Active Threat Response – Sophos News

is a feature in Sophos Firewall v20 that offers Active Threat Response, which improves response time and automates the defense against active adversaries and threats. This feature extends Synchronized Security to Sophos MDR and XDR analysts, allowing them to push threat intelligence to the firewall via a new threat feed API. The firewall then coordinates an immediate and automatic defense, isolating any host attempting to communicate with the blocked threat. This prevents lateral movement and stops the threat in its tracks.

The Active Threat Response feature works seamlessly regardless of the source that identifies the threat, whether it’s the analyst, an endpoint, the firewall, or NDR. It significantly enhances the overall security posture of Sophos MDR and XDR customers who use Sophos Firewall.

Sophos Firewall v20 comes with a range of other new features, all of which are detailed in the What’s New PDF download. The early access program for SFOS v20 is currently open, and users are encouraged to participate to help make this release the best it can be. Feedback can be provided through the Sophos Firewall’s feedback mechanism and the EAP community forums.

The early access program is expected to end soon, with general availability following shortly. Sophos extends its gratitude to all participants in the program for their valuable contributions.