Sophos Firewall Vs Cisco BC

CONFIDENTIAL - SOPHOS INTERNAL AND CHANNEL PARTNERS ONLY - DO NOT REDISTRIBUTE
earl
CONFIDENTIAL – SOPHOS INTERNAL AND CHANNEL PARTNERS ONLY - DO NOT REDISTRIBUTE
CISCO MERAKI FIREWALL BATTLECARD
Vendor Profile Product Description Sophos Equivalent

Meraki was founded in 2006 and acquired by Cisco in
December 2012 to form Cisco’s Cloud Networking MX64/W, MX65/W, MX67/W, MX67C,
Small business UTM platforms for retail, branch/remote offices, or home office. Sophos Firewalls
Group. Cisco Meraki offers a complete cloud-managed MX68/W/CW
product family including wireless LAN, Ethernet
switches, security appliances, and MDM.
MX84, MX100, MX250, MX450 UTMs for small to medium size corporate environments. Sophos Firewalls
https://meraki.cisco.com/
Competitor Strengths Competitor Weaknesses

• Cloud-based easy management of firewall, switching, wireless LAN, and MDM products • Lacks key UTM features: Meraki firewalls do not offer email security, scanning HTTP files for viruses, SSL VPN for
• Simplified site-to-site VPN using Auto VPN: SD-WAN is one of the key selling points remote users, and more.
• Lack of Security Heartbeat and Synchronized App Control: No significant integration of firewall and AMP. This leaves
gaps in protection and visibility.
• “Bricked” hardware: In case of license expiration (after 30 days of grace period) the device is shut down, and traffic is
no longer allowed. It is like “You bought the hardware, but it’s not yours!”
• Frail SSL inspection: Meraki devices support limited inspection of encrypted traffic. They do not support TLS 1.3,
modern ciphers, and blocking of non-secure SSL.
Why Sophos
Full-featured UTM Xstream Architecture Synchronized Security
Sophos Firewall provides all the features you would expect from a UTM and more. Sophos Xstream architecture is a streaming packet processing architecture that An industry first, Sophos Security Heartbeat connects our Next-gen endpoints
Cisco Meraki lacks key protection capabilities including email security, scanning includes a high-performance multi-core CPU for SSL inspection and deep with the Sophos Firewall to share health status and telemetry to enable instant
HTTPS files for viruses, SSL VPN, and web server protection. packet inspection, Xtream Flow Processor with intelligent offloading and identification of compromised machines. Using endpoint telemetry, Synchronized
acceleration of SaaS, SD-WAN and cloud traffic and many more to ensure App Control automatically identifies, classifies, and controls custom, evasive, and
extreme levels of protection and performance. generic network applications that are currently going unidentified.
On the other hand, Meraki appliances work on Intel chips with limited SSL Cisco AMP endpoints do not share unknown application details with Meraki
inspection and application acceleration capabilities. firewalls. Furthermore, there is no automated remediation and isolation
capability and hence does not stop the lateral spread of malware.
Watch Out For

