Sophos is a security system that protects your privacy and family security. It’s also an enterprise grade cybersecurity for organisations

Sophos offers three solutions:

  • Sophos Endpoint
  • Sophos MTR
  • Sophos Firewall


Intercept X Endpoint features

  1. Endpoint Detection and Responses (EDR): Identifies and prioritizes possible threats, allowing you to immediately identify where you should spend your attention and which devices are at risk.
  1. Extended Detection and Response (XDR): For even greater insight, go beyond the endpoint by adding cross-product data sources.
  1. Anti-Ransomware: To stop ransomware and boot record assaults, it uses ransomware file protection, automated file recovery, and behavioral analysis.
  1. Deep Learning Technology: Without depending on signatures, the artificial intelligence integrated into intercepts X identifies both known and undiscovered malware.
  1. Exploit Prevention: Block vulnerabilities and tactics used by attackers to distribute malware, steal passwords, and evade detection.
  1. Managed Threat Response: Threat hunters and response professionals that work on your behalf to take specific steps to neutralize even the most sophisticated attacks.
  1. Active Adversary Mitigations: Malicious traffic detection, active adversary persistence on computers, and credentials theft prevention.
  1. Central Management: From a single console, manage your endpoint protection, EDR, XDR, and other Sophos products.
  1. Synchronized Security: Sophos products share data and take action automatically.




Dedicated Xstream Flow Processors in Sophos Firewall and XGS Series appliances provide the utmost in application acceleration, high-performance TLS inspection, and strong threat prevention.

The Sophos Firewall Xstream architecture is designed to provide high levels of visibility, security, and performance to assist network administrators handle some of the most pressing issues they face today.

Powerful Protection and Performance

  • Inspection: By allowing you to employ SSL inspection while retaining performance efficiency, Sophos Firewall eliminates the blind spots produced by encrypted traffic.
  • Deep Packet Inspection: Sophos Firewall has a high-performance deep packet inspection (DPI) engine that scans your traffic for risks without the need of a proxy.
  • Application Acceleration: Sophos Firewall automatically or via your own policies speeds your SaaS, SD-WAN, and cloud traffic such as VoIP, video, and other trusted apps, putting them on the FastPath through the new Xstream Flow Processors.

The Xstream Protection bundle from Sophos Firewall gives you all the next-generation security, performance, and value you need to run even the most demanding networks. Also available with your choice of XGS Series model included.

Base Firewall Features

  • Networking and SD-WAN: Wireless, SD-WAN, Application Aware Routing, Traffic Shaping
  • Protection and Performance: Xstream Architecture with Network Flow FastPath, TLS 1.3 Inspection, Deep-Packet Inspection
  • VPN: IPsec/SSL Site-to-Site and Remote Access VPN (unlimited), Sophos SD-RED Site-to-Site VPN
  • Reporting: Historical on-box logging and reporting, Sophos Central cloud reporting (seven-day data retention)

With Sophos MTR, your organization is backed by a world-class team of threat hunters and response professionals that take targeted measures on your behalf to neutralize even the most complex attacks.

  1. High-Fidelity Detection: To detect suspicious activities and the strategies, approaches, and processes employed by the most advanced adversaries, Sophos MTR deploy a combination of deterministic and machine learning models.
  1. Proactive Defense: Intercept X secures your environment by combining threat intelligence with freshly found signs of compromise uncovered through threat hunts.
  1. Elite Expertise: Sophos highly-trained staff of threat hunters, engineers, and ethical hackers is on the lookout for unusual activity and taking action against threats 24 hours a day, 7 days a week.
  1. Outcome-Focused Security: Every hunt, inquiry, and reaction action generates data that may be used to improve settings and automatic detection capabilities.


