Embracing a Secure Future with Sophos and Cyfer Tech
At Cyfer Tech, a proud Sophos Gold Partner, we are excited to share the significant strides Sophos is making in cybersecurity. As part of the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design initiative, Sophos has committed to an industry-leading pledge to enhance technology and product security. This initiative, launched on May 8, 2024, aims to foster a trustworthy digital ecosystem by embedding security as a core principle in all software design.
A Commitment to Secure Design
Sophos’s commitment to the Secure by Design pledge is built on seven core pillars:
- Multi-factor authentication
- Default passwords
- Reducing entire classes of vulnerability
- Security patches
- Vulnerability disclosure policy
- CVEs
- Evidence of intrusions
These pillars are not just principles but actionable commitments that Sophos is integrating into their processes and products.
Our Shared Vision
At Cyfer Tech, we align with Sophos’s philosophy that trust must be earned and verified. Transparency and continuous improvement are fundamental to maintaining the integrity of security solutions. We recognize that cybersecurity is a challenging and dynamic field, and we are committed to providing our clients with secure, reliable solutions that evolve with the threat landscape.
Progress on the Secure by Design Pillars
1. Multi-Factor Authentication (MFA)
Sophos Central enforces MFA by default, providing customers with robust security without additional costs. Efforts to reduce internet-exposed administrative interfaces have led to a 21.5% reduction over the past 18 months.
Pledge: In the next 12 months, Sophos will release passkey support in Sophos Central and publish adoption statistics.
2. Default Passwords
Sophos Firewall requires users to create strong passwords during setup and leverages TPM-backed Zero Touch functionality for secure deployments.
Pledge: Sophos will continue to disallow default credentials in all current and future products.
3. Reducing Entire Classes of Vulnerability
Sophos uses memory-safe languages and frameworks, systematically eliminating common vulnerabilities. Significant improvements, such as the rewrite of the Sophos Firewall VPN provisioning portal, demonstrate their commitment to security.
Pledge: In SFOS version v21 and v22, Sophos will further enhance containerization to improve security.
4. Security Patches
Automatic security updates are standard for all Sophos SaaS services, ensuring customers always have the latest protections.
Pledge: By September 2025, Sophos will introduce a feature to automatically schedule firewall firmware updates.
5. Vulnerability Disclosure Policy
Sophos’s responsible disclosure program has rewarded over $500,000 to researchers, fostering a collaborative security environment.
Pledge: Sophos will increase transparency and rewards in their vulnerability disclosure program within the next year.
6. CVEs
Sophos prioritizes publishing CVEs for identified vulnerabilities and is committed to extending this practice to internal findings of high or critical severity.
Pledge: Sophos will ensure consistent publication of CVEs for all identified high-severity internal vulnerabilities.
7. Evidence of Intrusions
Sophos provides comprehensive logging and auditing capabilities, essential for incident response.
Pledge: Sophos will enhance integration capabilities in Sophos Central for better log management by July 2025.
Looking Forward
As we continue to collaborate with Sophos, Cyfer Tech is dedicated to keeping you informed about our progress. Our commitment to security and transparency ensures that our clients are always protected with the latest advancements in cybersecurity.
Stay tuned for future updates as we move forward in our journey toward a secure digital future.
At Cyfer Tech, we are not just keeping up with the latest in cybersecurity – we are helping to shape it. For more information on our partnership with Sophos and how we can support your cybersecurity needs, contact us today.