This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC vs. Endpoint Protection

Hello,

for about 2 Years we are successfully using "Sophos Endpoint Security" for about 200 computers. Sophos Enterprise Console is installed on a seperate Windows Server to manage all those computer.

We also have a SG Firewall (with full guard-bundle, so it had most features I think), it also has a "Endpoint Protection" tab, and the protection there is actually enabled (but didn't use it yet). So I just installed Sophos AV on a non-domain computer with the "This link can be used from any computer to download the installer"-Link from the "Deploy Agent" tab.

Now I got the Endpoint Protection on my (personal, non-domain for testing purposes) computer. Unfortunately it looks like there is no firewall option when installing the AV Protection over the SG Firewall. When I install Endpoint Protection from the Windows Server (Enterprise Console), there is the option to enable Sophos Firewall for the client. But that's not the Question for now.

I do understand the concept of either managing Endpoint Protection for computers from the SEC (Sophos Enterprise Console) - running on a Server - or have it managed over the Firewall ("centralized"). It looks like I can mix both: protect some Computers from SEC, and some over the firewall (of course this isn't very practical, though, but possible).

1.) The Question now is, if I have 200 licenses (for client/server software "Endpoint Protection Standard"), what is it about this "Endpoint Protection" managed over the SG? Is this a "lite" Version of Endpoint Protection built-in right into the firewall, or does the same pool of licenses apply here (the 200)? If its not the same pool, how are the computers that I manage now (over the firewall) licensed?

2.) Also, when Endpoint Protection is rolled out on either by the SG, or from the SEC, is it the same AV-engine that runs? Or is one way to do it "better" or more "secure" (besides the fact the firewall-feature is missing when deployed through the SG).



This thread was automatically locked due to age.
  • Hello IVS,

    I can answer the questions partially (I'm not Sophos and not familiar with SG licensing), technical question first:

    The AV engine and the data it utilizes is the same for all products (and platforms). As far as basic AV is concerned there is no difference. Management and manageable (and thus available) features differ (most notably SCF and DLP).

    At least for XG Endpoint is an extra license (it might be included in your full-guard bundle) but definitely there's no "Endpoint pool" that you can use across different products (AFAIK UTM, XG and also Central count licenses, SEC doesn't).

    Hope this helps a little bit

    Christian

  • Thanks for your reply, it helps.

    However I still can't figure out how many licenses I have when deploying "Endpoint Protection" through our SG230. Our 200 licenses are - apparently - used only when deploying through SEC.

    For now I don't see any limitation in the SG230, but I highly doubt I can use the Endpoint Protection on an unlimited number of machines.

  • Hello IVS,

    AFAIK licensing for the gateways has been changed to a subscription model which you can manage using the portal (e.g. MyUTM). But as said, I'm not familiar with the SGs (or gateways in general) and their licensing. With SEC/SESC you just tell Sophos how many users you (intend to) have, they name a price and that's it. No keys, no counters, no enforcement, no audit.

    If you don't have your license schedule or license details available customercare@sophos.com should be able to provide them.

    Christian

  • Switched to another brand/product for our secondary site, if Sophos can't even reply, fine :).