Server protection from Sophos: Multiple options, logical choice
That every computer in a company, regardless of whether Windows, Linux or Mac OS X is installed on it, should be equipped with antivirus software. That should be obvious to everyone. Ever since ransomware made the front page of the media, no one has met with much resistance.
In a company, however, you don’t just find client systems. It is often forgotten that there is also a server with sensitive data, which must be protected against attacks in exactly the same way.
In this article, I’d like to introduce three variants of Sophos to help you protect your servers.
Sophos offers four solutions to protect your servers. But the Endpoint Protection with the management on the UTM, has not received any new features since the end of 2014. In view of the fact that IT years count twice in my eyes, that would be a good four years! :-) But now we come to the possibilities worth mentioning:
1. Sophos Central Server Protection
Sophos’s flagship product in Endpoint Protection is clearly Sophos Central. The platform makes it possible to protect and manage client operating systems (Windows and Mac), server operating systems (Windows and Linux) as well as mobile operating systems for smartphones and tablets (Android, iOS and Windows Mobile at the end of 2016). The server product is available in two variants, Sophos Central Server Protection and Sophos Central Intercept X Advanced for Server. The added value of Advanced is the server lockdown. A blog post about this function will follow later.
Try Sophos Central for 30 days for free and without obligation and form your own opinion.
Advantages
- Security Heartbeat (Synchronized Security) *
- very fast release of new security features
- one console for client OS, server OS and MDM (Mobile Device Management)
- Server Lockdown *
- Distribution of policies and virus patterns ➜ With Message Relay also possible without Internet access
- Ready for use within minutes
* this feature is only available in this solution
Drawbacks
- The installation of the antivirus software on the clients requires approx. 200MB RAM per server
- Some companies are not satisfied with the managed solution, but Sophos’s privacy is very transparent
- no client firewall (coming end of 2016)
PDFs
- Sophos Central Server Protection data sheet
- Sophos Central Intercept X for Server
- Sophos Central data sheet
- Privacy
2. Sophos Server Protection
We find this product very often in larger companies. This is probably because the platform itself and its own infrastructure can be hosted. Of course, this requires a separate Windows server on which the Enterprise Console is installed. The clients and servers can then be managed on this console. Unfortunately, the “Server Lockdown” function or the new “Synchronized Security” feature is not available in this hosted solution.
Advantages
- All data in-house
- Client Firewall
- Data Control (DLP)
Drawbacks
- the installation of the antivirus software on the clients requires 200MB RAM per server.
- Windows Server license required
- very time-consuming setup
- Distribution of policies and virus definitions only to clients in the network possible
- no server lockdown
- no security heartbeat (synchronized security)
PDFs
3. Sophos VMware vShield (Hyper-V is on the way)
vShield protects all your VMs, but does not include a management console. You will need to choose either the Sophos Central Console or the on Premise Enterprise Console.
Protection for Hyper-V is also planned for 2016, but here there are the same disadvantages that I do not think speak in favour of this method.
Advantages
- resource-conserving
- quick deployment
Drawbacks
- only filescan - scripts or word macros are not recognized (killer criterion)
Update: The product Sophos VMware vShield is no longer available. To protect your virtual servers, we recommend that you read the following PDF from Sophos: Sophos for Virtual Environments
Conclusion
So these are the three latest ways you can protect your servers with Sophos. If you look at the licensing costs of these solutions, they are all very close together, which cannot be said of the protection mechanisms. Depending on what the requirement profile looks like, however, a decision based on these three options is not really difficult. If you don’t mind that the management console doesn’t run in-house on your own server, Sophos Central Server Protection. If you don’t need the new features such as “Security Heartbeat” or the “Server Lockdown” (these features will never appear on the Enterprise Console) and would like to install the console on your own server, you might want to opt for “Sophos Server Protection”. “We would rather not recommend Sophos VMware vShield” now. Although this solution is very resource-saving, but from a purely safety point of view, it is inferior to the other two variants. VMware vShield only offers a file scan that does not recognize scripts or Microsoft Word macros.
Based on information from the last Sophos Roadshow in Zurich, it is easy to see that the future at Sophos clearly belongs to Sophos Central. The “Synchronized Security” approach, which allows endpoints to talk to the firewall, is being perfected with the new “Sophos Firewall OS” and “Sophos Central”!