Antimalware/Client Firewall

Sophos' Sophos Endpoint Security

This article can also be found in the Premium Editorial Download: Information Security magazine: Security 7 Award winners: Simply the best:

ANTIMALWARE/CLIENT FIREWALL


Sophos Endpoint Security
REVIEWED BY TOM LISTON

Sophos

Price: $16,000 per annual subscription

@exb


@exe

Securing an enterprise against Internet threats is difficult enough without having to deploy and manage separate security applications for each emerging problem.

Sophos Endpoint Security provides a single enterprise-wide interface for deploying and managing Sophos Antivirus 6.0 and Sophos Client Firewall. In the meantime, the latest version of Sophos' antivirus tool has been bolstered with the ability to recognize and block the execution of spyware.

Configuration/Management B+
Intuitive and easy? We were able to scan our test network for assets, install, configure, and test Endpoint Security without consulting the documentation.

The one significant configuration shortcoming that Sophos should address is that there doesn't appear to be a way to hide the security app from users. While Endpoint Security monitors and alerts when client configuration deviates from policy, or if a user disables the product, it would be better to simply remove temptation.

Endpoint Security integrates with Cisco's Network Admission Control, providing the ability to exclude machines that don't meet corporate security policy.

Policy Management A-
Sophos has put a great deal of thought into Endpoint Security's management interface. Named policies can be created with fine-grained control over antivirus or firewall settings, and then applied to manually created or Active Directory-based groups of machines.

Subgroups can automatically inherit the policies of their parent group; moving one or more machines from one group to another is a simple drag-and-drop operation. You can view groups in two different ways: by policy, and policies by group--a good way to avoid mistakes editing rules.

The only drawback is that inherited policies are not new, editable controls--you have to create new rules for subgroups to modify them.

@exb

More information from SearchSecurity.com

Check out our Identity and Access Management Security School on demand, and take our Endpoint Security quiz.

Read up in endpoint security with this technical tip.
@exe

Effectiveness B
We tossed a wide range of older viruses at Antivirus 6.0 and, as expected, it was able to identify and block them. Sophos managed to identify five of seven newer viruses, for which some vendors had yet to release signatures, placing it squarely in the middle of the pack of other products tested against the same collection.

When tested against a collection of widely available spyware/adware, Sophos performed slightly above average, blocking the installation of 11 of 15 samples.

One problem seems to be that Sophos relies heavily on signatures; rewriting viruses that it previously identified caused it to fail to block copying of the executable. Additionally, when tested with a beta version of Spycar 2.0--test software that mimics spyware behavior--Sophos failed to block any spyware-like behavior. (Spycar was developed by the reviewer's company, Intel-guardians, and first applied in Information Security's May 2006 review of antispyware products.) Sophos was solidly above average, but didn't approach excellent.

Reporting B+
The built-in reporting tools offer access to a wide variety of information; SmartViews, a filtering mechanism that allows you to choose to report on, for example, all desktop machines, is an intuitive tool for driving the various reporting mechanisms. However, this rather atypical approach might not suit enterprises that want consistency in their reporting tools.

Verdict
Sophos Client Firewall and Antivirus 6.0 are capable products, and the powerful and easy-to-use management system makes for an attractive package.


Testing methodology: The test network consisted of a heterogeneous Windows/Linux environment running Active Directory. Endpoint Security was run from a Windows 2000 server. Viruses/spyware were introduced to the system by attempting to copy them from a shared directory on an unprotected system.

This was first published in October 2006

Dig deeper on Client security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close