Sophos Endpoint Security and Data Protection: Reviewer’s guide
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION 1 REVIEWER’S GUIDE
WELCOME Welcome to this reviewer’s guide for Sophos Endpoint Security and Data Protection – Sophos’s fully integrated, scalable endpoint security solution. This document introduces the key software elements of Sophos Endpoint Security and Data Protection: management console, anti-virus, client firewall, data control, device control, application control, encryption and network access control. The guide provides an overview of the powerful features of Sophos Endpoint Security and Data Protection.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE CONTENTS 1 COMPLETE PROTECTION FOR THE ENDPOINT 4 Overview of Sophos Endpoint Security and Data Protection 2 SINGLE, CENTRAL AUTOMATED CONSOLE 7 Overview of Sophos Enterprise Console 3 PROTECTING WINDOWS COMPUTERS 17 Overview of Sophos Endpoint Security and Control, Sophos Client Firewall, Sophos NAC and SafeGuard Disk Encryption 4 PROTECTING NON-WINDOWS COMPUTERS 24 Overview of Sophos Anti-Virus on Mac OS X, Linux and UNIX APPENDI
1 COMPLETE PROTECTION FOR THE ENDPOINT REVIEWER’S GUIDE sophos endpoint security and data protection 1 COMPLETE PROTECTION FOR THE ENDPOINT OVERVIEW OF ENDPOINT SECURITY AND DATA PROTECTION Sophos simplifies the task of securing your desktops, laptops, mobile devices, and file servers against known and unknown threats, as well as protecting your organization against accidental data loss.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Comprehensive data protection The combination of a number of different technologies ensures that your data is protected against accidental loss. DLP content scanning integrated into the single endpoint agent monitors for sensitive data being transferred to removable storage devices and internet-enabled applications such as email, web browsers and even Instant Messaging.
1 COMPLETE PROTECTION FOR THE ENDPOINT REVIEWER’S GUIDE Testing key features Before you test, here are some items to consider and to compare to competing products: • Can you manage protection for all your platforms from a single management console? • How many deployments are required to provide equal endpoint protection coverage – Anti-virus, Anti-spyware, Firewall, HIPS, Application Control, Device Control, Data Control and Network Access Control? • How easy is the product to install and deploy across th
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION sophos enterprise console 2 SINGLE, CENTRAL AUTOMATED CONSOLE OVERVIEW OF SOPHOS ENTERPRISE CONSOLE Sophos Enterprise Console delivers smarter, simpler policy-based management of your endpoint protection. It lets you manage thousands of Windows, Mac, Linux and UNIX computers from a single console.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE active directory integration and synchronization Faster deployment and automatic protection Sophos Endpoint Security and Data Protection makes it easy to find computers on your network by enabling the replication of Active Directory groups and client structure into Enterprise Console.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE At the click of a mouse, you can: • Filter the view to focus on those computers with out-of-date protection or with malware alerts, giving you instant visibility of the areas on your network that require attention. • Adjust the dashboard thresholds at which the status colours will change. • Enable automatic email alerts to be sent when your defined security thresholds are close.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE smart views Targeted cleanup Cleaning up a large network after an attack can be expensive and timeconsuming. Enterprise Console provides remote, centralized cleanup of files, registry entries, and running processes.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION activepolicies Simplified policy setting and enforcement Using Sophos ActivePolicies™, you can quickly and intuitively create and deploy network-wide policies independently of groups, allowing you to deploy one policy across multiple groups simultaneously. ActivePolicies takes the pain out of policy enforcement in seven key areas.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE Anti-virus and HIPS policies – virus, spyware, PUA, intrusion prevention Implementing our anti-virus protection also provides you with a complete host intrusion prevention system (HIPS) without the need for complex installation and configuration. It enables runtime analysis, buffer overflow and unique preexecution protection, proactively detecting malware and suspicious files and behavior.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE Application control policies Applications like VoIP, IM and P2P are increasingly the cause of security, legal and productivity issues in business – consequently IT departments are being asked to control their unauthorized installation and usage.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE Device control policies Device control can help to significantly reduce your exposure to accidental data loss and restrict the ability of users to introduce software and malware from outside of your network environment.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION You can also significantly reduce the risk of network bridging between a corporate network and a non-corporate network. The Block bridged mode is available for both wireless and modem types of device. The mode works by disabling either wireless or modem network adapters when an endpoint is connected to a physical network (typically through an Ethernet connection).
