If you look at what’s required to properly secure a modern network, it breaks down into three pillars: hardening, protection, and detection and response. Or another way to look at it: being equal parts proactive and reactive - or what you need to do before, during, and after an attack.

Most network firewalls focus almost exclusively on real-time protection (the middle pillar in the image above) such as traffic filtering, threat prevention, and intrusion prevention systems. While these capabilities are important, concentrating solely on real-time traffic inspection leaves organizations vulnerable in many other ways.

We’ve talked a lot about the importance of hardening and Secure by Design but detection and response is an equally important pillar of a strong protection foundation. 

Sophos Synchronized Security

Sophos Firewall is unique in offering cross-product automated responses to threats. We call this Synchronized Security.

Synchronized Security allows the firewall to coordinate a defense with other Sophos products and isolate compromised devices – automatically without any admin intervention. 

Synchronized Security has been proven itself to be critically important time and time again. 

Imagine you get attacked late on a Friday night. In any other network, you’re looking at a ransomware demand on Monday morning. But with Sophos Firewall and Sophos Synchronized Security, any detection that's triggered on a Sophos endpoint, by your Sophos Firewall, or by a Sophos MDR analyst, will trigger an automated Synchronized Security response that has the attacker isolated and unable to communicate with other systems, communicate out, or access any of your apps and data. It’s stopped dead in its tracks until you clean it up on Monday.

How it works

Sophos Synchronized Security continuously shares health information via a Security Heartbeat link between products. When a device is detected attempting to do anything malicious such as encrypt files, communicate with a C2 server, or any other malicious behavior, it's immediately flagged with a red heartbeat status.

The firewall automatically informs all the healthy Sophos endpoints of the compromised device so they can immediately block all traffic from that device to prevent the threat from moving laterally. The firewall also has dynamic firewall rules that automatically cut off access to network resources such as other LAN segments, the Internet, and any servers or other networked resources. 

The compromised host is effectively isolated and unable to communicate, exfiltrate, or move. And if you combine Sophos Firewall with Sophos Endpoint and Sophos Workspace Protection, you extend this Synchronized Security capability to workers everywhere – on or off the network.

What you get

As you’ve seen, Sophos Synchronized Security with Sophos Firewall provides several benefits:

• Cross-product automated response to threats helps identify and shut down active adversaries operating on the network without administrator intervention
• Works 24/7 to help contain attacks whenever they happen – day or night
• Synchronized Security Heartbeat has a couple of added benefits beyond attack detection and response, including sharing application and user information between the endpoint and the firewall for easier authentication and control over custom or obscure apps

Synchronized Security is included at no extra charge and "just works" when you combine any of our Synchronized Security products or services together: Sophos Firewall, Sophos Endpoint, Sophos Workspace Protection, Sophos Email, and Sophos MDR (with Active Threat Response) all support Synchronized Security automated response.

Synchronized Security is a unique capability you won’t get anywhere else, and it’s another of the many reasons customers choose Sophos.