Sophos Endpoint Security & Data Protection manual

S o p h o s E n d p o i n t S e c u r i t y a n d D a t a P r o t e c t i o n : R e v i e w e r’ s g u i d e[...]

1 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE[...]

2 WELCOME W elcom e to this rev iewe r ’s guid e fo r So phos Endp oint Sec urit y an d Da ta P rotec tion – S opho s’s fully int egra ted, sca lable end poin t se curi ty so luti on . Th is d ocume nt int rodu ces the k ey softw are elem ents of S opho s En dpoi nt Se curi ty a nd D ata P rot ecti on: mana geme nt c onsol e, a nti- viru s, c[...]

3 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE CONTENTS 1 COMPLETE PROTECTION FOR THE ENDPOINT 4 Over view of Sophos Endpoint Security and Data P rotection 2 SINGLE, CENTRAL AUTOMA TED CONSOLE 7 Over view of Sophos Enterprise Console 3 PROTECTING WINDOWS COMPUTERS 17 Over view of Sophos Endpoint Security and Control, Sophos Cli[...]

4 1 COMPLETE PROTECTION FOR THE ENDPOINT REVIEWER’S GUIDE sophos endpoint security and da t a protection 1 COMPLETE PROTECTION FOR THE ENDPOINT OVERVIEW OF ENDPOINT SECURITY AND DA T A PROTECTION Sophos simplifies the task of securing your desktops, laptops, mobile devices, and file ser vers against known and unknown threats, as well as protect[...]

5 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Comprehensive data protection Th e co mb in at io n of a nu mb er o f di ff er ent t ec hn ol og ie s en su res t ha t yo ur d at a is pr ot ec te d ag ai ns t a cc id en ta l lo ss . DL P c on te nt s ca nn in g in teg ra te d in to t he s in gle en dp oi nt a ge nt m oni to rs f [...]

6 1 COMPLETE PROTECTION FOR THE ENDPOINT REVIEWER’S GUIDE T esting key features Before you test, here are some items to consider and to compare to competing products: • Can you manage protection for all your platforms from a single management console? • How many deployments are required to provide equal endpoint protection coverage – [...]

7 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE sophos enterprise console 2 SINGLE, CENTRAL A UTOMA TED CONSOLE OVERVIEW OF SOPHOS ENTERPRISE CONSOLE Sophos Enterprise Console delivers smarter , simpler policy-based management of your endpoint protection. It lets you manage thousands of W indows, Mac, Linux and UNIX computers fr[...]

8 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE active directory integra tion and synchroniza tion F aster deployment and automatic protection Sophos Endpoint Security and Data P rotection makes it easy to find computers on your network by enabling the replication of Active Director y groups and client structure into Enterprise Console. [...]

9 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE At the click of a mouse, you can: • Filter the view to focus on those computers with out-of-date protection or with malware alerts, giving you instant visibility of the areas on your network that require attention. • Adjust the dashboard thresholds at which the status col[...]

10 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE smart views T argeted cleanup Cleaning up a large network after an attack can be expensive and time- consuming. Enterprise Console provides remote, centralized cleanup of files, registr y entries, and running processes. Smart Views gives a complete view of the security status of all comput[...]

11 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE activepolicies Simplified policy setting and enforcement Using Sophos ActiveP olicies™, you can quickly and intuitively create and deploy network-wide policies independently of groups, allowing you to deploy one policy across multiple groups simultaneously . ActiveP olicies tak[...]

12 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE F igur e 6: Configuring Anti-virus and HIPS policy Anti-virus and HIPS policies – vir us, spyware, PUA, intrusion prevention Imp leme ntin g our ant i-vi rus prot ectio n al so p rovi des you w ith a co mple te h ost int rusi on p reven tion sys tem (HIP S) wi thou t th e ne ed f or co m[...]

