Sophos today also publishedthe SophosLabs Uncut article, “Nearly a Quarter of Malware now Communicates Using TLS,”which explains how 23% of malware families use encrypted communication for Command and Control (C2) or installation. The article details, for example, three common andever-present Trojans– Trickbot, IcedID and Dridex– that leverage TLS during the course of their attacks. Cybercriminals also use TLS to hide their exploits, payloads and stolen content and to avoid detection. In fact, 44% of prevalent information stealers use encryption to sneak hijacked data, including bank and financial account passwords and other sensitive credentials, out from under organizations.
“As SophosLabs’ research demonstrates, cybercriminals are boldly embracing encryption in an attempt to bypass security products. Unfortunately, most firewalls lack scalable TLS cryptocapabilities and are unable to inspect encrypted traffic without causing applications to breakor degrade network performance,” said Dan Schiappa, chief product officer at Sophos.
“With the new Xstream architecture in XG Firewall, Sophos is providing critical visibility into an enormous blind spot while eliminating frustrating latency and compatibility issues with full support for the latest TLS 1.3 standard. Sophos’ internal benchmark tests have clocked a two-fold performance boost in the new XG TLS inspection engineas compared to previous XG versions. This is a game changer.”
Keynew features of XG Firewall include:
- Inspection of TLS 1.3 todetect cloaked malware: New port-agnostic TLS engine doubles crypto operation performance over previous XG versions
- Optimized critical application performance: New FastPathpolicy controls accelerateperformance of SD-WAN applications and traffic, including Voice over IP, SaaS and others, to up to wire speed
- Adaptivetraffic scanning: The newly enhanced Deep Packet Inspection (DPI) engine dynamically risk-assesses traffic streams and matches them to the appropriate threat scanning level, enhancing throughput by up to 33%across most network environments
- Threat analysis with SophosLabs intelligence: Provides network administrators with the SophosLabsAI-enhanced threat analysis needed to understand and adjust defenses to protect against a constantly changing threat landscape
- Comprehensive cloud management and reporting in Sophos Central: Centralized management and reporting capabilities in Sophos Central provide customers with group firewall management and flexible cloud reporting across an entire estate without additional charge
- Integration with Sophos Managed Threat Response (MTR)service: Customers of XGFirewall who also subscribe tothe Sophos MTR Advanced service will have deeper actionable intelligence to prevent, detect and respond to threats, as a result of the integration
- Sophos XG Firewall is available in the cloud-based Sophos Central platformalongside Sophos’ entire portfolio of next-generation cybersecurity solutions. Sophos’ unique Synchronized Security approach empowers these solutions to work together for real-time information sharing and threat response.
0 Comments