Sophos Central update – LLDP for APX series, Outlook add-in for Phish Threat and more

Sophos Central is being worked on diligently and it is once again time to briefly summarize the innovations and small updates of the last few months.

Launch of Intercept X Advanced and EDR

We have already reported on the name changes of the endpoint products in a previous blog post. As you know, the Endpoint Advanced + Intercept X Bundle has become Intercept X Advanced, which you can now officially order from us. Intercept X Advanced EDR will also be released by Sophos in the DACH region this November.

Sophos Wireless Update 2.1

At the latest with the release of the new APX series, it was clear that Sophos would continue to put energy into the further development of its wireless solutions. The major release of Sophos Central Wireless to version 2.1 added the following new features:

Improved diagnostic functionalities

• More options for event logging and reports
• Collect logs specifically for audits
• Packet captures of network packets can be generated directly on the access point and then exported via the cloud for analysis purposes.
• Export AP logs to syslog server

At this point, we can recommend the following Sophos video, where the features listed above are shown in more detail in the Sophos Central Dashboard.

➜ Watch the video: What’s new in Sophos Central – Wireless

LLDP

APX Series access points can now make their identity known on the network thanks to Link Layer Discovery Protocol (LLDP) support. Switches that support LLDP according to the 802.1ab standard are now able to detect the Sophos APX access points. The following information is provided via LLDP:

• MAC address
• Model
• Serial number
• Firmware version
• Management Port
• Management IP address

For security reasons, the LLDP packets are only transmitted via a cable connection. In case we haven’t emphasized it enough yet: Unfortunately, this function is only reserved for the new APX series. The classic APs (15,55,100) are left out.

Roaming Assist

This feature allows so-called “sticky clients” to enjoy a seamless roaming experience without having to disconnect from the network. A sticky client is a wireless client that stays connected to an access point even if it is far away, and would optimally already connect to the next client.

GUI optimizations

In the latest update, work was done not only on new features, but also on the appearance of the GUI. So you may have noticed that the Wireless System Settings page has been cleaned up a bit and the previous view has been split into separate tabs. The “Access Points” page has also become much clearer. The graph for the signal strength of a client was also newly equipped with the unit of measurement “dBm”, which allows an even more detailed view.

Phish Threat – Outlook Add-in

You will receive new campaigns for Sophos Central Phish Threat on a regular basis. This month alone, around 30 new campaigns have been added in the areas of “training”, “phishing”, “access data theft” or “attachments”. In addition, however, there is now a very handy Sophos Outlook add-in to report a phishing message in Outlook with just one click. You can see exactly how this works in the following video.

➜ Watch the video: Sophos Phish Threat Outlook Add-in

The add-in is available for the following platforms:

• Microsoft Outlook for Windows (2013, 2016)
• Microsoft Outlook for Mac (2016)
• Outlook Web Acecess
• Office 365

Mobile 8.5

With Sophos Mobile 8.5, there are a few innovations on the topic of desktop management of macOS and Windows 10 systems. On the one hand, the Device Enrollment Program (DEP) and the Volume Purchases Program (VPP) from Apple are now supported, and the “App Management” function for rolling out and updating macOS programs has been added. It is also now possible to delay operating system updates in macOS.

Under Windows 10, the “Device Guard settings” can now be managed centrally and a new “Kiosk mode” has arrived.

Some settings have also been added on iOS and Android. A complete zero-touch enrollment for Samsung Knox is now available for Android. There are new features for mass enrollment and massive new features have also been made available for Android Enterprise, which can be managed centrally via Sophos Mobile accordingly. For iOS, there is now AirPrint Management and the ability to delay iOS upgrades for up to 90 days.

Mobile Security also comes with new functions. Thus, the former antivirus for Android smartphones has grown into a complete mobile threat defense solution. The machine learning / deep learning engine, which you may already know from products like Intercept X or Intercept X Advanced for servers, has been integrated into the Android mobile security app. By the way, Mobile Security can no longer be managed only via Sophos Mobile, but also runs together with other EMM solutions, such as Microsoft Intune.

Update: 10/25/2019 – Sophos Central Mobile Security has been renamed Sophos Central Intercept X for Mobile. But is still the same product with a new design.

Sophos Email Gateway

Header information and wildcards(*)

In the “Reporting / Logging” section, you can now view detailed header information for an e-mail message. For example, you can see which mail server accepted the e-mail at which time and which return codes the corresponding mail servers gave themselves. It is now also visible whether an attachment was sent with the e-mail. Also worth mentioning is the possibility to work with wildcards in the “Allow/Block Inbound” list (e.g. *example.com).

Better search (Instant Search)

The search has also been simplified and sped up by quite a bit! For example, when searching for a mailbox in Inbox, the list is automatically adjusted based on the search term as you type.

Enterprise Dashboard

For those who use the Enterprise Dashboard to manage different Central Accounts, it is now possible to unlink them from sub-states, making them standalone Sophos Central Accounts again. Sub-states can now also be deleted completely.

Under the logs there is now a new item “Audit log”. It is now very easy to track who has made changes in the enterprise account or in a client account.

Windows Server

File Integrity Monitoring

The Sophos Central Server Protection module has received a new policy called File Integrity Monitoring. You can now monitor critical Windows system files for changes. However, you can also add your own files, folders or even registry keys whose changes should also be recorded. This new feature helps you meet certain compliance requirements of the PCI Data Security Standard.

Windows Server 2019 Support

Sophos Central Server Protection now supports the Microsoft Windows Server 2019 operating system, with requirements increased to 5GB of disk space and 4GB of Ram. Currently the following Windows Server operating systems are supported:

• Windows Server 2019
• Windows Server 2016
• Windows Server 2012 R2 (64 bit)
• Windows Server 2012 (64 bit)
• Windows Server 2008 R2 (64 bit)
• Windows Server 2008 (32 or 64 bit)

Message Relays for macOS

Message relays now also work on macOS. If you already have message relays set up for your Windows computers, your macOS devices will automatically use your current message relays immediately, as well as any you set up in the future.

End of Sale – Sophos Clean

Finally, an important note: Sophos Clean will no longer be offered as a standalone product. However, Clean is still included in Intercept X. Sophos Clean customers cannot renew their license, but must upgrade to Intercept X. We can accept orders for Sophos Clean for all regions until November 1, 2018.