Among Cisco’s Fastest Growing Portfolios User Experience Availability of Cisco AMP for MX Appliances
Cisco is seen as a good steward of Meraki, post-acquisition, which has built more Meraki products are known for their simplicity of UI and ease of use. This Cisco's Advanced Malware Protection (AMP) adds the following key ATP features:
trust in the brand and its future. Gartner is seeing Meraki show up on more made Meraki a preferred choice for the organizations lacking technical - Downloaded files are checked against the global AMP database
shortlists, primarily driven by increased focus from within Cisco. Incentives have expertise. It is also important to note that Meraki was the first vendor to - Retrospective alerting: MX records when unknown files are downloaded.
been given for Cisco sales to push Meraki in many more cases. provide a true zero-touch device provisioning and it still offers the best device Later (days/weeks), if the file is determined to be malicious, the admin
onboarding user experience. receives an alert for the historical event with the current determination of
Despite fast growth, Cisco Meraki appliances lack integration with other Cisco However, simplicity does not guarantee effective security capabilities. In quest badness.
products like Umbrella and CloudLock. Moreover, they do not have feature parity of providing a simple user interface, Meraki lost the granularity of controls - Threat Grid Sandboxing
with other Cisco firewall products like Cisco FirePower and Cisco ASA. needed to address complex security requirements. Sophos Sandstorm teamed with Sophos Threat Intelligence offers a cloud-based
In contrast, simplicity and effectiveness run into Sophos’ DNA. The Sophos sandboxing solution based on AI, ML, and deep learning. This model shortens the
Gartner sites these feature differences and different licensing models as reasons for Firewall’s interface is intuitive and flexible and at the same time, it is one of verdict time to seconds. This is the same technology used in the Sophos award-
product and vendor management complexities. the best firewalls available in the market today. winning Intercept-X solution.
The information in this document is based on Sophos’s interpretation of data publicly available as of the date it was prepared. Other companies named in the document had no part in its preparation. The information contained in this comparison may be incomplete or inaccurate and is subject to change.
The information is intended for informational purposes only and is not intended to be relied upon in making any purchase decision. The information is provided "as is" without warranties of any kind either expressed or implied. This document is Sophos confidential information. Partners may use only the October 2021
most up-to-date version, and only if permitted by law in their Territory. Distribution to any third party other than a Sophos authorized partner is strictly prohibited.
Page 1 of 9
Copyright 2021 Sophos Group. All Rights Reserved.
Third Party Views

