Powerful protection and performance

Deep packet inspection

The Xstream DPI Engine provides high-performance traffic scanning for intrusion prevention (IPS), antivirus (AV), web protection, and app control in a single streaming engine

• TLS 1.3 inspection
• Next-gen IPS
• Zero-day threat protection
• Proxy-based dual-engine AV scanning
• Perimeter defenses
• Country-based blocking policy

Encrypted traffic inspection

Xstream TLS 1.3 inspection with industry-leading performance, visibility, policy tools, and built-in intelligence removes an enormous blind spot in your protection

• TLS 1.3 without downgrading
• Hardware acceleration
• Intelligent traffic selection
• Prepackaged exception list
• Powerful policy engine
• Covers all ports/protocols
• Supports all modern cipher suites
• Unmatched visibility and error handing

Zero-day and machine learning (ML) protection

Sophos Firewall leverages Sophos' industry-leading ML technology, powered by SophosLabs Intelix, to instantly identify the latest ransomware and unknown threats before they get on your network

• SophosLabs data scientists
• Multiple ML models
• Static file analysis
• Dynamic file analysis

Cloud sandbox

Sophos zero-day dynamic file analysis uses next-gen cloud sandboxing, powered by deep learning and Sophos Endpoint technology, to protect against zero-day threats, including new ransomware and targeted attacks coming in through phishing, spam, or web downloads

• Dynamic sandboxing analysis
• Deep learning static file analysis

Web protection

Sophos' web protection engine is backed by SophosLabs Intelix and includes innovative technologies required to identify and block the latest web threats

• Advanced web protection
• Pharming protection
• HTTPS scanning
• Potentially unwanted app control
• SophosLabs

DNS protection

Sophos DNS Protection provides a high-performance, cloud-based domain name resolution service for website compliance and security

• Cloud-delivered name resolution
• Powered by SophosLabs and AI technology
• Blocks access to the latest malicious sites
• Enables granular compliance policy enforcement

NDR Essentials

Sophos NDR Essentials provides a cloud-hosted Network Detection and Response solution to offload processing from the firewall while providing advanced AI detection of suspicious URLs and encrypted payloads

• Cloud-delivered NDR
• Powered by AI
• Detects domain-generation algorithms
• Detects suspicious encrypted payloads without decryption

Synchronized Security™

Our revolutionary Security Heartbeat ™ links your Sophos-managed endpoint with your firewall to share health and other valuable information to enable an automated and coordinated response, isolate threats, and prevent lateral movement

• Security Heartbeat
• Active threat response
• Lateral movement protection
• Destination heartbeat protection
• Synchronized app control
• Synchronized user ID

Active Threat Response

Sophos Firewall provides an immediate and automated response to active threats and adversaries to stop them dead in their tracks and prevent lateral movement

• Multiple threat feeds supported, including those from Sophos X-Ops, Sophos MDR, and third parties
• Blocks active threats immediately without the need for firewall rules
• Utilizes Sophos Synchronized Security to automatically isolate managed endpoints, provide visibility, and protect against lateral movement

User identity

User identity-based policies and unique user risk analyses give you the knowledge and power to regain control of your users before they become a serious threat to your network

• Powers all firewall policies and reporting
• User threat quotient (UTQ) identifies the top-risk users on your network
• Synchronized user ID
• Flexible authentication options including directory services
• Two-factor authentication (2FA) and one-time password support for access to key system areas

Application control

Complete visibility and control over allapplications on your network with deep packet scanning technology

Synchronized app control can identify all the unidentified applications currently running on your network

• Visibility and control over thousands of applications
• Cloud access security broker (CASB) cloud app visibility
• Generative AI visibility and control
• Synchronized app control
• User-based application policies
• Traffic shaping (QoS) prioritizes bandwidth allocation to critical applications and limits bandwidth for non-business applications

Web control

Full visibility and control over all your web traffic with flexible enforcement tools that work the way you need, with options for user and group enforcement of activity, quotas, schedules, and traffic shaping

• Enterprise secure web gateway (SWG) policy model
• Support for Sophos DNS Protection
• Template-driven activity control with predefined workplace and compliance policies
• Education and SafeSearch features
• Comprehensive traffic enforcement
• Traffic shaping (QoS)

Content control

Flexible, user-based monitoring and control of keyword content and downloadable content, including file types via FTP, HTTP, and HTTPS

• Web keyword monitoring
• File download filtering templates
• Policy-based outbound email DLP
• Web caching

Business applications

Combine next-gen firewall capabilities with our enterprise-class web application firewall to protect your critical business applications from hacks and attacks while still enabling authorized access

• Next-generation IPS
• Web application firewall
• Granular, user-based protection

Email and data

Protect your email from spam, phishing, and data loss with our unique all-in-one protection that combines policy-based email encryption with DLP and anti-spam

• Full Mail Transfer Agent (MTA) store-and-forward support
• Live anti-spam
• Secure PDF Exchange (SPX) encryption
• Policy-based DLP
• Self-serve user portal