13 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Application control policies Applications like V oIP , IM and P2P are increasingly the cause of security , legal and productivity issues in business – consequently IT departments are being asked to control their unauthorized installation and usage. Sophos integrates the detectio[...]

14 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE Device control policies Device control can help to significantly reduce your exposure to accidental data loss and restrict the ability of users to introduce software and malware from outside of your network environment. Integrated into the Sophos endpoint agent, it enables you to control t[...]

15 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Y ou can also significantly reduce the risk of network bridging between a corporate network and a non-corporate network. The Block bridged mode is available for both wireless and modem types of device. The mode works by disabling either wireless or modem network adapters when an [...]

16 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE There are two types of data control rule: • file matching rule: specifies the action that is taken if the user attempts to transfer a file with the specified file name or of the specified file type (true file type categor y , e.g. a spreadsheet) to the specified destination, f[...]

17 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE There are a number of actions that can be taken when a data control rule is matched: • Allow file transfer and log event • Allow transfer on acceptance by user and log event • Block transfer and log event By defa ult, when a r ule is m atch ed an d fil e tr ansf e[...]

18 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE Y ou can configure different location aware security policies to ensure that mobile computers are protected, whether in or out of the office. The location of the mobile computer is detected using either DNS or the gateway MAC address. Network access control policies NAC pol icie s are con[...]

19 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE • Manage—provides components for editing and managing policies and managing computers. • Enforce—offers control of network access using access templates and exemptions. • Report—offers a suite of reports for troubleshooting compliance and network access. •?[...]

20 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE Important T o fully evaluate the Sophos NAC functionality please download and install the NAC Manager component from www .sophos.com/downloads/ (Y our evaluation credentials will provide you with access to this area.) There are three pre-defined NAC policies: • Default —The default [...]

21 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Reports can be output in table format as well as chart format, including pie charts and can be expor ted in a number of file formats, namely : PDF (Acrobat), HTML, MS Excel, MS W ord, RTF , CSV , XML. Using the Report Manager , you can quickly create a repor t based on an existin[...]

22 2 SINGLE, CENTRAL AUTOMA TED CONSOLE REVIEWER’S GUIDE There are four pre-configured roles: 1. System Administrator —A pre-configured role that has full rights to manage Sophos security software on the network and roles in Enterprise Console. The System Administrator role cannot be edited or deleted. 2. Administrator —A pre-configured ro[...]

23 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE sophos endpoint security and da t a protection 3 PROTECTING WINDOWS COMPUTERS Sophos Endpoint Security and Data P rotection protects your Windows network with Sophos Endpoint Security and Control for Windows, Sophos NAC, SafeGuard Disk Encr yption and Sophos Client Firewall. SOPHO[...]

24 3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE Intrusion prevention Sophos Endpoint Security and Control for Windows includes complete intrusion prevention (HIPS), ensuring proactive protection without you having to carr y out the complex installation and configuration of a separate product. A number of pre-emptive detection technologies com[...]

25 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Application Control While some applications can provide efficiency gains, others can distract users from their business tasks, and waste valuable network bandwidth and processing power . In addition, with P2P and IM-based malware attacks growing fast, and regulations that make it[...]

26 3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE SophosLabs also maintains a librar y of extensive librar y of global sensitive data definitions (Content Control Lists) which covers personally identifiable information (PII) such as credit card numbers, social security numbers, postal addresses, or email addresses helping you to protect your s[...]

27 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE SAFEGUARD DISK ENCRYPTION SafeGuard Disk Encr yption is an easy to implement solution that encr ypts hard disks and data on mobile media to protect against the loss of data and meet compliance requirements. Securing data through full disk encr yption Har d di sks (IDE, SCS I, s er[...]

28 3 PROTECTING WINDOWS COMPUTERS REVIEWER’S GUIDE SOPHOS CLIENT FIREW ALL Sophos Client Firewall is integrated into the endpoint agent making deployment, configuration, updating, and management by Enterprise Console simple. It proactively locks down computers, protecting against known and unknown threats, such as internet worms, hackers, and un[...]

