Server with Sophos Server installed

Server Protection from Sophos – multiple options, logical choice

Meanwhile, it should be clear to everyone that every computer in a company, regardless of whether Windows, Linux or Mac OS X is installed on it, should be equipped with anti-virus software. Since the extortion viruses have made it to the front page of the media, no one seems to have much resistance.

However, you don’t just encounter client systems in a company. It is often forgotten that there is also a server with sensitive data that must be protected from attacks.

In this article, I would like to introduce you to three variants of Sophos that you can use to protect your servers.

Sophos strictly speaking offers four solutions to protect your servers. But Endpoint Protection with management on the UTM, has not received any new features since the end of 2014. Considering that IT years count double in my eyes, that would be a good four years! 🙂 But now let’s come to the noteworthy possibilities:

1. Sophos Central Server Protection

Sophos’s driving force in the area of endpoint protection is clearly “Sophos Central”. The platform makes it possible to protect and manage both client operating systems (Windows and Mac), server operating systems (Windows and Linux) and mobile operating systems for smartphones and tablets (Android, iOS and, at the end of 2016, Windows Mobile). The server product comes in two variants, Sophos Central Server Protection and Sophos Central Intercept X Advanced for servers.

Sophos Central Server Policies

Sophos Central test it now for 30 days free of charge and without obligation and form your own opinion.

Advantages

  • Security Heartbeat (Synchronized Security) *
  • very fast release of new security features
  • One console for Client OS, Server OS and MDM (Mobile Device Management)
  • Server Lockdown *
  • Distribution of policies and virus patterns ➜ With Message Relay also possible without Internet access
  • Ready for use within minutes

* This feature is only available in this solution.

Disadvantages

  • The installation of the antivirus software on the clients requires approx. 200MB RAM per server
  • Some companies do not like the managed solution, but Sophos data protection is very transparent
  • No client firewall (coming at the end of 2016)

PDFs

2. Sophos Server Protection

We encounter this product very often, especially in larger companies. This is probably because the platform can be self-hosted and hosted on its own infrastructure. Of course, this requires a separate Windows server, on which Enterprise Console is then installed. The clients and servers can then be managed on this console. Unfortunately, you won’t find the “Server Lockdown” function or the new “Synchronized Security” feature in this hosted solution.

Enterprise Console Dashboard

Advantages

  • All data Inhouse
  • Client firewall
  • Data Control (DLP)

Disadvantages

  • the installation of the antivirus software on the clients requires 200MB of RAM per server.
  • Windows Server license is required
  • Setup very time consuming
  • Distribution of policies and virus definitions only possible to clients in the network
  • no server lockdown
  • no security heartbeat (synchronized security)

3. Sophos VMware vShield (Hyper-V is on the way)

vShield protects all your VMs, but does not bring a management console. Here you have to choose either the Sophos Central console or the on premise Enterprise console.

Protection for Hyper-V is also planned for 2016, but the same disadvantages apply here, which in my opinion do not favor this method.

Advantages

  • conserving resources
  • fast deployment

Disadvantages

  • only filescan – scripts or word macros are not recognized (killer criterion)

Update: Unfortunately, the Sophos VMware vShield product is no longer available. To protect your virtual servers, we recommend you check out the following PDF from Sophos: Sophos for Virtual Environments

Conclusion

So there you have it, the three latest ways you can protect your servers with Sophos. If you look at the licensing costs of these solutions, they are actually all very close to each other, which, on the other hand, cannot be said about the protection mechanisms. Depending on the requirements profile, however, a decision based on these three options is not really difficult. If you don’t mind that the management console is not running in-house on your own server, you can use Sophos Central Server Protection without thinking twice. Those who can do without the new features, such as “Security Heartbeat” or “Server Lockdown” (these functions will also never appear on the Enterprise console) and would like to install the console on their own server, will then probably opt for “Sophos Server Protection”. “We would recommend Sophos VMware vShield rather less now. Although this solution is very resource-efficient, it is inferior to the other two variants from a purely security point of view. VMware vShield only offers a file scan, which means that scripts or Word macros cannot be detected.

Based on the information from the recent Sophos Roadshow in Zurich, it’s easy to see that the future at Sophos clearly belongs to Sophos Central. Especially the “Synchronized Security” approach, that the endpoints can talk to the firewall, is perfected by the new “Sophos Firewall OS” and “Sophos Central”!

More information

Patrizio
Patrizio

Patrizio is an experienced network specialist with a focus on Sophos firewalls, switches and access points. He supports customers or their IT department in the configuration and migration of Sophos firewalls and ensures optimal network security through clean segmentation and firewall rule management.

Subscribe Newsletter

We send out a monthly newsletter with all the blog posts for that month.