Manualshelf

Specifications

ManualsBrandsSophos ManualsSoftwareEndpoint Security & Data Protection
21222324252627282930
25
SOPHOS ENDPOINT SECURITY AND DATA PROTECTION REVIEWER’S GUIDE
Application Control
While some applications can provide efficiency gains, others can distract users
from their business tasks, and waste valuable network bandwidth and processing
power. In addition, with P2P and IM-based malware attacks growing fast, and
regulations that make it a legal requirement to maintain and protect data, the
need to control the installation of unauthorized applications is increasingly
important.
Sophos integrates application control into the endpoint agent, letting you authorize
or block applications selectively, at the desktop level or centrally. You can also block
or authorize applications for different groups of computers using ActivePolicies in
Sophos Enterprise Console (see chapter 2). For example, you can block VoIP for
office-based desktop computers, but authorize it for remote computers.
Device Control
Our device control technology helps you to reduce the risk of data loss and
malware infection, by giving you control over removable storage devices and
wireless networking prototcols.
Built into the single endpoint agent, it is port agnostic and supports any port
used to connect the device including USB, FireWire, SATA and PCMIA interfaces.
Initially the device control policy can be put into a notification only mode
enabling you to get a view of device usage across your estate without blocking
any devices, before configuring and deploying a control policy to relevant groups.
Each device type can either be authorized (the default setting) or blocked.
Storage devices can also be set to “read only” mode, which means that data can
be read from the device but not written to it. This can be particularly useful for
USB flash disks and CD / DVD drives.
For network interfaces, a “Block bridging” mode prevents network bridging
and will disable a computer’s wireless interface when the computer has a
physical connection to the network, e.g. via an Ethernet cable. Once the cable is
disconnected, the wireless interface will be enabled.
Data Control
Sophos is the first vendor to integrate DLP content scanning into the endpoint
agent, reducing the impact on system performance with a single agent that
scans for sensitive data as well as malware and making it easier for you to
configure, deploy and manage.
It enables you to monitor for when users transfer sensitive data, such as
Personally Identifiable Information (PII) or company confidential documents
to removable storage devices or internet-enabled applications, helping you to
prevent the accidental loss of data.
Policy configuration is easy with a number of preconfigured data control rules
that you can use out of the box or modify to tailor to your own needs.