Sophos Central Update: LLDP for APX series, Outlook add-in for Phish Threat and more
Sophos Central continues to be a busy work in progress and it’s time to briefly review the new features and small updates over the past few months.
Market launch of Intercept X Advanced and EDR
We already reported about the name changes of the endpoint products in an earlier blog post. The Endpoint Advanced + Intercept X Bundle became Intercept X Advanced, which you can now officially order from us. Sophos will also release Intercept X Advanced EDR in the DACH region this November.
Sophos Wireless Update 2.1
By the time the new APX series was released, it was clear that Sophos would continue to invest energy in developing its wireless solutions. The major release of Sophos Central Wireless to version 2.1 added the following new features:
Improved diagnostic functionalities
- More options for event logging and reports
- Collect logs specifically for audits
- Packet captures of network packages can be generated directly at the access point and then exported to the cloud for analysis.
- Export AP logs to syslog server
We can recommend the following Sophos video, which will show you the features listed above in more detail in the Sophos Central Dashboard.
➜ Watch the video: What’s new in Sophos Central - Wireless
APX Series access points can now make their identity known on the network thanks to LLDP (Link Layer Discovery Protocol) support. Switches that support LLDP according to the 802.1ab standard are now able to detect the Sophos APX access points. The following information is provided via LLDP:
- MAC Address
- Serial Number
- Firmware Version
- Management Port
- Management IP Address
For security reasons, the LLDP packets are only transmitted via a cable connection. If we have not emphasized it enough: Unfortunately, this feature is only reserved for the new APX series. The classic APs (15, 55, 100) are left behind.
This feature allows sticky clients to enjoy a seamless roaming experience without disconnecting from the network. A sticky client is a wireless client that stays connected to an access point, even if it is far away, and would ideally already connect to the next client.
Optimizations in the GUI
In the latest update they not only worked on new features, but also on the GUI. You may have noticed that the page “Wireless System Settings” has been tidied up a bit and the previous view has been split into separate tabs. Also the page “Access Points” has become much clearer. The graphic for the signal strength of a client has also been redesigned with the unit “dBm”, which allows an even more detailed view.
Phish Threat - Outlook Addin
Sophos Central Phish Threat is regularly updated with new campaigns. This month alone, about 30 new campaigns have been added in the “Training”, “Phishing”, “Access data theft” and “Attachments” sections. In addition, there is now a very handy Sophos Outlook add-in to report a phishing message in Outlook with just one click. You can see how this works in the following video.
➜ Watch the video: Sophos Phish Threat Outlook Add-In
The add-in is available for the following platforms:
- Microsoft Outlook für Windows (2013, 2016)
- Microsoft Outlook für Mac (2016)
- Outlook Web Acecess
- Office 365
With Sophos Mobile 8.5, there are a few innovations in desktop management for macOS and Windows 10 systems. Now the Device Enrollment Program (DEP) and the Volume Purchases Program (VPP) are supported by Apple and the feature “App Management” to roll out and update macOS applications has been added. It is now also possible to delay operating system updates in macOS.
Under Windows 10 the “Device Guard Settings” can now be managed centrally and a new “Kiosk Mode” has been introduced.
Under iOS and Android also some settings have been added. For Android a complete Zero-Touch Enrollment for Samsung Knox is now available. There are new mass enrollment capabilities and Android Enterprise also has massive new features that can be centrally managed via Sophos Mobile. For iOS, there is now AirPrint Management and the ability to delay iOS upgrades for up to 90 days.
Mobile Security also comes with new features. The former antivirus for Android smartphones has grown into a complete Mobile Threat Defense solution. The Machine Learning / Deep Learning Engine, which you may already know from products like Intercept X or Intercept X Advanced for Servers, has been integrated into the Android Mobile Security App. Mobile Security is no longer only manageable via Sophos Mobile, but also runs together with other EMM solutions such as Microsoft Intune.
Sophos Email Gateway
Header Information and Wildcards(*)
In the “Reporting / Logging” area, you can now view detailed header information for an email message. For example, you can see which mail server accepted the email at what time and which return codes the corresponding mail servers used. Now you can also see whether an attachment was sent with the email. Also worth mentioning is the possibility to work with wildcards in the “Allow/block inbound” list (e.g. *example.com).
Better Search (Instant Search)
The search has also been simplified and made a lot easier! For example, if you search for a mailbox in your inbox, the list is automatically adjusted based on the search term while you type.
For those who use the Enterprise Dashboard to manage different Central Accounts, there is a new feature that allows them to unlink to sub-states, making them standalone Sophos Central Accounts again. Sub-states can now be completely deleted.
The “Audit log” item has been added to the logs. It is now very easy to track who made changes in the Enterprise account or in a client account.
File Integrity Monitoring
The Sophos Central Server Protection module has been given a new policy called File Integrity Monitoring. You can now monitor critical Windows system files for changes. However, you can also add your own files, folders or even registry keys, and have their changes recorded. This new feature helps you to comply with certain PCI Data Security requirements.
Windows Server 2019 Support
Sophos Central Server Protection now supports the Microsoft Windows Server 2019 operating system, with requirements increased to 5GB of disk space and 4GB of Ram. Currently, the following Windows Server operating systems are supported:
- Windows Server 2019
- Windows Server 2016
- Windows Server 2012 R2 (64 bit)
- Windows Server 2012 (64 bit)
- Windows Server 2008 R2 (64 bit)
- Windows Server 2008 (32 or 64 bit)
Message Relays für macOS
Message relays now also work on macOS. If you have already set up message relays for your Windows computers, your macOS devices will now automatically use your current message relays and any message relays you set up in the future.
End of Sale - Sophos Clean
Last but not least, Sophos Clean is no longer offered as a standalone product. However, Clean is still included in Intercept X. Sophos Clean customers will not be able to renew their license but will need to upgrade to Intercept X. Orders for Sophos Clean will be accepted for all regions until 1 November 2018.