This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sec and XG Heartbeat

At the moment  only Cloud version of AV will support HB. Many SEC installation are spread around and SEC product should support HB really soon.

Heartbeat allows Sophos XG Next Generation Firewall to communicate with Sophos Endpoint and if the computer is not protect with Sophos agent or the "health" does not achieve a minimum state, Firewall can deny access to networks (WAN, DMZ, VLAN, etc...).

Please add vote to support even SEC installation.

http://feature.astaro.com/forums/285723-sophos-endpoint/suggestions/10614732-security-heartbeat-support-sec-installation

Luk



This thread was automatically locked due to age.
Parents
  • Hi All,

    the feature request last year was closed with an not appropriate response (in my opinion).

    Sophos is loosing a lot of opportunities on Medium/Big Customers. In the last year I spoke about Heartbeat at presentations and everyone liked it but it works only with cloud version and most of them cannot go to cloud for internal policy.

    I am loosing selling opportunities with customers where the number of Sophos Endpoint is 2000+.

    If Sophos decides to implement Heartbeat even on SEC, we are able to sell the XG easily. [:@]

    Why this selling aspect is not even considered?

    I would like to see what other Partners/Sophos Users think about it.

    Thanks

  • Hi All,

    It is quite strange that I am the only person who would like this features?

    I am a user (a Partner after) that uses Sophos Enterprise Console since 3.0 version and the Console is still the same.

    Sophos added HIPS, App Control, Vulnerability Asses., DLP, Device Control and now since 5.0 they stopped adding features and they are pushing us to move to Cloud.

    Cloud can be used for small company and companies that are not taking care about internal policy.

    I do not manage these kind of customers. Some more info from the latest Webinar:

    • Server protection will not be availble on SEC: a nice idea to move to other Vendors
    • HB will not be available on SEC: because HB needs constant communication with Console, so roaming devices will not work with SEC&HB. Let Admins decide where and how implement HB
    • Intercept X will be available at the end of february to SEC but not the RCA component: why? I think the same behaviour like HB.

    I do not know how you guys manage customers with 1000+ with Cloud, sending logs to internal syslog (a lot of traffic) and now no advanced feature like HB, Server protection.

    It is incredible on how Sophos is killing Partners that manage big customers.

    The same feature sets should be available to both console (SEC and Central) and you should let the users decide to use one or the other.

    Sophos will lose big customers for sure.

    Thank you for not even taking note of that!

Reply
  • Hi All,

    It is quite strange that I am the only person who would like this features?

    I am a user (a Partner after) that uses Sophos Enterprise Console since 3.0 version and the Console is still the same.

    Sophos added HIPS, App Control, Vulnerability Asses., DLP, Device Control and now since 5.0 they stopped adding features and they are pushing us to move to Cloud.

    Cloud can be used for small company and companies that are not taking care about internal policy.

    I do not manage these kind of customers. Some more info from the latest Webinar:

    • Server protection will not be availble on SEC: a nice idea to move to other Vendors
    • HB will not be available on SEC: because HB needs constant communication with Console, so roaming devices will not work with SEC&HB. Let Admins decide where and how implement HB
    • Intercept X will be available at the end of february to SEC but not the RCA component: why? I think the same behaviour like HB.

    I do not know how you guys manage customers with 1000+ with Cloud, sending logs to internal syslog (a lot of traffic) and now no advanced feature like HB, Server protection.

    It is incredible on how Sophos is killing Partners that manage big customers.

    The same feature sets should be available to both console (SEC and Central) and you should let the users decide to use one or the other.

    Sophos will lose big customers for sure.

    Thank you for not even taking note of that!

Children
  • Hello Luk,

    the Console is still the same
    basically yes (I've been here before SEC 1.0 [;)]). Neither NAC (which has been discontinued), nor Web Control, nor SafeGuard, nor SMC (which is something different anyway) have been integrated - although at first it might have looked like a serious attempt to unify management in hindsight it seems more an advertising campaign.

    Right now there are several competing concepts and as a customer I don't see a clear strategy. Is it Central because everyone is moving to the Cloud anyway? Is it SMC because the majority of devices will be smart, roaming, and single-user? Will SEC, Central and what else converge and reincarnate in a version you can deploy wherever you want?  What does SEC 5.4.1 signify - a last version just for boasting TLSv1.2 before it is abandoned?

