Home > Information Security Magazine > Hot Pick & Product Reviews > Antimalware/Client Firewall
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Antimalware/Client Firewall
Issue: Oct 2006
printer-friendly

ANTIMALWARE/CLIENT FIREWALL


Sophos Endpoint Security
REVIEWED BY TOM LISTON

Sophos
Price: $16,000 per annual subscription

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]

[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

Securing an enterprise against Internet threats is difficult enough without having to deploy and manage separate security applications for each emerging problem.

Sophos Endpoint Security provides a single enterprise-wide interface for deploying and managing Sophos Antivirus 6.0 and Sophos Client Firewall. In the meantime, the latest version of Sophos' antivirus tool has been bolstered with the ability to recognize and block the execution of spyware.

Configuration/Management B+
Intuitive and easy? We were able to scan our test network for assets, install, configure, and test Endpoint Security without consulting the documentation.

The one significant configuration shortcoming that Sophos should address is that there doesn't appear to be a way to hide the security app from users. While Endpoint Security monitors and alerts when client configuration deviates from policy, or if a user disables the product, it would be better to simply remove temptation.

Endpoint Security integrates with Cisco's Network Admission Control, providing the ability to exclude machines that don't meet corporate security policy.

Policy Management A-
Sophos has put a gr...



eat deal of thought into Endpoint Security's management interface. Named policies can be created with fine-grained control over antivirus or firewall settings, and then applied to manually created or Active Directory-based groups of machines.

Subgroups can automatically inherit the policies of their parent group; moving one or more machines from one group to another is a simple drag-and-drop operation. You can view groups in two different ways: by policy, and policies by group--a good way to avoid mistakes editing rules.

The only drawback is that inherited policies are not new, editable controls--you have to create new rules for subgroups to modify them.

[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
More information from SearchSecurity.com

Check out our Identity and Access Management Security School on demand, and take our Endpoint Security quiz.

Read up in endpoint security with this technical tip.
[IMAGE]
[IMAGE] [IMAGE] [IMAGE] [IMAGE]
[IMAGE]
[IMAGE]

Effectiveness B
We tossed a wide range of older viruses at Antivirus 6.0 and, as expected, it was able to identify and block them. Sophos managed to identify five of seven newer viruses, for which some vendors had yet to release signatures, placing it squarely in the middle of the pack of other products tested against the same collection.

When tested against a collection of widely available spyware/adware, Sophos performed slightly above average, blocking the installation of 11 of 15 samples.

One problem seems to be that Sophos relies heavily on signatures; rewriting viruses that it previously identified caused it to fail to block copying of the executable. Additionally, when tested with a beta version of Spycar 2.0--test software that mimics spyware behavior--Sophos failed to block any spyware-like behavior. (Spycar was developed by the reviewer's company, Intel-guardians, and first applied in Information Security's May 2006 review of antispyware products.) Sophos was solidly above average, but didn't approach excellent.

Reporting B+
The built-in reporting tools offer access to a wide variety of information; SmartViews, a filtering mechanism that allows you to choose to report on, for example, all desktop machines, is an intuitive tool for driving the various reporting mechanisms. However, this rather atypical approach might not suit enterprises that want consistency in their reporting tools.

Verdict
Sophos Client Firewall and Antivirus 6.0 are capable products, and the powerful and easy-to-use management system makes for an attractive package.


Testing methodology: The test network consisted of a heterogeneous Windows/Linux environment running Active Directory. Endpoint Security was run from a Windows 2000 server. Viruses/spyware were introduced to the system by attempting to copy them from a shared directory on an unprotected system.





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts