community of IT professionals that is dedicated to evolving standards and best practices for securing IT systems and data. You can get more insights into our partnership by visiting the Sophos page on the CIS benchmarks website. You can also download the benchmark PDF for their from their website for Sophosparallel and get deeper insights into why these particular configuration changes are considered a best practice. And note that this health check feature is currently only available on the web admin console on the device. We will be bringing it to SOFA Central in a future release. But it's a fabulous new feature that's, really opens up a lot of opportunity for you. For example, this new health check feature really enables you to help uncover security gaps or demonstrate added value to your customers. It provides a great opportunity for you as your customer security advisor to either help ensure their firewall is optimally secure, or if you're managing it for them, ensure you haven't overlooked anything important. You could even use this new capability as a reason to get in touch with your customers and review their security posture together. And you could even use this as the basic basis for some security optimization, professional services offering. It also helps you strengthen your competitive positioning in a time where secure by design is really critically important as firewalls, as we talked about, are under attack everywhere. So while many secure by design elements are sort of architectural or back end or maybe not visible, this is a perfect example of a highly visible tool that really enables you to showcase your and and your commitment to secure by design and today's threat landscape. Okay. So we've looked at secure by design in detail. Let's look at some capabilities that enhance the value of the firewall and your management capabilities. Now we discussed Sophos continues to add features in every release, constantly increasing the value that customers are getting out of their investment and improving their day to day management routines. For example, we previously added features like DNS protection, NDR, active threat response for a variety of threat feeds. And we did this all at no extra cost. And v '22 continues this trend of adding great additional features at no extra cost, such as the health check feature we just looked at or the other secure by design capabilities. And now you and customers can do a lot deeper monitoring with s flow monitoring or SNMP hardware monitoring. Education institutions can get, take advantage of the new instant alerting for web policy violations. And everyone gets to do this without having to upgrade their firewall, I mean, their hardware. So this release, like most, really allows you to demonstrate clearly how much added value customers are getting from their initial investment. And there's plenty of direct and in indirect benefits for you as well. Of course, you can use the new SNMP monitoring to identify potential issues with any firewall across your customer base. You can help improve customer compliance with the enhanced audit trail logs and real time web alerts or health check feature. You can assure customers that their investment is secure with the foundation we've laid for future investments, and they'll continue to see significant added value in ROI going forward. You can demonstrate the tangible improvements such as the faster user interface and improved visibility that they'll see in some reports and on logs. And if you're an MSP, you can take advantage of the enhanced API controls for stronger API governance and access controls and multitenant management. So with the wealth of features and security improvements in v '22, we're really giving you the competitive edge in existing and new customer conversations. We're really doing something for every firewall sales scenario. So if you look for potential new customers, you can position the many new features that we talked about, that we include that other firewall vendors either don't have or charge extra for. And to highlight how we continue to add value and performance improvements throughout the life cycle of the product, Our transparent approach to secure by design is a chance to compare and contrast with other vendors. You know, ask your prospects, you know, is their vendor progressing in meeting their own secured by design goals? What have they done lately? You know, our competitive takeout promo is also very lucrative for you. It not only offers 50% discount on hardware and the extreme protection license bundle for new Sophos customers, it also provides an optional one year of Sophos endpoint absolutely free for up to 25 users and three servers. That's a a tremendous value, and it paves the way for future expansion and additional cross sell and upsell opportunities. For example, to Sophos MDR for or XDR even. And then for your existing customers, this re release really allows you to demonstrate the added value, the added insights they get, functionality, performance improvements in their UI, and gives you the chance to shine as a trusted adviser on the security elements, encouraging best practices, helping them achieve that, addressing any concerns they have about being exploited, and, really enabling you to do reach out to your customer base and and do an assessment with them and and keep in touch. Now sometimes customers are not reaping the full benefits of the product that they've already bought, and so showing them how to unlock further value without having to spend more money is a great way, for you to win with your existing customer base and position the strengths of this release as well as the ones that came before. And last but not least, if you have customers who need to upgrade because their current firewall is already end of life or soon will be, Maybe, they're running our legacy SGTM platform. Of