Server protection from Sophos - Multiple options, logical choice
That every computer in a company, regardless of whether Windows, Linux or Mac OS X is installed on it, should be equipped with antivirus software. That should be obvious to everyone. Ever since ransomware made the front page of the media, no one has met with much resistance.
In a company, however, you don't just find client systems. It is often forgotten that there is also a server with sensitive data, which must be protected against attacks in exactly the same way.
In this article, I'd like to introduce three variants of Sophos to help you protect your servers.
Sophos strictly speaking offers four solutions to protect your servers. But the Endpoint Protection with management on the UTM, has not received any new features since the end of 2014. Considering that IT years count double in my eyes, that would be a good four years 🙂 But now let's get to the noteworthy possibilities:
1. Sophos Central Server Protection
Sophos's driving force in the area of endpoint protection is clearly "Sophos Central". The platform makes it possible to protect and manage client operating systems (Windows and Mac), server operating systems (Windows and Linux) and mobile operating systems for smartphones and tablets (Android, iOS and, at the end of 2016, Windows Mobile). The server product is available in two variants, Sophos Central Server Protection and Sophos Central Intercept X Advanced for servers.
Try Sophos Central for 30 days for free and without obligation and form your own opinion.
Advantages
- Security Heartbeat (Synchronized Security) *
- very fast release of new security features
- one console for client OS, server OS and MDM (Mobile Device Management)
- Server Lockdown *
- Distribution of policies and virus pattern ➜ With Message Relay also possible without Internet access
- Ready for use within minutes
* this feature is only available in this solution
Drawbacks
- The installation of the antivirus software on the clients requires approx. 200MB RAM per server
- Some companies are not satisfied with the managed solution, but Sophos's privacy is very transparent
- no client firewall (coming end of 2016)
PDFs
2. Sophos Server Protection
We encounter this product very often, especially in larger companies. This is probably because the platform itself can be hosted in the company's own infrastructure. Of course, this requires a separate Windows server, which then hosts the Enterprise Console is installed. The clients and servers can then be managed on this console. Unfortunately, the "Server Lockdown" function or the new "Synchronized Security" feature are not available in this hosted solution.
Advantages
- All data in-house
- Client Firewall
- Data Control (DLP)
Drawbacks
- the installation of the antivirus software on the clients requires 200MB RAM per server.
- Windows Server license required
- very time-consuming setup
- Distribution of policies and virus definitions only to clients in the network possible
- no server lockdown
- no security heartbeat (synchronized security)
3. Sophos VMware vShield (Hyper-V is on the way)
vShield protects all your VMs, but does not include a management console. You will need to choose either the Sophos Central Console or the on Premise Enterprise Console.
Protection for Hyper-V is also planned for 2016, but here there are the same disadvantages that I do not think speak in favour of this method.
Advantages
- resource-conserving
- quick deployment
Drawbacks
- only filescan - scripts or word macros are not recognized (killer criterion)
Update: The product Sophos VMware vShield is no longer available. To protect your virtual servers, we recommend that you read the following PDF from Sophos: Sophos for Virtual Environments
Bottom line
So there you have it, the three latest ways to protect your servers with Sophos. If you look at the licensing costs of these solutions, they are actually all very close to each other, which is not the case for the protection mechanisms. However, depending on your requirements, it is not really difficult to make a decision based on these three options. If you don't mind that the management console is not running in-house on your own server, you can use the Sophos Central Server Protection. Those who can do without the new features, such as "Security Heartbeat" or "Server Lockdown" (these functions will never appear on the Enterprise console) and would like to install the console on their own server, should probably opt for "Sophos Server Protection". "Sophos VMware vShield" we would now rather less recommend. Although this solution is very resource-efficient, it is inferior to the other two variants from a purely security point of view. VMware vShield only offers a file scan, which means that scripts or word macros cannot be detected.
Based on the information of the last Sophos Roadshow in Zurich, it's easy to see that the future at Sophos is clearly Sophos Central heard. Especially the "Synchronized Security" approach, that the endpoints can talk to the firewall, is perfected by the new "Sophos Firewall OS" and "Sophos Central"!