  1. Base Firewall: The Sophos Firewall Base license includes the Xstream Architecture, networking, wireless, SD-WAN, VPN, and reporting.
  • Xstream Architecture: To speed trustworthy SaaS, SD-WAN, and cloud application traffic, it enables high-performance TLS 1.3 inspection, deep-packet inspection, and network flow FastPath. To get the most out of the Xstream Architecture, you’ll need Network and Web Protection.
  • Networking and SD-WAN: With zone-based stateful firewall, NAT, VLAN support, various WAN connection choices with SD-WAN routing, fail-over, and failback, and networking, routing, and SD-WAN capabilities.
  • Secure Wireless: Sophos APX wireless access points include a built-in wireless controller. Setup is simple thanks to plug-and-play access point detection. Multiple SSIDs, hotspots, guest networks, and a variety of encryption and security protocols are all supported.
  • VPN: VPN supports IPsec and SSL and provides standards-based site-to-site and remote access VPN. Sophos Connect is a remote access VPN client for Windows and Mac that is simple to install and configure. Sophos’ SDRED layer 2 site-to-site tunnels provide a low-weight, high-security VPN option.
  • Reporting: On-box reporting gives you a lot of information about risks, users, apps, online activities, and more. To gain the maximum benefits, particular reporting functionality may be dependent on additional protection modules.

3. Web Protection: Unparalleled visibility and control over all online and application activity for your users.

  • Powerful user and group web policy: Secure Web Gateway policy controls at the enterprise level make it easy to handle advanced user and group web restrictions. Apply restrictions based on online terms that indicate inappropriate usage or behavior that have been submitted.
  • Application Control and QoS: With comprehensive policy and traffic-shaping (QoS) choices based on application category, risk, and other factors, it provides user-aware visibility and control over thousands of apps. Synchronized Application Control detects all unfamiliar, evasive, and bespoke apps on your network automatically.
  • Advanced Web Threat Protection: Sophos sophisticated engine, which is backed by SophosLabs, delivers the best protection against today’s polymorphic and obfuscated online attacks. JavaScript emulation, behavioral analysis, and origin reputation are just a few of the innovative approaches that may help keep your network safe.
  • High-performance traffic scanning: Sophos Xstream SSL inspection, which is optimized for maximum performance, delivers ultra-low latency inspection and HTTPS scanning while retaining performance.

2. Network Protection: All the protection you need to defend against sophisticated assaults and advanced threats while granting secure network access to individuals you can trust.

  • Next-Gen Intrusion Prevention System: Provides excellent defense against all sorts of contemporary threats. It protects users and programs on the network in addition to standard server and network resources.
  • Security Heartbeat: Establishes a connection between your Sophos Central-protected endpoints and your firewall, allowing you to detect threats quicker, simplify investigation, and reduce the impact of assaults. Heartbeat status may be easily included into firewall rules to automatically isolate infected computers.
  • Advanced Threat Protection: Today’s most sophisticated assaults require quick detection and reaction. Threats are identified quickly by multi-layered security, and Security Heartbeat offers an emergency reaction. VPN technology that is cutting-edge.
  • Advanced VPN technologies: Adds innovative and easy-to-use VPN technologies, such as our clientless HTML5 self-service site, which makes remote access a breeze, or our proprietary light-weight secure SD-RED (Remote Ethernet Device) VPN technology.

4. Zero-Day Protection: Static and dynamic file analysis techniques powered by artificial intelligence combine to provide unparalleled threat intelligence to your firewall, allowing you to successfully identify and prevent ransomware and other known and undiscovered attacks.

  • Powered by SophosLabs: The Zero-Day Protection subscription includes a completely cloud-based threat intelligence and threat analysis platform, which is powered by industry-leading SophosLabs. This software includes deep learning-based file analysis, thorough analysis reports, and a threat meter that displays a file’s risk summary.
  • Static File Analysis: You can rapidly identify risks without having to run files in real time by combining the power of numerous machine learning models, global reputation, deep file scanning, and more.
  • Dynamic File Analysis: To monitor a file’s behavior and intent, run it in a secure cloud-based sandbox. Screenshots give further insight into any significant events that occurred throughout the analysis.
  • Threat Intelligence Analysis Reporting: Rich intelligence reports provide you a lot more information than just a simple “good,” “poor,” or “unknown” assessment. The combination of data science and SophosLabs research provides complete insight into the nature and capabilities of a threat.