Comments/ Tests Context/ Results
Cisco as a vendor saw a slide from the Leaders quadrant to Challengers in Gartner’s
Sophos is placed as a strong Visionary in the same report. Gartner noted that “Sophos is ideal security
Gartner 2020 Magic Quadrant for Enterprise Network Firewall. The main reason behind this
vendor for midsize organizations” with “a strong position in deployments among midsize enterprises”.
decline is poor and fragmented central management and poor public cloud support.
Feature Shoot-Out
Sophos Cisco Meraki See these Detailed Comparison sections for more info
All-in-One Protection  × ‘All-in-One Protection’
Unified Policy Model  × ‘Unified Policy Model’
Synchronized Security  × ‘Synchronized Security’
Synchronized App Control (using Endpoint telemetry)  × ‘Synchronized Security’
User Threat Quotient (UTQ)  × ‘User-level Insight’
Remote Access Support  × ‘Branch Office Protection’
Built-in Email Security  × ‘Email Protection’
Granular Application Visibility and Control  × ‘Application Visibility and Control’
Built-in WAF  × ‘Web Server Protection’
Page 2 of 9
Detailed Comparison
How Sophos does it How Cisco Meraki does it How we win
Xstream Architecture Xstream architecture is a streaming packet processing architecture that Cisco Meraki MX appliances use Intel based x86 architecture without any Higher performance, Flexibility, Support for TLS 1.3
provides extreme levels of protection and performance. additional hardware acceleration..
Ask: Does your firewall scan TLS 1.3 traffic? How
The new XGS Series appliances add a hardware layer to the Xstream • Limited SSL Inspection: Meraki appliances do not scan encrypted do you ensure content filtering for the websites
traffic other than on HTTPS. The HTTPS inspection is available via running on TLS 1.3?
architecture: dedicated Xstream Flow Processors to improve
built-in third-party VPN to Umbrella SIG or Zscaler. Furthermore, it
performance to support the visibility and protection you need. This does not support modern ciphers, TLS 1.3 protocol, and blocking of
includes: non-secure SSL. Compare: Throughput numbers and RoI
• SSL Inspection: A high-performance multi-core CPU powers TLS • No support for Network Flow FastPath: Meraki appliances do not
decryption and deep packet inspection for the ultimate threat support FastPath and traffic offloading to accelerate performance.
protection. It delivers high-performance, high connection
capacity support for TLS 1.3 and all modern cipher suites across
all ports, protocols, and applications.
• DPI Engine: A single streaming DPI engine with proxy-less
scanning of all traffic for AV, IPS, web threats, app control, SSL
Inspection as well as deep learning and sandboxing powered by
SophosLabs Intelix
• Xstream Flow Processor: Intelligent offloading and acceleration
of SaaS, SD-WAN and cloud traffic such as VoIP, video, and
other trusted applications
• Flexibility: Sophos firewalls can control the traffic offloaded to
the FastPath via common VFP/NFP FastPath API and hence offer
superior performance. Also, the Xstream flow processor
specialized on network tasks and is programable through
software, this makes the hardware architecture more easily
adaptable for new/changed applications and functions in future
software iterations.
All-in-One Protection Sophos Firewall includes the following features on a single appliance: There are three licensing schemes available for Meraki MX appliances. All-in-One solution:
• Firewall, Networking & Routing The Enterprise License provides basic firewalling (excluding geography-
• Application ControlMalware Scanning based firewall rules) and VPN capabilities. Ask: What are your company’s growth plans? Is
• Built-in free-of-cost reporting For security features, you need to buy the Advanced Security License or there a chance you may need additional features
later?
• Web Application Firewall Secure SD-WAN Plus license.
• Full Email Protection with SPX encryption Even these two licenses do not offer the following features:
What is your approach when you invest in
• Integrated Wi-Fi controller with the 802.11ac wireless access • SSL VPN security solutions? Do you prefer an all-in-one
points • Web category-based Traffic Shaping box or go for separate solutions for different
• Bandwidth Management • Quotas (Traffic quotas on upload/download, Surfing quota time needs?
• High Availability policies per user/group)
• DLP • Email protection
Note: The Sophos Firewall XGS 87 does not support some advanced • Web Application Firewall
features like on-box reporting, dual AV scanning, WAF AV scanning • DLP
and the email message transfer agent (MTA) functionality. • Comprehensive reports
Unified Policy Model • Single page configuration for all security features: The Unified Limited capabilities with very less control Single page management for Web and App filtering policies,