    Oh well, you didn't ask me ...

    Christian

  • Thanks Christian for your answer.

    Oh NAC, I have even used the advanced version of it. Anyway I think that there are some products need a separate Console, because logs and mechanisms are different like NAC, SafeGuard but what I do not understand and agree with Sophos is that they are "abandon" SEC console development for Cloud. I think it more marketing related and because other competitors are moving to Cloud.

    If you have a look at the SMC they are releasing the same feature sets for Cloud and On-Premise, so customers decide if they can/want to go to cloud or not.

    On SEC I have a customer with more that 6000+ and they think that one day I can go to cloud. They will not to move to Cloud, never! Other customers I have (1000+) will not go to cloud because they cannot for internal policies (which I agree).

    Sophos should develop a new SEC with the same feature sets like the Cloud version (maybe a unique framework like SMC, XG) and make it available to customers.

    HB is a nice technology but no way to sell it in my case.

    Server Lockdown another great feature and on SEC will never been integrated. Why I have to manage Server (critical data) from Cloud?

    I will lose my customers because they will move to another Competitor where more features are becoming available and Sophos is pushing for selling Products that are great for small customers.

    I do not understand and trust their plan. SEC is quite old and they are not developping it since 10 years+.

  • At least I am not alone about Sophos Endpoint Confusion!

  • Hello Luk,

    small customers
    mulled mentioning the we cherish SMBs mantra that was a constant at the road shows. SEC's non-monitored bulk licensing model was kept when the small consoles were merged into the SEC line, guess this didn't go down well with accounting. Changing it will probably alienate at least some customers - mind you, not because they're perhaps underlicensed. The Cloud product is an obvious way to re-introduce counted licenses for SMBs.

    SEC's framework organizes devices in groups - Central is user-based with optional server-devices. The ability to apply policies from SEC on a user basis is a well-known feature request but Central's approach isn't the answer as it is AFAIK not possible to apply both a user and a device policy to an endpoint (I conjecture this is the reason for not providing a workstation Lockdown feature.

    As for Intercept X - wonder if it'll be a yet-another-rudimentary-add-on (do you have any idea about its price - at least in relation to the SESC licenses)? RCA - hm, all the cloud-based stuff (including Live Protection) doesn't really go together with bulk discounts that the original SEC concept allows for. Would your large customers be willing to fork out twice the sum for just one additional feature (albeit an undoubtedly valuable one)? Wonder about the future of Patch (and SCF) BTW.

    Christian   

  • Christian,

    if this is the Sophos Intend we do not know and as a Partner they should share with us where they want to go. Without us and Customers they are out of business soon on certain area.

    I do like the efforts they dedicated on Mobile, XG (not a really UTM9 alternative but it is improving), Sandstorm but in certain area Sophos is not improving (Antispam for example) or it is going in the wrong direction (Cloud).

    Big customers pay and they want a product that simply works. No cloud based but a product that is smart, easy to use and safe. SEC is out-of-date for some aspect but it is still powerful.

    Of course the framework is quite old to add new technology, but they could upgrade SEC as they did with XG, a new product, take the best of SEC and Cloud and provide a solution for Customers on-premise.

    Sophos will lose big customers soon before they even understand what's happened with them. Cloud will fail in certain environment now and forever.

    I am not a Cloud fun because I am a Security Architect and I am more than aware about the breaches behind the Cloud. With big customers, Sophos can make money easily while for small customers you have to close so many small contracts. Crazy stuff! I am sure I am not alone to think in this way.

    Many Partners are not looking at this community but for sure there are many of them that are already angry about that.

    Sophos should propose an advanced license for HB and RCA; Server license for Lockdown feature on SEC and so on. For existing customers, it is easy. If a customer sees that the products is improving and new features are out (that are useful) they will pay because big customers care about security.

    The same concept does not apply to small customers!

    Just crying, man!

