The UTM/SG platform starts off with the basic functionality of being a good Firewall, adding the additional modules opens up the products set and allows for full web filtering and application control, reverse proxy, APT detection, IPS, VPNs, User portal etc.
The licensing model works very nicely to allow you to get the right protection at the right price point for the right deployment size.
In the increasingly cloud focused word the Sophos UTM’s ability to deliver Safe web access, Web Filter and Cloud Application control has gone from being a nice to have to being a must have for any size company or organization. The rich access logs it records allows you to get real insight into what your users and devices are accessing on the cloud. Native reporting is basic, but can easily be improved by adding Fastvue Sophos Reporter.
Improvements to My Organization:
The Sophos UTM planform has allowed us to improve or implement the following security practices:
- Details Web filtering and user access Control
- SaaS QoS
- Network segmentation with firewall and IPS
- WiFi protection
- Web Application Proxy everywhere, inside and out
- WAN expansion with SSL VPN and IPsec VPN over the Internet
- Two Factor Authentication requirement for PCI compliance
- Reduced the need for expensive MPLS deployments
Room for Improvement:
At Enterprise level the SUM (UTM Manager) needs to be updated to reflect all of the capabilities
At the Reporting level for user internet browsing the On-box Reporting is very basic and even adding the Sophos iView only give you limited improvement. Having said that, Fastvue’s Sophos Reporter provides all of this and more and integrates seamlessly with the UTM platform to unlock all of the log data’s value.
The SG platform does however not scale to a large enterprise deployment. You can deploy at scale but this is where the platform shows its age and limitations. For Large and Enterprise the better option is to go with the Sophos XG Platform.
Use of Solution:
I have been using Sophos for over three years by this stage in various deployments from Physical on premises, Virtual in AWS, and the virtual Free Home version to protect my family.
Major firmware release can sometimes be buggy initially but are soon pathed and stabilized. My advice would be to sit tight for 9.x release for about a week before implementing 9.x.yyy releases often fix bug without introducing stability issues.
The platform scales-out in a great way, if your deployment is basic and you do not exceed the capabilities of the current SUM. Several companies run large UTM connected networks with hundreds of site across multiple countries.
The platform scales up admirably in the format of the large tin deployments such as the SG550 or SG650 models. They are ably to handles massive throughput rates on the firewall modules but the Proxy and WAF modules cap out at a 10 000+ users or devices depending on the traffic, of course.
For anyone with Proxy and firewall experience the setup is pretty straight forward with a wizard that will get you up and running in no time. The UTM / SG is also available in Hardware Software / Hyper-V/ AWS / ESXi / Oracle Virtual Box so you can set up a test or lab environment on almost anything to get started.
Pricing, Setup Cost and Licensing:
The licensing options with virtual are great and scaling up and down is typically not an issue if you reseller is involved. Sometimes buying the hardware makes more sense than going virtual. The hardware is great and unlike the virtual licensing is unrestricted by user numbers. There are huge numbers of OS models that range from very small to very large. You will likely find a good fit for your deployment.
A great benefit is that you can migrate your Sophos SG license to a Sophos XG license in the future. You can safely Deploy on SG and later migrate over to the newer XG platform when you are ready. It offers a great feature set at a good price point.
Other Solutions Considered:
Various other platforms were evaluated before choosing the Sophos SG including CheckPoint – UTM1, FortiGate, and Sophos XG (Beta – at the time). All have their own areas where they shine and should be short listed candidate for anyone looking to implement a UTM.
Sophos is a great security partner for any organization. Investing in their suite of products gives you a good cohesive strategy for security. Adding Fastvue Sophos Reporter allows you to get better visibility into how well your UTM is protecting your environment as well as adding the ability to add real time alerts. It really adds additional features to the product without increasing the cost much and a relatively short ROI is often realized.
Disclosure: My company has a business relationship with this vendor other than being a customer: Through various methods, I have business relationship with Sophos and their reseller network. They are great guys who care more about making the internet a safer place than just extracting the maximum amount of revenue from you. Sophos listens to their customers and adds features as we request them. It really makes you feel like you have a security partner and not just a product supplier.