New versions of the Endian and Sophos UTM solutions


Web Application Firewall

The Web Application Firewall (WAF) in the Sophos UTM Firewall provides an Apache web server-based reverse proxy to protect its own web server against SQL injections, cross-site scripting attacks, and other web-based attacks. Furthermore, it scans connections to the web servers in both directions for viruses and blocks clients with a bad reputation. In version 9.2, WAF also gets a new engine and a new pattern recognition feature, which Sophos promises to update continuously via Up2Date.

The new version of Sophos additionally extends the maximum file size for uploads from 128MB to 1GB. Also new is a function for reverse authentication. The Web Application Firewall then handles authentication for web applications, to protect the latter. After successful authentication in basic or form mode, the firewall then passes on the results to the configured back-end servers. This function is clearly targeted at customers of the now-defunct Microsoft TMG (Threat Management Gateway) product, which offered similar functionality.

Conclusions: Sophos UTM 9.2

The new version of Sophos sets standards in the UTM landscape in terms of functionality and usability. New features, such as two-factor authentication and SPX encryption, have been at the top of customer and partner wishlists for some time. Botnet detection, advanced threat protection, and the new DLP functions help Sophos make life a little easier for security admins. These requirements are part of everyday life in medium-sized companies and can be quickly and easily implemented with version 9.2. It's a pity, however, that the DLP functions so far only protect email messages against accidental and deliberate information leakage. A function that also searches outgoing HTTP(S) connections for sensitive data and blocks messages where appropriate is still missing.

Something for Everyone

The new versions of the Endian and Sophos UTM firewalls provide much that is new. With the HTTPS proxy, the revised VPN GUI, application identification, and the new ntopng live network monitoring, Endian catches up to other providers. Sophos is again innovative in this price range with two-factor authentication, SPX email encryption, botnet detection, and optimized WAF.

Whether you prefer the feature-rich Sophos UTM or the leaner Endian firewall depends not only on your own individual security requirements, but also on the type of deployment  – physical or virtual. Endian offers support for VMware, Xen and KVM; Sophos additionally supports Microsoft's hypervisor Hyper-V.

The Author

Thomas Zeller is an IT consultant and has been involved with IT security and Open Source for 15 years. He is the author/co-author of the books OpenVPN Compact and Mind Mapping with Freemind . In real life, he is an IT entrepreneur and managing director of an IT system provider. Among other things, he is responsible for the company's IT security business.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus