CONFIDENTIAL - SOPHOS INTERNAL AND CHANNEL PARTNERS ONLY - DO NOT REDISTRIBUTE

Sophos Firewall Competitive Overview z

Sophos Advantages
4 Sophos Firewall offers a full suite of protection features including sandbox with deep learning, IPS, ATP, dual AV,
WAF, web and app control – all centrally managed from a single, intuitive cloud console
4 Synchronized Security enables real-time threat intelligence sharing between Sophos endpoints and firewall for
deeper visibility and better protection against advanced threats
4 Sophos Active Threat Response enables a security analyst (Sophos MDR team or customer’s SOC team) to share
threat intel with the firewall to initiate an automated responses, including endpoint lateral movement protection
4 Sophos Central provides unified management of firewall, endpoint, server, mobile, email, and wireless security
4 Xstream Architecture provides optimal performance and protection while Xstream Flow Processors in XGS Series
provide hardware acceleration

Key competitors
Fortinet Palo Alto Networks
Key weaknesses Key weaknesses
4 Management: There is no single management
4 Missing protection: PAN lacks secure email, wireless, and web
console to manage all products from – on prem or server protection (WAF).
cloud hosted. FortiCloud is more of a launchpad
4 Cloud management: There is no cloud-hosted console for central
from where you can open other consoles like
firewall management. Firewall management needs to be run and
FortiAnalyzer Cloud, FortiManager Cloud or
hosted at customer’s expense.
FortiClient Cloud.
4 Endpoint integration: PAN lacks a direct connection and sharing
4 Endpoint integration: FortiGate is limited to of health state. Threat intel connects through a separately sold
blocking network access for non-compliant devices WildFire threat intelligence service.
or based on manual triggers. There is no equivalent 4 Response automation is limited to firewalls: Palo Alto’s Dynamic
to Active Threat Response where endpoint, firewall User Group policy-driven response automation is limited to
and NDR can share health state and initiate an firewalls. Sophos SyncSecurity works across Sophos products like
automated response. email, wireless, mobile, Phish Threat, server and encryption
4 Limited on-box features: Advanced features for
certain modules like WAF and email security, require
buying separate products. Points to watch out for / How to counter
4 Reporting: FortiGate on-box reporting is limited to 4 Cortex – cloud-based infrastructure offering complementary
seven days by default. Requires a separate central security apps
management tool (FortiView) for extended reports. Defend – not equivalent to sync sec; requires a heavy investment
in PAN products - additional license for Logging Service and
Panorama required; more suited for use by large enterprises with
Points to watch out for / How to counter available resources and still does not remediate.
4 Security Fabric – Fortinet’s architecture for integrating multiple
products. It can share threat intelligence and network
telemetry across Fortinet and third-party products.
4 Defend – Requires additional licenses such as FortiAnalyzer
appliance, FortiGate Endpoint Telemetry and Compliance
license, FortiGuard IOC service, and Security Rating license;
management is split across various products; cannot achieve
Synchronized Security features.
4 SD-WAN – Fortinet supports features like application-based
routing and multipath automated failover for applications.
Defend – Sophos Firewall includes many of the features
needed to gain fundamental benefits of SD-WAN. And we're
continuing to invest in SD-WAN capabilities in upcoming SFOS
releases. For further details, read this SD-WAN page on the
Sophos site.

The information in this document is based on Sophos’s interpretation of data publicly available as of the date it was prepared. Other companies named in the document had no part in its preparation. The information contained in this comparison
may be incomplete or inaccurate and is subject to change. The information is intended for informational purposes only and is not intended to be relied upon in making any purchase decision. The information is provided "as is" without warranties of
any kind either expressed or implied. This document is Sophos confidential information. Partners may use only the most up-to-date version, and only if permitted by law in their Territory. Distribution to any third party other than a Sophos authorized
partner is strictly prohibited.
Copyright 2023 Sophos Group. All Rights Reserved.

