Active threat response
Active threat response integrates Managed Detection and Response (MDR) threat feeds with Sophos Firewall. Synchronized Security extends to Active threat response, enabling the firewall to automatically shut down active threats in the network.
MDR threat feeds
Active threat response brings the MDR service to Sophos Firewall through MDR threat feeds. Security analysts from the Sophos MDR team (or your XDR SOC team in the future) can share threat intelligence related to your network, pushing active threat information in real time to the firewall. Based on the threat feeds, the firewall automatically blocks traffic, including DNS requests and HTTPS traffic, from any host in the network that tries to communicate with malicious IP addresses, domains, or URLs. Additional rules and policies aren't required for the Active threat response action. Watch the video Active threat response with MDR threat feeds.
Synchronized Security: Active threat response extends Synchronized Security with its automated response based on RED Security Heartbeat to MDR threat feeds in the firewall. Based on the threat feed, the firewall automatically queries any Sophos-managed endpoint attempting to communicate with malicious servers for additional information, such as the host, user, and process, which enables you to determine any Indicators of Compromise (IoC). It prevents compromised endpoints from moving laterally or communicating outward, shutting down active threats in the network.
The release enhances Synchronized Security with added scalability and reduced false missing heartbeats for endpoints in sleep or hibernate status.
Dynamic threat feeds
Sophos X-Ops threat feeds: Advanced threat protection has been renamed Sophos X-Ops threat feeds. It offers periodic updates of threat feeds from SophosLabs.
Extensible framework for dynamic threat feeds: Active threat response introduces a new extensible API framework for dynamic threat feeds in the firewall. The framework enables the following threat intelligence to be shared with the firewall:
- Sophos products and services, such as Sophos X-Ops and MDR threat feeds.
- Third-party threat feeds in a future release.