course, v 22 adds more of their top requested features, but also many things they don't have today. This allows you to confidently position Sophos firewall with a clear functional reason to migrate, and, really, it's a no brainer to modernize their network protection with stronger authentication, a future proof architecture. And, of course, there's great promotions to be had there as well. They can get 50%, off their XGS hardware and extreme protection as if they were a new customer. And there's an additional 10% extra discount for you. And our all in one SG migration promo has multiple discounts for your customers offering 60% discount on three years of central email advanced or one year of softwares endpoint for a limited number of licenses, and three years of free web server protection. We also recently announced an additional bonus with up to six months of extra term for our legacy SG UTM subscription licenses with a license overlap, which saves your customers the price of a renewal if they migrate. So there are many great reasons to upgrade. So before we wrap up, as you've seen, firewall version 22 is one of our strongest releases yet with compelling new features, enhancements to existing functionality, and laying the foundation to take our firewall into the future. Be sure to use Secure by Design to build customer confidence, take advantage of the new health check feature to improve customer security, and potentially generate additional revenue as a professional services offering if you want. Make sure you let your customers know what's new in Sophos Firewall version 22. We'll be announcing this on the, Sophos Firewall community and our various blogs tomorrow, including partner news. So, be sure to share the news. Encourage them to upgrade at their earliest convenience. And if you're managing them, make sure you get them upgraded as soon as you can. And I hope you agree. With Sophos, we're committed to providing a firewall that offers great value, is hardened against attacks, and provides easier day to day management than any other firewall out there. Alright. With that, we're, I'm gonna ask Parth to come on stage and share some of the questions that have come up Awesome. during the Hi, Parth. Yeah. Hi, Yeah. everyone. Thanks, Chris. Very interesting and awesome great new feature release. Second in 2025, so very excited about that. I think there are multiple questions, so great interest there. I'll talk through some of the great ones. So first one is what should we tell our customers who ask about the risk of vulnerabilities being exploited? I think very good question. It must be on the minds of everyone. Right? See, as as a product or as a industry that we are into, we cannot shut down the risk of vulnerabilities being exploited. But the great part is your customer is asking you as a partner, as, like, the trustworthiness that they have in you, the very first thing that you can really guide them is selecting the right product. And some of the things that Chris talked about under secure by design, right, where from out of the bugs, the waste of force firewall is designed to be secure. We don't encourage I mean, that is built into the product not to open web admin console or HTTPS out on the Internet in the wild, and we give free central management licenses for any paid license that you have. You can have those access right from the Sophos Central. While many of our competitors have started taking away some of the functionalities like SSL VPN remote access, with the fourth firewall in v twenty, we launched a pretty new most secure VPN portal so that your customer can still continue using SSL VPN even with all the threats and vulnerabilities going out in the wild. So I think very first thing is select the right product, which the product that is investing into such security principles at the very core. And we 22, Chris covered many things like new kernel and then the new control plane architecture, so that journey continues as we keep adding more. And the product is there with you, your customers, but a lot goes into how you configure that. So configure the product according to the best practices is, I would say, as the second thing whenever customer is in doubt or is consulting you for that. And with v 22, this new health check feature actually gives easy one screen check for all the important firewall configurations and guide you to configure it according to CIS benchmark best practices. And I think, finally, the uniqueness about let the vendor, like Sophos, handle all other nuances with security and vulnerability thing. For example, we talked about the hotfix where most competitors, when their security advisory go live, they say it is fixed in so and so version, and you are recommended to upgrade to that version. If you would have been noticing Sophos firewall security advisory, it always says that the vulnerability is fixed in your deployed instance, and you don't need to take any manual action. So that is the power of hotfix as a very from beginning, like, in 2015, we had that built into the architecture to make sure when the exploit goes out in the wild, you stay protected without any manual intervention there. And then some of the new age things like integrating Linux runtime, within the firewall, which acts as a EDR or XDR for the firewall itself. So so those are some of the great proactive monitoring thing that we offer. So, yeah, I think that that that is something as a consulting to your customers when you really have to suggest good product, best practices, configurations, and then let vendor take care of other things which keep coming out. So I I would answer it that way. The other one, I think that that's the easy one. It's when is this release going out as a general availability? So I think it's today, in around three to four hours, we are launching this v 22. It's been out as early access for