Sophos Group plc is a British security software and hardware company. Sophos develops products for communication endpoint, encryption, network security, email security, mobile security and unified threat management. Sophos is primarily focused on providing security software to the mid market and pragmatic enterprise from 100- to 5,000-seat organizations. Whilst not a primary focus, Sophos also protects home users, through free antivirus software (Sophos Home) intended to demonstrate product functionality. It is listed on the London Stock Exchange and is a constituent of the FTSE 250 Index. Recently, Sophos has been working to develop home antivirus with business-class technology to detect zero-day threats without the need of signatures.
According to Sophos, 66% of IT staff lack incident response skills. Since no security is perfect, companies will get breached regardless of their security defenses. Incident response has become an important part of security’s armory — and the third part of Intercept X is designed to help companies operate a meaningful response. This provides both clean-up and forensics.
“If we see a hacker or piece of malware trying to use one of the known exploit techniques, a data recorder running on the endpoint sends a ‘root-cause chain’ of data up to Sophos Central where we build a report on what happens. We provide the report in different levels of depth suitable for anything from a defense contractor to a small retail store.” At one level, the user can click on the alert notification and Intercept X will show “what happened, where and when it happened, who was logged on at the time, and how it happened. It also provides a list of next steps for the novice incident responder.”
More advanced users can delve deeper. “We provide an asset-based table-driven report for the experts,” said Schiappa. This provides specifics, like what registry changes were made, what processes were launched, and so on. “You can click on specifics to get more detail and see the course the attack.” The final level is a complete visualization of the attack that can be viewed in its entirety.
Intercept X can be installed as a self-contained stand-alone product. Where the primary Sophos central endpoint product is already installed, the agents from both products will merge to provide a single endpoint security product. Alternatively it can run alongside competitor products, without any interference, for a layered security approach.
Acquisitions and partnerships
From September 2003 to February 2006, Sophos served as the parent company of ActiveState, a developer of programming tools for dynamic programming languages. In February 2006, ActiveState became an independent company when it was sold to Vancouver-based venture capitalist firm Pender Financial.
In 2007, Sophos acquired ENDFORCE, a company based in Ohio, USA which developed and sold security policy compliance and Network Access Control (NAC) software.
In July 2008, Sophos announced its intention to acquire Utimaco Safeware AG.
In July 2009, Sophos completed integration of Utimaco Safeware AG.
In May 2010, Sophos reached a definitive agreement to sell a majority interest in the company to Apax Partners, a global private equity group.
In May 2011, Sophos announced it had entered into an agreement to acquire Astaro, a privately held provider of network security solutions, headquartered in Wilmington, Massachusetts (USA) and Karlsruhe, Germany.
In April 2012, Sophos acquired DIALOGS, a privately held provider of mobile management solutions, headquartered in Germany.
In February 2014, Sophos announced that it had acquired Cyberoam Technologies, a leading global provider of network security products.
In October 2014, Sophos acquired Mojave Networks, a leading cloud based security startup.
- Sophos UTM: a hardware (or software virtual appliance) network firewall including web browsing protection, AntiSpam filter and antivirusprotection.
- Next-Generation Firewall
- Web Application Firewall
- Secure Web Gateway
- Secure Email Gateway
- Secure VPN
- Secure Wi-Fi
- Enduser Protection Suite: an Internet Security solution which includes: antivirus, encryption and data protection, web filter, antispam and central management, available for Microsoft Windows, Apple OS X, Linux and Unix distributions (in particular Ubuntu and Oracle Solaris), Android and iOS.
- Endpoint Anti-Virus
- Sophos Cloud
- Mobile Control: a mobile content and device management tool, integrating mobile security, for Android, iOS, Windows Phone and Ubuntu Touch.
- SafeGuard Encryption: an out-of-the-box encryption console for Apple OS X (using Mac FileVault 2 encryption) and Microsoft Windows (using Microsoft BitLocker encryption).
- Virtualization Security
- Server Security
- SharePoint Security
- Network Storage Antivirus
SOPHOS XG Firewall
SOPHOS XG Firewall integrates multiple security features into a single device to offer better network security. SOPHOS XG Firewall works at the gateway of the network and protects it from malware, vulnerabilities in web applications and sophisticated targeted attacks. With SOPHOS XG Firewall you can control the information that employees of your organization share via applications, corporate or web mail. The multilayer security solutions SOPHOS XG Firewall allow full control over the activities of each user in the network and provide detailed Reporting of what is happening in the network and what is doing every single active user in it – or a group of users.
Monitoring and control applications
- SOPHOS XG Firewall is a global leader in the field with the ability to control thousands of key applications of different companies
- Prioritization of certain applications based on combination of users, time of usage and traffic required
- Application control and classification based on pre-defined criteria or selected by the administrator rules
- The proactive security model eliminates the need for manual intervention by the administrator when policies are being updated or new applications added
Content filtering and web control
- SOPHOS XG Firewalls are equipped with built-in system for full control of allowed content in the protected network
- Web content can be filtered both by user groups or by site groups or single web pages
- SOPHOS XG Firewall enables access restriction only to a certain level of web content – for example, setting a read-only access to different groups of sites and applications
Firewall for Web Applications (WAF)
- Protects Web sites and Web-based applications against OWASP Top 10 Web application attacks such as SQL injection, cross-site scripting (XSS), forgery of URL parameters, etc.
- Follows a positive model for protection by automatically identifying and blocking attacks at all levels of applications without relying on signature sheets or techniques models match
- Available as a subscription module for SOPHOS XG Firewall
Advanced protection system
- SOPHOS XG Firewalls offer protection against new and evolving threats through Intrusion Prevention System, antivirus and anti-spyware system (Gateway Anti-Virus / Anti-Spyware), antispam system (Gateway Anti-Spam), etc.
- Protection against outgoing spam
- Provides secure remote access to internal network resources via IPSec VPN, LT2P, PPTP and SSL VPN resources
- Threat-free Tunneling technology scans traffic for malware
- Mobile VPN Available for Android and iOS devices
Logs and reports
- Companies can receive real-time comprehensive view of the events registered in the network and the users in it through logs and reports provided
- 1200 template reports help to create adequate security policies and restrictions that address specific problems in the organization
- Logs, reports and alerts triggered by a variety of devices, protocols and locations provide information on the activity of users and network
- Reports compatible with HIPAA, CIPA, GLBA, SOX can be generated with just one clickа