2 min

Tags in this article

, ,

Sophos has announced its new firewall appliances in the XGS series. The firewalls should excel in the area of TLS inspection, with native support for TLS 1.3.

TLS inspection on the XGS firewalls should be up to five times faster than on other models currently available, claims Sophos. The firewalls should also provide the best zero-day protection in the industry and stop the most advanced known and potential threats, including ransomware.

Xtream flow

The Xstream flow processors in the firewalls are set to automatically pass on trusted traffic from SaaS, SD-WAN and cloud applications, for example, leaving enough processor power to perform deep packet inspection and TLS inspection. This should reduce latency and improve performance for key business applications, especially those that rely on real-time data.

To provide a good overview of TLS traffic and inspection issues and to allow security administrators to easily add exceptions, Sophos has made a dashboard available. The firewalls also come standard with a set of rules which exclude safe traffic from inspection to optimize performance. These rules are maintained by SophosLabs.

Most significant hardware upgrade ever

“Sophos Firewall XGS Series appliances represent the most significant hardware upgrade that we have ever released and introduce unmatched detection, protection and speed”, said Dan Schiappa, chief product officer at Sophos. “Security teams can no longer afford to overlook encrypted traffic for fear of breaking something or hurting performance – there’s too much at risk. We’ve completely redesigned the Sophos Firewall hardware to handle the modern encrypted internet. Security teams now have the ability to easily inspect encrypted traffic and shine light on what was once a black hole, and they can confidently do so without compromising on performance.”

Almost half of cybercriminals now use TLS

Sophos research shows that more and more cybercriminals are now using Transport Layer Security to obfuscate their communications and prevent their attacks from being detected. This was the case in 45 percent of the malware detected by Sophos between January and March 2021. It is double the 23 percent the company observed in early 2020.

“TLS has undoubtedly changed the privacy of internet communications for the better, but for all the good it’s done, it’s also made it much easier for attackers to download and install malicious modules and exfiltrate stolen data – right under the noses of IT security teams and most security technologies”, said Schiappa. “Attackers are taking advantage of TLS-protected web and cloud services for malware delivery and for command and control. Their initial compromise malware is simply the advance guard for major attacks, as they’re setting up camp for the heavy artillery that follows, like ransomware.”


The new XGS firewalls are available in desktop and rackmounted form factors. They are suitable for small, medium and distributed organisations alike. More information can be found on the Sophos website.

Tip: Sophos lets customers scan container images for malware