Well well well, what do we have here? A bunch of superturboawesome Sophos Central bells and whistles to make your minds drool? YUP!
It's that time of the everytwomonths when I dust off the old typewriter (Kremlin know how to security good) and write about what's new in Sophos Central. So let's have at it!
(Feel free to click on any of the items above to jump straight to any item in particular.)
By General Availability (GA), we mean that this functionality has been released and is ready for you to dive into and start using. Often, new products or features first start out as Early Access Programs (EAP) before they become Generally Available after we've had your insights and feedback, helping us deliver the best possible products.
Sound the trumpets - Endpoint Detection and Response (EDR) is finally here for Intercept X for Server. Everything you know and love from Intercept X with EDR for endpoint now applies to Server too!
EDR is a suite of features that enable even the most general of sysadmins to take on the roll of threat hunter, threat analysis, and incident responder. Hunt down indicators of compromise across your entire estate of endpoints and servers, submit files directly to SophosLabs for detail yet simple to understand analysis, and more!
This release is specifically of EDR v1.1, which we shipped to endpoint back in April. Kevin in the Product team posted about this wonderful release on Sophos Community so make sure you give his post a read. For more info specific to this Server release, the Sophos News post from Alex in the product team dives into more detail.
Our Unified Endpoint Management (UEM) team have been working away on a number of user interface improvements to make using Sophos Mobile even more of a joy than it already is.
The first fancy new UI feature is the dynamic Central Overview dashboard widget. This widget changes what it displays based on the deployment status and health of your UEM-managed devices.
If you haven't got any managed devices (but you're licensed for Mobile), the widget will highlight you have no devices managed and will guide you to start managing them. Once you have managed devices, the widget will start displaying the health information of those devices, highlighting that you have devices without good health that need investigating. Once all your devices have good health, the widget displays the platform breakdown of your estate (how many Android, how many iOS, etc).
Next, you'll now find mobile devices are deeply integrated into Central, visible within the Devices page in the Overview section - all your devices in one place. You'll easily see the management status of each device, whether Sophos Secure Workspace or Sophos Mobile Security are installed, as well the device name, OS, device user, and last communication timestamp. You'll also get a handy filter to filter by OS, device health, and last sync time.
The last new UI feature is the device page in the Central Overview (when you click on a mobile device in the device list). Device events, status, information, and quick summary of the deployment status are all visible here, as well buttons for each of the important actions you might need to make such as locate, lock, unenroll, and wipe. Oh, and there's a button to jump you into the dedicated Mobile section, saving you the time clicking through the left navigation menu for Mobile and finding the device again.
Kudos for the whole team on this - I LOVE Sophos Mobile and have been using it to manage my own devices for several years now. True story; Sophos Mobile saved me from losing a rental car in a jungle in Thailand. I got... somewhat lost... while out walking in the jungle, looking for a famous albeit secluded waterfall. The genius that is me had also left his phone in the car to charge... With the help of a German tourist, a few weeks of Duolingo's German course, and their phone (Danke schön) I was able to log into Sophos Central and trigger the locate feature. One minute later and I knew exactly where the car was (and enjoyed a nice leisurely two hour walk back to where it was). Thanks team!
For all of you macOS admins with a passion for the command line and/or scripting, we've updated our macOS endpoint installer so it now supports a number of handy arguments so that you can easily configure the installation. This aligns our macOS installer with our Windows installer which also supports command line arguments for configuration.
These new arguments are perfect for our Partners who manage multiple customers in Sophos Central and for customers using scripted deployment tools. You can configure everything from the customer ID where you want the endpoint to be assigned, set proxy authentication credentials, change the computer description, change the username from machine/username to domain/username, select Message Relays to ease WAN bandwidth use during install, and much more.
Drop by our knowledgebase to see full details on these new command line arguments.
If you read last month's post (and if you didn't, count my feelings well and truly hurt), you'll have heard all about the security, oversight, and compliance wonders we've brought to public cloud environments through our new product Sophos Cloud Optix.
We've just released a number of enhancements to Cloud Optix that we think you're going to love. We’ve given network visualizations for Amazon Web Services a new look and the ability to show Sophos UTMs. We’ve also added more Microsoft Azure security and compliance features, visualizations for Google Cloud Platform, an option to change how often environments are scanned, and more.
I won't go into much more detail and ruin the surprise as Richard has given a great writeup of these new features (and I'd just be copying and pasting to be honest) so jump over to our Community blog and read on.
I'll keep this one short and sweet. If you take your mind back to last month's post (because you totally read it, right? You wouldn't want to hurt my feelings, would you?) you'll remember the brilliant new feature called "Smart Banners" for Sophos Email. When enabled, these banners are automatically added to emails and highlight whether the email is trusted, unknown, or untrusted. As of now, you can customize the text in these smart banners. Niiice.
Another short and sweet one for you. For inbound emails that we've been unable to successfully scan, you can now select to quarantine the email (in addition to delete and deliver).
Possible causes for un-scannable content:
Coming Soon is a section where I put things that are so ridiculously close to release that I didn't want to wait until next time to write about. As soon as they're out, I'll come back here and ninja edit this... No-one will ever know...
This is one we know many of you have been asking for. You may have heard us talking about this feature as "Device Discovery".
In short, we're updating our Active Directory Synchronization tool to, in addition to syncing users and user groups, include the ability to sync computers and servers as well as their group structure into Central in order to make management much more straightforward. Once you've set up a sync, you'll be able to see any devices you aren't already protecting and managing right from within Central itself. Crackin'!
We're also adding in the ability to reset your sync data which will remove all groups and devices (unless they're currently protected with cybercrime-fighting Sophos ninjas like Intercept X) and also an option to repair the links between devices in Central and their Active Directory counterparts (because we all know that admin that "tidies" up the AD structure for "fun).
You're still here? It's over. Go home. Go! (#saveferris) Oh, you're expecting my fun facts, are you? Greedy. Okay. Fine. Here you go, you insatiable monster.