Sophos Firewall v21 provides third-party menace feed help for Lively Risk Response.
Lively Risk Response was first launched in v20, implementing a brand new extensible menace feed framework in Sophos Firewall to robotically reply to energetic threats. Preliminary help was supplied for dynamic menace intelligence feeds from Sophos X-Ops and Sophos MDR, enabling the firewall to robotically reply by blocking entry to any menace revealed by means of this framework.
Whereas that is all most clients will ever want, there are particular areas or vertical markets the place particular customized menace feeds are inspired or required. There has additionally been an curiosity by our accomplice neighborhood, SoC suppliers, and many purchasers for an extensible menace feed functionality to help current or new menace detection and response options and providers.
To allow these use instances, Sophos Firewall v21 extends the menace feed framework to help third-party menace feeds. Now, you may simply add extra vertical or customized menace feeds to the firewall, which is able to monitor and reply in the identical computerized manner – blocking any exercise related to them – throughout all safety engines (IPS, DNS, Internet and AV) and with out requiring any extra firewall guidelines.
Third-party menace feeds and Lively Risk Response additionally set off the identical Synchronized Safety response as every other purple Safety Heartbeat situation. Your Sophos Firewall will implement any firewall guidelines that comprise purple Heartbeat situations and the firewall may also coordinate Lateral Motion Safety together with your Sophos Endpoints, which is able to inform all wholesome managed endpoints that there’s a compromised host on the LAN to allow them to block site visitors from that system.
Try the quick video under a full demonstration on:
Learn how to arrange third-party menace feeds
How Lively Risk Response and lateral motion safety work
Learn how to use the brand new dashboadring and reporting
For extra info, seek the advice of the web documentation.
Quite a lot of specialised and vertical menace feeds are supported, together with these supplied by safety organizations, trade consortiums, and community-based or open-source menace intelligence sources. A very good instance is Greynoise, who’s that includes the Sophos Firewall integration on their web site.
Different nice examples embrace:
Cisco Talos
Abuse.ch / URLhaus
Hakk Options
OSINT (Open-source Intelligence) / DigitalSide
CINS Rating
CrowdSec
EclicticIQ
Feodo Tracker
And extra!
Begin benefiting from this nice new functionality in Sophos Firewall v21 by collaborating within the Early Entry Program. Merely register for this system, click on the hyperlink in your e-mail to obtain the firmware replace package deal, and set up it in your Sophos Firewall.