Sophos Endpoint Security and Control can easily replace a number of individual security products aimed at endpoint protection. In addition to antivirus, it delivers antispyware, HIPS, firewall, application and device control, and network access control (NAC) under centralized management.
Installation/Configuration - B
Installation of the enterprise console and NAC server is straightforward. The console dashboard offers comprehensive access to managed computers, updates, alerts, policies, protection and errors.
However, we encountered several irritations trying to install the client software directly from the console, requiring us to resort to hands-on installation. For example, you need administrative rights on a PC and have to uninstall previous versions on older Windows machines. There's plenty of documentation to get past these issues, but they create a lot of extra work.
Policy - A
The policy tree provides instant access for all functions. We set granular polices for different operating systems and Windows versions. Under AV and HIPS, we quickly set up detailed scanning options and exclusions specific to each platform. The Cleanup tab let us assign specific actions to known viruses and spyware, and suspicious files. Sophos provides an extensive list of application types that allowed us to move commonly known applications from being authorized to blocked.
There are also options to limit the use of devices such as CD/DVDs, floppies and removable USB drives.
Host firewall policies were standard fare, including rules for blocking and allowing different types of protocols, applications and processes.
NAC provides separate policies for managed and unmanaged computers.
Logging and Reporting - C
With few options for customization, this was the weakest aspect of the product. Event logs and alerts are set up individually for each component, but while they are excellent for AV and HIPS, they're weak for application control and firewall.
Under AV and HIPS, we set up alerting for multiple events, including virus/spyware detection and cleanup, suspicious behavior, suspicious files, adware and PUAs (potentially unwanted applications). The application control and firewall lack specific event notification and had weak logging. Reporting is limited to generic reports generated through drop-down menus and radio buttons. There were no options for automated reports or having them disseminated via email.
Effectiveness - A
Sophos has long been a leader in the antimalware space, with superior scanning engines and a research division that stays on top of emerging threats.
We were particularly pleased with the way Sophos goes beyond traditional signatures and basic heuristics to identify unidentified malware and unwanted files, code and behaviors. Suspicious file detection examines characteristics such as how the file was packed, whether it's making any calls to specific HTTP sites, and if there are embedded URLs in the code Sophos passed all of our security tests, thwarting malware, spyware, exploits, intrusion attempts and the installation of unauthorized applications and devices.
Sophos Endpoint Security and Control effectively covers all the bases for security on endpoint devices.
Testing methodology: We installed the enterprise console and NAC server on a Windows Server 2003 machine and tested with a variety of client endpoints, including multiple versions of Windows, Mac OS and Linux using a variety of active malicious code and adware/spyware.