Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 19 subscribers
  • Views 43600 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Complete Security Suite

dohc97

We are currently using an AV suite from another company.  I just wanted to ask your opinion on the above security suite as it is one of the products we are evaluating.  

- how efficient is it in catching virus, malware and adware

- how is it affecting the performance of both the server it is installed in and the user's machines

- how manageable is it as far as pushing to new machines

- can I install the Enterprise Console in a VM

I may have some more questions in the future.

Thanks..

:26297


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    To answer you questions:
     

    You can certianly install Enterprise Console (SEC) in a VM.  That is supported.

    It's very easy to deploy to endpoints and can be done in a variety of ways.  The push from the console with SEC 5.1 is much more likley to succeed than with previous versions.  It's also easy to script the install, as you can just run setup.exe with the required switches. http://www.sophos.com/en-us/support/knowledgebase/12570.aspx.  Incorporate install commands into AD startup scripts for example.

    A good tip to obtain an install string is to deploy to a template command whilst monitoring the scheduled tasks, once the install task is created you can look at the properties.  This will give you the full command line and save having to obfuscate the usrname and password switches yourself.  You can also add on additional switches such as -g to add the machines to a group in SEC at install.

    Performance wise, it should be fine out of the box, but you can always customise the scanning options and add exclusions where neccessary.  I've not had any problems.

    The layered approach is always going to be your best bet, defense in depth really is the key.  If you can put the web appliance infront of users that's a powerful tool to control what is likely to get as far as the client from the web as a route in.  The web has to be the main entrypoint.

    App Control, Device Control, Data Control, patch, Web control (client based), tamper protection, Firewall are all helpful to reduce risk also so using them in comination where required is the way to do it.  Encryption is also vital for laptops leaving the site.

    As for installing SEC, the main thing I would recommend is to create two service accounts before you start, e.g:

    1. SophosManagement
    2. SophosUpdate

    They can be regular users, just untick, user must change password at next logon as password never expires.  The SophosManagement account needs to be able to logon to the management server machine, so that is worth testing.  this way when you run the installer you're ready.

    Any questions, ask away.

    Hope that helps,

    Regards

    Jak

    :26301
Reply
  • 0

    Hi,

    To answer you questions:
     

    You can certianly install Enterprise Console (SEC) in a VM.  That is supported.

    It's very easy to deploy to endpoints and can be done in a variety of ways.  The push from the console with SEC 5.1 is much more likley to succeed than with previous versions.  It's also easy to script the install, as you can just run setup.exe with the required switches. http://www.sophos.com/en-us/support/knowledgebase/12570.aspx.  Incorporate install commands into AD startup scripts for example.

    A good tip to obtain an install string is to deploy to a template command whilst monitoring the scheduled tasks, once the install task is created you can look at the properties.  This will give you the full command line and save having to obfuscate the usrname and password switches yourself.  You can also add on additional switches such as -g to add the machines to a group in SEC at install.

    Performance wise, it should be fine out of the box, but you can always customise the scanning options and add exclusions where neccessary.  I've not had any problems.

    The layered approach is always going to be your best bet, defense in depth really is the key.  If you can put the web appliance infront of users that's a powerful tool to control what is likely to get as far as the client from the web as a route in.  The web has to be the main entrypoint.

    App Control, Device Control, Data Control, patch, Web control (client based), tamper protection, Firewall are all helpful to reduce risk also so using them in comination where required is the way to do it.  Encryption is also vital for laptops leaving the site.

    As for installing SEC, the main thing I would recommend is to create two service accounts before you start, e.g:

    1. SophosManagement
    2. SophosUpdate

    They can be regular users, just untick, user must change password at next logon as password never expires.  The SophosManagement account needs to be able to logon to the management server machine, so that is worth testing.  this way when you run the installer you're ready.

    Any questions, ask away.

    Hope that helps,

    Regards

    Jak

    :26301
Children
No Data
Unfiltered HTML