Sophos Endpoint Security and Control

Sophos Endpoint Security and Control offers a single integrated solution for        ...
Faster, low-impact protection
Technology bytes
Simplifying deployment and administration

Sophos Enterprise Console™ simplifies management of Windows, M...
Trusted support from the experts                                                                                 Platforms...
Upcoming SlideShare
Loading in...5

Key benefits


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Key benefits

  1. 1. Sophos Endpoint Security and Control Sophos Endpoint Security and Control offers a single integrated solution for Key benefits anti-malware and data loss prevention. » Eliminates known and unknown threats with a single centralized It delivers anti-virus and anti-spyware protection, client firewall, content-aware DLP solution scanning and management of removable storage devices, unauthorized software and » Detects and removes viruses, NAC, giving you the best preventive protection and endpoint assessment and control. spyware, rootkits, Trojans, adware and potentially unwanted A single license means you can protect all users and computers across Windows, Mac, applications (PUAs) Linux, UNIX and other non-Windows platforms. » Without requiring a separate agent, scans for sensitive information being Fast and preventive protection transferred off the network A unified single client blocks malware, adware, suspicious files and behavior and removable storage » Lets you instantly identify vulnerable devices. It also blocks unauthorized software such as IM, VoIP P2P and games, and controls the transfer , computers to check compliance, of sensitive information. Its fast scanning engine and built-in intrusion-prevention technologies detect new update policies and clean up threats and zero-day threats without the need for a malware signature update. Preventive protection is delivered » Controls applications that can by integrated network access control functionality that ensures all computers connecting to the network adversely affect network and user meet your security standards. productivity, such as VoIP and IM » Allows assessment of the security Comprehensive data protection status of managed and unmanaged The combination of a number of different technologies ensures that your data is protected against computers; provides alerts when accidental loss. Content scanning integrated into the single agent ensures that all sensitive data being issues such as a disabled patch agent transferred by users to removable storage devices and internet-enabled applications such as email or or firewall arise, and can provide instant messaging is detected and can be audited. Granular control of removable storage devices enables automatic resolution you to allow the use of specific devices, enforce the use of encrypted devices or simply allow read-only » Enforces protection against unknown access. users gaining access to your network » Lets you rapidly create and update Simplified and automated management security policies, and deploy them across multiple groups Our management console reduces your administrative burden by automating the deployment of protection, simultaneously and simplifying policy management and reporting. The dashboard provides instant visibility into the protection status and events across Windows, Mac, Linux and UNIX platforms. It also enables the » Receives and centrally deploys small centralized cleanup of malware and fixes non-compliant computers. Role-based administration enables automatic updates every five minutes you to share specific tasks such as clean up with the help desk team. Scheduled reporting means that » Allows automatic deployment to new specific reports can be emailed automatically to the people who need them. computers through Active Directory synchronization » Provides role-based administration privileges assigned with help desk and read-only consoles » Enables a wide range of customized, graphical reports to be created, Central Pre-execution Runtime Communication Network access control Data protection scheduled to run and automatically management control control control » Compliance reporting » Data Control emailed » Anti-virus » HIPS » Client Firewall » Patch and vulnerability » Device Control » Anti-spyware » Bu er assessment » Application control » Behaviour blocking over ow » Enforcement » Includes 24x7x365 support for the » Application control duration of the license and one-on- one assistance
