Sophos Central Update Deployment Rings

Hi everyone,

After the Crowdstrike update issues last week, we're conscious that a similar faulty update with Sophos could impact us as well, given all endpoint security software naturally needs kernel-level access to do its job.

We're now looking into how we could mitigate any similar impacts caused by Sophos, and would like to know if it's possible to set up some sort of deployment ring configuration (e.g. IT staff are updated first, then a small number of staff who would be less impacted, then a full rollout to PCs and servers).

While I know Crowdstrike's was a data update, at least if Sophos ever had a code update with issues, having a delay rather than it deploying to all machines at once could save us lots of headaches and unnecessary overtime, and deployment update rings could limit the impact in such an unlikely event.

 

I have spotted an "Update Management" policy in the dashboard, but it seems that it only lets you choose a single version, not apply an automated system to manage these updates automatically.

 

Is there something I'm missing that would enable us to implement this without having to manually change the versions on each group of computers?



Edit tags
[edited by: GlennSen at 9:16 AM (GMT -7) on 8 Aug 2024]