29 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Ensuring protection with location awareness Sophos Client Firewall lets you configure different policies for different locations according to the location where computers are used, for example, in the office (on the network) and out of the office. The Enterprise Console will th[...]

30 4 PROTECTING NON-WINDOWS COMPUTERS REVIEWER’S GUIDE sophos anti - virus for mac os x , linux and unix 4 PROTECTING NON- WINDOWS COMPUTERS THE NEED TO PROTECT NON- WINDOWS COMPUTERS It has become increasingly important to protect Mac, Linux, UNIX and other computers. The ability of non-W indows computers to harbor and spread Windows viruses, th[...]

31 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Y ou can also enable remote and mobile users to update from wherever they are via the network or internet, either from the main ser ver , a backup, or directly from Sophos. Automatic reporting of virus incidents Enterprise Console’s security dashboard shows outbreak risk data, a[...]

32 4 PROTECTING NON-WINDOWS COMPUTERS REVIEWER’S GUIDE Automatic updates Updates are automatically downloaded and distributed through Enterprise Console, cascading web ser vers or directly from Sophos, ensuring that all computers across the network, including remote laptops, are fully protected. SOPHOS ANTI- VIRUS FOR UNIX Sophos Anti- Virus for [...]

33 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE appendix i EV AL U A TING ENDPOINT SECURITY AND DA T A PROTECTION W e want you to be absolutely convinced that Sophos Endpoint Security and Data P rotection will protect your network and support you better than any other security vendor . This appendix gives you details of what do[...]

34 SYSTEM REQUIREMENTS F or full details, visit www .sophos.com/products/all-sysreqs.html Enterprise Console system requir ements Platforms supported Windows 95/98/NT4/2000/XP/2003/V ista/2008/7 Mac OS X Linux UNIX Hardware Minimum 2.0 GHz P entium or equivalent Management server Windows Server 2008 Windows Server 2003 and R2 Windows 2000 Server VM[...]

35 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE Sophos Endpoint Security and Control for Windows system requirements Platforms supported Windows 95/98/NT4/2000 and 2000 P ro/XP Home and P ro/2003/Vista/2008/7 Windows Netbooks Windows XP e Windows Embedded Standard W ePOS VMW are ESX VMW are W orkstation VMW are Server Disk spac[...]

36 appendix ii THE EICAR TEST “ VIRUS” ABOUT THE EICAR TEST FILE The EICAR* Standard Anti-virus T est File is safe to use for test purposes because it is not a virus, and does not include any fragments of viral code. It is a legitimate DOS program that consists entirely of printable ASCII characters. The file lets you simulate safely what happ[...]

37 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE appendix iii OTHER SOPHOS PRODUCTS AND SERVICES Sophos Security and Data P rotection Sophos Email Security and Data Protection Sophos Email Security and Control is a choice of software solutions and fully integrated Email Appliances, providing effective and intelligent protection [...]

38 Sophos Alert Ser vices Sophos ZombieAlert™ Ser vice provides you with immediate warning if spammers have hijacked any of your organization ’s computers to send spam or launch denial-of-ser vice attacks. www .sophos.com/products/enterprise/aler t-ser vices/zombiealert.html Sophos PhishAlert™ Ser vice provides fast, near real-time alerts of [...]

39 SOPHOS ENDPOINT SECURITY AND DA T A PROTECTION REVIEWER’S GUIDE F ree tools Sophos provides a number of tools can be used to reduce vulnerabilities and threats. They are free downloads that utilize our most up-to-date technologies and information. Sophos Computer Security Scan htt p:// www .s opho s.com /pro duct s/fr ee-t ools /soph os-c ompu[...]

Boston, USA | Oxford, UK © Copyright 2009. Sophos. All rights reser ved. All trademarks are the property of their respective owners. rg/091215[...]