Policy Interface brings all policies, whether firewall, web • Cisco Meraki’s cloud-based management is fully dependent on IPS and QoS
control, app control or web server into one place. Therefore, no Internet access without providing any local security management
capability, making policy changes impossible during WAN outage Ask: How much time and energy do you want to
more jumping between different areas of the admin workspace
• Lack of out-of-the-box security policy templates complicates security spend configuring firewall policies and ensuring
to create, manage or review policies they are correct?
configuration
• Built-in templates for common applications: Policy Templates Meraki does not have How many steps are required to do the most
for Microsoft Exchange or SharePoint assist quickly in creating • Single place policy management for Web Filter, QoS, and IPS from the common tasks? (e.g., create web filtering and
advanced policies while reducing the risk of misconfiguration Firewall Rule page IPS policies)
• Easy troubleshooting: Natural Language policy descriptions • Firewall rule grouping
explain policies in plain text makes troubleshooting very quick • Cloning of existing firewall rules and security policies
and easy • User-based firewall rules Show: Policy templates and natural language
• Policy Templates for common business apps descriptions
Page 3 of 9
Detailed Comparison
User-level Control Our Layer-8 technology enables user-level controls over applications, Limited user-level controls Granular control over user’s network behavior
bandwidth, and other network resources regardless of IP address, User-identity based security approach in Cisco Meraki is limited to Traffic
location, network, or device. Shaping and Application filtering. Meaning – you cannot configure IPS and Ask: How do you ensure policies like a web filter
Web Filter Policy for a particular user. and IPS protection are tailored to the needs of
specific users?
Benefits of our patented Layer-8 technology:
• Controlling who is doing what in the network
• Allowing the creation of identity-based security policies that
prevent errors associated with IP address-based policies
• Reporting to track identity-based usage, problems, intrusions,
and so forth, thus simplifying audit requirements.
User Threat Quotient With User Threat Quotient (UTQ) customers can Cisco Meraki does not have a feature equivalent to UTQ. Complete visibility of risky users and activities in your
• Gain visibility of risky users: Automatic correlation of each network
user’s surfing habits and activities with advanced threat triggers
Ask: How do you monitor network activities to
• Take corrective action: Fine-tuning policies based on readily
help pinpoint users with risk-prone behavior?
available information
Show: UTQ bubble diagram and drill down
report to point out risky user and activities
Detailed reporting On-Box Detailed Reporting Limited On-Box reporting Complete visibility of your network
• Included in every license: Full, interactive reporting inside the Cisco Meraki provides only basic logging and reporting – e.g. the number of
solution without the need to spend additional money on a on-box reports is limited to ~10, historical logs/reports capacity is limited to Ask: How much will it cost you for detailed
6 months, etc. This makes troubleshooting a challenge. reporting and correlation of the reports?
separate unit
• Compatible and Extendable: Configure multiple external Syslog
Compared to Sophos, it lacks: Show: Traffic Dashboard and Security Dashboard
servers if required for further analysis and storage
• Comprehensive logging with real-time insights, visibility, and with drill-down
• Live Log Viewer: Real-time visibility of network traffic with Log Viewer from any page of Sophos Firewall
troubleshooting
color-coding through Log Viewer available at the top of any
• Firewall Rule and Web Policy Test Simulator Web UI
screen
• Support for TAP mode and an equivalent report to our Security Audit
• Security Audit Reports (SAR): Complete assessment of potential
Reports
risks and issues in the network when Sophos Firewall is
deployed in TAP mode • Synchronized Applications Report
• Synchronized Applications Report: Historical reporting on all
No External Reporting
applications identified through the Synchronized App Control
The dedicated reporting tool for Cisco Meraki appliances i.e. Cisco Security
feature with details on the app classifications, users, hosts,
Manager or Firepower Management Center does not provide reports for
policies, and destination countries when Sophos Firewall is
Meraki MX appliances.
deployed in TAP mode.
Cloud-based centralized reporting - Sophos Central

