Tuesday, September 9, 2008

AV Software Initial Thoughts: Sophos Endpoint Security

During my "find a new Security Software" dance, I've narrowed it down to 3 vendors/products:

- Sophos Endpoint Security
- Eset NOD32
- Sunbelt Vipre

 

I'm going to focus on Sophos Endpoint Security here. If you're interested in Sunbelt Vipre, check out my previous post.

  • The setup is very easy on the server side. If you would like to install on an x64 Edition of Windows Server, you'll need to create the database ahead of time.
  • The local "agents" on your computer are pretty slim. They aren't as lean/mean as the Sunbelt agents, but do have the option of adding NAC and a firewall. I tested without NAC or firewall enabled. Running with open file/copy file protection enabled really slows things down.
  • Sophos is way ahead of our previous version of Symantec. It uses fewer resources, and actually catches malware (and removes it). Symantec at best reported Malware. Windows Defender did a better job than our version of Symantec.
  • Deploying the software wasn't an issue. I didn't try a Vista rollout, but some people have had issues with Vista rollouts. I'm assuming any Vista issues are fixed at this point (Vista SP1 has been out for a while now).
  • The Enterprise Console is very powerful and flexible. It is very busy, imo. I felt like I really needed to spend some time getting familiar with Sophos' admin philosophy before I was ready to go. This isn't a bad thing.
  • I saw some of the reports. There seem to be enough. I didn't play with customizations.
  • I was able to run the "Console" without any issues.
  • Licensing was straight-forward.
  • Sophos arguably has the most feature-rich product I've seen to date that doesn't eat your computer for lunch.

Sophos' pricing was extremely competitive. Their rep's were knowledgeable and courteous.

I really have no complaints about Sophos.