This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Central or on-premises

Hello! Would like to get some advise on Sophos Endpoint solutions.

 

My company would like to get sophos endpoint solutions. However, we do not know whether to get endpoint central or on-premises. Currently, my company has around 20 users. 10 users has access to the internet and the other 10 users does not have internet access. Everything is controlled by SG 135. We do not have AD. Should we install endpoint on every pc?

So if i get the on-premises, the virus definition will be handled by the SG 135 rite? However, if we go to cloud, how do we ensure that those endpoint solutions installed on pc that does not have internet connection get the update?

 

We would prefer cloud as it is easier to manage. Welcome for any suggestions!



This thread was automatically locked due to age.
Parents
  • That is a tricky one.  

    I would typically suggest Central managed as well, especially as you have an SG firewall.  You can presumably get the whole synchronised security thing going either now or in the future.

    The Central Managed solution also gets the latest endpoint technology and as you say it's easier to manage.  For 20 computers, Central is the right solution 99% of the time and it will give the best protection to the internet facing clients.

    That said, with computers that can't access the internet, the only way currently, as far as I know to manage all of your computers in a single console would be to use the on-premise solution. i.e. installing the Sophos Enterprise Console (SEC) and associated management software locally on a Windows server.  

    Note: In order to get this local central management and updating, this assumes that all the computers are all on the same network. They don't need to be AD managed, as long as they can connect to the management server with TCP/IP.

    Sophos Central has an update cache, in that you can nominate a Central managed Windows server as an update cache but at the current time this is just for updating not the management, the endpoint will need an internet connection.  The update cache can't proxy the management communication back to the Cloud at this time but I believe I did hear something about this.

    Even the standalone installer - which is the unmanaged on-premise client that comes with an on-premise license is ruled out as that performs direct updates from the internet.  

    The only way therefore to protect these non-internet enabled devices is use on-premise managed SEC.  The Windows server pulls updates to a local share on the server the clients can update from and all management communication is direct with the local management server.

    If it was me I would probably get a 10 user Central licence and a 10 user on-premise licence.  You can then get the best protection for the 10 most at risk devices, i.e. the ones with the internet using Central Managed. On a local Windows server you can install Enterprise Console to protect/manage the other 10.  If they do get internet access in the future, then switch them to Central managed.

    If Central will give you the best solution for protecting the most at risk devices it seems wrong to go to on-premise due to the low risk devices.  I also assume that Central will provide a full solution to offline clients in the future.

    Regards,

    Jak

  • Hi Jak,

     

    First of all, thank you for your advise! Appreciate much. All the computers are managed by SG 135. We do not have AD network. The computer without internet access are the computers that has internet access but we blocked them through the SG 135. Hopefully Sophos Central has some solution for offline clients soon.

  • By the way, i would like to ask whats the difference between UTM Endpoint protection vs ENDPOINT PROTECTION ADVANCED?

    If i were to get the endpoint protection advanced, i can choose to deploy by using the SEC or Sophos UTM? Would both of the pricing be the same?

  • I wouldn't suggest going with UTM managed AV.  The investment seems to be the Central managed client, that's where you'll get all the latest features such as root cause analytics and anything next gen.

    Regards,

    Jak

Reply Children
No Data