  • Hi all,

    I have to agree with luk and QC too. Sophos in pursuit of a Endpoint cloud solution totally resigned to any higher administrative functions previously implemented in Sophos SEC. I'm sorry, but otherwise it probably can not even call it then a pursuit or hunting. I would personally expect from Sophos completely different approach and orientation. They are moving in the endpoint market from SMB, medium and  enterprise customers to SOHO customers. The Sophos Central in the current version lacks (as you both rightly pointed )  any higher administrative functions, a user group policy applied to groups of devices, etc.. The Sophos Central in my opinion is only a children toy which Sophos is trying to sell  as a professional solution. 

    The Sophos Central Endpoint  is not a professional solution and for many next years it will not a professional solution.

    And a management console for a SMB, medium and enterprise customers in a Cloud? It is very bad joke, if it would be a management console for a security solutions. 

    alda

  • said: SEC is quite old and they are not developing it since 10 years+
    did some historical research: The Beta for SEC1.0 (the whole product was named Enterprise Solutions) started November 2004 ... hm ... [:D], just see that one gripe I've had was a notebook reporting (and SEC displaying) its IP as 127.0.0.1; now from the SUM 1.5.2/RMS 4.0 article: The IP address of the computer reported to the management server and displayed in the console should better reflect the IP address of the managed client. Huh[:^)]? Are we talking about multi-homed systems? It was definitely here for a very long time - I simply ignored it. But indeed it seems it has been solved. Note that then you managed downloads with an additional console, EM Library.
    Then in 2006 came SCF, the client firewall, and SEC 2.0 to manage it. In 2007 SEC 3.0 with AD sync. 2008 saw NAC alongside SEC 3.1 and it looked like they were about to get merged, Device Control was added. Data Control (and SESC already version 9.0) in 2009, improvements to SCF, SEC 4.0 now had SUM on board which was to replace EM (and you had regular and legacy updating policies), a few months later SEC 4.5 and SESC 9.5.
    Quite some momentum. Upgrading and transition has most of the time been, if not absolutely flawless, pretty painless. The increased complexity of the product made itself felt though. Once you left the "wizard" path quirks and minor issues surfaced. Where possible these have more or less quietly been ironed out. Subsequently NAC faded away. Other acquisitions and partnerships left their marks - Web Control, Patch, FDE (encryption). The latter was IMO somewhat pathetic - SEC had the custom 5.61 integrated. Looked like this had been done by the SEC team, not Utimaco/Safeguard) as a very few months later SGE 6 (required for Windows 8) came out with the clear statement that it won't be available with SEC. And a second (designed to be flexible) management path was opened with the .NET services.

    It seems that in the last years it was back to the roots, no more dubious additions. Quite a number of refinements under the hood, modularisation (SUM is pretty independent and has taken over RMS, that might pave the way for a future replacement of the core), unavoidable cosmetic changes. And note that the components work well together (apart from the inevitable fact that you need newer console version to manage - not to use - new features). 

    This does not hint at future plans though - or if there's a plan at all.

    Christian

  • Thanks Christian. As i said I have started with version 3.0 and they added modules to SEC as you precisiously wrote. Now it is time for an "advanced step". Cloud console came out and they are adding feature there while on SEC they are not and it seems (from last Webinar) that they will not add to SEC.

    SEC is great but we are missing "Sophos Cloud Features" while other Vendors have done a great step forward.

    Server Lockdown, HB, and a better policy management improvements are need and in short time. I am sure that the HB technology will be stolen soon from other Vendors.

    I believe that if they add HB on SEC, everyone will buy Sophos Endpoint and XG all together (even if they have another brand firewall). Also Companies can improve their security by having multiple layer of defense.

    Now even big customers are not using NAC products inside their company and finding crafty people inside big organization that bring their own computer from home, remove the AV in some way, is very difficult. Having XG as a central UTM (bridge mode) that filters traffic between VLAN and SEC is able to communicate to it, will improve security and  reduce complexity in EVERY ENVIRONMENT.

    This is the way on how Sophos can become bigger. They already have the right technology on the Cloud. I am asking to bring those nice technologies to On-Premise too.

    HB takes few seconds to block inappropriate computers.

    Hope they will listen to us and to write back that I sold so many XG-HB that I do not even the time to write on community anymore. [:P]

    Regards,