NOVEMBER 2023
WatchGuard Check Point
Key weaknesses Key weaknesses
4 Capability gaps: WG lacks WAF, email encryption, DLP,
4 Disjointed management: administration is split across separate
cloud app visibility. consoles – on-box ‘Gaia’ and Windows-based ‘SmartConsole’
4 OEM dependency: WG use OEM technologies for key
4 SD-WAN: Check Point was very late (February 2023) to
protection features such as IPS, web and app control; introduce built-in SD-WAN and only on some Quantum Security
each OEM dependency removes the vendor one step Gateways.
from the product.
Endpoint integration: Check Point does not do endpoint and
4 Incomplete on-box UI: WG Cloud lacks many firewall integration like Sophos and there are no equivalents of
configuration options; customers are forced to use Synchronized Security, Synchronized App Control and Active
multiple management consoles. Threat Response.

Points to watch out for / How to counter 4 Limited cloud management: There are options Security
Management Portal (SMP) and Smart -1 Cloud. SMP is an
4 DNSWatchGO – DNS protection and content filtering for
enterprise focused solution while Smart -1 Cloud is SMB focused.
network and portable Windows assets. Offers a user
Smart-1 Cloud licensing starts with the management of 5 SMB
awareness training similar to PhishThreat to help users
gateways or 1 Enterprise Gateway with 50 GB storage and daily
identify suspect content and stop them from clicking on
limit of 1 GB of logs. Additional gateway expansion license is
links.
required for more storage and extended log limit.
Defend – Full web filtering is available in Sophos
endpoint. A cloud-delivered Sophos DNS protection is due Points to watch out for / How to counter
to be launched in the coming months. 4 Check Point Infinity architecture – unified security management
of different Check Point security components enables threat
intelligence sharing, unified management of network, and
integration with third-party vendors through APIs.
SonicWall
Key weaknesses Defend – Show Sophos Central, point out pricing, sizing and
4 Feature gaps: lacks WAF, email encryption, DLP, and on-
performance issues – high list price, higher-than-expected
appliance reporting renewal cost; getting the right product sizing, and management
complexity as key pain points
4 Inconsistent management: Management interface
is difficult to navigate and differs from screen to
screen. Meraki
4 Endpoint integration: SonicWall relies on an OEM Key weaknesses
of SentinelOne for endpoint. It does not integrate 4 Protection: Meraki lacks security features such as email
closely with firewalls or the management. There is security, TLS 3.1 inspection, on-box scanning of HTTP files for
no automated threat response or sync app control viruses, SSL VPN for remote users.
equivalent. 4 Limited integration: Meraki security appliances do not
integrate with all other Cisco solutions e.g. Cisco Secure MDR
Points to watch out for / How to counter
does not utilize Cisco Meraki. There is no single point of central
4 Capture Security Center/ Network Security Manager – management for Cisco and Meraki security solutions.
marketed as the single pane of glass management, available 4 Application control is limited to ~200 apps – close to not
in one freemium offering and three paid subscription having application control at all
packages for older gen 6 appliances. While NSM is available
as paid subscriptions. Points to watch out for / How to counter
Defend – Capture Security Center and Network Security 4 SD-WAN – Meraki has strong SD-WAN capabilities like Auto VPN,
Manager are just launchpads for firewall management and advanced analytics and real-time performance telemetry.
capture client (SentinelOne OEM), rather than true central Defend – Sophos Firewall includes many of the features needed
management. to gain fundamental benefits of SD-WAN. And we're continuing
4 DPI SSL - network security, application control, and data to invest in SD-WAN capabilities in upcoming SFOS releases.
Unlike Sophos, Meraki SD-WAN requires a separate (Secure SD-
leakage prevention by analyzing HTTPS and other SSL-based
WAN Plus) license.
traffic using RFDPI engine
Defend – SonicWall DPI-SSL is sold as a separate license.
TLS 1.3 inspection is available only on new appliances.

The information in this document is based on Sophos’s interpretation of data publicly available as of the date it was prepared. Other companies named in the document had no part in its preparation. The information contained in this comparison
may be incomplete or inaccurate and is subject to change. The information is intended for informational purposes only and is not intended to be relied upon in making any purchase decision. The information is provided "as is" without warranties of
any kind either expressed or implied. This document is Sophos confidential information. Partners may use only the most up-to-date version, and only if permitted by law in their Territory. Distribution to any third party other than a Sophos authorized
partner is strictly prohibited.
Copyright 2023 Sophos Group. All Rights Reserved.

NOVEMBER 2023