6. Email Protection: Integrate anti-spam, data loss prevention, and encryption into your email security.

  • Integrated Message Transfer Agent: Allows the firewall to automatically queue mail in the event that servers go unavailable, ensuring always-on business continuity for your email.
  • Live Anti-Spam: The newest spam campaigns, phishing assaults, and dangerous attachments are all protected.
  • Self-serve Quarantine: Employees have immediate access to their spam quarantine, saving you time and effort.
  • SPX Email Encryption: Using our patent-pending password-based encryption technology, SPX makes it simple to send encrypted email to anybody, including those without any type of trust infrastructure.
  • Data Loss Prevention: Based on the existence of sensitive data in emails leaving the business, policy-based DLP can automatically encrypt or block/notify.

5. Central Orchestration: VPN orchestration, firewall reporting, and MTR/XDR integration are all controlled by Sophos Central in the cloud.

  • Sophos Central VPN Orchestration: Allows for simple VPN orchestration. Tunnel configuration using a wizard allows you to quickly construct complete mesh networks, hub-and-spoke topologies, or complicated tunnel arrangements between several firewalls.
  • Central Firewall Reporting Advanced: Threats, compliance, and user behavior are all covered by cloud-based reporting, which includes numerous pre-packaged common reports. Advanced capabilities for building custom reports and views, as well as the ability to store, schedule, or export them. 30 days of log data retention is included, with the option to add more storage for historical reporting needs.
  • MTR/XDR Ready: Sophos MTR is a fully managed threat hunting, detection, and response service that is available 24 hours a day, 7 days a week. Sophos XDR allows you to control your own extended detection and response.

7. Web Server Protection: Secure access while hardening your web servers and business applications against hacker attacks.

  • Business Application Policy Templates: Pre-defined policy templates make it simple to secure popular apps like Microsoft Exchange, Outlook Anywhere, and SharePoint.
  • Protection from the latest hacks and attacks: URL and form hardening, deep-linking and directory traversal prevention, SQL injection and cross-site scripting protection, cookie signing, and other sophisticated protection methods are included.
  • Reverse proxy: Authentication options, SSL offloading, and server load balancing provide the highest level of security and speed for your internet-accessible servers.


The dual-processor design of the XGS Series firewall appliances combines a high-performance, multi-core CPU with a specialized Xstream Flow Processor for targeted hardware acceleration.

  1. SMB and Branch Office XGS Series Desktop

This package offers excellent value and all-in-one connection for small business and retail.

  • Models 87/87w, 107/107w, 116/116w, 126/126w, 136/136w
  1. Distributed edge XGS Series 1U Rackmount

Larger SMB and mid-sized companies require performance and flexible connection choices to satisfy their security infrastructure requirements.

  • Models 2100, 2300, 3100, 3300, 4300, 4500
  1. Enterprise Edge XGS Series 2U Rackmount

Larger SMB and mid-sized companies require performance and flexible connection choices to satisfy their security infrastructure requirements.

  • Models 5500, 6500


  • Simple, Secure, Reliable

When Sophos Access Points are attached, they are instantly identified, allowing you to quickly and simply create a choice of corporate, guest, or contractor wireless networks. You receive seamless wireless integration with firewall protection, consistent security rules for wired and wireless traffic, and dependable high-speed connectivity.

  • Hardware Appliances with integrated Wi-Fi

An integrated WiFi access point is provided on all XGS Series desktop appliances. By adding Sophos APX Series Access Points, coverage may be extended even farther.

  • Technical Specifications

Sophos APX Series access points have enterprise-class, high-speed wireless chipsets, custom-designed antennas, high-performance CPU and memory resources, and hardware-accelerated encryption.