Protect your servers from malware and ransomware.
You don't have to compromise on performance.
Sophos Central Server Protection provides you with a wide range of innovative features to protect your server environment from attack without compromising the performance of your servers. Designed specifically to protect mission-critical servers, the solution provides whitelisting of server applications, powerful anti-malware capabilities, and behavioral analysis.
With the Server Lockdown feature, you can protect your server against all dangers with just one click.
Web Control is a very powerful tool for managing Internet traffic, especially for terminal servers. You decide which categories of websites are allowed. This can help prevent users from accessing radical, political content, hacking sites, or violent websites. In addition, you can further increase security by not allowing the download of files with certain extensions, such as dll, exe, flv, etc. With the Web Control you can define your own rules and even set the time for them.
Sophos Central Server Protection gives you the ability to block interfaces on a server with Peripheral Control. For example, in your Sophos Central account you can create a policy that blocks all USB ports. This way, you have prevented someone from plugging in their USB flash drive unnoticed and infecting the server with malware, either intentionally or unintentionally. Of course, you can also define exceptions and allow your USB stick, for example. Naturally, you have many other interfaces to choose from, such as Optical Drive.
Application control is an indispensable tool for restricting access to certain software, especially for remote desktop servers (terminal servers). There are various application scenarios. For example, you can prevent users from using old Acrobat readers. With just one rule, you have made sure that the security holes in Acrobat Reader 9 cannot be exploited to attack the system. Another example to increase the security of the server would be blocking file sharing applications or remote control applications such as VNC.
By default, the Server Protection Client checks every 60 minutes to see if new signatures can be downloaded from Sophos to detect malicious files. However, as malware is evolving rapidly nowadays, it is absolutely necessary to ensure that protection is provided as promptly as possible. This has enabled Sophos to detect this and, with Live Protection, improve response time to detect new malware and update your server protection in real time.
Enable Live Protection to allow your server protection client to check files for malicious files on Sophos Labs in real time to see if they are malicious. This way, new malware can be detected even though it does not yet appear in the virus definitions.
Host Intrusion Prevention System
Today's development of malware shows that protection based solely on signatures is no longer sufficient. Today's malware is spreading too fast, has become too intelligent and can change its shape and signature in no time at all.
So if you can't rely on the signatures anymore, you have to analyze the behavior of an executable file more closely and block activities that seem to be suspicious. This is exactly what the Sophos Central Server Protections Host Intrusion Prevention System (HIPS) does.
Suspicious behavior could be, for example, a change in the registry that would allow a virus to run itself automatically after the computer is started.
Data Loss Prevention
Data Loss Prevention is a feature in Sophos Central Server Protection, that allows you to monitor and restrict the transfer of sensitive data. Especially with a remote desktop server (terminal server), you can use a policy to prevent a user from sending a file from the corporate network via webmail.
Create your own rules and decide how to deal with certain information in the company. This way you can make sure that no important documents get into the wrong hands.
Malicious Traffic Detection
There is already a more complex type of malware that will not connect to an unknown source until later, after it reaches your server, to reload more malicious software or steal files from the infected server.
Sophos Central Server Protection has the ability to monitor HTTP traffic and alert you to this malicious traffic. Special attention is paid to known URLs of command and control servers. If such traffic is detected, there is a good chance that a new malware has been found and uploaded to Sophos Labs for specific detection.
A secure network consists of a firewall at the gateway and good protection at the endpoint. The problem so far was that the firewall didn't know if an endpoint was being attacked and the endpoint had no idea if someone could overcome the firewall. With the Security Heartbeat, Sophos has made it possible for your firewall to communicate with your endpoints. For example, if a server in your network is infected by a virus, the firewall will be notified and can remove the server from the network before the virus spreads.
The server lockdown will give you the benefit of one-click whitelisting. As soon as you activate the lockdown for your server, the system is first checked to see if it is threat-free. Afterwards, it is necessary to record the current status of your server and create the whitelist. All this happens in the background and does not affect the availability of your server. After one to two hours, indexing is normally completed and the system is in lockdown mode. From this time on, no software, i. e. no malware, can be installed on the system
After the lockdown, you can define so-called update applications. An update of an ERP can be, for example, such an update application. Windows updates are automatically added to the whitelist and can update Windows system components.
Update-Cache und Message Relay
There are network scenarios where not every computer or server is connected to the Internet, but can only be accessed via the internal network. The risk of attack with these devices decreases considerably. Without an Internet connection, the Endpoint or Server Protection cannot download updates or receive new policies. This is exactly what the update cache and message relay are for. Both features are included in Sophos Central Server Protection.
Once you have set up the update cache and message relay on your Windows server (Linux servers are not yet supported), it automatically acts as a communication proxy to central management. Only this server will now need to communicate with Sophos directly in future. The server will receive future updates from Sophos and make them available to your other servers and workstations on the local network.
Sophos Central Server Protection offers you two types of agents that you can install on your servers. On the one hand, there is the Full Agent, which has all the features built in and serves as a full Sophos server protection. On the other hand, an ultra-thin agent is also available for virtual environments with VMware or Hyper-V. A centralized security VM is used as a scanner for many guest VMs running only a small guest agent with minimal memory requirements. This makes it possible to work more efficiently and to avoid peak loads caused by too many simultaneous scans.