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE There are two types of data control rule: • file matching rule: specifies the action that is taken if the user attempts to transfer a file with the specified file name or of the specified file type (true file type category, e.g.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION There are a number of actions that can be taken when a data control rule is matched: • Allow file transfer and log event • Allow transfer on acceptance by user and log event • Block transfer and log event By default, when a rule is matched and file transfer is blocked or user confirmation of file transfer is required, a message will be displayed on the endpoint computer’s desktop.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE You can configure different location aware security policies to ensure that mobile computers are protected, whether in or out of the office. The location of the mobile computer is detected using either DNS or the gateway MAC address.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION • Manage—provides components for editing and managing policies and managing computers. • Enforce—offers control of network access using access templates and exemptions. • Report—offers a suite of reports for troubleshooting compliance and network access. • Configure — provides control over components required for system management, configuration and server settings.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE There are three pre-defined NAC policies: Important • Default—The default policy is designed so you can quickly assess and control managed clients. All new Enterprise Console groups and any client with no policy assigned to it, or that cannot find the policy assigned to it, will pick up the default policy.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Reports can be output in table format as well as chart format, including pie charts and can be exported in a number of file formats, namely: PDF (Acrobat), HTML, MS Excel, MS Word, RTF, CSV, XML.
2 SINGLE, CENTRAL AUTOMATED CONSOLE REVIEWER’S GUIDE There are four pre-configured roles: 1. System Administrator—A pre-configured role that has full rights to manage Sophos security software on the network and roles in Enterprise Console. The System Administrator role cannot be edited or deleted. 2. Administrator—A pre-configured role that has rights to manage Sophos security software on the network, but cannot manage roles in Enterprise Console. The Administrator role can be renamed, edited, or deleted.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION sophos endpoint security and data protection 3 PROTECTING WINDOWS COMPUTERS Sophos Endpoint Security and Data Protection protects your Windows network with Sophos Endpoint Security and Control for Windows, Sophos NAC, SafeGuard Disk Encryption and Sophos Client Firewall.
3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE Intrusion prevention Sophos Endpoint Security and Control for Windows includes complete intrusion prevention (HIPS), ensuring proactive protection without you having to carry out the complex installation and configuration of a separate product.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Application Control While some applications can provide efficiency gains, others can distract users from their business tasks, and waste valuable network bandwidth and processing power. In addition, with P2P and IM-based malware attacks growing fast, and regulations that make it a legal requirement to maintain and protect data, the need to control the installation of unauthorized applications is increasingly important.
3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE SophosLabs also maintains a library of extensive library of global sensitive data definitions (Content Control Lists) which covers personally identifiable information (PII) such as credit card numbers, social security numbers, postal addresses, or email addresses helping you to protect your sensitive data faster. You can create your own lists specific to your organization such as customer reference numbers or specific confidential document markers.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION SAFEGUARD DISK ENCRYPTION SafeGuard Disk Encryption is an easy to implement solution that encrypts hard disks and data on mobile media to protect against the loss of data and meet compliance requirements. Securing data through full disk encryption Hard disks (IDE, SCSI, serial ATA) are encrypted at sector level, which means that the entire content including any operating systems, temporary files, swap files or “hibernation” files are encrypted.
3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE SOPHOS CLIENT FIREWALL Sophos Client Firewall is integrated into the endpoint agent making deployment, configuration, updating, and management by Enterprise Console simple. It proactively locks down computers, protecting against known and unknown threats, such as internet worms, hackers, and unauthorized application communication.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Ensuring protection with location awareness Sophos Client Firewall lets you configure different policies for different locations according to the location where computers are used, for example, in the office (on the network) and out of the office. The Enterprise Console will then apply different firewall settings to the computers depending on whether they are on the network or not.