more than a month now. We already have around thousand early adopters, our community participants using this, and have gave us very good feedback. We uncovered certain low hanging issues that we have already fixed for the release that is going out. So, very excited for this. It's almost, well deployed, well installed for more than thousand firewalls globally already in the early access. The other one is what are some examples of types of activity that you are secure by design and monitoring can detect? Again, a pretty, technical and interesting question there. So if I take some example and this went after we analyze certain security incidents that we or as a industry we had to face. So for example, whenever there is a zero day or exploit to your firewall or your customer's firewall, It's when the attacker tries to run PG dump command in the back end when first it gets into it using some zero day or some vulnerability and try to exfiltrate data from the network. And that TG dump command, whenever it is executed, within the firewall back end or SSH, that's where the firewall raises real time alarm to our security team monitoring around 600,000 deployments globally, 24 cross seven. The other example I would take so, yeah, many many exploit or many attackers really want to put some workload that runs on the firewall. And for that, they will mount certain partition within the firewall as a execution permission. So whenever mount exec command is run, that's where the firewall in real time generates the alarm to the security team that is monitoring this deployment. So I think those are pretty useful things, plus around six months back when we had 21 dot five as a release. And the secure by design is not one feature. Right? It's a series of capabilities that we keep adding. We had file integrity monitoring. So whenever in certain system file within the OS, this has nothing to do with the customer traffic or the customer network, but within the firewall, if it detects certain modification in the system file, the file integrity verification capability will again raise the alarm. So those are some of the remote proactive monitoring things, and that is how we keep detecting certain compromises. And then there are some advanced telemetry analysis. For example, day in, day out, you might be already reading a lot of brute force attack or some password guessing attacks happening. Not only do Sophos firewall, but you pick any vendor like Palo Alto, Fortinet, SonicWall, even Cisco, any VPN concentrator. So lots of, like, millions of IPs out there trying to brute force. So as a Sophos, because of this proactive monitoring, we could understand that there is a bad reputation IP trying to, get into the firewall using this brute force. And if there is any successful attempt, that is where our proactive monitoring, that is our security team, will reach out to customer or partner using Sophos support. And there were around 35, 38 instances where we kind of talked to customer and prevented such compromises using brute force or password guessing attacks. So those are the value that the secure by design adds. I think and there are certain questions around future capabilities that I have responded. It's not related to v 22. And then I think the last one is around, is there anything new in the malware protection as we talked about this new engine, from Sophos Labs? Yeah. There are certain advantages as we are we have improved, completely changed the malware engine in this v 22. Very first thing, it is optimized signature pack. So it's pretty light in the footprint and, hence, results into faster performance. So if you are looking at threat protection throughput or antivirus, anti malware kind of throughput, then that's the advantage. But I think the key thing is significant improvement in that zero day detection or real time protection capabilities. So globally emerging threat, so first lab uses global reputation lookup. So they have a massive cloud database of known vulnerable files as well as the benign files, and that is updated less than five minutes real time on the cloud. And this new engine make use of that cloud analysis and telemetry to make sure that things are protected. So we have zero day protection capabilities is way more improved with this newer engine, and there are certain ML model integrated for, say, window Windows executable malware detection kind of capabilities. And after all this detection, there is a rich telemetry going back to Sophos Labs in order to keep updating as a feedback loop, when we, keep launching new signature patterns for malware. So a lot of advantages went behind this newer malware engine. So I. think great. yeah. Yeah. If if. one customer detects a new zero day attack, that will quickly get turned around by Sophos Labs to protect everyone in the world. So it's a extremely sort of useful feedback loop, and it happens quite quickly. Yeah. Yeah. Chris, I think we we are at end of the questions, and I guess folks are interested and waiting for the release to go out in a couple of hours from now. That's great. Yeah. It won't be long now. Keep, an eye on Southwest Firewall community or the partner news blog, and you will see, when it's available. Charnel, over to you if you wanna close it out for us. Thank you so much, Chris, and thank you, Parth, for joining for this session. We really appreciate it. And thank you to everybody who attended this session. Like I mentioned at the beginning of the session, we have recorded this, and we'll be sending out a copy of the recording to everybody who attended today and those who weren't able to join us, as well as a copy of the slides. But if you do have any further questions or anything, please make sure that you reach out to, your, channel account manager or, SE, and they'll be able to assist you. But thank you so much for joining, and have a great day. Thank you.