  2. 2. Faster, low-impact protection Software components One scan with our single endpoint agent detects viruses, spyware and adware, suspicious behavior and files, removable storage devices and unauthorized applications. The client will Enterprise Console also detect when users try to transfer sensitive data to removable storage devices and internet- enabled applications such as email and instant messaging. A single, automated console for Windows, Mac, UNIX and Linux that • Sophos updates are small in size and are released frequently—an advantage for centrally deploys and manages: anti- companies wanting fast protection with low impact on network resources. virus and client firewall protection; intrusion prevention; data, device • Decision Caching™ technology improves on-access scanning performance by and application control; and endpoint intercepting and scanning only the files that have changed since the system was last assessment and control accessed. • SophosLabs™signatures control applications that can adversely impact network and Sophos Anti-Virus user productivity, such as VoIP and IM. A single endpoint agent that detects viruses, spyware and adware, rootkits Effective zero-day protection and suspicious files, suspicious Sophos HIPS technology pioneered by SophosLabs provides detection that automatically behavior; monitors the transfer of guards against new and targeted threats and can detect more than 85% of unknown threats. sensitive data off the network; and The built-in intrusion-prevention technology detects malware, malicious and suspicious controls the use of removable storage behavior and files, and delivers proactive protection without complex installation and devices and unauthorized applications configuration. Scanning is performed using Sophos’s anti-virus engine, without the need to deploy any additional components. Sophos NAC A network access control solution that This innovative technology uniquely analyzes the behavior of code at two stages: assesses managed, unmanaged and unauthorized computers to detect • Pre-execution— The behavior of code is analyzed before it runs and code is configuration issues, such as out-of- prevented from running if it is considered to be suspicious or malicious. date anti-virus protection or a disabled • Runtime — Threats that cannot be detected before execution are executed. firewall and fixes them before allowing access Reducing the risk of accidental data loss Sophos Client Firewall The combination of a number of components helps you to protect your data against loss and meet your compliance needs: A centrally managed client firewall designed for the enterprise environment • Content-aware DLP scanning—integrated into the agent —monitors the transfer of that blocks worms, stops hackers and sensitive data to removable storage devices and internet-enabled applications. It prevents intrusion from hackers uses an extensive library of data definitions supplied by SophosLabs, reducing the burden of manually creating and maintaining lists yourself. Sophos Mobile Security • Flexible, granular control of removable storage devices allows the authorization of Anti-virus and anti-spyware protection specific devices, enforcement of encrypted devices or even just read-only access, as for Windows Mobile smartphones and well as control over network interfaces like 3G modems. PDAs • Application control allows you to monitors applications being used on the network, and prevents the installation and use of unwanted applications such as P2P and IM clients that can act as a means for sensitive data transfer. A comprehensive list of applications supplied and maintained by SophosLabs™ removes the need for administrators to add new applications or manually update detection of new versions.
  3. 3. Technology bytes Simplifying deployment and administration Sophos Enterprise Console™ simplifies management of Windows, Mac, Linux and UNIX ActivePolicies™ protection by centralizing deployment, updating, reporting and security policy enforcement. It Lets you create a new security policy once and then deploy it across multiple manages endpoint and client firewall protection as well as endpoint assessment and control, groups simultaneously providing unrivalled visibility of the security status of your entire network. Application Control • The console synchronizes with Active Directory to ensure your chosen security policy Allows you to selectively authorize or is automatically enforced as new computers join your network. block legitimate applications that impact network bandwidth, system availability, • Outbreak and data risk levels across the entire network are displayed on the security and user productivity dashboard and automatic email alerts are sent when your chosen security thresholds Behavioral Genotype® Protection are threatened. Delivers the benefits of a Host Intrusion • Protection is automatically updated as frequently as every five minutes — and Prevention System (HIPS), guarding against unknown threats by analyzing because you control the download rate, you can preserve bandwidth. behavior before code executes • Endpoint computers can be completely disinfected in a single, simple operation from Centralized cleanup the console. Lets you deal with malware and PUAs • ActivePolicies in the console allows you to create a policy once and then apply it remotely from a central location, saving time and money across multiple groups, on Windows, Mac, Linux and UNIX computers. Policies cover updating schedules, anti-virus and HIPS, client firewall, data control, device Data Loss Prevention control, application control