Thread Info
  • State Not Answered
  • Replies 4 replies
  • Subscribers 0 subscribers
  • Views 1319 views
  • Users 0 members are here
Options
Suggested

[8.960][ANSWERED] How are endpoint updates to be handled after GA?

BrucekConvergent
It appears, currently, that each endpoint updates it's own definitions independently, insteady of checking for an upstream UTM that could possibly have a cache of the latest def. updates... are there any plans to change this?  The impact on bandwidth with individual updates, once you scale up users, or consider the use of this at a small office with a lower-bandwidth connection, is considerable.

I read somewhere (could not find the thread) that a dev said "Well, we'll use the http proxy to cache those updates" ... that would certainly work, but only for those customers that have purchased Web Security --- consider the use case where a customer does not purchase or desire to have Web Security enabled.

I'm sure someone is addressing this, just wondering what the ultimate answer will be.
  • 0
    Morning BrucekConvergent,

    I'm sure someone is addressing this, just wondering what the ultimate answer will be.


    We've not yet commited to anything concrete, so there will be an update provided ASAP.

    Cheers,
    Cristof
  • 0 in reply to cziel
    We won't change the behavior described for the first release. However, it's on the list to review for the next release. Please vote for it here.

    Thanks,
    Eric
  • 0
    the endpoints use a different cloudy based set of defs than the utm's sophos engine...it has led to things sailing by the utm totally and being picked up by the endpoints..not good at all.

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to ebegoc
    We won't change the behavior described for the first release. However, it's on the list to review for the next release. Please vote for it here.

    Thanks,
    Eric


    Wow... this will make selling this feature problematic when compared to competitor's offerings --- "Mr. Customer, let me sell you an AV product that will consume many times more bandwidth for updates than your existing product"... is there any relief to be had for this issue -- for instance, can the Sophos AV client be made more Proxy aware (see my other thread) so that at least those with Web Security can use the HTTP Proxy to cache the updates at larger sites?

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Sophos Platinum Partner

    --------------------------------------

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Unfiltered HTML