Sophos Central Update Deployment Rings

Hi everyone,

After the Crowdstrike update issues last week, we're conscious that a similar faulty update with Sophos could impact us as well, given all endpoint security software naturally needs kernel-level access to do its job.

We're now looking into how we could mitigate any similar impacts caused by Sophos, and would like to know if it's possible to set up some sort of deployment ring configuration (e.g. IT staff are updated first, then a small number of staff who would be less impacted, then a full rollout to PCs and servers).

While I know Crowdstrike's was a data update, at least if Sophos ever had a code update with issues, having a delay rather than it deploying to all machines at once could save us lots of headaches and unnecessary overtime, and deployment update rings could limit the impact in such an unlikely event.

 

I have spotted an "Update Management" policy in the dashboard, but it seems that it only lets you choose a single version, not apply an automated system to manage these updates automatically.

 

Is there something I'm missing that would enable us to implement this without having to manually change the versions on each group of computers?



Edit tags
[edited by: GlennSen at 9:16 AM (GMT -7) on 8 Aug 2024]
Parents
  • Hi itskdog,

    Thanks for reaching out to the Sophos Community Forum. 

    The link below provides detailed information on Sophos' releases and development principles. This gives insight into how testing is conducted and how releases are rolled out to our customers to ensure that any major issues are caught early on and corrected. 
    Sophos Central Endpoint: Release and development principles

    Regarding the ability to control how updates are rolled out across your sites, the Software packages/Update Management feature is the best way to do this. The "Recommended" release group will always receive the latest updates. The remainder of the site can be left on the latest FTS release. 
    Currently, the FTS releases will remain static. It's not possible to specify "Recommended -1", though if you would like to send this as a feature request, I'd be happy to assist. 

    If you'd like to stay in the loop about the latest product releases/changes, you can also enroll a small number of devices in our Early Access Programs so you have a better idea of what features and functionality will become available. I'd suggest turning on notifications for the relevant Release Notes & News pages here on the Sophos Community to stay up to date. 

    Edit/Update:
    Additional information can be found at the following link, including the section "What does Sophos do to"mitigate the risk of having a similar service disruption?" found near the bottom of the article. 
    CrowdStrike global outage: Sophos guidance

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello Kushal,

    Thank you for the information. I will submit a feature request for the option to define a time-delayed rollout of updates in the policies. Maybe other customers will also join this feature request.

Reply Children
No Data