This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sec and XG Heartbeat

At the moment  only Cloud version of AV will support HB. Many SEC installation are spread around and SEC product should support HB really soon.

Heartbeat allows Sophos XG Next Generation Firewall to communicate with Sophos Endpoint and if the computer is not protect with Sophos agent or the "health" does not achieve a minimum state, Firewall can deny access to networks (WAN, DMZ, VLAN, etc...).

Please add vote to support even SEC installation.

http://feature.astaro.com/forums/285723-sophos-endpoint/suggestions/10614732-security-heartbeat-support-sec-installation

Luk



This thread was automatically locked due to age.
Parents
  • Hi All,

    the feature request last year was closed with an not appropriate response (in my opinion).

    Sophos is loosing a lot of opportunities on Medium/Big Customers. In the last year I spoke about Heartbeat at presentations and everyone liked it but it works only with cloud version and most of them cannot go to cloud for internal policy.

    I am loosing selling opportunities with customers where the number of Sophos Endpoint is 2000+.

    If Sophos decides to implement Heartbeat even on SEC, we are able to sell the XG easily. [:@]

    Why this selling aspect is not even considered?

    I would like to see what other Partners/Sophos Users think about it.

    Thanks

  • Hi All,

    It is quite strange that I am the only person who would like this features?

    I am a user (a Partner after) that uses Sophos Enterprise Console since 3.0 version and the Console is still the same.

    Sophos added HIPS, App Control, Vulnerability Asses., DLP, Device Control and now since 5.0 they stopped adding features and they are pushing us to move to Cloud.

    Cloud can be used for small company and companies that are not taking care about internal policy.

    I do not manage these kind of customers. Some more info from the latest Webinar:

    • Server protection will not be availble on SEC: a nice idea to move to other Vendors
    • HB will not be available on SEC: because HB needs constant communication with Console, so roaming devices will not work with SEC&HB. Let Admins decide where and how implement HB
    • Intercept X will be available at the end of february to SEC but not the RCA component: why? I think the same behaviour like HB.

    I do not know how you guys manage customers with 1000+ with Cloud, sending logs to internal syslog (a lot of traffic) and now no advanced feature like HB, Server protection.

    It is incredible on how Sophos is killing Partners that manage big customers.

    The same feature sets should be available to both console (SEC and Central) and you should let the users decide to use one or the other.

    Sophos will lose big customers for sure.

    Thank you for not even taking note of that!

  • Hello Luk,

    the Console is still the same
    basically yes (I've been here before SEC 1.0 [;)]). Neither NAC (which has been discontinued), nor Web Control, nor SafeGuard, nor SMC (which is something different anyway) have been integrated - although at first it might have looked like a serious attempt to unify management in hindsight it seems more an advertising campaign.

    Right now there are several competing concepts and as a customer I don't see a clear strategy. Is it Central because everyone is moving to the Cloud anyway? Is it SMC because the majority of devices will be smart, roaming, and single-user? Will SEC, Central and what else converge and reincarnate in a version you can deploy wherever you want?  What does SEC 5.4.1 signify - a last version just for boasting TLSv1.2 before it is abandoned?

    Oh well, you didn't ask me ...

    Christian

  • Thanks Christian for your answer.

    Oh NAC, I have even used the advanced version of it. Anyway I think that there are some products need a separate Console, because logs and mechanisms are different like NAC, SafeGuard but what I do not understand and agree with Sophos is that they are "abandon" SEC console development for Cloud. I think it more marketing related and because other competitors are moving to Cloud.

    If you have a look at the SMC they are releasing the same feature sets for Cloud and On-Premise, so customers decide if they can/want to go to cloud or not.

    On SEC I have a customer with more that 6000+ and they think that one day I can go to cloud. They will not to move to Cloud, never! Other customers I have (1000+) will not go to cloud because they cannot for internal policies (which I agree).

    Sophos should develop a new SEC with the same feature sets like the Cloud version (maybe a unique framework like SMC, XG) and make it available to customers.

    HB is a nice technology but no way to sell it in my case.

    Server Lockdown another great feature and on SEC will never been integrated. Why I have to manage Server (critical data) from Cloud?

    I will lose my customers because they will move to another Competitor where more features are becoming available and Sophos is pushing for selling Products that are great for small customers.

    I do not understand and trust their plan. SEC is quite old and they are not developping it since 10 years+.

  • At least I am not alone about Sophos Endpoint Confusion!

