Sophos Endpoint Protection v10
Strengths: Layers of protection; strong data leakage-like features.
Weaknesses: Not many, reporting may have been a bit light.
Verdict: Full-service offering priced very well for all the features it provides.
Sophos Endpoint Protection v10 provides a single, automated console for Windows, Mac, Unix, Linux and virtual platforms to centrally manage anti-virus, firewall, intrusion prevention, web protection, patch management, encryption, device management and application management.
Sophos Central Management Console requires Windows Server 2003/2008/2008 R2, plus SQL Server/Express. The install is automated, but does take some time. We were up and running in about 45 minutes. Once installed, we accessed the console and were provided a wizard to do our setup and configuration. Sophos Enterprise Console (SEC) automates the deployment, management and updating of protection across Windows, Mac, Linux and UNIX machines all from a central point. SEC manages policies for anti-virus; host-based intrusion prevention systems (HIPS); application, device and data control; and firewall and tamper protection.
Endpoint discovery was easy with support for Active Directory integration, IP discovery and even network sniffing capabilities to find endpoints. We found a number of built-in wizards for configuring the various protection areas.
The firewall module was done particularly well. Firewall configuration can be done through templates, wizards and simple mouse-click programming. There were a lot of protections available to deploy. Version 10 of Sophos Endpoint Protection has added patch assessment, web filtering and full-disk encryption. Alongside the existing support mentioned above, this solution offered a substantial amount of protection services on the endpoint. All of the protection offerings were well done and simple to configure and deploy. The device control was pretty granular.
We really liked the Data Control. It provided a data leakage-like service in that users can configure numerous prebuilt templates to look for things like bank routing numbers, credit card numbers and other personal information. Admins can even create their own rules or search strings for items to be monitored or block based on key words or content. The encryption capability provided a pleasing feature to force encryption before sending certain information - again, a lot of base rules were provided with the ability to add or customize as required. HIPS ensured that malicious system processes cannot be launched in the background, and memory for existing running processes cannot be changed to inject malicious code. The application control, patch management and web control were all easily configured with plenty of default or templated content to use.
Alerting is configurable and available via email. The user-interface dashboards provide summary visualization into top alerts, thresholds and measures. We didn't find a lot of ability to customize the dashboards. Standard reports are available. Reporting templates were light - a handful available out of the box. Users can customize their own reports.
Basic support comes with the product and provides 24/7 phone assistance, an online knowledge base and access to Sophos Community. Platinum and premium support offerings are available, although fees were not provided. Documentation was a bit light on the administration side, but we had everything we needed to get installed and running.
This is a feature-rich offering and all the components perform well; combined, this provides several layers of endpoint protection at an attractive price point.