By Chinenye Anuforo
Cybersecurity firm, Sophos, has announced an update to its Sophos Firewall software, introducing Sophos NDR Essential and a suite of improvements designed to strengthen protection against cyberattacks and simplify daily management for organizations.
The latest iteration, Sophos Firewall v21.5, now integrates Sophos NDR Essential, a feature freely available to all customers holding an XStream Protection license for Sophos Firewall. This integration marks a crucial step in leveraging advanced artificial intelligence to combat increasingly sophisticated cyber threats.
According to Sophos, the updated firewall utilizes two dedicated AI engines to identify malicious communications, including those employing algorithmically generated domain names, a common tactic used by malware. This new capability, derived from the Sophos Network Detection and Response probe, is designed to detect previously unknown or unindexed malware communications, significantly enhancing the firewall’s existing Active Threat Response functions.
Chris McCormack, Senior Product Marketing Manager at Sophos, highlighted the innovative approach to NDR traffic analysis. “NDR traffic analysis requires substantial processing power. That is why we have adopted a new approach by deploying an NDR solution in Sophos Cloud to offload the heaviest tasks from the firewall,” McCormack explained, ensuring optimal performance without burdening the local device.
Beyond enhanced threat detection, Sophos has focused on improving user experience and security for VPN connections. Sophos Connect now seamlessly integrates with EntraID (Azure AD) for Single Sign-On (SSO), allowing for robust user authentication and multi-factor authentication for both Sophos Connect and the firewall’s user portal.
Other notable VPN improvements include a more intuitive user interface with renamed connection types, dynamic validation of IP address pools to prevent conflicts, and strict profile enforcement in IPsec to ensure algorithm synchronization. The update also dramatically expands scalability for route-based VPN and SD-RED, supporting up to 3,000 simultaneously established tunnels, 1,000 SD-RED site-to-site tunnels, and 650 concurrent SD-RED devices.
Management of the Sophos Firewall also sees several enhancements. Flexible DHCP Prefix Delegation (IPv6 DHCP-PD) now supports a wider range of prefixes, improving compatibility with various internet service providers. Router Advertisement (RA) and DHCPv6 server are now enabled by default. The web admin interface continues to evolve with resizable table columns for better adaptability to ultra-wide screens, and enhanced object search functionality across various configuration pages. Furthermore, default firewall rules and rule groups have been streamlined in new firewall setups for a cleaner initial configuration.
Sophos continues to prioritize a “Secure by Design” approach, incorporating containerization of specific features and integrity checks on critical operating system files using mathematical checksums. Any mismatch in checksums triggers an immediate alert, enabling monitoring teams to proactively identify potential security incidents affecting the firewall’s OS integrity and facilitating swift incident response.
The update is now available for manual download and deployment on any Sophos Firewall with a valid license.
This release comes on the heels of Sophos’s acquisition of Secureworks in February 2025, a strategic move that has positioned Sophos as the largest pure-play Managed Detection and Response (MDR) provider, serving over 28,000 organisations.