• Comes with a set of pre-packed reports
• Offers tools to create custom reports
• Supports reporting schedules
• Allows uploading, filtering and searching of log files
• The free version comes with a week’s worth of storage.
Additional storage capacity licenses are available.
Page 4 of 9
Detailed Comparison
Synchronized Security Communication between the network firewall and endpoint Communication between Meraki firewall and AMP Enable communication between network firewall and endpoint
Security Heartbeat connects Sophos Next-Gen Endpoint clients to the
Sophos Firewall OS, creating a channel for real-time information Cisco Meraki, when used in conjunction with AMP for Endpoints, Ask: How confident are you that you do not currently have
sharing between products. Customers that use both products gain: does provide some level of synchronized security. For example – infected devices silently lurking within your network?
• Suspicious traffic: Endpoints with indicators of advanced threats Meraki and AMP work together to provide “Retrospective
are immediately identified and blocked alerting” wherein MX firewall records when unknown files have
Show: User & Device Insights widget on Control Center
• Compromised System Info: Clear identification of compromised been downloaded. Later (days/weeks), if the file is determined to
systems with the computer name, user and file path be malicious (by Cisco AMP), AMP alerts the MX firewall about the
• Automatic isolation and remediation: Compromised endpoint historical event and the current determination of badness.
and automatic rejoining of endpoint after recovery
• Isolation of unverified endpoints: Traffic blocking to destination No automated isolation and remediation:
machines that do not have an active security heartbeat or lack The retrospective alerting is automated, but the incident response
a minimum required heartbeat is not i.e. there is no provision for the firewall to auto-isolate
Synchronized App Control compromised endpoints via a firewall rule.
• Identify, classify and control unknown applications that don’t
have signatures or use generic HTTP or HTTPS connections No Synchronized App Control and
AMP for endpoints does not share unknown application details
• get visibility of such applications through SAR reports with MX firewalls.
Lateral Movement Protection
• Enable each endpoint to be isolated in response to an attack or No Lateral Movement Protection
threat – regardless of the network topology A combination of Meraki firewalls and AMP does not stop
spreading malware by isolating endpoints automatically.
Application Visibility and Sophos Firewall provides granular app visibility and control (allow/ Limited Application Control Comprehensive Application Filtering
Control deny/ QoS) based on category, risk level, technology, or certain • Cisco Meraki’s application database strength is shallow with Ask: How many applications are identified and controlled
undesirable characteristics (e.g. bandwidth & productivity just 180 applications categorized under 21 categories. This by your solution??
consuming). is close to not having application control at all! How do you control micro-apps?
• Application database strength: Over 3,000+ applications, • Lacks pre-defined app filter policy templates
categorized under 22 categories • No support for control over micro-apps
• Purpose-based Application Filter Policy: Sophos Firewall comes • Limited visibility of risk with just 6 P2P/File Sharing apps vs.
with pre-defined policy templates that can be used as-is 50 in case of Sophos Firewall
without any modification.
• User-based Application Policies: Enables custom-tailored app
control to be added to any user, group, or network policy
• Micro-App Discovery and Control: Identify and control HTTPS-
based micro-apps such as Facebook chat or video upload.
• Traffic Shaping (QoS): Prioritizes bandwidth allocation to critical
apps and limits bandwidth to non-business apps.
Page 5 of 9
Detailed Comparison
Advanced Threat Protection Sophos Advanced Threat Protection provides an additional layer of Cisco Meraki appliances with Cisco AMP offer the following features:
security with the following features: • Downloaded files are checked against the global AMP database (IP
• Detects and blocks command and control communications addresses, file hashes, etc.) to ensure they are not malicious.
• Identifies compromised machines • Retrospective alerting: MX records when unknown files are
• Blocks botnet downloaded. Later (days/weeks), if the file is determined to be
• Advanced malware analysis (script emulation) with selective malicious, the admin receives an alert about the historical event and
cloud sandboxing the current determination of badness.
• Security Heartbeat: To enable firewall and endpoints to • Threat Grid Sandboxing: Powered by Talos Intelligence, Threat Grid
exchange health status and intelligence information via Security offers decent sandboxing features. However, it does not offer details
Heartbeat like modeling methods and screenshots of behavior during file
• Sandstorm: Sophos next-gen cloud sandbox with an additional analysis. Also, the number of file submissions is based on the Threat
layer of artificial intelligence protection. All suspicious files Grid license type.
checked against SophosLabs’ massive threat intelligence
database and subjected to Sophos industry-leading deep Compared to Sophos’ offering:
learning in parallel with full sandbox analysis. • AMP is aimed at large organizations with a dedicated security team