  • Hello Luk,

    small customers
    mulled mentioning the we cherish SMBs mantra that was a constant at the road shows. SEC's non-monitored bulk licensing model was kept when the small consoles were merged into the SEC line, guess this didn't go down well with accounting. Changing it will probably alienate at least some customers - mind you, not because they're perhaps underlicensed. The Cloud product is an obvious way to re-introduce counted licenses for SMBs.

    SEC's framework organizes devices in groups - Central is user-based with optional server-devices. The ability to apply policies from SEC on a user basis is a well-known feature request but Central's approach isn't the answer as it is AFAIK not possible to apply both a user and a device policy to an endpoint (I conjecture this is the reason for not providing a workstation Lockdown feature.

    As for Intercept X - wonder if it'll be a yet-another-rudimentary-add-on (do you have any idea about its price - at least in relation to the SESC licenses)? RCA - hm, all the cloud-based stuff (including Live Protection) doesn't really go together with bulk discounts that the original SEC concept allows for. Would your large customers be willing to fork out twice the sum for just one additional feature (albeit an undoubtedly valuable one)? Wonder about the future of Patch (and SCF) BTW.

    Christian   

Reply
  • Hello Luk,

    small customers
    mulled mentioning the we cherish SMBs mantra that was a constant at the road shows. SEC's non-monitored bulk licensing model was kept when the small consoles were merged into the SEC line, guess this didn't go down well with accounting. Changing it will probably alienate at least some customers - mind you, not because they're perhaps underlicensed. The Cloud product is an obvious way to re-introduce counted licenses for SMBs.

    SEC's framework organizes devices in groups - Central is user-based with optional server-devices. The ability to apply policies from SEC on a user basis is a well-known feature request but Central's approach isn't the answer as it is AFAIK not possible to apply both a user and a device policy to an endpoint (I conjecture this is the reason for not providing a workstation Lockdown feature.

    As for Intercept X - wonder if it'll be a yet-another-rudimentary-add-on (do you have any idea about its price - at least in relation to the SESC licenses)? RCA - hm, all the cloud-based stuff (including Live Protection) doesn't really go together with bulk discounts that the original SEC concept allows for. Would your large customers be willing to fork out twice the sum for just one additional feature (albeit an undoubtedly valuable one)? Wonder about the future of Patch (and SCF) BTW.

    Christian   

Children
  • Christian,

    if this is the Sophos Intend we do not know and as a Partner they should share with us where they want to go. Without us and Customers they are out of business soon on certain area.

    I do like the efforts they dedicated on Mobile, XG (not a really UTM9 alternative but it is improving), Sandstorm but in certain area Sophos is not improving (Antispam for example) or it is going in the wrong direction (Cloud).

    Big customers pay and they want a product that simply works. No cloud based but a product that is smart, easy to use and safe. SEC is out-of-date for some aspect but it is still powerful.

    Of course the framework is quite old to add new technology, but they could upgrade SEC as they did with XG, a new product, take the best of SEC and Cloud and provide a solution for Customers on-premise.

    Sophos will lose big customers soon before they even understand what's happened with them. Cloud will fail in certain environment now and forever.

    I am not a Cloud fun because I am a Security Architect and I am more than aware about the breaches behind the Cloud. With big customers, Sophos can make money easily while for small customers you have to close so many small contracts. Crazy stuff! I am sure I am not alone to think in this way.

    Many Partners are not looking at this community but for sure there are many of them that are already angry about that.

    Sophos should propose an advanced license for HB and RCA; Server license for Lockdown feature on SEC and so on. For existing customers, it is easy. If a customer sees that the products is improving and new features are out (that are useful) they will pay because big customers care about security.

    The same concept does not apply to small customers!

    Just crying, man!

  • Hi all,

    I have to agree with luk and QC too. Sophos in pursuit of a Endpoint cloud solution totally resigned to any higher administrative functions previously implemented in Sophos SEC. I'm sorry, but otherwise it probably can not even call it then a pursuit or hunting. I would personally expect from Sophos completely different approach and orientation. They are moving in the endpoint market from SMB, medium and  enterprise customers to SOHO customers. The Sophos Central in the current version lacks (as you both rightly pointed )  any higher administrative functions, a user group policy applied to groups of devices, etc.. The Sophos Central in my opinion is only a children toy which Sophos is trying to sell  as a professional solution. 

    The Sophos Central Endpoint  is not a professional solution and for many next years it will not a professional solution.

    And a management console for a SMB, medium and enterprise customers in a Cloud? It is very bad joke, if it would be a management console for a security solutions. 

    alda