Sophos Endpoint Security and Control 7

Sophos Endpoint Security and Control protects networked PCs and servers. It not only checks for viruses, but also assesses threats such as spyware and worms, as well as adware, potential security hazards like remote admin programs, and even unauthorised software such as games and VoIP apps.

For an extra layer of protection, Sophos' Host Intrusion Prevention System (HIPS) monitors active processes for buffer overflows and other suspicious activities that may indicate an intrusion attempt. It also scans for characteristics that are known to be present in viruses and other malware.

Sophos continues to build upon its tried-and-tested architecture. This includes the Enterprise Manager Library, a central server that maintains the scanner code and virus signature files and retrieves updates from Sophos' servers, and the Enterprise Console that monitors the networked systems and distributes updates to them as required. The Enterprise Console offers a new Dashboard display that provides more information at a glance, and is easier to use than previous versions.

Setup is simple. Users and PCs can be imported from Active Directory, and computers can also be added from a network scan. Users and computers are organised into groups as required, and each group can be associated with policies that determine how the software behaves. Policies cover operational activities such as updating, application control and antivirus scanning, and any policy can be used by one or more groups of computers (which can be a mix of Windows and non-Windows systems). Policies can be created and edited very easily with a few mouse clicks - a good thing, as the default policies are quite relaxed.

Policies can also configure features such as scanning inside archive files, scanning levels and actions to be taken when a virus is detected. Although a policy's primary use is to ensure routine system checks and updates are carried out and to restrict activities to permitted programs and applications, a policy can easily be created to cause an immediate action on a specific system. This can be used to disinfect PCs from the management console.

Policies determine whether warning messages are displayed or suppressed at the workstation. Real-time alerts received at the Enterprise Console can be sent to specified recipients via email, and each type of alert can be sent to one or more addresses.

Alert reporting is well catered for with reports in both tabular and chart form. Predefined reports are available by location, time or name, with various filtering options to drill down into the data. The system also keeps details of alerts over time and it can produce reports in tabular or chart form covering virus-alert details for up to 12 months.

With its ability to support systems running Linux, NetWare or Windows, Sophos Endpoint Security and Control 7 can provide strong coverage for the system mix often found in evolving networks.

Author: Ian Parsons