• Threat Meter: Traffic-light style (red, yellow, green) indication of that has the time and knowledge to analyze the collected
the analysis after antivirus scanning, threat intelligence analysis, information. For example, when a file is submitted to the sandbox, it
and sandboxing. It provides an in-depth view of the verdict and does not return a good/bad value but instead provides a percentage
a breakdown of the file’s features and attributes. This includes value and detailed information for the admin to analyze and decide
illustrated analysis by multiple machine learning models, details, how they want to proceed.
and screenshots of behaviors seen during Sandstorm analysis. • Some of the features require significant manual work – it is possible
to write manual detections for files that you want to detect in your
network, but this relies on uploading a sample of the file or entering
hash or signature values.
Central Management • Free Central Management: The virtual Sophos Firewall Manager Meraki appliances can only be managed centrally, there is no option
comes free of charge to Sophos partners and allows end to configure and manage them on-premise.
customers to manage up to five devices free.
Unlike Sophos, Cisco does not offer a central management console
• Software Appliance: Available as software to be installed on the for all Cisco products.
standard hardware. This means you can use existing or tailor
new hardware to your requirements. Meraki MX appliances cannot be managed from Cisco’s Defense
Orchestrator, Cisco Security Manager, FirePower Management
Sophos Central (a cloud-based service for customers and partners) Center, or any other Cisco central management console.
• Single pane of glass management: Manages Sophos Firewalls,
Intercept X, Endpoint, Web, Mobile, Server, Wireless,
Encryption, and Email from a single console
• Full access to firewall UI: Sophos Central offers secure access to
firewall’s local management UI, in an embedded experience. It
offers features like Zero Touch Provisioning, firewall group
management, configuration synchronization, backup and
firmware management, and reporting.
• No additional cost: Sophos Central is included with Sophos
Firewall running v18 and newer firmware. It does not require a
separate license/subscription.
Page 6 of 9
Detailed Comparison
Wireless Protection • Integrated: Wi-Fi management is fully integrated into the Cisco Meraki’s cloud-managed wireless product portfolio provides Integrated wireless protection
Sophos Firewall console. Choose from a range of firewalls with effective and well-linked Wi-Fi management. The most notable thing Ask: What is your preference – a firewall with built-in
integrated wireless i.e. XGS 87(w), XGS 107(w), XGS 116(w), XGS about their APs (MR series) is that they come with a powerful CPU, wireless or just an AP with minimum security features?
126(w), and XGS 136(w). hardware-accelerated encryption, and extended memory resources,
to enforce layer 3-7 firewall policies, application QoS, wireless IPS,
• Adding Access Points (AP) with Minimal Configuration: With and NAC, without the need for a wireless LAN controller.
Sophos Firewall you simply plug-in an AP to the network and it
will automatically be listed in the firewall, ready to be managed. While Meraki is promoting standalone APs for their built-in
The APs plugged into remote networks connected through SD- processing power, this essentially limits the functionality offered. You
RED are also managed through the firewall. do not get the following features that come with a Meraki firewall
with built-in Wi-Fi:
• Voucher System for Guests: Built-in voucher system for guest • Web protection
Wi-Fi access comes at no extra cost and saves customers time • Site-to-Site VPN
and money. • ATP
If you want all the features, you need to buy a security appliance
with integrated wireless.
Branch office protection SD-RED – zero-touch deployment devices Site-to-Site VPN Effortless extension of HQ network security to BO
Simply connect the SD-RED device to the Internet in a remote office Cisco Meraki does not have an equivalent solution to the SD-RED device.
and a secure connection will be established - no technical expert skills Ask: How do you currently connect remote
required on-site. However, as long as all branch offices are on a Meraki MX-line device, branch offices?
establishing connectivity between two or more branches is a click-click How do you make sure they are as secure as
Remember: Most businesses do not have technical staff in remote affair. While it may be easy to set up, the Cisco Meraki approach means you your main office?
offices. need to buy full MX appliances which are more expensive.
What technical resources do you have available
on-site to manage security?
Choice of Form Factors Sophos Firewalls are available as No Software Option Flexible deployment
• Hardware Appliance: On-premise appliance with Flexi Ports and Standard hardware cannot be used.
Bypass modules. Ask: What would be your ideal way of
More Rack Space and Power Consumption implementing network security?
Cisco Meraki appliances from MX84 onwards, are 1U in size (resulting in How your security solution does ensure cloud-
• Software Appliance: Customers can save money by using
more rack space usage and power consumption. based security?
existing hardware or customize it to their specific requirements. Are you sure about the capabilities of your
security vendor in securing today’s borderless
• Virtual Appliance: Implement in existing virtual environments. infrastructure?
• Cloud Appliance: The Sophos Firewall runs in the cloud.