4 PROTECTING NON-WINDOWS COMPUTERS REVIEWER’S GUIDE sophos anti-virus for mac os x, linux and unix 4 PROTECTING NON-WINDOWS COMPUTERS THE NEED TO PROTECT NON-WINDOWS COMPUTERS It has become increasingly important to protect Mac, Linux, UNIX and other computers. The ability of non-Windows computers to harbor and spread Windows viruses, the occasional appearance of targeted Mac and Linux viruses, and legal demands that every computer be protected, all place an increasingly heavy burden on your shoulders.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION You can also enable remote and mobile users to update from wherever they are via the network or internet, either from the main server, a backup, or directly from Sophos. Automatic reporting of virus incidents Enterprise Console’s security dashboard shows outbreak risk data, and automatic email alerts are sent when outbreaks occur, enabling you to take early action.
4 PROTECTING NON-WINDOWS COMPUTERS REVIEWER’S GUIDE Automatic updates Updates are automatically downloaded and distributed through Enterprise Console, cascading web servers or directly from Sophos, ensuring that all computers across the network, including remote laptops, are fully protected. SOPHOS ANTI-VIRUS FOR UNIX Sophos Anti-Virus for UNIX provides integrated cross-platform virus and spyware detection on UNIX servers, desktops and laptops.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE appendix i EVALUATING ENDPOINT SECURITY AND DATA PROTECTION We want you to be absolutely convinced that Sophos Endpoint Security and Data Protection will protect your network and support you better than any other security vendor.
APPENDIX I EVALUATING ENDPOINT SECURITY AND DATA PROTECTION SYSTEM REQUIREMENTS For full details, visit www.sophos.com/products/all-sysreqs.html Enterprise Console system requirements Platforms supported Windows 95/98/NT4/2000/XP/2003/Vista/2008/7 Mac OS X Linux UNIX Hardware Minimum 2.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Sophos Endpoint Security and Control for Windows system requirements Platforms supported Windows 95/98/NT4/2000 and 2000 Pro/XP Home and Pro/2003/Vista/2008/7 Windows Netbooks Windows XPe Windows Embedded Standard WePOS VMWare ESX VMWare Workstation VMWare Server Disk space Windows 2000/XP/2003/Vista/2008/7 Minimum 120 MB Windows Me/98/95/NT4 Minimum 90 MB Memory Windows 2000/XP/2003/Vista/2008 and Enterprise Console Recommended 256 MB Windows Me/98/95 Re
APPENDIX II THE EICAR TEST “VIRUS” appendix ii THE EICAR TEST “VIRUS” ABOUT THE EICAR TEST FILE The EICAR* Standard Anti-virus Test File is safe to use for test purposes because it is not a virus, and does not include any fragments of viral code. It is a legitimate DOS program that consists entirely of printable ASCII characters. The file lets you simulate safely what happens when Sophos Anti-Virus detects malicious code.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION appendix iii OTHER SOPHOS PRODUCTS AND SERVICES Sophos Security and Data Protection Sophos Email Security and Data Protection Sophos Email Security and Control is a choice of software solutions and fully integrated Email Appliances, providing effective and intelligent protection against viruses, spyware, Trojans, spam, offensive content and data loss.
APPENDIX III OTHER SOPHOS PRODUCTS AND SERVICES Sophos Alert Services Sophos ZombieAlert™ Service provides you with immediate warning if spammers have hijacked any of your organization’s computers to send spam or launch denial-of-service attacks. www.sophos.com/products/enterprise/alert-services/zombiealert.html Sophos PhishAlert™ Service provides fast, near real-time alerts of phishing campaigns, so that you can take steps to shut down an imitation website and protect your organization’s customers. www.
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION Free tools Sophos provides a number of tools can be used to reduce vulnerabilities and threats. They are free downloads that utilize our most up-to-date technologies and information. Sophos Computer Security Scan http://www.sophos.com/products/free-tools/sophos-computer-security-scan.html Use our free Sophos Computer Security Scan to see the threats your company’s security software missed.
Boston, USA | Oxford, UK © Copyright 2009. Sophos. All rights reserved. All trademarks are the property of their respective owners.