Sophos Central

SC01 – Sophos XG Firewall 101

Foundation Course

Version 1.0
February 2020

Hello and welcome to this Sophos XG Firewall Sales Training.

SC01 – Sophos XG Firewall 101, which is part of the foundation series of sales
training.
In this course we will look at some of the basics to get you started, like what is a
firewall and what does it do, the different types of firewalls available and typical
firewall competitors we come up against.

-------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------
Sophos Sales Consultant
February 2020
Version 1.0

© 2018 Sophos Limited. All rights reserved. No part of this document may be used or
reproduced in any form or by any means without the prior written consent of Sophos.

Sophos and the Sophos logo are registered trademarks of Sophos Limited. Other
names, logos and marks mentioned in this document may be the trademarks or

1
registered trademarks of Sophos Limited or their respective owners.

While reasonable care has been taken in the preparation of this document, Sophos
makes no warranties, conditions or representations (whether express or implied) as
to its completeness or accuracy. This document is subject to change at any time
without notice.

Sophos Limited is a company registered in England number 2096520, whose

registered office is at The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire,
OX14 3YP.

1
 Firewall 101

Let's start with the basics of what a firewall does, to give you a better understanding
for when you speak to new prospects, about what their potential requirements will
be when looking for a new or replacement firewall.

2
 Firewall – Essential Networking Tasks
VPN Main Internal Network

LAN

Internet WAN/SD-WAN WiFi

DMZ

VPN

A Firewall as shown here in the slide as the red brick wall, is the heart of any
organizations network.

It performs several important networking functions.

First it connects all the users, endpoints, servers, and mobile devices on the
corporate network. It may provide options for setting up different networks or
zones for different users or different purposes for example a Demilitarized Zone
referred to as a DMZ for servers or guest wireless access. .<adv>

It also provides essential Wide Area Network (WAN) or SD-WAN connectivity to the
internet through one or more Internet Service Provider connections<Adv>

It may also connect many remote or branch offices or devices securely via a Virtual
Private Network (VPN) back to the main network<Adv>
And it may enable remote users to access the internal network via VPN

So when buyers are looking for a firewall, they may have requirements and priorities
around one or more of these networking areas.

3
 Firewall – Essential Protection Tasks

?
SOFTWARE PROCESS
EXPLOITS ATTACKS Visibility and Control (over users/apps/data)
?

CRYPTO UNKNOWn
RANSOMWARE THREATS Block Attacks

Contain Threats
CREDENTIAL STEALTH
HARVESTING MALWARE

A Firewall is also responsible for securing the organizations network.

There are three essential protection tasks that it needs to perform…

First, the firewall is expected to provide visibility and control over network activity
like users, applications, and data to identify risks or problems <Adv>

Second, the firewall is also expected to prevent or block Network Attacks, Hacks, and
Malware from getting onto the network
<adv>

And third, the firewall should also provide a trusted Enforcement Point to contain
threats to block malware from spreading, exfiltrating data, or otherwise
communicating out

So essentially… keep the good stuff in, the bad stuff out and see what’s going in and
out.

Prospects will have different priorities when it comes to what’s important to them

4
with respect to protection. They may be well aware and suffering from a lack of
visibility, poor protection, or a lack of response to threats on their network, or they
may be unaware of just how little visibility, protection and response they have with
their existing firewall.

4
 Firewall – Essential Day-to-Day Management
• What does a Network Administrator Do?
o Deployment
- New Locations and firewalls
- New Network infrastructure
- New applications and services
o Management
- Policies and users
- Remediating Threats
- Troubleshooting issues
o Monitoring and Reporting
- Bandwidth utilization
- Risks and threats
- Reporting to stakeholders

It’s also important to understand what a Network Administrator spends their time
doing everyday… and as you can imagine, given the Firewall’s importance in the
overall functionality and protection of their network, the Firewall is where they spend
a lot of their time.

They spend time deploying new networking infrastructure, applications, and services.
They also spend time adjusting policies, adding or managing users, remediating
threats, and troubleshooting user and network issues
They also have to continuously monitor the health of their network, and be able to
answer basic questions about how resources are being utilized, assess risks, and
report to stakeholders.

Network administrators may have potential pains in any of these areas, but most
likely are getting by with a routine that works for them… they may not be aware there
are products out there that can dramatically help them with their day-to-day
management.

5
 Summary – A Firewall’s Key Tasks
Networking Protection Management

• Connecting internal network • Visibility and Control • Deployment/Setup

resources
• Stop hacks, attacks, threats • Day-to-day management
(LAN, WiFi, DMZ)
• Respond to incidents • Monitoring and reporting
• Internet/Cloud access
(WAN/SD-WAN)
• Secure network access for
remote locations and users
(VPN)

In summary, Firewalls have three essential tasks they need to perform…

- They are the heart of the network
- They protect the organization from hacks and attacks while also providing visibility
and control over activity across the organization
- They enable administrators to setup, manage, and monitor their network

And many firewalls out there are failing to do an effective job which is creating pains
for administrators to deal with but new opportunities for you.

6
 What Forms does a Firewall Take

Hardware Appliances Software Appliance Cloud Firewall

• Purpose built hardware with
modular connectivity
• Installed in a rack in the server
room or on a shelf in the utility
closet
• Different models for different
size customers and networks
• Installed on customer or MSPs • Installed in customer’s AWS or
own server hardware or Azure cloud infrastructure, or
virtualization platform purchased as a cloud service
• Popular virtual platforms
include Microsoft Hyper-V
and VMware

So what options do customers have when purchasing a new firewall?

They can of course by a physical appliance. There are different models and different
sizes depending on the type and size of organisation. Typically these would be
installed in a rack in the server room or on a shelf in the IT room or maybe event the
utility cupboard.

But there are also other options for customers too. They could buy a software
appliance which is either installed on a customer's existing server hardware or on a
virtualization platform such as Microsoft Hyper-V or VMWare.

Or the other option is a cloud firewall which is essentially a virtual server hosted in a
customer's cloud service provider such as Amazon Web Services (AWS) or Azure.

7
 High-Level Firewall Vendor Landscape
Gartner Magic Quadrant for Network Firewalls

Enterprise Vendors:
• Palo Alto Networks (PAN)
• Fortinet
Mid-Market Vendors:
• Cisco
• Sophos
• CheckPoint
• SonicWall
• Watchguard
• Barracuda
8

What other firewall vendors are you likely to encounter in an opportunity?

Gartner produces an annual report that provides a good overview of the firewall
vendor landscape.
Their magic quadrant places enterprise market share leaders in the upper right or
“Leaders” quadrant, and mid-market or niche vendors elsewhere on the chart.

Sophos is accurately represented as a very strong mid-market vendor. We are

recognized for our strong vision, aggressive road map, and all round great product,
service and channel model.

The most common incumbent firewall vendors and competitors you are likely to
come across in mid-market opportunities are SonicWall, WatchGuard and Barracuda,
who we steal market share from consistently. We generally offer a better value
proposition and product than these vendors for mid-market and SMB customers.

The most popular enterprise firewall vendors are Palo Alto Networks, Fortinet, Cisco
and Checkpoint. We rarely compete against Palo Alto and Checkpoint as they are
very focused on the top end of the market and are extremely expensive. You will run

8
into Fortinet and Cisco who have very strong products and brand loyalty that will put
your sales skills to the test.

8
Now that you have completed this course, we recommend that you watch the XG
Compelling Conversations sales training material to learn about typical customer
issues with their incumbent firewalls and how XG can help.