SQL Server Magazine

Sophos Endpoint Security
Sophos Endpoint Security is a product suite consisting of three integrated applications: Sophos Enterprise Console 2.0, Sophos Anti-Virus 6.5,. and EM Library 1.3. Here, I focus on the Enterprise Console, which allows centralized configuration of policies and applications against multiple groups.

Architecture
You might consider EM Library the heart of Sophos Endpoint Security—it gets software and threat-detection updates and distributes them to other libraries and distribution points throughout the enterprise. Sophos Anti-Virus provides endpoint protection, and Enterprise Console manages your policies and endpoints. Using Enterprise Manager (called in the Start menu the EM Library Console), you configure update sources and schedule when and how often EM Library will look for updates. Sophos supports two strategies to allow large organizations to distribute the update library. A Central Installation Directory is a network share that EM Library will push a copy of the updates to. Child libraries are secondary installations of EM Library for networks with low-bandwidth Internet or WAN connections. A Parent library notifies Child libraries of new updates, and the Child libraries download them according to a schedule. Sophos supports networks with no Internet connectivity by allowing an installation of EM Library to use a removable device as a Parent library.

Sophos Anti-Virus includes spyware, adware, and potentially unwanted applications (PUA) protection in one engine with a single scan. Sophos uses a technology it calls Behavioral Genotype Protection for defense against zero-day attacks.

From a policy perspective, Sophos’s approach is to create named policies and apply them to named groups of systems in the console tree. This works well when administrators are able to implement a fairly uniform set of policies across the enterprise. Named policies let administrators easily keep track of the policies applied to groups. I think that management applications that use named policies are more intuitive and easier to implement than are packages that allow a more granular designation of policies.

Installation
The Network Startup Guide guided me to a quick and easy installation. A default installation process will install the console, antivirus, and client firewall components and either install MSDE or let you connect to an existing SQL server. The EM Library, where software and threat recognition updates are stored, is created either as a local shared directory or can be placed on another server. Enterprise Manager opens when the installer completes, guiding you to complete the required initial configuration. It first had me configure primary and secondary sources for updates, defaulting the primary to a Sophos server. Sophos supplied an account ID and password with its license, which I entered as required to authenticate access to Sophos update servers. Scheduling checks for updates was next: I accepted the default, in which checking occurs every 10 minutes. Sophos Anti-Virus supports a wide variety of client platforms across the Windows/Linux/Unix/Macintosh spectrum. In the next step, I selected the platforms I wanted Sophos to download updates for, then started the initial download. Finally, Enterprise Console opened.

Enterprise Console
Upon opening, the console presents a high-level status summary. Drop-down menus let you filter the view to specific states. Enterprise Console uses a familiar structure, with computer and policy hierarchy trees at the left and a details pane on the right. Icons that display across the top of the interface provide rapid access to key functions. Enterprise Console uses named groups of client computers and named policies to facilitate administration. The first task is to create computer groups, which is as simple as creating a new directory in Windows Explorer.

The next step is to set up several types of policies. Updating policies specify the primary and secondary update sources (used by client agents) in the form of UNCs or Web addresses and how often EM Library will download updates. Because different client types (e.g., Windows XP and Windows 98) require different update packages, within a named policy you configure parameters for each package type. For mobile users, the secondary source might be an externally accessible Web site.

Antivirus policies let you configure both scheduled scans and on-access scanning, as Figure 4 shows. You can designate additional file types and file exclusions for on-access scanning on Windows and Macintosh computers and to enable scanning for unwanted applications and inside archive files. When threats are detected, a message displays by default on the affected system; optionally, you can configure email and SNMP alerts as well. When scanning for unwanted applications is enabled, you configure authorized applications in this interface.

Assigning computers to groups is the next step, and Sophos supports three types of network scans: AD, IP address range, and network discovery. Grouping computers is a matter of highlighting and dragging them to a group. Assigning policies works the same way: You drag a policy to a group. You can drag groups into other groups to create hierarchies, but policies don’t automatically inherit down the chain.

Deploy software to groups by selecting the group and clicking the Protect Computers icon. Enterprise Console prompts you for a user ID with domain administration rights and installs Sophos Anti-Virus and, optionally, Sophos Client Firewall to systems in the group. The documentation suggests that if this doesn’t work, you should deploy the agents through a local installation, which is how I tested.

Final Analysis
Overall, Sophos Endpoint Security suite is easier to use than some of the other products in this review, and it lacks some of the flexibility of the larger products. I think its simplicity and ease of use will please relatively stable organizations with fairly uniform requirements across the enterprise. Organizations with more diverse requirements, many thousands of computers, and rapid constant implementation of new systems might prefer one of the other systems.

Prev. page     1 2 3 4 [5] 6 7     next page