Had some questions about Sophos central's capabilities. Can Sophos central manage vulnerabilities and out of date software? How would the licensing model work for shared systems like Terminal servers that have many users logging in?
Thanks for reaching out to the Sophos Community Forum.
Could you elaborate on what you mean by this?
Moris Vrachovski said:manage vulnerabilities and out of date software?
A vulnerability would be like an open hole in software that can be exploited. To get to the point where you have enough access to send commands or use the exploit, you will need access to a device or remote access in most cases.
With that being said, if the vulnerability is in another application which allows you to run a script for example, the script may be triggered but will be detected right away since Sophos is watching for any malicious actions taking place. Closing up the open hole in the application will be up to the vendor to sort out, but Sophos will continue to protect the device.
In terms of having awareness of any vulnerable applications on your environment, you can use Live Discover to find this out. One great example is linked below. If you are looking to inquire about a new vulnerability or one that's only recently been found, it is also possible to construct a custom query of your own to check through the protected devices on your environment and provide a report.- Vulnerability Scanner in a query
The following can be found in our document for Virtual Desktop Licensing, which explains how Terminal Servers are licensed.
What I mean is can sophos central see all vulnerabilities on a client right away? Could it see out of date software as well?
No, Sophos Central does not perform any vulnerability scans. Live Discover can be used to perform this task, but it will require you to either find queries which will look for specific vulnerabilities or to craft your own queries.
Other applications such as Nessus are used by risk management teams to perform some similar tasks, which may help you in terms of the network.
Sophos does offer a Security Posture Assessment, if you are interested in this I suggest reaching out to your Sophos Account Manager to inquire about Sophos MDR and our Guided Onboarding option. Let me know if you'd like some assistance in connecting with your AM.