This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application control Sophos Enterprise cnsole vs UTM ?

Hello,

 

We use Sophos enterprise console to maintain Antivirus paterns + device control + application control on all our PC inside LAN.

I would like to know if in this context, use application control from UTM device is necessary or not ?

What's the different between Application control inside Enterprise console software and inisde UTM core system ?

It seems thats update list are more complete on UTM than on Enterprise Console for my side but what's your feeling about it ?

 

thanks in advance !

Thomas.



This thread was automatically locked due to age.
  • Hello Thomas,

    speaking from the SEC side. SESC's Application Control is a by-product of AV scanning. During scanning (on-access or on-demand) detection identities similar to those for viruses/malware are considered. When a user accesses a blocked application's executable access is denied and the application is prevented from running.
    UTM's Application Control is something completely different. It works inspecting (and optionally blocking) traffic.

    With the UTM you would be able (I assume) to block facebook traffic from a browser not "known"  to SESC. Clearly only with SESC you can block applications that work locally, like viewers, office suites, and so on.

    Christian

  • Hello Christian,

    Ok I understand.

    In fact application control for point of view UTM = services that can be execute from internet browser on HTTP or HTTPS (ex instant messaging, online games without local setup install, cloud storage drag/drop,...) right ?

    thanks

  • Hello Thomas,

    right, not necessarily HTTP or HTTPS. But browser is a good cue. With SESC you can block a streaming application, but to block streaming in the browser you'd have to block the browser itself (and thus all browsing).

    Christian

  • OK It's clear  now :)Thanks for your support !

  • So UTM blocks based on network activity - destination, protocol, and packet signature.

    Based on what QC said, SEC is blocking g based on executable images.

    If an app is available in both contexts, you probably want to use both tools.  Multi-layer defense plugs holes that you might otherwise miss.  Use UTM logging to see if your AV-based protection is perfect or not.