and NAC. Allows you to monitor the transfer of sensitive data such as PII to storage • Specific roles can be configured to enable responsibility for specific actions like devices and applications using an clean-up or management areas of the network, such as remote offices, to be extensive library of global sensitive data delegated through role based administration. definitions supplied and updated by SophosLabs • Out-of-the-box compliance reports and a reporting wizard let administrators to create and customise reports that can be scheduled and emailed to selected recipients with Decision Caching™ threat alerts and infections. Provides performance-enhanced on- access scans by ensuring that only those files that have changed are scanned Device Control Helps you control the use of removable storage devices allowing the authorization of specific devices, enforcement of encrypted devices or read-only access; also controls modems and wireless networking protocols Smart Views Lets you instantly focus on vulnerable computers— including remote computers—to check compliance, update policies and clean up threats Sophos AutoUpdate™ Offers failsafe updating and can throttle Preventive protection reduces risk of infection bandwidth when updating over low-speed network connections By identifying managed and unmanaged computers with potential security flaws, such as Rootkit detection and cleanup out-of-date anti-virus protection or a disabled firewall, you can reduce the risk of infection. You Integrated rootkit detection that finds and can choose to either block non-compliant computers or ensure that security is improved to removes any rootkit hidden on desktop meet a required standard before allowing access. computers • Default policies check if anti-virus and client firewall protection is active and up to Stealth mode Lets Sophos Client Firewall prevent date on managed and unmanaged computers. computers from responding and falling • Sophos NAC agent checks if Microsoft operating system service packs are installed, victim to hacker attacks and that Microsoft/Windows Update is enabled. • Enforcement options ensure that unauthorized computers are not granted access to your network.
  4. 4. Trusted support from the experts Platforms supported All Sophos products are supported by experienced Sophos teams who ensure you benefit from the best protection and the maximum return on investment. SOPHOS ANTI-VIRUS » Windows • Highly skilled analysts in SophosLabs, our global network of threat analysis centers, Windows 7/Vista/XP Home and provide proactive rapid protection against known and unknown threats. Pro/2000 and 2000 Pro/95/98/NT/ Mobile/ Server 2008 /Server 2003 • Through technology, global visibility of emerging threats, and integrated threat » VMware expertise, SophosLabs provides the 24x7 research and fast global response your ESX 3.0, 3.5/Workstation 5.0/ Server organization needs to protect it from increasingly complex threats. 1.0 • Our around-the-clock technical customer support operation is included in every » Non-Windows platforms license and provides access to our in-house customer support team. Mac OS X/Linux/UNIX/NetApp Storage Systems/EMC/OpenVMS/NetWare • Our support engineers provide one-to-one support by email or telephone, or you can take advantage of our web-based support knowledgebase. SOPHOS NAC • The Sophos Professional Services team can help you to get the most out of Sophos » Windows products by optimizing your implementation. 2000/XP/Vista SOPHOS CLIENT FIREWALL Simple pricing and licensing » Windows • A single license covers all users and computers across Windows, Mac, Linux, UNIX Windows 7/Vista/XP Pro or Home/2000 and other non-Windows platforms. Pro • Subscription-based licensing entitles you to protection, management and product ENTERPRISE CONSOLE updates, as well as technical support. Management server • Web Security and Control, Email Security and Data Protection, and NAC Advanced » Windows services can all be included in one license. Server 2008/Server 2003/2000 Server » VMware ESX 3.0, 3.5/Workstation 5.0/ Server 1.0 Languages supported Remote console English, French, German, Italian, Japanese, Spanish, Simplified Chinese and Traditional » Windows Chinese. Server 2008/Server 2003/2000 Pro and Server/Vista/XP Pro Note: Not all functionality/language support is available on all platforms. » VMware ESX 3.0, 3.5/Workstation 5.0/ Server Evaluate now for free 1.0 Platforms managed See Sophos Endpoint Security and Control in action by registering for a free 30-day evaluation » Windows at Windows 7/ Vista/Server 2003/ XP/2000/98/95/NT4/Server 2008*/ How to buy Server 2003 » Mac OS X Find your local Sophos office or Sophos Partner at We also offer competitive Versions 10.4/10.5 /10.6 pricing for charities, government agencies and the education sector. » Linux** » UNIX** * Including AMD64 and Itanium 64-bit versions ** For full details, visit Boston, USA | Oxford, UK © Copyright 2009. Sophos Plc. All rights reserved. All trademarks are the property of their respective owners. ds/091014