Sophos Central Update Deployment Rings

Hi everyone,

After the Crowdstrike update issues last week, we're conscious that a similar faulty update with Sophos could impact us as well, given all endpoint security software naturally needs kernel-level access to do its job.

We're now looking into how we could mitigate any similar impacts caused by Sophos, and would like to know if it's possible to set up some sort of deployment ring configuration (e.g. IT staff are updated first, then a small number of staff who would be less impacted, then a full rollout to PCs and servers).

While I know Crowdstrike's was a data update, at least if Sophos ever had a code update with issues, having a delay rather than it deploying to all machines at once could save us lots of headaches and unnecessary overtime, and deployment update rings could limit the impact in such an unlikely event.

 

I have spotted an "Update Management" policy in the dashboard, but it seems that it only lets you choose a single version, not apply an automated system to manage these updates automatically.

 

Is there something I'm missing that would enable us to implement this without having to manually change the versions on each group of computers?



Edit tags
[edited by: GlennSen at 9:16 AM (GMT -7) on 8 Aug 2024]
Parents
  • Hi itskdog,

    Thanks for reaching out to the Sophos Community Forum. 

    The link below provides detailed information on Sophos' releases and development principles. This gives insight into how testing is conducted and how releases are rolled out to our customers to ensure that any major issues are caught early on and corrected. 
    Sophos Central Endpoint: Release and development principles

    Regarding the ability to control how updates are rolled out across your sites, the Software packages/Update Management feature is the best way to do this. The "Recommended" release group will always receive the latest updates. The remainder of the site can be left on the latest FTS release. 
    Currently, the FTS releases will remain static. It's not possible to specify "Recommended -1", though if you would like to send this as a feature request, I'd be happy to assist. 

    If you'd like to stay in the loop about the latest product releases/changes, you can also enroll a small number of devices in our Early Access Programs so you have a better idea of what features and functionality will become available. I'd suggest turning on notifications for the relevant Release Notes & News pages here on the Sophos Community to stay up to date. 

    Edit/Update:
    Additional information can be found at the following link, including the section "What does Sophos do to"mitigate the risk of having a similar service disruption?" found near the bottom of the article. 
    CrowdStrike global outage: Sophos guidance

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I am slightly confused by the versioning reported if you take the recommended updates vs the FTS as the most recent FTS seems to show more recent version numbers e.g. 

    Recommended:

    Core Intercept X MDR Encryption
    2024.2.2.1.0 2024.1.1.1.0 2023.2.0.3

    2024.2.0.49.0

    FTS 2024.2.2.6.1-MR1

    Core Intercept X MDR Encryption
    FTS 2024.2.2.8.2-MR1 FTS 2024.1.1.12.3-MR1 FTS 2024.2.2.5.2-MR1 FTS 2024.2.2.6.1-MR1

    Am I missing something obvious?

  • The MR# packages you see are "Maintenance Releases". These are typically made available to address specific issues that customers may encounter. The MR packages will change and get updated as time goes on, so any urgent hotfixes or bugfixes are made more easily accessible.

    If stability is the primary concern, I'd suggest only using the MR packages if advised by Sophos Support. You can also go to "Package Notes" page to find more details on what changes to expect with the given MR package, to see if it is suitable for you. 

    Depending on the time the latest MR package is made available, these can show a later version than the "Recommended" release.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • The MR# packages you see are "Maintenance Releases". These are typically made available to address specific issues that customers may encounter. The MR packages will change and get updated as time goes on, so any urgent hotfixes or bugfixes are made more easily accessible.

    If stability is the primary concern, I'd suggest only using the MR packages if advised by Sophos Support. You can also go to "Package Notes" page to find more details on what changes to expect with the given MR package, to see if it is suitable for you. 

    Depending on the time the latest MR package is made available, these can show a later version than the "Recommended" release.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data