Web protection on the UTM plays a major role in protecting our customers and their users. In the last blog post I discussed changes to user authentication. In this post I’m going to talk about how we’ve made policy authoring easier, and how we’re addressing the increasing use of HTTPS.
Sophos UTM has always had a pretty comprehensive set of policy features, and has offered a great deal of flexibility when it comes to applying those policies. Power users of the UTM really appreciate this, but our new customers sometimes found it hard to find their way around. We all felt the learning curve was too steep.
Our dedicated Web Appliance, on the other hand, has received acclaim for its ease-of-use. So we thought, “let’s take what we’ve learned building that product and apply it to the UTM, but without removing any of the flexibility.” A real challenge!
We looked at all the policy workflows, and catalogued all the most common use cases that our customers told us about. We wanted to make it easy and quick for a new customer to get to the point where they have a meaningful policy in effect. We also wanted to ensure that existing customers don’t lose functionality and can find their way around.
UTM Accelerated (9.2) presents a new view of policies. Instead of having to create a set of policy elements in separate screens before finally applying them, administrators can now manage all the pieces of a policy in one place.
With so many options to edit, we’ve organized our main policy rules into a tabbed format (see screenshot). Instead of being faced with a long, scrolling list of options, you can now quickly jump to the right page. You can also easily skip the options you’re not interested in.
We’ve also made it way easier to get started with user-based policies. You can pick Active Directory users and groups—without having to go off and create shadow groups first. And you don’t have to get stuck into the world of proxy profiles just to create a couple of different browsing experiences.
You’ve probably heard a lot in the news recently regarding the risks of Internet snooping – whether on local networks by criminals, or in data centers by authorities. As a result, Google, Facebook, Twitter, Yahoo and many other sites have switched to use HTTPS by default and more are joining them. This presents corporate IT with a dilemma.
On one hand, increased use of HTTPS is great because it keeps confidential data secure in transit. But on the other, it becomes harder to scan web traffic for malware or enforce policies such as safe searching.
Sophos UTM can, if you wish, decrypt HTTPS traffic on your network and scan inside it. But that’s not always acceptable or possible. So with UTM 9.2 we’ve added the ability to filter HTTPS traffic transparently by URL, without having to crack the encryption.
Why is this a big deal? Well, with old fashioned proxy-based web gateways it was easy. Browsers know they are talking to a proxy. They give the proxy an HTTPS web address and ask for a connection. The proxy can easily look at the URL and decide whether to block it or allow it.
With a transparent gateway like the UTM, the browser thinks it’s talking directly to the website. It tries to make a direct SSL connection to the server’s IP address, and the IP address is often not enough to go on for a good policy decision.
UTM 9.2 can look at the unencrypted information that gets passed during that SSL connection attempt. There’s actually enough data there for us to work out what website the user’s trying to connect to. We can then apply policy rules as if it were a regular HTTP connection. The actual data sent back and forth is still encrypted: you’d still need to enable HTTPS decryption to get the full security treatment. But we can still apply a pretty strong level of security and control without some of the challenges associated with HTTPS decryption.
Get ready for UTM Accelerated (9.2)
You’ll soon be able to read all about these great new features as we roll them out on our website. Or if you’re visiting RSA or CeBIT in the coming weeks, we’ll be offering a sneak peak at this technology in action at our trade show booth.
Whether you’re an existing UTM customer, or considering a switch from one of our competitors, we think you’ll be impressed with how we’ve managed to combine flexibility and ease-of-use.
Watch the video below to get a closer look at Web Protection in Sophos UTM 9.2.
Come back to Sophos Blog for the next post in the coming days explaining more feature highlights of Sophos UTM Accelerated (9.2). Until then, should you have any questions, we’re only an email or a phone call away.