Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos complete surveillance in the name of security?

Hello there,

I recently read an article about an operation that Sophos started back in 2020 with gathering telemetry data from it´s devices. This was probably the beginning of a massive surveillance that now have been presented by Sophos as "defensive and counter-offensive operation" but several security analyst are alamred because this kind of surveillance have not been done so far by any other security product manufacturer.

Here ist the link to the official information: https://www.sophos.com/en-us/content/pacific-rim

According to this, there is no further information on which systems the Kernel-Impants have been installed yet or even there is no possibility to check if your own appliances are equiped with this root-kit. This is a new big trust loss and to be honest I rather need to wigh up consequences and further actions. Last couple of years the prices for new license and renewals rised so dramatically high (i.e. Standard Protection 3Y for an XGS116 in year 2022 €1080 and today its €1800!) so in addition to the surveillance issue this throws a big dark shadow on Sophos.

As far as our licenses are going to end, I most likely will replace all Sophos products to another manufacturer.



Added TAG
[edited by: Erick Jan at 7:46 AM (GMT -8) on 11 Nov 2024]
Parents Reply
  • From what I read, legitimate customers firewalls have never been patched with the root kit as long as they to did not act as irresponsible disclosing exploit testers, making their exploits available to actors like Volt Typhoon, APT31, APT41 ....

    Your're probably referencing to a comment on German Heise IT news site. Sure Sophos will not ask for permission when they notice criminal activity towards their appliance.

    It may be questionable from ethical aspects, though.

Children