Sophos Supercharges Firewall Security with AI-Powered Threat Detection and Enhanced VPN Support
Sophos, a global cybersecurity leader, has released an advanced update to its Sophos Firewall software, introducing AI-driven threat detection capabilities and major usability enhancements. Central to this upgrade is the integration of Sophos NDR Essential, which is now included free for users with an XStream Protection license. This feature utilizes artificial intelligence to detect sophisticated cyber threats, including algorithmically generated domain names used by malware, marking a significant step forward in the company’s security offerings.
The updated Sophos Firewall v21.5 leverages dual AI engines to detect malicious traffic patterns that traditional tools might miss. These enhancements are powered by the Sophos Network Detection and Response (NDR) probe, which enables identification of novel or unclassified malware communications. To maintain firewall performance, Sophos offloads heavy NDR processing tasks to the cloud, a strategic move that ensures both efficiency and deeper threat analysis.
User security and experience also receive significant upgrades, especially in VPN connectivity. The new update integrates Sophos Connect with Microsoft EntraID (Azure AD), enabling Single Sign-On and multi-factor authentication. The VPN interface has been redesigned for clarity, and scalability has improved dramatically—supporting up to 3,000 VPN tunnels and hundreds of SD-RED connections, allowing large-scale organizations to operate with higher flexibility and confidence.
In terms of firewall management, Sophos has introduced enhancements like flexible IPv6 DHCP prefix delegation, default-enabled DHCPv6 servers, and a more responsive web admin interface. These changes simplify the user experience, especially for admins managing ultra-wide screens and complex setups. Configuration has also been optimized through cleaner default firewall rules and enhanced search capabilities within the dashboard.
Finally, the release reinforces Sophos’s “Secure by Design” commitment, incorporating new containerization for certain features and integrity checks using mathematical checksums to detect OS-level tampering. This security-focused approach allows for early identification of potential breaches. The update follows Sophos’s February 2025 acquisition of Secureworks, which has bolstered its position as the largest pure-play Managed Detection and Response (MDR) provider globally, now serving over 28,000 organizations.
Source: The Sun