Sophos Security Heartbeat. Credit: Sophos Blog
Sophos today (10 November 2015) launched the Sophos Security Heartbeat, which synchronises threat intelligence across endpoints and networks to deliver better protection and manageability to its customers. It is fully enabled and included as part of the Sophos XG Firewall, and Sophos Cloud-managed endpoint protection.
"The challenges of today's security include a larger attack surface due to mobility and cloud adoption, and that attacks today are more sophisticated than before. To overcome them, endpoint security and network security need to communicate with each other. However, before Sophos Security Heartbeat, endpoint security and network security are always independent and isolated silos, which limited their effectiveness and manageability," said Chris Kraft, Sophos' Vice President of Product Management for Network Security, at a media briefing in Sydney.
When asked why network security and endpoint security were traditionally isolated, Marty Ward, Vice President of Product Marketing for Sophos, replied that not all security companies offered solutions in both segments. However, he said that synchronised security — not only between the two security segments mentioned but also including mobile devices, servers and encryption — should be the future of security. By doing so, customers/organisations could quickly detect threats, automate the isolation of infected devices, and take more immediate and targeted response and resolution.
Security Heartbeat works as follows: When a new Sophos protected endpoint is added to the network, its Security Heartbeat automatically connects to the local Sophos XG Firewall and the endpoint immediately starts sharing health status. If suspicious traffic is identified by the firewall, or malware is detected on the endpoint, security and threat information is instantly shared securely via the Security Heartbeat. The endpoint then reports context-rich information such as the computer name, username and process information associated with the threat. This allows the firewall to automatically take action to isolate the endpoint from internal and/or external networks and trigger additional action on the endpoint to mitigate risk and prevent data loss. After the threat has been removed, the endpoint uses the Security Heartbeat to communicate updated health status back to the network, which then re-establishes normal service to the endpoint.
The Sophos Security Heartbeat is targeted at the mid-market, which is underserved and requires solutions that are enterprise-grade but simple to use, said Ward. It thus delivers advanced threat protection capabilities without requiring additional agents, layers of complex management tools, logging and analysis tools, or expense.
According to ESG Labs — which tested the new solution - the Sophos XG firewall notified the user of an unknown malware within a second of detecting it and blocked the network access. At the same time, the endpoint also attempted to stop and remove the malware. The entire incident response time took about 8 seconds - which is faster than the average time taken of 2 hours - and required no administrator intervention.