Currently, they are available for Azure and AWS.
Web Server Protection Sophos Firewall uniquely features a built-in Web Application Firewall Cisco Meraki does not have a built-in WAF. Fully loaded WAF
(WAF) as part of the web server protection module to protect assets
such as Outlook Web Access and SharePoint. Cisco used to offer a standalone WAF appliance called “Cisco ACE Web Ask: What services do you publish to the web
Application Firewall”, but it is no longer sold – the appliance was declared and how will you protect them?
End-of-Life on August 1, 2010. Currently, no replacement is available for the
Some features of Web Server Protection include:
Cisco ACE WAF.
• Built-in Policy Templates: Pre-defined WAF policy templates for Show: Built-in templates for common business
common business applications like Microsoft Exchange or applications.
SharePoint
• Secure: Static URL hardening to prevent hackers from manually
constructing “deep-links” that lead to unauthorized access
• AV Scanning: Built-in AV scanner to optionally check all traffic
• Reverse authentication (offloading) for form-based and basic
authentication for server access.
Storage Built-in Storage by Default The lower end Meraki MX appliances (MX64 and MX64W) do not have a Built-in storage
Higher-end models of Sophos Firewall come with built-in hard disk built-in hard drive – logs, reports, and quarantines must all be stored off the
drives for storage. Typically, 240GB or more. This is used for logging, appliance. Ask: How much would it cost you to store logs,
reporting, file, and email quarantine among other things. reports, and quarantine data?
Page 7 of 9
Detailed Comparison
Comprehensive Email Sophos Firewall is an all-in-one Email Encryption, DLP, Anti-spam, and Cisco Meraki does not offer built-in Email security. Built-in comprehensive email security
Protection malware protection solution in a very affordable and easy to deploy
package. Ask: How much will it cost you to have complete
Key features: email security?
• MTA mode: Integrated message transfer deployment ensures Are additional solutions needed to get email
always-on email continuity, allowing the firewall to protection?
automatically queue mail in the event servers become
unavailable.
• Anti-spam: Scans incoming and outgoing emails to protect from
the latest spam campaigns, phishing attacks, and malicious
attachments.
• SPX Email Encryption: Unique to Sophos, SPX makes it easy to
send encrypted email to anyone, even those without any kind
of trust infrastructure using our patent-pending password-
based encryption technology.
• DLP Engine: Policy-based DLP can automatically trigger
encryption or block/notify based on the presence of sensitive
data in emails leaving the organization.
• Per-domain routing: Route incoming mail to the correct
destination server, based on the target domain
• Smart Host Outbound Relay: Allows re- routing of email via an
alternate set of servers (a smart host), rather than directly to
the recipient’s server.
• Greylisting: Sophos Firewall temporarily rejects the mail from
an unrecognized source. If the mail server resends it, Sophos
Firewall accepts, scans and adds the mail server to the whitelist
based on the test results
• Recipient Verification: Query the recipient’s directory service via
SMTP to check that a valid mailbox exists
Web Protection Sophos Web Protection ensures a clean and productive work Cisco Meraki provides basic web protection features, most of which are in Comprehensive Web filtering
environment with the following features: their infancy.
• Comprehensive URL database: URL Filtering database with over Ask: How can you bind a specific user with a URL
Cisco Meraki’s Web Protection falls short in the following parameters: filtering policy?
35 million sites categorized in 96+ categories, you can
• Lacks User Identity-based URL filtering policies
allow/block/warn the user to ensure safe web browsing.
• Does not inspect https files for viruses, instead sends file hashes to the
• Browsing Time quotas: Set up time quotas allocations that can AMP cloud infrastructure resulting in significantly delayed file delivery
How do you handle the content that cannot be
be assigned to specific users or groups and inform them when to the end-user scanned due to the presence of encryption or
the quota expires. • Lacks Surfing quota policies containers?
• "Selective" HTTPS scanning: Enable an administrator to specify • Lacks Access time polices
certain 'selected' HTTPS content on which SSL scanning and • Shallow implementation of SafeSearch Enforcement: Does your current solution allow integration
inspection is to be performed. o Does not work with SSL/HTTPS with a third-party URL database?
• Google App Control: Limit access to a selected Google Apps o “Block encrypted search” prevents users from accessing
domain to reduce the risk of data loss from users transferring encrypted Google sites (except Gmail, which doesn’t make
sense at all since all Google websites work on HTTPS)
documents to their personal Google Apps.
o Does not support Creative Commons enforcement
• Creative Commons Enforcement: Enforce search engine filters • Does not warn users trying to access inappropriate sites
for content with a Creative Commons license. • Control over encrypted content is limited to Google sites only
• External URL List: Import external URL lists that require • Lacks visibility and control over Google Apps
enforcement in certain organizations or jurisdictions. • Does not support external URL database
• Web Keyword Monitoring and Enforcement: Upload Keyword • Lacks Web Keyword Monitoring and Enforcement feature
libraries to the Firewall and apply to any web filtering policy as • Lacks option to block PUAs
an added criterion with actions to log and monitor, or block
search results or websites containing those keywords.
• PUA Blocking: Option to block Potentially Unwanted
Applications from being downloaded
Page 8 of 9
Detailed Comparison
SD-WAN Sophos Firewall includes the SD-WAN features and capabilities most Cisco Meraki MX devices’ SD-WAN is built on its AutoVPN technology. A simple solution for key requirements
organizations need to achieve their desired goals. These include Meraki offers dual-active VPN links, PBR, dynamic path selection, and Ask: What do you prefer: A full-featured NGFW
performance probs o configure with key SD-WAN features or an ineffective
• Multiple WAN link options with MPLS (ethernet handoff), VDSL, • Web application-based performance threshold firewall with more SD-WAN capabilities?
and LTE cellular with essential monitoring, balancing, and • Application routing and fail-over over the preferred uplink
failover • Auto-provisioning IPsec VPN tunnels between sites
• Branch office SD-WAN connectivity with SD-RED zero-touch
deployment devices As a part of Secure SD-WAN license, Meraki offers Advanced analytics with
• VPN support for IPSec, SSL, RED secure L2 w/routing, and a machine learning powered by Meraki Insight and Smart SaaS QoE.
central multi-site VPN orchestration
• Application control and visibility with Synchronized App Control, However, due to the lack of meaningful application information sharing
and cloud app visibility with live connection monitoring and between Meraki firewall and endpoints, it does not offer application visibility
bandwidth utilization and support for major cloud applications and policy control like Sophos Synchronized SD-WAN.
• Application routing over preferred links via firewall rules or
policy-based routing
Synchronized SD-WAN a unique Sophos Synchronized Security feature,
offers additional benefits with SD-WAN application routing. It
• enhances application visibility by leveraging Synchronized
Application Control information shared between Sophos-
managed endpoints and Sophos Firewall. This includes all
network applications, including evasive, encrypted, obscure and
custom applications.
• builds firewall policies by adding previously unidentified
applications to SD-WAN routing policies.
Page 9 of 9

Sophos Firewall Vs Cisco BC

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sophos Firewall Vs Cisco BC

Uploaded by

Copyright:

Available Formats

CONFIDENTIAL - SOPHOS INTERNAL AND CHANNEL PARTNERS ONLY - DO NOT REDISTRIBUTE

CISCO MERAKI FIREWALL BATTLECARD

Vendor Profile Product Description Sophos Equivalent

Competitor Strengths Competitor Weaknesses

Watch Out For

Third Party Views

Unified Policy Model  × ‘Unified Policy Model’

Synchronized Security  × ‘Synchronized Security’

Synchronized App Control (using Endpoint telemetry)  × ‘Synchronized Security’

User Threat Quotient (UTQ)  × ‘User-level Insight’

Remote Access Support  × ‘Branch Office Protection’

Built-in Email Security  × ‘Email Protection’

Granular Application Visibility and Control  × ‘Application Visibility and Control’

Built-in WAF  × ‘Web Server Protection’

Cloud-based centralized reporting - Sophos Central

• Cloud Appliance: The Sophos Firewall runs in the cloud.

You might also like